Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.19 commit in: /
Date: Wed, 29 Apr 2020 17:57:54
Message-Id: 1588183052.27d7c2cb01376b49c16c731e901f2ce5bf8952ea.mpagano@gentoo
1 commit: 27d7c2cb01376b49c16c731e901f2ce5bf8952ea
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Apr 29 17:57:32 2020 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Apr 29 17:57:32 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=27d7c2cb
7
8 Linux patch 4.19.119
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1118_linux-4.19.119.patch | 5330 +++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 5334 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 5c6dcb8..36e1c22 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -511,6 +511,10 @@ Patch: 1117_linux-4.19.118.patch
21 From: https://www.kernel.org
22 Desc: Linux 4.19.118
23
24 +Patch: 1118_linux-4.19.119.patch
25 +From: https://www.kernel.org
26 +Desc: Linux 4.19.119
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1118_linux-4.19.119.patch b/1118_linux-4.19.119.patch
33 new file mode 100644
34 index 0000000..70f7790
35 --- /dev/null
36 +++ b/1118_linux-4.19.119.patch
37 @@ -0,0 +1,5330 @@
38 +diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt
39 +index eeb3fc9d777b..667ea906266e 100644
40 +--- a/Documentation/arm64/silicon-errata.txt
41 ++++ b/Documentation/arm64/silicon-errata.txt
42 +@@ -59,6 +59,7 @@ stable kernels.
43 + | ARM | Cortex-A73 | #858921 | ARM64_ERRATUM_858921 |
44 + | ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 |
45 + | ARM | Cortex-A76 | #1463225 | ARM64_ERRATUM_1463225 |
46 ++| ARM | Neoverse-N1 | #1542419 | ARM64_ERRATUM_1542419 |
47 + | ARM | MMU-500 | #841119,#826419 | N/A |
48 + | | | | |
49 + | Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 |
50 +diff --git a/Makefile b/Makefile
51 +index 72ae7e879077..69c95fe6fba5 100644
52 +--- a/Makefile
53 ++++ b/Makefile
54 +@@ -1,7 +1,7 @@
55 + # SPDX-License-Identifier: GPL-2.0
56 + VERSION = 4
57 + PATCHLEVEL = 19
58 +-SUBLEVEL = 118
59 ++SUBLEVEL = 119
60 + EXTRAVERSION =
61 + NAME = "People's Front"
62 +
63 +diff --git a/arch/arm/mach-imx/Makefile b/arch/arm/mach-imx/Makefile
64 +index e9cfe8e86f33..02bf3eab4196 100644
65 +--- a/arch/arm/mach-imx/Makefile
66 ++++ b/arch/arm/mach-imx/Makefile
67 +@@ -89,8 +89,10 @@ AFLAGS_suspend-imx6.o :=-Wa,-march=armv7-a
68 + obj-$(CONFIG_SOC_IMX6) += suspend-imx6.o
69 + obj-$(CONFIG_SOC_IMX53) += suspend-imx53.o
70 + endif
71 ++ifeq ($(CONFIG_ARM_CPU_SUSPEND),y)
72 + AFLAGS_resume-imx6.o :=-Wa,-march=armv7-a
73 + obj-$(CONFIG_SOC_IMX6) += resume-imx6.o
74 ++endif
75 + obj-$(CONFIG_SOC_IMX6) += pm-imx6.o
76 +
77 + obj-$(CONFIG_SOC_IMX1) += mach-imx1.o
78 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
79 +index 51fe21f5d078..1fe3e5cb2927 100644
80 +--- a/arch/arm64/Kconfig
81 ++++ b/arch/arm64/Kconfig
82 +@@ -499,6 +499,22 @@ config ARM64_ERRATUM_1463225
83 +
84 + If unsure, say Y.
85 +
86 ++config ARM64_ERRATUM_1542419
87 ++ bool "Neoverse-N1: workaround mis-ordering of instruction fetches"
88 ++ default y
89 ++ help
90 ++ This option adds a workaround for ARM Neoverse-N1 erratum
91 ++ 1542419.
92 ++
93 ++ Affected Neoverse-N1 cores could execute a stale instruction when
94 ++ modified by another CPU. The workaround depends on a firmware
95 ++ counterpart.
96 ++
97 ++ Workaround the issue by hiding the DIC feature from EL0. This
98 ++ forces user-space to perform cache maintenance.
99 ++
100 ++ If unsure, say Y.
101 ++
102 + config CAVIUM_ERRATUM_22375
103 + bool "Cavium erratum 22375, 24313"
104 + default y
105 +diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h
106 +index 5ee5bca8c24b..baa684782358 100644
107 +--- a/arch/arm64/include/asm/cache.h
108 ++++ b/arch/arm64/include/asm/cache.h
109 +@@ -22,6 +22,7 @@
110 + #define CTR_L1IP_MASK 3
111 + #define CTR_DMINLINE_SHIFT 16
112 + #define CTR_IMINLINE_SHIFT 0
113 ++#define CTR_IMINLINE_MASK 0xf
114 + #define CTR_ERG_SHIFT 20
115 + #define CTR_CWG_SHIFT 24
116 + #define CTR_CWG_MASK 15
117 +@@ -29,7 +30,7 @@
118 + #define CTR_DIC_SHIFT 29
119 +
120 + #define CTR_CACHE_MINLINE_MASK \
121 +- (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT)
122 ++ (0xf << CTR_DMINLINE_SHIFT | CTR_IMINLINE_MASK << CTR_IMINLINE_SHIFT)
123 +
124 + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK)
125 +
126 +diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
127 +index c3de0bbf0e9a..df8fe8ecc37e 100644
128 +--- a/arch/arm64/include/asm/cpucaps.h
129 ++++ b/arch/arm64/include/asm/cpucaps.h
130 +@@ -53,7 +53,8 @@
131 + #define ARM64_HAS_STAGE2_FWB 32
132 + #define ARM64_WORKAROUND_1463225 33
133 + #define ARM64_SSBS 34
134 ++#define ARM64_WORKAROUND_1542419 35
135 +
136 +-#define ARM64_NCAPS 35
137 ++#define ARM64_NCAPS 36
138 +
139 + #endif /* __ASM_CPUCAPS_H */
140 +diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
141 +index fa770c070fdd..3cd936b1c79c 100644
142 +--- a/arch/arm64/include/asm/cputype.h
143 ++++ b/arch/arm64/include/asm/cputype.h
144 +@@ -80,6 +80,7 @@
145 + #define ARM_CPU_PART_CORTEX_A35 0xD04
146 + #define ARM_CPU_PART_CORTEX_A55 0xD05
147 + #define ARM_CPU_PART_CORTEX_A76 0xD0B
148 ++#define ARM_CPU_PART_NEOVERSE_N1 0xD0C
149 +
150 + #define APM_CPU_PART_POTENZA 0x000
151 +
152 +@@ -107,6 +108,7 @@
153 + #define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35)
154 + #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55)
155 + #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76)
156 ++#define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1)
157 + #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
158 + #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
159 + #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)
160 +diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
161 +index 71888808ded7..76490b0cefce 100644
162 +--- a/arch/arm64/kernel/cpu_errata.c
163 ++++ b/arch/arm64/kernel/cpu_errata.c
164 +@@ -643,6 +643,18 @@ needs_tx2_tvm_workaround(const struct arm64_cpu_capabilities *entry,
165 + return false;
166 + }
167 +
168 ++static bool __maybe_unused
169 ++has_neoverse_n1_erratum_1542419(const struct arm64_cpu_capabilities *entry,
170 ++ int scope)
171 ++{
172 ++ u32 midr = read_cpuid_id();
173 ++ bool has_dic = read_cpuid_cachetype() & BIT(CTR_DIC_SHIFT);
174 ++ const struct midr_range range = MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1);
175 ++
176 ++ WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
177 ++ return is_midr_in_range(midr, &range) && has_dic;
178 ++}
179 ++
180 + #ifdef CONFIG_HARDEN_EL2_VECTORS
181 +
182 + static const struct midr_range arm64_harden_el2_vectors[] = {
183 +@@ -834,6 +846,16 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
184 + ERRATA_MIDR_RANGE_LIST(tx2_family_cpus),
185 + .matches = needs_tx2_tvm_workaround,
186 + },
187 ++#endif
188 ++#ifdef CONFIG_ARM64_ERRATUM_1542419
189 ++ {
190 ++ /* we depend on the firmware portion for correctness */
191 ++ .desc = "ARM erratum 1542419 (kernel portion)",
192 ++ .capability = ARM64_WORKAROUND_1542419,
193 ++ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
194 ++ .matches = has_neoverse_n1_erratum_1542419,
195 ++ .cpu_enable = cpu_enable_trap_ctr_access,
196 ++ },
197 + #endif
198 + {
199 + }
200 +diff --git a/arch/arm64/kernel/sys_compat.c b/arch/arm64/kernel/sys_compat.c
201 +index 010212d35700..3ef9d0a3ac1d 100644
202 +--- a/arch/arm64/kernel/sys_compat.c
203 ++++ b/arch/arm64/kernel/sys_compat.c
204 +@@ -19,6 +19,7 @@
205 + */
206 +
207 + #include <linux/compat.h>
208 ++#include <linux/cpufeature.h>
209 + #include <linux/personality.h>
210 + #include <linux/sched.h>
211 + #include <linux/sched/signal.h>
212 +@@ -28,6 +29,7 @@
213 +
214 + #include <asm/cacheflush.h>
215 + #include <asm/system_misc.h>
216 ++#include <asm/tlbflush.h>
217 + #include <asm/unistd.h>
218 +
219 + static long
220 +@@ -41,6 +43,15 @@ __do_compat_cache_op(unsigned long start, unsigned long end)
221 + if (fatal_signal_pending(current))
222 + return 0;
223 +
224 ++ if (cpus_have_const_cap(ARM64_WORKAROUND_1542419)) {
225 ++ /*
226 ++ * The workaround requires an inner-shareable tlbi.
227 ++ * We pick the reserved-ASID to minimise the impact.
228 ++ */
229 ++ __tlbi(aside1is, __TLBI_VADDR(0, 0));
230 ++ dsb(ish);
231 ++ }
232 ++
233 + ret = __flush_cache_user_range(start, start + chunk);
234 + if (ret)
235 + return ret;
236 +diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
237 +index c8dc3a3640e7..965595fe6804 100644
238 +--- a/arch/arm64/kernel/traps.c
239 ++++ b/arch/arm64/kernel/traps.c
240 +@@ -481,6 +481,15 @@ static void ctr_read_handler(unsigned int esr, struct pt_regs *regs)
241 + int rt = (esr & ESR_ELx_SYS64_ISS_RT_MASK) >> ESR_ELx_SYS64_ISS_RT_SHIFT;
242 + unsigned long val = arm64_ftr_reg_user_value(&arm64_ftr_reg_ctrel0);
243 +
244 ++ if (cpus_have_const_cap(ARM64_WORKAROUND_1542419)) {
245 ++ /* Hide DIC so that we can trap the unnecessary maintenance...*/
246 ++ val &= ~BIT(CTR_DIC_SHIFT);
247 ++
248 ++ /* ... and fake IminLine to reduce the number of traps. */
249 ++ val &= ~CTR_IMINLINE_MASK;
250 ++ val |= (PAGE_SHIFT - 2) & CTR_IMINLINE_MASK;
251 ++ }
252 ++
253 + pt_regs_write_reg(regs, rt, val);
254 +
255 + arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE);
256 +diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
257 +index eaf7300be5ab..bd4996958b13 100644
258 +--- a/arch/powerpc/kernel/setup_64.c
259 ++++ b/arch/powerpc/kernel/setup_64.c
260 +@@ -518,6 +518,8 @@ static bool __init parse_cache_info(struct device_node *np,
261 + lsizep = of_get_property(np, propnames[3], NULL);
262 + if (bsizep == NULL)
263 + bsizep = lsizep;
264 ++ if (lsizep == NULL)
265 ++ lsizep = bsizep;
266 + if (lsizep != NULL)
267 + lsize = be32_to_cpu(*lsizep);
268 + if (bsizep != NULL)
269 +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c
270 +index 5449e76cf2df..f6c21f6af274 100644
271 +--- a/arch/powerpc/kernel/time.c
272 ++++ b/arch/powerpc/kernel/time.c
273 +@@ -492,35 +492,6 @@ static inline void clear_irq_work_pending(void)
274 + "i" (offsetof(struct paca_struct, irq_work_pending)));
275 + }
276 +
277 +-void arch_irq_work_raise(void)
278 +-{
279 +- preempt_disable();
280 +- set_irq_work_pending_flag();
281 +- /*
282 +- * Non-nmi code running with interrupts disabled will replay
283 +- * irq_happened before it re-enables interrupts, so setthe
284 +- * decrementer there instead of causing a hardware exception
285 +- * which would immediately hit the masked interrupt handler
286 +- * and have the net effect of setting the decrementer in
287 +- * irq_happened.
288 +- *
289 +- * NMI interrupts can not check this when they return, so the
290 +- * decrementer hardware exception is raised, which will fire
291 +- * when interrupts are next enabled.
292 +- *
293 +- * BookE does not support this yet, it must audit all NMI
294 +- * interrupt handlers to ensure they call nmi_enter() so this
295 +- * check would be correct.
296 +- */
297 +- if (IS_ENABLED(CONFIG_BOOKE) || !irqs_disabled() || in_nmi()) {
298 +- set_dec(1);
299 +- } else {
300 +- hard_irq_disable();
301 +- local_paca->irq_happened |= PACA_IRQ_DEC;
302 +- }
303 +- preempt_enable();
304 +-}
305 +-
306 + #else /* 32-bit */
307 +
308 + DEFINE_PER_CPU(u8, irq_work_pending);
309 +@@ -529,16 +500,27 @@ DEFINE_PER_CPU(u8, irq_work_pending);
310 + #define test_irq_work_pending() __this_cpu_read(irq_work_pending)
311 + #define clear_irq_work_pending() __this_cpu_write(irq_work_pending, 0)
312 +
313 ++#endif /* 32 vs 64 bit */
314 ++
315 + void arch_irq_work_raise(void)
316 + {
317 ++ /*
318 ++ * 64-bit code that uses irq soft-mask can just cause an immediate
319 ++ * interrupt here that gets soft masked, if this is called under
320 ++ * local_irq_disable(). It might be possible to prevent that happening
321 ++ * by noticing interrupts are disabled and setting decrementer pending
322 ++ * to be replayed when irqs are enabled. The problem there is that
323 ++ * tracing can call irq_work_raise, including in code that does low
324 ++ * level manipulations of irq soft-mask state (e.g., trace_hardirqs_on)
325 ++ * which could get tangled up if we're messing with the same state
326 ++ * here.
327 ++ */
328 + preempt_disable();
329 + set_irq_work_pending_flag();
330 + set_dec(1);
331 + preempt_enable();
332 + }
333 +
334 +-#endif /* 32 vs 64 bit */
335 +-
336 + #else /* CONFIG_IRQ_WORK */
337 +
338 + #define test_irq_work_pending() 0
339 +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
340 +index 11c3cd906ab4..18662c1a9361 100644
341 +--- a/arch/s390/kvm/kvm-s390.c
342 ++++ b/arch/s390/kvm/kvm-s390.c
343 +@@ -1666,6 +1666,9 @@ static int gfn_to_memslot_approx(struct kvm_memslots *slots, gfn_t gfn)
344 + start = slot + 1;
345 + }
346 +
347 ++ if (start >= slots->used_slots)
348 ++ return slots->used_slots - 1;
349 ++
350 + if (gfn >= memslots[start].base_gfn &&
351 + gfn < memslots[start].base_gfn + memslots[start].npages) {
352 + atomic_set(&slots->lru_slot, start);
353 +diff --git a/arch/s390/lib/uaccess.c b/arch/s390/lib/uaccess.c
354 +index c4f8039a35e8..0267405ab7c6 100644
355 +--- a/arch/s390/lib/uaccess.c
356 ++++ b/arch/s390/lib/uaccess.c
357 +@@ -64,10 +64,13 @@ mm_segment_t enable_sacf_uaccess(void)
358 + {
359 + mm_segment_t old_fs;
360 + unsigned long asce, cr;
361 ++ unsigned long flags;
362 +
363 + old_fs = current->thread.mm_segment;
364 + if (old_fs & 1)
365 + return old_fs;
366 ++ /* protect against a concurrent page table upgrade */
367 ++ local_irq_save(flags);
368 + current->thread.mm_segment |= 1;
369 + asce = S390_lowcore.kernel_asce;
370 + if (likely(old_fs == USER_DS)) {
371 +@@ -83,6 +86,7 @@ mm_segment_t enable_sacf_uaccess(void)
372 + __ctl_load(asce, 7, 7);
373 + set_cpu_flag(CIF_ASCE_SECONDARY);
374 + }
375 ++ local_irq_restore(flags);
376 + return old_fs;
377 + }
378 + EXPORT_SYMBOL(enable_sacf_uaccess);
379 +diff --git a/arch/s390/mm/pgalloc.c b/arch/s390/mm/pgalloc.c
380 +index 814f26520aa2..f3bc9c9305da 100644
381 +--- a/arch/s390/mm/pgalloc.c
382 ++++ b/arch/s390/mm/pgalloc.c
383 +@@ -72,8 +72,20 @@ static void __crst_table_upgrade(void *arg)
384 + {
385 + struct mm_struct *mm = arg;
386 +
387 +- if (current->active_mm == mm)
388 +- set_user_asce(mm);
389 ++ /* we must change all active ASCEs to avoid the creation of new TLBs */
390 ++ if (current->active_mm == mm) {
391 ++ S390_lowcore.user_asce = mm->context.asce;
392 ++ if (current->thread.mm_segment == USER_DS) {
393 ++ __ctl_load(S390_lowcore.user_asce, 1, 1);
394 ++ /* Mark user-ASCE present in CR1 */
395 ++ clear_cpu_flag(CIF_ASCE_PRIMARY);
396 ++ }
397 ++ if (current->thread.mm_segment == USER_DS_SACF) {
398 ++ __ctl_load(S390_lowcore.user_asce, 7, 7);
399 ++ /* enable_sacf_uaccess does all or nothing */
400 ++ WARN_ON(!test_cpu_flag(CIF_ASCE_SECONDARY));
401 ++ }
402 ++ }
403 + __tlb_flush_local();
404 + }
405 +
406 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
407 +index 5c99b9bfce04..33136395db8f 100644
408 +--- a/arch/x86/include/asm/kvm_host.h
409 ++++ b/arch/x86/include/asm/kvm_host.h
410 +@@ -622,10 +622,10 @@ struct kvm_vcpu_arch {
411 + bool pvclock_set_guest_stopped_request;
412 +
413 + struct {
414 ++ u8 preempted;
415 + u64 msr_val;
416 + u64 last_steal;
417 +- struct gfn_to_hva_cache stime;
418 +- struct kvm_steal_time steal;
419 ++ struct gfn_to_pfn_cache cache;
420 + } st;
421 +
422 + u64 tsc_offset;
423 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
424 +index d37b48173e9c..fe5036641c59 100644
425 +--- a/arch/x86/kvm/vmx.c
426 ++++ b/arch/x86/kvm/vmx.c
427 +@@ -7015,7 +7015,7 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
428 + */
429 + static void kvm_machine_check(void)
430 + {
431 +-#if defined(CONFIG_X86_MCE) && defined(CONFIG_X86_64)
432 ++#if defined(CONFIG_X86_MCE)
433 + struct pt_regs regs = {
434 + .cs = 3, /* Fake ring 3 no matter what the guest ran on */
435 + .flags = X86_EFLAGS_IF,
436 +@@ -10841,6 +10841,15 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
437 + "mov %%r13, %c[r13](%0) \n\t"
438 + "mov %%r14, %c[r14](%0) \n\t"
439 + "mov %%r15, %c[r15](%0) \n\t"
440 ++
441 ++ /*
442 ++ * Clear all general purpose registers (except RSP, which is loaded by
443 ++ * the CPU during VM-Exit) to prevent speculative use of the guest's
444 ++ * values, even those that are saved/loaded via the stack. In theory,
445 ++ * an L1 cache miss when restoring registers could lead to speculative
446 ++ * execution with the guest's values. Zeroing XORs are dirt cheap,
447 ++ * i.e. the extra paranoia is essentially free.
448 ++ */
449 + "xor %%r8d, %%r8d \n\t"
450 + "xor %%r9d, %%r9d \n\t"
451 + "xor %%r10d, %%r10d \n\t"
452 +@@ -10855,8 +10864,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
453 +
454 + "xor %%eax, %%eax \n\t"
455 + "xor %%ebx, %%ebx \n\t"
456 ++ "xor %%ecx, %%ecx \n\t"
457 ++ "xor %%edx, %%edx \n\t"
458 + "xor %%esi, %%esi \n\t"
459 + "xor %%edi, %%edi \n\t"
460 ++ "xor %%ebp, %%ebp \n\t"
461 + "pop %%" _ASM_BP "; pop %%" _ASM_DX " \n\t"
462 + ".pushsection .rodata \n\t"
463 + ".global vmx_return \n\t"
464 +@@ -12125,13 +12137,9 @@ static void prepare_vmcs02_full(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
465 +
466 + set_cr4_guest_host_mask(vmx);
467 +
468 +- if (kvm_mpx_supported()) {
469 +- if (vmx->nested.nested_run_pending &&
470 +- (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
471 +- vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
472 +- else
473 +- vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs);
474 +- }
475 ++ if (kvm_mpx_supported() && vmx->nested.nested_run_pending &&
476 ++ (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
477 ++ vmcs_write64(GUEST_BNDCFGS, vmcs12->guest_bndcfgs);
478 +
479 + if (enable_vpid) {
480 + if (nested_cpu_has_vpid(vmcs12) && vmx->nested.vpid02)
481 +@@ -12195,6 +12203,9 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
482 + kvm_set_dr(vcpu, 7, vcpu->arch.dr7);
483 + vmcs_write64(GUEST_IA32_DEBUGCTL, vmx->nested.vmcs01_debugctl);
484 + }
485 ++ if (kvm_mpx_supported() && (!vmx->nested.nested_run_pending ||
486 ++ !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
487 ++ vmcs_write64(GUEST_BNDCFGS, vmx->nested.vmcs01_guest_bndcfgs);
488 + if (vmx->nested.nested_run_pending) {
489 + vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
490 + vmcs12->vm_entry_intr_info_field);
491 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
492 +index 1a6e1aa2fb29..6bfc9eaf8dee 100644
493 +--- a/arch/x86/kvm/x86.c
494 ++++ b/arch/x86/kvm/x86.c
495 +@@ -2397,43 +2397,45 @@ static void kvm_vcpu_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa)
496 +
497 + static void record_steal_time(struct kvm_vcpu *vcpu)
498 + {
499 ++ struct kvm_host_map map;
500 ++ struct kvm_steal_time *st;
501 ++
502 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
503 + return;
504 +
505 +- if (unlikely(kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
506 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time))))
507 ++ /* -EAGAIN is returned in atomic context so we can just return. */
508 ++ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT,
509 ++ &map, &vcpu->arch.st.cache, false))
510 + return;
511 +
512 ++ st = map.hva +
513 ++ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
514 ++
515 + /*
516 + * Doing a TLB flush here, on the guest's behalf, can avoid
517 + * expensive IPIs.
518 + */
519 +- if (xchg(&vcpu->arch.st.steal.preempted, 0) & KVM_VCPU_FLUSH_TLB)
520 ++ if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB)
521 + kvm_vcpu_flush_tlb(vcpu, false);
522 +
523 +- if (vcpu->arch.st.steal.version & 1)
524 +- vcpu->arch.st.steal.version += 1; /* first time write, random junk */
525 ++ vcpu->arch.st.preempted = 0;
526 +
527 +- vcpu->arch.st.steal.version += 1;
528 ++ if (st->version & 1)
529 ++ st->version += 1; /* first time write, random junk */
530 +
531 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
532 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
533 ++ st->version += 1;
534 +
535 + smp_wmb();
536 +
537 +- vcpu->arch.st.steal.steal += current->sched_info.run_delay -
538 ++ st->steal += current->sched_info.run_delay -
539 + vcpu->arch.st.last_steal;
540 + vcpu->arch.st.last_steal = current->sched_info.run_delay;
541 +
542 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
543 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
544 +-
545 + smp_wmb();
546 +
547 +- vcpu->arch.st.steal.version += 1;
548 ++ st->version += 1;
549 +
550 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
551 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
552 ++ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, false);
553 + }
554 +
555 + int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
556 +@@ -2575,11 +2577,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
557 + if (data & KVM_STEAL_RESERVED_MASK)
558 + return 1;
559 +
560 +- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
561 +- data & KVM_STEAL_VALID_BITS,
562 +- sizeof(struct kvm_steal_time)))
563 +- return 1;
564 +-
565 + vcpu->arch.st.msr_val = data;
566 +
567 + if (!(data & KVM_MSR_ENABLED))
568 +@@ -3272,18 +3269,25 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
569 +
570 + static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
571 + {
572 ++ struct kvm_host_map map;
573 ++ struct kvm_steal_time *st;
574 ++
575 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
576 + return;
577 +
578 +- if (vcpu->arch.st.steal.preempted)
579 ++ if (vcpu->arch.st.preempted)
580 ++ return;
581 ++
582 ++ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map,
583 ++ &vcpu->arch.st.cache, true))
584 + return;
585 +
586 +- vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED;
587 ++ st = map.hva +
588 ++ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
589 +
590 +- kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime,
591 +- &vcpu->arch.st.steal.preempted,
592 +- offsetof(struct kvm_steal_time, preempted),
593 +- sizeof(vcpu->arch.st.steal.preempted));
594 ++ st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED;
595 ++
596 ++ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true);
597 + }
598 +
599 + void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
600 +@@ -8634,6 +8638,9 @@ static void fx_init(struct kvm_vcpu *vcpu)
601 + void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
602 + {
603 + void *wbinvd_dirty_mask = vcpu->arch.wbinvd_dirty_mask;
604 ++ struct gfn_to_pfn_cache *cache = &vcpu->arch.st.cache;
605 ++
606 ++ kvm_release_pfn(cache->pfn, cache->dirty, cache);
607 +
608 + kvmclock_reset(vcpu);
609 +
610 +@@ -9298,11 +9305,18 @@ out_free:
611 +
612 + void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen)
613 + {
614 ++ struct kvm_vcpu *vcpu;
615 ++ int i;
616 ++
617 + /*
618 + * memslots->generation has been incremented.
619 + * mmio generation may have reached its maximum value.
620 + */
621 + kvm_mmu_invalidate_mmio_sptes(kvm, gen);
622 ++
623 ++ /* Force re-initialization of steal_time cache */
624 ++ kvm_for_each_vcpu(i, vcpu, kvm)
625 ++ kvm_vcpu_kick(vcpu);
626 + }
627 +
628 + int kvm_arch_prepare_memory_region(struct kvm *kvm,
629 +diff --git a/drivers/block/loop.c b/drivers/block/loop.c
630 +index 9cd231a27328..c1341c86bcde 100644
631 +--- a/drivers/block/loop.c
632 ++++ b/drivers/block/loop.c
633 +@@ -426,11 +426,12 @@ static int lo_fallocate(struct loop_device *lo, struct request *rq, loff_t pos,
634 + * information.
635 + */
636 + struct file *file = lo->lo_backing_file;
637 ++ struct request_queue *q = lo->lo_queue;
638 + int ret;
639 +
640 + mode |= FALLOC_FL_KEEP_SIZE;
641 +
642 +- if ((!file->f_op->fallocate) || lo->lo_encrypt_key_size) {
643 ++ if (!blk_queue_discard(q)) {
644 + ret = -EOPNOTSUPP;
645 + goto out;
646 + }
647 +@@ -864,28 +865,47 @@ static void loop_config_discard(struct loop_device *lo)
648 + struct inode *inode = file->f_mapping->host;
649 + struct request_queue *q = lo->lo_queue;
650 +
651 ++ /*
652 ++ * If the backing device is a block device, mirror its zeroing
653 ++ * capability. Set the discard sectors to the block device's zeroing
654 ++ * capabilities because loop discards result in blkdev_issue_zeroout(),
655 ++ * not blkdev_issue_discard(). This maintains consistent behavior with
656 ++ * file-backed loop devices: discarded regions read back as zero.
657 ++ */
658 ++ if (S_ISBLK(inode->i_mode) && !lo->lo_encrypt_key_size) {
659 ++ struct request_queue *backingq;
660 ++
661 ++ backingq = bdev_get_queue(inode->i_bdev);
662 ++ blk_queue_max_discard_sectors(q,
663 ++ backingq->limits.max_write_zeroes_sectors);
664 ++
665 ++ blk_queue_max_write_zeroes_sectors(q,
666 ++ backingq->limits.max_write_zeroes_sectors);
667 ++
668 + /*
669 + * We use punch hole to reclaim the free space used by the
670 + * image a.k.a. discard. However we do not support discard if
671 + * encryption is enabled, because it may give an attacker
672 + * useful information.
673 + */
674 +- if ((!file->f_op->fallocate) ||
675 +- lo->lo_encrypt_key_size) {
676 ++ } else if (!file->f_op->fallocate || lo->lo_encrypt_key_size) {
677 + q->limits.discard_granularity = 0;
678 + q->limits.discard_alignment = 0;
679 + blk_queue_max_discard_sectors(q, 0);
680 + blk_queue_max_write_zeroes_sectors(q, 0);
681 +- blk_queue_flag_clear(QUEUE_FLAG_DISCARD, q);
682 +- return;
683 +- }
684 +
685 +- q->limits.discard_granularity = inode->i_sb->s_blocksize;
686 +- q->limits.discard_alignment = 0;
687 ++ } else {
688 ++ q->limits.discard_granularity = inode->i_sb->s_blocksize;
689 ++ q->limits.discard_alignment = 0;
690 +
691 +- blk_queue_max_discard_sectors(q, UINT_MAX >> 9);
692 +- blk_queue_max_write_zeroes_sectors(q, UINT_MAX >> 9);
693 +- blk_queue_flag_set(QUEUE_FLAG_DISCARD, q);
694 ++ blk_queue_max_discard_sectors(q, UINT_MAX >> 9);
695 ++ blk_queue_max_write_zeroes_sectors(q, UINT_MAX >> 9);
696 ++ }
697 ++
698 ++ if (q->limits.max_write_zeroes_sectors)
699 ++ blk_queue_flag_set(QUEUE_FLAG_DISCARD, q);
700 ++ else
701 ++ blk_queue_flag_clear(QUEUE_FLAG_DISCARD, q);
702 + }
703 +
704 + static void loop_unprepare_queue(struct loop_device *lo)
705 +diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
706 +index 728c9a9609f0..9a3c2b14ac37 100644
707 +--- a/drivers/block/virtio_blk.c
708 ++++ b/drivers/block/virtio_blk.c
709 +@@ -277,9 +277,14 @@ static blk_status_t virtio_queue_rq(struct blk_mq_hw_ctx *hctx,
710 + if (err == -ENOSPC)
711 + blk_mq_stop_hw_queue(hctx);
712 + spin_unlock_irqrestore(&vblk->vqs[qid].lock, flags);
713 +- if (err == -ENOMEM || err == -ENOSPC)
714 ++ switch (err) {
715 ++ case -ENOSPC:
716 + return BLK_STS_DEV_RESOURCE;
717 +- return BLK_STS_IOERR;
718 ++ case -ENOMEM:
719 ++ return BLK_STS_RESOURCE;
720 ++ default:
721 ++ return BLK_STS_IOERR;
722 ++ }
723 + }
724 +
725 + if (bd->last && virtqueue_kick_prepare(vblk->vqs[qid].vq))
726 +diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
727 +index 77e47dc5aacc..569e93e1f06c 100644
728 +--- a/drivers/char/tpm/tpm_ibmvtpm.c
729 ++++ b/drivers/char/tpm/tpm_ibmvtpm.c
730 +@@ -1,5 +1,5 @@
731 + /*
732 +- * Copyright (C) 2012 IBM Corporation
733 ++ * Copyright (C) 2012-2020 IBM Corporation
734 + *
735 + * Author: Ashley Lai <ashleydlai@×××××.com>
736 + *
737 +@@ -140,6 +140,64 @@ static int tpm_ibmvtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count)
738 + return len;
739 + }
740 +
741 ++/**
742 ++ * ibmvtpm_crq_send_init - Send a CRQ initialize message
743 ++ * @ibmvtpm: vtpm device struct
744 ++ *
745 ++ * Return:
746 ++ * 0 on success.
747 ++ * Non-zero on failure.
748 ++ */
749 ++static int ibmvtpm_crq_send_init(struct ibmvtpm_dev *ibmvtpm)
750 ++{
751 ++ int rc;
752 ++
753 ++ rc = ibmvtpm_send_crq_word(ibmvtpm->vdev, INIT_CRQ_CMD);
754 ++ if (rc != H_SUCCESS)
755 ++ dev_err(ibmvtpm->dev,
756 ++ "%s failed rc=%d\n", __func__, rc);
757 ++
758 ++ return rc;
759 ++}
760 ++
761 ++/**
762 ++ * tpm_ibmvtpm_resume - Resume from suspend
763 ++ *
764 ++ * @dev: device struct
765 ++ *
766 ++ * Return: Always 0.
767 ++ */
768 ++static int tpm_ibmvtpm_resume(struct device *dev)
769 ++{
770 ++ struct tpm_chip *chip = dev_get_drvdata(dev);
771 ++ struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev);
772 ++ int rc = 0;
773 ++
774 ++ do {
775 ++ if (rc)
776 ++ msleep(100);
777 ++ rc = plpar_hcall_norets(H_ENABLE_CRQ,
778 ++ ibmvtpm->vdev->unit_address);
779 ++ } while (rc == H_IN_PROGRESS || rc == H_BUSY || H_IS_LONG_BUSY(rc));
780 ++
781 ++ if (rc) {
782 ++ dev_err(dev, "Error enabling ibmvtpm rc=%d\n", rc);
783 ++ return rc;
784 ++ }
785 ++
786 ++ rc = vio_enable_interrupts(ibmvtpm->vdev);
787 ++ if (rc) {
788 ++ dev_err(dev, "Error vio_enable_interrupts rc=%d\n", rc);
789 ++ return rc;
790 ++ }
791 ++
792 ++ rc = ibmvtpm_crq_send_init(ibmvtpm);
793 ++ if (rc)
794 ++ dev_err(dev, "Error send_init rc=%d\n", rc);
795 ++
796 ++ return rc;
797 ++}
798 ++
799 + /**
800 + * tpm_ibmvtpm_send() - Send a TPM command
801 + * @chip: tpm chip struct
802 +@@ -153,6 +211,7 @@ static int tpm_ibmvtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count)
803 + static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
804 + {
805 + struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev);
806 ++ bool retry = true;
807 + int rc, sig;
808 +
809 + if (!ibmvtpm->rtce_buf) {
810 +@@ -186,18 +245,27 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
811 + */
812 + ibmvtpm->tpm_processing_cmd = true;
813 +
814 ++again:
815 + rc = ibmvtpm_send_crq(ibmvtpm->vdev,
816 + IBMVTPM_VALID_CMD, VTPM_TPM_COMMAND,
817 + count, ibmvtpm->rtce_dma_handle);
818 + if (rc != H_SUCCESS) {
819 ++ /*
820 ++ * H_CLOSED can be returned after LPM resume. Call
821 ++ * tpm_ibmvtpm_resume() to re-enable the CRQ then retry
822 ++ * ibmvtpm_send_crq() once before failing.
823 ++ */
824 ++ if (rc == H_CLOSED && retry) {
825 ++ tpm_ibmvtpm_resume(ibmvtpm->dev);
826 ++ retry = false;
827 ++ goto again;
828 ++ }
829 + dev_err(ibmvtpm->dev, "tpm_ibmvtpm_send failed rc=%d\n", rc);
830 +- rc = 0;
831 + ibmvtpm->tpm_processing_cmd = false;
832 +- } else
833 +- rc = 0;
834 ++ }
835 +
836 + spin_unlock(&ibmvtpm->rtce_lock);
837 +- return rc;
838 ++ return 0;
839 + }
840 +
841 + static void tpm_ibmvtpm_cancel(struct tpm_chip *chip)
842 +@@ -275,26 +343,6 @@ static int ibmvtpm_crq_send_init_complete(struct ibmvtpm_dev *ibmvtpm)
843 + return rc;
844 + }
845 +
846 +-/**
847 +- * ibmvtpm_crq_send_init - Send a CRQ initialize message
848 +- * @ibmvtpm: vtpm device struct
849 +- *
850 +- * Return:
851 +- * 0 on success.
852 +- * Non-zero on failure.
853 +- */
854 +-static int ibmvtpm_crq_send_init(struct ibmvtpm_dev *ibmvtpm)
855 +-{
856 +- int rc;
857 +-
858 +- rc = ibmvtpm_send_crq_word(ibmvtpm->vdev, INIT_CRQ_CMD);
859 +- if (rc != H_SUCCESS)
860 +- dev_err(ibmvtpm->dev,
861 +- "ibmvtpm_crq_send_init failed rc=%d\n", rc);
862 +-
863 +- return rc;
864 +-}
865 +-
866 + /**
867 + * tpm_ibmvtpm_remove - ibm vtpm remove entry point
868 + * @vdev: vio device struct
869 +@@ -407,44 +455,6 @@ static int ibmvtpm_reset_crq(struct ibmvtpm_dev *ibmvtpm)
870 + ibmvtpm->crq_dma_handle, CRQ_RES_BUF_SIZE);
871 + }
872 +
873 +-/**
874 +- * tpm_ibmvtpm_resume - Resume from suspend
875 +- *
876 +- * @dev: device struct
877 +- *
878 +- * Return: Always 0.
879 +- */
880 +-static int tpm_ibmvtpm_resume(struct device *dev)
881 +-{
882 +- struct tpm_chip *chip = dev_get_drvdata(dev);
883 +- struct ibmvtpm_dev *ibmvtpm = dev_get_drvdata(&chip->dev);
884 +- int rc = 0;
885 +-
886 +- do {
887 +- if (rc)
888 +- msleep(100);
889 +- rc = plpar_hcall_norets(H_ENABLE_CRQ,
890 +- ibmvtpm->vdev->unit_address);
891 +- } while (rc == H_IN_PROGRESS || rc == H_BUSY || H_IS_LONG_BUSY(rc));
892 +-
893 +- if (rc) {
894 +- dev_err(dev, "Error enabling ibmvtpm rc=%d\n", rc);
895 +- return rc;
896 +- }
897 +-
898 +- rc = vio_enable_interrupts(ibmvtpm->vdev);
899 +- if (rc) {
900 +- dev_err(dev, "Error vio_enable_interrupts rc=%d\n", rc);
901 +- return rc;
902 +- }
903 +-
904 +- rc = ibmvtpm_crq_send_init(ibmvtpm);
905 +- if (rc)
906 +- dev_err(dev, "Error send_init rc=%d\n", rc);
907 +-
908 +- return rc;
909 +-}
910 +-
911 + static bool tpm_ibmvtpm_req_canceled(struct tpm_chip *chip, u8 status)
912 + {
913 + return (status == 0);
914 +diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
915 +index 0eaea3a7b8f4..5d8f8f018984 100644
916 +--- a/drivers/char/tpm/tpm_tis_core.c
917 ++++ b/drivers/char/tpm/tpm_tis_core.c
918 +@@ -437,6 +437,9 @@ static void disable_interrupts(struct tpm_chip *chip)
919 + u32 intmask;
920 + int rc;
921 +
922 ++ if (priv->irq == 0)
923 ++ return;
924 ++
925 + rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
926 + if (rc < 0)
927 + intmask = 0;
928 +@@ -984,9 +987,12 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
929 + if (irq) {
930 + tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
931 + irq);
932 +- if (!(chip->flags & TPM_CHIP_FLAG_IRQ))
933 ++ if (!(chip->flags & TPM_CHIP_FLAG_IRQ)) {
934 + dev_err(&chip->dev, FW_BUG
935 + "TPM interrupt not working, polling instead\n");
936 ++
937 ++ disable_interrupts(chip);
938 ++ }
939 + } else {
940 + tpm_tis_probe_irq(chip, intmask);
941 + }
942 +diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
943 +index 5c5c504dacb6..b0c592073a4a 100644
944 +--- a/drivers/crypto/mxs-dcp.c
945 ++++ b/drivers/crypto/mxs-dcp.c
946 +@@ -37,11 +37,11 @@
947 + * Null hashes to align with hw behavior on imx6sl and ull
948 + * these are flipped for consistency with hw output
949 + */
950 +-const uint8_t sha1_null_hash[] =
951 ++static const uint8_t sha1_null_hash[] =
952 + "\x09\x07\xd8\xaf\x90\x18\x60\x95\xef\xbf"
953 + "\x55\x32\x0d\x4b\x6b\x5e\xee\xa3\x39\xda";
954 +
955 +-const uint8_t sha256_null_hash[] =
956 ++static const uint8_t sha256_null_hash[] =
957 + "\x55\xb8\x52\x78\x1b\x99\x95\xa4"
958 + "\x4c\x93\x9b\x64\xe4\x41\xae\x27"
959 + "\x24\xb9\x6f\x99\xc8\xf4\xfb\x9a"
960 +diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
961 +index 2b2efe443c36..b64ad9e1f0c3 100644
962 +--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
963 ++++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
964 +@@ -996,6 +996,26 @@ bool dc_commit_state(struct dc *dc, struct dc_state *context)
965 + return (result == DC_OK);
966 + }
967 +
968 ++static bool is_flip_pending_in_pipes(struct dc *dc, struct dc_state *context)
969 ++{
970 ++ int i;
971 ++ struct pipe_ctx *pipe;
972 ++
973 ++ for (i = 0; i < MAX_PIPES; i++) {
974 ++ pipe = &context->res_ctx.pipe_ctx[i];
975 ++
976 ++ if (!pipe->plane_state)
977 ++ continue;
978 ++
979 ++ /* Must set to false to start with, due to OR in update function */
980 ++ pipe->plane_state->status.is_flip_pending = false;
981 ++ dc->hwss.update_pending_status(pipe);
982 ++ if (pipe->plane_state->status.is_flip_pending)
983 ++ return true;
984 ++ }
985 ++ return false;
986 ++}
987 ++
988 + bool dc_post_update_surfaces_to_stream(struct dc *dc)
989 + {
990 + int i;
991 +@@ -1003,6 +1023,9 @@ bool dc_post_update_surfaces_to_stream(struct dc *dc)
992 +
993 + post_surface_trace(dc);
994 +
995 ++ if (is_flip_pending_in_pipes(dc, context))
996 ++ return true;
997 ++
998 + for (i = 0; i < dc->res_pool->pipe_count; i++)
999 + if (context->res_ctx.pipe_ctx[i].stream == NULL ||
1000 + context->res_ctx.pipe_ctx[i].plane_state == NULL) {
1001 +diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c
1002 +index e53b7cb2211d..7c0b30c955c3 100644
1003 +--- a/drivers/gpu/drm/msm/msm_gem.c
1004 ++++ b/drivers/gpu/drm/msm/msm_gem.c
1005 +@@ -61,7 +61,7 @@ static void sync_for_device(struct msm_gem_object *msm_obj)
1006 + {
1007 + struct device *dev = msm_obj->base.dev->dev;
1008 +
1009 +- if (get_dma_ops(dev)) {
1010 ++ if (get_dma_ops(dev) && IS_ENABLED(CONFIG_ARM64)) {
1011 + dma_sync_sg_for_device(dev, msm_obj->sgt->sgl,
1012 + msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
1013 + } else {
1014 +@@ -74,7 +74,7 @@ static void sync_for_cpu(struct msm_gem_object *msm_obj)
1015 + {
1016 + struct device *dev = msm_obj->base.dev->dev;
1017 +
1018 +- if (get_dma_ops(dev)) {
1019 ++ if (get_dma_ops(dev) && IS_ENABLED(CONFIG_ARM64)) {
1020 + dma_sync_sg_for_cpu(dev, msm_obj->sgt->sgl,
1021 + msm_obj->sgt->nents, DMA_BIDIRECTIONAL);
1022 + } else {
1023 +diff --git a/drivers/iio/adc/stm32-adc.c b/drivers/iio/adc/stm32-adc.c
1024 +index 0409dcf5b047..24d5d049567a 100644
1025 +--- a/drivers/iio/adc/stm32-adc.c
1026 ++++ b/drivers/iio/adc/stm32-adc.c
1027 +@@ -1308,8 +1308,30 @@ static unsigned int stm32_adc_dma_residue(struct stm32_adc *adc)
1028 + static void stm32_adc_dma_buffer_done(void *data)
1029 + {
1030 + struct iio_dev *indio_dev = data;
1031 ++ struct stm32_adc *adc = iio_priv(indio_dev);
1032 ++ int residue = stm32_adc_dma_residue(adc);
1033 ++
1034 ++ /*
1035 ++ * In DMA mode the trigger services of IIO are not used
1036 ++ * (e.g. no call to iio_trigger_poll).
1037 ++ * Calling irq handler associated to the hardware trigger is not
1038 ++ * relevant as the conversions have already been done. Data
1039 ++ * transfers are performed directly in DMA callback instead.
1040 ++ * This implementation avoids to call trigger irq handler that
1041 ++ * may sleep, in an atomic context (DMA irq handler context).
1042 ++ */
1043 ++ dev_dbg(&indio_dev->dev, "%s bufi=%d\n", __func__, adc->bufi);
1044 +
1045 +- iio_trigger_poll_chained(indio_dev->trig);
1046 ++ while (residue >= indio_dev->scan_bytes) {
1047 ++ u16 *buffer = (u16 *)&adc->rx_buf[adc->bufi];
1048 ++
1049 ++ iio_push_to_buffers(indio_dev, buffer);
1050 ++
1051 ++ residue -= indio_dev->scan_bytes;
1052 ++ adc->bufi += indio_dev->scan_bytes;
1053 ++ if (adc->bufi >= adc->rx_buf_sz)
1054 ++ adc->bufi = 0;
1055 ++ }
1056 + }
1057 +
1058 + static int stm32_adc_dma_start(struct iio_dev *indio_dev)
1059 +@@ -1703,6 +1725,7 @@ static int stm32_adc_probe(struct platform_device *pdev)
1060 + {
1061 + struct iio_dev *indio_dev;
1062 + struct device *dev = &pdev->dev;
1063 ++ irqreturn_t (*handler)(int irq, void *p) = NULL;
1064 + struct stm32_adc *adc;
1065 + int ret;
1066 +
1067 +@@ -1785,9 +1808,11 @@ static int stm32_adc_probe(struct platform_device *pdev)
1068 + if (ret < 0)
1069 + goto err_clk_disable;
1070 +
1071 ++ if (!adc->dma_chan)
1072 ++ handler = &stm32_adc_trigger_handler;
1073 ++
1074 + ret = iio_triggered_buffer_setup(indio_dev,
1075 +- &iio_pollfunc_store_time,
1076 +- &stm32_adc_trigger_handler,
1077 ++ &iio_pollfunc_store_time, handler,
1078 + &stm32_adc_buffer_setup_ops);
1079 + if (ret) {
1080 + dev_err(&pdev->dev, "buffer setup failed\n");
1081 +diff --git a/drivers/iio/adc/xilinx-xadc-core.c b/drivers/iio/adc/xilinx-xadc-core.c
1082 +index 1ae86e7359f7..1b0046cc717b 100644
1083 +--- a/drivers/iio/adc/xilinx-xadc-core.c
1084 ++++ b/drivers/iio/adc/xilinx-xadc-core.c
1085 +@@ -103,6 +103,16 @@ static const unsigned int XADC_ZYNQ_UNMASK_TIMEOUT = 500;
1086 +
1087 + #define XADC_FLAGS_BUFFERED BIT(0)
1088 +
1089 ++/*
1090 ++ * The XADC hardware supports a samplerate of up to 1MSPS. Unfortunately it does
1091 ++ * not have a hardware FIFO. Which means an interrupt is generated for each
1092 ++ * conversion sequence. At 1MSPS sample rate the CPU in ZYNQ7000 is completely
1093 ++ * overloaded by the interrupts that it soft-lockups. For this reason the driver
1094 ++ * limits the maximum samplerate 150kSPS. At this rate the CPU is fairly busy,
1095 ++ * but still responsive.
1096 ++ */
1097 ++#define XADC_MAX_SAMPLERATE 150000
1098 ++
1099 + static void xadc_write_reg(struct xadc *xadc, unsigned int reg,
1100 + uint32_t val)
1101 + {
1102 +@@ -675,7 +685,7 @@ static int xadc_trigger_set_state(struct iio_trigger *trigger, bool state)
1103 +
1104 + spin_lock_irqsave(&xadc->lock, flags);
1105 + xadc_read_reg(xadc, XADC_AXI_REG_IPIER, &val);
1106 +- xadc_write_reg(xadc, XADC_AXI_REG_IPISR, val & XADC_AXI_INT_EOS);
1107 ++ xadc_write_reg(xadc, XADC_AXI_REG_IPISR, XADC_AXI_INT_EOS);
1108 + if (state)
1109 + val |= XADC_AXI_INT_EOS;
1110 + else
1111 +@@ -723,13 +733,14 @@ static int xadc_power_adc_b(struct xadc *xadc, unsigned int seq_mode)
1112 + {
1113 + uint16_t val;
1114 +
1115 ++ /* Powerdown the ADC-B when it is not needed. */
1116 + switch (seq_mode) {
1117 + case XADC_CONF1_SEQ_SIMULTANEOUS:
1118 + case XADC_CONF1_SEQ_INDEPENDENT:
1119 +- val = XADC_CONF2_PD_ADC_B;
1120 ++ val = 0;
1121 + break;
1122 + default:
1123 +- val = 0;
1124 ++ val = XADC_CONF2_PD_ADC_B;
1125 + break;
1126 + }
1127 +
1128 +@@ -798,6 +809,16 @@ static int xadc_preenable(struct iio_dev *indio_dev)
1129 + if (ret)
1130 + goto err;
1131 +
1132 ++ /*
1133 ++ * In simultaneous mode the upper and lower aux channels are samples at
1134 ++ * the same time. In this mode the upper 8 bits in the sequencer
1135 ++ * register are don't care and the lower 8 bits control two channels
1136 ++ * each. As such we must set the bit if either the channel in the lower
1137 ++ * group or the upper group is enabled.
1138 ++ */
1139 ++ if (seq_mode == XADC_CONF1_SEQ_SIMULTANEOUS)
1140 ++ scan_mask = ((scan_mask >> 8) | scan_mask) & 0xff0000;
1141 ++
1142 + ret = xadc_write_adc_reg(xadc, XADC_REG_SEQ(1), scan_mask >> 16);
1143 + if (ret)
1144 + goto err;
1145 +@@ -824,11 +845,27 @@ static const struct iio_buffer_setup_ops xadc_buffer_ops = {
1146 + .postdisable = &xadc_postdisable,
1147 + };
1148 +
1149 ++static int xadc_read_samplerate(struct xadc *xadc)
1150 ++{
1151 ++ unsigned int div;
1152 ++ uint16_t val16;
1153 ++ int ret;
1154 ++
1155 ++ ret = xadc_read_adc_reg(xadc, XADC_REG_CONF2, &val16);
1156 ++ if (ret)
1157 ++ return ret;
1158 ++
1159 ++ div = (val16 & XADC_CONF2_DIV_MASK) >> XADC_CONF2_DIV_OFFSET;
1160 ++ if (div < 2)
1161 ++ div = 2;
1162 ++
1163 ++ return xadc_get_dclk_rate(xadc) / div / 26;
1164 ++}
1165 ++
1166 + static int xadc_read_raw(struct iio_dev *indio_dev,
1167 + struct iio_chan_spec const *chan, int *val, int *val2, long info)
1168 + {
1169 + struct xadc *xadc = iio_priv(indio_dev);
1170 +- unsigned int div;
1171 + uint16_t val16;
1172 + int ret;
1173 +
1174 +@@ -881,41 +918,31 @@ static int xadc_read_raw(struct iio_dev *indio_dev,
1175 + *val = -((273150 << 12) / 503975);
1176 + return IIO_VAL_INT;
1177 + case IIO_CHAN_INFO_SAMP_FREQ:
1178 +- ret = xadc_read_adc_reg(xadc, XADC_REG_CONF2, &val16);
1179 +- if (ret)
1180 ++ ret = xadc_read_samplerate(xadc);
1181 ++ if (ret < 0)
1182 + return ret;
1183 +
1184 +- div = (val16 & XADC_CONF2_DIV_MASK) >> XADC_CONF2_DIV_OFFSET;
1185 +- if (div < 2)
1186 +- div = 2;
1187 +-
1188 +- *val = xadc_get_dclk_rate(xadc) / div / 26;
1189 +-
1190 ++ *val = ret;
1191 + return IIO_VAL_INT;
1192 + default:
1193 + return -EINVAL;
1194 + }
1195 + }
1196 +
1197 +-static int xadc_write_raw(struct iio_dev *indio_dev,
1198 +- struct iio_chan_spec const *chan, int val, int val2, long info)
1199 ++static int xadc_write_samplerate(struct xadc *xadc, int val)
1200 + {
1201 +- struct xadc *xadc = iio_priv(indio_dev);
1202 + unsigned long clk_rate = xadc_get_dclk_rate(xadc);
1203 + unsigned int div;
1204 +
1205 + if (!clk_rate)
1206 + return -EINVAL;
1207 +
1208 +- if (info != IIO_CHAN_INFO_SAMP_FREQ)
1209 +- return -EINVAL;
1210 +-
1211 + if (val <= 0)
1212 + return -EINVAL;
1213 +
1214 + /* Max. 150 kSPS */
1215 +- if (val > 150000)
1216 +- val = 150000;
1217 ++ if (val > XADC_MAX_SAMPLERATE)
1218 ++ val = XADC_MAX_SAMPLERATE;
1219 +
1220 + val *= 26;
1221 +
1222 +@@ -928,7 +955,7 @@ static int xadc_write_raw(struct iio_dev *indio_dev,
1223 + * limit.
1224 + */
1225 + div = clk_rate / val;
1226 +- if (clk_rate / div / 26 > 150000)
1227 ++ if (clk_rate / div / 26 > XADC_MAX_SAMPLERATE)
1228 + div++;
1229 + if (div < 2)
1230 + div = 2;
1231 +@@ -939,6 +966,17 @@ static int xadc_write_raw(struct iio_dev *indio_dev,
1232 + div << XADC_CONF2_DIV_OFFSET);
1233 + }
1234 +
1235 ++static int xadc_write_raw(struct iio_dev *indio_dev,
1236 ++ struct iio_chan_spec const *chan, int val, int val2, long info)
1237 ++{
1238 ++ struct xadc *xadc = iio_priv(indio_dev);
1239 ++
1240 ++ if (info != IIO_CHAN_INFO_SAMP_FREQ)
1241 ++ return -EINVAL;
1242 ++
1243 ++ return xadc_write_samplerate(xadc, val);
1244 ++}
1245 ++
1246 + static const struct iio_event_spec xadc_temp_events[] = {
1247 + {
1248 + .type = IIO_EV_TYPE_THRESH,
1249 +@@ -1226,6 +1264,21 @@ static int xadc_probe(struct platform_device *pdev)
1250 + if (ret)
1251 + goto err_free_samplerate_trigger;
1252 +
1253 ++ /*
1254 ++ * Make sure not to exceed the maximum samplerate since otherwise the
1255 ++ * resulting interrupt storm will soft-lock the system.
1256 ++ */
1257 ++ if (xadc->ops->flags & XADC_FLAGS_BUFFERED) {
1258 ++ ret = xadc_read_samplerate(xadc);
1259 ++ if (ret < 0)
1260 ++ goto err_free_samplerate_trigger;
1261 ++ if (ret > XADC_MAX_SAMPLERATE) {
1262 ++ ret = xadc_write_samplerate(xadc, XADC_MAX_SAMPLERATE);
1263 ++ if (ret < 0)
1264 ++ goto err_free_samplerate_trigger;
1265 ++ }
1266 ++ }
1267 ++
1268 + ret = request_irq(xadc->irq, xadc->ops->interrupt_handler, 0,
1269 + dev_name(&pdev->dev), indio_dev);
1270 + if (ret)
1271 +diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c
1272 +index 26fbd1bd9413..09279e40c55c 100644
1273 +--- a/drivers/iio/common/st_sensors/st_sensors_core.c
1274 ++++ b/drivers/iio/common/st_sensors/st_sensors_core.c
1275 +@@ -93,7 +93,7 @@ int st_sensors_set_odr(struct iio_dev *indio_dev, unsigned int odr)
1276 + struct st_sensor_odr_avl odr_out = {0, 0};
1277 + struct st_sensor_data *sdata = iio_priv(indio_dev);
1278 +
1279 +- if (!sdata->sensor_settings->odr.addr)
1280 ++ if (!sdata->sensor_settings->odr.mask)
1281 + return 0;
1282 +
1283 + err = st_sensors_match_odr(sdata->sensor_settings, odr, &odr_out);
1284 +diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
1285 +index 6e96a2fb97dc..df8f5ceea2dd 100644
1286 +--- a/drivers/infiniband/core/addr.c
1287 ++++ b/drivers/infiniband/core/addr.c
1288 +@@ -408,16 +408,15 @@ static int addr6_resolve(struct sockaddr_in6 *src_in,
1289 + struct flowi6 fl6;
1290 + struct dst_entry *dst;
1291 + struct rt6_info *rt;
1292 +- int ret;
1293 +
1294 + memset(&fl6, 0, sizeof fl6);
1295 + fl6.daddr = dst_in->sin6_addr;
1296 + fl6.saddr = src_in->sin6_addr;
1297 + fl6.flowi6_oif = addr->bound_dev_if;
1298 +
1299 +- ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6);
1300 +- if (ret < 0)
1301 +- return ret;
1302 ++ dst = ipv6_stub->ipv6_dst_lookup_flow(addr->net, NULL, &fl6, NULL);
1303 ++ if (IS_ERR(dst))
1304 ++ return PTR_ERR(dst);
1305 +
1306 + rt = (struct rt6_info *)dst;
1307 + if (ipv6_addr_any(&src_in->sin6_addr)) {
1308 +diff --git a/drivers/infiniband/sw/rxe/rxe_net.c b/drivers/infiniband/sw/rxe/rxe_net.c
1309 +index 54add70c22b5..7903bd5c639e 100644
1310 +--- a/drivers/infiniband/sw/rxe/rxe_net.c
1311 ++++ b/drivers/infiniband/sw/rxe/rxe_net.c
1312 +@@ -154,10 +154,12 @@ static struct dst_entry *rxe_find_route6(struct net_device *ndev,
1313 + memcpy(&fl6.daddr, daddr, sizeof(*daddr));
1314 + fl6.flowi6_proto = IPPROTO_UDP;
1315 +
1316 +- if (unlikely(ipv6_stub->ipv6_dst_lookup(sock_net(recv_sockets.sk6->sk),
1317 +- recv_sockets.sk6->sk, &ndst, &fl6))) {
1318 ++ ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk),
1319 ++ recv_sockets.sk6->sk, &fl6,
1320 ++ NULL);
1321 ++ if (unlikely(IS_ERR(ndst))) {
1322 + pr_err_ratelimited("no route to %pI6\n", daddr);
1323 +- goto put;
1324 ++ return NULL;
1325 + }
1326 +
1327 + if (unlikely(ndst->error)) {
1328 +diff --git a/drivers/net/dsa/b53/b53_common.c b/drivers/net/dsa/b53/b53_common.c
1329 +index ac5d945b934a..11f3993ab7f3 100644
1330 +--- a/drivers/net/dsa/b53/b53_common.c
1331 ++++ b/drivers/net/dsa/b53/b53_common.c
1332 +@@ -1253,6 +1253,10 @@ static int b53_arl_rw_op(struct b53_device *dev, unsigned int op)
1333 + reg |= ARLTBL_RW;
1334 + else
1335 + reg &= ~ARLTBL_RW;
1336 ++ if (dev->vlan_enabled)
1337 ++ reg &= ~ARLTBL_IVL_SVL_SELECT;
1338 ++ else
1339 ++ reg |= ARLTBL_IVL_SVL_SELECT;
1340 + b53_write8(dev, B53_ARLIO_PAGE, B53_ARLTBL_RW_CTRL, reg);
1341 +
1342 + return b53_arl_op_wait(dev);
1343 +@@ -1262,6 +1266,7 @@ static int b53_arl_read(struct b53_device *dev, u64 mac,
1344 + u16 vid, struct b53_arl_entry *ent, u8 *idx,
1345 + bool is_valid)
1346 + {
1347 ++ DECLARE_BITMAP(free_bins, B53_ARLTBL_MAX_BIN_ENTRIES);
1348 + unsigned int i;
1349 + int ret;
1350 +
1351 +@@ -1269,6 +1274,8 @@ static int b53_arl_read(struct b53_device *dev, u64 mac,
1352 + if (ret)
1353 + return ret;
1354 +
1355 ++ bitmap_zero(free_bins, dev->num_arl_entries);
1356 ++
1357 + /* Read the bins */
1358 + for (i = 0; i < dev->num_arl_entries; i++) {
1359 + u64 mac_vid;
1360 +@@ -1280,13 +1287,24 @@ static int b53_arl_read(struct b53_device *dev, u64 mac,
1361 + B53_ARLTBL_DATA_ENTRY(i), &fwd_entry);
1362 + b53_arl_to_entry(ent, mac_vid, fwd_entry);
1363 +
1364 +- if (!(fwd_entry & ARLTBL_VALID))
1365 ++ if (!(fwd_entry & ARLTBL_VALID)) {
1366 ++ set_bit(i, free_bins);
1367 + continue;
1368 ++ }
1369 + if ((mac_vid & ARLTBL_MAC_MASK) != mac)
1370 + continue;
1371 ++ if (dev->vlan_enabled &&
1372 ++ ((mac_vid >> ARLTBL_VID_S) & ARLTBL_VID_MASK) != vid)
1373 ++ continue;
1374 + *idx = i;
1375 ++ return 0;
1376 + }
1377 +
1378 ++ if (bitmap_weight(free_bins, dev->num_arl_entries) == 0)
1379 ++ return -ENOSPC;
1380 ++
1381 ++ *idx = find_first_bit(free_bins, dev->num_arl_entries);
1382 ++
1383 + return -ENOENT;
1384 + }
1385 +
1386 +@@ -1316,10 +1334,21 @@ static int b53_arl_op(struct b53_device *dev, int op, int port,
1387 + if (op)
1388 + return ret;
1389 +
1390 +- /* We could not find a matching MAC, so reset to a new entry */
1391 +- if (ret) {
1392 ++ switch (ret) {
1393 ++ case -ENOSPC:
1394 ++ dev_dbg(dev->dev, "{%pM,%.4d} no space left in ARL\n",
1395 ++ addr, vid);
1396 ++ return is_valid ? ret : 0;
1397 ++ case -ENOENT:
1398 ++ /* We could not find a matching MAC, so reset to a new entry */
1399 ++ dev_dbg(dev->dev, "{%pM,%.4d} not found, using idx: %d\n",
1400 ++ addr, vid, idx);
1401 + fwd_entry = 0;
1402 +- idx = 1;
1403 ++ break;
1404 ++ default:
1405 ++ dev_dbg(dev->dev, "{%pM,%.4d} found, using idx: %d\n",
1406 ++ addr, vid, idx);
1407 ++ break;
1408 + }
1409 +
1410 + memset(&ent, 0, sizeof(ent));
1411 +diff --git a/drivers/net/dsa/b53/b53_regs.h b/drivers/net/dsa/b53/b53_regs.h
1412 +index 2a9f421680aa..c90985c294a2 100644
1413 +--- a/drivers/net/dsa/b53/b53_regs.h
1414 ++++ b/drivers/net/dsa/b53/b53_regs.h
1415 +@@ -292,6 +292,7 @@
1416 + /* ARL Table Read/Write Register (8 bit) */
1417 + #define B53_ARLTBL_RW_CTRL 0x00
1418 + #define ARLTBL_RW BIT(0)
1419 ++#define ARLTBL_IVL_SVL_SELECT BIT(6)
1420 + #define ARLTBL_START_DONE BIT(7)
1421 +
1422 + /* MAC Address Index Register (48 bit) */
1423 +@@ -304,7 +305,7 @@
1424 + *
1425 + * BCM5325 and BCM5365 share most definitions below
1426 + */
1427 +-#define B53_ARLTBL_MAC_VID_ENTRY(n) (0x10 * (n))
1428 ++#define B53_ARLTBL_MAC_VID_ENTRY(n) ((0x10 * (n)) + 0x10)
1429 + #define ARLTBL_MAC_MASK 0xffffffffffffULL
1430 + #define ARLTBL_VID_S 48
1431 + #define ARLTBL_VID_MASK_25 0xff
1432 +@@ -316,13 +317,16 @@
1433 + #define ARLTBL_VALID_25 BIT(63)
1434 +
1435 + /* ARL Table Data Entry N Registers (32 bit) */
1436 +-#define B53_ARLTBL_DATA_ENTRY(n) ((0x10 * (n)) + 0x08)
1437 ++#define B53_ARLTBL_DATA_ENTRY(n) ((0x10 * (n)) + 0x18)
1438 + #define ARLTBL_DATA_PORT_ID_MASK 0x1ff
1439 + #define ARLTBL_TC(tc) ((3 & tc) << 11)
1440 + #define ARLTBL_AGE BIT(14)
1441 + #define ARLTBL_STATIC BIT(15)
1442 + #define ARLTBL_VALID BIT(16)
1443 +
1444 ++/* Maximum number of bin entries in the ARL for all switches */
1445 ++#define B53_ARLTBL_MAX_BIN_ENTRIES 4
1446 ++
1447 + /* ARL Search Control Register (8 bit) */
1448 + #define B53_ARL_SRCH_CTL 0x50
1449 + #define B53_ARL_SRCH_CTL_25 0x20
1450 +diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
1451 +index 736a6a5fbd98..789c206b515e 100644
1452 +--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
1453 ++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
1454 +@@ -998,6 +998,8 @@ static void bcmgenet_get_ethtool_stats(struct net_device *dev,
1455 + if (netif_running(dev))
1456 + bcmgenet_update_mib_counters(priv);
1457 +
1458 ++ dev->netdev_ops->ndo_get_stats(dev);
1459 ++
1460 + for (i = 0; i < BCMGENET_STATS_LEN; i++) {
1461 + const struct bcmgenet_stats *s;
1462 + char *p;
1463 +@@ -3211,6 +3213,7 @@ static struct net_device_stats *bcmgenet_get_stats(struct net_device *dev)
1464 + dev->stats.rx_packets = rx_packets;
1465 + dev->stats.rx_errors = rx_errors;
1466 + dev->stats.rx_missed_errors = rx_errors;
1467 ++ dev->stats.rx_dropped = rx_dropped;
1468 + return &dev->stats;
1469 + }
1470 +
1471 +diff --git a/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c b/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c
1472 +index b766362031c3..5bc58429bb1c 100644
1473 +--- a/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c
1474 ++++ b/drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c
1475 +@@ -1065,9 +1065,9 @@ static void cudbg_t4_fwcache(struct cudbg_init *pdbg_init,
1476 + }
1477 + }
1478 +
1479 +-static unsigned long cudbg_mem_region_size(struct cudbg_init *pdbg_init,
1480 +- struct cudbg_error *cudbg_err,
1481 +- u8 mem_type)
1482 ++static int cudbg_mem_region_size(struct cudbg_init *pdbg_init,
1483 ++ struct cudbg_error *cudbg_err,
1484 ++ u8 mem_type, unsigned long *region_size)
1485 + {
1486 + struct adapter *padap = pdbg_init->adap;
1487 + struct cudbg_meminfo mem_info;
1488 +@@ -1076,15 +1076,23 @@ static unsigned long cudbg_mem_region_size(struct cudbg_init *pdbg_init,
1489 +
1490 + memset(&mem_info, 0, sizeof(struct cudbg_meminfo));
1491 + rc = cudbg_fill_meminfo(padap, &mem_info);
1492 +- if (rc)
1493 ++ if (rc) {
1494 ++ cudbg_err->sys_err = rc;
1495 + return rc;
1496 ++ }
1497 +
1498 + cudbg_t4_fwcache(pdbg_init, cudbg_err);
1499 + rc = cudbg_meminfo_get_mem_index(padap, &mem_info, mem_type, &mc_idx);
1500 +- if (rc)
1501 ++ if (rc) {
1502 ++ cudbg_err->sys_err = rc;
1503 + return rc;
1504 ++ }
1505 ++
1506 ++ if (region_size)
1507 ++ *region_size = mem_info.avail[mc_idx].limit -
1508 ++ mem_info.avail[mc_idx].base;
1509 +
1510 +- return mem_info.avail[mc_idx].limit - mem_info.avail[mc_idx].base;
1511 ++ return 0;
1512 + }
1513 +
1514 + static int cudbg_collect_mem_region(struct cudbg_init *pdbg_init,
1515 +@@ -1092,7 +1100,12 @@ static int cudbg_collect_mem_region(struct cudbg_init *pdbg_init,
1516 + struct cudbg_error *cudbg_err,
1517 + u8 mem_type)
1518 + {
1519 +- unsigned long size = cudbg_mem_region_size(pdbg_init, cudbg_err, mem_type);
1520 ++ unsigned long size = 0;
1521 ++ int rc;
1522 ++
1523 ++ rc = cudbg_mem_region_size(pdbg_init, cudbg_err, mem_type, &size);
1524 ++ if (rc)
1525 ++ return rc;
1526 +
1527 + return cudbg_read_fw_mem(pdbg_init, dbg_buff, mem_type, size,
1528 + cudbg_err);
1529 +diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_ptp.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_ptp.c
1530 +index 758f2b836328..ff7e58a8c90f 100644
1531 +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_ptp.c
1532 ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_ptp.c
1533 +@@ -311,32 +311,17 @@ static int cxgb4_ptp_adjtime(struct ptp_clock_info *ptp, s64 delta)
1534 + */
1535 + static int cxgb4_ptp_gettime(struct ptp_clock_info *ptp, struct timespec64 *ts)
1536 + {
1537 +- struct adapter *adapter = (struct adapter *)container_of(ptp,
1538 +- struct adapter, ptp_clock_info);
1539 +- struct fw_ptp_cmd c;
1540 ++ struct adapter *adapter = container_of(ptp, struct adapter,
1541 ++ ptp_clock_info);
1542 + u64 ns;
1543 +- int err;
1544 +-
1545 +- memset(&c, 0, sizeof(c));
1546 +- c.op_to_portid = cpu_to_be32(FW_CMD_OP_V(FW_PTP_CMD) |
1547 +- FW_CMD_REQUEST_F |
1548 +- FW_CMD_READ_F |
1549 +- FW_PTP_CMD_PORTID_V(0));
1550 +- c.retval_len16 = cpu_to_be32(FW_CMD_LEN16_V(sizeof(c) / 16));
1551 +- c.u.ts.sc = FW_PTP_SC_GET_TIME;
1552 +
1553 +- err = t4_wr_mbox(adapter, adapter->mbox, &c, sizeof(c), &c);
1554 +- if (err < 0) {
1555 +- dev_err(adapter->pdev_dev,
1556 +- "PTP: %s error %d\n", __func__, -err);
1557 +- return err;
1558 +- }
1559 ++ ns = t4_read_reg(adapter, T5_PORT_REG(0, MAC_PORT_PTP_SUM_LO_A));
1560 ++ ns |= (u64)t4_read_reg(adapter,
1561 ++ T5_PORT_REG(0, MAC_PORT_PTP_SUM_HI_A)) << 32;
1562 +
1563 + /* convert to timespec*/
1564 +- ns = be64_to_cpu(c.u.ts.tm);
1565 + *ts = ns_to_timespec64(ns);
1566 +-
1567 +- return err;
1568 ++ return 0;
1569 + }
1570 +
1571 + /**
1572 +diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_regs.h b/drivers/net/ethernet/chelsio/cxgb4/t4_regs.h
1573 +index eb222d40ddbf..a64eb6ac5c76 100644
1574 +--- a/drivers/net/ethernet/chelsio/cxgb4/t4_regs.h
1575 ++++ b/drivers/net/ethernet/chelsio/cxgb4/t4_regs.h
1576 +@@ -1896,6 +1896,9 @@
1577 +
1578 + #define MAC_PORT_CFG2_A 0x818
1579 +
1580 ++#define MAC_PORT_PTP_SUM_LO_A 0x990
1581 ++#define MAC_PORT_PTP_SUM_HI_A 0x994
1582 ++
1583 + #define MPS_CMN_CTL_A 0x9000
1584 +
1585 + #define COUNTPAUSEMCRX_S 5
1586 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
1587 +index c8928ce69185..3050853774ee 100644
1588 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
1589 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
1590 +@@ -2217,12 +2217,11 @@ static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv,
1591 + #if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6)
1592 + struct mlx5e_rep_priv *uplink_rpriv;
1593 + struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
1594 +- int ret;
1595 +
1596 +- ret = ipv6_stub->ipv6_dst_lookup(dev_net(mirred_dev), NULL, &dst,
1597 +- fl6);
1598 +- if (ret < 0)
1599 +- return ret;
1600 ++ dst = ipv6_stub->ipv6_dst_lookup_flow(dev_net(mirred_dev), NULL, fl6,
1601 ++ NULL);
1602 ++ if (IS_ERR(dst))
1603 ++ return PTR_ERR(dst);
1604 +
1605 + if (!(*out_ttl))
1606 + *out_ttl = ip6_dst_hoplimit(dst);
1607 +@@ -2428,7 +2427,7 @@ static int mlx5e_create_encap_header_ipv6(struct mlx5e_priv *priv,
1608 + int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);
1609 + int ipv6_encap_size = ETH_HLEN + sizeof(struct ipv6hdr) + VXLAN_HLEN;
1610 + struct ip_tunnel_key *tun_key = &e->tun_info.key;
1611 +- struct net_device *out_dev;
1612 ++ struct net_device *out_dev = NULL;
1613 + struct neighbour *n = NULL;
1614 + struct flowi6 fl6 = {};
1615 + u8 nud_state, tos, ttl;
1616 +diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
1617 +index c51b2adfc1e1..2cbfa5cfefab 100644
1618 +--- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
1619 ++++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c
1620 +@@ -316,7 +316,7 @@ struct mlxsw_afa_block *mlxsw_afa_block_create(struct mlxsw_afa *mlxsw_afa)
1621 +
1622 + block = kzalloc(sizeof(*block), GFP_KERNEL);
1623 + if (!block)
1624 +- return NULL;
1625 ++ return ERR_PTR(-ENOMEM);
1626 + INIT_LIST_HEAD(&block->resource_list);
1627 + block->afa = mlxsw_afa;
1628 +
1629 +@@ -344,7 +344,7 @@ err_second_set_create:
1630 + mlxsw_afa_set_destroy(block->first_set);
1631 + err_first_set_create:
1632 + kfree(block);
1633 +- return NULL;
1634 ++ return ERR_PTR(-ENOMEM);
1635 + }
1636 + EXPORT_SYMBOL(mlxsw_afa_block_create);
1637 +
1638 +diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum2_acl_tcam.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum2_acl_tcam.c
1639 +index 8ca77f3e8f27..ffd4b055fead 100644
1640 +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum2_acl_tcam.c
1641 ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum2_acl_tcam.c
1642 +@@ -88,8 +88,8 @@ static int mlxsw_sp2_acl_tcam_init(struct mlxsw_sp *mlxsw_sp, void *priv,
1643 + * to be written using PEFA register to all indexes for all regions.
1644 + */
1645 + afa_block = mlxsw_afa_block_create(mlxsw_sp->afa);
1646 +- if (!afa_block) {
1647 +- err = -ENOMEM;
1648 ++ if (IS_ERR(afa_block)) {
1649 ++ err = PTR_ERR(afa_block);
1650 + goto err_afa_block;
1651 + }
1652 + err = mlxsw_afa_block_continue(afa_block);
1653 +diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c
1654 +index c4f9238591e6..c99f5542da1e 100644
1655 +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c
1656 ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c
1657 +@@ -442,7 +442,8 @@ mlxsw_sp_acl_rulei_create(struct mlxsw_sp_acl *acl)
1658 +
1659 + rulei = kzalloc(sizeof(*rulei), GFP_KERNEL);
1660 + if (!rulei)
1661 +- return NULL;
1662 ++ return ERR_PTR(-ENOMEM);
1663 ++
1664 + rulei->act_block = mlxsw_afa_block_create(acl->mlxsw_sp->afa);
1665 + if (IS_ERR(rulei->act_block)) {
1666 + err = PTR_ERR(rulei->act_block);
1667 +diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr_tcam.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr_tcam.c
1668 +index 346f4a5fe053..221aa6a474eb 100644
1669 +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr_tcam.c
1670 ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr_tcam.c
1671 +@@ -199,8 +199,8 @@ mlxsw_sp_mr_tcam_afa_block_create(struct mlxsw_sp *mlxsw_sp,
1672 + int err;
1673 +
1674 + afa_block = mlxsw_afa_block_create(mlxsw_sp->afa);
1675 +- if (!afa_block)
1676 +- return ERR_PTR(-ENOMEM);
1677 ++ if (IS_ERR(afa_block))
1678 ++ return afa_block;
1679 +
1680 + err = mlxsw_afa_block_append_allocated_counter(afa_block,
1681 + counter_index);
1682 +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
1683 +index 0a17535f13ae..03bda2e0b7a8 100644
1684 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
1685 ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
1686 +@@ -125,6 +125,7 @@ static int meson8b_init_rgmii_tx_clk(struct meson8b_dwmac *dwmac)
1687 + { .div = 5, .val = 5, },
1688 + { .div = 6, .val = 6, },
1689 + { .div = 7, .val = 7, },
1690 ++ { /* end of array */ }
1691 + };
1692 +
1693 + clk_configs = devm_kzalloc(dev, sizeof(*clk_configs), GFP_KERNEL);
1694 +diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
1695 +index ff83408733d4..36444de701cd 100644
1696 +--- a/drivers/net/geneve.c
1697 ++++ b/drivers/net/geneve.c
1698 +@@ -801,7 +801,9 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
1699 + if (dst)
1700 + return dst;
1701 + }
1702 +- if (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, &dst, fl6)) {
1703 ++ dst = ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, fl6,
1704 ++ NULL);
1705 ++ if (IS_ERR(dst)) {
1706 + netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr);
1707 + return ERR_PTR(-ENETUNREACH);
1708 + }
1709 +diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
1710 +index df7d6de7c59c..9e2612562981 100644
1711 +--- a/drivers/net/macsec.c
1712 ++++ b/drivers/net/macsec.c
1713 +@@ -3238,11 +3238,11 @@ static int macsec_newlink(struct net *net, struct net_device *dev,
1714 + struct netlink_ext_ack *extack)
1715 + {
1716 + struct macsec_dev *macsec = macsec_priv(dev);
1717 ++ rx_handler_func_t *rx_handler;
1718 ++ u8 icv_len = DEFAULT_ICV_LEN;
1719 + struct net_device *real_dev;
1720 +- int err;
1721 ++ int err, mtu;
1722 + sci_t sci;
1723 +- u8 icv_len = DEFAULT_ICV_LEN;
1724 +- rx_handler_func_t *rx_handler;
1725 +
1726 + if (!tb[IFLA_LINK])
1727 + return -EINVAL;
1728 +@@ -3258,7 +3258,11 @@ static int macsec_newlink(struct net *net, struct net_device *dev,
1729 +
1730 + if (data && data[IFLA_MACSEC_ICV_LEN])
1731 + icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]);
1732 +- dev->mtu = real_dev->mtu - icv_len - macsec_extra_len(true);
1733 ++ mtu = real_dev->mtu - icv_len - macsec_extra_len(true);
1734 ++ if (mtu < 0)
1735 ++ dev->mtu = 0;
1736 ++ else
1737 ++ dev->mtu = mtu;
1738 +
1739 + rx_handler = rtnl_dereference(real_dev->rx_handler);
1740 + if (rx_handler && rx_handler != macsec_handle_frame)
1741 +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
1742 +index a8f338dc0dfa..225bfc808112 100644
1743 +--- a/drivers/net/macvlan.c
1744 ++++ b/drivers/net/macvlan.c
1745 +@@ -1676,7 +1676,7 @@ static int macvlan_device_event(struct notifier_block *unused,
1746 + struct macvlan_dev,
1747 + list);
1748 +
1749 +- if (macvlan_sync_address(vlan->dev, dev->dev_addr))
1750 ++ if (vlan && macvlan_sync_address(vlan->dev, dev->dev_addr))
1751 + return NOTIFY_BAD;
1752 +
1753 + break;
1754 +diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
1755 +index 95524c06e64c..53d9562a8818 100644
1756 +--- a/drivers/net/team/team.c
1757 ++++ b/drivers/net/team/team.c
1758 +@@ -475,6 +475,9 @@ static const struct team_mode *team_mode_get(const char *kind)
1759 + struct team_mode_item *mitem;
1760 + const struct team_mode *mode = NULL;
1761 +
1762 ++ if (!try_module_get(THIS_MODULE))
1763 ++ return NULL;
1764 ++
1765 + spin_lock(&mode_list_lock);
1766 + mitem = __find_mode(kind);
1767 + if (!mitem) {
1768 +@@ -490,6 +493,7 @@ static const struct team_mode *team_mode_get(const char *kind)
1769 + }
1770 +
1771 + spin_unlock(&mode_list_lock);
1772 ++ module_put(THIS_MODULE);
1773 + return mode;
1774 + }
1775 +
1776 +diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
1777 +index 9f895083bc0a..b55eeb8f8fa3 100644
1778 +--- a/drivers/net/vrf.c
1779 ++++ b/drivers/net/vrf.c
1780 +@@ -192,8 +192,8 @@ static netdev_tx_t vrf_process_v6_outbound(struct sk_buff *skb,
1781 + fl6.flowi6_proto = iph->nexthdr;
1782 + fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF;
1783 +
1784 +- dst = ip6_route_output(net, NULL, &fl6);
1785 +- if (dst == dst_null)
1786 ++ dst = ip6_dst_lookup_flow(net, NULL, &fl6, NULL);
1787 ++ if (IS_ERR(dst) || dst == dst_null)
1788 + goto err;
1789 +
1790 + skb_dst_drop(skb);
1791 +@@ -478,7 +478,8 @@ static struct sk_buff *vrf_ip6_out(struct net_device *vrf_dev,
1792 + if (rt6_need_strict(&ipv6_hdr(skb)->daddr))
1793 + return skb;
1794 +
1795 +- if (qdisc_tx_is_default(vrf_dev))
1796 ++ if (qdisc_tx_is_default(vrf_dev) ||
1797 ++ IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
1798 + return vrf_ip6_out_direct(vrf_dev, sk, skb);
1799 +
1800 + return vrf_ip6_out_redirect(vrf_dev, skb);
1801 +@@ -692,7 +693,8 @@ static struct sk_buff *vrf_ip_out(struct net_device *vrf_dev,
1802 + ipv4_is_lbcast(ip_hdr(skb)->daddr))
1803 + return skb;
1804 +
1805 +- if (qdisc_tx_is_default(vrf_dev))
1806 ++ if (qdisc_tx_is_default(vrf_dev) ||
1807 ++ IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
1808 + return vrf_ip_out_direct(vrf_dev, sk, skb);
1809 +
1810 + return vrf_ip_out_redirect(vrf_dev, skb);
1811 +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
1812 +index 64751b089482..7ee0bad18466 100644
1813 +--- a/drivers/net/vxlan.c
1814 ++++ b/drivers/net/vxlan.c
1815 +@@ -1963,7 +1963,6 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
1816 + bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
1817 + struct dst_entry *ndst;
1818 + struct flowi6 fl6;
1819 +- int err;
1820 +
1821 + if (!sock6)
1822 + return ERR_PTR(-EIO);
1823 +@@ -1986,10 +1985,9 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
1824 + fl6.fl6_dport = dport;
1825 + fl6.fl6_sport = sport;
1826 +
1827 +- err = ipv6_stub->ipv6_dst_lookup(vxlan->net,
1828 +- sock6->sock->sk,
1829 +- &ndst, &fl6);
1830 +- if (unlikely(err < 0)) {
1831 ++ ndst = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk,
1832 ++ &fl6, NULL);
1833 ++ if (unlikely(IS_ERR(ndst))) {
1834 + netdev_dbg(dev, "no route to %pI6\n", daddr);
1835 + return ERR_PTR(-ENETUNREACH);
1836 + }
1837 +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c
1838 +index e6a67bc02209..bdb87d8e9644 100644
1839 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c
1840 ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c
1841 +@@ -587,6 +587,7 @@ void iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct napi_struct *napi,
1842 +
1843 + struct iwl_mvm_stat_data {
1844 + struct iwl_mvm *mvm;
1845 ++ __le32 flags;
1846 + __le32 mac_id;
1847 + u8 beacon_filter_average_energy;
1848 + void *general;
1849 +@@ -630,6 +631,13 @@ static void iwl_mvm_stat_iterator(void *_data, u8 *mac,
1850 + }
1851 + }
1852 +
1853 ++ /* make sure that beacon statistics don't go backwards with TCM
1854 ++ * request to clear statistics
1855 ++ */
1856 ++ if (le32_to_cpu(data->flags) & IWL_STATISTICS_REPLY_FLG_CLEAR)
1857 ++ mvmvif->beacon_stats.accu_num_beacons +=
1858 ++ mvmvif->beacon_stats.num_beacons;
1859 ++
1860 + if (mvmvif->id != id)
1861 + return;
1862 +
1863 +@@ -790,6 +798,7 @@ void iwl_mvm_handle_rx_statistics(struct iwl_mvm *mvm,
1864 +
1865 + flags = stats->flag;
1866 + }
1867 ++ data.flags = flags;
1868 +
1869 + iwl_mvm_rx_stats_check_trigger(mvm, pkt);
1870 +
1871 +diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
1872 +index 7b1dff92b709..93f396d7e684 100644
1873 +--- a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
1874 ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
1875 +@@ -1231,6 +1231,9 @@ void iwl_trans_pcie_dyn_txq_free(struct iwl_trans *trans, int queue)
1876 +
1877 + iwl_pcie_gen2_txq_unmap(trans, queue);
1878 +
1879 ++ iwl_pcie_gen2_txq_free_memory(trans, trans_pcie->txq[queue]);
1880 ++ trans_pcie->txq[queue] = NULL;
1881 ++
1882 + IWL_DEBUG_TX_QUEUES(trans, "Deactivate queue %d\n", queue);
1883 + }
1884 +
1885 +diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
1886 +index e8bc25aed44c..588864beabd8 100644
1887 +--- a/drivers/nvme/host/multipath.c
1888 ++++ b/drivers/nvme/host/multipath.c
1889 +@@ -402,7 +402,7 @@ static int nvme_update_ana_state(struct nvme_ctrl *ctrl,
1890 + if (!nr_nsids)
1891 + return 0;
1892 +
1893 +- down_write(&ctrl->namespaces_rwsem);
1894 ++ down_read(&ctrl->namespaces_rwsem);
1895 + list_for_each_entry(ns, &ctrl->namespaces, list) {
1896 + unsigned nsid = le32_to_cpu(desc->nsids[n]);
1897 +
1898 +@@ -413,7 +413,7 @@ static int nvme_update_ana_state(struct nvme_ctrl *ctrl,
1899 + if (++n == nr_nsids)
1900 + break;
1901 + }
1902 +- up_write(&ctrl->namespaces_rwsem);
1903 ++ up_read(&ctrl->namespaces_rwsem);
1904 + return 0;
1905 + }
1906 +
1907 +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
1908 +index af79a7168677..db2efa219028 100644
1909 +--- a/drivers/pci/pcie/aspm.c
1910 ++++ b/drivers/pci/pcie/aspm.c
1911 +@@ -67,6 +67,7 @@ struct pcie_link_state {
1912 + u32 clkpm_capable:1; /* Clock PM capable? */
1913 + u32 clkpm_enabled:1; /* Current Clock PM state */
1914 + u32 clkpm_default:1; /* Default Clock PM state by BIOS */
1915 ++ u32 clkpm_disable:1; /* Clock PM disabled */
1916 +
1917 + /* Exit latencies */
1918 + struct aspm_latency latency_up; /* Upstream direction exit latency */
1919 +@@ -164,8 +165,11 @@ static void pcie_set_clkpm_nocheck(struct pcie_link_state *link, int enable)
1920 +
1921 + static void pcie_set_clkpm(struct pcie_link_state *link, int enable)
1922 + {
1923 +- /* Don't enable Clock PM if the link is not Clock PM capable */
1924 +- if (!link->clkpm_capable)
1925 ++ /*
1926 ++ * Don't enable Clock PM if the link is not Clock PM capable
1927 ++ * or Clock PM is disabled
1928 ++ */
1929 ++ if (!link->clkpm_capable || link->clkpm_disable)
1930 + enable = 0;
1931 + /* Need nothing if the specified equals to current state */
1932 + if (link->clkpm_enabled == enable)
1933 +@@ -195,7 +199,8 @@ static void pcie_clkpm_cap_init(struct pcie_link_state *link, int blacklist)
1934 + }
1935 + link->clkpm_enabled = enabled;
1936 + link->clkpm_default = enabled;
1937 +- link->clkpm_capable = (blacklist) ? 0 : capable;
1938 ++ link->clkpm_capable = capable;
1939 ++ link->clkpm_disable = blacklist ? 1 : 0;
1940 + }
1941 +
1942 + static bool pcie_retrain_link(struct pcie_link_state *link)
1943 +@@ -1106,10 +1111,9 @@ static void __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem)
1944 + link->aspm_disable |= ASPM_STATE_L1;
1945 + pcie_config_aspm_link(link, policy_to_aspm_state(link));
1946 +
1947 +- if (state & PCIE_LINK_STATE_CLKPM) {
1948 +- link->clkpm_capable = 0;
1949 +- pcie_set_clkpm(link, 0);
1950 +- }
1951 ++ if (state & PCIE_LINK_STATE_CLKPM)
1952 ++ link->clkpm_disable = 1;
1953 ++ pcie_set_clkpm(link, policy_to_clkpm_state(link));
1954 + mutex_unlock(&aspm_lock);
1955 + if (sem)
1956 + up_read(&pci_bus_sem);
1957 +diff --git a/drivers/pwm/pwm-bcm2835.c b/drivers/pwm/pwm-bcm2835.c
1958 +index db001cba937f..e340ad79a1ec 100644
1959 +--- a/drivers/pwm/pwm-bcm2835.c
1960 ++++ b/drivers/pwm/pwm-bcm2835.c
1961 +@@ -166,6 +166,7 @@ static int bcm2835_pwm_probe(struct platform_device *pdev)
1962 +
1963 + pc->chip.dev = &pdev->dev;
1964 + pc->chip.ops = &bcm2835_pwm_ops;
1965 ++ pc->chip.base = -1;
1966 + pc->chip.npwm = 2;
1967 + pc->chip.of_xlate = of_pwm_xlate_with_flags;
1968 + pc->chip.of_pwm_n_cells = 3;
1969 +diff --git a/drivers/pwm/pwm-rcar.c b/drivers/pwm/pwm-rcar.c
1970 +index 748f614d5375..b7d71bf297d6 100644
1971 +--- a/drivers/pwm/pwm-rcar.c
1972 ++++ b/drivers/pwm/pwm-rcar.c
1973 +@@ -232,24 +232,28 @@ static int rcar_pwm_probe(struct platform_device *pdev)
1974 + rcar_pwm->chip.base = -1;
1975 + rcar_pwm->chip.npwm = 1;
1976 +
1977 ++ pm_runtime_enable(&pdev->dev);
1978 ++
1979 + ret = pwmchip_add(&rcar_pwm->chip);
1980 + if (ret < 0) {
1981 + dev_err(&pdev->dev, "failed to register PWM chip: %d\n", ret);
1982 ++ pm_runtime_disable(&pdev->dev);
1983 + return ret;
1984 + }
1985 +
1986 +- pm_runtime_enable(&pdev->dev);
1987 +-
1988 + return 0;
1989 + }
1990 +
1991 + static int rcar_pwm_remove(struct platform_device *pdev)
1992 + {
1993 + struct rcar_pwm_chip *rcar_pwm = platform_get_drvdata(pdev);
1994 ++ int ret;
1995 ++
1996 ++ ret = pwmchip_remove(&rcar_pwm->chip);
1997 +
1998 + pm_runtime_disable(&pdev->dev);
1999 +
2000 +- return pwmchip_remove(&rcar_pwm->chip);
2001 ++ return ret;
2002 + }
2003 +
2004 + static const struct of_device_id rcar_pwm_of_table[] = {
2005 +diff --git a/drivers/pwm/pwm-renesas-tpu.c b/drivers/pwm/pwm-renesas-tpu.c
2006 +index 29267d12fb4c..9c7962f2f0aa 100644
2007 +--- a/drivers/pwm/pwm-renesas-tpu.c
2008 ++++ b/drivers/pwm/pwm-renesas-tpu.c
2009 +@@ -423,16 +423,17 @@ static int tpu_probe(struct platform_device *pdev)
2010 + tpu->chip.base = -1;
2011 + tpu->chip.npwm = TPU_CHANNEL_MAX;
2012 +
2013 ++ pm_runtime_enable(&pdev->dev);
2014 ++
2015 + ret = pwmchip_add(&tpu->chip);
2016 + if (ret < 0) {
2017 + dev_err(&pdev->dev, "failed to register PWM chip\n");
2018 ++ pm_runtime_disable(&pdev->dev);
2019 + return ret;
2020 + }
2021 +
2022 + dev_info(&pdev->dev, "TPU PWM %d registered\n", tpu->pdev->id);
2023 +
2024 +- pm_runtime_enable(&pdev->dev);
2025 +-
2026 + return 0;
2027 + }
2028 +
2029 +@@ -442,12 +443,10 @@ static int tpu_remove(struct platform_device *pdev)
2030 + int ret;
2031 +
2032 + ret = pwmchip_remove(&tpu->chip);
2033 +- if (ret)
2034 +- return ret;
2035 +
2036 + pm_runtime_disable(&pdev->dev);
2037 +
2038 +- return 0;
2039 ++ return ret;
2040 + }
2041 +
2042 + #ifdef CONFIG_OF
2043 +diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c
2044 +index 1540229a37bb..c9bc9a6bd73b 100644
2045 +--- a/drivers/s390/cio/device.c
2046 ++++ b/drivers/s390/cio/device.c
2047 +@@ -827,8 +827,10 @@ static void io_subchannel_register(struct ccw_device *cdev)
2048 + * Now we know this subchannel will stay, we can throw
2049 + * our delayed uevent.
2050 + */
2051 +- dev_set_uevent_suppress(&sch->dev, 0);
2052 +- kobject_uevent(&sch->dev.kobj, KOBJ_ADD);
2053 ++ if (dev_get_uevent_suppress(&sch->dev)) {
2054 ++ dev_set_uevent_suppress(&sch->dev, 0);
2055 ++ kobject_uevent(&sch->dev.kobj, KOBJ_ADD);
2056 ++ }
2057 + /* make it known to the system */
2058 + ret = ccw_device_add(cdev);
2059 + if (ret) {
2060 +@@ -1036,8 +1038,11 @@ static int io_subchannel_probe(struct subchannel *sch)
2061 + * Throw the delayed uevent for the subchannel, register
2062 + * the ccw_device and exit.
2063 + */
2064 +- dev_set_uevent_suppress(&sch->dev, 0);
2065 +- kobject_uevent(&sch->dev.kobj, KOBJ_ADD);
2066 ++ if (dev_get_uevent_suppress(&sch->dev)) {
2067 ++ /* should always be the case for the console */
2068 ++ dev_set_uevent_suppress(&sch->dev, 0);
2069 ++ kobject_uevent(&sch->dev.kobj, KOBJ_ADD);
2070 ++ }
2071 + cdev = sch_get_cdev(sch);
2072 + rc = ccw_device_add(cdev);
2073 + if (rc) {
2074 +diff --git a/drivers/scsi/lpfc/lpfc_nvme.c b/drivers/scsi/lpfc/lpfc_nvme.c
2075 +index f73726e55e44..e3013858937b 100644
2076 +--- a/drivers/scsi/lpfc/lpfc_nvme.c
2077 ++++ b/drivers/scsi/lpfc/lpfc_nvme.c
2078 +@@ -342,13 +342,15 @@ lpfc_nvme_remoteport_delete(struct nvme_fc_remote_port *remoteport)
2079 + if (ndlp->upcall_flags & NLP_WAIT_FOR_UNREG) {
2080 + ndlp->nrport = NULL;
2081 + ndlp->upcall_flags &= ~NLP_WAIT_FOR_UNREG;
2082 +- }
2083 +- spin_unlock_irq(&vport->phba->hbalock);
2084 ++ spin_unlock_irq(&vport->phba->hbalock);
2085 +
2086 +- /* Remove original register reference. The host transport
2087 +- * won't reference this rport/remoteport any further.
2088 +- */
2089 +- lpfc_nlp_put(ndlp);
2090 ++ /* Remove original register reference. The host transport
2091 ++ * won't reference this rport/remoteport any further.
2092 ++ */
2093 ++ lpfc_nlp_put(ndlp);
2094 ++ } else {
2095 ++ spin_unlock_irq(&vport->phba->hbalock);
2096 ++ }
2097 +
2098 + rport_err:
2099 + return;
2100 +diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
2101 +index a801917d3c19..a56a939792ac 100644
2102 +--- a/drivers/scsi/lpfc/lpfc_sli.c
2103 ++++ b/drivers/scsi/lpfc/lpfc_sli.c
2104 +@@ -2472,6 +2472,8 @@ lpfc_sli_def_mbox_cmpl(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb)
2105 + !pmb->u.mb.mbxStatus) {
2106 + rpi = pmb->u.mb.un.varWords[0];
2107 + vpi = pmb->u.mb.un.varRegLogin.vpi;
2108 ++ if (phba->sli_rev == LPFC_SLI_REV4)
2109 ++ vpi -= phba->sli4_hba.max_cfg_param.vpi_base;
2110 + lpfc_unreg_login(phba, vpi, rpi, pmb);
2111 + pmb->vport = vport;
2112 + pmb->mbox_cmpl = lpfc_sli_def_mbox_cmpl;
2113 +diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
2114 +index c0fb9e789080..04d095488c76 100644
2115 +--- a/drivers/scsi/scsi_transport_iscsi.c
2116 ++++ b/drivers/scsi/scsi_transport_iscsi.c
2117 +@@ -2010,7 +2010,7 @@ static void __iscsi_unbind_session(struct work_struct *work)
2118 + if (session->target_id == ISCSI_MAX_TARGET) {
2119 + spin_unlock_irqrestore(&session->lock, flags);
2120 + mutex_unlock(&ihost->mutex);
2121 +- return;
2122 ++ goto unbind_session_exit;
2123 + }
2124 +
2125 + target_id = session->target_id;
2126 +@@ -2022,6 +2022,8 @@ static void __iscsi_unbind_session(struct work_struct *work)
2127 + ida_simple_remove(&iscsi_sess_ida, target_id);
2128 +
2129 + scsi_remove_target(&session->dev);
2130 ++
2131 ++unbind_session_exit:
2132 + iscsi_session_event(session, ISCSI_KEVENT_UNBIND_SESSION);
2133 + ISCSI_DBG_TRANS_SESSION(session, "Completed target removal\n");
2134 + }
2135 +diff --git a/drivers/scsi/smartpqi/smartpqi_sas_transport.c b/drivers/scsi/smartpqi/smartpqi_sas_transport.c
2136 +index b209a35e482e..01dfb97b0778 100644
2137 +--- a/drivers/scsi/smartpqi/smartpqi_sas_transport.c
2138 ++++ b/drivers/scsi/smartpqi/smartpqi_sas_transport.c
2139 +@@ -50,9 +50,9 @@ static void pqi_free_sas_phy(struct pqi_sas_phy *pqi_sas_phy)
2140 + struct sas_phy *phy = pqi_sas_phy->phy;
2141 +
2142 + sas_port_delete_phy(pqi_sas_phy->parent_port->port, phy);
2143 +- sas_phy_free(phy);
2144 + if (pqi_sas_phy->added_to_port)
2145 + list_del(&pqi_sas_phy->phy_list_entry);
2146 ++ sas_phy_delete(phy);
2147 + kfree(pqi_sas_phy);
2148 + }
2149 +
2150 +diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
2151 +index e18b61cdbdeb..636988248da2 100644
2152 +--- a/drivers/staging/comedi/comedi_fops.c
2153 ++++ b/drivers/staging/comedi/comedi_fops.c
2154 +@@ -2594,8 +2594,10 @@ static int comedi_open(struct inode *inode, struct file *file)
2155 + }
2156 +
2157 + cfp = kzalloc(sizeof(*cfp), GFP_KERNEL);
2158 +- if (!cfp)
2159 ++ if (!cfp) {
2160 ++ comedi_dev_put(dev);
2161 + return -ENOMEM;
2162 ++ }
2163 +
2164 + cfp->dev = dev;
2165 +
2166 +diff --git a/drivers/staging/comedi/drivers/dt2815.c b/drivers/staging/comedi/drivers/dt2815.c
2167 +index 83026ba63d1c..78a7c1b3448a 100644
2168 +--- a/drivers/staging/comedi/drivers/dt2815.c
2169 ++++ b/drivers/staging/comedi/drivers/dt2815.c
2170 +@@ -92,6 +92,7 @@ static int dt2815_ao_insn(struct comedi_device *dev, struct comedi_subdevice *s,
2171 + int ret;
2172 +
2173 + for (i = 0; i < insn->n; i++) {
2174 ++ /* FIXME: lo bit 0 chooses voltage output or current output */
2175 + lo = ((data[i] & 0x0f) << 4) | (chan << 1) | 0x01;
2176 + hi = (data[i] & 0xff0) >> 4;
2177 +
2178 +@@ -105,6 +106,8 @@ static int dt2815_ao_insn(struct comedi_device *dev, struct comedi_subdevice *s,
2179 + if (ret)
2180 + return ret;
2181 +
2182 ++ outb(hi, dev->iobase + DT2815_DATA);
2183 ++
2184 + devpriv->ao_readback[chan] = data[i];
2185 + }
2186 + return i;
2187 +diff --git a/drivers/staging/vt6656/int.c b/drivers/staging/vt6656/int.c
2188 +index af0060c74530..43f461f75b97 100644
2189 +--- a/drivers/staging/vt6656/int.c
2190 ++++ b/drivers/staging/vt6656/int.c
2191 +@@ -143,7 +143,8 @@ void vnt_int_process_data(struct vnt_private *priv)
2192 + priv->wake_up_count =
2193 + priv->hw->conf.listen_interval;
2194 +
2195 +- --priv->wake_up_count;
2196 ++ if (priv->wake_up_count)
2197 ++ --priv->wake_up_count;
2198 +
2199 + /* Turn on wake up to listen next beacon */
2200 + if (priv->wake_up_count == 1)
2201 +diff --git a/drivers/staging/vt6656/key.c b/drivers/staging/vt6656/key.c
2202 +index 91dede54cc1f..be8dbf6c2c2f 100644
2203 +--- a/drivers/staging/vt6656/key.c
2204 ++++ b/drivers/staging/vt6656/key.c
2205 +@@ -81,9 +81,6 @@ static int vnt_set_keymode(struct ieee80211_hw *hw, u8 *mac_addr,
2206 + case VNT_KEY_PAIRWISE:
2207 + key_mode |= mode;
2208 + key_inx = 4;
2209 +- /* Don't save entry for pairwise key for station mode */
2210 +- if (priv->op_mode == NL80211_IFTYPE_STATION)
2211 +- clear_bit(entry, &priv->key_entry_inuse);
2212 + break;
2213 + default:
2214 + return -EINVAL;
2215 +@@ -107,7 +104,6 @@ static int vnt_set_keymode(struct ieee80211_hw *hw, u8 *mac_addr,
2216 + int vnt_set_keys(struct ieee80211_hw *hw, struct ieee80211_sta *sta,
2217 + struct ieee80211_vif *vif, struct ieee80211_key_conf *key)
2218 + {
2219 +- struct ieee80211_bss_conf *conf = &vif->bss_conf;
2220 + struct vnt_private *priv = hw->priv;
2221 + u8 *mac_addr = NULL;
2222 + u8 key_dec_mode = 0;
2223 +@@ -149,16 +145,12 @@ int vnt_set_keys(struct ieee80211_hw *hw, struct ieee80211_sta *sta,
2224 + key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
2225 + }
2226 +
2227 +- if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
2228 ++ if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
2229 + vnt_set_keymode(hw, mac_addr, key, VNT_KEY_PAIRWISE,
2230 + key_dec_mode, true);
2231 +- } else {
2232 +- vnt_set_keymode(hw, mac_addr, key, VNT_KEY_DEFAULTKEY,
2233 ++ else
2234 ++ vnt_set_keymode(hw, mac_addr, key, VNT_KEY_GROUP_ADDRESS,
2235 + key_dec_mode, true);
2236 +
2237 +- vnt_set_keymode(hw, (u8 *)conf->bssid, key,
2238 +- VNT_KEY_GROUP_ADDRESS, key_dec_mode, true);
2239 +- }
2240 +-
2241 + return 0;
2242 + }
2243 +diff --git a/drivers/staging/vt6656/main_usb.c b/drivers/staging/vt6656/main_usb.c
2244 +index 36562ac94c1f..586a3d331511 100644
2245 +--- a/drivers/staging/vt6656/main_usb.c
2246 ++++ b/drivers/staging/vt6656/main_usb.c
2247 +@@ -595,8 +595,6 @@ static int vnt_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
2248 +
2249 + priv->op_mode = vif->type;
2250 +
2251 +- vnt_set_bss_mode(priv);
2252 +-
2253 + /* LED blink on TX */
2254 + vnt_mac_set_led(priv, LEDSTS_STS, LEDSTS_INTER);
2255 +
2256 +@@ -683,7 +681,6 @@ static void vnt_bss_info_changed(struct ieee80211_hw *hw,
2257 + priv->basic_rates = conf->basic_rates;
2258 +
2259 + vnt_update_top_rates(priv);
2260 +- vnt_set_bss_mode(priv);
2261 +
2262 + dev_dbg(&priv->usb->dev, "basic rates %x\n", conf->basic_rates);
2263 + }
2264 +@@ -712,11 +709,14 @@ static void vnt_bss_info_changed(struct ieee80211_hw *hw,
2265 + priv->short_slot_time = false;
2266 +
2267 + vnt_set_short_slot_time(priv);
2268 +- vnt_update_ifs(priv);
2269 + vnt_set_vga_gain_offset(priv, priv->bb_vga[0]);
2270 + vnt_update_pre_ed_threshold(priv, false);
2271 + }
2272 +
2273 ++ if (changed & (BSS_CHANGED_BASIC_RATES | BSS_CHANGED_ERP_PREAMBLE |
2274 ++ BSS_CHANGED_ERP_SLOT))
2275 ++ vnt_set_bss_mode(priv);
2276 ++
2277 + if (changed & BSS_CHANGED_TXPOWER)
2278 + vnt_rf_setpower(priv, priv->current_rate,
2279 + conf->chandef.chan->hw_value);
2280 +@@ -740,12 +740,15 @@ static void vnt_bss_info_changed(struct ieee80211_hw *hw,
2281 + vnt_mac_reg_bits_on(priv, MAC_REG_TFTCTL,
2282 + TFTCTL_TSFCNTREN);
2283 +
2284 +- vnt_adjust_tsf(priv, conf->beacon_rate->hw_value,
2285 +- conf->sync_tsf, priv->current_tsf);
2286 +-
2287 + vnt_mac_set_beacon_interval(priv, conf->beacon_int);
2288 +
2289 + vnt_reset_next_tbtt(priv, conf->beacon_int);
2290 ++
2291 ++ vnt_adjust_tsf(priv, conf->beacon_rate->hw_value,
2292 ++ conf->sync_tsf, priv->current_tsf);
2293 ++
2294 ++ vnt_update_next_tbtt(priv,
2295 ++ conf->sync_tsf, conf->beacon_int);
2296 + } else {
2297 + vnt_clear_current_tsf(priv);
2298 +
2299 +@@ -780,15 +783,11 @@ static void vnt_configure(struct ieee80211_hw *hw,
2300 + {
2301 + struct vnt_private *priv = hw->priv;
2302 + u8 rx_mode = 0;
2303 +- int rc;
2304 +
2305 + *total_flags &= FIF_ALLMULTI | FIF_OTHER_BSS | FIF_BCN_PRBRESP_PROMISC;
2306 +
2307 +- rc = vnt_control_in(priv, MESSAGE_TYPE_READ, MAC_REG_RCR,
2308 +- MESSAGE_REQUEST_MACREG, sizeof(u8), &rx_mode);
2309 +-
2310 +- if (!rc)
2311 +- rx_mode = RCR_MULTICAST | RCR_BROADCAST;
2312 ++ vnt_control_in(priv, MESSAGE_TYPE_READ, MAC_REG_RCR,
2313 ++ MESSAGE_REQUEST_MACREG, sizeof(u8), &rx_mode);
2314 +
2315 + dev_dbg(&priv->usb->dev, "rx mode in = %x\n", rx_mode);
2316 +
2317 +@@ -829,8 +828,12 @@ static int vnt_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
2318 + return -EOPNOTSUPP;
2319 + break;
2320 + case DISABLE_KEY:
2321 +- if (test_bit(key->hw_key_idx, &priv->key_entry_inuse))
2322 ++ if (test_bit(key->hw_key_idx, &priv->key_entry_inuse)) {
2323 + clear_bit(key->hw_key_idx, &priv->key_entry_inuse);
2324 ++
2325 ++ vnt_mac_disable_keyentry(priv, key->hw_key_idx);
2326 ++ }
2327 ++
2328 + default:
2329 + break;
2330 + }
2331 +diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c
2332 +index 27284a2dcd2b..436cc51c92c3 100644
2333 +--- a/drivers/tty/hvc/hvc_console.c
2334 ++++ b/drivers/tty/hvc/hvc_console.c
2335 +@@ -302,10 +302,6 @@ int hvc_instantiate(uint32_t vtermno, int index, const struct hv_ops *ops)
2336 + vtermnos[index] = vtermno;
2337 + cons_ops[index] = ops;
2338 +
2339 +- /* reserve all indices up to and including this index */
2340 +- if (last_hvc < index)
2341 +- last_hvc = index;
2342 +-
2343 + /* check if we need to re-register the kernel console */
2344 + hvc_check_console(index);
2345 +
2346 +@@ -960,13 +956,22 @@ struct hvc_struct *hvc_alloc(uint32_t vtermno, int data,
2347 + cons_ops[i] == hp->ops)
2348 + break;
2349 +
2350 +- /* no matching slot, just use a counter */
2351 +- if (i >= MAX_NR_HVC_CONSOLES)
2352 +- i = ++last_hvc;
2353 ++ if (i >= MAX_NR_HVC_CONSOLES) {
2354 ++
2355 ++ /* find 'empty' slot for console */
2356 ++ for (i = 0; i < MAX_NR_HVC_CONSOLES && vtermnos[i] != -1; i++) {
2357 ++ }
2358 ++
2359 ++ /* no matching slot, just use a counter */
2360 ++ if (i == MAX_NR_HVC_CONSOLES)
2361 ++ i = ++last_hvc + MAX_NR_HVC_CONSOLES;
2362 ++ }
2363 +
2364 + hp->index = i;
2365 +- cons_ops[i] = ops;
2366 +- vtermnos[i] = vtermno;
2367 ++ if (i < MAX_NR_HVC_CONSOLES) {
2368 ++ cons_ops[i] = ops;
2369 ++ vtermnos[i] = vtermno;
2370 ++ }
2371 +
2372 + list_add_tail(&(hp->next), &hvc_structs);
2373 + mutex_unlock(&hvc_structs_mutex);
2374 +diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
2375 +index 27aeca30eeae..6133830f52a3 100644
2376 +--- a/drivers/tty/rocket.c
2377 ++++ b/drivers/tty/rocket.c
2378 +@@ -632,18 +632,21 @@ init_r_port(int board, int aiop, int chan, struct pci_dev *pci_dev)
2379 + tty_port_init(&info->port);
2380 + info->port.ops = &rocket_port_ops;
2381 + info->flags &= ~ROCKET_MODE_MASK;
2382 +- switch (pc104[board][line]) {
2383 +- case 422:
2384 +- info->flags |= ROCKET_MODE_RS422;
2385 +- break;
2386 +- case 485:
2387 +- info->flags |= ROCKET_MODE_RS485;
2388 +- break;
2389 +- case 232:
2390 +- default:
2391 ++ if (board < ARRAY_SIZE(pc104) && line < ARRAY_SIZE(pc104_1))
2392 ++ switch (pc104[board][line]) {
2393 ++ case 422:
2394 ++ info->flags |= ROCKET_MODE_RS422;
2395 ++ break;
2396 ++ case 485:
2397 ++ info->flags |= ROCKET_MODE_RS485;
2398 ++ break;
2399 ++ case 232:
2400 ++ default:
2401 ++ info->flags |= ROCKET_MODE_RS232;
2402 ++ break;
2403 ++ }
2404 ++ else
2405 + info->flags |= ROCKET_MODE_RS232;
2406 +- break;
2407 +- }
2408 +
2409 + info->intmask = RXF_TRIG | TXFIFO_MT | SRC_INT | DELTA_CD | DELTA_CTS | DELTA_DSR;
2410 + if (sInitChan(ctlp, &info->channel, aiop, chan) == 0) {
2411 +diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
2412 +index 9e1a6af23ca2..8aaa7900927a 100644
2413 +--- a/drivers/tty/serial/sh-sci.c
2414 ++++ b/drivers/tty/serial/sh-sci.c
2415 +@@ -873,9 +873,16 @@ static void sci_receive_chars(struct uart_port *port)
2416 + tty_insert_flip_char(tport, c, TTY_NORMAL);
2417 + } else {
2418 + for (i = 0; i < count; i++) {
2419 +- char c = serial_port_in(port, SCxRDR);
2420 +-
2421 +- status = serial_port_in(port, SCxSR);
2422 ++ char c;
2423 ++
2424 ++ if (port->type == PORT_SCIF ||
2425 ++ port->type == PORT_HSCIF) {
2426 ++ status = serial_port_in(port, SCxSR);
2427 ++ c = serial_port_in(port, SCxRDR);
2428 ++ } else {
2429 ++ c = serial_port_in(port, SCxRDR);
2430 ++ status = serial_port_in(port, SCxSR);
2431 ++ }
2432 + if (uart_handle_sysrq_char(port, c)) {
2433 + count--; i--;
2434 + continue;
2435 +diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
2436 +index 36c6f1b98372..ca8c6ddc1ca8 100644
2437 +--- a/drivers/tty/vt/vt.c
2438 ++++ b/drivers/tty/vt/vt.c
2439 +@@ -81,6 +81,7 @@
2440 + #include <linux/errno.h>
2441 + #include <linux/kd.h>
2442 + #include <linux/slab.h>
2443 ++#include <linux/vmalloc.h>
2444 + #include <linux/major.h>
2445 + #include <linux/mm.h>
2446 + #include <linux/console.h>
2447 +@@ -350,7 +351,7 @@ static struct uni_screen *vc_uniscr_alloc(unsigned int cols, unsigned int rows)
2448 + /* allocate everything in one go */
2449 + memsize = cols * rows * sizeof(char32_t);
2450 + memsize += rows * sizeof(char32_t *);
2451 +- p = kmalloc(memsize, GFP_KERNEL);
2452 ++ p = vmalloc(memsize);
2453 + if (!p)
2454 + return NULL;
2455 +
2456 +@@ -366,7 +367,7 @@ static struct uni_screen *vc_uniscr_alloc(unsigned int cols, unsigned int rows)
2457 +
2458 + static void vc_uniscr_set(struct vc_data *vc, struct uni_screen *new_uniscr)
2459 + {
2460 +- kfree(vc->vc_uni_screen);
2461 ++ vfree(vc->vc_uni_screen);
2462 + vc->vc_uni_screen = new_uniscr;
2463 + }
2464 +
2465 +@@ -1209,7 +1210,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc,
2466 + if (new_cols == vc->vc_cols && new_rows == vc->vc_rows)
2467 + return 0;
2468 +
2469 +- if (new_screen_size > (4 << 20))
2470 ++ if (new_screen_size > KMALLOC_MAX_SIZE)
2471 + return -EINVAL;
2472 + newscreen = kzalloc(new_screen_size, GFP_USER);
2473 + if (!newscreen)
2474 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
2475 +index 6e0b41861735..10ba1b4f0dbf 100644
2476 +--- a/drivers/usb/class/cdc-acm.c
2477 ++++ b/drivers/usb/class/cdc-acm.c
2478 +@@ -412,9 +412,12 @@ static void acm_ctrl_irq(struct urb *urb)
2479 +
2480 + exit:
2481 + retval = usb_submit_urb(urb, GFP_ATOMIC);
2482 +- if (retval && retval != -EPERM)
2483 ++ if (retval && retval != -EPERM && retval != -ENODEV)
2484 + dev_err(&acm->control->dev,
2485 + "%s - usb_submit_urb failed: %d\n", __func__, retval);
2486 ++ else
2487 ++ dev_vdbg(&acm->control->dev,
2488 ++ "control resubmission terminated %d\n", retval);
2489 + }
2490 +
2491 + static int acm_submit_read_urb(struct acm *acm, int index, gfp_t mem_flags)
2492 +@@ -430,6 +433,8 @@ static int acm_submit_read_urb(struct acm *acm, int index, gfp_t mem_flags)
2493 + dev_err(&acm->data->dev,
2494 + "urb %d failed submission with %d\n",
2495 + index, res);
2496 ++ } else {
2497 ++ dev_vdbg(&acm->data->dev, "intended failure %d\n", res);
2498 + }
2499 + set_bit(index, &acm->read_urbs_free);
2500 + return res;
2501 +@@ -472,6 +477,7 @@ static void acm_read_bulk_callback(struct urb *urb)
2502 + int status = urb->status;
2503 + bool stopped = false;
2504 + bool stalled = false;
2505 ++ bool cooldown = false;
2506 +
2507 + dev_vdbg(&acm->data->dev, "got urb %d, len %d, status %d\n",
2508 + rb->index, urb->actual_length, status);
2509 +@@ -498,6 +504,14 @@ static void acm_read_bulk_callback(struct urb *urb)
2510 + __func__, status);
2511 + stopped = true;
2512 + break;
2513 ++ case -EOVERFLOW:
2514 ++ case -EPROTO:
2515 ++ dev_dbg(&acm->data->dev,
2516 ++ "%s - cooling babbling device\n", __func__);
2517 ++ usb_mark_last_busy(acm->dev);
2518 ++ set_bit(rb->index, &acm->urbs_in_error_delay);
2519 ++ cooldown = true;
2520 ++ break;
2521 + default:
2522 + dev_dbg(&acm->data->dev,
2523 + "%s - nonzero urb status received: %d\n",
2524 +@@ -519,9 +533,11 @@ static void acm_read_bulk_callback(struct urb *urb)
2525 + */
2526 + smp_mb__after_atomic();
2527 +
2528 +- if (stopped || stalled) {
2529 ++ if (stopped || stalled || cooldown) {
2530 + if (stalled)
2531 + schedule_work(&acm->work);
2532 ++ else if (cooldown)
2533 ++ schedule_delayed_work(&acm->dwork, HZ / 2);
2534 + return;
2535 + }
2536 +
2537 +@@ -563,14 +579,20 @@ static void acm_softint(struct work_struct *work)
2538 + struct acm *acm = container_of(work, struct acm, work);
2539 +
2540 + if (test_bit(EVENT_RX_STALL, &acm->flags)) {
2541 +- if (!(usb_autopm_get_interface(acm->data))) {
2542 ++ smp_mb(); /* against acm_suspend() */
2543 ++ if (!acm->susp_count) {
2544 + for (i = 0; i < acm->rx_buflimit; i++)
2545 + usb_kill_urb(acm->read_urbs[i]);
2546 + usb_clear_halt(acm->dev, acm->in);
2547 + acm_submit_read_urbs(acm, GFP_KERNEL);
2548 +- usb_autopm_put_interface(acm->data);
2549 ++ clear_bit(EVENT_RX_STALL, &acm->flags);
2550 + }
2551 +- clear_bit(EVENT_RX_STALL, &acm->flags);
2552 ++ }
2553 ++
2554 ++ if (test_and_clear_bit(ACM_ERROR_DELAY, &acm->flags)) {
2555 ++ for (i = 0; i < ACM_NR; i++)
2556 ++ if (test_and_clear_bit(i, &acm->urbs_in_error_delay))
2557 ++ acm_submit_read_urb(acm, i, GFP_NOIO);
2558 + }
2559 +
2560 + if (test_and_clear_bit(EVENT_TTY_WAKEUP, &acm->flags))
2561 +@@ -1365,6 +1387,7 @@ made_compressed_probe:
2562 + acm->readsize = readsize;
2563 + acm->rx_buflimit = num_rx_buf;
2564 + INIT_WORK(&acm->work, acm_softint);
2565 ++ INIT_DELAYED_WORK(&acm->dwork, acm_softint);
2566 + init_waitqueue_head(&acm->wioctl);
2567 + spin_lock_init(&acm->write_lock);
2568 + spin_lock_init(&acm->read_lock);
2569 +@@ -1574,6 +1597,7 @@ static void acm_disconnect(struct usb_interface *intf)
2570 +
2571 + acm_kill_urbs(acm);
2572 + cancel_work_sync(&acm->work);
2573 ++ cancel_delayed_work_sync(&acm->dwork);
2574 +
2575 + tty_unregister_device(acm_tty_driver, acm->minor);
2576 +
2577 +@@ -1616,6 +1640,8 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
2578 +
2579 + acm_kill_urbs(acm);
2580 + cancel_work_sync(&acm->work);
2581 ++ cancel_delayed_work_sync(&acm->dwork);
2582 ++ acm->urbs_in_error_delay = 0;
2583 +
2584 + return 0;
2585 + }
2586 +diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
2587 +index 515aad0847ee..30380d28a504 100644
2588 +--- a/drivers/usb/class/cdc-acm.h
2589 ++++ b/drivers/usb/class/cdc-acm.h
2590 +@@ -108,8 +108,11 @@ struct acm {
2591 + unsigned long flags;
2592 + # define EVENT_TTY_WAKEUP 0
2593 + # define EVENT_RX_STALL 1
2594 ++# define ACM_ERROR_DELAY 3
2595 ++ unsigned long urbs_in_error_delay; /* these need to be restarted after a delay */
2596 + struct usb_cdc_line_coding line; /* bits, stop, parity */
2597 +- struct work_struct work; /* work queue entry for line discipline waking up */
2598 ++ struct work_struct work; /* work queue entry for various purposes*/
2599 ++ struct delayed_work dwork; /* for cool downs needed in error recovery */
2600 + unsigned int ctrlin; /* input control lines (DCD, DSR, RI, break, overruns) */
2601 + unsigned int ctrlout; /* output control lines (DTR, RTS) */
2602 + struct async_icount iocount; /* counters for control line changes */
2603 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
2604 +index 8cf2d2a5e266..fffe544d9e9f 100644
2605 +--- a/drivers/usb/core/hub.c
2606 ++++ b/drivers/usb/core/hub.c
2607 +@@ -1196,6 +1196,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
2608 + #ifdef CONFIG_PM
2609 + udev->reset_resume = 1;
2610 + #endif
2611 ++ /* Don't set the change_bits when the device
2612 ++ * was powered off.
2613 ++ */
2614 ++ if (test_bit(port1, hub->power_bits))
2615 ++ set_bit(port1, hub->change_bits);
2616 +
2617 + } else {
2618 + /* The power session is gone; tell hub_wq */
2619 +@@ -3051,6 +3056,15 @@ static int check_port_resume_type(struct usb_device *udev,
2620 + if (portchange & USB_PORT_STAT_C_ENABLE)
2621 + usb_clear_port_feature(hub->hdev, port1,
2622 + USB_PORT_FEAT_C_ENABLE);
2623 ++
2624 ++ /*
2625 ++ * Whatever made this reset-resume necessary may have
2626 ++ * turned on the port1 bit in hub->change_bits. But after
2627 ++ * a successful reset-resume we want the bit to be clear;
2628 ++ * if it was on it would indicate that something happened
2629 ++ * following the reset-resume.
2630 ++ */
2631 ++ clear_bit(port1, hub->change_bits);
2632 + }
2633 +
2634 + return status;
2635 +diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
2636 +index 0d3fd2083165..fcf84bfc08e3 100644
2637 +--- a/drivers/usb/core/message.c
2638 ++++ b/drivers/usb/core/message.c
2639 +@@ -588,12 +588,13 @@ void usb_sg_cancel(struct usb_sg_request *io)
2640 + int i, retval;
2641 +
2642 + spin_lock_irqsave(&io->lock, flags);
2643 +- if (io->status) {
2644 ++ if (io->status || io->count == 0) {
2645 + spin_unlock_irqrestore(&io->lock, flags);
2646 + return;
2647 + }
2648 + /* shut everything down */
2649 + io->status = -ECONNRESET;
2650 ++ io->count++; /* Keep the request alive until we're done */
2651 + spin_unlock_irqrestore(&io->lock, flags);
2652 +
2653 + for (i = io->entries - 1; i >= 0; --i) {
2654 +@@ -607,6 +608,12 @@ void usb_sg_cancel(struct usb_sg_request *io)
2655 + dev_warn(&io->dev->dev, "%s, unlink --> %d\n",
2656 + __func__, retval);
2657 + }
2658 ++
2659 ++ spin_lock_irqsave(&io->lock, flags);
2660 ++ io->count--;
2661 ++ if (!io->count)
2662 ++ complete(&io->complete);
2663 ++ spin_unlock_irqrestore(&io->lock, flags);
2664 + }
2665 + EXPORT_SYMBOL_GPL(usb_sg_cancel);
2666 +
2667 +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
2668 +index da30b5664ff3..3e8efe759c3e 100644
2669 +--- a/drivers/usb/core/quirks.c
2670 ++++ b/drivers/usb/core/quirks.c
2671 +@@ -430,6 +430,10 @@ static const struct usb_device_id usb_quirk_list[] = {
2672 + /* Corsair K70 LUX */
2673 + { USB_DEVICE(0x1b1c, 0x1b36), .driver_info = USB_QUIRK_DELAY_INIT },
2674 +
2675 ++ /* Corsair K70 RGB RAPDIFIRE */
2676 ++ { USB_DEVICE(0x1b1c, 0x1b38), .driver_info = USB_QUIRK_DELAY_INIT |
2677 ++ USB_QUIRK_DELAY_CTRL_MSG },
2678 ++
2679 + /* MIDI keyboard WORLDE MINI */
2680 + { USB_DEVICE(0x1c75, 0x0204), .driver_info =
2681 + USB_QUIRK_CONFIG_INTF_STRINGS },
2682 +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
2683 +index 8a4455d0af8b..8222e674c777 100644
2684 +--- a/drivers/usb/dwc3/gadget.c
2685 ++++ b/drivers/usb/dwc3/gadget.c
2686 +@@ -2280,14 +2280,7 @@ static int dwc3_gadget_ep_reclaim_trb_linear(struct dwc3_ep *dep,
2687 +
2688 + static bool dwc3_gadget_ep_request_completed(struct dwc3_request *req)
2689 + {
2690 +- /*
2691 +- * For OUT direction, host may send less than the setup
2692 +- * length. Return true for all OUT requests.
2693 +- */
2694 +- if (!req->direction)
2695 +- return true;
2696 +-
2697 +- return req->request.actual == req->request.length;
2698 ++ return req->num_pending_sgs == 0;
2699 + }
2700 +
2701 + static int dwc3_gadget_ep_cleanup_completed_request(struct dwc3_ep *dep,
2702 +@@ -2311,8 +2304,7 @@ static int dwc3_gadget_ep_cleanup_completed_request(struct dwc3_ep *dep,
2703 +
2704 + req->request.actual = req->request.length - req->remaining;
2705 +
2706 +- if (!dwc3_gadget_ep_request_completed(req) ||
2707 +- req->num_pending_sgs) {
2708 ++ if (!dwc3_gadget_ep_request_completed(req)) {
2709 + __dwc3_gadget_kick_transfer(dep);
2710 + goto out;
2711 + }
2712 +diff --git a/drivers/usb/early/xhci-dbc.c b/drivers/usb/early/xhci-dbc.c
2713 +index e15e896f356c..97885eb57be6 100644
2714 +--- a/drivers/usb/early/xhci-dbc.c
2715 ++++ b/drivers/usb/early/xhci-dbc.c
2716 +@@ -735,19 +735,19 @@ static void xdbc_handle_tx_event(struct xdbc_trb *evt_trb)
2717 + case COMP_USB_TRANSACTION_ERROR:
2718 + case COMP_STALL_ERROR:
2719 + default:
2720 +- if (ep_id == XDBC_EPID_OUT)
2721 ++ if (ep_id == XDBC_EPID_OUT || ep_id == XDBC_EPID_OUT_INTEL)
2722 + xdbc.flags |= XDBC_FLAGS_OUT_STALL;
2723 +- if (ep_id == XDBC_EPID_IN)
2724 ++ if (ep_id == XDBC_EPID_IN || ep_id == XDBC_EPID_IN_INTEL)
2725 + xdbc.flags |= XDBC_FLAGS_IN_STALL;
2726 +
2727 + xdbc_trace("endpoint %d stalled\n", ep_id);
2728 + break;
2729 + }
2730 +
2731 +- if (ep_id == XDBC_EPID_IN) {
2732 ++ if (ep_id == XDBC_EPID_IN || ep_id == XDBC_EPID_IN_INTEL) {
2733 + xdbc.flags &= ~XDBC_FLAGS_IN_PROCESS;
2734 + xdbc_bulk_transfer(NULL, XDBC_MAX_PACKET, true);
2735 +- } else if (ep_id == XDBC_EPID_OUT) {
2736 ++ } else if (ep_id == XDBC_EPID_OUT || ep_id == XDBC_EPID_OUT_INTEL) {
2737 + xdbc.flags &= ~XDBC_FLAGS_OUT_PROCESS;
2738 + } else {
2739 + xdbc_trace("invalid endpoint id %d\n", ep_id);
2740 +diff --git a/drivers/usb/early/xhci-dbc.h b/drivers/usb/early/xhci-dbc.h
2741 +index 673686eeddd7..6e2b7266a695 100644
2742 +--- a/drivers/usb/early/xhci-dbc.h
2743 ++++ b/drivers/usb/early/xhci-dbc.h
2744 +@@ -120,8 +120,22 @@ struct xdbc_ring {
2745 + u32 cycle_state;
2746 + };
2747 +
2748 +-#define XDBC_EPID_OUT 2
2749 +-#define XDBC_EPID_IN 3
2750 ++/*
2751 ++ * These are the "Endpoint ID" (also known as "Context Index") values for the
2752 ++ * OUT Transfer Ring and the IN Transfer Ring of a Debug Capability Context data
2753 ++ * structure.
2754 ++ * According to the "eXtensible Host Controller Interface for Universal Serial
2755 ++ * Bus (xHCI)" specification, section "7.6.3.2 Endpoint Contexts and Transfer
2756 ++ * Rings", these should be 0 and 1, and those are the values AMD machines give
2757 ++ * you; but Intel machines seem to use the formula from section "4.5.1 Device
2758 ++ * Context Index", which is supposed to be used for the Device Context only.
2759 ++ * Luckily the values from Intel don't overlap with those from AMD, so we can
2760 ++ * just test for both.
2761 ++ */
2762 ++#define XDBC_EPID_OUT 0
2763 ++#define XDBC_EPID_IN 1
2764 ++#define XDBC_EPID_OUT_INTEL 2
2765 ++#define XDBC_EPID_IN_INTEL 3
2766 +
2767 + struct xdbc_state {
2768 + u16 vendor;
2769 +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
2770 +index 31b3dda3089c..11a501d0664c 100644
2771 +--- a/drivers/usb/gadget/function/f_fs.c
2772 ++++ b/drivers/usb/gadget/function/f_fs.c
2773 +@@ -1737,6 +1737,10 @@ static void ffs_data_reset(struct ffs_data *ffs)
2774 + ffs->state = FFS_READ_DESCRIPTORS;
2775 + ffs->setup_state = FFS_NO_SETUP;
2776 + ffs->flags = 0;
2777 ++
2778 ++ ffs->ms_os_descs_ext_prop_count = 0;
2779 ++ ffs->ms_os_descs_ext_prop_name_len = 0;
2780 ++ ffs->ms_os_descs_ext_prop_data_len = 0;
2781 + }
2782 +
2783 +
2784 +diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
2785 +index a024230f00e2..a58ef53e4ae1 100644
2786 +--- a/drivers/usb/host/xhci-hub.c
2787 ++++ b/drivers/usb/host/xhci-hub.c
2788 +@@ -1266,7 +1266,16 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
2789 + xhci_set_link_state(xhci, ports[wIndex], link_state);
2790 +
2791 + spin_unlock_irqrestore(&xhci->lock, flags);
2792 +- msleep(20); /* wait device to enter */
2793 ++ if (link_state == USB_SS_PORT_LS_U3) {
2794 ++ int retries = 16;
2795 ++
2796 ++ while (retries--) {
2797 ++ usleep_range(4000, 8000);
2798 ++ temp = readl(ports[wIndex]->addr);
2799 ++ if ((temp & PORT_PLS_MASK) == XDEV_U3)
2800 ++ break;
2801 ++ }
2802 ++ }
2803 + spin_lock_irqsave(&xhci->lock, flags);
2804 +
2805 + temp = readl(ports[wIndex]->addr);
2806 +@@ -1472,6 +1481,8 @@ int xhci_hub_status_data(struct usb_hcd *hcd, char *buf)
2807 + }
2808 + if ((temp & PORT_RC))
2809 + reset_change = true;
2810 ++ if (temp & PORT_OC)
2811 ++ status = 1;
2812 + }
2813 + if (!status && !reset_change) {
2814 + xhci_dbg(xhci, "%s: stopping port polling.\n", __func__);
2815 +@@ -1537,6 +1548,13 @@ retry:
2816 + port_index);
2817 + goto retry;
2818 + }
2819 ++ /* bail out if port detected a over-current condition */
2820 ++ if (t1 & PORT_OC) {
2821 ++ bus_state->bus_suspended = 0;
2822 ++ spin_unlock_irqrestore(&xhci->lock, flags);
2823 ++ xhci_dbg(xhci, "Bus suspend bailout, port over-current detected\n");
2824 ++ return -EBUSY;
2825 ++ }
2826 + /* suspend ports in U0, or bail out for new connect changes */
2827 + if ((t1 & PORT_PE) && (t1 & PORT_PLS_MASK) == XDEV_U0) {
2828 + if ((t1 & PORT_CSC) && wake_enabled) {
2829 +diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c
2830 +index c4f6ac5f035e..6376be1f5fd2 100644
2831 +--- a/drivers/usb/misc/sisusbvga/sisusb.c
2832 ++++ b/drivers/usb/misc/sisusbvga/sisusb.c
2833 +@@ -1199,18 +1199,18 @@ static int sisusb_read_mem_bulk(struct sisusb_usb_data *sisusb, u32 addr,
2834 + /* High level: Gfx (indexed) register access */
2835 +
2836 + #ifdef INCL_SISUSB_CON
2837 +-int sisusb_setreg(struct sisusb_usb_data *sisusb, int port, u8 data)
2838 ++int sisusb_setreg(struct sisusb_usb_data *sisusb, u32 port, u8 data)
2839 + {
2840 + return sisusb_write_memio_byte(sisusb, SISUSB_TYPE_IO, port, data);
2841 + }
2842 +
2843 +-int sisusb_getreg(struct sisusb_usb_data *sisusb, int port, u8 *data)
2844 ++int sisusb_getreg(struct sisusb_usb_data *sisusb, u32 port, u8 *data)
2845 + {
2846 + return sisusb_read_memio_byte(sisusb, SISUSB_TYPE_IO, port, data);
2847 + }
2848 + #endif
2849 +
2850 +-int sisusb_setidxreg(struct sisusb_usb_data *sisusb, int port,
2851 ++int sisusb_setidxreg(struct sisusb_usb_data *sisusb, u32 port,
2852 + u8 index, u8 data)
2853 + {
2854 + int ret;
2855 +@@ -1220,7 +1220,7 @@ int sisusb_setidxreg(struct sisusb_usb_data *sisusb, int port,
2856 + return ret;
2857 + }
2858 +
2859 +-int sisusb_getidxreg(struct sisusb_usb_data *sisusb, int port,
2860 ++int sisusb_getidxreg(struct sisusb_usb_data *sisusb, u32 port,
2861 + u8 index, u8 *data)
2862 + {
2863 + int ret;
2864 +@@ -1230,7 +1230,7 @@ int sisusb_getidxreg(struct sisusb_usb_data *sisusb, int port,
2865 + return ret;
2866 + }
2867 +
2868 +-int sisusb_setidxregandor(struct sisusb_usb_data *sisusb, int port, u8 idx,
2869 ++int sisusb_setidxregandor(struct sisusb_usb_data *sisusb, u32 port, u8 idx,
2870 + u8 myand, u8 myor)
2871 + {
2872 + int ret;
2873 +@@ -1245,7 +1245,7 @@ int sisusb_setidxregandor(struct sisusb_usb_data *sisusb, int port, u8 idx,
2874 + }
2875 +
2876 + static int sisusb_setidxregmask(struct sisusb_usb_data *sisusb,
2877 +- int port, u8 idx, u8 data, u8 mask)
2878 ++ u32 port, u8 idx, u8 data, u8 mask)
2879 + {
2880 + int ret;
2881 + u8 tmp;
2882 +@@ -1258,13 +1258,13 @@ static int sisusb_setidxregmask(struct sisusb_usb_data *sisusb,
2883 + return ret;
2884 + }
2885 +
2886 +-int sisusb_setidxregor(struct sisusb_usb_data *sisusb, int port,
2887 ++int sisusb_setidxregor(struct sisusb_usb_data *sisusb, u32 port,
2888 + u8 index, u8 myor)
2889 + {
2890 + return sisusb_setidxregandor(sisusb, port, index, 0xff, myor);
2891 + }
2892 +
2893 +-int sisusb_setidxregand(struct sisusb_usb_data *sisusb, int port,
2894 ++int sisusb_setidxregand(struct sisusb_usb_data *sisusb, u32 port,
2895 + u8 idx, u8 myand)
2896 + {
2897 + return sisusb_setidxregandor(sisusb, port, idx, myand, 0x00);
2898 +@@ -2787,8 +2787,8 @@ static loff_t sisusb_lseek(struct file *file, loff_t offset, int orig)
2899 + static int sisusb_handle_command(struct sisusb_usb_data *sisusb,
2900 + struct sisusb_command *y, unsigned long arg)
2901 + {
2902 +- int retval, port, length;
2903 +- u32 address;
2904 ++ int retval, length;
2905 ++ u32 port, address;
2906 +
2907 + /* All our commands require the device
2908 + * to be initialized.
2909 +diff --git a/drivers/usb/misc/sisusbvga/sisusb_init.h b/drivers/usb/misc/sisusbvga/sisusb_init.h
2910 +index 1782c759c4ad..ace09985dae4 100644
2911 +--- a/drivers/usb/misc/sisusbvga/sisusb_init.h
2912 ++++ b/drivers/usb/misc/sisusbvga/sisusb_init.h
2913 +@@ -812,17 +812,17 @@ static const struct SiS_VCLKData SiSUSB_VCLKData[] = {
2914 + int SiSUSBSetMode(struct SiS_Private *SiS_Pr, unsigned short ModeNo);
2915 + int SiSUSBSetVESAMode(struct SiS_Private *SiS_Pr, unsigned short VModeNo);
2916 +
2917 +-extern int sisusb_setreg(struct sisusb_usb_data *sisusb, int port, u8 data);
2918 +-extern int sisusb_getreg(struct sisusb_usb_data *sisusb, int port, u8 * data);
2919 +-extern int sisusb_setidxreg(struct sisusb_usb_data *sisusb, int port,
2920 ++extern int sisusb_setreg(struct sisusb_usb_data *sisusb, u32 port, u8 data);
2921 ++extern int sisusb_getreg(struct sisusb_usb_data *sisusb, u32 port, u8 * data);
2922 ++extern int sisusb_setidxreg(struct sisusb_usb_data *sisusb, u32 port,
2923 + u8 index, u8 data);
2924 +-extern int sisusb_getidxreg(struct sisusb_usb_data *sisusb, int port,
2925 ++extern int sisusb_getidxreg(struct sisusb_usb_data *sisusb, u32 port,
2926 + u8 index, u8 * data);
2927 +-extern int sisusb_setidxregandor(struct sisusb_usb_data *sisusb, int port,
2928 ++extern int sisusb_setidxregandor(struct sisusb_usb_data *sisusb, u32 port,
2929 + u8 idx, u8 myand, u8 myor);
2930 +-extern int sisusb_setidxregor(struct sisusb_usb_data *sisusb, int port,
2931 ++extern int sisusb_setidxregor(struct sisusb_usb_data *sisusb, u32 port,
2932 + u8 index, u8 myor);
2933 +-extern int sisusb_setidxregand(struct sisusb_usb_data *sisusb, int port,
2934 ++extern int sisusb_setidxregand(struct sisusb_usb_data *sisusb, u32 port,
2935 + u8 idx, u8 myand);
2936 +
2937 + void sisusb_delete(struct kref *kref);
2938 +diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
2939 +index 62ca8e29da48..27d8b4b6ff59 100644
2940 +--- a/drivers/usb/storage/uas.c
2941 ++++ b/drivers/usb/storage/uas.c
2942 +@@ -81,6 +81,19 @@ static void uas_free_streams(struct uas_dev_info *devinfo);
2943 + static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
2944 + int status);
2945 +
2946 ++/*
2947 ++ * This driver needs its own workqueue, as we need to control memory allocation.
2948 ++ *
2949 ++ * In the course of error handling and power management uas_wait_for_pending_cmnds()
2950 ++ * needs to flush pending work items. In these contexts we cannot allocate memory
2951 ++ * by doing block IO as we would deadlock. For the same reason we cannot wait
2952 ++ * for anything allocating memory not heeding these constraints.
2953 ++ *
2954 ++ * So we have to control all work items that can be on the workqueue we flush.
2955 ++ * Hence we cannot share a queue and need our own.
2956 ++ */
2957 ++static struct workqueue_struct *workqueue;
2958 ++
2959 + static void uas_do_work(struct work_struct *work)
2960 + {
2961 + struct uas_dev_info *devinfo =
2962 +@@ -109,7 +122,7 @@ static void uas_do_work(struct work_struct *work)
2963 + if (!err)
2964 + cmdinfo->state &= ~IS_IN_WORK_LIST;
2965 + else
2966 +- schedule_work(&devinfo->work);
2967 ++ queue_work(workqueue, &devinfo->work);
2968 + }
2969 + out:
2970 + spin_unlock_irqrestore(&devinfo->lock, flags);
2971 +@@ -134,7 +147,7 @@ static void uas_add_work(struct uas_cmd_info *cmdinfo)
2972 +
2973 + lockdep_assert_held(&devinfo->lock);
2974 + cmdinfo->state |= IS_IN_WORK_LIST;
2975 +- schedule_work(&devinfo->work);
2976 ++ queue_work(workqueue, &devinfo->work);
2977 + }
2978 +
2979 + static void uas_zap_pending(struct uas_dev_info *devinfo, int result)
2980 +@@ -190,6 +203,9 @@ static void uas_log_cmd_state(struct scsi_cmnd *cmnd, const char *prefix,
2981 + struct uas_cmd_info *ci = (void *)&cmnd->SCp;
2982 + struct uas_cmd_info *cmdinfo = (void *)&cmnd->SCp;
2983 +
2984 ++ if (status == -ENODEV) /* too late */
2985 ++ return;
2986 ++
2987 + scmd_printk(KERN_INFO, cmnd,
2988 + "%s %d uas-tag %d inflight:%s%s%s%s%s%s%s%s%s%s%s%s ",
2989 + prefix, status, cmdinfo->uas_tag,
2990 +@@ -1233,7 +1249,31 @@ static struct usb_driver uas_driver = {
2991 + .id_table = uas_usb_ids,
2992 + };
2993 +
2994 +-module_usb_driver(uas_driver);
2995 ++static int __init uas_init(void)
2996 ++{
2997 ++ int rv;
2998 ++
2999 ++ workqueue = alloc_workqueue("uas", WQ_MEM_RECLAIM, 0);
3000 ++ if (!workqueue)
3001 ++ return -ENOMEM;
3002 ++
3003 ++ rv = usb_register(&uas_driver);
3004 ++ if (rv) {
3005 ++ destroy_workqueue(workqueue);
3006 ++ return -ENOMEM;
3007 ++ }
3008 ++
3009 ++ return 0;
3010 ++}
3011 ++
3012 ++static void __exit uas_exit(void)
3013 ++{
3014 ++ usb_deregister(&uas_driver);
3015 ++ destroy_workqueue(workqueue);
3016 ++}
3017 ++
3018 ++module_init(uas_init);
3019 ++module_exit(uas_exit);
3020 +
3021 + MODULE_LICENSE("GPL");
3022 + MODULE_AUTHOR(
3023 +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
3024 +index 1880f3e13f57..f6c3681fa2e9 100644
3025 +--- a/drivers/usb/storage/unusual_devs.h
3026 ++++ b/drivers/usb/storage/unusual_devs.h
3027 +@@ -2323,6 +2323,13 @@ UNUSUAL_DEV( 0x3340, 0xffff, 0x0000, 0x0000,
3028 + USB_SC_DEVICE,USB_PR_DEVICE,NULL,
3029 + US_FL_MAX_SECTORS_64 ),
3030 +
3031 ++/* Reported by Cyril Roelandt <tipecaml@×××××.com> */
3032 ++UNUSUAL_DEV( 0x357d, 0x7788, 0x0114, 0x0114,
3033 ++ "JMicron",
3034 ++ "USB to ATA/ATAPI Bridge",
3035 ++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
3036 ++ US_FL_BROKEN_FUA ),
3037 ++
3038 + /* Reported by Andrey Rahmatullin <wrar@××××××××.org> */
3039 + UNUSUAL_DEV( 0x4102, 0x1020, 0x0100, 0x0100,
3040 + "iRiver",
3041 +diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
3042 +index e64aa88e99da..10b2090f3e5e 100644
3043 +--- a/drivers/watchdog/watchdog_dev.c
3044 ++++ b/drivers/watchdog/watchdog_dev.c
3045 +@@ -264,6 +264,7 @@ static int watchdog_start(struct watchdog_device *wdd)
3046 + if (err == 0) {
3047 + set_bit(WDOG_ACTIVE, &wdd->status);
3048 + wd_data->last_keepalive = started_at;
3049 ++ wd_data->last_hw_keepalive = started_at;
3050 + watchdog_update_worker(wdd);
3051 + }
3052 +
3053 +diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
3054 +index 4c0b220e20ba..5241102b81a8 100644
3055 +--- a/fs/ceph/caps.c
3056 ++++ b/fs/ceph/caps.c
3057 +@@ -1972,8 +1972,12 @@ retry_locked:
3058 + }
3059 +
3060 + /* want more caps from mds? */
3061 +- if (want & ~(cap->mds_wanted | cap->issued))
3062 +- goto ack;
3063 ++ if (want & ~cap->mds_wanted) {
3064 ++ if (want & ~(cap->mds_wanted | cap->issued))
3065 ++ goto ack;
3066 ++ if (!__cap_is_valid(cap))
3067 ++ goto ack;
3068 ++ }
3069 +
3070 + /* things we might delay */
3071 + if ((cap->issued & ~retain) == 0 &&
3072 +diff --git a/fs/ceph/export.c b/fs/ceph/export.c
3073 +index 3c59ad180ef0..4cfe1154d4c7 100644
3074 +--- a/fs/ceph/export.c
3075 ++++ b/fs/ceph/export.c
3076 +@@ -151,6 +151,11 @@ static struct dentry *__get_parent(struct super_block *sb,
3077 +
3078 + req->r_num_caps = 1;
3079 + err = ceph_mdsc_do_request(mdsc, NULL, req);
3080 ++ if (err) {
3081 ++ ceph_mdsc_put_request(req);
3082 ++ return ERR_PTR(err);
3083 ++ }
3084 ++
3085 + inode = req->r_target_inode;
3086 + if (inode)
3087 + ihold(inode);
3088 +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
3089 +index a289f4bcee45..6e8049031c1a 100644
3090 +--- a/fs/ext4/extents.c
3091 ++++ b/fs/ext4/extents.c
3092 +@@ -498,6 +498,30 @@ int ext4_ext_check_inode(struct inode *inode)
3093 + return ext4_ext_check(inode, ext_inode_hdr(inode), ext_depth(inode), 0);
3094 + }
3095 +
3096 ++static void ext4_cache_extents(struct inode *inode,
3097 ++ struct ext4_extent_header *eh)
3098 ++{
3099 ++ struct ext4_extent *ex = EXT_FIRST_EXTENT(eh);
3100 ++ ext4_lblk_t prev = 0;
3101 ++ int i;
3102 ++
3103 ++ for (i = le16_to_cpu(eh->eh_entries); i > 0; i--, ex++) {
3104 ++ unsigned int status = EXTENT_STATUS_WRITTEN;
3105 ++ ext4_lblk_t lblk = le32_to_cpu(ex->ee_block);
3106 ++ int len = ext4_ext_get_actual_len(ex);
3107 ++
3108 ++ if (prev && (prev != lblk))
3109 ++ ext4_es_cache_extent(inode, prev, lblk - prev, ~0,
3110 ++ EXTENT_STATUS_HOLE);
3111 ++
3112 ++ if (ext4_ext_is_unwritten(ex))
3113 ++ status = EXTENT_STATUS_UNWRITTEN;
3114 ++ ext4_es_cache_extent(inode, lblk, len,
3115 ++ ext4_ext_pblock(ex), status);
3116 ++ prev = lblk + len;
3117 ++ }
3118 ++}
3119 ++
3120 + static struct buffer_head *
3121 + __read_extent_tree_block(const char *function, unsigned int line,
3122 + struct inode *inode, ext4_fsblk_t pblk, int depth,
3123 +@@ -532,26 +556,7 @@ __read_extent_tree_block(const char *function, unsigned int line,
3124 + */
3125 + if (!(flags & EXT4_EX_NOCACHE) && depth == 0) {
3126 + struct ext4_extent_header *eh = ext_block_hdr(bh);
3127 +- struct ext4_extent *ex = EXT_FIRST_EXTENT(eh);
3128 +- ext4_lblk_t prev = 0;
3129 +- int i;
3130 +-
3131 +- for (i = le16_to_cpu(eh->eh_entries); i > 0; i--, ex++) {
3132 +- unsigned int status = EXTENT_STATUS_WRITTEN;
3133 +- ext4_lblk_t lblk = le32_to_cpu(ex->ee_block);
3134 +- int len = ext4_ext_get_actual_len(ex);
3135 +-
3136 +- if (prev && (prev != lblk))
3137 +- ext4_es_cache_extent(inode, prev,
3138 +- lblk - prev, ~0,
3139 +- EXTENT_STATUS_HOLE);
3140 +-
3141 +- if (ext4_ext_is_unwritten(ex))
3142 +- status = EXTENT_STATUS_UNWRITTEN;
3143 +- ext4_es_cache_extent(inode, lblk, len,
3144 +- ext4_ext_pblock(ex), status);
3145 +- prev = lblk + len;
3146 +- }
3147 ++ ext4_cache_extents(inode, eh);
3148 + }
3149 + return bh;
3150 + errout:
3151 +@@ -899,6 +904,8 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block,
3152 + path[0].p_bh = NULL;
3153 +
3154 + i = depth;
3155 ++ if (!(flags & EXT4_EX_NOCACHE) && depth == 0)
3156 ++ ext4_cache_extents(inode, eh);
3157 + /* walk through the tree */
3158 + while (i) {
3159 + ext_debug("depth %d: num %d, max %d\n",
3160 +diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c
3161 +index 1dae74f7ccca..201e9da1692a 100644
3162 +--- a/fs/f2fs/xattr.c
3163 ++++ b/fs/f2fs/xattr.c
3164 +@@ -538,8 +538,9 @@ out:
3165 + ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
3166 + {
3167 + struct inode *inode = d_inode(dentry);
3168 ++ nid_t xnid = F2FS_I(inode)->i_xattr_nid;
3169 + struct f2fs_xattr_entry *entry;
3170 +- void *base_addr;
3171 ++ void *base_addr, *last_base_addr;
3172 + int error = 0;
3173 + size_t rest = buffer_size;
3174 +
3175 +@@ -549,6 +550,8 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
3176 + if (error)
3177 + return error;
3178 +
3179 ++ last_base_addr = (void *)base_addr + XATTR_SIZE(xnid, inode);
3180 ++
3181 + list_for_each_xattr(entry, base_addr) {
3182 + const struct xattr_handler *handler =
3183 + f2fs_xattr_handler(entry->e_name_index);
3184 +@@ -556,6 +559,16 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
3185 + size_t prefix_len;
3186 + size_t size;
3187 +
3188 ++ if ((void *)(entry) + sizeof(__u32) > last_base_addr ||
3189 ++ (void *)XATTR_NEXT_ENTRY(entry) > last_base_addr) {
3190 ++ f2fs_msg(dentry->d_sb, KERN_ERR,
3191 ++ "inode (%lu) has corrupted xattr",
3192 ++ inode->i_ino);
3193 ++ set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK);
3194 ++ error = -EFSCORRUPTED;
3195 ++ goto cleanup;
3196 ++ }
3197 ++
3198 + if (!handler || (handler->list && !handler->list(dentry)))
3199 + continue;
3200 +
3201 +diff --git a/fs/namespace.c b/fs/namespace.c
3202 +index 1fce41ba3535..741f40cd955e 100644
3203 +--- a/fs/namespace.c
3204 ++++ b/fs/namespace.c
3205 +@@ -3142,8 +3142,8 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
3206 + /* make certain new is below the root */
3207 + if (!is_path_reachable(new_mnt, new.dentry, &root))
3208 + goto out4;
3209 +- root_mp->m_count++; /* pin it so it won't go away */
3210 + lock_mount_hash();
3211 ++ root_mp->m_count++; /* pin it so it won't go away */
3212 + detach_mnt(new_mnt, &parent_path);
3213 + detach_mnt(root_mnt, &root_parent);
3214 + if (root_mnt->mnt.mnt_flags & MNT_LOCKED) {
3215 +diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
3216 +index 5c5f161763c8..c4147e50af98 100644
3217 +--- a/fs/proc/vmcore.c
3218 ++++ b/fs/proc/vmcore.c
3219 +@@ -250,7 +250,8 @@ static int vmcoredd_mmap_dumps(struct vm_area_struct *vma, unsigned long dst,
3220 + if (start < offset + dump->size) {
3221 + tsz = min(offset + (u64)dump->size - start, (u64)size);
3222 + buf = dump->buf + start - offset;
3223 +- if (remap_vmalloc_range_partial(vma, dst, buf, tsz)) {
3224 ++ if (remap_vmalloc_range_partial(vma, dst, buf, 0,
3225 ++ tsz)) {
3226 + ret = -EFAULT;
3227 + goto out_unlock;
3228 + }
3229 +@@ -607,7 +608,7 @@ static int mmap_vmcore(struct file *file, struct vm_area_struct *vma)
3230 + tsz = min(elfcorebuf_sz + elfnotes_sz - (size_t)start, size);
3231 + kaddr = elfnotes_buf + start - elfcorebuf_sz - vmcoredd_orig_sz;
3232 + if (remap_vmalloc_range_partial(vma, vma->vm_start + len,
3233 +- kaddr, tsz))
3234 ++ kaddr, 0, tsz))
3235 + goto fail;
3236 +
3237 + size -= tsz;
3238 +diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
3239 +index 5ed84d6c7059..f2d06e1e4906 100644
3240 +--- a/fs/xfs/xfs_inode.c
3241 ++++ b/fs/xfs/xfs_inode.c
3242 +@@ -2949,7 +2949,8 @@ xfs_rename(
3243 + spaceres);
3244 +
3245 + /*
3246 +- * Set up the target.
3247 ++ * Check for expected errors before we dirty the transaction
3248 ++ * so we can return an error without a transaction abort.
3249 + */
3250 + if (target_ip == NULL) {
3251 + /*
3252 +@@ -2961,6 +2962,46 @@ xfs_rename(
3253 + if (error)
3254 + goto out_trans_cancel;
3255 + }
3256 ++ } else {
3257 ++ /*
3258 ++ * If target exists and it's a directory, check that whether
3259 ++ * it can be destroyed.
3260 ++ */
3261 ++ if (S_ISDIR(VFS_I(target_ip)->i_mode) &&
3262 ++ (!xfs_dir_isempty(target_ip) ||
3263 ++ (VFS_I(target_ip)->i_nlink > 2))) {
3264 ++ error = -EEXIST;
3265 ++ goto out_trans_cancel;
3266 ++ }
3267 ++ }
3268 ++
3269 ++ /*
3270 ++ * Directory entry creation below may acquire the AGF. Remove
3271 ++ * the whiteout from the unlinked list first to preserve correct
3272 ++ * AGI/AGF locking order. This dirties the transaction so failures
3273 ++ * after this point will abort and log recovery will clean up the
3274 ++ * mess.
3275 ++ *
3276 ++ * For whiteouts, we need to bump the link count on the whiteout
3277 ++ * inode. After this point, we have a real link, clear the tmpfile
3278 ++ * state flag from the inode so it doesn't accidentally get misused
3279 ++ * in future.
3280 ++ */
3281 ++ if (wip) {
3282 ++ ASSERT(VFS_I(wip)->i_nlink == 0);
3283 ++ error = xfs_iunlink_remove(tp, wip);
3284 ++ if (error)
3285 ++ goto out_trans_cancel;
3286 ++
3287 ++ xfs_bumplink(tp, wip);
3288 ++ xfs_trans_log_inode(tp, wip, XFS_ILOG_CORE);
3289 ++ VFS_I(wip)->i_state &= ~I_LINKABLE;
3290 ++ }
3291 ++
3292 ++ /*
3293 ++ * Set up the target.
3294 ++ */
3295 ++ if (target_ip == NULL) {
3296 + /*
3297 + * If target does not exist and the rename crosses
3298 + * directories, adjust the target directory link count
3299 +@@ -2980,22 +3021,6 @@ xfs_rename(
3300 + goto out_trans_cancel;
3301 + }
3302 + } else { /* target_ip != NULL */
3303 +- /*
3304 +- * If target exists and it's a directory, check that both
3305 +- * target and source are directories and that target can be
3306 +- * destroyed, or that neither is a directory.
3307 +- */
3308 +- if (S_ISDIR(VFS_I(target_ip)->i_mode)) {
3309 +- /*
3310 +- * Make sure target dir is empty.
3311 +- */
3312 +- if (!(xfs_dir_isempty(target_ip)) ||
3313 +- (VFS_I(target_ip)->i_nlink > 2)) {
3314 +- error = -EEXIST;
3315 +- goto out_trans_cancel;
3316 +- }
3317 +- }
3318 +-
3319 + /*
3320 + * Link the source inode under the target name.
3321 + * If the source inode is a directory and we are moving
3322 +@@ -3086,32 +3111,6 @@ xfs_rename(
3323 + if (error)
3324 + goto out_trans_cancel;
3325 +
3326 +- /*
3327 +- * For whiteouts, we need to bump the link count on the whiteout inode.
3328 +- * This means that failures all the way up to this point leave the inode
3329 +- * on the unlinked list and so cleanup is a simple matter of dropping
3330 +- * the remaining reference to it. If we fail here after bumping the link
3331 +- * count, we're shutting down the filesystem so we'll never see the
3332 +- * intermediate state on disk.
3333 +- */
3334 +- if (wip) {
3335 +- ASSERT(VFS_I(wip)->i_nlink == 0);
3336 +- error = xfs_bumplink(tp, wip);
3337 +- if (error)
3338 +- goto out_trans_cancel;
3339 +- error = xfs_iunlink_remove(tp, wip);
3340 +- if (error)
3341 +- goto out_trans_cancel;
3342 +- xfs_trans_log_inode(tp, wip, XFS_ILOG_CORE);
3343 +-
3344 +- /*
3345 +- * Now we have a real link, clear the "I'm a tmpfile" state
3346 +- * flag from the inode so it doesn't accidentally get misused in
3347 +- * future.
3348 +- */
3349 +- VFS_I(wip)->i_state &= ~I_LINKABLE;
3350 +- }
3351 +-
3352 + xfs_trans_ichgtime(tp, src_dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3353 + xfs_trans_log_inode(tp, src_dp, XFS_ILOG_CORE);
3354 + if (new_parent)
3355 +diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
3356 +index 6e67aeb56928..745b2d0dcf78 100644
3357 +--- a/include/linux/blkdev.h
3358 ++++ b/include/linux/blkdev.h
3359 +@@ -624,7 +624,7 @@ struct request_queue {
3360 + unsigned int sg_reserved_size;
3361 + int node;
3362 + #ifdef CONFIG_BLK_DEV_IO_TRACE
3363 +- struct blk_trace *blk_trace;
3364 ++ struct blk_trace __rcu *blk_trace;
3365 + struct mutex blk_trace_mutex;
3366 + #endif
3367 + /*
3368 +diff --git a/include/linux/blktrace_api.h b/include/linux/blktrace_api.h
3369 +index 7bb2d8de9f30..3b6ff5902edc 100644
3370 +--- a/include/linux/blktrace_api.h
3371 ++++ b/include/linux/blktrace_api.h
3372 +@@ -51,9 +51,13 @@ void __trace_note_message(struct blk_trace *, struct blkcg *blkcg, const char *f
3373 + **/
3374 + #define blk_add_cgroup_trace_msg(q, cg, fmt, ...) \
3375 + do { \
3376 +- struct blk_trace *bt = (q)->blk_trace; \
3377 ++ struct blk_trace *bt; \
3378 ++ \
3379 ++ rcu_read_lock(); \
3380 ++ bt = rcu_dereference((q)->blk_trace); \
3381 + if (unlikely(bt)) \
3382 + __trace_note_message(bt, cg, fmt, ##__VA_ARGS__);\
3383 ++ rcu_read_unlock(); \
3384 + } while (0)
3385 + #define blk_add_trace_msg(q, fmt, ...) \
3386 + blk_add_cgroup_trace_msg(q, NULL, fmt, ##__VA_ARGS__)
3387 +@@ -61,10 +65,14 @@ void __trace_note_message(struct blk_trace *, struct blkcg *blkcg, const char *f
3388 +
3389 + static inline bool blk_trace_note_message_enabled(struct request_queue *q)
3390 + {
3391 +- struct blk_trace *bt = q->blk_trace;
3392 +- if (likely(!bt))
3393 +- return false;
3394 +- return bt->act_mask & BLK_TC_NOTIFY;
3395 ++ struct blk_trace *bt;
3396 ++ bool ret;
3397 ++
3398 ++ rcu_read_lock();
3399 ++ bt = rcu_dereference(q->blk_trace);
3400 ++ ret = bt && (bt->act_mask & BLK_TC_NOTIFY);
3401 ++ rcu_read_unlock();
3402 ++ return ret;
3403 + }
3404 +
3405 + extern void blk_add_driver_data(struct request_queue *q, struct request *rq,
3406 +diff --git a/include/linux/iio/iio.h b/include/linux/iio/iio.h
3407 +index a74cb177dc6f..136ce51548a8 100644
3408 +--- a/include/linux/iio/iio.h
3409 ++++ b/include/linux/iio/iio.h
3410 +@@ -599,7 +599,7 @@ void iio_device_unregister(struct iio_dev *indio_dev);
3411 + * 0 on success, negative error number on failure.
3412 + */
3413 + #define devm_iio_device_register(dev, indio_dev) \
3414 +- __devm_iio_device_register((dev), (indio_dev), THIS_MODULE);
3415 ++ __devm_iio_device_register((dev), (indio_dev), THIS_MODULE)
3416 + int __devm_iio_device_register(struct device *dev, struct iio_dev *indio_dev,
3417 + struct module *this_mod);
3418 + void devm_iio_device_unregister(struct device *dev, struct iio_dev *indio_dev);
3419 +diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
3420 +index 0f99ecc01bc7..92c6f80e6327 100644
3421 +--- a/include/linux/kvm_host.h
3422 ++++ b/include/linux/kvm_host.h
3423 +@@ -206,6 +206,32 @@ enum {
3424 + READING_SHADOW_PAGE_TABLES,
3425 + };
3426 +
3427 ++#define KVM_UNMAPPED_PAGE ((void *) 0x500 + POISON_POINTER_DELTA)
3428 ++
3429 ++struct kvm_host_map {
3430 ++ /*
3431 ++ * Only valid if the 'pfn' is managed by the host kernel (i.e. There is
3432 ++ * a 'struct page' for it. When using mem= kernel parameter some memory
3433 ++ * can be used as guest memory but they are not managed by host
3434 ++ * kernel).
3435 ++ * If 'pfn' is not managed by the host kernel, this field is
3436 ++ * initialized to KVM_UNMAPPED_PAGE.
3437 ++ */
3438 ++ struct page *page;
3439 ++ void *hva;
3440 ++ kvm_pfn_t pfn;
3441 ++ kvm_pfn_t gfn;
3442 ++};
3443 ++
3444 ++/*
3445 ++ * Used to check if the mapping is valid or not. Never use 'kvm_host_map'
3446 ++ * directly to check for that.
3447 ++ */
3448 ++static inline bool kvm_vcpu_mapped(struct kvm_host_map *map)
3449 ++{
3450 ++ return !!map->hva;
3451 ++}
3452 ++
3453 + /*
3454 + * Sometimes a large or cross-page mmio needs to be broken up into separate
3455 + * exits for userspace servicing.
3456 +@@ -682,6 +708,7 @@ void kvm_set_pfn_dirty(kvm_pfn_t pfn);
3457 + void kvm_set_pfn_accessed(kvm_pfn_t pfn);
3458 + void kvm_get_pfn(kvm_pfn_t pfn);
3459 +
3460 ++void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache);
3461 + int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
3462 + int len);
3463 + int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
3464 +@@ -711,7 +738,13 @@ struct kvm_memslots *kvm_vcpu_memslots(struct kvm_vcpu *vcpu);
3465 + struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn);
3466 + kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn);
3467 + kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn);
3468 ++int kvm_vcpu_map(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map);
3469 ++int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map,
3470 ++ struct gfn_to_pfn_cache *cache, bool atomic);
3471 + struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn);
3472 ++void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty);
3473 ++int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
3474 ++ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic);
3475 + unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn);
3476 + unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable);
3477 + int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, int offset,
3478 +@@ -966,7 +999,7 @@ search_memslots(struct kvm_memslots *slots, gfn_t gfn)
3479 + start = slot + 1;
3480 + }
3481 +
3482 +- if (gfn >= memslots[start].base_gfn &&
3483 ++ if (start < slots->used_slots && gfn >= memslots[start].base_gfn &&
3484 + gfn < memslots[start].base_gfn + memslots[start].npages) {
3485 + atomic_set(&slots->lru_slot, start);
3486 + return &memslots[start];
3487 +diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h
3488 +index 8bf259dae9f6..a38729c8296f 100644
3489 +--- a/include/linux/kvm_types.h
3490 ++++ b/include/linux/kvm_types.h
3491 +@@ -32,7 +32,7 @@ struct kvm_memslots;
3492 +
3493 + enum kvm_mr_change;
3494 +
3495 +-#include <asm/types.h>
3496 ++#include <linux/types.h>
3497 +
3498 + /*
3499 + * Address types:
3500 +@@ -63,4 +63,11 @@ struct gfn_to_hva_cache {
3501 + struct kvm_memory_slot *memslot;
3502 + };
3503 +
3504 ++struct gfn_to_pfn_cache {
3505 ++ u64 generation;
3506 ++ gfn_t gfn;
3507 ++ kvm_pfn_t pfn;
3508 ++ bool dirty;
3509 ++};
3510 ++
3511 + #endif /* __KVM_TYPES_H__ */
3512 +diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
3513 +index 6ae8dd1d784f..206957b1b54d 100644
3514 +--- a/include/linux/vmalloc.h
3515 ++++ b/include/linux/vmalloc.h
3516 +@@ -103,7 +103,7 @@ extern void vunmap(const void *addr);
3517 +
3518 + extern int remap_vmalloc_range_partial(struct vm_area_struct *vma,
3519 + unsigned long uaddr, void *kaddr,
3520 +- unsigned long size);
3521 ++ unsigned long pgoff, unsigned long size);
3522 +
3523 + extern int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
3524 + unsigned long pgoff);
3525 +diff --git a/include/net/addrconf.h b/include/net/addrconf.h
3526 +index 6def0351bcc3..c8d5bb8b3616 100644
3527 +--- a/include/net/addrconf.h
3528 ++++ b/include/net/addrconf.h
3529 +@@ -235,8 +235,10 @@ struct ipv6_stub {
3530 + const struct in6_addr *addr);
3531 + int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex,
3532 + const struct in6_addr *addr);
3533 +- int (*ipv6_dst_lookup)(struct net *net, struct sock *sk,
3534 +- struct dst_entry **dst, struct flowi6 *fl6);
3535 ++ struct dst_entry *(*ipv6_dst_lookup_flow)(struct net *net,
3536 ++ const struct sock *sk,
3537 ++ struct flowi6 *fl6,
3538 ++ const struct in6_addr *final_dst);
3539 +
3540 + struct fib6_table *(*fib6_get_table)(struct net *net, u32 id);
3541 + struct fib6_info *(*fib6_lookup)(struct net *net, int oif,
3542 +diff --git a/include/net/ipv6.h b/include/net/ipv6.h
3543 +index ff33f498c137..4c2e40882e88 100644
3544 +--- a/include/net/ipv6.h
3545 ++++ b/include/net/ipv6.h
3546 +@@ -959,7 +959,7 @@ static inline struct sk_buff *ip6_finish_skb(struct sock *sk)
3547 +
3548 + int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
3549 + struct flowi6 *fl6);
3550 +-struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
3551 ++struct dst_entry *ip6_dst_lookup_flow(struct net *net, const struct sock *sk, struct flowi6 *fl6,
3552 + const struct in6_addr *final_dst);
3553 + struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
3554 + const struct in6_addr *final_dst,
3555 +diff --git a/include/net/tcp.h b/include/net/tcp.h
3556 +index 918bfd0d7d1f..e43df898d3db 100644
3557 +--- a/include/net/tcp.h
3558 ++++ b/include/net/tcp.h
3559 +@@ -53,7 +53,7 @@ extern struct inet_hashinfo tcp_hashinfo;
3560 + extern struct percpu_counter tcp_orphan_count;
3561 + void tcp_time_wait(struct sock *sk, int state, int timeo);
3562 +
3563 +-#define MAX_TCP_HEADER (128 + MAX_HEADER)
3564 ++#define MAX_TCP_HEADER L1_CACHE_ALIGN(128 + MAX_HEADER)
3565 + #define MAX_TCP_OPTION_SPACE 40
3566 + #define TCP_MIN_SND_MSS 48
3567 + #define TCP_MIN_GSO_SIZE (TCP_MIN_SND_MSS - MAX_TCP_OPTION_SPACE)
3568 +diff --git a/ipc/util.c b/ipc/util.c
3569 +index 0af05752969f..b111e792b312 100644
3570 +--- a/ipc/util.c
3571 ++++ b/ipc/util.c
3572 +@@ -735,13 +735,13 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos,
3573 + total++;
3574 + }
3575 +
3576 ++ *new_pos = pos + 1;
3577 + if (total >= ids->in_use)
3578 + return NULL;
3579 +
3580 + for (; pos < IPCMNI; pos++) {
3581 + ipc = idr_find(&ids->ipcs_idr, pos);
3582 + if (ipc != NULL) {
3583 +- *new_pos = pos + 1;
3584 + rcu_read_lock();
3585 + ipc_lock_object(ipc);
3586 + return ipc;
3587 +diff --git a/kernel/audit.c b/kernel/audit.c
3588 +index 1f08c38e604a..7afec5f43c63 100644
3589 +--- a/kernel/audit.c
3590 ++++ b/kernel/audit.c
3591 +@@ -1331,6 +1331,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
3592 + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
3593 + if (!audit_enabled && msg_type != AUDIT_USER_AVC)
3594 + return 0;
3595 ++ /* exit early if there isn't at least one character to print */
3596 ++ if (data_len < 2)
3597 ++ return -EINVAL;
3598 +
3599 + err = audit_filter(msg_type, AUDIT_FILTER_USER);
3600 + if (err == 1) { /* match or error */
3601 +diff --git a/kernel/events/core.c b/kernel/events/core.c
3602 +index 8c70ee23fbe9..00fb2fe92c4d 100644
3603 +--- a/kernel/events/core.c
3604 ++++ b/kernel/events/core.c
3605 +@@ -6411,9 +6411,12 @@ static u64 perf_virt_to_phys(u64 virt)
3606 + * Try IRQ-safe __get_user_pages_fast first.
3607 + * If failed, leave phys_addr as 0.
3608 + */
3609 +- if ((current->mm != NULL) &&
3610 +- (__get_user_pages_fast(virt, 1, 0, &p) == 1))
3611 +- phys_addr = page_to_phys(p) + virt % PAGE_SIZE;
3612 ++ if (current->mm != NULL) {
3613 ++ pagefault_disable();
3614 ++ if (__get_user_pages_fast(virt, 1, 0, &p) == 1)
3615 ++ phys_addr = page_to_phys(p) + virt % PAGE_SIZE;
3616 ++ pagefault_enable();
3617 ++ }
3618 +
3619 + if (p)
3620 + put_page(p);
3621 +diff --git a/kernel/gcov/fs.c b/kernel/gcov/fs.c
3622 +index 6e40ff6be083..291e0797125b 100644
3623 +--- a/kernel/gcov/fs.c
3624 ++++ b/kernel/gcov/fs.c
3625 +@@ -109,9 +109,9 @@ static void *gcov_seq_next(struct seq_file *seq, void *data, loff_t *pos)
3626 + {
3627 + struct gcov_iterator *iter = data;
3628 +
3629 ++ (*pos)++;
3630 + if (gcov_iter_next(iter))
3631 + return NULL;
3632 +- (*pos)++;
3633 +
3634 + return iter;
3635 + }
3636 +diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
3637 +index 2868d85f1fb1..6cea8bbca03c 100644
3638 +--- a/kernel/trace/blktrace.c
3639 ++++ b/kernel/trace/blktrace.c
3640 +@@ -336,6 +336,7 @@ static void put_probe_ref(void)
3641 +
3642 + static void blk_trace_cleanup(struct blk_trace *bt)
3643 + {
3644 ++ synchronize_rcu();
3645 + blk_trace_free(bt);
3646 + put_probe_ref();
3647 + }
3648 +@@ -636,8 +637,10 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name,
3649 + static int __blk_trace_startstop(struct request_queue *q, int start)
3650 + {
3651 + int ret;
3652 +- struct blk_trace *bt = q->blk_trace;
3653 ++ struct blk_trace *bt;
3654 +
3655 ++ bt = rcu_dereference_protected(q->blk_trace,
3656 ++ lockdep_is_held(&q->blk_trace_mutex));
3657 + if (bt == NULL)
3658 + return -EINVAL;
3659 +
3660 +@@ -746,8 +749,8 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg)
3661 + void blk_trace_shutdown(struct request_queue *q)
3662 + {
3663 + mutex_lock(&q->blk_trace_mutex);
3664 +-
3665 +- if (q->blk_trace) {
3666 ++ if (rcu_dereference_protected(q->blk_trace,
3667 ++ lockdep_is_held(&q->blk_trace_mutex))) {
3668 + __blk_trace_startstop(q, 0);
3669 + __blk_trace_remove(q);
3670 + }
3671 +@@ -759,8 +762,10 @@ void blk_trace_shutdown(struct request_queue *q)
3672 + static union kernfs_node_id *
3673 + blk_trace_bio_get_cgid(struct request_queue *q, struct bio *bio)
3674 + {
3675 +- struct blk_trace *bt = q->blk_trace;
3676 ++ struct blk_trace *bt;
3677 +
3678 ++ /* We don't use the 'bt' value here except as an optimization... */
3679 ++ bt = rcu_dereference_protected(q->blk_trace, 1);
3680 + if (!bt || !(blk_tracer_flags.val & TRACE_BLK_OPT_CGROUP))
3681 + return NULL;
3682 +
3683 +@@ -805,10 +810,14 @@ static void blk_add_trace_rq(struct request *rq, int error,
3684 + unsigned int nr_bytes, u32 what,
3685 + union kernfs_node_id *cgid)
3686 + {
3687 +- struct blk_trace *bt = rq->q->blk_trace;
3688 ++ struct blk_trace *bt;
3689 +
3690 +- if (likely(!bt))
3691 ++ rcu_read_lock();
3692 ++ bt = rcu_dereference(rq->q->blk_trace);
3693 ++ if (likely(!bt)) {
3694 ++ rcu_read_unlock();
3695 + return;
3696 ++ }
3697 +
3698 + if (blk_rq_is_passthrough(rq))
3699 + what |= BLK_TC_ACT(BLK_TC_PC);
3700 +@@ -817,6 +826,7 @@ static void blk_add_trace_rq(struct request *rq, int error,
3701 +
3702 + __blk_add_trace(bt, blk_rq_trace_sector(rq), nr_bytes, req_op(rq),
3703 + rq->cmd_flags, what, error, 0, NULL, cgid);
3704 ++ rcu_read_unlock();
3705 + }
3706 +
3707 + static void blk_add_trace_rq_insert(void *ignore,
3708 +@@ -862,14 +872,19 @@ static void blk_add_trace_rq_complete(void *ignore, struct request *rq,
3709 + static void blk_add_trace_bio(struct request_queue *q, struct bio *bio,
3710 + u32 what, int error)
3711 + {
3712 +- struct blk_trace *bt = q->blk_trace;
3713 ++ struct blk_trace *bt;
3714 +
3715 +- if (likely(!bt))
3716 ++ rcu_read_lock();
3717 ++ bt = rcu_dereference(q->blk_trace);
3718 ++ if (likely(!bt)) {
3719 ++ rcu_read_unlock();
3720 + return;
3721 ++ }
3722 +
3723 + __blk_add_trace(bt, bio->bi_iter.bi_sector, bio->bi_iter.bi_size,
3724 + bio_op(bio), bio->bi_opf, what, error, 0, NULL,
3725 + blk_trace_bio_get_cgid(q, bio));
3726 ++ rcu_read_unlock();
3727 + }
3728 +
3729 + static void blk_add_trace_bio_bounce(void *ignore,
3730 +@@ -914,11 +929,14 @@ static void blk_add_trace_getrq(void *ignore,
3731 + if (bio)
3732 + blk_add_trace_bio(q, bio, BLK_TA_GETRQ, 0);
3733 + else {
3734 +- struct blk_trace *bt = q->blk_trace;
3735 ++ struct blk_trace *bt;
3736 +
3737 ++ rcu_read_lock();
3738 ++ bt = rcu_dereference(q->blk_trace);
3739 + if (bt)
3740 + __blk_add_trace(bt, 0, 0, rw, 0, BLK_TA_GETRQ, 0, 0,
3741 + NULL, NULL);
3742 ++ rcu_read_unlock();
3743 + }
3744 + }
3745 +
3746 +@@ -930,27 +948,35 @@ static void blk_add_trace_sleeprq(void *ignore,
3747 + if (bio)
3748 + blk_add_trace_bio(q, bio, BLK_TA_SLEEPRQ, 0);
3749 + else {
3750 +- struct blk_trace *bt = q->blk_trace;
3751 ++ struct blk_trace *bt;
3752 +
3753 ++ rcu_read_lock();
3754 ++ bt = rcu_dereference(q->blk_trace);
3755 + if (bt)
3756 + __blk_add_trace(bt, 0, 0, rw, 0, BLK_TA_SLEEPRQ,
3757 + 0, 0, NULL, NULL);
3758 ++ rcu_read_unlock();
3759 + }
3760 + }
3761 +
3762 + static void blk_add_trace_plug(void *ignore, struct request_queue *q)
3763 + {
3764 +- struct blk_trace *bt = q->blk_trace;
3765 ++ struct blk_trace *bt;
3766 +
3767 ++ rcu_read_lock();
3768 ++ bt = rcu_dereference(q->blk_trace);
3769 + if (bt)
3770 + __blk_add_trace(bt, 0, 0, 0, 0, BLK_TA_PLUG, 0, 0, NULL, NULL);
3771 ++ rcu_read_unlock();
3772 + }
3773 +
3774 + static void blk_add_trace_unplug(void *ignore, struct request_queue *q,
3775 + unsigned int depth, bool explicit)
3776 + {
3777 +- struct blk_trace *bt = q->blk_trace;
3778 ++ struct blk_trace *bt;
3779 +
3780 ++ rcu_read_lock();
3781 ++ bt = rcu_dereference(q->blk_trace);
3782 + if (bt) {
3783 + __be64 rpdu = cpu_to_be64(depth);
3784 + u32 what;
3785 +@@ -962,14 +988,17 @@ static void blk_add_trace_unplug(void *ignore, struct request_queue *q,
3786 +
3787 + __blk_add_trace(bt, 0, 0, 0, 0, what, 0, sizeof(rpdu), &rpdu, NULL);
3788 + }
3789 ++ rcu_read_unlock();
3790 + }
3791 +
3792 + static void blk_add_trace_split(void *ignore,
3793 + struct request_queue *q, struct bio *bio,
3794 + unsigned int pdu)
3795 + {
3796 +- struct blk_trace *bt = q->blk_trace;
3797 ++ struct blk_trace *bt;
3798 +
3799 ++ rcu_read_lock();
3800 ++ bt = rcu_dereference(q->blk_trace);
3801 + if (bt) {
3802 + __be64 rpdu = cpu_to_be64(pdu);
3803 +
3804 +@@ -978,6 +1007,7 @@ static void blk_add_trace_split(void *ignore,
3805 + BLK_TA_SPLIT, bio->bi_status, sizeof(rpdu),
3806 + &rpdu, blk_trace_bio_get_cgid(q, bio));
3807 + }
3808 ++ rcu_read_unlock();
3809 + }
3810 +
3811 + /**
3812 +@@ -997,11 +1027,15 @@ static void blk_add_trace_bio_remap(void *ignore,
3813 + struct request_queue *q, struct bio *bio,
3814 + dev_t dev, sector_t from)
3815 + {
3816 +- struct blk_trace *bt = q->blk_trace;
3817 ++ struct blk_trace *bt;
3818 + struct blk_io_trace_remap r;
3819 +
3820 +- if (likely(!bt))
3821 ++ rcu_read_lock();
3822 ++ bt = rcu_dereference(q->blk_trace);
3823 ++ if (likely(!bt)) {
3824 ++ rcu_read_unlock();
3825 + return;
3826 ++ }
3827 +
3828 + r.device_from = cpu_to_be32(dev);
3829 + r.device_to = cpu_to_be32(bio_dev(bio));
3830 +@@ -1010,6 +1044,7 @@ static void blk_add_trace_bio_remap(void *ignore,
3831 + __blk_add_trace(bt, bio->bi_iter.bi_sector, bio->bi_iter.bi_size,
3832 + bio_op(bio), bio->bi_opf, BLK_TA_REMAP, bio->bi_status,
3833 + sizeof(r), &r, blk_trace_bio_get_cgid(q, bio));
3834 ++ rcu_read_unlock();
3835 + }
3836 +
3837 + /**
3838 +@@ -1030,11 +1065,15 @@ static void blk_add_trace_rq_remap(void *ignore,
3839 + struct request *rq, dev_t dev,
3840 + sector_t from)
3841 + {
3842 +- struct blk_trace *bt = q->blk_trace;
3843 ++ struct blk_trace *bt;
3844 + struct blk_io_trace_remap r;
3845 +
3846 +- if (likely(!bt))
3847 ++ rcu_read_lock();
3848 ++ bt = rcu_dereference(q->blk_trace);
3849 ++ if (likely(!bt)) {
3850 ++ rcu_read_unlock();
3851 + return;
3852 ++ }
3853 +
3854 + r.device_from = cpu_to_be32(dev);
3855 + r.device_to = cpu_to_be32(disk_devt(rq->rq_disk));
3856 +@@ -1043,6 +1082,7 @@ static void blk_add_trace_rq_remap(void *ignore,
3857 + __blk_add_trace(bt, blk_rq_pos(rq), blk_rq_bytes(rq),
3858 + rq_data_dir(rq), 0, BLK_TA_REMAP, 0,
3859 + sizeof(r), &r, blk_trace_request_get_cgid(q, rq));
3860 ++ rcu_read_unlock();
3861 + }
3862 +
3863 + /**
3864 +@@ -1060,14 +1100,19 @@ void blk_add_driver_data(struct request_queue *q,
3865 + struct request *rq,
3866 + void *data, size_t len)
3867 + {
3868 +- struct blk_trace *bt = q->blk_trace;
3869 ++ struct blk_trace *bt;
3870 +
3871 +- if (likely(!bt))
3872 ++ rcu_read_lock();
3873 ++ bt = rcu_dereference(q->blk_trace);
3874 ++ if (likely(!bt)) {
3875 ++ rcu_read_unlock();
3876 + return;
3877 ++ }
3878 +
3879 + __blk_add_trace(bt, blk_rq_trace_sector(rq), blk_rq_bytes(rq), 0, 0,
3880 + BLK_TA_DRV_DATA, 0, len, data,
3881 + blk_trace_request_get_cgid(q, rq));
3882 ++ rcu_read_unlock();
3883 + }
3884 + EXPORT_SYMBOL_GPL(blk_add_driver_data);
3885 +
3886 +@@ -1594,6 +1639,7 @@ static int blk_trace_remove_queue(struct request_queue *q)
3887 + return -EINVAL;
3888 +
3889 + put_probe_ref();
3890 ++ synchronize_rcu();
3891 + blk_trace_free(bt);
3892 + return 0;
3893 + }
3894 +@@ -1755,6 +1801,7 @@ static ssize_t sysfs_blk_trace_attr_show(struct device *dev,
3895 + struct hd_struct *p = dev_to_part(dev);
3896 + struct request_queue *q;
3897 + struct block_device *bdev;
3898 ++ struct blk_trace *bt;
3899 + ssize_t ret = -ENXIO;
3900 +
3901 + bdev = bdget(part_devt(p));
3902 +@@ -1767,21 +1814,23 @@ static ssize_t sysfs_blk_trace_attr_show(struct device *dev,
3903 +
3904 + mutex_lock(&q->blk_trace_mutex);
3905 +
3906 ++ bt = rcu_dereference_protected(q->blk_trace,
3907 ++ lockdep_is_held(&q->blk_trace_mutex));
3908 + if (attr == &dev_attr_enable) {
3909 +- ret = sprintf(buf, "%u\n", !!q->blk_trace);
3910 ++ ret = sprintf(buf, "%u\n", !!bt);
3911 + goto out_unlock_bdev;
3912 + }
3913 +
3914 +- if (q->blk_trace == NULL)
3915 ++ if (bt == NULL)
3916 + ret = sprintf(buf, "disabled\n");
3917 + else if (attr == &dev_attr_act_mask)
3918 +- ret = blk_trace_mask2str(buf, q->blk_trace->act_mask);
3919 ++ ret = blk_trace_mask2str(buf, bt->act_mask);
3920 + else if (attr == &dev_attr_pid)
3921 +- ret = sprintf(buf, "%u\n", q->blk_trace->pid);
3922 ++ ret = sprintf(buf, "%u\n", bt->pid);
3923 + else if (attr == &dev_attr_start_lba)
3924 +- ret = sprintf(buf, "%llu\n", q->blk_trace->start_lba);
3925 ++ ret = sprintf(buf, "%llu\n", bt->start_lba);
3926 + else if (attr == &dev_attr_end_lba)
3927 +- ret = sprintf(buf, "%llu\n", q->blk_trace->end_lba);
3928 ++ ret = sprintf(buf, "%llu\n", bt->end_lba);
3929 +
3930 + out_unlock_bdev:
3931 + mutex_unlock(&q->blk_trace_mutex);
3932 +@@ -1798,6 +1847,7 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev,
3933 + struct block_device *bdev;
3934 + struct request_queue *q;
3935 + struct hd_struct *p;
3936 ++ struct blk_trace *bt;
3937 + u64 value;
3938 + ssize_t ret = -EINVAL;
3939 +
3940 +@@ -1828,8 +1878,10 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev,
3941 +
3942 + mutex_lock(&q->blk_trace_mutex);
3943 +
3944 ++ bt = rcu_dereference_protected(q->blk_trace,
3945 ++ lockdep_is_held(&q->blk_trace_mutex));
3946 + if (attr == &dev_attr_enable) {
3947 +- if (!!value == !!q->blk_trace) {
3948 ++ if (!!value == !!bt) {
3949 + ret = 0;
3950 + goto out_unlock_bdev;
3951 + }
3952 +@@ -1841,18 +1893,21 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev,
3953 + }
3954 +
3955 + ret = 0;
3956 +- if (q->blk_trace == NULL)
3957 ++ if (bt == NULL) {
3958 + ret = blk_trace_setup_queue(q, bdev);
3959 ++ bt = rcu_dereference_protected(q->blk_trace,
3960 ++ lockdep_is_held(&q->blk_trace_mutex));
3961 ++ }
3962 +
3963 + if (ret == 0) {
3964 + if (attr == &dev_attr_act_mask)
3965 +- q->blk_trace->act_mask = value;
3966 ++ bt->act_mask = value;
3967 + else if (attr == &dev_attr_pid)
3968 +- q->blk_trace->pid = value;
3969 ++ bt->pid = value;
3970 + else if (attr == &dev_attr_start_lba)
3971 +- q->blk_trace->start_lba = value;
3972 ++ bt->start_lba = value;
3973 + else if (attr == &dev_attr_end_lba)
3974 +- q->blk_trace->end_lba = value;
3975 ++ bt->end_lba = value;
3976 + }
3977 +
3978 + out_unlock_bdev:
3979 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
3980 +index 6f4ce9547658..e068c7f75a84 100644
3981 +--- a/mm/hugetlb.c
3982 ++++ b/mm/hugetlb.c
3983 +@@ -4820,8 +4820,8 @@ pte_t *huge_pte_offset(struct mm_struct *mm,
3984 + {
3985 + pgd_t *pgd;
3986 + p4d_t *p4d;
3987 +- pud_t *pud;
3988 +- pmd_t *pmd;
3989 ++ pud_t *pud, pud_entry;
3990 ++ pmd_t *pmd, pmd_entry;
3991 +
3992 + pgd = pgd_offset(mm, addr);
3993 + if (!pgd_present(*pgd))
3994 +@@ -4831,17 +4831,19 @@ pte_t *huge_pte_offset(struct mm_struct *mm,
3995 + return NULL;
3996 +
3997 + pud = pud_offset(p4d, addr);
3998 +- if (sz != PUD_SIZE && pud_none(*pud))
3999 ++ pud_entry = READ_ONCE(*pud);
4000 ++ if (sz != PUD_SIZE && pud_none(pud_entry))
4001 + return NULL;
4002 + /* hugepage or swap? */
4003 +- if (pud_huge(*pud) || !pud_present(*pud))
4004 ++ if (pud_huge(pud_entry) || !pud_present(pud_entry))
4005 + return (pte_t *)pud;
4006 +
4007 + pmd = pmd_offset(pud, addr);
4008 +- if (sz != PMD_SIZE && pmd_none(*pmd))
4009 ++ pmd_entry = READ_ONCE(*pmd);
4010 ++ if (sz != PMD_SIZE && pmd_none(pmd_entry))
4011 + return NULL;
4012 + /* hugepage or swap? */
4013 +- if (pmd_huge(*pmd) || !pmd_present(*pmd))
4014 ++ if (pmd_huge(pmd_entry) || !pmd_present(pmd_entry))
4015 + return (pte_t *)pmd;
4016 +
4017 + return NULL;
4018 +diff --git a/mm/ksm.c b/mm/ksm.c
4019 +index b3ea0f0316eb..d021bcf94c41 100644
4020 +--- a/mm/ksm.c
4021 ++++ b/mm/ksm.c
4022 +@@ -2106,8 +2106,16 @@ static void cmp_and_merge_page(struct page *page, struct rmap_item *rmap_item)
4023 +
4024 + down_read(&mm->mmap_sem);
4025 + vma = find_mergeable_vma(mm, rmap_item->address);
4026 +- err = try_to_merge_one_page(vma, page,
4027 +- ZERO_PAGE(rmap_item->address));
4028 ++ if (vma) {
4029 ++ err = try_to_merge_one_page(vma, page,
4030 ++ ZERO_PAGE(rmap_item->address));
4031 ++ } else {
4032 ++ /*
4033 ++ * If the vma is out of date, we do not need to
4034 ++ * continue.
4035 ++ */
4036 ++ err = 0;
4037 ++ }
4038 + up_read(&mm->mmap_sem);
4039 + /*
4040 + * In case of failure, the page was not really empty, so we
4041 +diff --git a/mm/vmalloc.c b/mm/vmalloc.c
4042 +index be65161f9753..11d0f0b6ec79 100644
4043 +--- a/mm/vmalloc.c
4044 ++++ b/mm/vmalloc.c
4045 +@@ -31,6 +31,7 @@
4046 + #include <linux/compiler.h>
4047 + #include <linux/llist.h>
4048 + #include <linux/bitops.h>
4049 ++#include <linux/overflow.h>
4050 +
4051 + #include <linux/uaccess.h>
4052 + #include <asm/tlbflush.h>
4053 +@@ -2228,6 +2229,7 @@ finished:
4054 + * @vma: vma to cover
4055 + * @uaddr: target user address to start at
4056 + * @kaddr: virtual address of vmalloc kernel memory
4057 ++ * @pgoff: offset from @kaddr to start at
4058 + * @size: size of map area
4059 + *
4060 + * Returns: 0 for success, -Exxx on failure
4061 +@@ -2240,9 +2242,15 @@ finished:
4062 + * Similar to remap_pfn_range() (see mm/memory.c)
4063 + */
4064 + int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
4065 +- void *kaddr, unsigned long size)
4066 ++ void *kaddr, unsigned long pgoff,
4067 ++ unsigned long size)
4068 + {
4069 + struct vm_struct *area;
4070 ++ unsigned long off;
4071 ++ unsigned long end_index;
4072 ++
4073 ++ if (check_shl_overflow(pgoff, PAGE_SHIFT, &off))
4074 ++ return -EINVAL;
4075 +
4076 + size = PAGE_ALIGN(size);
4077 +
4078 +@@ -2256,8 +2264,10 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
4079 + if (!(area->flags & VM_USERMAP))
4080 + return -EINVAL;
4081 +
4082 +- if (kaddr + size > area->addr + get_vm_area_size(area))
4083 ++ if (check_add_overflow(size, off, &end_index) ||
4084 ++ end_index > get_vm_area_size(area))
4085 + return -EINVAL;
4086 ++ kaddr += off;
4087 +
4088 + do {
4089 + struct page *page = vmalloc_to_page(kaddr);
4090 +@@ -2296,7 +2306,7 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
4091 + unsigned long pgoff)
4092 + {
4093 + return remap_vmalloc_range_partial(vma, vma->vm_start,
4094 +- addr + (pgoff << PAGE_SHIFT),
4095 ++ addr, pgoff,
4096 + vma->vm_end - vma->vm_start);
4097 + }
4098 + EXPORT_SYMBOL(remap_vmalloc_range);
4099 +diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
4100 +index 58a401e9cf09..b438bed6749d 100644
4101 +--- a/net/dccp/ipv6.c
4102 ++++ b/net/dccp/ipv6.c
4103 +@@ -211,7 +211,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req
4104 + final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final);
4105 + rcu_read_unlock();
4106 +
4107 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4108 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4109 + if (IS_ERR(dst)) {
4110 + err = PTR_ERR(dst);
4111 + dst = NULL;
4112 +@@ -282,7 +282,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
4113 + security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
4114 +
4115 + /* sk = NULL, but it is safe for now. RST socket required. */
4116 +- dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
4117 ++ dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
4118 + if (!IS_ERR(dst)) {
4119 + skb_dst_set(skb, dst);
4120 + ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0);
4121 +@@ -912,7 +912,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
4122 + opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
4123 + final_p = fl6_update_dst(&fl6, opt, &final);
4124 +
4125 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4126 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4127 + if (IS_ERR(dst)) {
4128 + err = PTR_ERR(dst);
4129 + goto failure;
4130 +diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
4131 +index ccb1d97dfa05..d4c4eabd02b6 100644
4132 +--- a/net/ipv4/ip_vti.c
4133 ++++ b/net/ipv4/ip_vti.c
4134 +@@ -677,10 +677,8 @@ static int __init vti_init(void)
4135 +
4136 + msg = "ipip tunnel";
4137 + err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
4138 +- if (err < 0) {
4139 +- pr_info("%s: cant't register tunnel\n",__func__);
4140 ++ if (err < 0)
4141 + goto xfrm_tunnel_failed;
4142 +- }
4143 +
4144 + msg = "netlink interface";
4145 + err = rtnl_link_register(&vti_link_ops);
4146 +diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
4147 +index be980c195fc5..510d2ec4c76a 100644
4148 +--- a/net/ipv4/xfrm4_output.c
4149 ++++ b/net/ipv4/xfrm4_output.c
4150 +@@ -77,9 +77,7 @@ int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb)
4151 + {
4152 + memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
4153 +
4154 +-#ifdef CONFIG_NETFILTER
4155 + IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;
4156 +-#endif
4157 +
4158 + return xfrm_output(sk, skb);
4159 + }
4160 +diff --git a/net/ipv6/addrconf_core.c b/net/ipv6/addrconf_core.c
4161 +index 5cd0029d930e..66a1a0eb2ed0 100644
4162 +--- a/net/ipv6/addrconf_core.c
4163 ++++ b/net/ipv6/addrconf_core.c
4164 +@@ -127,11 +127,12 @@ int inet6addr_validator_notifier_call_chain(unsigned long val, void *v)
4165 + }
4166 + EXPORT_SYMBOL(inet6addr_validator_notifier_call_chain);
4167 +
4168 +-static int eafnosupport_ipv6_dst_lookup(struct net *net, struct sock *u1,
4169 +- struct dst_entry **u2,
4170 +- struct flowi6 *u3)
4171 ++static struct dst_entry *eafnosupport_ipv6_dst_lookup_flow(struct net *net,
4172 ++ const struct sock *sk,
4173 ++ struct flowi6 *fl6,
4174 ++ const struct in6_addr *final_dst)
4175 + {
4176 +- return -EAFNOSUPPORT;
4177 ++ return ERR_PTR(-EAFNOSUPPORT);
4178 + }
4179 +
4180 + static struct fib6_table *eafnosupport_fib6_get_table(struct net *net, u32 id)
4181 +@@ -169,7 +170,7 @@ eafnosupport_ip6_mtu_from_fib6(struct fib6_info *f6i, struct in6_addr *daddr,
4182 + }
4183 +
4184 + const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) {
4185 +- .ipv6_dst_lookup = eafnosupport_ipv6_dst_lookup,
4186 ++ .ipv6_dst_lookup_flow = eafnosupport_ipv6_dst_lookup_flow,
4187 + .fib6_get_table = eafnosupport_fib6_get_table,
4188 + .fib6_table_lookup = eafnosupport_fib6_table_lookup,
4189 + .fib6_lookup = eafnosupport_fib6_lookup,
4190 +diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
4191 +index 79fcd9550fd2..5c2351deedc8 100644
4192 +--- a/net/ipv6/af_inet6.c
4193 ++++ b/net/ipv6/af_inet6.c
4194 +@@ -740,7 +740,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
4195 + &final);
4196 + rcu_read_unlock();
4197 +
4198 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4199 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4200 + if (IS_ERR(dst)) {
4201 + sk->sk_route_caps = 0;
4202 + sk->sk_err_soft = -PTR_ERR(dst);
4203 +@@ -904,7 +904,7 @@ static struct pernet_operations inet6_net_ops = {
4204 + static const struct ipv6_stub ipv6_stub_impl = {
4205 + .ipv6_sock_mc_join = ipv6_sock_mc_join,
4206 + .ipv6_sock_mc_drop = ipv6_sock_mc_drop,
4207 +- .ipv6_dst_lookup = ip6_dst_lookup,
4208 ++ .ipv6_dst_lookup_flow = ip6_dst_lookup_flow,
4209 + .fib6_get_table = fib6_get_table,
4210 + .fib6_table_lookup = fib6_table_lookup,
4211 + .fib6_lookup = fib6_lookup,
4212 +diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
4213 +index 971a0fdf1fbc..727f958dd869 100644
4214 +--- a/net/ipv6/datagram.c
4215 ++++ b/net/ipv6/datagram.c
4216 +@@ -89,7 +89,7 @@ int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr)
4217 + final_p = fl6_update_dst(&fl6, opt, &final);
4218 + rcu_read_unlock();
4219 +
4220 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4221 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4222 + if (IS_ERR(dst)) {
4223 + err = PTR_ERR(dst);
4224 + goto out;
4225 +diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
4226 +index 890adadcda16..92fe9e565da0 100644
4227 +--- a/net/ipv6/inet6_connection_sock.c
4228 ++++ b/net/ipv6/inet6_connection_sock.c
4229 +@@ -52,7 +52,7 @@ struct dst_entry *inet6_csk_route_req(const struct sock *sk,
4230 + fl6->flowi6_uid = sk->sk_uid;
4231 + security_req_classify_flow(req, flowi6_to_flowi(fl6));
4232 +
4233 +- dst = ip6_dst_lookup_flow(sk, fl6, final_p);
4234 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
4235 + if (IS_ERR(dst))
4236 + return NULL;
4237 +
4238 +@@ -107,7 +107,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
4239 +
4240 + dst = __inet6_csk_dst_check(sk, np->dst_cookie);
4241 + if (!dst) {
4242 +- dst = ip6_dst_lookup_flow(sk, fl6, final_p);
4243 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
4244 +
4245 + if (!IS_ERR(dst))
4246 + ip6_dst_store(sk, dst, NULL, NULL);
4247 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
4248 +index 9886a84c2511..22665e3638ac 100644
4249 +--- a/net/ipv6/ip6_output.c
4250 ++++ b/net/ipv6/ip6_output.c
4251 +@@ -1071,19 +1071,19 @@ EXPORT_SYMBOL_GPL(ip6_dst_lookup);
4252 + * It returns a valid dst pointer on success, or a pointer encoded
4253 + * error code.
4254 + */
4255 +-struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
4256 ++struct dst_entry *ip6_dst_lookup_flow(struct net *net, const struct sock *sk, struct flowi6 *fl6,
4257 + const struct in6_addr *final_dst)
4258 + {
4259 + struct dst_entry *dst = NULL;
4260 + int err;
4261 +
4262 +- err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
4263 ++ err = ip6_dst_lookup_tail(net, sk, &dst, fl6);
4264 + if (err)
4265 + return ERR_PTR(err);
4266 + if (final_dst)
4267 + fl6->daddr = *final_dst;
4268 +
4269 +- return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
4270 ++ return xfrm_lookup_route(net, dst, flowi6_to_flowi(fl6), sk, 0);
4271 + }
4272 + EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
4273 +
4274 +@@ -1115,7 +1115,7 @@ struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
4275 + if (dst)
4276 + return dst;
4277 +
4278 +- dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
4279 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_dst);
4280 + if (connected && !IS_ERR(dst))
4281 + ip6_sk_dst_store_flow(sk, dst_clone(dst), fl6);
4282 +
4283 +diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
4284 +index a20be08f0e0b..231c489128e4 100644
4285 +--- a/net/ipv6/ipv6_sockglue.c
4286 ++++ b/net/ipv6/ipv6_sockglue.c
4287 +@@ -185,15 +185,14 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
4288 + retv = -EBUSY;
4289 + break;
4290 + }
4291 +- } else if (sk->sk_protocol == IPPROTO_TCP) {
4292 +- if (sk->sk_prot != &tcpv6_prot) {
4293 +- retv = -EBUSY;
4294 +- break;
4295 +- }
4296 +- break;
4297 +- } else {
4298 ++ }
4299 ++ if (sk->sk_protocol == IPPROTO_TCP &&
4300 ++ sk->sk_prot != &tcpv6_prot) {
4301 ++ retv = -EBUSY;
4302 + break;
4303 + }
4304 ++ if (sk->sk_protocol != IPPROTO_TCP)
4305 ++ break;
4306 + if (sk->sk_state != TCP_ESTABLISHED) {
4307 + retv = -ENOTCONN;
4308 + break;
4309 +diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
4310 +index a41156a00dd4..8d19729f8516 100644
4311 +--- a/net/ipv6/raw.c
4312 ++++ b/net/ipv6/raw.c
4313 +@@ -928,7 +928,7 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
4314 +
4315 + fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
4316 +
4317 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4318 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4319 + if (IS_ERR(dst)) {
4320 + err = PTR_ERR(dst);
4321 + goto out;
4322 +diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
4323 +index e997141aed8c..a377be8a9fb4 100644
4324 +--- a/net/ipv6/syncookies.c
4325 ++++ b/net/ipv6/syncookies.c
4326 +@@ -240,7 +240,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
4327 + fl6.flowi6_uid = sk->sk_uid;
4328 + security_req_classify_flow(req, flowi6_to_flowi(&fl6));
4329 +
4330 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4331 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4332 + if (IS_ERR(dst))
4333 + goto out_free;
4334 + }
4335 +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
4336 +index 7b0c2498f461..2e76ebfdc907 100644
4337 +--- a/net/ipv6/tcp_ipv6.c
4338 ++++ b/net/ipv6/tcp_ipv6.c
4339 +@@ -268,7 +268,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
4340 +
4341 + security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
4342 +
4343 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4344 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4345 + if (IS_ERR(dst)) {
4346 + err = PTR_ERR(dst);
4347 + goto failure;
4348 +@@ -885,7 +885,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32
4349 + * Underlying function will use this to retrieve the network
4350 + * namespace
4351 + */
4352 +- dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
4353 ++ dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
4354 + if (!IS_ERR(dst)) {
4355 + skb_dst_set(buff, dst);
4356 + ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
4357 +diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
4358 +index 6a74080005cf..71d022704923 100644
4359 +--- a/net/ipv6/xfrm6_output.c
4360 ++++ b/net/ipv6/xfrm6_output.c
4361 +@@ -130,9 +130,7 @@ int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb)
4362 + {
4363 + memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
4364 +
4365 +-#ifdef CONFIG_NETFILTER
4366 + IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
4367 +-#endif
4368 +
4369 + return xfrm_output(sk, skb);
4370 + }
4371 +diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
4372 +index 37a69df17cab..2f28f9910b92 100644
4373 +--- a/net/l2tp/l2tp_ip6.c
4374 ++++ b/net/l2tp/l2tp_ip6.c
4375 +@@ -619,7 +619,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
4376 +
4377 + fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
4378 +
4379 +- dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
4380 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
4381 + if (IS_ERR(dst)) {
4382 + err = PTR_ERR(dst);
4383 + goto out;
4384 +diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
4385 +index d5a4db5b3fe7..7623d9aec636 100644
4386 +--- a/net/mpls/af_mpls.c
4387 ++++ b/net/mpls/af_mpls.c
4388 +@@ -618,16 +618,15 @@ static struct net_device *inet6_fib_lookup_dev(struct net *net,
4389 + struct net_device *dev;
4390 + struct dst_entry *dst;
4391 + struct flowi6 fl6;
4392 +- int err;
4393 +
4394 + if (!ipv6_stub)
4395 + return ERR_PTR(-EAFNOSUPPORT);
4396 +
4397 + memset(&fl6, 0, sizeof(fl6));
4398 + memcpy(&fl6.daddr, addr, sizeof(struct in6_addr));
4399 +- err = ipv6_stub->ipv6_dst_lookup(net, NULL, &dst, &fl6);
4400 +- if (err)
4401 +- return ERR_PTR(err);
4402 ++ dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL);
4403 ++ if (IS_ERR(dst))
4404 ++ return ERR_CAST(dst);
4405 +
4406 + dev = dst->dev;
4407 + dev_hold(dev);
4408 +diff --git a/net/netrom/nr_route.c b/net/netrom/nr_route.c
4409 +index b76aa668a94b..53ced34a1fdd 100644
4410 +--- a/net/netrom/nr_route.c
4411 ++++ b/net/netrom/nr_route.c
4412 +@@ -211,6 +211,7 @@ static int __must_check nr_add_node(ax25_address *nr, const char *mnemonic,
4413 + /* refcount initialized at 1 */
4414 + spin_unlock_bh(&nr_node_list_lock);
4415 +
4416 ++ nr_neigh_put(nr_neigh);
4417 + return 0;
4418 + }
4419 + nr_node_lock(nr_node);
4420 +diff --git a/net/sched/sch_etf.c b/net/sched/sch_etf.c
4421 +index 1538d6fa8165..2278f3d420cd 100644
4422 +--- a/net/sched/sch_etf.c
4423 ++++ b/net/sched/sch_etf.c
4424 +@@ -77,7 +77,7 @@ static bool is_packet_valid(struct Qdisc *sch, struct sk_buff *nskb)
4425 + struct sock *sk = nskb->sk;
4426 + ktime_t now;
4427 +
4428 +- if (!sk)
4429 ++ if (!sk || !sk_fullsock(sk))
4430 + return false;
4431 +
4432 + if (!sock_flag(sk, SOCK_TXTIME))
4433 +@@ -129,8 +129,9 @@ static void report_sock_error(struct sk_buff *skb, u32 err, u8 code)
4434 + struct sock_exterr_skb *serr;
4435 + struct sk_buff *clone;
4436 + ktime_t txtime = skb->tstamp;
4437 ++ struct sock *sk = skb->sk;
4438 +
4439 +- if (!skb->sk || !(skb->sk->sk_txtime_report_errors))
4440 ++ if (!sk || !sk_fullsock(sk) || !(sk->sk_txtime_report_errors))
4441 + return;
4442 +
4443 + clone = skb_clone(skb, GFP_ATOMIC);
4444 +@@ -146,7 +147,7 @@ static void report_sock_error(struct sk_buff *skb, u32 err, u8 code)
4445 + serr->ee.ee_data = (txtime >> 32); /* high part of tstamp */
4446 + serr->ee.ee_info = txtime; /* low part of tstamp */
4447 +
4448 +- if (sock_queue_err_skb(skb->sk, clone))
4449 ++ if (sock_queue_err_skb(sk, clone))
4450 + kfree_skb(clone);
4451 + }
4452 +
4453 +diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
4454 +index 7657194f396e..736d8ca9821b 100644
4455 +--- a/net/sctp/ipv6.c
4456 ++++ b/net/sctp/ipv6.c
4457 +@@ -288,7 +288,7 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
4458 + final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
4459 + rcu_read_unlock();
4460 +
4461 +- dst = ip6_dst_lookup_flow(sk, fl6, final_p);
4462 ++ dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
4463 + if (!asoc || saddr) {
4464 + t->dst = dst;
4465 + memcpy(fl, &_fl, sizeof(_fl));
4466 +@@ -346,7 +346,7 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
4467 + fl6->saddr = laddr->a.v6.sin6_addr;
4468 + fl6->fl6_sport = laddr->a.v6.sin6_port;
4469 + final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
4470 +- bdst = ip6_dst_lookup_flow(sk, fl6, final_p);
4471 ++ bdst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
4472 +
4473 + if (IS_ERR(bdst))
4474 + continue;
4475 +diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
4476 +index 382c84d9339d..1d6235479706 100644
4477 +--- a/net/tipc/udp_media.c
4478 ++++ b/net/tipc/udp_media.c
4479 +@@ -189,10 +189,13 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb,
4480 + .saddr = src->ipv6,
4481 + .flowi6_proto = IPPROTO_UDP
4482 + };
4483 +- err = ipv6_stub->ipv6_dst_lookup(net, ub->ubsock->sk, &ndst,
4484 +- &fl6);
4485 +- if (err)
4486 ++ ndst = ipv6_stub->ipv6_dst_lookup_flow(net,
4487 ++ ub->ubsock->sk,
4488 ++ &fl6, NULL);
4489 ++ if (IS_ERR(ndst)) {
4490 ++ err = PTR_ERR(ndst);
4491 + goto tx_error;
4492 ++ }
4493 + ttl = ip6_dst_hoplimit(ndst);
4494 + err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb, NULL,
4495 + &src->ipv6, &dst->ipv6, 0, ttl, 0,
4496 +diff --git a/net/x25/x25_dev.c b/net/x25/x25_dev.c
4497 +index 39231237e1c3..30f71620d4e3 100644
4498 +--- a/net/x25/x25_dev.c
4499 ++++ b/net/x25/x25_dev.c
4500 +@@ -120,8 +120,10 @@ int x25_lapb_receive_frame(struct sk_buff *skb, struct net_device *dev,
4501 + goto drop;
4502 + }
4503 +
4504 +- if (!pskb_may_pull(skb, 1))
4505 ++ if (!pskb_may_pull(skb, 1)) {
4506 ++ x25_neigh_put(nb);
4507 + return 0;
4508 ++ }
4509 +
4510 + switch (skb->data[0]) {
4511 +
4512 +diff --git a/samples/vfio-mdev/mdpy.c b/samples/vfio-mdev/mdpy.c
4513 +index 96e7969c473a..d774717cd906 100644
4514 +--- a/samples/vfio-mdev/mdpy.c
4515 ++++ b/samples/vfio-mdev/mdpy.c
4516 +@@ -418,7 +418,7 @@ static int mdpy_mmap(struct mdev_device *mdev, struct vm_area_struct *vma)
4517 + return -EINVAL;
4518 +
4519 + return remap_vmalloc_range_partial(vma, vma->vm_start,
4520 +- mdev_state->memblk,
4521 ++ mdev_state->memblk, 0,
4522 + vma->vm_end - vma->vm_start);
4523 + }
4524 +
4525 +diff --git a/scripts/kconfig/qconf.cc b/scripts/kconfig/qconf.cc
4526 +index ef4310f2558b..8f004db6f603 100644
4527 +--- a/scripts/kconfig/qconf.cc
4528 ++++ b/scripts/kconfig/qconf.cc
4529 +@@ -627,7 +627,7 @@ void ConfigList::updateMenuList(ConfigItem *parent, struct menu* menu)
4530 + last = item;
4531 + continue;
4532 + }
4533 +- hide:
4534 ++hide:
4535 + if (item && item->menu == child) {
4536 + last = parent->firstChild();
4537 + if (last == item)
4538 +@@ -692,7 +692,7 @@ void ConfigList::updateMenuList(ConfigList *parent, struct menu* menu)
4539 + last = item;
4540 + continue;
4541 + }
4542 +- hide:
4543 ++hide:
4544 + if (item && item->menu == child) {
4545 + last = (ConfigItem*)parent->topLevelItem(0);
4546 + if (last == item)
4547 +@@ -1225,10 +1225,11 @@ QMenu* ConfigInfoView::createStandardContextMenu(const QPoint & pos)
4548 + {
4549 + QMenu* popup = Parent::createStandardContextMenu(pos);
4550 + QAction* action = new QAction("Show Debug Info", popup);
4551 +- action->setCheckable(true);
4552 +- connect(action, SIGNAL(toggled(bool)), SLOT(setShowDebug(bool)));
4553 +- connect(this, SIGNAL(showDebugChanged(bool)), action, SLOT(setOn(bool)));
4554 +- action->setChecked(showDebug());
4555 ++
4556 ++ action->setCheckable(true);
4557 ++ connect(action, SIGNAL(toggled(bool)), SLOT(setShowDebug(bool)));
4558 ++ connect(this, SIGNAL(showDebugChanged(bool)), action, SLOT(setOn(bool)));
4559 ++ action->setChecked(showDebug());
4560 + popup->addSeparator();
4561 + popup->addAction(action);
4562 + return popup;
4563 +diff --git a/security/keys/internal.h b/security/keys/internal.h
4564 +index a02742621c8d..eb50212fbbf8 100644
4565 +--- a/security/keys/internal.h
4566 ++++ b/security/keys/internal.h
4567 +@@ -20,6 +20,8 @@
4568 + #include <linux/keyctl.h>
4569 + #include <linux/refcount.h>
4570 + #include <linux/compat.h>
4571 ++#include <linux/mm.h>
4572 ++#include <linux/vmalloc.h>
4573 +
4574 + struct iovec;
4575 +
4576 +@@ -305,4 +307,14 @@ static inline void key_check(const struct key *key)
4577 +
4578 + #endif
4579 +
4580 ++/*
4581 ++ * Helper function to clear and free a kvmalloc'ed memory object.
4582 ++ */
4583 ++static inline void __kvzfree(const void *addr, size_t len)
4584 ++{
4585 ++ if (addr) {
4586 ++ memset((void *)addr, 0, len);
4587 ++ kvfree(addr);
4588 ++ }
4589 ++}
4590 + #endif /* _INTERNAL_H */
4591 +diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
4592 +index 4b6a084e323b..c07c2e2b2478 100644
4593 +--- a/security/keys/keyctl.c
4594 ++++ b/security/keys/keyctl.c
4595 +@@ -330,7 +330,7 @@ long keyctl_update_key(key_serial_t id,
4596 + payload = NULL;
4597 + if (plen) {
4598 + ret = -ENOMEM;
4599 +- payload = kmalloc(plen, GFP_KERNEL);
4600 ++ payload = kvmalloc(plen, GFP_KERNEL);
4601 + if (!payload)
4602 + goto error;
4603 +
4604 +@@ -351,7 +351,7 @@ long keyctl_update_key(key_serial_t id,
4605 +
4606 + key_ref_put(key_ref);
4607 + error2:
4608 +- kzfree(payload);
4609 ++ __kvzfree(payload, plen);
4610 + error:
4611 + return ret;
4612 + }
4613 +@@ -772,7 +772,8 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
4614 + struct key *key;
4615 + key_ref_t key_ref;
4616 + long ret;
4617 +- char *key_data;
4618 ++ char *key_data = NULL;
4619 ++ size_t key_data_len;
4620 +
4621 + /* find the key first */
4622 + key_ref = lookup_user_key(keyid, 0, 0);
4623 +@@ -823,24 +824,51 @@ can_read_key:
4624 + * Allocating a temporary buffer to hold the keys before
4625 + * transferring them to user buffer to avoid potential
4626 + * deadlock involving page fault and mmap_sem.
4627 ++ *
4628 ++ * key_data_len = (buflen <= PAGE_SIZE)
4629 ++ * ? buflen : actual length of key data
4630 ++ *
4631 ++ * This prevents allocating arbitrary large buffer which can
4632 ++ * be much larger than the actual key length. In the latter case,
4633 ++ * at least 2 passes of this loop is required.
4634 + */
4635 +- key_data = kmalloc(buflen, GFP_KERNEL);
4636 ++ key_data_len = (buflen <= PAGE_SIZE) ? buflen : 0;
4637 ++ for (;;) {
4638 ++ if (key_data_len) {
4639 ++ key_data = kvmalloc(key_data_len, GFP_KERNEL);
4640 ++ if (!key_data) {
4641 ++ ret = -ENOMEM;
4642 ++ goto key_put_out;
4643 ++ }
4644 ++ }
4645 +
4646 +- if (!key_data) {
4647 +- ret = -ENOMEM;
4648 +- goto key_put_out;
4649 +- }
4650 +- ret = __keyctl_read_key(key, key_data, buflen);
4651 ++ ret = __keyctl_read_key(key, key_data, key_data_len);
4652 ++
4653 ++ /*
4654 ++ * Read methods will just return the required length without
4655 ++ * any copying if the provided length isn't large enough.
4656 ++ */
4657 ++ if (ret <= 0 || ret > buflen)
4658 ++ break;
4659 ++
4660 ++ /*
4661 ++ * The key may change (unlikely) in between 2 consecutive
4662 ++ * __keyctl_read_key() calls. In this case, we reallocate
4663 ++ * a larger buffer and redo the key read when
4664 ++ * key_data_len < ret <= buflen.
4665 ++ */
4666 ++ if (ret > key_data_len) {
4667 ++ if (unlikely(key_data))
4668 ++ __kvzfree(key_data, key_data_len);
4669 ++ key_data_len = ret;
4670 ++ continue; /* Allocate buffer */
4671 ++ }
4672 +
4673 +- /*
4674 +- * Read methods will just return the required length without
4675 +- * any copying if the provided length isn't large enough.
4676 +- */
4677 +- if (ret > 0 && ret <= buflen) {
4678 + if (copy_to_user(buffer, key_data, ret))
4679 + ret = -EFAULT;
4680 ++ break;
4681 + }
4682 +- kzfree(key_data);
4683 ++ __kvzfree(key_data, key_data_len);
4684 +
4685 + key_put_out:
4686 + key_put(key);
4687 +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
4688 +index 54a9b391ecce..0502042c1616 100644
4689 +--- a/sound/pci/hda/hda_intel.c
4690 ++++ b/sound/pci/hda/hda_intel.c
4691 +@@ -2215,7 +2215,6 @@ static const struct hdac_io_ops pci_hda_io_ops = {
4692 + * should be ignored from the beginning.
4693 + */
4694 + static const struct snd_pci_quirk driver_blacklist[] = {
4695 +- SND_PCI_QUIRK(0x1043, 0x874f, "ASUS ROG Zenith II / Strix", 0),
4696 + SND_PCI_QUIRK(0x1462, 0xcb59, "MSI TRX40 Creator", 0),
4697 + SND_PCI_QUIRK(0x1462, 0xcb60, "MSI TRX40", 0),
4698 + {}
4699 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
4700 +index ea439bee8e6f..9620a8461d91 100644
4701 +--- a/sound/pci/hda/patch_realtek.c
4702 ++++ b/sound/pci/hda/patch_realtek.c
4703 +@@ -380,6 +380,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
4704 + case 0x10ec0233:
4705 + case 0x10ec0235:
4706 + case 0x10ec0236:
4707 ++ case 0x10ec0245:
4708 + case 0x10ec0255:
4709 + case 0x10ec0256:
4710 + case 0x10ec0257:
4711 +@@ -801,9 +802,11 @@ static void alc_ssid_check(struct hda_codec *codec, const hda_nid_t *ports)
4712 + {
4713 + if (!alc_subsystem_id(codec, ports)) {
4714 + struct alc_spec *spec = codec->spec;
4715 +- codec_dbg(codec,
4716 +- "realtek: Enable default setup for auto mode as fallback\n");
4717 +- spec->init_amp = ALC_INIT_DEFAULT;
4718 ++ if (spec->init_amp == ALC_INIT_UNDEFINED) {
4719 ++ codec_dbg(codec,
4720 ++ "realtek: Enable default setup for auto mode as fallback\n");
4721 ++ spec->init_amp = ALC_INIT_DEFAULT;
4722 ++ }
4723 + }
4724 + }
4725 +
4726 +@@ -7790,6 +7793,7 @@ static int patch_alc269(struct hda_codec *codec)
4727 + spec->gen.mixer_nid = 0;
4728 + break;
4729 + case 0x10ec0215:
4730 ++ case 0x10ec0245:
4731 + case 0x10ec0285:
4732 + case 0x10ec0289:
4733 + spec->codec_variant = ALC269_TYPE_ALC215;
4734 +@@ -8911,6 +8915,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = {
4735 + HDA_CODEC_ENTRY(0x10ec0234, "ALC234", patch_alc269),
4736 + HDA_CODEC_ENTRY(0x10ec0235, "ALC233", patch_alc269),
4737 + HDA_CODEC_ENTRY(0x10ec0236, "ALC236", patch_alc269),
4738 ++ HDA_CODEC_ENTRY(0x10ec0245, "ALC245", patch_alc269),
4739 + HDA_CODEC_ENTRY(0x10ec0255, "ALC255", patch_alc269),
4740 + HDA_CODEC_ENTRY(0x10ec0256, "ALC256", patch_alc269),
4741 + HDA_CODEC_ENTRY(0x10ec0257, "ALC257", patch_alc269),
4742 +diff --git a/sound/soc/intel/atom/sst-atom-controls.c b/sound/soc/intel/atom/sst-atom-controls.c
4743 +index 737f5d553313..a1d7f93a0805 100644
4744 +--- a/sound/soc/intel/atom/sst-atom-controls.c
4745 ++++ b/sound/soc/intel/atom/sst-atom-controls.c
4746 +@@ -974,7 +974,9 @@ static int sst_set_be_modules(struct snd_soc_dapm_widget *w,
4747 + dev_dbg(c->dev, "Enter: widget=%s\n", w->name);
4748 +
4749 + if (SND_SOC_DAPM_EVENT_ON(event)) {
4750 ++ mutex_lock(&drv->lock);
4751 + ret = sst_send_slot_map(drv);
4752 ++ mutex_unlock(&drv->lock);
4753 + if (ret)
4754 + return ret;
4755 + ret = sst_send_pipe_module_params(w, k);
4756 +diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
4757 +index e58240e18b30..f29014a7d672 100644
4758 +--- a/sound/soc/intel/boards/bytcr_rt5640.c
4759 ++++ b/sound/soc/intel/boards/bytcr_rt5640.c
4760 +@@ -588,6 +588,17 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
4761 + BYT_RT5640_SSP0_AIF1 |
4762 + BYT_RT5640_MCLK_EN),
4763 + },
4764 ++ {
4765 ++ /* MPMAN MPWIN895CL */
4766 ++ .matches = {
4767 ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "MPMAN"),
4768 ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "MPWIN8900CL"),
4769 ++ },
4770 ++ .driver_data = (void *)(BYTCR_INPUT_DEFAULTS |
4771 ++ BYT_RT5640_MONO_SPEAKER |
4772 ++ BYT_RT5640_SSP0_AIF1 |
4773 ++ BYT_RT5640_MCLK_EN),
4774 ++ },
4775 + { /* MSI S100 tablet */
4776 + .matches = {
4777 + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Micro-Star International Co., Ltd."),
4778 +diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
4779 +index d61e954417d0..96800b7c82f6 100644
4780 +--- a/sound/soc/soc-dapm.c
4781 ++++ b/sound/soc/soc-dapm.c
4782 +@@ -410,7 +410,7 @@ static int dapm_kcontrol_data_alloc(struct snd_soc_dapm_widget *widget,
4783 +
4784 + memset(&template, 0, sizeof(template));
4785 + template.reg = e->reg;
4786 +- template.mask = e->mask << e->shift_l;
4787 ++ template.mask = e->mask;
4788 + template.shift = e->shift_l;
4789 + template.off_val = snd_soc_enum_item_to_val(e, 0);
4790 + template.on_val = template.off_val;
4791 +@@ -536,8 +536,22 @@ static bool dapm_kcontrol_set_value(const struct snd_kcontrol *kcontrol,
4792 + if (data->value == value)
4793 + return false;
4794 +
4795 +- if (data->widget)
4796 +- data->widget->on_val = value;
4797 ++ if (data->widget) {
4798 ++ switch (dapm_kcontrol_get_wlist(kcontrol)->widgets[0]->id) {
4799 ++ case snd_soc_dapm_switch:
4800 ++ case snd_soc_dapm_mixer:
4801 ++ case snd_soc_dapm_mixer_named_ctl:
4802 ++ data->widget->on_val = value & data->widget->mask;
4803 ++ break;
4804 ++ case snd_soc_dapm_demux:
4805 ++ case snd_soc_dapm_mux:
4806 ++ data->widget->on_val = value >> data->widget->shift;
4807 ++ break;
4808 ++ default:
4809 ++ data->widget->on_val = value;
4810 ++ break;
4811 ++ }
4812 ++ }
4813 +
4814 + data->value = value;
4815 +
4816 +diff --git a/sound/usb/format.c b/sound/usb/format.c
4817 +index 9d27429ed403..c8207b52c651 100644
4818 +--- a/sound/usb/format.c
4819 ++++ b/sound/usb/format.c
4820 +@@ -237,6 +237,52 @@ static int parse_audio_format_rates_v1(struct snd_usb_audio *chip, struct audiof
4821 + return 0;
4822 + }
4823 +
4824 ++/*
4825 ++ * Many Focusrite devices supports a limited set of sampling rates per
4826 ++ * altsetting. Maximum rate is exposed in the last 4 bytes of Format Type
4827 ++ * descriptor which has a non-standard bLength = 10.
4828 ++ */
4829 ++static bool focusrite_valid_sample_rate(struct snd_usb_audio *chip,
4830 ++ struct audioformat *fp,
4831 ++ unsigned int rate)
4832 ++{
4833 ++ struct usb_interface *iface;
4834 ++ struct usb_host_interface *alts;
4835 ++ unsigned char *fmt;
4836 ++ unsigned int max_rate;
4837 ++
4838 ++ iface = usb_ifnum_to_if(chip->dev, fp->iface);
4839 ++ if (!iface)
4840 ++ return true;
4841 ++
4842 ++ alts = &iface->altsetting[fp->altset_idx];
4843 ++ fmt = snd_usb_find_csint_desc(alts->extra, alts->extralen,
4844 ++ NULL, UAC_FORMAT_TYPE);
4845 ++ if (!fmt)
4846 ++ return true;
4847 ++
4848 ++ if (fmt[0] == 10) { /* bLength */
4849 ++ max_rate = combine_quad(&fmt[6]);
4850 ++
4851 ++ /* Validate max rate */
4852 ++ if (max_rate != 48000 &&
4853 ++ max_rate != 96000 &&
4854 ++ max_rate != 192000 &&
4855 ++ max_rate != 384000) {
4856 ++
4857 ++ usb_audio_info(chip,
4858 ++ "%u:%d : unexpected max rate: %u\n",
4859 ++ fp->iface, fp->altsetting, max_rate);
4860 ++
4861 ++ return true;
4862 ++ }
4863 ++
4864 ++ return rate <= max_rate;
4865 ++ }
4866 ++
4867 ++ return true;
4868 ++}
4869 ++
4870 + /*
4871 + * Helper function to walk the array of sample rate triplets reported by
4872 + * the device. The problem is that we need to parse whole array first to
4873 +@@ -273,6 +319,11 @@ static int parse_uac2_sample_rate_range(struct snd_usb_audio *chip,
4874 + }
4875 +
4876 + for (rate = min; rate <= max; rate += res) {
4877 ++ /* Filter out invalid rates on Focusrite devices */
4878 ++ if (USB_ID_VENDOR(chip->usb_id) == 0x1235 &&
4879 ++ !focusrite_valid_sample_rate(chip, fp, rate))
4880 ++ goto skip_rate;
4881 ++
4882 + if (fp->rate_table)
4883 + fp->rate_table[nr_rates] = rate;
4884 + if (!fp->rate_min || rate < fp->rate_min)
4885 +@@ -287,6 +338,7 @@ static int parse_uac2_sample_rate_range(struct snd_usb_audio *chip,
4886 + break;
4887 + }
4888 +
4889 ++skip_rate:
4890 + /* avoid endless loop */
4891 + if (res == 0)
4892 + break;
4893 +diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
4894 +index 257da95a4ea6..7a5c665cf4e4 100644
4895 +--- a/sound/usb/mixer.c
4896 ++++ b/sound/usb/mixer.c
4897 +@@ -1770,8 +1770,10 @@ static void build_connector_control(struct usb_mixer_interface *mixer,
4898 + {
4899 + struct snd_kcontrol *kctl;
4900 + struct usb_mixer_elem_info *cval;
4901 ++ const struct usbmix_name_map *map;
4902 +
4903 +- if (check_ignored_ctl(find_map(imap, term->id, 0)))
4904 ++ map = find_map(imap, term->id, 0);
4905 ++ if (check_ignored_ctl(map))
4906 + return;
4907 +
4908 + cval = kzalloc(sizeof(*cval), GFP_KERNEL);
4909 +@@ -1803,8 +1805,12 @@ static void build_connector_control(struct usb_mixer_interface *mixer,
4910 + usb_mixer_elem_info_free(cval);
4911 + return;
4912 + }
4913 +- get_connector_control_name(mixer, term, is_input, kctl->id.name,
4914 +- sizeof(kctl->id.name));
4915 ++
4916 ++ if (check_mapped_name(map, kctl->id.name, sizeof(kctl->id.name)))
4917 ++ strlcat(kctl->id.name, " Jack", sizeof(kctl->id.name));
4918 ++ else
4919 ++ get_connector_control_name(mixer, term, is_input, kctl->id.name,
4920 ++ sizeof(kctl->id.name));
4921 + kctl->private_free = snd_usb_mixer_elem_free;
4922 + snd_usb_mixer_add_control(&cval->head, kctl);
4923 + }
4924 +@@ -3109,6 +3115,7 @@ static int snd_usb_mixer_controls(struct usb_mixer_interface *mixer)
4925 + if (map->id == state.chip->usb_id) {
4926 + state.map = map->map;
4927 + state.selector_map = map->selector_map;
4928 ++ mixer->connector_map = map->connector_map;
4929 + mixer->ignore_ctl_error |= map->ignore_ctl_error;
4930 + break;
4931 + }
4932 +@@ -3190,10 +3197,32 @@ static int snd_usb_mixer_controls(struct usb_mixer_interface *mixer)
4933 + return 0;
4934 + }
4935 +
4936 ++static int delegate_notify(struct usb_mixer_interface *mixer, int unitid,
4937 ++ u8 *control, u8 *channel)
4938 ++{
4939 ++ const struct usbmix_connector_map *map = mixer->connector_map;
4940 ++
4941 ++ if (!map)
4942 ++ return unitid;
4943 ++
4944 ++ for (; map->id; map++) {
4945 ++ if (map->id == unitid) {
4946 ++ if (control && map->control)
4947 ++ *control = map->control;
4948 ++ if (channel && map->channel)
4949 ++ *channel = map->channel;
4950 ++ return map->delegated_id;
4951 ++ }
4952 ++ }
4953 ++ return unitid;
4954 ++}
4955 ++
4956 + void snd_usb_mixer_notify_id(struct usb_mixer_interface *mixer, int unitid)
4957 + {
4958 + struct usb_mixer_elem_list *list;
4959 +
4960 ++ unitid = delegate_notify(mixer, unitid, NULL, NULL);
4961 ++
4962 + for_each_mixer_elem(list, mixer, unitid) {
4963 + struct usb_mixer_elem_info *info =
4964 + mixer_elem_list_to_info(list);
4965 +@@ -3263,6 +3292,8 @@ static void snd_usb_mixer_interrupt_v2(struct usb_mixer_interface *mixer,
4966 + return;
4967 + }
4968 +
4969 ++ unitid = delegate_notify(mixer, unitid, &control, &channel);
4970 ++
4971 + for_each_mixer_elem(list, mixer, unitid)
4972 + count++;
4973 +
4974 +diff --git a/sound/usb/mixer.h b/sound/usb/mixer.h
4975 +index 3d12af8bf191..15ec90e96d4d 100644
4976 +--- a/sound/usb/mixer.h
4977 ++++ b/sound/usb/mixer.h
4978 +@@ -4,6 +4,13 @@
4979 +
4980 + #include <sound/info.h>
4981 +
4982 ++struct usbmix_connector_map {
4983 ++ u8 id;
4984 ++ u8 delegated_id;
4985 ++ u8 control;
4986 ++ u8 channel;
4987 ++};
4988 ++
4989 + struct usb_mixer_interface {
4990 + struct snd_usb_audio *chip;
4991 + struct usb_host_interface *hostif;
4992 +@@ -16,6 +23,9 @@ struct usb_mixer_interface {
4993 + /* the usb audio specification version this interface complies to */
4994 + int protocol;
4995 +
4996 ++ /* optional connector delegation map */
4997 ++ const struct usbmix_connector_map *connector_map;
4998 ++
4999 + /* Sound Blaster remote control stuff */
5000 + const struct rc_config *rc_cfg;
5001 + u32 rc_code;
5002 +diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
5003 +index bf000e54461b..1689e4f242df 100644
5004 +--- a/sound/usb/mixer_maps.c
5005 ++++ b/sound/usb/mixer_maps.c
5006 +@@ -41,6 +41,7 @@ struct usbmix_ctl_map {
5007 + u32 id;
5008 + const struct usbmix_name_map *map;
5009 + const struct usbmix_selector_map *selector_map;
5010 ++ const struct usbmix_connector_map *connector_map;
5011 + int ignore_ctl_error;
5012 + };
5013 +
5014 +@@ -373,6 +374,33 @@ static const struct usbmix_name_map asus_rog_map[] = {
5015 + {}
5016 + };
5017 +
5018 ++/* TRX40 mobos with Realtek ALC1220-VB */
5019 ++static const struct usbmix_name_map trx40_mobo_map[] = {
5020 ++ { 18, NULL }, /* OT, IEC958 - broken response, disabled */
5021 ++ { 19, NULL, 12 }, /* FU, Input Gain Pad - broken response, disabled */
5022 ++ { 16, "Speaker" }, /* OT */
5023 ++ { 22, "Speaker Playback" }, /* FU */
5024 ++ { 7, "Line" }, /* IT */
5025 ++ { 19, "Line Capture" }, /* FU */
5026 ++ { 17, "Front Headphone" }, /* OT */
5027 ++ { 23, "Front Headphone Playback" }, /* FU */
5028 ++ { 8, "Mic" }, /* IT */
5029 ++ { 20, "Mic Capture" }, /* FU */
5030 ++ { 9, "Front Mic" }, /* IT */
5031 ++ { 21, "Front Mic Capture" }, /* FU */
5032 ++ { 24, "IEC958 Playback" }, /* FU */
5033 ++ {}
5034 ++};
5035 ++
5036 ++static const struct usbmix_connector_map trx40_mobo_connector_map[] = {
5037 ++ { 10, 16 }, /* (Back) Speaker */
5038 ++ { 11, 17 }, /* Front Headphone */
5039 ++ { 13, 7 }, /* Line */
5040 ++ { 14, 8 }, /* Mic */
5041 ++ { 15, 9 }, /* Front Mic */
5042 ++ {}
5043 ++};
5044 ++
5045 + /*
5046 + * Control map entries
5047 + */
5048 +@@ -494,7 +522,8 @@ static struct usbmix_ctl_map usbmix_ctl_maps[] = {
5049 + },
5050 + { /* Gigabyte TRX40 Aorus Pro WiFi */
5051 + .id = USB_ID(0x0414, 0xa002),
5052 +- .map = asus_rog_map,
5053 ++ .map = trx40_mobo_map,
5054 ++ .connector_map = trx40_mobo_connector_map,
5055 + },
5056 + { /* ASUS ROG Zenith II */
5057 + .id = USB_ID(0x0b05, 0x1916),
5058 +@@ -506,11 +535,13 @@ static struct usbmix_ctl_map usbmix_ctl_maps[] = {
5059 + },
5060 + { /* MSI TRX40 Creator */
5061 + .id = USB_ID(0x0db0, 0x0d64),
5062 +- .map = asus_rog_map,
5063 ++ .map = trx40_mobo_map,
5064 ++ .connector_map = trx40_mobo_connector_map,
5065 + },
5066 + { /* MSI TRX40 */
5067 + .id = USB_ID(0x0db0, 0x543d),
5068 +- .map = asus_rog_map,
5069 ++ .map = trx40_mobo_map,
5070 ++ .connector_map = trx40_mobo_connector_map,
5071 + },
5072 + { 0 } /* terminator */
5073 + };
5074 +diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
5075 +index 10c6971cf477..983e8a3ebfcf 100644
5076 +--- a/sound/usb/mixer_quirks.c
5077 ++++ b/sound/usb/mixer_quirks.c
5078 +@@ -1519,11 +1519,15 @@ static int snd_microii_spdif_default_get(struct snd_kcontrol *kcontrol,
5079 +
5080 + /* use known values for that card: interface#1 altsetting#1 */
5081 + iface = usb_ifnum_to_if(chip->dev, 1);
5082 +- if (!iface || iface->num_altsetting < 2)
5083 +- return -EINVAL;
5084 ++ if (!iface || iface->num_altsetting < 2) {
5085 ++ err = -EINVAL;
5086 ++ goto end;
5087 ++ }
5088 + alts = &iface->altsetting[1];
5089 +- if (get_iface_desc(alts)->bNumEndpoints < 1)
5090 +- return -EINVAL;
5091 ++ if (get_iface_desc(alts)->bNumEndpoints < 1) {
5092 ++ err = -EINVAL;
5093 ++ goto end;
5094 ++ }
5095 + ep = get_endpoint(alts, 0)->bEndpointAddress;
5096 +
5097 + err = snd_usb_ctl_msg(chip->dev,
5098 +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
5099 +index 90d4f61cc230..774aeedde071 100644
5100 +--- a/sound/usb/quirks-table.h
5101 ++++ b/sound/usb/quirks-table.h
5102 +@@ -3400,4 +3400,18 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge", "HVR-950Q"),
5103 + }
5104 + },
5105 +
5106 ++#define ALC1220_VB_DESKTOP(vend, prod) { \
5107 ++ USB_DEVICE(vend, prod), \
5108 ++ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) { \
5109 ++ .vendor_name = "Realtek", \
5110 ++ .product_name = "ALC1220-VB-DT", \
5111 ++ .profile_name = "Realtek-ALC1220-VB-Desktop", \
5112 ++ .ifnum = QUIRK_NO_INTERFACE \
5113 ++ } \
5114 ++}
5115 ++ALC1220_VB_DESKTOP(0x0414, 0xa002), /* Gigabyte TRX40 Aorus Pro WiFi */
5116 ++ALC1220_VB_DESKTOP(0x0db0, 0x0d64), /* MSI TRX40 Creator */
5117 ++ALC1220_VB_DESKTOP(0x0db0, 0x543d), /* MSI TRX40 */
5118 ++#undef ALC1220_VB_DESKTOP
5119 ++
5120 + #undef USB_DEVICE_VENDOR_SPEC
5121 +diff --git a/sound/usb/usx2y/usbusx2yaudio.c b/sound/usb/usx2y/usbusx2yaudio.c
5122 +index 2b833054e3b0..bdb28e0229e6 100644
5123 +--- a/sound/usb/usx2y/usbusx2yaudio.c
5124 ++++ b/sound/usb/usx2y/usbusx2yaudio.c
5125 +@@ -695,6 +695,8 @@ static int usX2Y_rate_set(struct usX2Ydev *usX2Y, int rate)
5126 + us->submitted = 2*NOOF_SETRATE_URBS;
5127 + for (i = 0; i < NOOF_SETRATE_URBS; ++i) {
5128 + struct urb *urb = us->urb[i];
5129 ++ if (!urb)
5130 ++ continue;
5131 + if (urb->status) {
5132 + if (!err)
5133 + err = -ENODEV;
5134 +diff --git a/tools/bpf/bpftool/btf_dumper.c b/tools/bpf/bpftool/btf_dumper.c
5135 +index ff0cc3c17141..1e7c619228a2 100644
5136 +--- a/tools/bpf/bpftool/btf_dumper.c
5137 ++++ b/tools/bpf/bpftool/btf_dumper.c
5138 +@@ -26,7 +26,7 @@ static void btf_dumper_ptr(const void *data, json_writer_t *jw,
5139 + bool is_plain_text)
5140 + {
5141 + if (is_plain_text)
5142 +- jsonw_printf(jw, "%p", data);
5143 ++ jsonw_printf(jw, "%p", *(void **)data);
5144 + else
5145 + jsonw_printf(jw, "%lu", *(unsigned long *)data);
5146 + }
5147 +diff --git a/tools/testing/selftests/ftrace/settings b/tools/testing/selftests/ftrace/settings
5148 +new file mode 100644
5149 +index 000000000000..e7b9417537fb
5150 +--- /dev/null
5151 ++++ b/tools/testing/selftests/ftrace/settings
5152 +@@ -0,0 +1 @@
5153 ++timeout=0
5154 +diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh
5155 +index 0a76314b4414..1f118916a83e 100755
5156 +--- a/tools/testing/selftests/kmod/kmod.sh
5157 ++++ b/tools/testing/selftests/kmod/kmod.sh
5158 +@@ -505,18 +505,23 @@ function test_num()
5159 + fi
5160 + }
5161 +
5162 +-function get_test_count()
5163 ++function get_test_data()
5164 + {
5165 + test_num $1
5166 +- TEST_DATA=$(echo $ALL_TESTS | awk '{print $'$1'}')
5167 ++ local field_num=$(echo $1 | sed 's/^0*//')
5168 ++ echo $ALL_TESTS | awk '{print $'$field_num'}'
5169 ++}
5170 ++
5171 ++function get_test_count()
5172 ++{
5173 ++ TEST_DATA=$(get_test_data $1)
5174 + LAST_TWO=${TEST_DATA#*:*}
5175 + echo ${LAST_TWO%:*}
5176 + }
5177 +
5178 + function get_test_enabled()
5179 + {
5180 +- test_num $1
5181 +- TEST_DATA=$(echo $ALL_TESTS | awk '{print $'$1'}')
5182 ++ TEST_DATA=$(get_test_data $1)
5183 + echo ${TEST_DATA#*:*:}
5184 + }
5185 +
5186 +diff --git a/tools/vm/Makefile b/tools/vm/Makefile
5187 +index 20f6cf04377f..9860622cbb15 100644
5188 +--- a/tools/vm/Makefile
5189 ++++ b/tools/vm/Makefile
5190 +@@ -1,6 +1,8 @@
5191 + # SPDX-License-Identifier: GPL-2.0
5192 + # Makefile for vm tools
5193 + #
5194 ++include ../scripts/Makefile.include
5195 ++
5196 + TARGETS=page-types slabinfo page_owner_sort
5197 +
5198 + LIB_DIR = ../lib/api
5199 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
5200 +index 4e499b78569b..aca15bd1cc4c 100644
5201 +--- a/virt/kvm/kvm_main.c
5202 ++++ b/virt/kvm/kvm_main.c
5203 +@@ -52,9 +52,9 @@
5204 + #include <linux/sort.h>
5205 + #include <linux/bsearch.h>
5206 + #include <linux/kthread.h>
5207 ++#include <linux/io.h>
5208 +
5209 + #include <asm/processor.h>
5210 +-#include <asm/io.h>
5211 + #include <asm/ioctl.h>
5212 + #include <linux/uaccess.h>
5213 + #include <asm/pgtable.h>
5214 +@@ -1705,6 +1705,153 @@ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn)
5215 + }
5216 + EXPORT_SYMBOL_GPL(gfn_to_page);
5217 +
5218 ++void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache)
5219 ++{
5220 ++ if (pfn == 0)
5221 ++ return;
5222 ++
5223 ++ if (cache)
5224 ++ cache->pfn = cache->gfn = 0;
5225 ++
5226 ++ if (dirty)
5227 ++ kvm_release_pfn_dirty(pfn);
5228 ++ else
5229 ++ kvm_release_pfn_clean(pfn);
5230 ++}
5231 ++
5232 ++static void kvm_cache_gfn_to_pfn(struct kvm_memory_slot *slot, gfn_t gfn,
5233 ++ struct gfn_to_pfn_cache *cache, u64 gen)
5234 ++{
5235 ++ kvm_release_pfn(cache->pfn, cache->dirty, cache);
5236 ++
5237 ++ cache->pfn = gfn_to_pfn_memslot(slot, gfn);
5238 ++ cache->gfn = gfn;
5239 ++ cache->dirty = false;
5240 ++ cache->generation = gen;
5241 ++}
5242 ++
5243 ++static int __kvm_map_gfn(struct kvm_memslots *slots, gfn_t gfn,
5244 ++ struct kvm_host_map *map,
5245 ++ struct gfn_to_pfn_cache *cache,
5246 ++ bool atomic)
5247 ++{
5248 ++ kvm_pfn_t pfn;
5249 ++ void *hva = NULL;
5250 ++ struct page *page = KVM_UNMAPPED_PAGE;
5251 ++ struct kvm_memory_slot *slot = __gfn_to_memslot(slots, gfn);
5252 ++ u64 gen = slots->generation;
5253 ++
5254 ++ if (!map)
5255 ++ return -EINVAL;
5256 ++
5257 ++ if (cache) {
5258 ++ if (!cache->pfn || cache->gfn != gfn ||
5259 ++ cache->generation != gen) {
5260 ++ if (atomic)
5261 ++ return -EAGAIN;
5262 ++ kvm_cache_gfn_to_pfn(slot, gfn, cache, gen);
5263 ++ }
5264 ++ pfn = cache->pfn;
5265 ++ } else {
5266 ++ if (atomic)
5267 ++ return -EAGAIN;
5268 ++ pfn = gfn_to_pfn_memslot(slot, gfn);
5269 ++ }
5270 ++ if (is_error_noslot_pfn(pfn))
5271 ++ return -EINVAL;
5272 ++
5273 ++ if (pfn_valid(pfn)) {
5274 ++ page = pfn_to_page(pfn);
5275 ++ if (atomic)
5276 ++ hva = kmap_atomic(page);
5277 ++ else
5278 ++ hva = kmap(page);
5279 ++#ifdef CONFIG_HAS_IOMEM
5280 ++ } else if (!atomic) {
5281 ++ hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB);
5282 ++ } else {
5283 ++ return -EINVAL;
5284 ++#endif
5285 ++ }
5286 ++
5287 ++ if (!hva)
5288 ++ return -EFAULT;
5289 ++
5290 ++ map->page = page;
5291 ++ map->hva = hva;
5292 ++ map->pfn = pfn;
5293 ++ map->gfn = gfn;
5294 ++
5295 ++ return 0;
5296 ++}
5297 ++
5298 ++int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map,
5299 ++ struct gfn_to_pfn_cache *cache, bool atomic)
5300 ++{
5301 ++ return __kvm_map_gfn(kvm_memslots(vcpu->kvm), gfn, map,
5302 ++ cache, atomic);
5303 ++}
5304 ++EXPORT_SYMBOL_GPL(kvm_map_gfn);
5305 ++
5306 ++int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map)
5307 ++{
5308 ++ return __kvm_map_gfn(kvm_vcpu_memslots(vcpu), gfn, map,
5309 ++ NULL, false);
5310 ++}
5311 ++EXPORT_SYMBOL_GPL(kvm_vcpu_map);
5312 ++
5313 ++static void __kvm_unmap_gfn(struct kvm_memory_slot *memslot,
5314 ++ struct kvm_host_map *map,
5315 ++ struct gfn_to_pfn_cache *cache,
5316 ++ bool dirty, bool atomic)
5317 ++{
5318 ++ if (!map)
5319 ++ return;
5320 ++
5321 ++ if (!map->hva)
5322 ++ return;
5323 ++
5324 ++ if (map->page != KVM_UNMAPPED_PAGE) {
5325 ++ if (atomic)
5326 ++ kunmap_atomic(map->hva);
5327 ++ else
5328 ++ kunmap(map->page);
5329 ++ }
5330 ++#ifdef CONFIG_HAS_IOMEM
5331 ++ else if (!atomic)
5332 ++ memunmap(map->hva);
5333 ++ else
5334 ++ WARN_ONCE(1, "Unexpected unmapping in atomic context");
5335 ++#endif
5336 ++
5337 ++ if (dirty)
5338 ++ mark_page_dirty_in_slot(memslot, map->gfn);
5339 ++
5340 ++ if (cache)
5341 ++ cache->dirty |= dirty;
5342 ++ else
5343 ++ kvm_release_pfn(map->pfn, dirty, NULL);
5344 ++
5345 ++ map->hva = NULL;
5346 ++ map->page = NULL;
5347 ++}
5348 ++
5349 ++int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
5350 ++ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic)
5351 ++{
5352 ++ __kvm_unmap_gfn(gfn_to_memslot(vcpu->kvm, map->gfn), map,
5353 ++ cache, dirty, atomic);
5354 ++ return 0;
5355 ++}
5356 ++EXPORT_SYMBOL_GPL(kvm_unmap_gfn);
5357 ++
5358 ++void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty)
5359 ++{
5360 ++ __kvm_unmap_gfn(kvm_vcpu_gfn_to_memslot(vcpu, map->gfn), map, NULL,
5361 ++ dirty, false);
5362 ++}
5363 ++EXPORT_SYMBOL_GPL(kvm_vcpu_unmap);
5364 ++
5365 + struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn)
5366 + {
5367 + kvm_pfn_t pfn;
Report Message
Find on MARC Find on Google Groups