Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: /
Date: Wed, 21 Mar 2018 14:41:54
Message-Id: 1521643298.132266687094fdbd0edd1e77a757165d29b8a673.mpagano@gentoo
1 commit: 132266687094fdbd0edd1e77a757165d29b8a673
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Mar 21 14:41:38 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 21 14:41:38 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=13226668
7
8 Linux patch 4.14.29
9
10 0000_README | 4 +
11 1028_linux-4.14.29.patch | 1579 ++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 1583 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index a239cba..aaa36a2 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -155,6 +155,10 @@ Patch: 1027_linux-4.14.28.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.14.28
21
22 +Patch: 1028_linux-4.14.29.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.14.29
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1028_linux-4.14.29.patch b/1028_linux-4.14.29.patch
31 new file mode 100644
32 index 0000000..8122364
33 --- /dev/null
34 +++ b/1028_linux-4.14.29.patch
35 @@ -0,0 +1,1579 @@
36 +diff --git a/Makefile b/Makefile
37 +index 9ae370a47ff9..4b2aa0dd4043 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,7 +1,7 @@
41 + # SPDX-License-Identifier: GPL-2.0
42 + VERSION = 4
43 + PATCHLEVEL = 14
44 +-SUBLEVEL = 28
45 ++SUBLEVEL = 29
46 + EXTRAVERSION =
47 + NAME = Petit Gorille
48 +
49 +diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c
50 +index 79089778725b..e3b45546d589 100644
51 +--- a/arch/parisc/kernel/cache.c
52 ++++ b/arch/parisc/kernel/cache.c
53 +@@ -543,7 +543,8 @@ void flush_cache_mm(struct mm_struct *mm)
54 + rp3440, etc. So, avoid it if the mm isn't too big. */
55 + if ((!IS_ENABLED(CONFIG_SMP) || !arch_irqs_disabled()) &&
56 + mm_total_size(mm) >= parisc_cache_flush_threshold) {
57 +- flush_tlb_all();
58 ++ if (mm->context)
59 ++ flush_tlb_all();
60 + flush_cache_all();
61 + return;
62 + }
63 +@@ -571,6 +572,8 @@ void flush_cache_mm(struct mm_struct *mm)
64 + pfn = pte_pfn(*ptep);
65 + if (!pfn_valid(pfn))
66 + continue;
67 ++ if (unlikely(mm->context))
68 ++ flush_tlb_page(vma, addr);
69 + __flush_cache_page(vma, addr, PFN_PHYS(pfn));
70 + }
71 + }
72 +@@ -579,26 +582,46 @@ void flush_cache_mm(struct mm_struct *mm)
73 + void flush_cache_range(struct vm_area_struct *vma,
74 + unsigned long start, unsigned long end)
75 + {
76 ++ pgd_t *pgd;
77 ++ unsigned long addr;
78 ++
79 + if ((!IS_ENABLED(CONFIG_SMP) || !arch_irqs_disabled()) &&
80 + end - start >= parisc_cache_flush_threshold) {
81 +- flush_tlb_range(vma, start, end);
82 ++ if (vma->vm_mm->context)
83 ++ flush_tlb_range(vma, start, end);
84 + flush_cache_all();
85 + return;
86 + }
87 +
88 +- flush_user_dcache_range_asm(start, end);
89 +- if (vma->vm_flags & VM_EXEC)
90 +- flush_user_icache_range_asm(start, end);
91 +- flush_tlb_range(vma, start, end);
92 ++ if (vma->vm_mm->context == mfsp(3)) {
93 ++ flush_user_dcache_range_asm(start, end);
94 ++ if (vma->vm_flags & VM_EXEC)
95 ++ flush_user_icache_range_asm(start, end);
96 ++ flush_tlb_range(vma, start, end);
97 ++ return;
98 ++ }
99 ++
100 ++ pgd = vma->vm_mm->pgd;
101 ++ for (addr = vma->vm_start; addr < vma->vm_end; addr += PAGE_SIZE) {
102 ++ unsigned long pfn;
103 ++ pte_t *ptep = get_ptep(pgd, addr);
104 ++ if (!ptep)
105 ++ continue;
106 ++ pfn = pte_pfn(*ptep);
107 ++ if (pfn_valid(pfn)) {
108 ++ if (unlikely(vma->vm_mm->context))
109 ++ flush_tlb_page(vma, addr);
110 ++ __flush_cache_page(vma, addr, PFN_PHYS(pfn));
111 ++ }
112 ++ }
113 + }
114 +
115 + void
116 + flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long pfn)
117 + {
118 +- BUG_ON(!vma->vm_mm->context);
119 +-
120 + if (pfn_valid(pfn)) {
121 +- flush_tlb_page(vma, vmaddr);
122 ++ if (likely(vma->vm_mm->context))
123 ++ flush_tlb_page(vma, vmaddr);
124 + __flush_cache_page(vma, vmaddr, PFN_PHYS(pfn));
125 + }
126 + }
127 +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
128 +index 66c14347c502..23a65439c37c 100644
129 +--- a/arch/x86/include/asm/cpufeatures.h
130 ++++ b/arch/x86/include/asm/cpufeatures.h
131 +@@ -314,6 +314,7 @@
132 + #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* Carry-Less Multiplication Double Quadword */
133 + #define X86_FEATURE_AVX512_VNNI (16*32+11) /* Vector Neural Network Instructions */
134 + #define X86_FEATURE_AVX512_BITALG (16*32+12) /* Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions */
135 ++#define X86_FEATURE_TME (16*32+13) /* Intel Total Memory Encryption */
136 + #define X86_FEATURE_AVX512_VPOPCNTDQ (16*32+14) /* POPCNT for vectors of DW/QW */
137 + #define X86_FEATURE_LA57 (16*32+16) /* 5-level page tables */
138 + #define X86_FEATURE_RDPID (16*32+22) /* RDPID instruction */
139 +@@ -326,6 +327,7 @@
140 + /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */
141 + #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */
142 + #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */
143 ++#define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */
144 + #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */
145 + #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */
146 + #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
147 +diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
148 +index d0dabeae0505..f928ad9b143f 100644
149 +--- a/arch/x86/include/asm/nospec-branch.h
150 ++++ b/arch/x86/include/asm/nospec-branch.h
151 +@@ -183,7 +183,10 @@
152 + * otherwise we'll run out of registers. We don't care about CET
153 + * here, anyway.
154 + */
155 +-# define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n", \
156 ++# define CALL_NOSPEC \
157 ++ ALTERNATIVE( \
158 ++ ANNOTATE_RETPOLINE_SAFE \
159 ++ "call *%[thunk_target]\n", \
160 + " jmp 904f;\n" \
161 + " .align 16\n" \
162 + "901: call 903f;\n" \
163 +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
164 +index 4aa9fd379390..c3af167d0a70 100644
165 +--- a/arch/x86/kernel/cpu/intel.c
166 ++++ b/arch/x86/kernel/cpu/intel.c
167 +@@ -105,7 +105,7 @@ static void probe_xeon_phi_r3mwait(struct cpuinfo_x86 *c)
168 + /*
169 + * Early microcode releases for the Spectre v2 mitigation were broken.
170 + * Information taken from;
171 +- * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf
172 ++ * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf
173 + * - https://kb.vmware.com/s/article/52345
174 + * - Microcode revisions observed in the wild
175 + * - Release note from 20180108 microcode release
176 +@@ -123,7 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] = {
177 + { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 },
178 + { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e },
179 + { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c },
180 +- { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 },
181 + { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 },
182 + { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b },
183 + { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 },
184 +diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
185 +index 5edb27f1a2c4..9d0b5af7db91 100644
186 +--- a/arch/x86/kernel/vm86_32.c
187 ++++ b/arch/x86/kernel/vm86_32.c
188 +@@ -727,7 +727,8 @@ void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code)
189 + return;
190 +
191 + check_vip:
192 +- if (VEFLAGS & X86_EFLAGS_VIP) {
193 ++ if ((VEFLAGS & (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) ==
194 ++ (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) {
195 + save_v86_state(regs, VM86_STI);
196 + return;
197 + }
198 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
199 +index 2b6f8a4f2731..f438e0c4aa8c 100644
200 +--- a/arch/x86/kvm/mmu.c
201 ++++ b/arch/x86/kvm/mmu.c
202 +@@ -2758,8 +2758,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
203 + else
204 + pte_access &= ~ACC_WRITE_MASK;
205 +
206 ++ if (!kvm_is_mmio_pfn(pfn))
207 ++ spte |= shadow_me_mask;
208 ++
209 + spte |= (u64)pfn << PAGE_SHIFT;
210 +- spte |= shadow_me_mask;
211 +
212 + if (pte_access & ACC_WRITE_MASK) {
213 +
214 +diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
215 +index 4c155ee0f89e..0133d26f16be 100644
216 +--- a/arch/x86/mm/fault.c
217 ++++ b/arch/x86/mm/fault.c
218 +@@ -330,7 +330,7 @@ static noinline int vmalloc_fault(unsigned long address)
219 + if (!pmd_k)
220 + return -1;
221 +
222 +- if (pmd_huge(*pmd_k))
223 ++ if (pmd_large(*pmd_k))
224 + return 0;
225 +
226 + pte_k = pte_offset_kernel(pmd_k, address);
227 +@@ -479,7 +479,7 @@ static noinline int vmalloc_fault(unsigned long address)
228 + if (pud_none(*pud) || pud_pfn(*pud) != pud_pfn(*pud_ref))
229 + BUG();
230 +
231 +- if (pud_huge(*pud))
232 ++ if (pud_large(*pud))
233 + return 0;
234 +
235 + pmd = pmd_offset(pud, address);
236 +@@ -490,7 +490,7 @@ static noinline int vmalloc_fault(unsigned long address)
237 + if (pmd_none(*pmd) || pmd_pfn(*pmd) != pmd_pfn(*pmd_ref))
238 + BUG();
239 +
240 +- if (pmd_huge(*pmd))
241 ++ if (pmd_large(*pmd))
242 + return 0;
243 +
244 + pte_ref = pte_offset_kernel(pmd_ref, address);
245 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
246 +index 848242821ef3..1eff36a87595 100644
247 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
248 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
249 +@@ -69,25 +69,18 @@ void amdgpu_connector_hotplug(struct drm_connector *connector)
250 + /* don't do anything if sink is not display port, i.e.,
251 + * passive dp->(dvi|hdmi) adaptor
252 + */
253 +- if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT) {
254 +- int saved_dpms = connector->dpms;
255 +- /* Only turn off the display if it's physically disconnected */
256 +- if (!amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd)) {
257 +- drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF);
258 +- } else if (amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) {
259 +- /* Don't try to start link training before we
260 +- * have the dpcd */
261 +- if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector))
262 +- return;
263 +-
264 +- /* set it to OFF so that drm_helper_connector_dpms()
265 +- * won't return immediately since the current state
266 +- * is ON at this point.
267 +- */
268 +- connector->dpms = DRM_MODE_DPMS_OFF;
269 +- drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON);
270 +- }
271 +- connector->dpms = saved_dpms;
272 ++ if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT &&
273 ++ amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd) &&
274 ++ amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) {
275 ++ /* Don't start link training before we have the DPCD */
276 ++ if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector))
277 ++ return;
278 ++
279 ++ /* Turn the connector off and back on immediately, which
280 ++ * will trigger link training
281 ++ */
282 ++ drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF);
283 ++ drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON);
284 + }
285 + }
286 + }
287 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
288 +index 7171968f261e..837332e84d78 100644
289 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
290 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
291 +@@ -36,8 +36,6 @@ void amdgpu_gem_object_free(struct drm_gem_object *gobj)
292 + struct amdgpu_bo *robj = gem_to_amdgpu_bo(gobj);
293 +
294 + if (robj) {
295 +- if (robj->gem_base.import_attach)
296 +- drm_prime_gem_destroy(&robj->gem_base, robj->tbo.sg);
297 + amdgpu_mn_unregister(robj);
298 + amdgpu_bo_unref(&robj);
299 + }
300 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
301 +index ffe483980362..4d08957d2108 100644
302 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
303 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
304 +@@ -46,6 +46,8 @@ static void amdgpu_ttm_bo_destroy(struct ttm_buffer_object *tbo)
305 +
306 + amdgpu_bo_kunmap(bo);
307 +
308 ++ if (bo->gem_base.import_attach)
309 ++ drm_prime_gem_destroy(&bo->gem_base, bo->tbo.sg);
310 + drm_gem_object_release(&bo->gem_base);
311 + amdgpu_bo_unref(&bo->parent);
312 + if (!list_empty(&bo->shadow_list)) {
313 +diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c
314 +index 380f340204e8..f56f60f695e1 100644
315 +--- a/drivers/gpu/drm/nouveau/nouveau_backlight.c
316 ++++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c
317 +@@ -268,13 +268,13 @@ nouveau_backlight_init(struct drm_device *dev)
318 + struct nvif_device *device = &drm->client.device;
319 + struct drm_connector *connector;
320 +
321 ++ INIT_LIST_HEAD(&drm->bl_connectors);
322 ++
323 + if (apple_gmux_present()) {
324 + NV_INFO(drm, "Apple GMUX detected: not registering Nouveau backlight interface\n");
325 + return 0;
326 + }
327 +
328 +- INIT_LIST_HEAD(&drm->bl_connectors);
329 +-
330 + list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
331 + if (connector->connector_type != DRM_MODE_CONNECTOR_LVDS &&
332 + connector->connector_type != DRM_MODE_CONNECTOR_eDP)
333 +diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
334 +index 3386452bd2f0..ac467b80edc7 100644
335 +--- a/drivers/gpu/drm/radeon/radeon_gem.c
336 ++++ b/drivers/gpu/drm/radeon/radeon_gem.c
337 +@@ -34,8 +34,6 @@ void radeon_gem_object_free(struct drm_gem_object *gobj)
338 + struct radeon_bo *robj = gem_to_radeon_bo(gobj);
339 +
340 + if (robj) {
341 +- if (robj->gem_base.import_attach)
342 +- drm_prime_gem_destroy(&robj->gem_base, robj->tbo.sg);
343 + radeon_mn_unregister(robj);
344 + radeon_bo_unref(&robj);
345 + }
346 +diff --git a/drivers/gpu/drm/radeon/radeon_object.c b/drivers/gpu/drm/radeon/radeon_object.c
347 +index 093594976126..baadb706c276 100644
348 +--- a/drivers/gpu/drm/radeon/radeon_object.c
349 ++++ b/drivers/gpu/drm/radeon/radeon_object.c
350 +@@ -82,6 +82,8 @@ static void radeon_ttm_bo_destroy(struct ttm_buffer_object *tbo)
351 + mutex_unlock(&bo->rdev->gem.mutex);
352 + radeon_bo_clear_surface_reg(bo);
353 + WARN_ON_ONCE(!list_empty(&bo->va));
354 ++ if (bo->gem_base.import_attach)
355 ++ drm_prime_gem_destroy(&bo->gem_base, bo->tbo.sg);
356 + drm_gem_object_release(&bo->gem_base);
357 + kfree(bo);
358 + }
359 +diff --git a/drivers/infiniband/sw/rdmavt/mr.c b/drivers/infiniband/sw/rdmavt/mr.c
360 +index 42713511b53b..524e6134642e 100644
361 +--- a/drivers/infiniband/sw/rdmavt/mr.c
362 ++++ b/drivers/infiniband/sw/rdmavt/mr.c
363 +@@ -489,11 +489,13 @@ static int rvt_check_refs(struct rvt_mregion *mr, const char *t)
364 + unsigned long timeout;
365 + struct rvt_dev_info *rdi = ib_to_rvt(mr->pd->device);
366 +
367 +- if (percpu_ref_is_zero(&mr->refcount))
368 +- return 0;
369 +- /* avoid dma mr */
370 +- if (mr->lkey)
371 ++ if (mr->lkey) {
372 ++ /* avoid dma mr */
373 + rvt_dereg_clean_qps(mr);
374 ++ /* @mr was indexed on rcu protected @lkey_table */
375 ++ synchronize_rcu();
376 ++ }
377 ++
378 + timeout = wait_for_completion_timeout(&mr->comp, 5 * HZ);
379 + if (!timeout) {
380 + rvt_pr_err(rdi,
381 +diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
382 +index e88395605e32..af57f8473a88 100644
383 +--- a/drivers/irqchip/irq-gic-v3-its.c
384 ++++ b/drivers/irqchip/irq-gic-v3-its.c
385 +@@ -1310,7 +1310,7 @@ static struct irq_chip its_irq_chip = {
386 + * This gives us (((1UL << id_bits) - 8192) >> 5) possible allocations.
387 + */
388 + #define IRQS_PER_CHUNK_SHIFT 5
389 +-#define IRQS_PER_CHUNK (1 << IRQS_PER_CHUNK_SHIFT)
390 ++#define IRQS_PER_CHUNK (1UL << IRQS_PER_CHUNK_SHIFT)
391 + #define ITS_MAX_LPI_NRBITS 16 /* 64K LPIs */
392 +
393 + static unsigned long *lpi_bitmap;
394 +@@ -2026,11 +2026,10 @@ static struct its_device *its_create_device(struct its_node *its, u32 dev_id,
395 +
396 + dev = kzalloc(sizeof(*dev), GFP_KERNEL);
397 + /*
398 +- * At least one bit of EventID is being used, hence a minimum
399 +- * of two entries. No, the architecture doesn't let you
400 +- * express an ITT with a single entry.
401 ++ * We allocate at least one chunk worth of LPIs bet device,
402 ++ * and thus that many ITEs. The device may require less though.
403 + */
404 +- nr_ites = max(2UL, roundup_pow_of_two(nvecs));
405 ++ nr_ites = max(IRQS_PER_CHUNK, roundup_pow_of_two(nvecs));
406 + sz = nr_ites * its->ite_size;
407 + sz = max(sz, ITS_ITT_ALIGN) + ITS_ITT_ALIGN - 1;
408 + itt = kzalloc(sz, GFP_KERNEL);
409 +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
410 +index 9603886737b5..2300c02ab5e6 100644
411 +--- a/drivers/scsi/qla2xxx/qla_init.c
412 ++++ b/drivers/scsi/qla2xxx/qla_init.c
413 +@@ -102,11 +102,16 @@ qla2x00_async_iocb_timeout(void *data)
414 + struct srb_iocb *lio = &sp->u.iocb_cmd;
415 + struct event_arg ea;
416 +
417 +- ql_dbg(ql_dbg_disc, fcport->vha, 0x2071,
418 +- "Async-%s timeout - hdl=%x portid=%06x %8phC.\n",
419 +- sp->name, sp->handle, fcport->d_id.b24, fcport->port_name);
420 ++ if (fcport) {
421 ++ ql_dbg(ql_dbg_disc, fcport->vha, 0x2071,
422 ++ "Async-%s timeout - hdl=%x portid=%06x %8phC.\n",
423 ++ sp->name, sp->handle, fcport->d_id.b24, fcport->port_name);
424 +
425 +- fcport->flags &= ~FCF_ASYNC_SENT;
426 ++ fcport->flags &= ~FCF_ASYNC_SENT;
427 ++ } else {
428 ++ pr_info("Async-%s timeout - hdl=%x.\n",
429 ++ sp->name, sp->handle);
430 ++ }
431 +
432 + switch (sp->type) {
433 + case SRB_LOGIN_CMD:
434 +diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c
435 +index 78df7cfca568..d77dde89118e 100644
436 +--- a/drivers/scsi/qla2xxx/qla_mid.c
437 ++++ b/drivers/scsi/qla2xxx/qla_mid.c
438 +@@ -582,8 +582,9 @@ qla25xx_delete_req_que(struct scsi_qla_host *vha, struct req_que *req)
439 + ret = qla25xx_init_req_que(vha, req);
440 + if (ret != QLA_SUCCESS)
441 + return QLA_FUNCTION_FAILED;
442 ++
443 ++ qla25xx_free_req_que(vha, req);
444 + }
445 +- qla25xx_free_req_que(vha, req);
446 +
447 + return ret;
448 + }
449 +@@ -598,8 +599,9 @@ qla25xx_delete_rsp_que(struct scsi_qla_host *vha, struct rsp_que *rsp)
450 + ret = qla25xx_init_rsp_que(vha, rsp);
451 + if (ret != QLA_SUCCESS)
452 + return QLA_FUNCTION_FAILED;
453 ++
454 ++ qla25xx_free_rsp_que(vha, rsp);
455 + }
456 +- qla25xx_free_rsp_que(vha, rsp);
457 +
458 + return ret;
459 + }
460 +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
461 +index cfe7654f6bd3..1e17175692d3 100644
462 +--- a/drivers/scsi/qla2xxx/qla_os.c
463 ++++ b/drivers/scsi/qla2xxx/qla_os.c
464 +@@ -442,7 +442,7 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req,
465 + ha->req_q_map[0] = req;
466 + set_bit(0, ha->rsp_qid_map);
467 + set_bit(0, ha->req_qid_map);
468 +- return 1;
469 ++ return 0;
470 +
471 + fail_qpair_map:
472 + kfree(ha->base_qpair);
473 +@@ -459,6 +459,9 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req,
474 +
475 + static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req)
476 + {
477 ++ if (!ha->req_q_map)
478 ++ return;
479 ++
480 + if (IS_QLAFX00(ha)) {
481 + if (req && req->ring_fx00)
482 + dma_free_coherent(&ha->pdev->dev,
483 +@@ -469,14 +472,17 @@ static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req)
484 + (req->length + 1) * sizeof(request_t),
485 + req->ring, req->dma);
486 +
487 +- if (req)
488 ++ if (req) {
489 + kfree(req->outstanding_cmds);
490 +-
491 +- kfree(req);
492 ++ kfree(req);
493 ++ }
494 + }
495 +
496 + static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp)
497 + {
498 ++ if (!ha->rsp_q_map)
499 ++ return;
500 ++
501 + if (IS_QLAFX00(ha)) {
502 + if (rsp && rsp->ring)
503 + dma_free_coherent(&ha->pdev->dev,
504 +@@ -487,7 +493,8 @@ static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp)
505 + (rsp->length + 1) * sizeof(response_t),
506 + rsp->ring, rsp->dma);
507 + }
508 +- kfree(rsp);
509 ++ if (rsp)
510 ++ kfree(rsp);
511 + }
512 +
513 + static void qla2x00_free_queues(struct qla_hw_data *ha)
514 +@@ -1710,6 +1717,8 @@ qla2x00_abort_all_cmds(scsi_qla_host_t *vha, int res)
515 + struct qla_tgt_cmd *cmd;
516 + uint8_t trace = 0;
517 +
518 ++ if (!ha->req_q_map)
519 ++ return;
520 + spin_lock_irqsave(&ha->hardware_lock, flags);
521 + for (que = 0; que < ha->max_req_queues; que++) {
522 + req = ha->req_q_map[que];
523 +@@ -3063,14 +3072,14 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
524 + /* Set up the irqs */
525 + ret = qla2x00_request_irqs(ha, rsp);
526 + if (ret)
527 +- goto probe_hw_failed;
528 ++ goto probe_failed;
529 +
530 + /* Alloc arrays of request and response ring ptrs */
531 +- if (!qla2x00_alloc_queues(ha, req, rsp)) {
532 ++ if (qla2x00_alloc_queues(ha, req, rsp)) {
533 + ql_log(ql_log_fatal, base_vha, 0x003d,
534 + "Failed to allocate memory for queue pointers..."
535 + "aborting.\n");
536 +- goto probe_init_failed;
537 ++ goto probe_failed;
538 + }
539 +
540 + if (ha->mqenable && shost_use_blk_mq(host)) {
541 +@@ -3347,15 +3356,6 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
542 +
543 + return 0;
544 +
545 +-probe_init_failed:
546 +- qla2x00_free_req_que(ha, req);
547 +- ha->req_q_map[0] = NULL;
548 +- clear_bit(0, ha->req_qid_map);
549 +- qla2x00_free_rsp_que(ha, rsp);
550 +- ha->rsp_q_map[0] = NULL;
551 +- clear_bit(0, ha->rsp_qid_map);
552 +- ha->max_req_queues = ha->max_rsp_queues = 0;
553 +-
554 + probe_failed:
555 + if (base_vha->timer_active)
556 + qla2x00_stop_timer(base_vha);
557 +@@ -4435,11 +4435,17 @@ qla2x00_mem_free(struct qla_hw_data *ha)
558 + if (ha->init_cb)
559 + dma_free_coherent(&ha->pdev->dev, ha->init_cb_size,
560 + ha->init_cb, ha->init_cb_dma);
561 +- vfree(ha->optrom_buffer);
562 +- kfree(ha->nvram);
563 +- kfree(ha->npiv_info);
564 +- kfree(ha->swl);
565 +- kfree(ha->loop_id_map);
566 ++
567 ++ if (ha->optrom_buffer)
568 ++ vfree(ha->optrom_buffer);
569 ++ if (ha->nvram)
570 ++ kfree(ha->nvram);
571 ++ if (ha->npiv_info)
572 ++ kfree(ha->npiv_info);
573 ++ if (ha->swl)
574 ++ kfree(ha->swl);
575 ++ if (ha->loop_id_map)
576 ++ kfree(ha->loop_id_map);
577 +
578 + ha->srb_mempool = NULL;
579 + ha->ctx_mempool = NULL;
580 +@@ -4455,6 +4461,15 @@ qla2x00_mem_free(struct qla_hw_data *ha)
581 + ha->ex_init_cb_dma = 0;
582 + ha->async_pd = NULL;
583 + ha->async_pd_dma = 0;
584 ++ ha->loop_id_map = NULL;
585 ++ ha->npiv_info = NULL;
586 ++ ha->optrom_buffer = NULL;
587 ++ ha->swl = NULL;
588 ++ ha->nvram = NULL;
589 ++ ha->mctp_dump = NULL;
590 ++ ha->dcbx_tlv = NULL;
591 ++ ha->xgmac_data = NULL;
592 ++ ha->sfp_data = NULL;
593 +
594 + ha->s_dma_pool = NULL;
595 + ha->dl_dma_pool = NULL;
596 +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
597 +index 040a76011ffa..d6fe08de59a0 100644
598 +--- a/drivers/scsi/qla2xxx/qla_target.c
599 ++++ b/drivers/scsi/qla2xxx/qla_target.c
600 +@@ -971,6 +971,7 @@ static void qlt_free_session_done(struct work_struct *work)
601 +
602 + logo.id = sess->d_id;
603 + logo.cmd_count = 0;
604 ++ sess->send_els_logo = 0;
605 + qlt_send_first_logo(vha, &logo);
606 + }
607 +
608 +diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
609 +index ea910acb4bb0..fc28819253f7 100644
610 +--- a/drivers/usb/dwc3/core.h
611 ++++ b/drivers/usb/dwc3/core.h
612 +@@ -166,13 +166,15 @@
613 + #define DWC3_GDBGFIFOSPACE_TYPE(n) (((n) << 5) & 0x1e0)
614 + #define DWC3_GDBGFIFOSPACE_SPACE_AVAILABLE(n) (((n) >> 16) & 0xffff)
615 +
616 +-#define DWC3_TXFIFOQ 1
617 +-#define DWC3_RXFIFOQ 3
618 +-#define DWC3_TXREQQ 5
619 +-#define DWC3_RXREQQ 7
620 +-#define DWC3_RXINFOQ 9
621 +-#define DWC3_DESCFETCHQ 13
622 +-#define DWC3_EVENTQ 15
623 ++#define DWC3_TXFIFOQ 0
624 ++#define DWC3_RXFIFOQ 1
625 ++#define DWC3_TXREQQ 2
626 ++#define DWC3_RXREQQ 3
627 ++#define DWC3_RXINFOQ 4
628 ++#define DWC3_PSTATQ 5
629 ++#define DWC3_DESCFETCHQ 6
630 ++#define DWC3_EVENTQ 7
631 ++#define DWC3_AUXEVENTQ 8
632 +
633 + /* Global RX Threshold Configuration Register */
634 + #define DWC3_GRXTHRCFG_MAXRXBURSTSIZE(n) (((n) & 0x1f) << 19)
635 +diff --git a/drivers/usb/gadget/udc/bdc/bdc_pci.c b/drivers/usb/gadget/udc/bdc/bdc_pci.c
636 +index 02968842b359..708e36f530d8 100644
637 +--- a/drivers/usb/gadget/udc/bdc/bdc_pci.c
638 ++++ b/drivers/usb/gadget/udc/bdc/bdc_pci.c
639 +@@ -82,6 +82,7 @@ static int bdc_pci_probe(struct pci_dev *pci, const struct pci_device_id *id)
640 + if (ret) {
641 + dev_err(&pci->dev,
642 + "couldn't add resources to bdc device\n");
643 ++ platform_device_put(bdc);
644 + return ret;
645 + }
646 +
647 +diff --git a/fs/aio.c b/fs/aio.c
648 +index 5a2487217072..c3ace7833a03 100644
649 +--- a/fs/aio.c
650 ++++ b/fs/aio.c
651 +@@ -68,9 +68,9 @@ struct aio_ring {
652 + #define AIO_RING_PAGES 8
653 +
654 + struct kioctx_table {
655 +- struct rcu_head rcu;
656 +- unsigned nr;
657 +- struct kioctx *table[];
658 ++ struct rcu_head rcu;
659 ++ unsigned nr;
660 ++ struct kioctx __rcu *table[];
661 + };
662 +
663 + struct kioctx_cpu {
664 +@@ -115,7 +115,8 @@ struct kioctx {
665 + struct page **ring_pages;
666 + long nr_pages;
667 +
668 +- struct work_struct free_work;
669 ++ struct rcu_head free_rcu;
670 ++ struct work_struct free_work; /* see free_ioctx() */
671 +
672 + /*
673 + * signals when all in-flight requests are done
674 +@@ -329,7 +330,7 @@ static int aio_ring_mremap(struct vm_area_struct *vma)
675 + for (i = 0; i < table->nr; i++) {
676 + struct kioctx *ctx;
677 +
678 +- ctx = table->table[i];
679 ++ ctx = rcu_dereference(table->table[i]);
680 + if (ctx && ctx->aio_ring_file == file) {
681 + if (!atomic_read(&ctx->dead)) {
682 + ctx->user_id = ctx->mmap_base = vma->vm_start;
683 +@@ -588,6 +589,12 @@ static int kiocb_cancel(struct aio_kiocb *kiocb)
684 + return cancel(&kiocb->common);
685 + }
686 +
687 ++/*
688 ++ * free_ioctx() should be RCU delayed to synchronize against the RCU
689 ++ * protected lookup_ioctx() and also needs process context to call
690 ++ * aio_free_ring(), so the double bouncing through kioctx->free_rcu and
691 ++ * ->free_work.
692 ++ */
693 + static void free_ioctx(struct work_struct *work)
694 + {
695 + struct kioctx *ctx = container_of(work, struct kioctx, free_work);
696 +@@ -601,6 +608,14 @@ static void free_ioctx(struct work_struct *work)
697 + kmem_cache_free(kioctx_cachep, ctx);
698 + }
699 +
700 ++static void free_ioctx_rcufn(struct rcu_head *head)
701 ++{
702 ++ struct kioctx *ctx = container_of(head, struct kioctx, free_rcu);
703 ++
704 ++ INIT_WORK(&ctx->free_work, free_ioctx);
705 ++ schedule_work(&ctx->free_work);
706 ++}
707 ++
708 + static void free_ioctx_reqs(struct percpu_ref *ref)
709 + {
710 + struct kioctx *ctx = container_of(ref, struct kioctx, reqs);
711 +@@ -609,8 +624,8 @@ static void free_ioctx_reqs(struct percpu_ref *ref)
712 + if (ctx->rq_wait && atomic_dec_and_test(&ctx->rq_wait->count))
713 + complete(&ctx->rq_wait->comp);
714 +
715 +- INIT_WORK(&ctx->free_work, free_ioctx);
716 +- schedule_work(&ctx->free_work);
717 ++ /* Synchronize against RCU protected table->table[] dereferences */
718 ++ call_rcu(&ctx->free_rcu, free_ioctx_rcufn);
719 + }
720 +
721 + /*
722 +@@ -651,9 +666,9 @@ static int ioctx_add_table(struct kioctx *ctx, struct mm_struct *mm)
723 + while (1) {
724 + if (table)
725 + for (i = 0; i < table->nr; i++)
726 +- if (!table->table[i]) {
727 ++ if (!rcu_access_pointer(table->table[i])) {
728 + ctx->id = i;
729 +- table->table[i] = ctx;
730 ++ rcu_assign_pointer(table->table[i], ctx);
731 + spin_unlock(&mm->ioctx_lock);
732 +
733 + /* While kioctx setup is in progress,
734 +@@ -834,11 +849,11 @@ static int kill_ioctx(struct mm_struct *mm, struct kioctx *ctx,
735 + }
736 +
737 + table = rcu_dereference_raw(mm->ioctx_table);
738 +- WARN_ON(ctx != table->table[ctx->id]);
739 +- table->table[ctx->id] = NULL;
740 ++ WARN_ON(ctx != rcu_access_pointer(table->table[ctx->id]));
741 ++ RCU_INIT_POINTER(table->table[ctx->id], NULL);
742 + spin_unlock(&mm->ioctx_lock);
743 +
744 +- /* percpu_ref_kill() will do the necessary call_rcu() */
745 ++ /* free_ioctx_reqs() will do the necessary RCU synchronization */
746 + wake_up_all(&ctx->wait);
747 +
748 + /*
749 +@@ -880,7 +895,8 @@ void exit_aio(struct mm_struct *mm)
750 +
751 + skipped = 0;
752 + for (i = 0; i < table->nr; ++i) {
753 +- struct kioctx *ctx = table->table[i];
754 ++ struct kioctx *ctx =
755 ++ rcu_dereference_protected(table->table[i], true);
756 +
757 + if (!ctx) {
758 + skipped++;
759 +@@ -1069,7 +1085,7 @@ static struct kioctx *lookup_ioctx(unsigned long ctx_id)
760 + if (!table || id >= table->nr)
761 + goto out;
762 +
763 +- ctx = table->table[id];
764 ++ ctx = rcu_dereference(table->table[id]);
765 + if (ctx && ctx->user_id == ctx_id) {
766 + percpu_ref_get(&ctx->users);
767 + ret = ctx;
768 +diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
769 +index b517ef1477ea..0531cb9a3ba9 100644
770 +--- a/fs/btrfs/backref.c
771 ++++ b/fs/btrfs/backref.c
772 +@@ -1252,7 +1252,16 @@ static int find_parent_nodes(struct btrfs_trans_handle *trans,
773 + while (node) {
774 + ref = rb_entry(node, struct prelim_ref, rbnode);
775 + node = rb_next(&ref->rbnode);
776 +- WARN_ON(ref->count < 0);
777 ++ /*
778 ++ * ref->count < 0 can happen here if there are delayed
779 ++ * refs with a node->action of BTRFS_DROP_DELAYED_REF.
780 ++ * prelim_ref_insert() relies on this when merging
781 ++ * identical refs to keep the overall count correct.
782 ++ * prelim_ref_insert() will merge only those refs
783 ++ * which compare identically. Any refs having
784 ++ * e.g. different offsets would not be merged,
785 ++ * and would retain their original ref->count < 0.
786 ++ */
787 + if (roots && ref->count && ref->root_id && ref->parent == 0) {
788 + if (sc && sc->root_objectid &&
789 + ref->root_id != sc->root_objectid) {
790 +@@ -1496,6 +1505,7 @@ int btrfs_check_shared(struct btrfs_root *root, u64 inum, u64 bytenr)
791 + if (!node)
792 + break;
793 + bytenr = node->val;
794 ++ shared.share_count = 0;
795 + cond_resched();
796 + }
797 +
798 +diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
799 +index 6154825c30e1..32b186c5694c 100644
800 +--- a/fs/btrfs/raid56.c
801 ++++ b/fs/btrfs/raid56.c
802 +@@ -1348,6 +1348,7 @@ static int find_bio_stripe(struct btrfs_raid_bio *rbio,
803 + stripe_start = stripe->physical;
804 + if (physical >= stripe_start &&
805 + physical < stripe_start + rbio->stripe_len &&
806 ++ stripe->dev->bdev &&
807 + bio->bi_disk == stripe->dev->bdev->bd_disk &&
808 + bio->bi_partno == stripe->dev->bdev->bd_partno) {
809 + return i;
810 +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
811 +index bc534fafacf9..71b3cd634436 100644
812 +--- a/fs/btrfs/volumes.c
813 ++++ b/fs/btrfs/volumes.c
814 +@@ -589,6 +589,7 @@ void btrfs_free_stale_device(struct btrfs_device *cur_dev)
815 + btrfs_sysfs_remove_fsid(fs_devs);
816 + list_del(&fs_devs->list);
817 + free_fs_devices(fs_devs);
818 ++ break;
819 + } else {
820 + fs_devs->num_devices--;
821 + list_del(&dev->dev_list);
822 +@@ -4733,10 +4734,13 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans,
823 + ndevs = min(ndevs, devs_max);
824 +
825 + /*
826 +- * the primary goal is to maximize the number of stripes, so use as many
827 +- * devices as possible, even if the stripes are not maximum sized.
828 ++ * The primary goal is to maximize the number of stripes, so use as
829 ++ * many devices as possible, even if the stripes are not maximum sized.
830 ++ *
831 ++ * The DUP profile stores more than one stripe per device, the
832 ++ * max_avail is the total size so we have to adjust.
833 + */
834 +- stripe_size = devices_info[ndevs-1].max_avail;
835 ++ stripe_size = div_u64(devices_info[ndevs - 1].max_avail, dev_stripes);
836 + num_stripes = ndevs * dev_stripes;
837 +
838 + /*
839 +@@ -4771,8 +4775,6 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans,
840 + stripe_size = devices_info[ndevs-1].max_avail;
841 + }
842 +
843 +- stripe_size = div_u64(stripe_size, dev_stripes);
844 +-
845 + /* align to BTRFS_STRIPE_LEN */
846 + stripe_size = round_down(stripe_size, BTRFS_STRIPE_LEN);
847 +
848 +@@ -7080,10 +7082,24 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans,
849 +
850 + mutex_lock(&fs_devices->device_list_mutex);
851 + list_for_each_entry(device, &fs_devices->devices, dev_list) {
852 +- if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device))
853 ++ stats_cnt = atomic_read(&device->dev_stats_ccnt);
854 ++ if (!device->dev_stats_valid || stats_cnt == 0)
855 + continue;
856 +
857 +- stats_cnt = atomic_read(&device->dev_stats_ccnt);
858 ++
859 ++ /*
860 ++ * There is a LOAD-LOAD control dependency between the value of
861 ++ * dev_stats_ccnt and updating the on-disk values which requires
862 ++ * reading the in-memory counters. Such control dependencies
863 ++ * require explicit read memory barriers.
864 ++ *
865 ++ * This memory barriers pairs with smp_mb__before_atomic in
866 ++ * btrfs_dev_stat_inc/btrfs_dev_stat_set and with the full
867 ++ * barrier implied by atomic_xchg in
868 ++ * btrfs_dev_stats_read_and_reset
869 ++ */
870 ++ smp_rmb();
871 ++
872 + ret = update_dev_stat_item(trans, fs_info, device);
873 + if (!ret)
874 + atomic_sub(stats_cnt, &device->dev_stats_ccnt);
875 +diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
876 +index 6108fdfec67f..c5dd48eb7b3d 100644
877 +--- a/fs/btrfs/volumes.h
878 ++++ b/fs/btrfs/volumes.h
879 +@@ -498,6 +498,12 @@ static inline void btrfs_dev_stat_inc(struct btrfs_device *dev,
880 + int index)
881 + {
882 + atomic_inc(dev->dev_stat_values + index);
883 ++ /*
884 ++ * This memory barrier orders stores updating statistics before stores
885 ++ * updating dev_stats_ccnt.
886 ++ *
887 ++ * It pairs with smp_rmb() in btrfs_run_dev_stats().
888 ++ */
889 + smp_mb__before_atomic();
890 + atomic_inc(&dev->dev_stats_ccnt);
891 + }
892 +@@ -523,6 +529,12 @@ static inline void btrfs_dev_stat_set(struct btrfs_device *dev,
893 + int index, unsigned long val)
894 + {
895 + atomic_set(dev->dev_stat_values + index, val);
896 ++ /*
897 ++ * This memory barrier orders stores updating statistics before stores
898 ++ * updating dev_stats_ccnt.
899 ++ *
900 ++ * It pairs with smp_rmb() in btrfs_run_dev_stats().
901 ++ */
902 + smp_mb__before_atomic();
903 + atomic_inc(&dev->dev_stats_ccnt);
904 + }
905 +diff --git a/fs/dcache.c b/fs/dcache.c
906 +index b8d999a5768b..a1417787e269 100644
907 +--- a/fs/dcache.c
908 ++++ b/fs/dcache.c
909 +@@ -644,11 +644,16 @@ static inline struct dentry *lock_parent(struct dentry *dentry)
910 + spin_unlock(&parent->d_lock);
911 + goto again;
912 + }
913 +- rcu_read_unlock();
914 +- if (parent != dentry)
915 ++ if (parent != dentry) {
916 + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
917 +- else
918 ++ if (unlikely(dentry->d_lockref.count < 0)) {
919 ++ spin_unlock(&parent->d_lock);
920 ++ parent = NULL;
921 ++ }
922 ++ } else {
923 + parent = NULL;
924 ++ }
925 ++ rcu_read_unlock();
926 + return parent;
927 + }
928 +
929 +diff --git a/fs/namei.c b/fs/namei.c
930 +index cbe24e367a70..f839b0750ca3 100644
931 +--- a/fs/namei.c
932 ++++ b/fs/namei.c
933 +@@ -578,9 +578,10 @@ static int __nd_alloc_stack(struct nameidata *nd)
934 + static bool path_connected(const struct path *path)
935 + {
936 + struct vfsmount *mnt = path->mnt;
937 ++ struct super_block *sb = mnt->mnt_sb;
938 +
939 +- /* Only bind mounts can have disconnected paths */
940 +- if (mnt->mnt_root == mnt->mnt_sb->s_root)
941 ++ /* Bind mounts and multi-root filesystems can have disconnected paths */
942 ++ if (!(sb->s_iflags & SB_I_MULTIROOT) && (mnt->mnt_root == sb->s_root))
943 + return true;
944 +
945 + return is_subdir(path->dentry, mnt->mnt_root);
946 +diff --git a/fs/nfs/super.c b/fs/nfs/super.c
947 +index 216f67d628b3..38de09b08e96 100644
948 +--- a/fs/nfs/super.c
949 ++++ b/fs/nfs/super.c
950 +@@ -2623,6 +2623,8 @@ struct dentry *nfs_fs_mount_common(struct nfs_server *server,
951 + /* initial superblock/root creation */
952 + mount_info->fill_super(s, mount_info);
953 + nfs_get_cache_cookie(s, mount_info->parsed, mount_info->cloned);
954 ++ if (!(server->flags & NFS_MOUNT_UNSHARED))
955 ++ s->s_iflags |= SB_I_MULTIROOT;
956 + }
957 +
958 + mntroot = nfs_get_root(s, mount_info->mntfh, dev_name);
959 +diff --git a/include/linux/fs.h b/include/linux/fs.h
960 +index d54f41a63dbf..cc613f20e5a6 100644
961 +--- a/include/linux/fs.h
962 ++++ b/include/linux/fs.h
963 +@@ -1312,6 +1312,7 @@ extern int send_sigurg(struct fown_struct *fown);
964 + #define SB_I_CGROUPWB 0x00000001 /* cgroup-aware writeback enabled */
965 + #define SB_I_NOEXEC 0x00000002 /* Ignore executables on this fs */
966 + #define SB_I_NODEV 0x00000004 /* Ignore devices on this fs */
967 ++#define SB_I_MULTIROOT 0x00000008 /* Multiple roots to the dentry tree */
968 +
969 + /* sb->s_iflags to limit user namespace mounts */
970 + #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */
971 +diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h
972 +index 14b74f22d43c..bacb499c512c 100644
973 +--- a/include/linux/irqchip/arm-gic-v3.h
974 ++++ b/include/linux/irqchip/arm-gic-v3.h
975 +@@ -501,6 +501,7 @@
976 +
977 + #define ICH_HCR_EN (1 << 0)
978 + #define ICH_HCR_UIE (1 << 1)
979 ++#define ICH_HCR_NPIE (1 << 3)
980 + #define ICH_HCR_TC (1 << 10)
981 + #define ICH_HCR_TALL0 (1 << 11)
982 + #define ICH_HCR_TALL1 (1 << 12)
983 +diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h
984 +index d3453ee072fc..68d8b1f73682 100644
985 +--- a/include/linux/irqchip/arm-gic.h
986 ++++ b/include/linux/irqchip/arm-gic.h
987 +@@ -84,6 +84,7 @@
988 +
989 + #define GICH_HCR_EN (1 << 0)
990 + #define GICH_HCR_UIE (1 << 1)
991 ++#define GICH_HCR_NPIE (1 << 3)
992 +
993 + #define GICH_LR_VIRTUALID (0x3ff << 0)
994 + #define GICH_LR_PHYSID_CPUID_SHIFT (10)
995 +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
996 +index c2db7e905f7d..012881461058 100644
997 +--- a/sound/core/oss/pcm_oss.c
998 ++++ b/sound/core/oss/pcm_oss.c
999 +@@ -1762,10 +1762,9 @@ static int snd_pcm_oss_get_formats(struct snd_pcm_oss_file *pcm_oss_file)
1000 + return -ENOMEM;
1001 + _snd_pcm_hw_params_any(params);
1002 + err = snd_pcm_hw_refine(substream, params);
1003 +- format_mask = hw_param_mask_c(params, SNDRV_PCM_HW_PARAM_FORMAT);
1004 +- kfree(params);
1005 + if (err < 0)
1006 +- return err;
1007 ++ goto error;
1008 ++ format_mask = hw_param_mask_c(params, SNDRV_PCM_HW_PARAM_FORMAT);
1009 + for (fmt = 0; fmt < 32; ++fmt) {
1010 + if (snd_mask_test(format_mask, fmt)) {
1011 + int f = snd_pcm_oss_format_to(fmt);
1012 +@@ -1773,7 +1772,10 @@ static int snd_pcm_oss_get_formats(struct snd_pcm_oss_file *pcm_oss_file)
1013 + formats |= f;
1014 + }
1015 + }
1016 +- return formats;
1017 ++
1018 ++ error:
1019 ++ kfree(params);
1020 ++ return err < 0 ? err : formats;
1021 + }
1022 +
1023 + static int snd_pcm_oss_set_format(struct snd_pcm_oss_file *pcm_oss_file, int format)
1024 +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
1025 +index 1f3aa466ac9b..a4c571cb3b87 100644
1026 +--- a/sound/core/seq/seq_clientmgr.c
1027 ++++ b/sound/core/seq/seq_clientmgr.c
1028 +@@ -255,12 +255,12 @@ static int seq_free_client1(struct snd_seq_client *client)
1029 +
1030 + if (!client)
1031 + return 0;
1032 +- snd_seq_delete_all_ports(client);
1033 +- snd_seq_queue_client_leave(client->number);
1034 + spin_lock_irqsave(&clients_lock, flags);
1035 + clienttablock[client->number] = 1;
1036 + clienttab[client->number] = NULL;
1037 + spin_unlock_irqrestore(&clients_lock, flags);
1038 ++ snd_seq_delete_all_ports(client);
1039 ++ snd_seq_queue_client_leave(client->number);
1040 + snd_use_lock_sync(&client->use_lock);
1041 + snd_seq_queue_client_termination(client->number);
1042 + if (client->pool)
1043 +diff --git a/sound/core/seq/seq_prioq.c b/sound/core/seq/seq_prioq.c
1044 +index bc1c8488fc2a..2bc6759e4adc 100644
1045 +--- a/sound/core/seq/seq_prioq.c
1046 ++++ b/sound/core/seq/seq_prioq.c
1047 +@@ -87,7 +87,7 @@ void snd_seq_prioq_delete(struct snd_seq_prioq **fifo)
1048 + if (f->cells > 0) {
1049 + /* drain prioQ */
1050 + while (f->cells > 0)
1051 +- snd_seq_cell_free(snd_seq_prioq_cell_out(f));
1052 ++ snd_seq_cell_free(snd_seq_prioq_cell_out(f, NULL));
1053 + }
1054 +
1055 + kfree(f);
1056 +@@ -214,8 +214,18 @@ int snd_seq_prioq_cell_in(struct snd_seq_prioq * f,
1057 + return 0;
1058 + }
1059 +
1060 ++/* return 1 if the current time >= event timestamp */
1061 ++static int event_is_ready(struct snd_seq_event *ev, void *current_time)
1062 ++{
1063 ++ if ((ev->flags & SNDRV_SEQ_TIME_STAMP_MASK) == SNDRV_SEQ_TIME_STAMP_TICK)
1064 ++ return snd_seq_compare_tick_time(current_time, &ev->time.tick);
1065 ++ else
1066 ++ return snd_seq_compare_real_time(current_time, &ev->time.time);
1067 ++}
1068 ++
1069 + /* dequeue cell from prioq */
1070 +-struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f)
1071 ++struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f,
1072 ++ void *current_time)
1073 + {
1074 + struct snd_seq_event_cell *cell;
1075 + unsigned long flags;
1076 +@@ -227,6 +237,8 @@ struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f)
1077 + spin_lock_irqsave(&f->lock, flags);
1078 +
1079 + cell = f->head;
1080 ++ if (cell && current_time && !event_is_ready(&cell->event, current_time))
1081 ++ cell = NULL;
1082 + if (cell) {
1083 + f->head = cell->next;
1084 +
1085 +@@ -252,18 +264,6 @@ int snd_seq_prioq_avail(struct snd_seq_prioq * f)
1086 + return f->cells;
1087 + }
1088 +
1089 +-
1090 +-/* peek at cell at the head of the prioq */
1091 +-struct snd_seq_event_cell *snd_seq_prioq_cell_peek(struct snd_seq_prioq * f)
1092 +-{
1093 +- if (f == NULL) {
1094 +- pr_debug("ALSA: seq: snd_seq_prioq_cell_in() called with NULL prioq\n");
1095 +- return NULL;
1096 +- }
1097 +- return f->head;
1098 +-}
1099 +-
1100 +-
1101 + static inline int prioq_match(struct snd_seq_event_cell *cell,
1102 + int client, int timestamp)
1103 + {
1104 +diff --git a/sound/core/seq/seq_prioq.h b/sound/core/seq/seq_prioq.h
1105 +index d38bb78d9345..2c315ca10fc4 100644
1106 +--- a/sound/core/seq/seq_prioq.h
1107 ++++ b/sound/core/seq/seq_prioq.h
1108 +@@ -44,14 +44,12 @@ void snd_seq_prioq_delete(struct snd_seq_prioq **fifo);
1109 + int snd_seq_prioq_cell_in(struct snd_seq_prioq *f, struct snd_seq_event_cell *cell);
1110 +
1111 + /* dequeue cell from prioq */
1112 +-struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f);
1113 ++struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f,
1114 ++ void *current_time);
1115 +
1116 + /* return number of events available in prioq */
1117 + int snd_seq_prioq_avail(struct snd_seq_prioq *f);
1118 +
1119 +-/* peek at cell at the head of the prioq */
1120 +-struct snd_seq_event_cell *snd_seq_prioq_cell_peek(struct snd_seq_prioq *f);
1121 +-
1122 + /* client left queue */
1123 + void snd_seq_prioq_leave(struct snd_seq_prioq *f, int client, int timestamp);
1124 +
1125 +diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c
1126 +index 79e0c5604ef8..1a6dc4ff44a6 100644
1127 +--- a/sound/core/seq/seq_queue.c
1128 ++++ b/sound/core/seq/seq_queue.c
1129 +@@ -277,30 +277,20 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop)
1130 +
1131 + __again:
1132 + /* Process tick queue... */
1133 +- while ((cell = snd_seq_prioq_cell_peek(q->tickq)) != NULL) {
1134 +- if (snd_seq_compare_tick_time(&q->timer->tick.cur_tick,
1135 +- &cell->event.time.tick)) {
1136 +- cell = snd_seq_prioq_cell_out(q->tickq);
1137 +- if (cell)
1138 +- snd_seq_dispatch_event(cell, atomic, hop);
1139 +- } else {
1140 +- /* event remains in the queue */
1141 ++ for (;;) {
1142 ++ cell = snd_seq_prioq_cell_out(q->tickq,
1143 ++ &q->timer->tick.cur_tick);
1144 ++ if (!cell)
1145 + break;
1146 +- }
1147 ++ snd_seq_dispatch_event(cell, atomic, hop);
1148 + }
1149 +
1150 +-
1151 + /* Process time queue... */
1152 +- while ((cell = snd_seq_prioq_cell_peek(q->timeq)) != NULL) {
1153 +- if (snd_seq_compare_real_time(&q->timer->cur_time,
1154 +- &cell->event.time.time)) {
1155 +- cell = snd_seq_prioq_cell_out(q->timeq);
1156 +- if (cell)
1157 +- snd_seq_dispatch_event(cell, atomic, hop);
1158 +- } else {
1159 +- /* event remains in the queue */
1160 ++ for (;;) {
1161 ++ cell = snd_seq_prioq_cell_out(q->timeq, &q->timer->cur_time);
1162 ++ if (!cell)
1163 + break;
1164 +- }
1165 ++ snd_seq_dispatch_event(cell, atomic, hop);
1166 + }
1167 +
1168 + /* free lock */
1169 +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
1170 +index 96143df19b21..d5017adf9feb 100644
1171 +--- a/sound/pci/hda/hda_intel.c
1172 ++++ b/sound/pci/hda/hda_intel.c
1173 +@@ -181,11 +181,15 @@ static const struct kernel_param_ops param_ops_xint = {
1174 + };
1175 + #define param_check_xint param_check_int
1176 +
1177 +-static int power_save = -1;
1178 ++static int power_save = CONFIG_SND_HDA_POWER_SAVE_DEFAULT;
1179 + module_param(power_save, xint, 0644);
1180 + MODULE_PARM_DESC(power_save, "Automatic power-saving timeout "
1181 + "(in second, 0 = disable).");
1182 +
1183 ++static bool pm_blacklist = true;
1184 ++module_param(pm_blacklist, bool, 0644);
1185 ++MODULE_PARM_DESC(pm_blacklist, "Enable power-management blacklist");
1186 ++
1187 + /* reset the HD-audio controller in power save mode.
1188 + * this may give more power-saving, but will take longer time to
1189 + * wake up.
1190 +@@ -2300,10 +2304,9 @@ static int azx_probe_continue(struct azx *chip)
1191 +
1192 + val = power_save;
1193 + #ifdef CONFIG_PM
1194 +- if (val == -1) {
1195 ++ if (pm_blacklist) {
1196 + const struct snd_pci_quirk *q;
1197 +
1198 +- val = CONFIG_SND_HDA_POWER_SAVE_DEFAULT;
1199 + q = snd_pci_quirk_lookup(chip->pci, power_save_blacklist);
1200 + if (q && val) {
1201 + dev_info(chip->card->dev, "device %04x:%04x is on the power_save blacklist, forcing power_save to 0\n",
1202 +diff --git a/tools/testing/selftests/x86/entry_from_vm86.c b/tools/testing/selftests/x86/entry_from_vm86.c
1203 +index d075ea0e5ca1..ade443a88421 100644
1204 +--- a/tools/testing/selftests/x86/entry_from_vm86.c
1205 ++++ b/tools/testing/selftests/x86/entry_from_vm86.c
1206 +@@ -95,6 +95,31 @@ asm (
1207 + "int3\n\t"
1208 + "vmcode_int80:\n\t"
1209 + "int $0x80\n\t"
1210 ++ "vmcode_popf_hlt:\n\t"
1211 ++ "push %ax\n\t"
1212 ++ "popf\n\t"
1213 ++ "hlt\n\t"
1214 ++ "vmcode_umip:\n\t"
1215 ++ /* addressing via displacements */
1216 ++ "smsw (2052)\n\t"
1217 ++ "sidt (2054)\n\t"
1218 ++ "sgdt (2060)\n\t"
1219 ++ /* addressing via registers */
1220 ++ "mov $2066, %bx\n\t"
1221 ++ "smsw (%bx)\n\t"
1222 ++ "mov $2068, %bx\n\t"
1223 ++ "sidt (%bx)\n\t"
1224 ++ "mov $2074, %bx\n\t"
1225 ++ "sgdt (%bx)\n\t"
1226 ++ /* register operands, only for smsw */
1227 ++ "smsw %ax\n\t"
1228 ++ "mov %ax, (2080)\n\t"
1229 ++ "int3\n\t"
1230 ++ "vmcode_umip_str:\n\t"
1231 ++ "str %eax\n\t"
1232 ++ "vmcode_umip_sldt:\n\t"
1233 ++ "sldt %eax\n\t"
1234 ++ "int3\n\t"
1235 + ".size vmcode, . - vmcode\n\t"
1236 + "end_vmcode:\n\t"
1237 + ".code32\n\t"
1238 +@@ -103,7 +128,8 @@ asm (
1239 +
1240 + extern unsigned char vmcode[], end_vmcode[];
1241 + extern unsigned char vmcode_bound[], vmcode_sysenter[], vmcode_syscall[],
1242 +- vmcode_sti[], vmcode_int3[], vmcode_int80[];
1243 ++ vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_popf_hlt[],
1244 ++ vmcode_umip[], vmcode_umip_str[], vmcode_umip_sldt[];
1245 +
1246 + /* Returns false if the test was skipped. */
1247 + static bool do_test(struct vm86plus_struct *v86, unsigned long eip,
1248 +@@ -153,13 +179,75 @@ static bool do_test(struct vm86plus_struct *v86, unsigned long eip,
1249 + (VM86_TYPE(ret) == rettype && VM86_ARG(ret) == retarg)) {
1250 + printf("[OK]\tReturned correctly\n");
1251 + } else {
1252 +- printf("[FAIL]\tIncorrect return reason\n");
1253 ++ printf("[FAIL]\tIncorrect return reason (started at eip = 0x%lx, ended at eip = 0x%lx)\n", eip, v86->regs.eip);
1254 + nerrs++;
1255 + }
1256 +
1257 + return true;
1258 + }
1259 +
1260 ++void do_umip_tests(struct vm86plus_struct *vm86, unsigned char *test_mem)
1261 ++{
1262 ++ struct table_desc {
1263 ++ unsigned short limit;
1264 ++ unsigned long base;
1265 ++ } __attribute__((packed));
1266 ++
1267 ++ /* Initialize variables with arbitrary values */
1268 ++ struct table_desc gdt1 = { .base = 0x3c3c3c3c, .limit = 0x9999 };
1269 ++ struct table_desc gdt2 = { .base = 0x1a1a1a1a, .limit = 0xaeae };
1270 ++ struct table_desc idt1 = { .base = 0x7b7b7b7b, .limit = 0xf1f1 };
1271 ++ struct table_desc idt2 = { .base = 0x89898989, .limit = 0x1313 };
1272 ++ unsigned short msw1 = 0x1414, msw2 = 0x2525, msw3 = 3737;
1273 ++
1274 ++ /* UMIP -- exit with INT3 unless kernel emulation did not trap #GP */
1275 ++ do_test(vm86, vmcode_umip - vmcode, VM86_TRAP, 3, "UMIP tests");
1276 ++
1277 ++ /* Results from displacement-only addressing */
1278 ++ msw1 = *(unsigned short *)(test_mem + 2052);
1279 ++ memcpy(&idt1, test_mem + 2054, sizeof(idt1));
1280 ++ memcpy(&gdt1, test_mem + 2060, sizeof(gdt1));
1281 ++
1282 ++ /* Results from register-indirect addressing */
1283 ++ msw2 = *(unsigned short *)(test_mem + 2066);
1284 ++ memcpy(&idt2, test_mem + 2068, sizeof(idt2));
1285 ++ memcpy(&gdt2, test_mem + 2074, sizeof(gdt2));
1286 ++
1287 ++ /* Results when using register operands */
1288 ++ msw3 = *(unsigned short *)(test_mem + 2080);
1289 ++
1290 ++ printf("[INFO]\tResult from SMSW:[0x%04x]\n", msw1);
1291 ++ printf("[INFO]\tResult from SIDT: limit[0x%04x]base[0x%08lx]\n",
1292 ++ idt1.limit, idt1.base);
1293 ++ printf("[INFO]\tResult from SGDT: limit[0x%04x]base[0x%08lx]\n",
1294 ++ gdt1.limit, gdt1.base);
1295 ++
1296 ++ if (msw1 != msw2 || msw1 != msw3)
1297 ++ printf("[FAIL]\tAll the results of SMSW should be the same.\n");
1298 ++ else
1299 ++ printf("[PASS]\tAll the results from SMSW are identical.\n");
1300 ++
1301 ++ if (memcmp(&gdt1, &gdt2, sizeof(gdt1)))
1302 ++ printf("[FAIL]\tAll the results of SGDT should be the same.\n");
1303 ++ else
1304 ++ printf("[PASS]\tAll the results from SGDT are identical.\n");
1305 ++
1306 ++ if (memcmp(&idt1, &idt2, sizeof(idt1)))
1307 ++ printf("[FAIL]\tAll the results of SIDT should be the same.\n");
1308 ++ else
1309 ++ printf("[PASS]\tAll the results from SIDT are identical.\n");
1310 ++
1311 ++ sethandler(SIGILL, sighandler, 0);
1312 ++ do_test(vm86, vmcode_umip_str - vmcode, VM86_SIGNAL, 0,
1313 ++ "STR instruction");
1314 ++ clearhandler(SIGILL);
1315 ++
1316 ++ sethandler(SIGILL, sighandler, 0);
1317 ++ do_test(vm86, vmcode_umip_sldt - vmcode, VM86_SIGNAL, 0,
1318 ++ "SLDT instruction");
1319 ++ clearhandler(SIGILL);
1320 ++}
1321 ++
1322 + int main(void)
1323 + {
1324 + struct vm86plus_struct v86;
1325 +@@ -180,6 +268,9 @@ int main(void)
1326 + v86.regs.ds = load_addr / 16;
1327 + v86.regs.es = load_addr / 16;
1328 +
1329 ++ /* Use the end of the page as our stack. */
1330 ++ v86.regs.esp = 4096;
1331 ++
1332 + assert((v86.regs.cs & 3) == 0); /* Looks like RPL = 0 */
1333 +
1334 + /* #BR -- should deliver SIG??? */
1335 +@@ -211,6 +302,23 @@ int main(void)
1336 + v86.regs.eflags &= ~X86_EFLAGS_IF;
1337 + do_test(&v86, vmcode_sti - vmcode, VM86_STI, 0, "STI with VIP set");
1338 +
1339 ++ /* POPF with VIP set but IF clear: should not trap */
1340 ++ v86.regs.eflags = X86_EFLAGS_VIP;
1341 ++ v86.regs.eax = 0;
1342 ++ do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP set and IF clear");
1343 ++
1344 ++ /* POPF with VIP set and IF set: should trap */
1345 ++ v86.regs.eflags = X86_EFLAGS_VIP;
1346 ++ v86.regs.eax = X86_EFLAGS_IF;
1347 ++ do_test(&v86, vmcode_popf_hlt - vmcode, VM86_STI, 0, "POPF with VIP and IF set");
1348 ++
1349 ++ /* POPF with VIP clear and IF set: should not trap */
1350 ++ v86.regs.eflags = 0;
1351 ++ v86.regs.eax = X86_EFLAGS_IF;
1352 ++ do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP clear and IF set");
1353 ++
1354 ++ v86.regs.eflags = 0;
1355 ++
1356 + /* INT3 -- should cause #BP */
1357 + do_test(&v86, vmcode_int3 - vmcode, VM86_TRAP, 3, "INT3");
1358 +
1359 +@@ -218,6 +326,9 @@ int main(void)
1360 + v86.regs.eax = (unsigned int)-1;
1361 + do_test(&v86, vmcode_int80 - vmcode, VM86_INTx, 0x80, "int80");
1362 +
1363 ++ /* UMIP -- should exit with INTx 0x80 unless UMIP was not disabled */
1364 ++ do_umip_tests(&v86, addr);
1365 ++
1366 + /* Execute a null pointer */
1367 + v86.regs.cs = 0;
1368 + v86.regs.ss = 0;
1369 +@@ -231,7 +342,7 @@ int main(void)
1370 + clearhandler(SIGSEGV);
1371 +
1372 + /* Make sure nothing explodes if we fork. */
1373 +- if (fork() > 0)
1374 ++ if (fork() == 0)
1375 + return 0;
1376 +
1377 + return (nerrs == 0 ? 0 : 1);
1378 +diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c
1379 +index 8e89d63005c7..49a7d8c75937 100644
1380 +--- a/virt/kvm/arm/arch_timer.c
1381 ++++ b/virt/kvm/arm/arch_timer.c
1382 +@@ -602,7 +602,7 @@ int kvm_timer_hyp_init(void)
1383 + return err;
1384 + }
1385 +
1386 +- kvm_info("virtual timer IRQ%d\n", host_vtimer_irq);
1387 ++ kvm_debug("virtual timer IRQ%d\n", host_vtimer_irq);
1388 +
1389 + cpuhp_setup_state(CPUHP_AP_KVM_ARM_TIMER_STARTING,
1390 + "kvm/arm/timer:starting", kvm_timer_starting_cpu,
1391 +diff --git a/virt/kvm/arm/hyp/vgic-v3-sr.c b/virt/kvm/arm/hyp/vgic-v3-sr.c
1392 +index 91728faa13fd..f2d1d4e8ae59 100644
1393 +--- a/virt/kvm/arm/hyp/vgic-v3-sr.c
1394 ++++ b/virt/kvm/arm/hyp/vgic-v3-sr.c
1395 +@@ -215,7 +215,8 @@ void __hyp_text __vgic_v3_save_state(struct kvm_vcpu *vcpu)
1396 + * are now visible to the system register interface.
1397 + */
1398 + if (!cpu_if->vgic_sre) {
1399 +- dsb(st);
1400 ++ dsb(sy);
1401 ++ isb();
1402 + cpu_if->vgic_vmcr = read_gicreg(ICH_VMCR_EL2);
1403 + }
1404 +
1405 +diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c
1406 +index 9dea96380339..b69798a7880e 100644
1407 +--- a/virt/kvm/arm/mmu.c
1408 ++++ b/virt/kvm/arm/mmu.c
1409 +@@ -1760,9 +1760,9 @@ int kvm_mmu_init(void)
1410 + */
1411 + BUG_ON((hyp_idmap_start ^ (hyp_idmap_end - 1)) & PAGE_MASK);
1412 +
1413 +- kvm_info("IDMAP page: %lx\n", hyp_idmap_start);
1414 +- kvm_info("HYP VA range: %lx:%lx\n",
1415 +- kern_hyp_va(PAGE_OFFSET), kern_hyp_va(~0UL));
1416 ++ kvm_debug("IDMAP page: %lx\n", hyp_idmap_start);
1417 ++ kvm_debug("HYP VA range: %lx:%lx\n",
1418 ++ kern_hyp_va(PAGE_OFFSET), kern_hyp_va(~0UL));
1419 +
1420 + if (hyp_idmap_start >= kern_hyp_va(PAGE_OFFSET) &&
1421 + hyp_idmap_start < kern_hyp_va(~0UL) &&
1422 +diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c
1423 +index e4187e52bb26..841d4b27555a 100644
1424 +--- a/virt/kvm/arm/vgic/vgic-v2.c
1425 ++++ b/virt/kvm/arm/vgic/vgic-v2.c
1426 +@@ -37,6 +37,13 @@ void vgic_v2_init_lrs(void)
1427 + vgic_v2_write_lr(i, 0);
1428 + }
1429 +
1430 ++void vgic_v2_set_npie(struct kvm_vcpu *vcpu)
1431 ++{
1432 ++ struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2;
1433 ++
1434 ++ cpuif->vgic_hcr |= GICH_HCR_NPIE;
1435 ++}
1436 ++
1437 + void vgic_v2_set_underflow(struct kvm_vcpu *vcpu)
1438 + {
1439 + struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2;
1440 +@@ -63,7 +70,7 @@ void vgic_v2_fold_lr_state(struct kvm_vcpu *vcpu)
1441 + struct vgic_v2_cpu_if *cpuif = &vgic_cpu->vgic_v2;
1442 + int lr;
1443 +
1444 +- cpuif->vgic_hcr &= ~GICH_HCR_UIE;
1445 ++ cpuif->vgic_hcr &= ~(GICH_HCR_UIE | GICH_HCR_NPIE);
1446 +
1447 + for (lr = 0; lr < vgic_cpu->used_lrs; lr++) {
1448 + u32 val = cpuif->vgic_lr[lr];
1449 +@@ -380,7 +387,7 @@ int vgic_v2_probe(const struct gic_kvm_info *info)
1450 + kvm_vgic_global_state.type = VGIC_V2;
1451 + kvm_vgic_global_state.max_gic_vcpus = VGIC_V2_MAX_CPUS;
1452 +
1453 +- kvm_info("vgic-v2@%llx\n", info->vctrl.start);
1454 ++ kvm_debug("vgic-v2@%llx\n", info->vctrl.start);
1455 +
1456 + return 0;
1457 + out:
1458 +diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
1459 +index 502f2100e7bf..9dcc31600a8b 100644
1460 +--- a/virt/kvm/arm/vgic/vgic-v3.c
1461 ++++ b/virt/kvm/arm/vgic/vgic-v3.c
1462 +@@ -25,6 +25,13 @@ static bool group0_trap;
1463 + static bool group1_trap;
1464 + static bool common_trap;
1465 +
1466 ++void vgic_v3_set_npie(struct kvm_vcpu *vcpu)
1467 ++{
1468 ++ struct vgic_v3_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v3;
1469 ++
1470 ++ cpuif->vgic_hcr |= ICH_HCR_NPIE;
1471 ++}
1472 ++
1473 + void vgic_v3_set_underflow(struct kvm_vcpu *vcpu)
1474 + {
1475 + struct vgic_v3_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v3;
1476 +@@ -45,7 +52,7 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu)
1477 + u32 model = vcpu->kvm->arch.vgic.vgic_model;
1478 + int lr;
1479 +
1480 +- cpuif->vgic_hcr &= ~ICH_HCR_UIE;
1481 ++ cpuif->vgic_hcr &= ~(ICH_HCR_UIE | ICH_HCR_NPIE);
1482 +
1483 + for (lr = 0; lr < vgic_cpu->used_lrs; lr++) {
1484 + u64 val = cpuif->vgic_lr[lr];
1485 +diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c
1486 +index da53c6e7d688..c9a8e7b7c300 100644
1487 +--- a/virt/kvm/arm/vgic/vgic.c
1488 ++++ b/virt/kvm/arm/vgic/vgic.c
1489 +@@ -610,22 +610,37 @@ static inline void vgic_set_underflow(struct kvm_vcpu *vcpu)
1490 + vgic_v3_set_underflow(vcpu);
1491 + }
1492 +
1493 ++static inline void vgic_set_npie(struct kvm_vcpu *vcpu)
1494 ++{
1495 ++ if (kvm_vgic_global_state.type == VGIC_V2)
1496 ++ vgic_v2_set_npie(vcpu);
1497 ++ else
1498 ++ vgic_v3_set_npie(vcpu);
1499 ++}
1500 ++
1501 + /* Requires the ap_list_lock to be held. */
1502 +-static int compute_ap_list_depth(struct kvm_vcpu *vcpu)
1503 ++static int compute_ap_list_depth(struct kvm_vcpu *vcpu,
1504 ++ bool *multi_sgi)
1505 + {
1506 + struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
1507 + struct vgic_irq *irq;
1508 + int count = 0;
1509 +
1510 ++ *multi_sgi = false;
1511 ++
1512 + DEBUG_SPINLOCK_BUG_ON(!spin_is_locked(&vgic_cpu->ap_list_lock));
1513 +
1514 + list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) {
1515 + spin_lock(&irq->irq_lock);
1516 + /* GICv2 SGIs can count for more than one... */
1517 +- if (vgic_irq_is_sgi(irq->intid) && irq->source)
1518 +- count += hweight8(irq->source);
1519 +- else
1520 ++ if (vgic_irq_is_sgi(irq->intid) && irq->source) {
1521 ++ int w = hweight8(irq->source);
1522 ++
1523 ++ count += w;
1524 ++ *multi_sgi |= (w > 1);
1525 ++ } else {
1526 + count++;
1527 ++ }
1528 + spin_unlock(&irq->irq_lock);
1529 + }
1530 + return count;
1531 +@@ -636,28 +651,43 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu)
1532 + {
1533 + struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
1534 + struct vgic_irq *irq;
1535 +- int count = 0;
1536 ++ int count;
1537 ++ bool npie = false;
1538 ++ bool multi_sgi;
1539 ++ u8 prio = 0xff;
1540 +
1541 + DEBUG_SPINLOCK_BUG_ON(!spin_is_locked(&vgic_cpu->ap_list_lock));
1542 +
1543 +- if (compute_ap_list_depth(vcpu) > kvm_vgic_global_state.nr_lr)
1544 ++ count = compute_ap_list_depth(vcpu, &multi_sgi);
1545 ++ if (count > kvm_vgic_global_state.nr_lr || multi_sgi)
1546 + vgic_sort_ap_list(vcpu);
1547 +
1548 ++ count = 0;
1549 ++
1550 + list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) {
1551 + spin_lock(&irq->irq_lock);
1552 +
1553 +- if (unlikely(vgic_target_oracle(irq) != vcpu))
1554 +- goto next;
1555 +-
1556 + /*
1557 +- * If we get an SGI with multiple sources, try to get
1558 +- * them in all at once.
1559 ++ * If we have multi-SGIs in the pipeline, we need to
1560 ++ * guarantee that they are all seen before any IRQ of
1561 ++ * lower priority. In that case, we need to filter out
1562 ++ * these interrupts by exiting early. This is easy as
1563 ++ * the AP list has been sorted already.
1564 + */
1565 +- do {
1566 ++ if (multi_sgi && irq->priority > prio) {
1567 ++ spin_unlock(&irq->irq_lock);
1568 ++ break;
1569 ++ }
1570 ++
1571 ++ if (likely(vgic_target_oracle(irq) == vcpu)) {
1572 + vgic_populate_lr(vcpu, irq, count++);
1573 +- } while (irq->source && count < kvm_vgic_global_state.nr_lr);
1574 +
1575 +-next:
1576 ++ if (irq->source) {
1577 ++ npie = true;
1578 ++ prio = irq->priority;
1579 ++ }
1580 ++ }
1581 ++
1582 + spin_unlock(&irq->irq_lock);
1583 +
1584 + if (count == kvm_vgic_global_state.nr_lr) {
1585 +@@ -668,6 +698,9 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu)
1586 + }
1587 + }
1588 +
1589 ++ if (npie)
1590 ++ vgic_set_npie(vcpu);
1591 ++
1592 + vcpu->arch.vgic_cpu.used_lrs = count;
1593 +
1594 + /* Nuke remaining LRs */
1595 +diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h
1596 +index bf9ceab67c77..f7450dc41ab3 100644
1597 +--- a/virt/kvm/arm/vgic/vgic.h
1598 ++++ b/virt/kvm/arm/vgic/vgic.h
1599 +@@ -150,6 +150,7 @@ void vgic_v2_fold_lr_state(struct kvm_vcpu *vcpu);
1600 + void vgic_v2_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr);
1601 + void vgic_v2_clear_lr(struct kvm_vcpu *vcpu, int lr);
1602 + void vgic_v2_set_underflow(struct kvm_vcpu *vcpu);
1603 ++void vgic_v2_set_npie(struct kvm_vcpu *vcpu);
1604 + int vgic_v2_has_attr_regs(struct kvm_device *dev, struct kvm_device_attr *attr);
1605 + int vgic_v2_dist_uaccess(struct kvm_vcpu *vcpu, bool is_write,
1606 + int offset, u32 *val);
1607 +@@ -179,6 +180,7 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu);
1608 + void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr);
1609 + void vgic_v3_clear_lr(struct kvm_vcpu *vcpu, int lr);
1610 + void vgic_v3_set_underflow(struct kvm_vcpu *vcpu);
1611 ++void vgic_v3_set_npie(struct kvm_vcpu *vcpu);
1612 + void vgic_v3_set_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr);
1613 + void vgic_v3_get_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr);
1614 + void vgic_v3_enable(struct kvm_vcpu *vcpu);
Report Message
Find on MARC Find on Google Groups