Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 21 Nov 2018 12:20:44
Message-Id: 1542802816.3d3e7192efd56077525a8da5d9867c53bd7f0caf.mpagano@gentoo
1 commit: 3d3e7192efd56077525a8da5d9867c53bd7f0caf
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Nov 21 12:20:16 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Nov 21 12:20:16 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3d3e7192
7
8 proj/linux-patches: Linux patch 4.9.138
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1137_linux-4.9.138.patch | 2138 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 2142 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index f5409e3..75308be 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -591,6 +591,10 @@ Patch: 1136_linux-4.9.137.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.137
23
24 +Patch: 1137_linux-4.9.138.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.138
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1137_linux-4.9.138.patch b/1137_linux-4.9.138.patch
33 new file mode 100644
34 index 0000000..4e776d3
35 --- /dev/null
36 +++ b/1137_linux-4.9.138.patch
37 @@ -0,0 +1,2138 @@
38 +diff --git a/Makefile b/Makefile
39 +index 41fe3014b712..ccf2602f664d 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 9
45 +-SUBLEVEL = 137
46 ++SUBLEVEL = 138
47 + EXTRAVERSION =
48 + NAME = Roaring Lionus
49 +
50 +diff --git a/arch/alpha/include/asm/termios.h b/arch/alpha/include/asm/termios.h
51 +index 7fde0f88da88..51ed90be770a 100644
52 +--- a/arch/alpha/include/asm/termios.h
53 ++++ b/arch/alpha/include/asm/termios.h
54 +@@ -72,9 +72,15 @@
55 + })
56 +
57 + #define user_termios_to_kernel_termios(k, u) \
58 +- copy_from_user(k, u, sizeof(struct termios))
59 ++ copy_from_user(k, u, sizeof(struct termios2))
60 +
61 + #define kernel_termios_to_user_termios(u, k) \
62 ++ copy_to_user(u, k, sizeof(struct termios2))
63 ++
64 ++#define user_termios_to_kernel_termios_1(k, u) \
65 ++ copy_from_user(k, u, sizeof(struct termios))
66 ++
67 ++#define kernel_termios_to_user_termios_1(u, k) \
68 + copy_to_user(u, k, sizeof(struct termios))
69 +
70 + #endif /* _ALPHA_TERMIOS_H */
71 +diff --git a/arch/alpha/include/uapi/asm/ioctls.h b/arch/alpha/include/uapi/asm/ioctls.h
72 +index f30c94ae1bdb..7ee8ab577e11 100644
73 +--- a/arch/alpha/include/uapi/asm/ioctls.h
74 ++++ b/arch/alpha/include/uapi/asm/ioctls.h
75 +@@ -31,6 +31,11 @@
76 + #define TCXONC _IO('t', 30)
77 + #define TCFLSH _IO('t', 31)
78 +
79 ++#define TCGETS2 _IOR('T', 42, struct termios2)
80 ++#define TCSETS2 _IOW('T', 43, struct termios2)
81 ++#define TCSETSW2 _IOW('T', 44, struct termios2)
82 ++#define TCSETSF2 _IOW('T', 45, struct termios2)
83 ++
84 + #define TIOCSWINSZ _IOW('t', 103, struct winsize)
85 + #define TIOCGWINSZ _IOR('t', 104, struct winsize)
86 + #define TIOCSTART _IO('t', 110) /* start output, like ^Q */
87 +diff --git a/arch/alpha/include/uapi/asm/termbits.h b/arch/alpha/include/uapi/asm/termbits.h
88 +index 879dd3589921..483c7ec2a879 100644
89 +--- a/arch/alpha/include/uapi/asm/termbits.h
90 ++++ b/arch/alpha/include/uapi/asm/termbits.h
91 +@@ -25,6 +25,19 @@ struct termios {
92 + speed_t c_ospeed; /* output speed */
93 + };
94 +
95 ++/* Alpha has identical termios and termios2 */
96 ++
97 ++struct termios2 {
98 ++ tcflag_t c_iflag; /* input mode flags */
99 ++ tcflag_t c_oflag; /* output mode flags */
100 ++ tcflag_t c_cflag; /* control mode flags */
101 ++ tcflag_t c_lflag; /* local mode flags */
102 ++ cc_t c_cc[NCCS]; /* control characters */
103 ++ cc_t c_line; /* line discipline (== c_cc[19]) */
104 ++ speed_t c_ispeed; /* input speed */
105 ++ speed_t c_ospeed; /* output speed */
106 ++};
107 ++
108 + /* Alpha has matching termios and ktermios */
109 +
110 + struct ktermios {
111 +@@ -147,6 +160,7 @@ struct ktermios {
112 + #define B3000000 00034
113 + #define B3500000 00035
114 + #define B4000000 00036
115 ++#define BOTHER 00037
116 +
117 + #define CSIZE 00001400
118 + #define CS5 00000000
119 +@@ -164,6 +178,9 @@ struct ktermios {
120 + #define CMSPAR 010000000000 /* mark or space (stick) parity */
121 + #define CRTSCTS 020000000000 /* flow control */
122 +
123 ++#define CIBAUD 07600000
124 ++#define IBSHIFT 16
125 ++
126 + /* c_lflag bits */
127 + #define ISIG 0x00000080
128 + #define ICANON 0x00000100
129 +diff --git a/arch/arm/configs/imx_v6_v7_defconfig b/arch/arm/configs/imx_v6_v7_defconfig
130 +index 8ec4dbbb50b0..47c3fb8d4313 100644
131 +--- a/arch/arm/configs/imx_v6_v7_defconfig
132 ++++ b/arch/arm/configs/imx_v6_v7_defconfig
133 +@@ -361,6 +361,7 @@ CONFIG_ZISOFS=y
134 + CONFIG_UDF_FS=m
135 + CONFIG_MSDOS_FS=m
136 + CONFIG_VFAT_FS=y
137 ++CONFIG_TMPFS_POSIX_ACL=y
138 + CONFIG_JFFS2_FS=y
139 + CONFIG_UBIFS_FS=y
140 + CONFIG_NFS_FS=y
141 +diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
142 +index 20436972537f..a670c70f4def 100644
143 +--- a/arch/arm/kvm/arm.c
144 ++++ b/arch/arm/kvm/arm.c
145 +@@ -1092,8 +1092,6 @@ static void cpu_init_hyp_mode(void *dummy)
146 +
147 + __cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr);
148 + __cpu_init_stage2();
149 +-
150 +- kvm_arm_init_debug();
151 + }
152 +
153 + static void cpu_hyp_reinit(void)
154 +@@ -1108,6 +1106,8 @@ static void cpu_hyp_reinit(void)
155 + if (__hyp_get_vectors() == hyp_default_vectors)
156 + cpu_init_hyp_mode(NULL);
157 + }
158 ++
159 ++ kvm_arm_init_debug();
160 + }
161 +
162 + static void cpu_hyp_reset(void)
163 +diff --git a/arch/mips/include/asm/mach-loongson64/irq.h b/arch/mips/include/asm/mach-loongson64/irq.h
164 +index d18c45c7c394..19ff9ce46c02 100644
165 +--- a/arch/mips/include/asm/mach-loongson64/irq.h
166 ++++ b/arch/mips/include/asm/mach-loongson64/irq.h
167 +@@ -9,7 +9,7 @@
168 + #define MIPS_CPU_IRQ_BASE 56
169 +
170 + #define LOONGSON_UART_IRQ (MIPS_CPU_IRQ_BASE + 2) /* UART */
171 +-#define LOONGSON_HT1_IRQ (MIPS_CPU_IRQ_BASE + 3) /* HT1 */
172 ++#define LOONGSON_BRIDGE_IRQ (MIPS_CPU_IRQ_BASE + 3) /* CASCADE */
173 + #define LOONGSON_TIMER_IRQ (MIPS_CPU_IRQ_BASE + 7) /* CPU Timer */
174 +
175 + #define LOONGSON_HT1_CFG_BASE loongson_sysconf.ht_control_base
176 +diff --git a/arch/mips/kernel/crash.c b/arch/mips/kernel/crash.c
177 +index 1723b1762297..e757f36cea6f 100644
178 +--- a/arch/mips/kernel/crash.c
179 ++++ b/arch/mips/kernel/crash.c
180 +@@ -34,6 +34,9 @@ static void crash_shutdown_secondary(void *passed_regs)
181 + if (!cpu_online(cpu))
182 + return;
183 +
184 ++ /* We won't be sent IPIs any more. */
185 ++ set_cpu_online(cpu, false);
186 ++
187 + local_irq_disable();
188 + if (!cpumask_test_cpu(cpu, &cpus_in_crash))
189 + crash_save_cpu(regs, cpu);
190 +diff --git a/arch/mips/kernel/machine_kexec.c b/arch/mips/kernel/machine_kexec.c
191 +index 59725204105c..32b567e88b02 100644
192 +--- a/arch/mips/kernel/machine_kexec.c
193 ++++ b/arch/mips/kernel/machine_kexec.c
194 +@@ -96,6 +96,9 @@ machine_kexec(struct kimage *image)
195 + *ptr = (unsigned long) phys_to_virt(*ptr);
196 + }
197 +
198 ++ /* Mark offline BEFORE disabling local irq. */
199 ++ set_cpu_online(smp_processor_id(), false);
200 ++
201 + /*
202 + * we do not want to be bothered.
203 + */
204 +diff --git a/arch/mips/loongson64/loongson-3/irq.c b/arch/mips/loongson64/loongson-3/irq.c
205 +index 8e7649088353..027f53e3bc81 100644
206 +--- a/arch/mips/loongson64/loongson-3/irq.c
207 ++++ b/arch/mips/loongson64/loongson-3/irq.c
208 +@@ -44,51 +44,8 @@ void mach_irq_dispatch(unsigned int pending)
209 + }
210 + }
211 +
212 +-static struct irqaction cascade_irqaction = {
213 +- .handler = no_action,
214 +- .flags = IRQF_NO_SUSPEND,
215 +- .name = "cascade",
216 +-};
217 +-
218 +-static inline void mask_loongson_irq(struct irq_data *d)
219 +-{
220 +- clear_c0_status(0x100 << (d->irq - MIPS_CPU_IRQ_BASE));
221 +- irq_disable_hazard();
222 +-
223 +- /* Workaround: UART IRQ may deliver to any core */
224 +- if (d->irq == LOONGSON_UART_IRQ) {
225 +- int cpu = smp_processor_id();
226 +- int node_id = cpu_logical_map(cpu) / loongson_sysconf.cores_per_node;
227 +- int core_id = cpu_logical_map(cpu) % loongson_sysconf.cores_per_node;
228 +- u64 intenclr_addr = smp_group[node_id] |
229 +- (u64)(&LOONGSON_INT_ROUTER_INTENCLR);
230 +- u64 introuter_lpc_addr = smp_group[node_id] |
231 +- (u64)(&LOONGSON_INT_ROUTER_LPC);
232 +-
233 +- *(volatile u32 *)intenclr_addr = 1 << 10;
234 +- *(volatile u8 *)introuter_lpc_addr = 0x10 + (1<<core_id);
235 +- }
236 +-}
237 +-
238 +-static inline void unmask_loongson_irq(struct irq_data *d)
239 +-{
240 +- /* Workaround: UART IRQ may deliver to any core */
241 +- if (d->irq == LOONGSON_UART_IRQ) {
242 +- int cpu = smp_processor_id();
243 +- int node_id = cpu_logical_map(cpu) / loongson_sysconf.cores_per_node;
244 +- int core_id = cpu_logical_map(cpu) % loongson_sysconf.cores_per_node;
245 +- u64 intenset_addr = smp_group[node_id] |
246 +- (u64)(&LOONGSON_INT_ROUTER_INTENSET);
247 +- u64 introuter_lpc_addr = smp_group[node_id] |
248 +- (u64)(&LOONGSON_INT_ROUTER_LPC);
249 +-
250 +- *(volatile u32 *)intenset_addr = 1 << 10;
251 +- *(volatile u8 *)introuter_lpc_addr = 0x10 + (1<<core_id);
252 +- }
253 +-
254 +- set_c0_status(0x100 << (d->irq - MIPS_CPU_IRQ_BASE));
255 +- irq_enable_hazard();
256 +-}
257 ++static inline void mask_loongson_irq(struct irq_data *d) { }
258 ++static inline void unmask_loongson_irq(struct irq_data *d) { }
259 +
260 + /* For MIPS IRQs which shared by all cores */
261 + static struct irq_chip loongson_irq_chip = {
262 +@@ -126,12 +83,11 @@ void __init mach_init_irq(void)
263 + mips_cpu_irq_init();
264 + init_i8259_irqs();
265 + irq_set_chip_and_handler(LOONGSON_UART_IRQ,
266 +- &loongson_irq_chip, handle_level_irq);
267 +-
268 +- /* setup HT1 irq */
269 +- setup_irq(LOONGSON_HT1_IRQ, &cascade_irqaction);
270 ++ &loongson_irq_chip, handle_percpu_irq);
271 ++ irq_set_chip_and_handler(LOONGSON_BRIDGE_IRQ,
272 ++ &loongson_irq_chip, handle_percpu_irq);
273 +
274 +- set_c0_status(STATUSF_IP2 | STATUSF_IP6);
275 ++ set_c0_status(STATUSF_IP2 | STATUSF_IP3 | STATUSF_IP6);
276 + }
277 +
278 + #ifdef CONFIG_HOTPLUG_CPU
279 +diff --git a/arch/mips/pci/pci-legacy.c b/arch/mips/pci/pci-legacy.c
280 +index 014649be158d..2d6886f09ba3 100644
281 +--- a/arch/mips/pci/pci-legacy.c
282 ++++ b/arch/mips/pci/pci-legacy.c
283 +@@ -116,8 +116,12 @@ static void pcibios_scanbus(struct pci_controller *hose)
284 + if (pci_has_flag(PCI_PROBE_ONLY)) {
285 + pci_bus_claim_resources(bus);
286 + } else {
287 ++ struct pci_bus *child;
288 ++
289 + pci_bus_size_bridges(bus);
290 + pci_bus_assign_resources(bus);
291 ++ list_for_each_entry(child, &bus->children, node)
292 ++ pcie_bus_configure_settings(child);
293 + }
294 + pci_bus_add_devices(bus);
295 + }
296 +diff --git a/arch/parisc/kernel/hpmc.S b/arch/parisc/kernel/hpmc.S
297 +index 0fbd0a0e1cda..e88f4e7f39f3 100644
298 +--- a/arch/parisc/kernel/hpmc.S
299 ++++ b/arch/parisc/kernel/hpmc.S
300 +@@ -83,7 +83,8 @@ END(hpmc_pim_data)
301 + .text
302 +
303 + .import intr_save, code
304 +-ENTRY_CFI(os_hpmc)
305 ++ .align 16
306 ++ENTRY(os_hpmc)
307 + .os_hpmc:
308 +
309 + /*
310 +@@ -299,11 +300,14 @@ os_hpmc_6:
311 +
312 + b .
313 + nop
314 +-ENDPROC_CFI(os_hpmc)
315 ++ .align 16 /* make function length multiple of 16 bytes */
316 + .os_hpmc_end:
317 +
318 +
319 + __INITRODATA
320 +- .export os_hpmc_size
321 ++.globl os_hpmc_size
322 ++ .align 4
323 ++ .type os_hpmc_size, @object
324 ++ .size os_hpmc_size, 4
325 + os_hpmc_size:
326 + .word .os_hpmc_end-.os_hpmc
327 +diff --git a/arch/powerpc/boot/crt0.S b/arch/powerpc/boot/crt0.S
328 +index 12866ccb5694..5c2199857aa8 100644
329 +--- a/arch/powerpc/boot/crt0.S
330 ++++ b/arch/powerpc/boot/crt0.S
331 +@@ -47,8 +47,10 @@ p_end: .long _end
332 + p_pstack: .long _platform_stack_top
333 + #endif
334 +
335 +- .weak _zimage_start
336 + .globl _zimage_start
337 ++ /* Clang appears to require the .weak directive to be after the symbol
338 ++ * is defined. See https://bugs.llvm.org/show_bug.cgi?id=38921 */
339 ++ .weak _zimage_start
340 + _zimage_start:
341 + .globl _zimage_start_lib
342 + _zimage_start_lib:
343 +diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c
344 +index e5bfbf62827a..8336b9016ca9 100644
345 +--- a/arch/powerpc/kernel/eeh.c
346 ++++ b/arch/powerpc/kernel/eeh.c
347 +@@ -169,6 +169,11 @@ static size_t eeh_dump_dev_log(struct eeh_dev *edev, char *buf, size_t len)
348 + int n = 0, l = 0;
349 + char buffer[128];
350 +
351 ++ if (!pdn) {
352 ++ pr_warn("EEH: Note: No error log for absent device.\n");
353 ++ return 0;
354 ++ }
355 ++
356 + n += scnprintf(buf+n, len-n, "%04x:%02x:%02x.%01x\n",
357 + edev->phb->global_number, pdn->busno,
358 + PCI_SLOT(pdn->devfn), PCI_FUNC(pdn->devfn));
359 +diff --git a/arch/powerpc/mm/tlb_nohash.c b/arch/powerpc/mm/tlb_nohash.c
360 +index 0b50019505a5..79cf21be8f6e 100644
361 +--- a/arch/powerpc/mm/tlb_nohash.c
362 ++++ b/arch/powerpc/mm/tlb_nohash.c
363 +@@ -481,6 +481,9 @@ static void setup_page_sizes(void)
364 + for (psize = 0; psize < MMU_PAGE_COUNT; ++psize) {
365 + struct mmu_psize_def *def = &mmu_psize_defs[psize];
366 +
367 ++ if (!def->shift)
368 ++ continue;
369 ++
370 + if (tlb1ps & (1U << (def->shift - 10))) {
371 + def->flags |= MMU_PAGE_SIZE_DIRECT;
372 +
373 +diff --git a/arch/xtensa/boot/Makefile b/arch/xtensa/boot/Makefile
374 +index ca20a892021b..6c6877d628ef 100644
375 +--- a/arch/xtensa/boot/Makefile
376 ++++ b/arch/xtensa/boot/Makefile
377 +@@ -31,7 +31,7 @@ $(bootdir-y): $(addprefix $(obj)/,$(subdir-y)) \
378 + $(addprefix $(obj)/,$(host-progs))
379 + $(Q)$(MAKE) $(build)=$(obj)/$@ $(MAKECMDGOALS)
380 +
381 +-OBJCOPYFLAGS = --strip-all -R .comment -R .note.gnu.build-id -O binary
382 ++OBJCOPYFLAGS = --strip-all -R .comment -R .notes -O binary
383 +
384 + vmlinux.bin: vmlinux FORCE
385 + $(call if_changed,objcopy)
386 +diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h
387 +index b42d68bfe3cf..521c1e789e6e 100644
388 +--- a/arch/xtensa/include/asm/processor.h
389 ++++ b/arch/xtensa/include/asm/processor.h
390 +@@ -24,7 +24,11 @@
391 + # error Linux requires the Xtensa Windowed Registers Option.
392 + #endif
393 +
394 +-#define ARCH_SLAB_MINALIGN XCHAL_DATA_WIDTH
395 ++/* Xtensa ABI requires stack alignment to be at least 16 */
396 ++
397 ++#define STACK_ALIGN (XCHAL_DATA_WIDTH > 16 ? XCHAL_DATA_WIDTH : 16)
398 ++
399 ++#define ARCH_SLAB_MINALIGN STACK_ALIGN
400 +
401 + /*
402 + * User space process size: 1 GB.
403 +diff --git a/arch/xtensa/kernel/head.S b/arch/xtensa/kernel/head.S
404 +index 23ce62e60435..27c8e07ace43 100644
405 +--- a/arch/xtensa/kernel/head.S
406 ++++ b/arch/xtensa/kernel/head.S
407 +@@ -88,9 +88,12 @@ _SetupMMU:
408 + initialize_mmu
409 + #if defined(CONFIG_MMU) && XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY
410 + rsr a2, excsave1
411 +- movi a3, 0x08000000
412 ++ movi a3, XCHAL_KSEG_PADDR
413 ++ bltu a2, a3, 1f
414 ++ sub a2, a2, a3
415 ++ movi a3, XCHAL_KSEG_SIZE
416 + bgeu a2, a3, 1f
417 +- movi a3, 0xd0000000
418 ++ movi a3, XCHAL_KSEG_CACHED_VADDR
419 + add a2, a2, a3
420 + wsr a2, excsave1
421 + 1:
422 +diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S
423 +index 31411fc82662..e8358ea0a9f9 100644
424 +--- a/arch/xtensa/kernel/vmlinux.lds.S
425 ++++ b/arch/xtensa/kernel/vmlinux.lds.S
426 +@@ -109,6 +109,7 @@ SECTIONS
427 + .fixup : { *(.fixup) }
428 +
429 + EXCEPTION_TABLE(16)
430 ++ NOTES
431 + /* Data section */
432 +
433 + _sdata = .;
434 +diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
435 +index 987e8f503522..ff4280800cd0 100644
436 +--- a/drivers/cdrom/cdrom.c
437 ++++ b/drivers/cdrom/cdrom.c
438 +@@ -2435,7 +2435,7 @@ static int cdrom_ioctl_select_disc(struct cdrom_device_info *cdi,
439 + return -ENOSYS;
440 +
441 + if (arg != CDSL_CURRENT && arg != CDSL_NONE) {
442 +- if ((int)arg >= cdi->capacity)
443 ++ if (arg >= cdi->capacity)
444 + return -EINVAL;
445 + }
446 +
447 +diff --git a/drivers/clk/at91/clk-pll.c b/drivers/clk/at91/clk-pll.c
448 +index 2bb2551c6245..a17a428fa706 100644
449 +--- a/drivers/clk/at91/clk-pll.c
450 ++++ b/drivers/clk/at91/clk-pll.c
451 +@@ -133,6 +133,9 @@ static unsigned long clk_pll_recalc_rate(struct clk_hw *hw,
452 + {
453 + struct clk_pll *pll = to_clk_pll(hw);
454 +
455 ++ if (!pll->div || !pll->mul)
456 ++ return 0;
457 ++
458 + return (parent_rate / pll->div) * (pll->mul + 1);
459 + }
460 +
461 +diff --git a/drivers/clk/clk-s2mps11.c b/drivers/clk/clk-s2mps11.c
462 +index fbaa84a33c46..14071a57c926 100644
463 +--- a/drivers/clk/clk-s2mps11.c
464 ++++ b/drivers/clk/clk-s2mps11.c
465 +@@ -245,6 +245,36 @@ static const struct platform_device_id s2mps11_clk_id[] = {
466 + };
467 + MODULE_DEVICE_TABLE(platform, s2mps11_clk_id);
468 +
469 ++#ifdef CONFIG_OF
470 ++/*
471 ++ * Device is instantiated through parent MFD device and device matching is done
472 ++ * through platform_device_id.
473 ++ *
474 ++ * However if device's DT node contains proper clock compatible and driver is
475 ++ * built as a module, then the *module* matching will be done trough DT aliases.
476 ++ * This requires of_device_id table. In the same time this will not change the
477 ++ * actual *device* matching so do not add .of_match_table.
478 ++ */
479 ++static const struct of_device_id s2mps11_dt_match[] = {
480 ++ {
481 ++ .compatible = "samsung,s2mps11-clk",
482 ++ .data = (void *)S2MPS11X,
483 ++ }, {
484 ++ .compatible = "samsung,s2mps13-clk",
485 ++ .data = (void *)S2MPS13X,
486 ++ }, {
487 ++ .compatible = "samsung,s2mps14-clk",
488 ++ .data = (void *)S2MPS14X,
489 ++ }, {
490 ++ .compatible = "samsung,s5m8767-clk",
491 ++ .data = (void *)S5M8767X,
492 ++ }, {
493 ++ /* Sentinel */
494 ++ },
495 ++};
496 ++MODULE_DEVICE_TABLE(of, s2mps11_dt_match);
497 ++#endif
498 ++
499 + static struct platform_driver s2mps11_clk_driver = {
500 + .driver = {
501 + .name = "s2mps11-clk",
502 +diff --git a/drivers/clk/hisilicon/reset.c b/drivers/clk/hisilicon/reset.c
503 +index 2a5015c736ce..43e82fa64422 100644
504 +--- a/drivers/clk/hisilicon/reset.c
505 ++++ b/drivers/clk/hisilicon/reset.c
506 +@@ -109,9 +109,8 @@ struct hisi_reset_controller *hisi_reset_init(struct platform_device *pdev)
507 + return NULL;
508 +
509 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
510 +- rstc->membase = devm_ioremap(&pdev->dev,
511 +- res->start, resource_size(res));
512 +- if (!rstc->membase)
513 ++ rstc->membase = devm_ioremap_resource(&pdev->dev, res);
514 ++ if (IS_ERR(rstc->membase))
515 + return NULL;
516 +
517 + spin_lock_init(&rstc->lock);
518 +diff --git a/drivers/clk/rockchip/clk-ddr.c b/drivers/clk/rockchip/clk-ddr.c
519 +index e8075359366b..ebce5260068b 100644
520 +--- a/drivers/clk/rockchip/clk-ddr.c
521 ++++ b/drivers/clk/rockchip/clk-ddr.c
522 +@@ -80,16 +80,12 @@ static long rockchip_ddrclk_sip_round_rate(struct clk_hw *hw,
523 + static u8 rockchip_ddrclk_get_parent(struct clk_hw *hw)
524 + {
525 + struct rockchip_ddrclk *ddrclk = to_rockchip_ddrclk_hw(hw);
526 +- int num_parents = clk_hw_get_num_parents(hw);
527 + u32 val;
528 +
529 + val = clk_readl(ddrclk->reg_base +
530 + ddrclk->mux_offset) >> ddrclk->mux_shift;
531 + val &= GENMASK(ddrclk->mux_width - 1, 0);
532 +
533 +- if (val >= num_parents)
534 +- return -EINVAL;
535 +-
536 + return val;
537 + }
538 +
539 +diff --git a/drivers/clocksource/i8253.c b/drivers/clocksource/i8253.c
540 +index 0efd36e483ab..a2b545fdee81 100644
541 +--- a/drivers/clocksource/i8253.c
542 ++++ b/drivers/clocksource/i8253.c
543 +@@ -19,6 +19,13 @@
544 + DEFINE_RAW_SPINLOCK(i8253_lock);
545 + EXPORT_SYMBOL(i8253_lock);
546 +
547 ++/*
548 ++ * Handle PIT quirk in pit_shutdown() where zeroing the counter register
549 ++ * restarts the PIT, negating the shutdown. On platforms with the quirk,
550 ++ * platform specific code can set this to false.
551 ++ */
552 ++bool i8253_clear_counter_on_shutdown __ro_after_init = true;
553 ++
554 + #ifdef CONFIG_CLKSRC_I8253
555 + /*
556 + * Since the PIT overflows every tick, its not very useful
557 +@@ -108,8 +115,11 @@ static int pit_shutdown(struct clock_event_device *evt)
558 + raw_spin_lock(&i8253_lock);
559 +
560 + outb_p(0x30, PIT_MODE);
561 +- outb_p(0, PIT_CH0);
562 +- outb_p(0, PIT_CH0);
563 ++
564 ++ if (i8253_clear_counter_on_shutdown) {
565 ++ outb_p(0, PIT_CH0);
566 ++ outb_p(0, PIT_CH0);
567 ++ }
568 +
569 + raw_spin_unlock(&i8253_lock);
570 + return 0;
571 +diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
572 +index db7890cb254e..b59441d109a5 100644
573 +--- a/drivers/gpu/drm/drm_dp_mst_topology.c
574 ++++ b/drivers/gpu/drm/drm_dp_mst_topology.c
575 +@@ -1230,6 +1230,9 @@ static struct drm_dp_mst_branch *drm_dp_get_mst_branch_device(struct drm_dp_mst_
576 + mutex_lock(&mgr->lock);
577 + mstb = mgr->mst_primary;
578 +
579 ++ if (!mstb)
580 ++ goto out;
581 ++
582 + for (i = 0; i < lct - 1; i++) {
583 + int shift = (i % 2) ? 0 : 4;
584 + int port_num = (rad[i / 2] >> shift) & 0xf;
585 +diff --git a/drivers/gpu/drm/i915/intel_audio.c b/drivers/gpu/drm/i915/intel_audio.c
586 +index 6c70a5bfd7d8..840522867436 100644
587 +--- a/drivers/gpu/drm/i915/intel_audio.c
588 ++++ b/drivers/gpu/drm/i915/intel_audio.c
589 +@@ -76,6 +76,9 @@ static const struct {
590 + /* HDMI N/CTS table */
591 + #define TMDS_297M 297000
592 + #define TMDS_296M 296703
593 ++#define TMDS_594M 594000
594 ++#define TMDS_593M 593407
595 ++
596 + static const struct {
597 + int sample_rate;
598 + int clock;
599 +@@ -96,6 +99,20 @@ static const struct {
600 + { 176400, TMDS_297M, 18816, 247500 },
601 + { 192000, TMDS_296M, 23296, 281250 },
602 + { 192000, TMDS_297M, 20480, 247500 },
603 ++ { 44100, TMDS_593M, 8918, 937500 },
604 ++ { 44100, TMDS_594M, 9408, 990000 },
605 ++ { 48000, TMDS_593M, 5824, 562500 },
606 ++ { 48000, TMDS_594M, 6144, 594000 },
607 ++ { 32000, TMDS_593M, 5824, 843750 },
608 ++ { 32000, TMDS_594M, 3072, 445500 },
609 ++ { 88200, TMDS_593M, 17836, 937500 },
610 ++ { 88200, TMDS_594M, 18816, 990000 },
611 ++ { 96000, TMDS_593M, 11648, 562500 },
612 ++ { 96000, TMDS_594M, 12288, 594000 },
613 ++ { 176400, TMDS_593M, 35672, 937500 },
614 ++ { 176400, TMDS_594M, 37632, 990000 },
615 ++ { 192000, TMDS_593M, 23296, 562500 },
616 ++ { 192000, TMDS_594M, 24576, 594000 },
617 + };
618 +
619 + /* get AUD_CONFIG_PIXEL_CLOCK_HDMI_* value for mode */
620 +diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c
621 +index 67db1577ee49..fd11be6b23b9 100644
622 +--- a/drivers/gpu/drm/i915/intel_lrc.c
623 ++++ b/drivers/gpu/drm/i915/intel_lrc.c
624 +@@ -368,7 +368,8 @@ static u64 execlists_update_context(struct drm_i915_gem_request *rq)
625 +
626 + reg_state[CTX_RING_TAIL+1] = intel_ring_offset(rq->ring, rq->tail);
627 +
628 +- /* True 32b PPGTT with dynamic page allocation: update PDP
629 ++ /*
630 ++ * True 32b PPGTT with dynamic page allocation: update PDP
631 + * registers and point the unallocated PDPs to scratch page.
632 + * PML4 is allocated during ppgtt init, so this is not needed
633 + * in 48-bit mode.
634 +@@ -376,6 +377,17 @@ static u64 execlists_update_context(struct drm_i915_gem_request *rq)
635 + if (ppgtt && !USES_FULL_48BIT_PPGTT(ppgtt->base.dev))
636 + execlists_update_context_pdps(ppgtt, reg_state);
637 +
638 ++ /*
639 ++ * Make sure the context image is complete before we submit it to HW.
640 ++ *
641 ++ * Ostensibly, writes (including the WCB) should be flushed prior to
642 ++ * an uncached write such as our mmio register access, the empirical
643 ++ * evidence (esp. on Braswell) suggests that the WC write into memory
644 ++ * may not be visible to the HW prior to the completion of the UC
645 ++ * register write and that we may begin execution from the context
646 ++ * before its image is complete leading to invalid PD chasing.
647 ++ */
648 ++ wmb();
649 + return ce->lrc_desc;
650 + }
651 +
652 +diff --git a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
653 +index 7def04049498..6a0b25e0823f 100644
654 +--- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
655 ++++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
656 +@@ -273,6 +273,17 @@ static int dmm_txn_commit(struct dmm_txn *txn, bool wait)
657 + }
658 +
659 + txn->last_pat->next_pa = 0;
660 ++ /* ensure that the written descriptors are visible to DMM */
661 ++ wmb();
662 ++
663 ++ /*
664 ++ * NOTE: the wmb() above should be enough, but there seems to be a bug
665 ++ * in OMAP's memory barrier implementation, which in some rare cases may
666 ++ * cause the writes not to be observable after wmb().
667 ++ */
668 ++
669 ++ /* read back to ensure the data is in RAM */
670 ++ readl(&txn->last_pat->next_pa);
671 +
672 + /* write to PAT_DESCR to clear out any pending transaction */
673 + dmm_write(dmm, 0x0, reg[PAT_DESCR][engine->id]);
674 +diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_drv.c b/drivers/gpu/drm/rockchip/rockchip_drm_drv.c
675 +index 8c8cbe837e61..f2033ab36f37 100644
676 +--- a/drivers/gpu/drm/rockchip/rockchip_drm_drv.c
677 ++++ b/drivers/gpu/drm/rockchip/rockchip_drm_drv.c
678 +@@ -478,6 +478,11 @@ static int rockchip_drm_platform_remove(struct platform_device *pdev)
679 + return 0;
680 + }
681 +
682 ++static void rockchip_drm_platform_shutdown(struct platform_device *pdev)
683 ++{
684 ++ rockchip_drm_platform_remove(pdev);
685 ++}
686 ++
687 + static const struct of_device_id rockchip_drm_dt_ids[] = {
688 + { .compatible = "rockchip,display-subsystem", },
689 + { /* sentinel */ },
690 +@@ -487,6 +492,7 @@ MODULE_DEVICE_TABLE(of, rockchip_drm_dt_ids);
691 + static struct platform_driver rockchip_drm_platform_driver = {
692 + .probe = rockchip_drm_platform_probe,
693 + .remove = rockchip_drm_platform_remove,
694 ++ .shutdown = rockchip_drm_platform_shutdown,
695 + .driver = {
696 + .name = "rockchip-drm",
697 + .of_match_table = rockchip_drm_dt_ids,
698 +diff --git a/drivers/media/i2c/tvp5150.c b/drivers/media/i2c/tvp5150.c
699 +index 5d9c2b03d83a..e83f8111a5fb 100644
700 +--- a/drivers/media/i2c/tvp5150.c
701 ++++ b/drivers/media/i2c/tvp5150.c
702 +@@ -897,9 +897,6 @@ static int tvp5150_set_selection(struct v4l2_subdev *sd,
703 +
704 + /* tvp5150 has some special limits */
705 + rect.left = clamp(rect.left, 0, TVP5150_MAX_CROP_LEFT);
706 +- rect.width = clamp_t(unsigned int, rect.width,
707 +- TVP5150_H_MAX - TVP5150_MAX_CROP_LEFT - rect.left,
708 +- TVP5150_H_MAX - rect.left);
709 + rect.top = clamp(rect.top, 0, TVP5150_MAX_CROP_TOP);
710 +
711 + /* Calculate height based on current standard */
712 +@@ -913,9 +910,16 @@ static int tvp5150_set_selection(struct v4l2_subdev *sd,
713 + else
714 + hmax = TVP5150_V_MAX_OTHERS;
715 +
716 +- rect.height = clamp_t(unsigned int, rect.height,
717 ++ /*
718 ++ * alignments:
719 ++ * - width = 2 due to UYVY colorspace
720 ++ * - height, image = no special alignment
721 ++ */
722 ++ v4l_bound_align_image(&rect.width,
723 ++ TVP5150_H_MAX - TVP5150_MAX_CROP_LEFT - rect.left,
724 ++ TVP5150_H_MAX - rect.left, 1, &rect.height,
725 + hmax - TVP5150_MAX_CROP_TOP - rect.top,
726 +- hmax - rect.top);
727 ++ hmax - rect.top, 0, 0);
728 +
729 + tvp5150_write(sd, TVP5150_VERT_BLANKING_START, rect.top);
730 + tvp5150_write(sd, TVP5150_VERT_BLANKING_STOP,
731 +diff --git a/drivers/media/pci/cx23885/altera-ci.c b/drivers/media/pci/cx23885/altera-ci.c
732 +index aaf4e46ff3e9..a0c1ff97f905 100644
733 +--- a/drivers/media/pci/cx23885/altera-ci.c
734 ++++ b/drivers/media/pci/cx23885/altera-ci.c
735 +@@ -660,6 +660,10 @@ static int altera_hw_filt_init(struct altera_ci_config *config, int hw_filt_nr)
736 + }
737 +
738 + temp_int = append_internal(inter);
739 ++ if (!temp_int) {
740 ++ ret = -ENOMEM;
741 ++ goto err;
742 ++ }
743 + inter->filts_used = 1;
744 + inter->dev = config->dev;
745 + inter->fpga_rw = config->fpga_rw;
746 +@@ -694,6 +698,7 @@ err:
747 + __func__, ret);
748 +
749 + kfree(pid_filt);
750 ++ kfree(inter);
751 +
752 + return ret;
753 + }
754 +@@ -728,6 +733,10 @@ int altera_ci_init(struct altera_ci_config *config, int ci_nr)
755 + }
756 +
757 + temp_int = append_internal(inter);
758 ++ if (!temp_int) {
759 ++ ret = -ENOMEM;
760 ++ goto err;
761 ++ }
762 + inter->cis_used = 1;
763 + inter->dev = config->dev;
764 + inter->fpga_rw = config->fpga_rw;
765 +@@ -796,6 +805,7 @@ err:
766 + ci_dbg_print("%s: Cannot initialize CI: Error %d.\n", __func__, ret);
767 +
768 + kfree(state);
769 ++ kfree(inter);
770 +
771 + return ret;
772 + }
773 +diff --git a/drivers/mtd/devices/Kconfig b/drivers/mtd/devices/Kconfig
774 +index 58329d2dacd1..75c816a5dded 100644
775 +--- a/drivers/mtd/devices/Kconfig
776 ++++ b/drivers/mtd/devices/Kconfig
777 +@@ -196,7 +196,7 @@ comment "Disk-On-Chip Device Drivers"
778 + config MTD_DOCG3
779 + tristate "M-Systems Disk-On-Chip G3"
780 + select BCH
781 +- select BCH_CONST_PARAMS
782 ++ select BCH_CONST_PARAMS if !MTD_NAND_BCH
783 + select BITREVERSE
784 + ---help---
785 + This provides an MTD device driver for the M-Systems DiskOnChip
786 +diff --git a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c b/drivers/net/ethernet/brocade/bna/bnad_ethtool.c
787 +index 31f61a744d66..9473d12ce239 100644
788 +--- a/drivers/net/ethernet/brocade/bna/bnad_ethtool.c
789 ++++ b/drivers/net/ethernet/brocade/bna/bnad_ethtool.c
790 +@@ -541,8 +541,8 @@ bnad_get_strings(struct net_device *netdev, u32 stringset, u8 *string)
791 + for (i = 0; i < BNAD_ETHTOOL_STATS_NUM; i++) {
792 + BUG_ON(!(strlen(bnad_net_stats_strings[i]) <
793 + ETH_GSTRING_LEN));
794 +- memcpy(string, bnad_net_stats_strings[i],
795 +- ETH_GSTRING_LEN);
796 ++ strncpy(string, bnad_net_stats_strings[i],
797 ++ ETH_GSTRING_LEN);
798 + string += ETH_GSTRING_LEN;
799 + }
800 + bmap = bna_tx_rid_mask(&bnad->bna);
801 +diff --git a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
802 +index e84574b1eae7..2a81f6d72140 100644
803 +--- a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
804 ++++ b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
805 +@@ -1826,11 +1826,12 @@ static void e1000_get_ethtool_stats(struct net_device *netdev,
806 + {
807 + struct e1000_adapter *adapter = netdev_priv(netdev);
808 + int i;
809 +- char *p = NULL;
810 + const struct e1000_stats *stat = e1000_gstrings_stats;
811 +
812 + e1000_update_stats(adapter);
813 +- for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++) {
814 ++ for (i = 0; i < E1000_GLOBAL_STATS_LEN; i++, stat++) {
815 ++ char *p;
816 ++
817 + switch (stat->type) {
818 + case NETDEV_STATS:
819 + p = (char *)netdev + stat->stat_offset;
820 +@@ -1841,15 +1842,13 @@ static void e1000_get_ethtool_stats(struct net_device *netdev,
821 + default:
822 + WARN_ONCE(1, "Invalid E1000 stat type: %u index %d\n",
823 + stat->type, i);
824 +- break;
825 ++ continue;
826 + }
827 +
828 + if (stat->sizeof_stat == sizeof(u64))
829 + data[i] = *(u64 *)p;
830 + else
831 + data[i] = *(u32 *)p;
832 +-
833 +- stat++;
834 + }
835 + /* BUG_ON(i != E1000_STATS_LEN); */
836 + }
837 +diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
838 +index dd112aa5cebb..39a09e18c1b7 100644
839 +--- a/drivers/net/ethernet/intel/e1000/e1000_main.c
840 ++++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
841 +@@ -521,8 +521,6 @@ void e1000_down(struct e1000_adapter *adapter)
842 + struct net_device *netdev = adapter->netdev;
843 + u32 rctl, tctl;
844 +
845 +- netif_carrier_off(netdev);
846 +-
847 + /* disable receives in the hardware */
848 + rctl = er32(RCTL);
849 + ew32(RCTL, rctl & ~E1000_RCTL_EN);
850 +@@ -538,6 +536,15 @@ void e1000_down(struct e1000_adapter *adapter)
851 + E1000_WRITE_FLUSH();
852 + msleep(10);
853 +
854 ++ /* Set the carrier off after transmits have been disabled in the
855 ++ * hardware, to avoid race conditions with e1000_watchdog() (which
856 ++ * may be running concurrently to us, checking for the carrier
857 ++ * bit to decide whether it should enable transmits again). Such
858 ++ * a race condition would result into transmission being disabled
859 ++ * in the hardware until the next IFF_DOWN+IFF_UP cycle.
860 ++ */
861 ++ netif_carrier_off(netdev);
862 ++
863 + napi_disable(&adapter->napi);
864 +
865 + e1000_irq_disable(adapter);
866 +diff --git a/drivers/of/of_numa.c b/drivers/of/of_numa.c
867 +index 2db1f7a04baf..0b29ee9ee8c3 100644
868 +--- a/drivers/of/of_numa.c
869 ++++ b/drivers/of/of_numa.c
870 +@@ -126,9 +126,14 @@ static int __init of_numa_parse_distance_map_v1(struct device_node *map)
871 + distance = of_read_number(matrix, 1);
872 + matrix++;
873 +
874 ++ if ((nodea == nodeb && distance != LOCAL_DISTANCE) ||
875 ++ (nodea != nodeb && distance <= LOCAL_DISTANCE)) {
876 ++ pr_err("Invalid distance[node%d -> node%d] = %d\n",
877 ++ nodea, nodeb, distance);
878 ++ return -EINVAL;
879 ++ }
880 ++
881 + numa_set_distance(nodea, nodeb, distance);
882 +- pr_debug("distance[node%d -> node%d] = %d\n",
883 +- nodea, nodeb, distance);
884 +
885 + /* Set default distance of node B->A same as A->B */
886 + if (nodeb > nodea)
887 +diff --git a/drivers/rtc/hctosys.c b/drivers/rtc/hctosys.c
888 +index e79f2a181ad2..b9ec4a16db1f 100644
889 +--- a/drivers/rtc/hctosys.c
890 ++++ b/drivers/rtc/hctosys.c
891 +@@ -50,8 +50,10 @@ static int __init rtc_hctosys(void)
892 + tv64.tv_sec = rtc_tm_to_time64(&tm);
893 +
894 + #if BITS_PER_LONG == 32
895 +- if (tv64.tv_sec > INT_MAX)
896 ++ if (tv64.tv_sec > INT_MAX) {
897 ++ err = -ERANGE;
898 + goto err_read;
899 ++ }
900 + #endif
901 +
902 + err = do_settimeofday64(&tv64);
903 +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
904 +index b6d9e3104b89..2e3a70a6b300 100644
905 +--- a/drivers/scsi/qla2xxx/qla_init.c
906 ++++ b/drivers/scsi/qla2xxx/qla_init.c
907 +@@ -4894,7 +4894,7 @@ qla2x00_abort_isp(scsi_qla_host_t *vha)
908 + * The next call disables the board
909 + * completely.
910 + */
911 +- ha->isp_ops->reset_adapter(vha);
912 ++ qla2x00_abort_isp_cleanup(vha);
913 + vha->flags.online = 0;
914 + clear_bit(ISP_ABORT_RETRY,
915 + &vha->dpc_flags);
916 +diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
917 +index a1b01d66c9ab..bf29ad454118 100644
918 +--- a/drivers/scsi/qla2xxx/qla_mbx.c
919 ++++ b/drivers/scsi/qla2xxx/qla_mbx.c
920 +@@ -3580,10 +3580,7 @@ qla2x00_set_idma_speed(scsi_qla_host_t *vha, uint16_t loop_id,
921 + mcp->mb[0] = MBC_PORT_PARAMS;
922 + mcp->mb[1] = loop_id;
923 + mcp->mb[2] = BIT_0;
924 +- if (IS_CNA_CAPABLE(vha->hw))
925 +- mcp->mb[3] = port_speed & (BIT_5|BIT_4|BIT_3|BIT_2|BIT_1|BIT_0);
926 +- else
927 +- mcp->mb[3] = port_speed & (BIT_2|BIT_1|BIT_0);
928 ++ mcp->mb[3] = port_speed & (BIT_5|BIT_4|BIT_3|BIT_2|BIT_1|BIT_0);
929 + mcp->mb[9] = vha->vp_idx;
930 + mcp->out_mb = MBX_9|MBX_3|MBX_2|MBX_1|MBX_0;
931 + mcp->in_mb = MBX_3|MBX_1|MBX_0;
932 +diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c
933 +index 793395451982..ea6b62cece88 100644
934 +--- a/drivers/tty/serial/sc16is7xx.c
935 ++++ b/drivers/tty/serial/sc16is7xx.c
936 +@@ -661,7 +661,7 @@ static void sc16is7xx_handle_tx(struct uart_port *port)
937 + uart_write_wakeup(port);
938 + }
939 +
940 +-static void sc16is7xx_port_irq(struct sc16is7xx_port *s, int portno)
941 ++static bool sc16is7xx_port_irq(struct sc16is7xx_port *s, int portno)
942 + {
943 + struct uart_port *port = &s->p[portno].port;
944 +
945 +@@ -670,7 +670,7 @@ static void sc16is7xx_port_irq(struct sc16is7xx_port *s, int portno)
946 +
947 + iir = sc16is7xx_port_read(port, SC16IS7XX_IIR_REG);
948 + if (iir & SC16IS7XX_IIR_NO_INT_BIT)
949 +- break;
950 ++ return false;
951 +
952 + iir &= SC16IS7XX_IIR_ID_MASK;
953 +
954 +@@ -692,16 +692,23 @@ static void sc16is7xx_port_irq(struct sc16is7xx_port *s, int portno)
955 + port->line, iir);
956 + break;
957 + }
958 +- } while (1);
959 ++ } while (0);
960 ++ return true;
961 + }
962 +
963 + static void sc16is7xx_ist(struct kthread_work *ws)
964 + {
965 + struct sc16is7xx_port *s = to_sc16is7xx_port(ws, irq_work);
966 +- int i;
967 +
968 +- for (i = 0; i < s->devtype->nr_uart; ++i)
969 +- sc16is7xx_port_irq(s, i);
970 ++ while (1) {
971 ++ bool keep_polling = false;
972 ++ int i;
973 ++
974 ++ for (i = 0; i < s->devtype->nr_uart; ++i)
975 ++ keep_polling |= sc16is7xx_port_irq(s, i);
976 ++ if (!keep_polling)
977 ++ break;
978 ++ }
979 + }
980 +
981 + static irqreturn_t sc16is7xx_irq(int irq, void *dev_id)
982 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
983 +index e6429d419b80..e6c4321d695c 100644
984 +--- a/drivers/tty/tty_io.c
985 ++++ b/drivers/tty/tty_io.c
986 +@@ -354,7 +354,7 @@ struct tty_driver *tty_find_polling_driver(char *name, int *line)
987 + mutex_lock(&tty_mutex);
988 + /* Search through the tty devices to look for a match */
989 + list_for_each_entry(p, &tty_drivers, tty_drivers) {
990 +- if (strncmp(name, p->name, len) != 0)
991 ++ if (!len || strncmp(name, p->name, len) != 0)
992 + continue;
993 + stp = str;
994 + if (*stp == ',')
995 +diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c
996 +index bf36ac9aee41..11bb9a5c700d 100644
997 +--- a/drivers/tty/tty_ioctl.c
998 ++++ b/drivers/tty/tty_ioctl.c
999 +@@ -325,7 +325,7 @@ speed_t tty_termios_baud_rate(struct ktermios *termios)
1000 + else
1001 + cbaud += 15;
1002 + }
1003 +- return baud_table[cbaud];
1004 ++ return cbaud >= n_baud_table ? 0 : baud_table[cbaud];
1005 + }
1006 + EXPORT_SYMBOL(tty_termios_baud_rate);
1007 +
1008 +@@ -361,7 +361,7 @@ speed_t tty_termios_input_baud_rate(struct ktermios *termios)
1009 + else
1010 + cbaud += 15;
1011 + }
1012 +- return baud_table[cbaud];
1013 ++ return cbaud >= n_baud_table ? 0 : baud_table[cbaud];
1014 + #else
1015 + return tty_termios_baud_rate(termios);
1016 + #endif
1017 +diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c
1018 +index 9e36632b6f0e..17f9ad6fdfa5 100644
1019 +--- a/drivers/vhost/scsi.c
1020 ++++ b/drivers/vhost/scsi.c
1021 +@@ -999,7 +999,8 @@ vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
1022 + prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesin);
1023 + }
1024 + /*
1025 +- * Set prot_iter to data_iter, and advance past any
1026 ++ * Set prot_iter to data_iter and truncate it to
1027 ++ * prot_bytes, and advance data_iter past any
1028 + * preceeding prot_bytes that may be present.
1029 + *
1030 + * Also fix up the exp_data_len to reflect only the
1031 +@@ -1008,6 +1009,7 @@ vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
1032 + if (prot_bytes) {
1033 + exp_data_len -= prot_bytes;
1034 + prot_iter = data_iter;
1035 ++ iov_iter_truncate(&prot_iter, prot_bytes);
1036 + iov_iter_advance(&data_iter, prot_bytes);
1037 + }
1038 + tag = vhost64_to_cpu(vq, v_req_pi.tag);
1039 +diff --git a/drivers/video/fbdev/aty/mach64_accel.c b/drivers/video/fbdev/aty/mach64_accel.c
1040 +index 182bd680141f..e9dfe0e40b8b 100644
1041 +--- a/drivers/video/fbdev/aty/mach64_accel.c
1042 ++++ b/drivers/video/fbdev/aty/mach64_accel.c
1043 +@@ -126,7 +126,7 @@ void aty_init_engine(struct atyfb_par *par, struct fb_info *info)
1044 +
1045 + /* set host attributes */
1046 + wait_for_fifo(13, par);
1047 +- aty_st_le32(HOST_CNTL, 0, par);
1048 ++ aty_st_le32(HOST_CNTL, HOST_BYTE_ALIGN, par);
1049 +
1050 + /* set pattern attributes */
1051 + aty_st_le32(PAT_REG0, 0, par);
1052 +@@ -232,7 +232,8 @@ void atyfb_copyarea(struct fb_info *info, const struct fb_copyarea *area)
1053 + rotation = rotation24bpp(dx, direction);
1054 + }
1055 +
1056 +- wait_for_fifo(4, par);
1057 ++ wait_for_fifo(5, par);
1058 ++ aty_st_le32(DP_PIX_WIDTH, par->crtc.dp_pix_width, par);
1059 + aty_st_le32(DP_SRC, FRGD_SRC_BLIT, par);
1060 + aty_st_le32(SRC_Y_X, (sx << 16) | sy, par);
1061 + aty_st_le32(SRC_HEIGHT1_WIDTH1, (width << 16) | area->height, par);
1062 +@@ -268,7 +269,8 @@ void atyfb_fillrect(struct fb_info *info, const struct fb_fillrect *rect)
1063 + rotation = rotation24bpp(dx, DST_X_LEFT_TO_RIGHT);
1064 + }
1065 +
1066 +- wait_for_fifo(3, par);
1067 ++ wait_for_fifo(4, par);
1068 ++ aty_st_le32(DP_PIX_WIDTH, par->crtc.dp_pix_width, par);
1069 + aty_st_le32(DP_FRGD_CLR, color, par);
1070 + aty_st_le32(DP_SRC,
1071 + BKGD_SRC_BKGD_CLR | FRGD_SRC_FRGD_CLR | MONO_SRC_ONE,
1072 +@@ -283,7 +285,7 @@ void atyfb_imageblit(struct fb_info *info, const struct fb_image *image)
1073 + {
1074 + struct atyfb_par *par = (struct atyfb_par *) info->par;
1075 + u32 src_bytes, dx = image->dx, dy = image->dy, width = image->width;
1076 +- u32 pix_width_save, pix_width, host_cntl, rotation = 0, src, mix;
1077 ++ u32 pix_width, rotation = 0, src, mix;
1078 +
1079 + if (par->asleep)
1080 + return;
1081 +@@ -295,8 +297,7 @@ void atyfb_imageblit(struct fb_info *info, const struct fb_image *image)
1082 + return;
1083 + }
1084 +
1085 +- pix_width = pix_width_save = aty_ld_le32(DP_PIX_WIDTH, par);
1086 +- host_cntl = aty_ld_le32(HOST_CNTL, par) | HOST_BYTE_ALIGN;
1087 ++ pix_width = par->crtc.dp_pix_width;
1088 +
1089 + switch (image->depth) {
1090 + case 1:
1091 +@@ -344,7 +345,7 @@ void atyfb_imageblit(struct fb_info *info, const struct fb_image *image)
1092 + * since Rage 3D IIc we have DP_HOST_TRIPLE_EN bit
1093 + * this hwaccelerated triple has an issue with not aligned data
1094 + */
1095 +- if (M64_HAS(HW_TRIPLE) && image->width % 8 == 0)
1096 ++ if (image->depth == 1 && M64_HAS(HW_TRIPLE) && image->width % 8 == 0)
1097 + pix_width |= DP_HOST_TRIPLE_EN;
1098 + }
1099 +
1100 +@@ -369,19 +370,18 @@ void atyfb_imageblit(struct fb_info *info, const struct fb_image *image)
1101 + mix = FRGD_MIX_D_XOR_S | BKGD_MIX_D;
1102 + }
1103 +
1104 +- wait_for_fifo(6, par);
1105 +- aty_st_le32(DP_WRITE_MASK, 0xFFFFFFFF, par);
1106 ++ wait_for_fifo(5, par);
1107 + aty_st_le32(DP_PIX_WIDTH, pix_width, par);
1108 + aty_st_le32(DP_MIX, mix, par);
1109 + aty_st_le32(DP_SRC, src, par);
1110 +- aty_st_le32(HOST_CNTL, host_cntl, par);
1111 ++ aty_st_le32(HOST_CNTL, HOST_BYTE_ALIGN, par);
1112 + aty_st_le32(DST_CNTL, DST_Y_TOP_TO_BOTTOM | DST_X_LEFT_TO_RIGHT | rotation, par);
1113 +
1114 + draw_rect(dx, dy, width, image->height, par);
1115 + src_bytes = (((image->width * image->depth) + 7) / 8) * image->height;
1116 +
1117 + /* manual triple each pixel */
1118 +- if (info->var.bits_per_pixel == 24 && !(pix_width & DP_HOST_TRIPLE_EN)) {
1119 ++ if (image->depth == 1 && info->var.bits_per_pixel == 24 && !(pix_width & DP_HOST_TRIPLE_EN)) {
1120 + int inbit, outbit, mult24, byte_id_in_dword, width;
1121 + u8 *pbitmapin = (u8*)image->data, *pbitmapout;
1122 + u32 hostdword;
1123 +@@ -414,7 +414,7 @@ void atyfb_imageblit(struct fb_info *info, const struct fb_image *image)
1124 + }
1125 + }
1126 + wait_for_fifo(1, par);
1127 +- aty_st_le32(HOST_DATA0, hostdword, par);
1128 ++ aty_st_le32(HOST_DATA0, le32_to_cpu(hostdword), par);
1129 + }
1130 + } else {
1131 + u32 *pbitmap, dwords = (src_bytes + 3) / 4;
1132 +@@ -423,8 +423,4 @@ void atyfb_imageblit(struct fb_info *info, const struct fb_image *image)
1133 + aty_st_le32(HOST_DATA0, get_unaligned_le32(pbitmap), par);
1134 + }
1135 + }
1136 +-
1137 +- /* restore pix_width */
1138 +- wait_for_fifo(1, par);
1139 +- aty_st_le32(DP_PIX_WIDTH, pix_width_save, par);
1140 + }
1141 +diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
1142 +index d7b78d531e63..398a3eddb2df 100644
1143 +--- a/fs/9p/vfs_file.c
1144 ++++ b/fs/9p/vfs_file.c
1145 +@@ -204,6 +204,14 @@ static int v9fs_file_do_lock(struct file *filp, int cmd, struct file_lock *fl)
1146 + break;
1147 + if (schedule_timeout_interruptible(P9_LOCK_TIMEOUT) != 0)
1148 + break;
1149 ++ /*
1150 ++ * p9_client_lock_dotl overwrites flock.client_id with the
1151 ++ * server message, free and reuse the client name
1152 ++ */
1153 ++ if (flock.client_id != fid->clnt->name) {
1154 ++ kfree(flock.client_id);
1155 ++ flock.client_id = fid->clnt->name;
1156 ++ }
1157 + }
1158 +
1159 + /* map 9p status to VFS status */
1160 +@@ -235,6 +243,8 @@ out_unlock:
1161 + locks_lock_file_wait(filp, fl);
1162 + fl->fl_type = fl_type;
1163 + }
1164 ++ if (flock.client_id != fid->clnt->name)
1165 ++ kfree(flock.client_id);
1166 + out:
1167 + return res;
1168 + }
1169 +@@ -269,7 +279,7 @@ static int v9fs_file_getlock(struct file *filp, struct file_lock *fl)
1170 +
1171 + res = p9_client_getlock_dotl(fid, &glock);
1172 + if (res < 0)
1173 +- return res;
1174 ++ goto out;
1175 + /* map 9p lock type to os lock type */
1176 + switch (glock.type) {
1177 + case P9_LOCK_TYPE_RDLCK:
1178 +@@ -290,7 +300,9 @@ static int v9fs_file_getlock(struct file *filp, struct file_lock *fl)
1179 + fl->fl_end = glock.start + glock.length - 1;
1180 + fl->fl_pid = glock.proc_id;
1181 + }
1182 +- kfree(glock.client_id);
1183 ++out:
1184 ++ if (glock.client_id != fid->clnt->name)
1185 ++ kfree(glock.client_id);
1186 + return res;
1187 + }
1188 +
1189 +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
1190 +index 17e143d91fa9..1b1a9e35e082 100644
1191 +--- a/fs/btrfs/inode.c
1192 ++++ b/fs/btrfs/inode.c
1193 +@@ -1548,12 +1548,11 @@ out_check:
1194 + }
1195 + btrfs_release_path(path);
1196 +
1197 +- if (cur_offset <= end && cow_start == (u64)-1) {
1198 ++ if (cur_offset <= end && cow_start == (u64)-1)
1199 + cow_start = cur_offset;
1200 +- cur_offset = end;
1201 +- }
1202 +
1203 + if (cow_start != (u64)-1) {
1204 ++ cur_offset = end;
1205 + ret = cow_file_range(inode, locked_page, cow_start, end, end,
1206 + page_started, nr_written, 1, NULL);
1207 + if (ret)
1208 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
1209 +index cbf512b64597..96ad2778405b 100644
1210 +--- a/fs/btrfs/ioctl.c
1211 ++++ b/fs/btrfs/ioctl.c
1212 +@@ -3911,9 +3911,17 @@ static noinline int btrfs_clone_files(struct file *file, struct file *file_src,
1213 + goto out_unlock;
1214 + if (len == 0)
1215 + olen = len = src->i_size - off;
1216 +- /* if we extend to eof, continue to block boundary */
1217 +- if (off + len == src->i_size)
1218 ++ /*
1219 ++ * If we extend to eof, continue to block boundary if and only if the
1220 ++ * destination end offset matches the destination file's size, otherwise
1221 ++ * we would be corrupting data by placing the eof block into the middle
1222 ++ * of a file.
1223 ++ */
1224 ++ if (off + len == src->i_size) {
1225 ++ if (!IS_ALIGNED(len, bs) && destoff + len < inode->i_size)
1226 ++ goto out_unlock;
1227 + len = ALIGN(src->i_size, bs) - off;
1228 ++ }
1229 +
1230 + if (len == 0) {
1231 + ret = 0;
1232 +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
1233 +index 1f754336f801..30d9d9e7057d 100644
1234 +--- a/fs/ceph/inode.c
1235 ++++ b/fs/ceph/inode.c
1236 +@@ -1077,8 +1077,12 @@ static struct dentry *splice_dentry(struct dentry *dn, struct inode *in)
1237 + if (IS_ERR(realdn)) {
1238 + pr_err("splice_dentry error %ld %p inode %p ino %llx.%llx\n",
1239 + PTR_ERR(realdn), dn, in, ceph_vinop(in));
1240 +- dput(dn);
1241 +- dn = realdn; /* note realdn contains the error */
1242 ++ dn = realdn;
1243 ++ /*
1244 ++ * Caller should release 'dn' in the case of error.
1245 ++ * If 'req->r_dentry' is passed to this function,
1246 ++ * caller should leave 'req->r_dentry' untouched.
1247 ++ */
1248 + goto out;
1249 + } else if (realdn) {
1250 + dout("dn %p (%d) spliced with %p (%d) "
1251 +diff --git a/fs/configfs/symlink.c b/fs/configfs/symlink.c
1252 +index 314b4edac72b..fea6db1ee065 100644
1253 +--- a/fs/configfs/symlink.c
1254 ++++ b/fs/configfs/symlink.c
1255 +@@ -64,7 +64,7 @@ static void fill_item_path(struct config_item * item, char * buffer, int length)
1256 +
1257 + /* back up enough to print this bus id with '/' */
1258 + length -= cur;
1259 +- strncpy(buffer + length,config_item_name(p),cur);
1260 ++ memcpy(buffer + length, config_item_name(p), cur);
1261 + *(buffer + --length) = '/';
1262 + }
1263 + }
1264 +diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
1265 +index bc727c393a89..3c3757ee11f0 100644
1266 +--- a/fs/ext4/namei.c
1267 ++++ b/fs/ext4/namei.c
1268 +@@ -124,6 +124,7 @@ static struct buffer_head *__ext4_read_dirblock(struct inode *inode,
1269 + if (!is_dx_block && type == INDEX) {
1270 + ext4_error_inode(inode, func, line, block,
1271 + "directory leaf block found instead of index block");
1272 ++ brelse(bh);
1273 + return ERR_PTR(-EFSCORRUPTED);
1274 + }
1275 + if (!ext4_has_metadata_csum(inode->i_sb) ||
1276 +@@ -2842,7 +2843,9 @@ int ext4_orphan_add(handle_t *handle, struct inode *inode)
1277 + list_del_init(&EXT4_I(inode)->i_orphan);
1278 + mutex_unlock(&sbi->s_orphan_lock);
1279 + }
1280 +- }
1281 ++ } else
1282 ++ brelse(iloc.bh);
1283 ++
1284 + jbd_debug(4, "superblock will point to %lu\n", inode->i_ino);
1285 + jbd_debug(4, "orphan inode %lu will point to %d\n",
1286 + inode->i_ino, NEXT_ORPHAN(inode));
1287 +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
1288 +index 1da301ee78ce..9be605c63ae1 100644
1289 +--- a/fs/ext4/resize.c
1290 ++++ b/fs/ext4/resize.c
1291 +@@ -442,16 +442,18 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
1292 +
1293 + BUFFER_TRACE(bh, "get_write_access");
1294 + err = ext4_journal_get_write_access(handle, bh);
1295 +- if (err)
1296 ++ if (err) {
1297 ++ brelse(bh);
1298 + return err;
1299 ++ }
1300 + ext4_debug("mark block bitmap %#04llx (+%llu/%u)\n", block,
1301 + block - start, count2);
1302 + ext4_set_bits(bh->b_data, block - start, count2);
1303 +
1304 + err = ext4_handle_dirty_metadata(handle, NULL, bh);
1305 ++ brelse(bh);
1306 + if (unlikely(err))
1307 + return err;
1308 +- brelse(bh);
1309 + }
1310 +
1311 + return 0;
1312 +@@ -588,7 +590,6 @@ handle_bb:
1313 + bh = bclean(handle, sb, block);
1314 + if (IS_ERR(bh)) {
1315 + err = PTR_ERR(bh);
1316 +- bh = NULL;
1317 + goto out;
1318 + }
1319 + overhead = ext4_group_overhead_blocks(sb, group);
1320 +@@ -600,9 +601,9 @@ handle_bb:
1321 + ext4_mark_bitmap_end(group_data[i].blocks_count,
1322 + sb->s_blocksize * 8, bh->b_data);
1323 + err = ext4_handle_dirty_metadata(handle, NULL, bh);
1324 ++ brelse(bh);
1325 + if (err)
1326 + goto out;
1327 +- brelse(bh);
1328 +
1329 + handle_ib:
1330 + if (bg_flags[i] & EXT4_BG_INODE_UNINIT)
1331 +@@ -617,18 +618,16 @@ handle_ib:
1332 + bh = bclean(handle, sb, block);
1333 + if (IS_ERR(bh)) {
1334 + err = PTR_ERR(bh);
1335 +- bh = NULL;
1336 + goto out;
1337 + }
1338 +
1339 + ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb),
1340 + sb->s_blocksize * 8, bh->b_data);
1341 + err = ext4_handle_dirty_metadata(handle, NULL, bh);
1342 ++ brelse(bh);
1343 + if (err)
1344 + goto out;
1345 +- brelse(bh);
1346 + }
1347 +- bh = NULL;
1348 +
1349 + /* Mark group tables in block bitmap */
1350 + for (j = 0; j < GROUP_TABLE_COUNT; j++) {
1351 +@@ -659,7 +658,6 @@ handle_ib:
1352 + }
1353 +
1354 + out:
1355 +- brelse(bh);
1356 + err2 = ext4_journal_stop(handle);
1357 + if (err2 && !err)
1358 + err = err2;
1359 +@@ -846,6 +844,7 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
1360 + err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh);
1361 + if (unlikely(err)) {
1362 + ext4_std_error(sb, err);
1363 ++ iloc.bh = NULL;
1364 + goto exit_inode;
1365 + }
1366 + brelse(dind);
1367 +@@ -897,6 +896,7 @@ static int add_new_gdb_meta_bg(struct super_block *sb,
1368 + sizeof(struct buffer_head *),
1369 + GFP_NOFS);
1370 + if (!n_group_desc) {
1371 ++ brelse(gdb_bh);
1372 + err = -ENOMEM;
1373 + ext4_warning(sb, "not enough memory for %lu groups",
1374 + gdb_num + 1);
1375 +@@ -912,8 +912,6 @@ static int add_new_gdb_meta_bg(struct super_block *sb,
1376 + kvfree(o_group_desc);
1377 + BUFFER_TRACE(gdb_bh, "get_write_access");
1378 + err = ext4_journal_get_write_access(handle, gdb_bh);
1379 +- if (unlikely(err))
1380 +- brelse(gdb_bh);
1381 + return err;
1382 + }
1383 +
1384 +@@ -1095,8 +1093,10 @@ static void update_backups(struct super_block *sb, sector_t blk_off, char *data,
1385 + backup_block, backup_block -
1386 + ext4_group_first_block_no(sb, group));
1387 + BUFFER_TRACE(bh, "get_write_access");
1388 +- if ((err = ext4_journal_get_write_access(handle, bh)))
1389 ++ if ((err = ext4_journal_get_write_access(handle, bh))) {
1390 ++ brelse(bh);
1391 + break;
1392 ++ }
1393 + lock_buffer(bh);
1394 + memcpy(bh->b_data, data, size);
1395 + if (rest)
1396 +@@ -1991,7 +1991,7 @@ retry:
1397 +
1398 + err = ext4_alloc_flex_bg_array(sb, n_group + 1);
1399 + if (err)
1400 +- return err;
1401 ++ goto out;
1402 +
1403 + err = ext4_mb_alloc_groupinfo(sb, n_group + 1);
1404 + if (err)
1405 +@@ -2027,6 +2027,10 @@ retry:
1406 + n_blocks_count_retry = 0;
1407 + free_flex_gd(flex_gd);
1408 + flex_gd = NULL;
1409 ++ if (resize_inode) {
1410 ++ iput(resize_inode);
1411 ++ resize_inode = NULL;
1412 ++ }
1413 + goto retry;
1414 + }
1415 +
1416 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
1417 +index f88d4804c3a8..75177eb498ed 100644
1418 +--- a/fs/ext4/super.c
1419 ++++ b/fs/ext4/super.c
1420 +@@ -3897,6 +3897,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
1421 + sbi->s_groups_count = blocks_count;
1422 + sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count,
1423 + (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb)));
1424 ++ if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) !=
1425 ++ le32_to_cpu(es->s_inodes_count)) {
1426 ++ ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu",
1427 ++ le32_to_cpu(es->s_inodes_count),
1428 ++ ((u64)sbi->s_groups_count * sbi->s_inodes_per_group));
1429 ++ ret = -EINVAL;
1430 ++ goto failed_mount;
1431 ++ }
1432 + db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) /
1433 + EXT4_DESC_PER_BLOCK(sb);
1434 + if (ext4_has_feature_meta_bg(sb)) {
1435 +@@ -3916,14 +3924,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
1436 + ret = -ENOMEM;
1437 + goto failed_mount;
1438 + }
1439 +- if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) !=
1440 +- le32_to_cpu(es->s_inodes_count)) {
1441 +- ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu",
1442 +- le32_to_cpu(es->s_inodes_count),
1443 +- ((u64)sbi->s_groups_count * sbi->s_inodes_per_group));
1444 +- ret = -EINVAL;
1445 +- goto failed_mount;
1446 +- }
1447 +
1448 + bgl_lock_init(sbi->s_blockgroup_lock);
1449 +
1450 +@@ -4305,6 +4305,7 @@ failed_mount6:
1451 + percpu_counter_destroy(&sbi->s_freeinodes_counter);
1452 + percpu_counter_destroy(&sbi->s_dirs_counter);
1453 + percpu_counter_destroy(&sbi->s_dirtyclusters_counter);
1454 ++ percpu_free_rwsem(&sbi->s_journal_flag_rwsem);
1455 + failed_mount5:
1456 + ext4_ext_release(sb);
1457 + ext4_release_system_zone(sb);
1458 +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
1459 +index 38385bcb9148..22f765069655 100644
1460 +--- a/fs/ext4/xattr.c
1461 ++++ b/fs/ext4/xattr.c
1462 +@@ -1221,6 +1221,8 @@ ext4_xattr_set_handle(handle_t *handle, struct inode *inode, int name_index,
1463 + error = ext4_xattr_block_set(handle, inode, &i, &bs);
1464 + } else if (error == -ENOSPC) {
1465 + if (EXT4_I(inode)->i_file_acl && !bs.s.base) {
1466 ++ brelse(bs.bh);
1467 ++ bs.bh = NULL;
1468 + error = ext4_xattr_block_find(inode, &i, &bs);
1469 + if (error)
1470 + goto cleanup;
1471 +@@ -1391,6 +1393,8 @@ out:
1472 + kfree(buffer);
1473 + if (is)
1474 + brelse(is->iloc.bh);
1475 ++ if (bs)
1476 ++ brelse(bs->bh);
1477 + kfree(is);
1478 + kfree(bs);
1479 +
1480 +diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
1481 +index c94bab6103f5..b4253181b5d4 100644
1482 +--- a/fs/fuse/dev.c
1483 ++++ b/fs/fuse/dev.c
1484 +@@ -383,12 +383,19 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req)
1485 + if (test_bit(FR_BACKGROUND, &req->flags)) {
1486 + spin_lock(&fc->lock);
1487 + clear_bit(FR_BACKGROUND, &req->flags);
1488 +- if (fc->num_background == fc->max_background)
1489 ++ if (fc->num_background == fc->max_background) {
1490 + fc->blocked = 0;
1491 +-
1492 +- /* Wake up next waiter, if any */
1493 +- if (!fc->blocked && waitqueue_active(&fc->blocked_waitq))
1494 + wake_up(&fc->blocked_waitq);
1495 ++ } else if (!fc->blocked) {
1496 ++ /*
1497 ++ * Wake up next waiter, if any. It's okay to use
1498 ++ * waitqueue_active(), as we've already synced up
1499 ++ * fc->blocked with waiters with the wake_up() call
1500 ++ * above.
1501 ++ */
1502 ++ if (waitqueue_active(&fc->blocked_waitq))
1503 ++ wake_up(&fc->blocked_waitq);
1504 ++ }
1505 +
1506 + if (fc->num_background == fc->congestion_threshold &&
1507 + fc->connected && fc->bdi_initialized) {
1508 +@@ -1303,12 +1310,14 @@ static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
1509 + goto out_end;
1510 + }
1511 + list_move_tail(&req->list, &fpq->processing);
1512 +- spin_unlock(&fpq->lock);
1513 ++ __fuse_get_request(req);
1514 + set_bit(FR_SENT, &req->flags);
1515 ++ spin_unlock(&fpq->lock);
1516 + /* matches barrier in request_wait_answer() */
1517 + smp_mb__after_atomic();
1518 + if (test_bit(FR_INTERRUPTED, &req->flags))
1519 + queue_interrupt(fiq, req);
1520 ++ fuse_put_request(fc, req);
1521 +
1522 + return reqsize;
1523 +
1524 +@@ -1706,8 +1715,10 @@ static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode,
1525 + req->in.args[1].size = total_len;
1526 +
1527 + err = fuse_request_send_notify_reply(fc, req, outarg->notify_unique);
1528 +- if (err)
1529 ++ if (err) {
1530 + fuse_retrieve_end(fc, req);
1531 ++ fuse_put_request(fc, req);
1532 ++ }
1533 +
1534 + return err;
1535 + }
1536 +@@ -1866,16 +1877,20 @@ static ssize_t fuse_dev_do_write(struct fuse_dev *fud,
1537 +
1538 + /* Is it an interrupt reply? */
1539 + if (req->intr_unique == oh.unique) {
1540 ++ __fuse_get_request(req);
1541 + spin_unlock(&fpq->lock);
1542 +
1543 + err = -EINVAL;
1544 +- if (nbytes != sizeof(struct fuse_out_header))
1545 ++ if (nbytes != sizeof(struct fuse_out_header)) {
1546 ++ fuse_put_request(fc, req);
1547 + goto err_finish;
1548 ++ }
1549 +
1550 + if (oh.error == -ENOSYS)
1551 + fc->no_interrupt = 1;
1552 + else if (oh.error == -EAGAIN)
1553 + queue_interrupt(&fc->iq, req);
1554 ++ fuse_put_request(fc, req);
1555 +
1556 + fuse_copy_finish(cs);
1557 + return nbytes;
1558 +diff --git a/fs/fuse/file.c b/fs/fuse/file.c
1559 +index 4408abf6675b..1cd46e667e3d 100644
1560 +--- a/fs/fuse/file.c
1561 ++++ b/fs/fuse/file.c
1562 +@@ -2900,10 +2900,12 @@ fuse_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
1563 + }
1564 +
1565 + if (io->async) {
1566 ++ bool blocking = io->blocking;
1567 ++
1568 + fuse_aio_complete(io, ret < 0 ? ret : 0, -1);
1569 +
1570 + /* we have a non-extending, async request, so return */
1571 +- if (!io->blocking)
1572 ++ if (!blocking)
1573 + return -EIOCBQUEUED;
1574 +
1575 + wait_for_completion(&wait);
1576 +diff --git a/fs/namespace.c b/fs/namespace.c
1577 +index 0a9e766b4087..41f906a6f5d9 100644
1578 +--- a/fs/namespace.c
1579 ++++ b/fs/namespace.c
1580 +@@ -1599,8 +1599,13 @@ static int do_umount(struct mount *mnt, int flags)
1581 +
1582 + namespace_lock();
1583 + lock_mount_hash();
1584 +- event++;
1585 +
1586 ++ /* Recheck MNT_LOCKED with the locks held */
1587 ++ retval = -EINVAL;
1588 ++ if (mnt->mnt.mnt_flags & MNT_LOCKED)
1589 ++ goto out;
1590 ++
1591 ++ event++;
1592 + if (flags & MNT_DETACH) {
1593 + if (!list_empty(&mnt->mnt_list))
1594 + umount_tree(mnt, UMOUNT_PROPAGATE);
1595 +@@ -1614,6 +1619,7 @@ static int do_umount(struct mount *mnt, int flags)
1596 + retval = 0;
1597 + }
1598 + }
1599 ++out:
1600 + unlock_mount_hash();
1601 + namespace_unlock();
1602 + return retval;
1603 +@@ -1704,7 +1710,7 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
1604 + goto dput_and_out;
1605 + if (!check_mnt(mnt))
1606 + goto dput_and_out;
1607 +- if (mnt->mnt.mnt_flags & MNT_LOCKED)
1608 ++ if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
1609 + goto dput_and_out;
1610 + retval = -EPERM;
1611 + if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
1612 +@@ -1782,8 +1788,14 @@ struct mount *copy_tree(struct mount *mnt, struct dentry *dentry,
1613 + for (s = r; s; s = next_mnt(s, r)) {
1614 + if (!(flag & CL_COPY_UNBINDABLE) &&
1615 + IS_MNT_UNBINDABLE(s)) {
1616 +- s = skip_mnt_tree(s);
1617 +- continue;
1618 ++ if (s->mnt.mnt_flags & MNT_LOCKED) {
1619 ++ /* Both unbindable and locked. */
1620 ++ q = ERR_PTR(-EPERM);
1621 ++ goto out;
1622 ++ } else {
1623 ++ s = skip_mnt_tree(s);
1624 ++ continue;
1625 ++ }
1626 + }
1627 + if (!(flag & CL_COPY_MNT_NS_FILE) &&
1628 + is_mnt_ns_file(s->mnt.mnt_root)) {
1629 +@@ -1836,7 +1848,7 @@ void drop_collected_mounts(struct vfsmount *mnt)
1630 + {
1631 + namespace_lock();
1632 + lock_mount_hash();
1633 +- umount_tree(real_mount(mnt), UMOUNT_SYNC);
1634 ++ umount_tree(real_mount(mnt), 0);
1635 + unlock_mount_hash();
1636 + namespace_unlock();
1637 + }
1638 +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
1639 +index e9495516527d..66985a6a7047 100644
1640 +--- a/fs/nfsd/nfs4proc.c
1641 ++++ b/fs/nfsd/nfs4proc.c
1642 +@@ -1016,6 +1016,9 @@ nfsd4_verify_copy(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
1643 + {
1644 + __be32 status;
1645 +
1646 ++ if (!cstate->save_fh.fh_dentry)
1647 ++ return nfserr_nofilehandle;
1648 ++
1649 + status = nfs4_preprocess_stateid_op(rqstp, cstate, &cstate->save_fh,
1650 + src_stateid, RD_STATE, src, NULL);
1651 + if (status) {
1652 +diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
1653 +index 3ecb9f337b7d..20e610419501 100644
1654 +--- a/fs/ocfs2/dir.c
1655 ++++ b/fs/ocfs2/dir.c
1656 +@@ -1896,8 +1896,7 @@ static int ocfs2_dir_foreach_blk_el(struct inode *inode,
1657 + /* On error, skip the f_pos to the
1658 + next block. */
1659 + ctx->pos = (ctx->pos | (sb->s_blocksize - 1)) + 1;
1660 +- brelse(bh);
1661 +- continue;
1662 ++ break;
1663 + }
1664 + if (le64_to_cpu(de->inode)) {
1665 + unsigned char d_type = DT_UNKNOWN;
1666 +diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h
1667 +index 1816c5e26581..a8a574897d3c 100644
1668 +--- a/include/linux/ceph/libceph.h
1669 ++++ b/include/linux/ceph/libceph.h
1670 +@@ -77,7 +77,13 @@ struct ceph_options {
1671 +
1672 + #define CEPH_MSG_MAX_FRONT_LEN (16*1024*1024)
1673 + #define CEPH_MSG_MAX_MIDDLE_LEN (16*1024*1024)
1674 +-#define CEPH_MSG_MAX_DATA_LEN (16*1024*1024)
1675 ++
1676 ++/*
1677 ++ * Handle the largest possible rbd object in one message.
1678 ++ * There is no limit on the size of cephfs objects, but it has to obey
1679 ++ * rsize and wsize mount options anyway.
1680 ++ */
1681 ++#define CEPH_MSG_MAX_DATA_LEN (32*1024*1024)
1682 +
1683 + #define CEPH_AUTH_NAME_DEFAULT "guest"
1684 +
1685 +diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
1686 +index 48c76d612d40..b699d59d0f4f 100644
1687 +--- a/include/linux/hugetlb.h
1688 ++++ b/include/linux/hugetlb.h
1689 +@@ -109,6 +109,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm,
1690 + unsigned long addr, unsigned long sz);
1691 + pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr);
1692 + int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep);
1693 ++void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
1694 ++ unsigned long *start, unsigned long *end);
1695 + struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address,
1696 + int write);
1697 + struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
1698 +@@ -131,6 +133,18 @@ static inline unsigned long hugetlb_total_pages(void)
1699 + return 0;
1700 + }
1701 +
1702 ++static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr,
1703 ++ pte_t *ptep)
1704 ++{
1705 ++ return 0;
1706 ++}
1707 ++
1708 ++static inline void adjust_range_if_pmd_sharing_possible(
1709 ++ struct vm_area_struct *vma,
1710 ++ unsigned long *start, unsigned long *end)
1711 ++{
1712 ++}
1713 ++
1714 + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w) ({ BUG(); 0; })
1715 + #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL)
1716 + #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; })
1717 +diff --git a/include/linux/i8253.h b/include/linux/i8253.h
1718 +index e6bb36a97519..8336b2f6f834 100644
1719 +--- a/include/linux/i8253.h
1720 ++++ b/include/linux/i8253.h
1721 +@@ -21,6 +21,7 @@
1722 + #define PIT_LATCH ((PIT_TICK_RATE + HZ/2) / HZ)
1723 +
1724 + extern raw_spinlock_t i8253_lock;
1725 ++extern bool i8253_clear_counter_on_shutdown;
1726 + extern struct clock_event_device i8253_clockevent;
1727 + extern void clockevent_i8253_init(bool oneshot);
1728 +
1729 +diff --git a/include/linux/mm.h b/include/linux/mm.h
1730 +index 493d07931ea5..11a5a46ce72b 100644
1731 +--- a/include/linux/mm.h
1732 ++++ b/include/linux/mm.h
1733 +@@ -2187,6 +2187,12 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
1734 + return vma;
1735 + }
1736 +
1737 ++static inline bool range_in_vma(struct vm_area_struct *vma,
1738 ++ unsigned long start, unsigned long end)
1739 ++{
1740 ++ return (vma && vma->vm_start <= start && end <= vma->vm_end);
1741 ++}
1742 ++
1743 + #ifdef CONFIG_MMU
1744 + pgprot_t vm_get_page_prot(unsigned long vm_flags);
1745 + void vma_set_page_prot(struct vm_area_struct *vma);
1746 +diff --git a/lib/ubsan.c b/lib/ubsan.c
1747 +index 50d1d5c25deb..60e108c5c173 100644
1748 +--- a/lib/ubsan.c
1749 ++++ b/lib/ubsan.c
1750 +@@ -451,8 +451,7 @@ void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data,
1751 + EXPORT_SYMBOL(__ubsan_handle_shift_out_of_bounds);
1752 +
1753 +
1754 +-void __noreturn
1755 +-__ubsan_handle_builtin_unreachable(struct unreachable_data *data)
1756 ++void __ubsan_handle_builtin_unreachable(struct unreachable_data *data)
1757 + {
1758 + unsigned long flags;
1759 +
1760 +diff --git a/mm/gup.c b/mm/gup.c
1761 +index be4ccddac26f..d71da7216c6e 100644
1762 +--- a/mm/gup.c
1763 ++++ b/mm/gup.c
1764 +@@ -1122,8 +1122,6 @@ int __mm_populate(unsigned long start, unsigned long len, int ignore_errors)
1765 + int locked = 0;
1766 + long ret = 0;
1767 +
1768 +- VM_BUG_ON(start & ~PAGE_MASK);
1769 +- VM_BUG_ON(len != PAGE_ALIGN(len));
1770 + end = start + len;
1771 +
1772 + for (nstart = start; nstart < end; nstart = nend) {
1773 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1774 +index 9c566e4b06ce..5e3a4db36310 100644
1775 +--- a/mm/hugetlb.c
1776 ++++ b/mm/hugetlb.c
1777 +@@ -3220,7 +3220,7 @@ static int is_hugetlb_entry_hwpoisoned(pte_t pte)
1778 + int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
1779 + struct vm_area_struct *vma)
1780 + {
1781 +- pte_t *src_pte, *dst_pte, entry;
1782 ++ pte_t *src_pte, *dst_pte, entry, dst_entry;
1783 + struct page *ptepage;
1784 + unsigned long addr;
1785 + int cow;
1786 +@@ -3248,15 +3248,30 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
1787 + break;
1788 + }
1789 +
1790 +- /* If the pagetables are shared don't copy or take references */
1791 +- if (dst_pte == src_pte)
1792 ++ /*
1793 ++ * If the pagetables are shared don't copy or take references.
1794 ++ * dst_pte == src_pte is the common case of src/dest sharing.
1795 ++ *
1796 ++ * However, src could have 'unshared' and dst shares with
1797 ++ * another vma. If dst_pte !none, this implies sharing.
1798 ++ * Check here before taking page table lock, and once again
1799 ++ * after taking the lock below.
1800 ++ */
1801 ++ dst_entry = huge_ptep_get(dst_pte);
1802 ++ if ((dst_pte == src_pte) || !huge_pte_none(dst_entry))
1803 + continue;
1804 +
1805 + dst_ptl = huge_pte_lock(h, dst, dst_pte);
1806 + src_ptl = huge_pte_lockptr(h, src, src_pte);
1807 + spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING);
1808 + entry = huge_ptep_get(src_pte);
1809 +- if (huge_pte_none(entry)) { /* skip none entry */
1810 ++ dst_entry = huge_ptep_get(dst_pte);
1811 ++ if (huge_pte_none(entry) || !huge_pte_none(dst_entry)) {
1812 ++ /*
1813 ++ * Skip if src entry none. Also, skip in the
1814 ++ * unlikely case dst entry !none as this implies
1815 ++ * sharing with another vma.
1816 ++ */
1817 + ;
1818 + } else if (unlikely(is_hugetlb_entry_migration(entry) ||
1819 + is_hugetlb_entry_hwpoisoned(entry))) {
1820 +@@ -4318,12 +4333,40 @@ static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr)
1821 + /*
1822 + * check on proper vm_flags and page table alignment
1823 + */
1824 +- if (vma->vm_flags & VM_MAYSHARE &&
1825 +- vma->vm_start <= base && end <= vma->vm_end)
1826 ++ if (vma->vm_flags & VM_MAYSHARE && range_in_vma(vma, base, end))
1827 + return true;
1828 + return false;
1829 + }
1830 +
1831 ++/*
1832 ++ * Determine if start,end range within vma could be mapped by shared pmd.
1833 ++ * If yes, adjust start and end to cover range associated with possible
1834 ++ * shared pmd mappings.
1835 ++ */
1836 ++void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
1837 ++ unsigned long *start, unsigned long *end)
1838 ++{
1839 ++ unsigned long check_addr = *start;
1840 ++
1841 ++ if (!(vma->vm_flags & VM_MAYSHARE))
1842 ++ return;
1843 ++
1844 ++ for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) {
1845 ++ unsigned long a_start = check_addr & PUD_MASK;
1846 ++ unsigned long a_end = a_start + PUD_SIZE;
1847 ++
1848 ++ /*
1849 ++ * If sharing is possible, adjust start/end if necessary.
1850 ++ */
1851 ++ if (range_in_vma(vma, a_start, a_end)) {
1852 ++ if (a_start < *start)
1853 ++ *start = a_start;
1854 ++ if (a_end > *end)
1855 ++ *end = a_end;
1856 ++ }
1857 ++ }
1858 ++}
1859 ++
1860 + /*
1861 + * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc()
1862 + * and returns the corresponding pte. While this is not necessary for the
1863 +@@ -4420,6 +4463,11 @@ int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep)
1864 + {
1865 + return 0;
1866 + }
1867 ++
1868 ++void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
1869 ++ unsigned long *start, unsigned long *end)
1870 ++{
1871 ++}
1872 + #define want_pmd_share() (0)
1873 + #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */
1874 +
1875 +diff --git a/mm/mempolicy.c b/mm/mempolicy.c
1876 +index 69c4a0c92ebb..e21d9b44247b 100644
1877 +--- a/mm/mempolicy.c
1878 ++++ b/mm/mempolicy.c
1879 +@@ -2027,8 +2027,36 @@ retry_cpuset:
1880 + nmask = policy_nodemask(gfp, pol);
1881 + if (!nmask || node_isset(hpage_node, *nmask)) {
1882 + mpol_cond_put(pol);
1883 +- page = __alloc_pages_node(hpage_node,
1884 +- gfp | __GFP_THISNODE, order);
1885 ++ /*
1886 ++ * We cannot invoke reclaim if __GFP_THISNODE
1887 ++ * is set. Invoking reclaim with
1888 ++ * __GFP_THISNODE set, would cause THP
1889 ++ * allocations to trigger heavy swapping
1890 ++ * despite there may be tons of free memory
1891 ++ * (including potentially plenty of THP
1892 ++ * already available in the buddy) on all the
1893 ++ * other NUMA nodes.
1894 ++ *
1895 ++ * At most we could invoke compaction when
1896 ++ * __GFP_THISNODE is set (but we would need to
1897 ++ * refrain from invoking reclaim even if
1898 ++ * compaction returned COMPACT_SKIPPED because
1899 ++ * there wasn't not enough memory to succeed
1900 ++ * compaction). For now just avoid
1901 ++ * __GFP_THISNODE instead of limiting the
1902 ++ * allocation path to a strict and single
1903 ++ * compaction invocation.
1904 ++ *
1905 ++ * Supposedly if direct reclaim was enabled by
1906 ++ * the caller, the app prefers THP regardless
1907 ++ * of the node it comes from so this would be
1908 ++ * more desiderable behavior than only
1909 ++ * providing THP originated from the local
1910 ++ * node in such case.
1911 ++ */
1912 ++ if (!(gfp & __GFP_DIRECT_RECLAIM))
1913 ++ gfp |= __GFP_THISNODE;
1914 ++ page = __alloc_pages_node(hpage_node, gfp, order);
1915 + goto out;
1916 + }
1917 + }
1918 +diff --git a/mm/mmap.c b/mm/mmap.c
1919 +index aa97074a4a99..283755645d17 100644
1920 +--- a/mm/mmap.c
1921 ++++ b/mm/mmap.c
1922 +@@ -2876,21 +2876,15 @@ static inline void verify_mm_writelocked(struct mm_struct *mm)
1923 + * anonymous maps. eventually we may be able to do some
1924 + * brk-specific accounting here.
1925 + */
1926 +-static int do_brk(unsigned long addr, unsigned long request)
1927 ++static int do_brk(unsigned long addr, unsigned long len)
1928 + {
1929 + struct mm_struct *mm = current->mm;
1930 + struct vm_area_struct *vma, *prev;
1931 +- unsigned long flags, len;
1932 ++ unsigned long flags;
1933 + struct rb_node **rb_link, *rb_parent;
1934 + pgoff_t pgoff = addr >> PAGE_SHIFT;
1935 + int error;
1936 +
1937 +- len = PAGE_ALIGN(request);
1938 +- if (len < request)
1939 +- return -ENOMEM;
1940 +- if (!len)
1941 +- return 0;
1942 +-
1943 + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
1944 +
1945 + error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED);
1946 +@@ -2959,12 +2953,19 @@ out:
1947 + return 0;
1948 + }
1949 +
1950 +-int vm_brk(unsigned long addr, unsigned long len)
1951 ++int vm_brk(unsigned long addr, unsigned long request)
1952 + {
1953 + struct mm_struct *mm = current->mm;
1954 ++ unsigned long len;
1955 + int ret;
1956 + bool populate;
1957 +
1958 ++ len = PAGE_ALIGN(request);
1959 ++ if (len < request)
1960 ++ return -ENOMEM;
1961 ++ if (!len)
1962 ++ return 0;
1963 ++
1964 + if (down_write_killable(&mm->mmap_sem))
1965 + return -EINTR;
1966 +
1967 +diff --git a/mm/rmap.c b/mm/rmap.c
1968 +index 94488b0362f8..a7276d8c96f3 100644
1969 +--- a/mm/rmap.c
1970 ++++ b/mm/rmap.c
1971 +@@ -1476,6 +1476,9 @@ static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
1972 + pte_t pteval;
1973 + spinlock_t *ptl;
1974 + int ret = SWAP_AGAIN;
1975 ++ unsigned long sh_address;
1976 ++ bool pmd_sharing_possible = false;
1977 ++ unsigned long spmd_start, spmd_end;
1978 + struct rmap_private *rp = arg;
1979 + enum ttu_flags flags = rp->flags;
1980 +
1981 +@@ -1491,6 +1494,32 @@ static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
1982 + goto out;
1983 + }
1984 +
1985 ++ /*
1986 ++ * Only use the range_start/end mmu notifiers if huge pmd sharing
1987 ++ * is possible. In the normal case, mmu_notifier_invalidate_page
1988 ++ * is sufficient as we only unmap a page. However, if we unshare
1989 ++ * a pmd, we will unmap a PUD_SIZE range.
1990 ++ */
1991 ++ if (PageHuge(page)) {
1992 ++ spmd_start = address;
1993 ++ spmd_end = spmd_start + vma_mmu_pagesize(vma);
1994 ++
1995 ++ /*
1996 ++ * Check if pmd sharing is possible. If possible, we could
1997 ++ * unmap a PUD_SIZE range. spmd_start/spmd_end will be
1998 ++ * modified if sharing is possible.
1999 ++ */
2000 ++ adjust_range_if_pmd_sharing_possible(vma, &spmd_start,
2001 ++ &spmd_end);
2002 ++ if (spmd_end - spmd_start != vma_mmu_pagesize(vma)) {
2003 ++ sh_address = address;
2004 ++
2005 ++ pmd_sharing_possible = true;
2006 ++ mmu_notifier_invalidate_range_start(vma->vm_mm,
2007 ++ spmd_start, spmd_end);
2008 ++ }
2009 ++ }
2010 ++
2011 + pte = page_check_address(page, mm, address, &ptl,
2012 + PageTransCompound(page));
2013 + if (!pte)
2014 +@@ -1524,6 +1553,30 @@ static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
2015 + }
2016 + }
2017 +
2018 ++ /*
2019 ++ * Call huge_pmd_unshare to potentially unshare a huge pmd. Pass
2020 ++ * sh_address as it will be modified if unsharing is successful.
2021 ++ */
2022 ++ if (PageHuge(page) && huge_pmd_unshare(mm, &sh_address, pte)) {
2023 ++ /*
2024 ++ * huge_pmd_unshare unmapped an entire PMD page. There is
2025 ++ * no way of knowing exactly which PMDs may be cached for
2026 ++ * this mm, so flush them all. spmd_start/spmd_end cover
2027 ++ * this PUD_SIZE range.
2028 ++ */
2029 ++ flush_cache_range(vma, spmd_start, spmd_end);
2030 ++ flush_tlb_range(vma, spmd_start, spmd_end);
2031 ++
2032 ++ /*
2033 ++ * The ref count of the PMD page was dropped which is part
2034 ++ * of the way map counting is done for shared PMDs. When
2035 ++ * there is no other sharing, huge_pmd_unshare returns false
2036 ++ * and we will unmap the actual page and drop map count
2037 ++ * to zero.
2038 ++ */
2039 ++ goto out_unmap;
2040 ++ }
2041 ++
2042 + /* Nuke the page table entry. */
2043 + flush_cache_page(vma, address, page_to_pfn(page));
2044 + if (should_defer_flush(mm, flags)) {
2045 +@@ -1621,6 +1674,9 @@ out_unmap:
2046 + if (ret != SWAP_FAIL && ret != SWAP_MLOCK && !(flags & TTU_MUNLOCK))
2047 + mmu_notifier_invalidate_page(mm, address);
2048 + out:
2049 ++ if (pmd_sharing_possible)
2050 ++ mmu_notifier_invalidate_range_end(vma->vm_mm,
2051 ++ spmd_start, spmd_end);
2052 + return ret;
2053 + }
2054 +
2055 +diff --git a/net/9p/protocol.c b/net/9p/protocol.c
2056 +index 16d287565987..145f80518064 100644
2057 +--- a/net/9p/protocol.c
2058 ++++ b/net/9p/protocol.c
2059 +@@ -46,10 +46,15 @@ p9pdu_writef(struct p9_fcall *pdu, int proto_version, const char *fmt, ...);
2060 + void p9stat_free(struct p9_wstat *stbuf)
2061 + {
2062 + kfree(stbuf->name);
2063 ++ stbuf->name = NULL;
2064 + kfree(stbuf->uid);
2065 ++ stbuf->uid = NULL;
2066 + kfree(stbuf->gid);
2067 ++ stbuf->gid = NULL;
2068 + kfree(stbuf->muid);
2069 ++ stbuf->muid = NULL;
2070 + kfree(stbuf->extension);
2071 ++ stbuf->extension = NULL;
2072 + }
2073 + EXPORT_SYMBOL(p9stat_free);
2074 +
2075 +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
2076 +index db3586ba1211..19b3f4fbea52 100644
2077 +--- a/net/netfilter/nf_conntrack_core.c
2078 ++++ b/net/netfilter/nf_conntrack_core.c
2079 +@@ -918,19 +918,22 @@ static unsigned int early_drop_list(struct net *net,
2080 + return drops;
2081 + }
2082 +
2083 +-static noinline int early_drop(struct net *net, unsigned int _hash)
2084 ++static noinline int early_drop(struct net *net, unsigned int hash)
2085 + {
2086 +- unsigned int i;
2087 ++ unsigned int i, bucket;
2088 +
2089 + for (i = 0; i < NF_CT_EVICTION_RANGE; i++) {
2090 + struct hlist_nulls_head *ct_hash;
2091 +- unsigned int hash, hsize, drops;
2092 ++ unsigned int hsize, drops;
2093 +
2094 + rcu_read_lock();
2095 + nf_conntrack_get_ht(&ct_hash, &hsize);
2096 +- hash = reciprocal_scale(_hash++, hsize);
2097 ++ if (!i)
2098 ++ bucket = reciprocal_scale(hash, hsize);
2099 ++ else
2100 ++ bucket = (bucket + 1) % hsize;
2101 +
2102 +- drops = early_drop_list(net, &ct_hash[hash]);
2103 ++ drops = early_drop_list(net, &ct_hash[bucket]);
2104 + rcu_read_unlock();
2105 +
2106 + if (drops) {
2107 +diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
2108 +index 7f1071e103ca..1b38fc486351 100644
2109 +--- a/net/sunrpc/xdr.c
2110 ++++ b/net/sunrpc/xdr.c
2111 +@@ -639,11 +639,10 @@ void xdr_truncate_encode(struct xdr_stream *xdr, size_t len)
2112 + WARN_ON_ONCE(xdr->iov);
2113 + return;
2114 + }
2115 +- if (fraglen) {
2116 ++ if (fraglen)
2117 + xdr->end = head->iov_base + head->iov_len;
2118 +- xdr->page_ptr--;
2119 +- }
2120 + /* (otherwise assume xdr->end is already set) */
2121 ++ xdr->page_ptr--;
2122 + head->iov_len = len;
2123 + buf->len = len;
2124 + xdr->p = head->iov_base + head->iov_len;
2125 +diff --git a/tools/testing/selftests/powerpc/tm/tm-tmspr.c b/tools/testing/selftests/powerpc/tm/tm-tmspr.c
2126 +index 2bda81c7bf23..df1d7d4b1c89 100644
2127 +--- a/tools/testing/selftests/powerpc/tm/tm-tmspr.c
2128 ++++ b/tools/testing/selftests/powerpc/tm/tm-tmspr.c
2129 +@@ -98,7 +98,7 @@ void texasr(void *in)
2130 +
2131 + int test_tmspr()
2132 + {
2133 +- pthread_t thread;
2134 ++ pthread_t *thread;
2135 + int thread_num;
2136 + unsigned long i;
2137 +
2138 +@@ -107,21 +107,28 @@ int test_tmspr()
2139 + /* To cause some context switching */
2140 + thread_num = 10 * sysconf(_SC_NPROCESSORS_ONLN);
2141 +
2142 ++ thread = malloc(thread_num * sizeof(pthread_t));
2143 ++ if (thread == NULL)
2144 ++ return EXIT_FAILURE;
2145 ++
2146 + /* Test TFIAR and TFHAR */
2147 +- for (i = 0 ; i < thread_num ; i += 2){
2148 +- if (pthread_create(&thread, NULL, (void*)tfiar_tfhar, (void *)i))
2149 ++ for (i = 0; i < thread_num; i += 2) {
2150 ++ if (pthread_create(&thread[i], NULL, (void *)tfiar_tfhar,
2151 ++ (void *)i))
2152 + return EXIT_FAILURE;
2153 + }
2154 +- if (pthread_join(thread, NULL) != 0)
2155 +- return EXIT_FAILURE;
2156 +-
2157 + /* Test TEXASR */
2158 +- for (i = 0 ; i < thread_num ; i++){
2159 +- if (pthread_create(&thread, NULL, (void*)texasr, (void *)i))
2160 ++ for (i = 1; i < thread_num; i += 2) {
2161 ++ if (pthread_create(&thread[i], NULL, (void *)texasr, (void *)i))
2162 + return EXIT_FAILURE;
2163 + }
2164 +- if (pthread_join(thread, NULL) != 0)
2165 +- return EXIT_FAILURE;
2166 ++
2167 ++ for (i = 0; i < thread_num; i++) {
2168 ++ if (pthread_join(thread[i], NULL) != 0)
2169 ++ return EXIT_FAILURE;
2170 ++ }
2171 ++
2172 ++ free(thread);
2173 +
2174 + if (passed)
2175 + return 0;
Report Message
Find on MARC Find on Google Groups