Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 05 Sep 2018 15:27:18
Message-Id: 1536161218.fdee907c217732ad73f37937c655a83b11b58792.mpagano@gentoo
1 commit: fdee907c217732ad73f37937c655a83b11b58792
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Sep 5 15:26:58 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Sep 5 15:26:58 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=fdee907c
7
8 Linux patch 4.9.125
9
10 0000_README | 4 +
11 1124_linux-4.9.125.patch | 3239 ++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 3243 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index a65a30e..98d9f5d 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -539,6 +539,10 @@ Patch: 1123_linux-4.9.124.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.9.124
21
22 +Patch: 1124_linux-4.9.125.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.9.125
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1124_linux-4.9.125.patch b/1124_linux-4.9.125.patch
31 new file mode 100644
32 index 0000000..d758815
33 --- /dev/null
34 +++ b/1124_linux-4.9.125.patch
35 @@ -0,0 +1,3239 @@
36 +diff --git a/Makefile b/Makefile
37 +index 53d57acfc17e..aef09ca7a924 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,6 +1,6 @@
41 + VERSION = 4
42 + PATCHLEVEL = 9
43 +-SUBLEVEL = 124
44 ++SUBLEVEL = 125
45 + EXTRAVERSION =
46 + NAME = Roaring Lionus
47 +
48 +diff --git a/arch/arc/include/asm/delay.h b/arch/arc/include/asm/delay.h
49 +index d5da2115d78a..03d6bb0f4e13 100644
50 +--- a/arch/arc/include/asm/delay.h
51 ++++ b/arch/arc/include/asm/delay.h
52 +@@ -17,8 +17,11 @@
53 + #ifndef __ASM_ARC_UDELAY_H
54 + #define __ASM_ARC_UDELAY_H
55 +
56 ++#include <asm-generic/types.h>
57 + #include <asm/param.h> /* HZ */
58 +
59 ++extern unsigned long loops_per_jiffy;
60 ++
61 + static inline void __delay(unsigned long loops)
62 + {
63 + __asm__ __volatile__(
64 +diff --git a/arch/arc/mm/cache.c b/arch/arc/mm/cache.c
65 +index bbdfeb31dee6..fefe357c3d31 100644
66 +--- a/arch/arc/mm/cache.c
67 ++++ b/arch/arc/mm/cache.c
68 +@@ -840,7 +840,7 @@ void flush_cache_mm(struct mm_struct *mm)
69 + void flush_cache_page(struct vm_area_struct *vma, unsigned long u_vaddr,
70 + unsigned long pfn)
71 + {
72 +- unsigned int paddr = pfn << PAGE_SHIFT;
73 ++ phys_addr_t paddr = pfn << PAGE_SHIFT;
74 +
75 + u_vaddr &= PAGE_MASK;
76 +
77 +@@ -860,8 +860,9 @@ void flush_anon_page(struct vm_area_struct *vma, struct page *page,
78 + unsigned long u_vaddr)
79 + {
80 + /* TBD: do we really need to clear the kernel mapping */
81 +- __flush_dcache_page(page_address(page), u_vaddr);
82 +- __flush_dcache_page(page_address(page), page_address(page));
83 ++ __flush_dcache_page((phys_addr_t)page_address(page), u_vaddr);
84 ++ __flush_dcache_page((phys_addr_t)page_address(page),
85 ++ (phys_addr_t)page_address(page));
86 +
87 + }
88 +
89 +diff --git a/arch/arc/plat-eznps/include/plat/ctop.h b/arch/arc/plat-eznps/include/plat/ctop.h
90 +index 9d6718c1a199..3c401ce0351e 100644
91 +--- a/arch/arc/plat-eznps/include/plat/ctop.h
92 ++++ b/arch/arc/plat-eznps/include/plat/ctop.h
93 +@@ -21,6 +21,7 @@
94 + #error "Incorrect ctop.h include"
95 + #endif
96 +
97 ++#include <linux/types.h>
98 + #include <soc/nps/common.h>
99 +
100 + /* core auxiliary registers */
101 +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
102 +index 7f868d9bb5ed..b3d268a79f05 100644
103 +--- a/arch/arm/kvm/mmu.c
104 ++++ b/arch/arm/kvm/mmu.c
105 +@@ -894,19 +894,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache
106 + pmd = stage2_get_pmd(kvm, cache, addr);
107 + VM_BUG_ON(!pmd);
108 +
109 +- /*
110 +- * Mapping in huge pages should only happen through a fault. If a
111 +- * page is merged into a transparent huge page, the individual
112 +- * subpages of that huge page should be unmapped through MMU
113 +- * notifiers before we get here.
114 +- *
115 +- * Merging of CompoundPages is not supported; they should become
116 +- * splitting first, unmapped, merged, and mapped back in on-demand.
117 +- */
118 +- VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd));
119 +-
120 + old_pmd = *pmd;
121 + if (pmd_present(old_pmd)) {
122 ++ /*
123 ++ * Multiple vcpus faulting on the same PMD entry, can
124 ++ * lead to them sequentially updating the PMD with the
125 ++ * same value. Following the break-before-make
126 ++ * (pmd_clear() followed by tlb_flush()) process can
127 ++ * hinder forward progress due to refaults generated
128 ++ * on missing translations.
129 ++ *
130 ++ * Skip updating the page table if the entry is
131 ++ * unchanged.
132 ++ */
133 ++ if (pmd_val(old_pmd) == pmd_val(*new_pmd))
134 ++ return 0;
135 ++
136 ++ /*
137 ++ * Mapping in huge pages should only happen through a
138 ++ * fault. If a page is merged into a transparent huge
139 ++ * page, the individual subpages of that huge page
140 ++ * should be unmapped through MMU notifiers before we
141 ++ * get here.
142 ++ *
143 ++ * Merging of CompoundPages is not supported; they
144 ++ * should become splitting first, unmapped, merged,
145 ++ * and mapped back in on-demand.
146 ++ */
147 ++ VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd));
148 ++
149 + pmd_clear(pmd);
150 + kvm_tlb_flush_vmid_ipa(kvm, addr);
151 + } else {
152 +@@ -962,6 +978,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache,
153 + /* Create 2nd stage page table mapping - Level 3 */
154 + old_pte = *pte;
155 + if (pte_present(old_pte)) {
156 ++ /* Skip page table update if there is no change */
157 ++ if (pte_val(old_pte) == pte_val(*new_pte))
158 ++ return 0;
159 ++
160 + kvm_set_pte(pte, __pte(0));
161 + kvm_tlb_flush_vmid_ipa(kvm, addr);
162 + } else {
163 +diff --git a/arch/arm64/kernel/probes/kprobes.c b/arch/arm64/kernel/probes/kprobes.c
164 +index f5077ea7af6d..30bcae0aef2a 100644
165 +--- a/arch/arm64/kernel/probes/kprobes.c
166 ++++ b/arch/arm64/kernel/probes/kprobes.c
167 +@@ -274,7 +274,7 @@ static int __kprobes reenter_kprobe(struct kprobe *p,
168 + break;
169 + case KPROBE_HIT_SS:
170 + case KPROBE_REENTER:
171 +- pr_warn("Unrecoverable kprobe detected at %p.\n", p->addr);
172 ++ pr_warn("Unrecoverable kprobe detected.\n");
173 + dump_kprobe(p);
174 + BUG();
175 + break;
176 +diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
177 +index 9d07b421f090..fa6b2fad7a3d 100644
178 +--- a/arch/arm64/mm/init.c
179 ++++ b/arch/arm64/mm/init.c
180 +@@ -147,7 +147,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max)
181 + #ifdef CONFIG_HAVE_ARCH_PFN_VALID
182 + int pfn_valid(unsigned long pfn)
183 + {
184 +- return memblock_is_map_memory(pfn << PAGE_SHIFT);
185 ++ phys_addr_t addr = pfn << PAGE_SHIFT;
186 ++
187 ++ if ((addr >> PAGE_SHIFT) != pfn)
188 ++ return 0;
189 ++ return memblock_is_map_memory(addr);
190 + }
191 + EXPORT_SYMBOL(pfn_valid);
192 + #endif
193 +diff --git a/arch/mips/bcm47xx/setup.c b/arch/mips/bcm47xx/setup.c
194 +index 8c9cbf13d32a..6054d49e608e 100644
195 +--- a/arch/mips/bcm47xx/setup.c
196 ++++ b/arch/mips/bcm47xx/setup.c
197 +@@ -212,12 +212,6 @@ static int __init bcm47xx_cpu_fixes(void)
198 + */
199 + if (bcm47xx_bus.bcma.bus.chipinfo.id == BCMA_CHIP_ID_BCM4706)
200 + cpu_wait = NULL;
201 +-
202 +- /*
203 +- * BCM47XX Erratum "R10: PCIe Transactions Periodically Fail"
204 +- * Enable ExternalSync for sync instruction to take effect
205 +- */
206 +- set_c0_config7(MIPS_CONF7_ES);
207 + break;
208 + #endif
209 + }
210 +diff --git a/arch/mips/include/asm/mipsregs.h b/arch/mips/include/asm/mipsregs.h
211 +index 22a6782f84f5..df78b2ca70eb 100644
212 +--- a/arch/mips/include/asm/mipsregs.h
213 ++++ b/arch/mips/include/asm/mipsregs.h
214 +@@ -663,8 +663,6 @@
215 + #define MIPS_CONF7_WII (_ULCAST_(1) << 31)
216 +
217 + #define MIPS_CONF7_RPS (_ULCAST_(1) << 2)
218 +-/* ExternalSync */
219 +-#define MIPS_CONF7_ES (_ULCAST_(1) << 8)
220 +
221 + #define MIPS_CONF7_IAR (_ULCAST_(1) << 10)
222 + #define MIPS_CONF7_AR (_ULCAST_(1) << 16)
223 +@@ -2643,7 +2641,6 @@ __BUILD_SET_C0(status)
224 + __BUILD_SET_C0(cause)
225 + __BUILD_SET_C0(config)
226 + __BUILD_SET_C0(config5)
227 +-__BUILD_SET_C0(config7)
228 + __BUILD_SET_C0(intcontrol)
229 + __BUILD_SET_C0(intctl)
230 + __BUILD_SET_C0(srsmap)
231 +diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h
232 +index 0d36c87acbe2..ad6f019ff776 100644
233 +--- a/arch/mips/include/asm/processor.h
234 ++++ b/arch/mips/include/asm/processor.h
235 +@@ -141,7 +141,7 @@ struct mips_fpu_struct {
236 +
237 + #define NUM_DSP_REGS 6
238 +
239 +-typedef __u32 dspreg_t;
240 ++typedef unsigned long dspreg_t;
241 +
242 + struct mips_dsp_state {
243 + dspreg_t dspr[NUM_DSP_REGS];
244 +diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
245 +index 4f64913b4b4c..b702ba3a0df3 100644
246 +--- a/arch/mips/kernel/ptrace.c
247 ++++ b/arch/mips/kernel/ptrace.c
248 +@@ -876,7 +876,7 @@ long arch_ptrace(struct task_struct *child, long request,
249 + goto out;
250 + }
251 + dregs = __get_dsp_regs(child);
252 +- tmp = (unsigned long) (dregs[addr - DSP_BASE]);
253 ++ tmp = dregs[addr - DSP_BASE];
254 + break;
255 + }
256 + case DSP_CONTROL:
257 +diff --git a/arch/mips/kernel/ptrace32.c b/arch/mips/kernel/ptrace32.c
258 +index b1e945738138..4840af169683 100644
259 +--- a/arch/mips/kernel/ptrace32.c
260 ++++ b/arch/mips/kernel/ptrace32.c
261 +@@ -140,7 +140,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
262 + goto out;
263 + }
264 + dregs = __get_dsp_regs(child);
265 +- tmp = (unsigned long) (dregs[addr - DSP_BASE]);
266 ++ tmp = dregs[addr - DSP_BASE];
267 + break;
268 + }
269 + case DSP_CONTROL:
270 +diff --git a/arch/mips/lib/multi3.c b/arch/mips/lib/multi3.c
271 +index 111ad475aa0c..4c2483f410c2 100644
272 +--- a/arch/mips/lib/multi3.c
273 ++++ b/arch/mips/lib/multi3.c
274 +@@ -4,12 +4,12 @@
275 + #include "libgcc.h"
276 +
277 + /*
278 +- * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that
279 +- * specific case only we'll implement it here.
280 ++ * GCC 7 & older can suboptimally generate __multi3 calls for mips64r6, so for
281 ++ * that specific case only we implement that intrinsic here.
282 + *
283 + * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981
284 + */
285 +-#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7)
286 ++#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ < 8)
287 +
288 + /* multiply 64-bit values, low 64-bits returned */
289 + static inline long long notrace dmulu(long long a, long long b)
290 +diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c
291 +index c0e817f35e69..bdbbc320b006 100644
292 +--- a/arch/powerpc/net/bpf_jit_comp64.c
293 ++++ b/arch/powerpc/net/bpf_jit_comp64.c
294 +@@ -326,6 +326,7 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
295 + u64 imm64;
296 + u8 *func;
297 + u32 true_cond;
298 ++ u32 tmp_idx;
299 +
300 + /*
301 + * addrs[] maps a BPF bytecode address into a real offset from
302 +@@ -685,11 +686,7 @@ emit_clear:
303 + case BPF_STX | BPF_XADD | BPF_W:
304 + /* Get EA into TMP_REG_1 */
305 + PPC_ADDI(b2p[TMP_REG_1], dst_reg, off);
306 +- /* error if EA is not word-aligned */
307 +- PPC_ANDI(b2p[TMP_REG_2], b2p[TMP_REG_1], 0x03);
308 +- PPC_BCC_SHORT(COND_EQ, (ctx->idx * 4) + 12);
309 +- PPC_LI(b2p[BPF_REG_0], 0);
310 +- PPC_JMP(exit_addr);
311 ++ tmp_idx = ctx->idx * 4;
312 + /* load value from memory into TMP_REG_2 */
313 + PPC_BPF_LWARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
314 + /* add value from src_reg into this */
315 +@@ -697,32 +694,16 @@ emit_clear:
316 + /* store result back */
317 + PPC_BPF_STWCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
318 + /* we're done if this succeeded */
319 +- PPC_BCC_SHORT(COND_EQ, (ctx->idx * 4) + (7*4));
320 +- /* otherwise, let's try once more */
321 +- PPC_BPF_LWARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
322 +- PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
323 +- PPC_BPF_STWCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
324 +- /* exit if the store was not successful */
325 +- PPC_LI(b2p[BPF_REG_0], 0);
326 +- PPC_BCC(COND_NE, exit_addr);
327 ++ PPC_BCC_SHORT(COND_NE, tmp_idx);
328 + break;
329 + /* *(u64 *)(dst + off) += src */
330 + case BPF_STX | BPF_XADD | BPF_DW:
331 + PPC_ADDI(b2p[TMP_REG_1], dst_reg, off);
332 +- /* error if EA is not doubleword-aligned */
333 +- PPC_ANDI(b2p[TMP_REG_2], b2p[TMP_REG_1], 0x07);
334 +- PPC_BCC_SHORT(COND_EQ, (ctx->idx * 4) + (3*4));
335 +- PPC_LI(b2p[BPF_REG_0], 0);
336 +- PPC_JMP(exit_addr);
337 +- PPC_BPF_LDARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
338 +- PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
339 +- PPC_BPF_STDCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
340 +- PPC_BCC_SHORT(COND_EQ, (ctx->idx * 4) + (7*4));
341 ++ tmp_idx = ctx->idx * 4;
342 + PPC_BPF_LDARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
343 + PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
344 + PPC_BPF_STDCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
345 +- PPC_LI(b2p[BPF_REG_0], 0);
346 +- PPC_BCC(COND_NE, exit_addr);
347 ++ PPC_BCC_SHORT(COND_NE, tmp_idx);
348 + break;
349 +
350 + /*
351 +diff --git a/arch/s390/include/asm/qdio.h b/arch/s390/include/asm/qdio.h
352 +index 998b61cd0e56..4b39ba700d32 100644
353 +--- a/arch/s390/include/asm/qdio.h
354 ++++ b/arch/s390/include/asm/qdio.h
355 +@@ -261,7 +261,6 @@ struct qdio_outbuf_state {
356 + void *user;
357 + };
358 +
359 +-#define QDIO_OUTBUF_STATE_FLAG_NONE 0x00
360 + #define QDIO_OUTBUF_STATE_FLAG_PENDING 0x01
361 +
362 + #define CHSC_AC1_INITIATE_INPUTQ 0x80
363 +diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
364 +index 661d9fe63c43..ba2f21873cbd 100644
365 +--- a/arch/s390/mm/fault.c
366 ++++ b/arch/s390/mm/fault.c
367 +@@ -462,6 +462,8 @@ retry:
368 + /* No reason to continue if interrupted by SIGKILL. */
369 + if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) {
370 + fault = VM_FAULT_SIGNAL;
371 ++ if (flags & FAULT_FLAG_RETRY_NOWAIT)
372 ++ goto out_up;
373 + goto out;
374 + }
375 + if (unlikely(fault & VM_FAULT_ERROR))
376 +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
377 +index 949a871e9506..8bd25aebf488 100644
378 +--- a/arch/s390/net/bpf_jit_comp.c
379 ++++ b/arch/s390/net/bpf_jit_comp.c
380 +@@ -517,8 +517,6 @@ static void bpf_jit_epilogue(struct bpf_jit *jit)
381 + /* br %r1 */
382 + _EMIT2(0x07f1);
383 + } else {
384 +- /* larl %r1,.+14 */
385 +- EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
386 + /* ex 0,S390_lowcore.br_r1_tampoline */
387 + EMIT4_DISP(0x44000000, REG_0, REG_0,
388 + offsetof(struct lowcore, br_r1_trampoline));
389 +diff --git a/arch/s390/numa/numa.c b/arch/s390/numa/numa.c
390 +index f576f1073378..0dac2640c3a7 100644
391 +--- a/arch/s390/numa/numa.c
392 ++++ b/arch/s390/numa/numa.c
393 +@@ -133,26 +133,14 @@ void __init numa_setup(void)
394 + {
395 + pr_info("NUMA mode: %s\n", mode->name);
396 + nodes_clear(node_possible_map);
397 ++ /* Initially attach all possible CPUs to node 0. */
398 ++ cpumask_copy(&node_to_cpumask_map[0], cpu_possible_mask);
399 + if (mode->setup)
400 + mode->setup();
401 + numa_setup_memory();
402 + memblock_dump_all();
403 + }
404 +
405 +-/*
406 +- * numa_init_early() - Initialization initcall
407 +- *
408 +- * This runs when only one CPU is online and before the first
409 +- * topology update is called for by the scheduler.
410 +- */
411 +-static int __init numa_init_early(void)
412 +-{
413 +- /* Attach all possible CPUs to node 0 for now. */
414 +- cpumask_copy(&node_to_cpumask_map[0], cpu_possible_mask);
415 +- return 0;
416 +-}
417 +-early_initcall(numa_init_early);
418 +-
419 + /*
420 + * numa_init_late() - Initialization initcall
421 + *
422 +diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
423 +index 03a1d5976ff5..87574110394d 100644
424 +--- a/arch/s390/pci/pci.c
425 ++++ b/arch/s390/pci/pci.c
426 +@@ -407,6 +407,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
427 + hwirq = 0;
428 + for_each_pci_msi_entry(msi, pdev) {
429 + rc = -EIO;
430 ++ if (hwirq >= msi_vecs)
431 ++ break;
432 + irq = irq_alloc_desc(0); /* Alloc irq on node 0 */
433 + if (irq < 0)
434 + goto out_msi;
435 +diff --git a/arch/sparc/kernel/pcic.c b/arch/sparc/kernel/pcic.c
436 +index 24384e1dc33d..a7aeb036b070 100644
437 +--- a/arch/sparc/kernel/pcic.c
438 ++++ b/arch/sparc/kernel/pcic.c
439 +@@ -602,7 +602,7 @@ void pcibios_fixup_bus(struct pci_bus *bus)
440 + {
441 + struct pci_dev *dev;
442 + int i, has_io, has_mem;
443 +- unsigned int cmd;
444 ++ unsigned int cmd = 0;
445 + struct linux_pcic *pcic;
446 + /* struct linux_pbm_info* pbm = &pcic->pbm; */
447 + int node;
448 +diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
449 +index 4669b3a931ed..cda8e14bd72a 100644
450 +--- a/arch/x86/boot/compressed/Makefile
451 ++++ b/arch/x86/boot/compressed/Makefile
452 +@@ -101,9 +101,13 @@ define cmd_check_data_rel
453 + done
454 + endef
455 +
456 ++# We need to run two commands under "if_changed", so merge them into a
457 ++# single invocation.
458 ++quiet_cmd_check-and-link-vmlinux = LD $@
459 ++ cmd_check-and-link-vmlinux = $(cmd_check_data_rel); $(cmd_ld)
460 ++
461 + $(obj)/vmlinux: $(vmlinux-objs-y) FORCE
462 +- $(call if_changed,check_data_rel)
463 +- $(call if_changed,ld)
464 ++ $(call if_changed,check-and-link-vmlinux)
465 +
466 + OBJCOPYFLAGS_vmlinux.bin := -R .comment -S
467 + $(obj)/vmlinux.bin: vmlinux FORCE
468 +diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c
469 +index b26ee32f73e8..fd4484ae3ffc 100644
470 +--- a/arch/x86/events/amd/ibs.c
471 ++++ b/arch/x86/events/amd/ibs.c
472 +@@ -578,7 +578,7 @@ static int perf_ibs_handle_irq(struct perf_ibs *perf_ibs, struct pt_regs *iregs)
473 + {
474 + struct cpu_perf_ibs *pcpu = this_cpu_ptr(perf_ibs->pcpu);
475 + struct perf_event *event = pcpu->event;
476 +- struct hw_perf_event *hwc = &event->hw;
477 ++ struct hw_perf_event *hwc;
478 + struct perf_sample_data data;
479 + struct perf_raw_record raw;
480 + struct pt_regs regs;
481 +@@ -601,6 +601,10 @@ fail:
482 + return 0;
483 + }
484 +
485 ++ if (WARN_ON_ONCE(!event))
486 ++ goto fail;
487 ++
488 ++ hwc = &event->hw;
489 + msr = hwc->config_base;
490 + buf = ibs_data.regs;
491 + rdmsrl(msr, *buf);
492 +diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
493 +index 5b1177f5a963..508a062e6cf1 100644
494 +--- a/arch/x86/include/asm/irqflags.h
495 ++++ b/arch/x86/include/asm/irqflags.h
496 +@@ -32,7 +32,8 @@ extern inline unsigned long native_save_fl(void)
497 + return flags;
498 + }
499 +
500 +-static inline void native_restore_fl(unsigned long flags)
501 ++extern inline void native_restore_fl(unsigned long flags);
502 ++extern inline void native_restore_fl(unsigned long flags)
503 + {
504 + asm volatile("push %0 ; popf"
505 + : /* no output */
506 +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
507 +index d5525a7e119e..ee8c6290c421 100644
508 +--- a/arch/x86/include/asm/processor.h
509 ++++ b/arch/x86/include/asm/processor.h
510 +@@ -136,6 +136,8 @@ struct cpuinfo_x86 {
511 + /* Index into per_cpu list: */
512 + u16 cpu_index;
513 + u32 microcode;
514 ++ /* Address space bits used by the cache internally */
515 ++ u8 x86_cache_bits;
516 + };
517 +
518 + #define X86_VENDOR_INTEL 0
519 +@@ -173,9 +175,9 @@ extern const struct seq_operations cpuinfo_op;
520 +
521 + extern void cpu_detect(struct cpuinfo_x86 *c);
522 +
523 +-static inline unsigned long l1tf_pfn_limit(void)
524 ++static inline unsigned long long l1tf_pfn_limit(void)
525 + {
526 +- return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
527 ++ return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT);
528 + }
529 +
530 + extern void early_cpu_init(void);
531 +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
532 +index ac67a76550bd..8103adacbc83 100644
533 +--- a/arch/x86/kernel/cpu/bugs.c
534 ++++ b/arch/x86/kernel/cpu/bugs.c
535 +@@ -651,6 +651,45 @@ EXPORT_SYMBOL_GPL(l1tf_mitigation);
536 + enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
537 + EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation);
538 +
539 ++/*
540 ++ * These CPUs all support 44bits physical address space internally in the
541 ++ * cache but CPUID can report a smaller number of physical address bits.
542 ++ *
543 ++ * The L1TF mitigation uses the top most address bit for the inversion of
544 ++ * non present PTEs. When the installed memory reaches into the top most
545 ++ * address bit due to memory holes, which has been observed on machines
546 ++ * which report 36bits physical address bits and have 32G RAM installed,
547 ++ * then the mitigation range check in l1tf_select_mitigation() triggers.
548 ++ * This is a false positive because the mitigation is still possible due to
549 ++ * the fact that the cache uses 44bit internally. Use the cache bits
550 ++ * instead of the reported physical bits and adjust them on the affected
551 ++ * machines to 44bit if the reported bits are less than 44.
552 ++ */
553 ++static void override_cache_bits(struct cpuinfo_x86 *c)
554 ++{
555 ++ if (c->x86 != 6)
556 ++ return;
557 ++
558 ++ switch (c->x86_model) {
559 ++ case INTEL_FAM6_NEHALEM:
560 ++ case INTEL_FAM6_WESTMERE:
561 ++ case INTEL_FAM6_SANDYBRIDGE:
562 ++ case INTEL_FAM6_IVYBRIDGE:
563 ++ case INTEL_FAM6_HASWELL_CORE:
564 ++ case INTEL_FAM6_HASWELL_ULT:
565 ++ case INTEL_FAM6_HASWELL_GT3E:
566 ++ case INTEL_FAM6_BROADWELL_CORE:
567 ++ case INTEL_FAM6_BROADWELL_GT3E:
568 ++ case INTEL_FAM6_SKYLAKE_MOBILE:
569 ++ case INTEL_FAM6_SKYLAKE_DESKTOP:
570 ++ case INTEL_FAM6_KABYLAKE_MOBILE:
571 ++ case INTEL_FAM6_KABYLAKE_DESKTOP:
572 ++ if (c->x86_cache_bits < 44)
573 ++ c->x86_cache_bits = 44;
574 ++ break;
575 ++ }
576 ++}
577 ++
578 + static void __init l1tf_select_mitigation(void)
579 + {
580 + u64 half_pa;
581 +@@ -658,6 +697,8 @@ static void __init l1tf_select_mitigation(void)
582 + if (!boot_cpu_has_bug(X86_BUG_L1TF))
583 + return;
584 +
585 ++ override_cache_bits(&boot_cpu_data);
586 ++
587 + switch (l1tf_mitigation) {
588 + case L1TF_MITIGATION_OFF:
589 + case L1TF_MITIGATION_FLUSH_NOWARN:
590 +@@ -677,14 +718,13 @@ static void __init l1tf_select_mitigation(void)
591 + return;
592 + #endif
593 +
594 +- /*
595 +- * This is extremely unlikely to happen because almost all
596 +- * systems have far more MAX_PA/2 than RAM can be fit into
597 +- * DIMM slots.
598 +- */
599 + half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT;
600 + if (e820_any_mapped(half_pa, ULLONG_MAX - half_pa, E820_RAM)) {
601 + pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n");
602 ++ pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n",
603 ++ half_pa);
604 ++ pr_info("However, doing so will make a part of your RAM unusable.\n");
605 ++ pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html might help you decide.\n");
606 + return;
607 + }
608 +
609 +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
610 +index 13471b71bec7..dc0850bb74be 100644
611 +--- a/arch/x86/kernel/cpu/common.c
612 ++++ b/arch/x86/kernel/cpu/common.c
613 +@@ -882,6 +882,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
614 + }
615 + }
616 + #endif
617 ++ c->x86_cache_bits = c->x86_phys_bits;
618 + }
619 +
620 + static const __initconst struct x86_cpu_id cpu_no_speculation[] = {
621 +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
622 +index 9ad86c4bf360..cee0fec0d232 100644
623 +--- a/arch/x86/kernel/cpu/intel.c
624 ++++ b/arch/x86/kernel/cpu/intel.c
625 +@@ -109,6 +109,9 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c)
626 + if (cpu_has(c, X86_FEATURE_HYPERVISOR))
627 + return false;
628 +
629 ++ if (c->x86 != 6)
630 ++ return false;
631 ++
632 + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) {
633 + if (c->x86_model == spectre_bad_microcodes[i].model &&
634 + c->x86_stepping == spectre_bad_microcodes[i].stepping)
635 +diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
636 +index 85f854b98a9d..3576ece9ef88 100644
637 +--- a/arch/x86/kernel/dumpstack.c
638 ++++ b/arch/x86/kernel/dumpstack.c
639 +@@ -15,6 +15,7 @@
640 + #include <linux/bug.h>
641 + #include <linux/nmi.h>
642 + #include <linux/sysfs.h>
643 ++#include <linux/kasan.h>
644 +
645 + #include <asm/stacktrace.h>
646 + #include <asm/unwind.h>
647 +@@ -229,7 +230,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
648 + * We're not going to return, but we might be on an IST stack or
649 + * have very little stack space left. Rewind the stack and kill
650 + * the task.
651 ++ * Before we rewind the stack, we have to tell KASAN that we're going to
652 ++ * reuse the task stack and that existing poisons are invalid.
653 + */
654 ++ kasan_unpoison_task_stack(current);
655 + rewind_stack_do_exit(signr);
656 + }
657 + NOKPROBE_SYMBOL(oops_end);
658 +diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
659 +index dffe81d3c261..a2661814bde0 100644
660 +--- a/arch/x86/kernel/process_64.c
661 ++++ b/arch/x86/kernel/process_64.c
662 +@@ -360,6 +360,7 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
663 + start_thread_common(regs, new_ip, new_sp,
664 + __USER_CS, __USER_DS, 0);
665 + }
666 ++EXPORT_SYMBOL_GPL(start_thread);
667 +
668 + #ifdef CONFIG_COMPAT
669 + void compat_start_thread(struct pt_regs *regs, u32 new_ip, u32 new_sp)
670 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
671 +index c855080c7a71..5f44d63a9d69 100644
672 +--- a/arch/x86/kvm/svm.c
673 ++++ b/arch/x86/kvm/svm.c
674 +@@ -4973,8 +4973,6 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
675 +
676 + clgi();
677 +
678 +- local_irq_enable();
679 +-
680 + /*
681 + * If this vCPU has touched SPEC_CTRL, restore the guest's value if
682 + * it's non-zero. Since vmentry is serialising on affected CPUs, there
683 +@@ -4983,6 +4981,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
684 + */
685 + x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
686 +
687 ++ local_irq_enable();
688 ++
689 + asm volatile (
690 + "push %%" _ASM_BP "; \n\t"
691 + "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t"
692 +@@ -5105,12 +5105,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
693 + if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
694 + svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
695 +
696 +- x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
697 +-
698 + reload_tss(vcpu);
699 +
700 + local_irq_disable();
701 +
702 ++ x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
703 ++
704 + vcpu->arch.cr2 = svm->vmcb->save.cr2;
705 + vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
706 + vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
707 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
708 +index 12826607a995..8e4ac0a91309 100644
709 +--- a/arch/x86/kvm/vmx.c
710 ++++ b/arch/x86/kvm/vmx.c
711 +@@ -8670,9 +8670,6 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
712 + * information but as all relevant affected CPUs have 32KiB L1D cache size
713 + * there is no point in doing so.
714 + */
715 +-#define L1D_CACHE_ORDER 4
716 +-static void *vmx_l1d_flush_pages;
717 +-
718 + static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
719 + {
720 + int size = PAGE_SIZE << L1D_CACHE_ORDER;
721 +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
722 +index 5d35b555115a..90801a8f19c9 100644
723 +--- a/arch/x86/mm/init.c
724 ++++ b/arch/x86/mm/init.c
725 +@@ -792,7 +792,7 @@ unsigned long max_swapfile_size(void)
726 +
727 + if (boot_cpu_has_bug(X86_BUG_L1TF)) {
728 + /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
729 +- unsigned long l1tf_limit = l1tf_pfn_limit() + 1;
730 ++ unsigned long long l1tf_limit = l1tf_pfn_limit();
731 + /*
732 + * We encode swap offsets also with 3 bits below those for pfn
733 + * which makes the usable limit higher.
734 +@@ -800,7 +800,7 @@ unsigned long max_swapfile_size(void)
735 + #if CONFIG_PGTABLE_LEVELS > 2
736 + l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT;
737 + #endif
738 +- pages = min_t(unsigned long, l1tf_limit, pages);
739 ++ pages = min_t(unsigned long long, l1tf_limit, pages);
740 + }
741 + return pages;
742 + }
743 +diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
744 +index 5aad869fa205..74609a957c49 100644
745 +--- a/arch/x86/mm/mmap.c
746 ++++ b/arch/x86/mm/mmap.c
747 +@@ -138,7 +138,7 @@ bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot)
748 + /* If it's real memory always allow */
749 + if (pfn_valid(pfn))
750 + return true;
751 +- if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
752 ++ if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
753 + return false;
754 + return true;
755 + }
756 +diff --git a/drivers/base/power/clock_ops.c b/drivers/base/power/clock_ops.c
757 +index 8e2e4757adcb..5a42ae4078c2 100644
758 +--- a/drivers/base/power/clock_ops.c
759 ++++ b/drivers/base/power/clock_ops.c
760 +@@ -185,7 +185,7 @@ EXPORT_SYMBOL_GPL(of_pm_clk_add_clk);
761 + int of_pm_clk_add_clks(struct device *dev)
762 + {
763 + struct clk **clks;
764 +- unsigned int i, count;
765 ++ int i, count;
766 + int ret;
767 +
768 + if (!dev || !dev->of_node)
769 +diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
770 +index 07b77fb102a1..987e8f503522 100644
771 +--- a/drivers/cdrom/cdrom.c
772 ++++ b/drivers/cdrom/cdrom.c
773 +@@ -2536,7 +2536,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi,
774 + if (!CDROM_CAN(CDC_SELECT_DISC) ||
775 + (arg == CDSL_CURRENT || arg == CDSL_NONE))
776 + return cdi->ops->drive_status(cdi, CDSL_CURRENT);
777 +- if (((int)arg >= cdi->capacity))
778 ++ if (arg >= cdi->capacity)
779 + return -EINVAL;
780 + return cdrom_slot_status(cdi, arg);
781 + }
782 +diff --git a/drivers/clk/rockchip/clk-rk3399.c b/drivers/clk/rockchip/clk-rk3399.c
783 +index 8387c7a40bda..05671c03efe2 100644
784 +--- a/drivers/clk/rockchip/clk-rk3399.c
785 ++++ b/drivers/clk/rockchip/clk-rk3399.c
786 +@@ -629,7 +629,7 @@ static struct rockchip_clk_branch rk3399_clk_branches[] __initdata = {
787 + MUX(0, "clk_i2sout_src", mux_i2sch_p, CLK_SET_RATE_PARENT,
788 + RK3399_CLKSEL_CON(31), 0, 2, MFLAGS),
789 + COMPOSITE_NODIV(SCLK_I2S_8CH_OUT, "clk_i2sout", mux_i2sout_p, CLK_SET_RATE_PARENT,
790 +- RK3399_CLKSEL_CON(30), 8, 2, MFLAGS,
791 ++ RK3399_CLKSEL_CON(31), 2, 1, MFLAGS,
792 + RK3399_CLKGATE_CON(8), 12, GFLAGS),
793 +
794 + /* uart */
795 +diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
796 +index a68f94daf9b6..32ab5c32834b 100644
797 +--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
798 ++++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
799 +@@ -424,6 +424,18 @@ static void adv7511_hpd_work(struct work_struct *work)
800 + else
801 + status = connector_status_disconnected;
802 +
803 ++ /*
804 ++ * The bridge resets its registers on unplug. So when we get a plug
805 ++ * event and we're already supposed to be powered, cycle the bridge to
806 ++ * restore its state.
807 ++ */
808 ++ if (status == connector_status_connected &&
809 ++ adv7511->connector.status == connector_status_disconnected &&
810 ++ adv7511->powered) {
811 ++ regcache_mark_dirty(adv7511->regmap);
812 ++ adv7511_power_on(adv7511);
813 ++ }
814 ++
815 + if (adv7511->connector.status != status) {
816 + adv7511->connector.status = status;
817 + drm_kms_helper_hotplug_event(adv7511->connector.dev);
818 +diff --git a/drivers/gpu/drm/imx/imx-ldb.c b/drivers/gpu/drm/imx/imx-ldb.c
819 +index 3ce391c239b0..67881e5517fb 100644
820 +--- a/drivers/gpu/drm/imx/imx-ldb.c
821 ++++ b/drivers/gpu/drm/imx/imx-ldb.c
822 +@@ -634,6 +634,9 @@ static int imx_ldb_bind(struct device *dev, struct device *master, void *data)
823 + return PTR_ERR(imx_ldb->regmap);
824 + }
825 +
826 ++ /* disable LDB by resetting the control register to POR default */
827 ++ regmap_write(imx_ldb->regmap, IOMUXC_GPR2, 0);
828 ++
829 + imx_ldb->dev = dev;
830 +
831 + if (of_id)
832 +@@ -675,14 +678,14 @@ static int imx_ldb_bind(struct device *dev, struct device *master, void *data)
833 + if (ret || i < 0 || i > 1)
834 + return -EINVAL;
835 +
836 ++ if (!of_device_is_available(child))
837 ++ continue;
838 ++
839 + if (dual && i > 0) {
840 + dev_warn(dev, "dual-channel mode, ignoring second output\n");
841 + continue;
842 + }
843 +
844 +- if (!of_device_is_available(child))
845 +- continue;
846 +-
847 + channel = &imx_ldb->channel[i];
848 + channel->ldb = imx_ldb;
849 + channel->chno = i;
850 +diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
851 +index 39d0fdcb17d2..6a7994a79f55 100644
852 +--- a/drivers/gpu/drm/udl/udl_fb.c
853 ++++ b/drivers/gpu/drm/udl/udl_fb.c
854 +@@ -217,7 +217,7 @@ static int udl_fb_open(struct fb_info *info, int user)
855 +
856 + struct fb_deferred_io *fbdefio;
857 +
858 +- fbdefio = kmalloc(sizeof(struct fb_deferred_io), GFP_KERNEL);
859 ++ fbdefio = kzalloc(sizeof(struct fb_deferred_io), GFP_KERNEL);
860 +
861 + if (fbdefio) {
862 + fbdefio->delay = DL_DEFIO_WRITE_DELAY;
863 +diff --git a/drivers/gpu/drm/udl/udl_main.c b/drivers/gpu/drm/udl/udl_main.c
864 +index 873f010d9616..10e2c198ad72 100644
865 +--- a/drivers/gpu/drm/udl/udl_main.c
866 ++++ b/drivers/gpu/drm/udl/udl_main.c
867 +@@ -169,18 +169,13 @@ static void udl_free_urb_list(struct drm_device *dev)
868 + struct list_head *node;
869 + struct urb_node *unode;
870 + struct urb *urb;
871 +- int ret;
872 + unsigned long flags;
873 +
874 + DRM_DEBUG("Waiting for completes and freeing all render urbs\n");
875 +
876 + /* keep waiting and freeing, until we've got 'em all */
877 + while (count--) {
878 +-
879 +- /* Getting interrupted means a leak, but ok at shutdown*/
880 +- ret = down_interruptible(&udl->urbs.limit_sem);
881 +- if (ret)
882 +- break;
883 ++ down(&udl->urbs.limit_sem);
884 +
885 + spin_lock_irqsave(&udl->urbs.lock, flags);
886 +
887 +@@ -204,17 +199,22 @@ static void udl_free_urb_list(struct drm_device *dev)
888 + static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size)
889 + {
890 + struct udl_device *udl = dev->dev_private;
891 +- int i = 0;
892 + struct urb *urb;
893 + struct urb_node *unode;
894 + char *buf;
895 ++ size_t wanted_size = count * size;
896 +
897 + spin_lock_init(&udl->urbs.lock);
898 +
899 ++retry:
900 + udl->urbs.size = size;
901 + INIT_LIST_HEAD(&udl->urbs.list);
902 +
903 +- while (i < count) {
904 ++ sema_init(&udl->urbs.limit_sem, 0);
905 ++ udl->urbs.count = 0;
906 ++ udl->urbs.available = 0;
907 ++
908 ++ while (udl->urbs.count * size < wanted_size) {
909 + unode = kzalloc(sizeof(struct urb_node), GFP_KERNEL);
910 + if (!unode)
911 + break;
912 +@@ -230,11 +230,16 @@ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size)
913 + }
914 + unode->urb = urb;
915 +
916 +- buf = usb_alloc_coherent(udl->udev, MAX_TRANSFER, GFP_KERNEL,
917 ++ buf = usb_alloc_coherent(udl->udev, size, GFP_KERNEL,
918 + &urb->transfer_dma);
919 + if (!buf) {
920 + kfree(unode);
921 + usb_free_urb(urb);
922 ++ if (size > PAGE_SIZE) {
923 ++ size /= 2;
924 ++ udl_free_urb_list(dev);
925 ++ goto retry;
926 ++ }
927 + break;
928 + }
929 +
930 +@@ -245,16 +250,14 @@ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size)
931 +
932 + list_add_tail(&unode->entry, &udl->urbs.list);
933 +
934 +- i++;
935 ++ up(&udl->urbs.limit_sem);
936 ++ udl->urbs.count++;
937 ++ udl->urbs.available++;
938 + }
939 +
940 +- sema_init(&udl->urbs.limit_sem, i);
941 +- udl->urbs.count = i;
942 +- udl->urbs.available = i;
943 +-
944 +- DRM_DEBUG("allocated %d %d byte urbs\n", i, (int) size);
945 ++ DRM_DEBUG("allocated %d %d byte urbs\n", udl->urbs.count, (int) size);
946 +
947 +- return i;
948 ++ return udl->urbs.count;
949 + }
950 +
951 + struct urb *udl_get_urb(struct drm_device *dev)
952 +diff --git a/drivers/i2c/busses/i2c-davinci.c b/drivers/i2c/busses/i2c-davinci.c
953 +index 9e7ef5cf5d49..b2d8b63176db 100644
954 +--- a/drivers/i2c/busses/i2c-davinci.c
955 ++++ b/drivers/i2c/busses/i2c-davinci.c
956 +@@ -234,12 +234,16 @@ static void i2c_davinci_calc_clk_dividers(struct davinci_i2c_dev *dev)
957 + /*
958 + * It's not always possible to have 1 to 2 ratio when d=7, so fall back
959 + * to minimal possible clkh in this case.
960 ++ *
961 ++ * Note:
962 ++ * CLKH is not allowed to be 0, in this case I2C clock is not generated
963 ++ * at all
964 + */
965 +- if (clk >= clkl + d) {
966 ++ if (clk > clkl + d) {
967 + clkh = clk - clkl - d;
968 + clkl -= d;
969 + } else {
970 +- clkh = 0;
971 ++ clkh = 1;
972 + clkl = clk - (d << 1);
973 + }
974 +
975 +diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
976 +index 60f5a8ded8dd..8904491dfda4 100644
977 +--- a/drivers/misc/mei/main.c
978 ++++ b/drivers/misc/mei/main.c
979 +@@ -304,7 +304,6 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf,
980 + goto out;
981 + }
982 +
983 +- *offset = 0;
984 + cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file);
985 + if (!cb) {
986 + rets = -ENOMEM;
987 +diff --git a/drivers/net/can/mscan/mpc5xxx_can.c b/drivers/net/can/mscan/mpc5xxx_can.c
988 +index c7427bdd3a4b..2949a381a94d 100644
989 +--- a/drivers/net/can/mscan/mpc5xxx_can.c
990 ++++ b/drivers/net/can/mscan/mpc5xxx_can.c
991 +@@ -86,6 +86,11 @@ static u32 mpc52xx_can_get_clock(struct platform_device *ofdev,
992 + return 0;
993 + }
994 + cdm = of_iomap(np_cdm, 0);
995 ++ if (!cdm) {
996 ++ of_node_put(np_cdm);
997 ++ dev_err(&ofdev->dev, "can't map clock node!\n");
998 ++ return 0;
999 ++ }
1000 +
1001 + if (in_8(&cdm->ipb_clk_sel) & 0x1)
1002 + freq *= 2;
1003 +diff --git a/drivers/net/ethernet/3com/Kconfig b/drivers/net/ethernet/3com/Kconfig
1004 +index 5b7658bcf020..5c3ef9fc8207 100644
1005 +--- a/drivers/net/ethernet/3com/Kconfig
1006 ++++ b/drivers/net/ethernet/3com/Kconfig
1007 +@@ -32,7 +32,7 @@ config EL3
1008 +
1009 + config 3C515
1010 + tristate "3c515 ISA \"Fast EtherLink\""
1011 +- depends on ISA && ISA_DMA_API
1012 ++ depends on ISA && ISA_DMA_API && !PPC32
1013 + ---help---
1014 + If you have a 3Com ISA EtherLink XL "Corkscrew" 3c515 Fast Ethernet
1015 + network card, say Y here.
1016 +diff --git a/drivers/net/ethernet/amd/Kconfig b/drivers/net/ethernet/amd/Kconfig
1017 +index 0038709fd317..ec59425fdbff 100644
1018 +--- a/drivers/net/ethernet/amd/Kconfig
1019 ++++ b/drivers/net/ethernet/amd/Kconfig
1020 +@@ -44,7 +44,7 @@ config AMD8111_ETH
1021 +
1022 + config LANCE
1023 + tristate "AMD LANCE and PCnet (AT1500 and NE2100) support"
1024 +- depends on ISA && ISA_DMA_API && !ARM
1025 ++ depends on ISA && ISA_DMA_API && !ARM && !PPC32
1026 + ---help---
1027 + If you have a network (Ethernet) card of this type, say Y here.
1028 + Some LinkSys cards are of this type.
1029 +@@ -138,7 +138,7 @@ config PCMCIA_NMCLAN
1030 +
1031 + config NI65
1032 + tristate "NI6510 support"
1033 +- depends on ISA && ISA_DMA_API && !ARM
1034 ++ depends on ISA && ISA_DMA_API && !ARM && !PPC32
1035 + ---help---
1036 + If you have a network (Ethernet) card of this type, say Y here.
1037 +
1038 +diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
1039 +index a3200ea6d765..85e7177c479f 100644
1040 +--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
1041 ++++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
1042 +@@ -1678,6 +1678,7 @@ static struct sk_buff *atl1c_alloc_skb(struct atl1c_adapter *adapter)
1043 + skb = build_skb(page_address(page) + adapter->rx_page_offset,
1044 + adapter->rx_frag_size);
1045 + if (likely(skb)) {
1046 ++ skb_reserve(skb, NET_SKB_PAD);
1047 + adapter->rx_page_offset += adapter->rx_frag_size;
1048 + if (adapter->rx_page_offset >= PAGE_SIZE)
1049 + adapter->rx_page = NULL;
1050 +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
1051 +index 5f19427c7b27..8aecd8ef6542 100644
1052 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
1053 ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
1054 +@@ -3367,14 +3367,18 @@ static int bnx2x_set_rss_flags(struct bnx2x *bp, struct ethtool_rxnfc *info)
1055 + DP(BNX2X_MSG_ETHTOOL,
1056 + "rss re-configured, UDP 4-tupple %s\n",
1057 + udp_rss_requested ? "enabled" : "disabled");
1058 +- return bnx2x_rss(bp, &bp->rss_conf_obj, false, true);
1059 ++ if (bp->state == BNX2X_STATE_OPEN)
1060 ++ return bnx2x_rss(bp, &bp->rss_conf_obj, false,
1061 ++ true);
1062 + } else if ((info->flow_type == UDP_V6_FLOW) &&
1063 + (bp->rss_conf_obj.udp_rss_v6 != udp_rss_requested)) {
1064 + bp->rss_conf_obj.udp_rss_v6 = udp_rss_requested;
1065 + DP(BNX2X_MSG_ETHTOOL,
1066 + "rss re-configured, UDP 4-tupple %s\n",
1067 + udp_rss_requested ? "enabled" : "disabled");
1068 +- return bnx2x_rss(bp, &bp->rss_conf_obj, false, true);
1069 ++ if (bp->state == BNX2X_STATE_OPEN)
1070 ++ return bnx2x_rss(bp, &bp->rss_conf_obj, false,
1071 ++ true);
1072 + }
1073 + return 0;
1074 +
1075 +@@ -3488,7 +3492,10 @@ static int bnx2x_set_rxfh(struct net_device *dev, const u32 *indir,
1076 + bp->rss_conf_obj.ind_table[i] = indir[i] + bp->fp->cl_id;
1077 + }
1078 +
1079 +- return bnx2x_config_rss_eth(bp, false);
1080 ++ if (bp->state == BNX2X_STATE_OPEN)
1081 ++ return bnx2x_config_rss_eth(bp, false);
1082 ++
1083 ++ return 0;
1084 + }
1085 +
1086 + /**
1087 +diff --git a/drivers/net/ethernet/cirrus/Kconfig b/drivers/net/ethernet/cirrus/Kconfig
1088 +index 5ab912937aff..ec0b545197e2 100644
1089 +--- a/drivers/net/ethernet/cirrus/Kconfig
1090 ++++ b/drivers/net/ethernet/cirrus/Kconfig
1091 +@@ -19,6 +19,7 @@ if NET_VENDOR_CIRRUS
1092 + config CS89x0
1093 + tristate "CS89x0 support"
1094 + depends on ISA || EISA || ARM
1095 ++ depends on !PPC32
1096 + ---help---
1097 + Support for CS89x0 chipset based Ethernet cards. If you have a
1098 + network (Ethernet) card of this type, say Y and read the file
1099 +diff --git a/drivers/net/ethernet/cisco/enic/enic_main.c b/drivers/net/ethernet/cisco/enic/enic_main.c
1100 +index 2e9bab45d419..f7e7b79c6050 100644
1101 +--- a/drivers/net/ethernet/cisco/enic/enic_main.c
1102 ++++ b/drivers/net/ethernet/cisco/enic/enic_main.c
1103 +@@ -1842,10 +1842,32 @@ static int enic_stop(struct net_device *netdev)
1104 + return 0;
1105 + }
1106 +
1107 ++static int _enic_change_mtu(struct net_device *netdev, int new_mtu)
1108 ++{
1109 ++ bool running = netif_running(netdev);
1110 ++ int err = 0;
1111 ++
1112 ++ ASSERT_RTNL();
1113 ++ if (running) {
1114 ++ err = enic_stop(netdev);
1115 ++ if (err)
1116 ++ return err;
1117 ++ }
1118 ++
1119 ++ netdev->mtu = new_mtu;
1120 ++
1121 ++ if (running) {
1122 ++ err = enic_open(netdev);
1123 ++ if (err)
1124 ++ return err;
1125 ++ }
1126 ++
1127 ++ return 0;
1128 ++}
1129 ++
1130 + static int enic_change_mtu(struct net_device *netdev, int new_mtu)
1131 + {
1132 + struct enic *enic = netdev_priv(netdev);
1133 +- int running = netif_running(netdev);
1134 +
1135 + if (new_mtu < ENIC_MIN_MTU || new_mtu > ENIC_MAX_MTU)
1136 + return -EINVAL;
1137 +@@ -1853,20 +1875,12 @@ static int enic_change_mtu(struct net_device *netdev, int new_mtu)
1138 + if (enic_is_dynamic(enic) || enic_is_sriov_vf(enic))
1139 + return -EOPNOTSUPP;
1140 +
1141 +- if (running)
1142 +- enic_stop(netdev);
1143 +-
1144 +- netdev->mtu = new_mtu;
1145 +-
1146 + if (netdev->mtu > enic->port_mtu)
1147 + netdev_warn(netdev,
1148 +- "interface MTU (%d) set higher than port MTU (%d)\n",
1149 +- netdev->mtu, enic->port_mtu);
1150 ++ "interface MTU (%d) set higher than port MTU (%d)\n",
1151 ++ netdev->mtu, enic->port_mtu);
1152 +
1153 +- if (running)
1154 +- enic_open(netdev);
1155 +-
1156 +- return 0;
1157 ++ return _enic_change_mtu(netdev, new_mtu);
1158 + }
1159 +
1160 + static void enic_change_mtu_work(struct work_struct *work)
1161 +@@ -1874,47 +1888,9 @@ static void enic_change_mtu_work(struct work_struct *work)
1162 + struct enic *enic = container_of(work, struct enic, change_mtu_work);
1163 + struct net_device *netdev = enic->netdev;
1164 + int new_mtu = vnic_dev_mtu(enic->vdev);
1165 +- int err;
1166 +- unsigned int i;
1167 +-
1168 +- new_mtu = max_t(int, ENIC_MIN_MTU, min_t(int, ENIC_MAX_MTU, new_mtu));
1169 +
1170 + rtnl_lock();
1171 +-
1172 +- /* Stop RQ */
1173 +- del_timer_sync(&enic->notify_timer);
1174 +-
1175 +- for (i = 0; i < enic->rq_count; i++)
1176 +- napi_disable(&enic->napi[i]);
1177 +-
1178 +- vnic_intr_mask(&enic->intr[0]);
1179 +- enic_synchronize_irqs(enic);
1180 +- err = vnic_rq_disable(&enic->rq[0]);
1181 +- if (err) {
1182 +- rtnl_unlock();
1183 +- netdev_err(netdev, "Unable to disable RQ.\n");
1184 +- return;
1185 +- }
1186 +- vnic_rq_clean(&enic->rq[0], enic_free_rq_buf);
1187 +- vnic_cq_clean(&enic->cq[0]);
1188 +- vnic_intr_clean(&enic->intr[0]);
1189 +-
1190 +- /* Fill RQ with new_mtu-sized buffers */
1191 +- netdev->mtu = new_mtu;
1192 +- vnic_rq_fill(&enic->rq[0], enic_rq_alloc_buf);
1193 +- /* Need at least one buffer on ring to get going */
1194 +- if (vnic_rq_desc_used(&enic->rq[0]) == 0) {
1195 +- rtnl_unlock();
1196 +- netdev_err(netdev, "Unable to alloc receive buffers.\n");
1197 +- return;
1198 +- }
1199 +-
1200 +- /* Start RQ */
1201 +- vnic_rq_enable(&enic->rq[0]);
1202 +- napi_enable(&enic->napi[0]);
1203 +- vnic_intr_unmask(&enic->intr[0]);
1204 +- enic_notify_timer_start(enic);
1205 +-
1206 ++ (void)_enic_change_mtu(netdev, new_mtu);
1207 + rtnl_unlock();
1208 +
1209 + netdev_info(netdev, "interface MTU set as %d\n", netdev->mtu);
1210 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_l2.c b/drivers/net/ethernet/qlogic/qed/qed_l2.c
1211 +index ddd410a91e13..715776e2cfe5 100644
1212 +--- a/drivers/net/ethernet/qlogic/qed/qed_l2.c
1213 ++++ b/drivers/net/ethernet/qlogic/qed/qed_l2.c
1214 +@@ -313,7 +313,7 @@ qed_sp_update_mcast_bin(struct qed_hwfn *p_hwfn,
1215 +
1216 + p_ramrod->common.update_approx_mcast_flg = 1;
1217 + for (i = 0; i < ETH_MULTICAST_MAC_BINS_IN_REGS; i++) {
1218 +- u32 *p_bins = (u32 *)p_params->bins;
1219 ++ u32 *p_bins = p_params->bins;
1220 +
1221 + p_ramrod->approx_mcast.bins[i] = cpu_to_le32(p_bins[i]);
1222 + }
1223 +@@ -1182,8 +1182,8 @@ qed_sp_eth_filter_mcast(struct qed_hwfn *p_hwfn,
1224 + enum spq_mode comp_mode,
1225 + struct qed_spq_comp_cb *p_comp_data)
1226 + {
1227 +- unsigned long bins[ETH_MULTICAST_MAC_BINS_IN_REGS];
1228 + struct vport_update_ramrod_data *p_ramrod = NULL;
1229 ++ u32 bins[ETH_MULTICAST_MAC_BINS_IN_REGS];
1230 + struct qed_spq_entry *p_ent = NULL;
1231 + struct qed_sp_init_data init_data;
1232 + u8 abs_vport_id = 0;
1233 +@@ -1219,26 +1219,25 @@ qed_sp_eth_filter_mcast(struct qed_hwfn *p_hwfn,
1234 + /* explicitly clear out the entire vector */
1235 + memset(&p_ramrod->approx_mcast.bins, 0,
1236 + sizeof(p_ramrod->approx_mcast.bins));
1237 +- memset(bins, 0, sizeof(unsigned long) *
1238 +- ETH_MULTICAST_MAC_BINS_IN_REGS);
1239 ++ memset(bins, 0, sizeof(bins));
1240 + /* filter ADD op is explicit set op and it removes
1241 + * any existing filters for the vport
1242 + */
1243 + if (p_filter_cmd->opcode == QED_FILTER_ADD) {
1244 + for (i = 0; i < p_filter_cmd->num_mc_addrs; i++) {
1245 +- u32 bit;
1246 ++ u32 bit, nbits;
1247 +
1248 + bit = qed_mcast_bin_from_mac(p_filter_cmd->mac[i]);
1249 +- __set_bit(bit, bins);
1250 ++ nbits = sizeof(u32) * BITS_PER_BYTE;
1251 ++ bins[bit / nbits] |= 1 << (bit % nbits);
1252 + }
1253 +
1254 + /* Convert to correct endianity */
1255 + for (i = 0; i < ETH_MULTICAST_MAC_BINS_IN_REGS; i++) {
1256 + struct vport_update_ramrod_mcast *p_ramrod_bins;
1257 +- u32 *p_bins = (u32 *)bins;
1258 +
1259 + p_ramrod_bins = &p_ramrod->approx_mcast;
1260 +- p_ramrod_bins->bins[i] = cpu_to_le32(p_bins[i]);
1261 ++ p_ramrod_bins->bins[i] = cpu_to_le32(bins[i]);
1262 + }
1263 + }
1264 +
1265 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_l2.h b/drivers/net/ethernet/qlogic/qed/qed_l2.h
1266 +index e495d62fcc03..14d00173cad0 100644
1267 +--- a/drivers/net/ethernet/qlogic/qed/qed_l2.h
1268 ++++ b/drivers/net/ethernet/qlogic/qed/qed_l2.h
1269 +@@ -156,7 +156,7 @@ struct qed_sp_vport_update_params {
1270 + u8 anti_spoofing_en;
1271 + u8 update_accept_any_vlan_flg;
1272 + u8 accept_any_vlan;
1273 +- unsigned long bins[8];
1274 ++ u32 bins[8];
1275 + struct qed_rss_params *rss_params;
1276 + struct qed_filter_accept_flags accept_flags;
1277 + struct qed_sge_tpa_params *sge_tpa_params;
1278 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c
1279 +index 8b7d2f963ee1..eaa242df4131 100644
1280 +--- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c
1281 ++++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c
1282 +@@ -613,6 +613,7 @@ static void qed_mcp_handle_link_change(struct qed_hwfn *p_hwfn,
1283 + break;
1284 + default:
1285 + p_link->speed = 0;
1286 ++ p_link->link_up = 0;
1287 + }
1288 +
1289 + if (p_link->link_up && p_link->speed)
1290 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_sriov.c b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
1291 +index 48bc5c151336..6379bfedc9f0 100644
1292 +--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
1293 ++++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
1294 +@@ -2157,7 +2157,7 @@ qed_iov_vp_update_mcast_bin_param(struct qed_hwfn *p_hwfn,
1295 +
1296 + p_data->update_approx_mcast_flg = 1;
1297 + memcpy(p_data->bins, p_mcast_tlv->bins,
1298 +- sizeof(unsigned long) * ETH_MULTICAST_MAC_BINS_IN_REGS);
1299 ++ sizeof(u32) * ETH_MULTICAST_MAC_BINS_IN_REGS);
1300 + *tlvs_mask |= 1 << QED_IOV_VP_UPDATE_MCAST;
1301 + }
1302 +
1303 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_vf.c b/drivers/net/ethernet/qlogic/qed/qed_vf.c
1304 +index 0645124a887b..faf8215872de 100644
1305 +--- a/drivers/net/ethernet/qlogic/qed/qed_vf.c
1306 ++++ b/drivers/net/ethernet/qlogic/qed/qed_vf.c
1307 +@@ -786,7 +786,7 @@ int qed_vf_pf_vport_update(struct qed_hwfn *p_hwfn,
1308 + resp_size += sizeof(struct pfvf_def_resp_tlv);
1309 +
1310 + memcpy(p_mcast_tlv->bins, p_params->bins,
1311 +- sizeof(unsigned long) * ETH_MULTICAST_MAC_BINS_IN_REGS);
1312 ++ sizeof(u32) * ETH_MULTICAST_MAC_BINS_IN_REGS);
1313 + }
1314 +
1315 + update_rx = p_params->accept_flags.update_rx_mode_config;
1316 +@@ -972,7 +972,7 @@ void qed_vf_pf_filter_mcast(struct qed_hwfn *p_hwfn,
1317 + u32 bit;
1318 +
1319 + bit = qed_mcast_bin_from_mac(p_filter_cmd->mac[i]);
1320 +- __set_bit(bit, sp_params.bins);
1321 ++ sp_params.bins[bit / 32] |= 1 << (bit % 32);
1322 + }
1323 + }
1324 +
1325 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_vf.h b/drivers/net/ethernet/qlogic/qed/qed_vf.h
1326 +index 35db7a28aa13..b962ef8e98ef 100644
1327 +--- a/drivers/net/ethernet/qlogic/qed/qed_vf.h
1328 ++++ b/drivers/net/ethernet/qlogic/qed/qed_vf.h
1329 +@@ -336,7 +336,12 @@ struct vfpf_vport_update_mcast_bin_tlv {
1330 + struct channel_tlv tl;
1331 + u8 padding[4];
1332 +
1333 +- u64 bins[8];
1334 ++ /* There are only 256 approx bins, and in HSI they're divided into
1335 ++ * 32-bit values. As old VFs used to set-bit to the values on its side,
1336 ++ * the upper half of the array is never expected to contain any data.
1337 ++ */
1338 ++ u64 bins[4];
1339 ++ u64 obsolete_bins[4];
1340 + };
1341 +
1342 + struct vfpf_vport_update_accept_param_tlv {
1343 +diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c b/drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c
1344 +index 63307ea97846..9beea13e2e1f 100644
1345 +--- a/drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c
1346 ++++ b/drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c
1347 +@@ -217,6 +217,7 @@ issue:
1348 + ret = of_mdiobus_register(bus, np1);
1349 + if (ret) {
1350 + mdiobus_free(bus);
1351 ++ lp->mii_bus = NULL;
1352 + return ret;
1353 + }
1354 + return 0;
1355 +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
1356 +index 31a6d87b61b2..0d4440f28f6b 100644
1357 +--- a/drivers/net/usb/qmi_wwan.c
1358 ++++ b/drivers/net/usb/qmi_wwan.c
1359 +@@ -946,7 +946,7 @@ static const struct usb_device_id products[] = {
1360 + {QMI_FIXED_INTF(0x413c, 0x81b3, 8)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */
1361 + {QMI_FIXED_INTF(0x413c, 0x81b6, 8)}, /* Dell Wireless 5811e */
1362 + {QMI_FIXED_INTF(0x413c, 0x81b6, 10)}, /* Dell Wireless 5811e */
1363 +- {QMI_FIXED_INTF(0x413c, 0x81d7, 1)}, /* Dell Wireless 5821e */
1364 ++ {QMI_FIXED_INTF(0x413c, 0x81d7, 0)}, /* Dell Wireless 5821e */
1365 + {QMI_FIXED_INTF(0x03f0, 0x4e1d, 8)}, /* HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module */
1366 + {QMI_FIXED_INTF(0x03f0, 0x9d1d, 1)}, /* HP lt4120 Snapdragon X5 LTE */
1367 + {QMI_FIXED_INTF(0x22de, 0x9061, 3)}, /* WeTelecom WPD-600N */
1368 +diff --git a/drivers/net/wan/lmc/lmc_main.c b/drivers/net/wan/lmc/lmc_main.c
1369 +index 299140c04556..04b60ed59ea0 100644
1370 +--- a/drivers/net/wan/lmc/lmc_main.c
1371 ++++ b/drivers/net/wan/lmc/lmc_main.c
1372 +@@ -1372,7 +1372,7 @@ static irqreturn_t lmc_interrupt (int irq, void *dev_instance) /*fold00*/
1373 + case 0x001:
1374 + printk(KERN_WARNING "%s: Master Abort (naughty)\n", dev->name);
1375 + break;
1376 +- case 0x010:
1377 ++ case 0x002:
1378 + printk(KERN_WARNING "%s: Target Abort (not so naughty)\n", dev->name);
1379 + break;
1380 + default:
1381 +diff --git a/drivers/net/wireless/broadcom/b43/leds.c b/drivers/net/wireless/broadcom/b43/leds.c
1382 +index cb987c2ecc6b..87131f663292 100644
1383 +--- a/drivers/net/wireless/broadcom/b43/leds.c
1384 ++++ b/drivers/net/wireless/broadcom/b43/leds.c
1385 +@@ -131,7 +131,7 @@ static int b43_register_led(struct b43_wldev *dev, struct b43_led *led,
1386 + led->wl = dev->wl;
1387 + led->index = led_index;
1388 + led->activelow = activelow;
1389 +- strncpy(led->name, name, sizeof(led->name));
1390 ++ strlcpy(led->name, name, sizeof(led->name));
1391 + atomic_set(&led->state, 0);
1392 +
1393 + led->led_dev.name = led->name;
1394 +diff --git a/drivers/net/wireless/broadcom/b43legacy/leds.c b/drivers/net/wireless/broadcom/b43legacy/leds.c
1395 +index fd4565389c77..bc922118b6ac 100644
1396 +--- a/drivers/net/wireless/broadcom/b43legacy/leds.c
1397 ++++ b/drivers/net/wireless/broadcom/b43legacy/leds.c
1398 +@@ -101,7 +101,7 @@ static int b43legacy_register_led(struct b43legacy_wldev *dev,
1399 + led->dev = dev;
1400 + led->index = led_index;
1401 + led->activelow = activelow;
1402 +- strncpy(led->name, name, sizeof(led->name));
1403 ++ strlcpy(led->name, name, sizeof(led->name));
1404 +
1405 + led->led_dev.name = led->name;
1406 + led->led_dev.default_trigger = default_trigger;
1407 +diff --git a/drivers/pinctrl/freescale/pinctrl-imx1-core.c b/drivers/pinctrl/freescale/pinctrl-imx1-core.c
1408 +index a4e9f430d452..e2cca91fd266 100644
1409 +--- a/drivers/pinctrl/freescale/pinctrl-imx1-core.c
1410 ++++ b/drivers/pinctrl/freescale/pinctrl-imx1-core.c
1411 +@@ -433,7 +433,7 @@ static void imx1_pinconf_group_dbg_show(struct pinctrl_dev *pctldev,
1412 + const char *name;
1413 + int i, ret;
1414 +
1415 +- if (group > info->ngroups)
1416 ++ if (group >= info->ngroups)
1417 + return;
1418 +
1419 + seq_puts(s, "\n");
1420 +diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c
1421 +index edb36bf781b0..f627b39f64bf 100644
1422 +--- a/drivers/power/supply/generic-adc-battery.c
1423 ++++ b/drivers/power/supply/generic-adc-battery.c
1424 +@@ -243,10 +243,10 @@ static int gab_probe(struct platform_device *pdev)
1425 + struct power_supply_desc *psy_desc;
1426 + struct power_supply_config psy_cfg = {};
1427 + struct gab_platform_data *pdata = pdev->dev.platform_data;
1428 +- enum power_supply_property *properties;
1429 + int ret = 0;
1430 + int chan;
1431 +- int index = 0;
1432 ++ int index = ARRAY_SIZE(gab_props);
1433 ++ bool any = false;
1434 +
1435 + adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL);
1436 + if (!adc_bat) {
1437 +@@ -280,8 +280,6 @@ static int gab_probe(struct platform_device *pdev)
1438 + }
1439 +
1440 + memcpy(psy_desc->properties, gab_props, sizeof(gab_props));
1441 +- properties = (enum power_supply_property *)
1442 +- ((char *)psy_desc->properties + sizeof(gab_props));
1443 +
1444 + /*
1445 + * getting channel from iio and copying the battery properties
1446 +@@ -295,15 +293,22 @@ static int gab_probe(struct platform_device *pdev)
1447 + adc_bat->channel[chan] = NULL;
1448 + } else {
1449 + /* copying properties for supported channels only */
1450 +- memcpy(properties + sizeof(*(psy_desc->properties)) * index,
1451 +- &gab_dyn_props[chan],
1452 +- sizeof(gab_dyn_props[chan]));
1453 +- index++;
1454 ++ int index2;
1455 ++
1456 ++ for (index2 = 0; index2 < index; index2++) {
1457 ++ if (psy_desc->properties[index2] ==
1458 ++ gab_dyn_props[chan])
1459 ++ break; /* already known */
1460 ++ }
1461 ++ if (index2 == index) /* really new */
1462 ++ psy_desc->properties[index++] =
1463 ++ gab_dyn_props[chan];
1464 ++ any = true;
1465 + }
1466 + }
1467 +
1468 + /* none of the channels are supported so let's bail out */
1469 +- if (index == 0) {
1470 ++ if (!any) {
1471 + ret = -ENODEV;
1472 + goto second_mem_fail;
1473 + }
1474 +@@ -314,7 +319,7 @@ static int gab_probe(struct platform_device *pdev)
1475 + * as come channels may be not be supported by the device.So
1476 + * we need to take care of that.
1477 + */
1478 +- psy_desc->num_properties = ARRAY_SIZE(gab_props) + index;
1479 ++ psy_desc->num_properties = index;
1480 +
1481 + adc_bat->psy = power_supply_register(&pdev->dev, psy_desc, &psy_cfg);
1482 + if (IS_ERR(adc_bat->psy)) {
1483 +diff --git a/drivers/s390/cio/qdio_main.c b/drivers/s390/cio/qdio_main.c
1484 +index 66e9bb053629..18ab84e9c6b2 100644
1485 +--- a/drivers/s390/cio/qdio_main.c
1486 ++++ b/drivers/s390/cio/qdio_main.c
1487 +@@ -640,21 +640,20 @@ static inline unsigned long qdio_aob_for_buffer(struct qdio_output_q *q,
1488 + unsigned long phys_aob = 0;
1489 +
1490 + if (!q->use_cq)
1491 +- goto out;
1492 ++ return 0;
1493 +
1494 + if (!q->aobs[bufnr]) {
1495 + struct qaob *aob = qdio_allocate_aob();
1496 + q->aobs[bufnr] = aob;
1497 + }
1498 + if (q->aobs[bufnr]) {
1499 +- q->sbal_state[bufnr].flags = QDIO_OUTBUF_STATE_FLAG_NONE;
1500 + q->sbal_state[bufnr].aob = q->aobs[bufnr];
1501 + q->aobs[bufnr]->user1 = (u64) q->sbal_state[bufnr].user;
1502 + phys_aob = virt_to_phys(q->aobs[bufnr]);
1503 + WARN_ON_ONCE(phys_aob & 0xFF);
1504 + }
1505 +
1506 +-out:
1507 ++ q->sbal_state[bufnr].flags = 0;
1508 + return phys_aob;
1509 + }
1510 +
1511 +diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c
1512 +index dcf36537a767..cc3994d4e7bc 100644
1513 +--- a/drivers/scsi/fcoe/fcoe_ctlr.c
1514 ++++ b/drivers/scsi/fcoe/fcoe_ctlr.c
1515 +@@ -755,9 +755,9 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr *fip, struct fc_lport *lport,
1516 + case ELS_LOGO:
1517 + if (fip->mode == FIP_MODE_VN2VN) {
1518 + if (fip->state != FIP_ST_VNMP_UP)
1519 +- return -EINVAL;
1520 ++ goto drop;
1521 + if (ntoh24(fh->fh_d_id) == FC_FID_FLOGI)
1522 +- return -EINVAL;
1523 ++ goto drop;
1524 + } else {
1525 + if (fip->state != FIP_ST_ENABLED)
1526 + return 0;
1527 +diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c
1528 +index 97aeaddd600d..e3ffd244603e 100644
1529 +--- a/drivers/scsi/libfc/fc_rport.c
1530 ++++ b/drivers/scsi/libfc/fc_rport.c
1531 +@@ -1935,6 +1935,7 @@ static void fc_rport_recv_logo_req(struct fc_lport *lport, struct fc_frame *fp)
1532 + FC_RPORT_DBG(rdata, "Received LOGO request while in state %s\n",
1533 + fc_rport_state(rdata));
1534 +
1535 ++ rdata->flags &= ~FC_RP_STARTED;
1536 + fc_rport_enter_delete(rdata, RPORT_EV_STOP);
1537 + mutex_unlock(&rdata->rp_mutex);
1538 + kref_put(&rdata->kref, rdata->local_port->tt.rport_destroy);
1539 +diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
1540 +index c2b682916337..cc8f2a7c2463 100644
1541 +--- a/drivers/scsi/libiscsi.c
1542 ++++ b/drivers/scsi/libiscsi.c
1543 +@@ -283,11 +283,11 @@ static int iscsi_check_tmf_restrictions(struct iscsi_task *task, int opcode)
1544 + */
1545 + if (opcode != ISCSI_OP_SCSI_DATA_OUT) {
1546 + iscsi_conn_printk(KERN_INFO, conn,
1547 +- "task [op %x/%x itt "
1548 ++ "task [op %x itt "
1549 + "0x%x/0x%x] "
1550 + "rejected.\n",
1551 +- task->hdr->opcode, opcode,
1552 +- task->itt, task->hdr_itt);
1553 ++ opcode, task->itt,
1554 ++ task->hdr_itt);
1555 + return -EACCES;
1556 + }
1557 + /*
1558 +@@ -296,10 +296,10 @@ static int iscsi_check_tmf_restrictions(struct iscsi_task *task, int opcode)
1559 + */
1560 + if (conn->session->fast_abort) {
1561 + iscsi_conn_printk(KERN_INFO, conn,
1562 +- "task [op %x/%x itt "
1563 ++ "task [op %x itt "
1564 + "0x%x/0x%x] fast abort.\n",
1565 +- task->hdr->opcode, opcode,
1566 +- task->itt, task->hdr_itt);
1567 ++ opcode, task->itt,
1568 ++ task->hdr_itt);
1569 + return -EACCES;
1570 + }
1571 + break;
1572 +diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
1573 +index 3a6f557ec128..56b65b85b121 100644
1574 +--- a/drivers/scsi/scsi_sysfs.c
1575 ++++ b/drivers/scsi/scsi_sysfs.c
1576 +@@ -709,8 +709,24 @@ static ssize_t
1577 + sdev_store_delete(struct device *dev, struct device_attribute *attr,
1578 + const char *buf, size_t count)
1579 + {
1580 +- if (device_remove_file_self(dev, attr))
1581 +- scsi_remove_device(to_scsi_device(dev));
1582 ++ struct kernfs_node *kn;
1583 ++
1584 ++ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr);
1585 ++ WARN_ON_ONCE(!kn);
1586 ++ /*
1587 ++ * Concurrent writes into the "delete" sysfs attribute may trigger
1588 ++ * concurrent calls to device_remove_file() and scsi_remove_device().
1589 ++ * device_remove_file() handles concurrent removal calls by
1590 ++ * serializing these and by ignoring the second and later removal
1591 ++ * attempts. Concurrent calls of scsi_remove_device() are
1592 ++ * serialized. The second and later calls of scsi_remove_device() are
1593 ++ * ignored because the first call of that function changes the device
1594 ++ * state into SDEV_DEL.
1595 ++ */
1596 ++ device_remove_file(dev, attr);
1597 ++ scsi_remove_device(to_scsi_device(dev));
1598 ++ if (kn)
1599 ++ sysfs_unbreak_active_protection(kn);
1600 + return count;
1601 + };
1602 + static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete);
1603 +diff --git a/drivers/scsi/vmw_pvscsi.c b/drivers/scsi/vmw_pvscsi.c
1604 +index 15ca09cd16f3..874e9f085326 100644
1605 +--- a/drivers/scsi/vmw_pvscsi.c
1606 ++++ b/drivers/scsi/vmw_pvscsi.c
1607 +@@ -564,9 +564,14 @@ static void pvscsi_complete_request(struct pvscsi_adapter *adapter,
1608 + (btstat == BTSTAT_SUCCESS ||
1609 + btstat == BTSTAT_LINKED_COMMAND_COMPLETED ||
1610 + btstat == BTSTAT_LINKED_COMMAND_COMPLETED_WITH_FLAG)) {
1611 +- cmd->result = (DID_OK << 16) | sdstat;
1612 +- if (sdstat == SAM_STAT_CHECK_CONDITION && cmd->sense_buffer)
1613 +- cmd->result |= (DRIVER_SENSE << 24);
1614 ++ if (sdstat == SAM_STAT_COMMAND_TERMINATED) {
1615 ++ cmd->result = (DID_RESET << 16);
1616 ++ } else {
1617 ++ cmd->result = (DID_OK << 16) | sdstat;
1618 ++ if (sdstat == SAM_STAT_CHECK_CONDITION &&
1619 ++ cmd->sense_buffer)
1620 ++ cmd->result |= (DRIVER_SENSE << 24);
1621 ++ }
1622 + } else
1623 + switch (btstat) {
1624 + case BTSTAT_SUCCESS:
1625 +diff --git a/drivers/staging/android/ion/ion-ioctl.c b/drivers/staging/android/ion/ion-ioctl.c
1626 +index 2b700e8455c6..e3596855a703 100644
1627 +--- a/drivers/staging/android/ion/ion-ioctl.c
1628 ++++ b/drivers/staging/android/ion/ion-ioctl.c
1629 +@@ -128,11 +128,15 @@ long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1630 + {
1631 + struct ion_handle *handle;
1632 +
1633 +- handle = ion_handle_get_by_id(client, data.handle.handle);
1634 +- if (IS_ERR(handle))
1635 ++ mutex_lock(&client->lock);
1636 ++ handle = ion_handle_get_by_id_nolock(client, data.handle.handle);
1637 ++ if (IS_ERR(handle)) {
1638 ++ mutex_unlock(&client->lock);
1639 + return PTR_ERR(handle);
1640 +- data.fd.fd = ion_share_dma_buf_fd(client, handle);
1641 +- ion_handle_put(handle);
1642 ++ }
1643 ++ data.fd.fd = ion_share_dma_buf_fd_nolock(client, handle);
1644 ++ ion_handle_put_nolock(handle);
1645 ++ mutex_unlock(&client->lock);
1646 + if (data.fd.fd < 0)
1647 + ret = data.fd.fd;
1648 + break;
1649 +diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
1650 +index 6f9974cb0e15..806e9b30b9dc 100644
1651 +--- a/drivers/staging/android/ion/ion.c
1652 ++++ b/drivers/staging/android/ion/ion.c
1653 +@@ -15,6 +15,7 @@
1654 + *
1655 + */
1656 +
1657 ++#include <linux/atomic.h>
1658 + #include <linux/device.h>
1659 + #include <linux/err.h>
1660 + #include <linux/file.h>
1661 +@@ -305,6 +306,16 @@ static void ion_handle_get(struct ion_handle *handle)
1662 + kref_get(&handle->ref);
1663 + }
1664 +
1665 ++/* Must hold the client lock */
1666 ++static struct ion_handle *ion_handle_get_check_overflow(
1667 ++ struct ion_handle *handle)
1668 ++{
1669 ++ if (atomic_read(&handle->ref.refcount) + 1 == 0)
1670 ++ return ERR_PTR(-EOVERFLOW);
1671 ++ ion_handle_get(handle);
1672 ++ return handle;
1673 ++}
1674 ++
1675 + int ion_handle_put_nolock(struct ion_handle *handle)
1676 + {
1677 + return kref_put(&handle->ref, ion_handle_destroy);
1678 +@@ -347,21 +358,9 @@ struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client,
1679 +
1680 + handle = idr_find(&client->idr, id);
1681 + if (handle)
1682 +- ion_handle_get(handle);
1683 +-
1684 +- return handle ? handle : ERR_PTR(-EINVAL);
1685 +-}
1686 +-
1687 +-struct ion_handle *ion_handle_get_by_id(struct ion_client *client,
1688 +- int id)
1689 +-{
1690 +- struct ion_handle *handle;
1691 ++ return ion_handle_get_check_overflow(handle);
1692 +
1693 +- mutex_lock(&client->lock);
1694 +- handle = ion_handle_get_by_id_nolock(client, id);
1695 +- mutex_unlock(&client->lock);
1696 +-
1697 +- return handle;
1698 ++ return ERR_PTR(-EINVAL);
1699 + }
1700 +
1701 + static bool ion_handle_validate(struct ion_client *client,
1702 +@@ -1029,24 +1028,28 @@ static struct dma_buf_ops dma_buf_ops = {
1703 + .kunmap = ion_dma_buf_kunmap,
1704 + };
1705 +
1706 +-struct dma_buf *ion_share_dma_buf(struct ion_client *client,
1707 +- struct ion_handle *handle)
1708 ++static struct dma_buf *__ion_share_dma_buf(struct ion_client *client,
1709 ++ struct ion_handle *handle,
1710 ++ bool lock_client)
1711 + {
1712 + DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
1713 + struct ion_buffer *buffer;
1714 + struct dma_buf *dmabuf;
1715 + bool valid_handle;
1716 +
1717 +- mutex_lock(&client->lock);
1718 ++ if (lock_client)
1719 ++ mutex_lock(&client->lock);
1720 + valid_handle = ion_handle_validate(client, handle);
1721 + if (!valid_handle) {
1722 + WARN(1, "%s: invalid handle passed to share.\n", __func__);
1723 +- mutex_unlock(&client->lock);
1724 ++ if (lock_client)
1725 ++ mutex_unlock(&client->lock);
1726 + return ERR_PTR(-EINVAL);
1727 + }
1728 + buffer = handle->buffer;
1729 + ion_buffer_get(buffer);
1730 +- mutex_unlock(&client->lock);
1731 ++ if (lock_client)
1732 ++ mutex_unlock(&client->lock);
1733 +
1734 + exp_info.ops = &dma_buf_ops;
1735 + exp_info.size = buffer->size;
1736 +@@ -1061,14 +1064,21 @@ struct dma_buf *ion_share_dma_buf(struct ion_client *client,
1737 +
1738 + return dmabuf;
1739 + }
1740 ++
1741 ++struct dma_buf *ion_share_dma_buf(struct ion_client *client,
1742 ++ struct ion_handle *handle)
1743 ++{
1744 ++ return __ion_share_dma_buf(client, handle, true);
1745 ++}
1746 + EXPORT_SYMBOL(ion_share_dma_buf);
1747 +
1748 +-int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle)
1749 ++static int __ion_share_dma_buf_fd(struct ion_client *client,
1750 ++ struct ion_handle *handle, bool lock_client)
1751 + {
1752 + struct dma_buf *dmabuf;
1753 + int fd;
1754 +
1755 +- dmabuf = ion_share_dma_buf(client, handle);
1756 ++ dmabuf = __ion_share_dma_buf(client, handle, lock_client);
1757 + if (IS_ERR(dmabuf))
1758 + return PTR_ERR(dmabuf);
1759 +
1760 +@@ -1078,8 +1088,19 @@ int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle)
1761 +
1762 + return fd;
1763 + }
1764 ++
1765 ++int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle)
1766 ++{
1767 ++ return __ion_share_dma_buf_fd(client, handle, true);
1768 ++}
1769 + EXPORT_SYMBOL(ion_share_dma_buf_fd);
1770 +
1771 ++int ion_share_dma_buf_fd_nolock(struct ion_client *client,
1772 ++ struct ion_handle *handle)
1773 ++{
1774 ++ return __ion_share_dma_buf_fd(client, handle, false);
1775 ++}
1776 ++
1777 + struct ion_handle *ion_import_dma_buf(struct ion_client *client,
1778 + struct dma_buf *dmabuf)
1779 + {
1780 +@@ -1100,7 +1121,7 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client,
1781 + /* if a handle exists for this buffer just take a reference to it */
1782 + handle = ion_handle_lookup(client, buffer);
1783 + if (!IS_ERR(handle)) {
1784 +- ion_handle_get(handle);
1785 ++ handle = ion_handle_get_check_overflow(handle);
1786 + mutex_unlock(&client->lock);
1787 + goto end;
1788 + }
1789 +diff --git a/drivers/staging/android/ion/ion_priv.h b/drivers/staging/android/ion/ion_priv.h
1790 +index 3c3b3245275d..760e41885448 100644
1791 +--- a/drivers/staging/android/ion/ion_priv.h
1792 ++++ b/drivers/staging/android/ion/ion_priv.h
1793 +@@ -463,11 +463,11 @@ void ion_free_nolock(struct ion_client *client, struct ion_handle *handle);
1794 +
1795 + int ion_handle_put_nolock(struct ion_handle *handle);
1796 +
1797 +-struct ion_handle *ion_handle_get_by_id(struct ion_client *client,
1798 +- int id);
1799 +-
1800 + int ion_handle_put(struct ion_handle *handle);
1801 +
1802 + int ion_query_heaps(struct ion_client *client, struct ion_heap_query *query);
1803 +
1804 ++int ion_share_dma_buf_fd_nolock(struct ion_client *client,
1805 ++ struct ion_handle *handle);
1806 ++
1807 + #endif /* _ION_PRIV_H */
1808 +diff --git a/drivers/staging/media/omap4iss/iss_video.c b/drivers/staging/media/omap4iss/iss_video.c
1809 +index c16927ac8eb0..395c7a2244ff 100644
1810 +--- a/drivers/staging/media/omap4iss/iss_video.c
1811 ++++ b/drivers/staging/media/omap4iss/iss_video.c
1812 +@@ -11,7 +11,6 @@
1813 + * (at your option) any later version.
1814 + */
1815 +
1816 +-#include <asm/cacheflush.h>
1817 + #include <linux/clk.h>
1818 + #include <linux/mm.h>
1819 + #include <linux/pagemap.h>
1820 +@@ -24,6 +23,8 @@
1821 + #include <media/v4l2-ioctl.h>
1822 + #include <media/v4l2-mc.h>
1823 +
1824 ++#include <asm/cacheflush.h>
1825 ++
1826 + #include "iss_video.h"
1827 + #include "iss.h"
1828 +
1829 +diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
1830 +index 9ccd5da8f204..d2f82aaf6a85 100644
1831 +--- a/drivers/target/iscsi/iscsi_target_login.c
1832 ++++ b/drivers/target/iscsi/iscsi_target_login.c
1833 +@@ -333,8 +333,7 @@ static int iscsi_login_zero_tsih_s1(
1834 + pr_err("idr_alloc() for sess_idr failed\n");
1835 + iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1836 + ISCSI_LOGIN_STATUS_NO_RESOURCES);
1837 +- kfree(sess);
1838 +- return -ENOMEM;
1839 ++ goto free_sess;
1840 + }
1841 +
1842 + sess->creation_time = get_jiffies_64();
1843 +@@ -350,20 +349,28 @@ static int iscsi_login_zero_tsih_s1(
1844 + ISCSI_LOGIN_STATUS_NO_RESOURCES);
1845 + pr_err("Unable to allocate memory for"
1846 + " struct iscsi_sess_ops.\n");
1847 +- kfree(sess);
1848 +- return -ENOMEM;
1849 ++ goto remove_idr;
1850 + }
1851 +
1852 + sess->se_sess = transport_init_session(TARGET_PROT_NORMAL);
1853 + if (IS_ERR(sess->se_sess)) {
1854 + iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1855 + ISCSI_LOGIN_STATUS_NO_RESOURCES);
1856 +- kfree(sess->sess_ops);
1857 +- kfree(sess);
1858 +- return -ENOMEM;
1859 ++ goto free_ops;
1860 + }
1861 +
1862 + return 0;
1863 ++
1864 ++free_ops:
1865 ++ kfree(sess->sess_ops);
1866 ++remove_idr:
1867 ++ spin_lock_bh(&sess_idr_lock);
1868 ++ idr_remove(&sess_idr, sess->session_index);
1869 ++ spin_unlock_bh(&sess_idr_lock);
1870 ++free_sess:
1871 ++ kfree(sess);
1872 ++ conn->sess = NULL;
1873 ++ return -ENOMEM;
1874 + }
1875 +
1876 + static int iscsi_login_zero_tsih_s2(
1877 +@@ -1152,13 +1159,13 @@ void iscsi_target_login_sess_out(struct iscsi_conn *conn,
1878 + ISCSI_LOGIN_STATUS_INIT_ERR);
1879 + if (!zero_tsih || !conn->sess)
1880 + goto old_sess_out;
1881 +- if (conn->sess->se_sess)
1882 +- transport_free_session(conn->sess->se_sess);
1883 +- if (conn->sess->session_index != 0) {
1884 +- spin_lock_bh(&sess_idr_lock);
1885 +- idr_remove(&sess_idr, conn->sess->session_index);
1886 +- spin_unlock_bh(&sess_idr_lock);
1887 +- }
1888 ++
1889 ++ transport_free_session(conn->sess->se_sess);
1890 ++
1891 ++ spin_lock_bh(&sess_idr_lock);
1892 ++ idr_remove(&sess_idr, conn->sess->session_index);
1893 ++ spin_unlock_bh(&sess_idr_lock);
1894 ++
1895 + kfree(conn->sess->sess_ops);
1896 + kfree(conn->sess);
1897 + conn->sess = NULL;
1898 +diff --git a/drivers/usb/gadget/function/f_uac2.c b/drivers/usb/gadget/function/f_uac2.c
1899 +index 5474b5187be0..f4bd08cfac11 100644
1900 +--- a/drivers/usb/gadget/function/f_uac2.c
1901 ++++ b/drivers/usb/gadget/function/f_uac2.c
1902 +@@ -929,14 +929,14 @@ static struct usb_descriptor_header *hs_audio_desc[] = {
1903 + };
1904 +
1905 + struct cntrl_cur_lay3 {
1906 +- __u32 dCUR;
1907 ++ __le32 dCUR;
1908 + };
1909 +
1910 + struct cntrl_range_lay3 {
1911 +- __u16 wNumSubRanges;
1912 +- __u32 dMIN;
1913 +- __u32 dMAX;
1914 +- __u32 dRES;
1915 ++ __le16 wNumSubRanges;
1916 ++ __le32 dMIN;
1917 ++ __le32 dMAX;
1918 ++ __le32 dRES;
1919 + } __packed;
1920 +
1921 + static inline void
1922 +@@ -1285,9 +1285,9 @@ in_rq_cur(struct usb_function *fn, const struct usb_ctrlrequest *cr)
1923 + memset(&c, 0, sizeof(struct cntrl_cur_lay3));
1924 +
1925 + if (entity_id == USB_IN_CLK_ID)
1926 +- c.dCUR = p_srate;
1927 ++ c.dCUR = cpu_to_le32(p_srate);
1928 + else if (entity_id == USB_OUT_CLK_ID)
1929 +- c.dCUR = c_srate;
1930 ++ c.dCUR = cpu_to_le32(c_srate);
1931 +
1932 + value = min_t(unsigned, w_length, sizeof c);
1933 + memcpy(req->buf, &c, value);
1934 +@@ -1325,15 +1325,15 @@ in_rq_range(struct usb_function *fn, const struct usb_ctrlrequest *cr)
1935 +
1936 + if (control_selector == UAC2_CS_CONTROL_SAM_FREQ) {
1937 + if (entity_id == USB_IN_CLK_ID)
1938 +- r.dMIN = p_srate;
1939 ++ r.dMIN = cpu_to_le32(p_srate);
1940 + else if (entity_id == USB_OUT_CLK_ID)
1941 +- r.dMIN = c_srate;
1942 ++ r.dMIN = cpu_to_le32(c_srate);
1943 + else
1944 + return -EOPNOTSUPP;
1945 +
1946 + r.dMAX = r.dMIN;
1947 + r.dRES = 0;
1948 +- r.wNumSubRanges = 1;
1949 ++ r.wNumSubRanges = cpu_to_le16(1);
1950 +
1951 + value = min_t(unsigned, w_length, sizeof r);
1952 + memcpy(req->buf, &r, value);
1953 +diff --git a/drivers/usb/gadget/udc/r8a66597-udc.c b/drivers/usb/gadget/udc/r8a66597-udc.c
1954 +index f2c8862093a2..230e3248f386 100644
1955 +--- a/drivers/usb/gadget/udc/r8a66597-udc.c
1956 ++++ b/drivers/usb/gadget/udc/r8a66597-udc.c
1957 +@@ -835,11 +835,11 @@ static void init_controller(struct r8a66597 *r8a66597)
1958 +
1959 + r8a66597_bset(r8a66597, XCKE, SYSCFG0);
1960 +
1961 +- msleep(3);
1962 ++ mdelay(3);
1963 +
1964 + r8a66597_bset(r8a66597, PLLC, SYSCFG0);
1965 +
1966 +- msleep(1);
1967 ++ mdelay(1);
1968 +
1969 + r8a66597_bset(r8a66597, SCKE, SYSCFG0);
1970 +
1971 +@@ -1193,7 +1193,7 @@ __acquires(r8a66597->lock)
1972 + r8a66597->ep0_req->length = 2;
1973 + /* AV: what happens if we get called again before that gets through? */
1974 + spin_unlock(&r8a66597->lock);
1975 +- r8a66597_queue(r8a66597->gadget.ep0, r8a66597->ep0_req, GFP_KERNEL);
1976 ++ r8a66597_queue(r8a66597->gadget.ep0, r8a66597->ep0_req, GFP_ATOMIC);
1977 + spin_lock(&r8a66597->lock);
1978 + }
1979 +
1980 +diff --git a/drivers/usb/phy/phy-fsl-usb.c b/drivers/usb/phy/phy-fsl-usb.c
1981 +index 94eb2923afed..85d031ce85c1 100644
1982 +--- a/drivers/usb/phy/phy-fsl-usb.c
1983 ++++ b/drivers/usb/phy/phy-fsl-usb.c
1984 +@@ -879,6 +879,7 @@ int usb_otg_start(struct platform_device *pdev)
1985 + if (pdata->init && pdata->init(pdev) != 0)
1986 + return -EINVAL;
1987 +
1988 ++#ifdef CONFIG_PPC32
1989 + if (pdata->big_endian_mmio) {
1990 + _fsl_readl = _fsl_readl_be;
1991 + _fsl_writel = _fsl_writel_be;
1992 +@@ -886,6 +887,7 @@ int usb_otg_start(struct platform_device *pdev)
1993 + _fsl_readl = _fsl_readl_le;
1994 + _fsl_writel = _fsl_writel_le;
1995 + }
1996 ++#endif
1997 +
1998 + /* request irq */
1999 + p_otg->irq = platform_get_irq(pdev, 0);
2000 +@@ -976,7 +978,7 @@ int usb_otg_start(struct platform_device *pdev)
2001 + /*
2002 + * state file in sysfs
2003 + */
2004 +-static int show_fsl_usb2_otg_state(struct device *dev,
2005 ++static ssize_t show_fsl_usb2_otg_state(struct device *dev,
2006 + struct device_attribute *attr, char *buf)
2007 + {
2008 + struct otg_fsm *fsm = &fsl_otg_dev->fsm;
2009 +diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
2010 +index 41df8a27d7eb..2026885702a2 100644
2011 +--- a/fs/cachefiles/namei.c
2012 ++++ b/fs/cachefiles/namei.c
2013 +@@ -195,7 +195,6 @@ wait_for_old_object:
2014 + pr_err("\n");
2015 + pr_err("Error: Unexpected object collision\n");
2016 + cachefiles_printk_object(object, xobject);
2017 +- BUG();
2018 + }
2019 + atomic_inc(&xobject->usage);
2020 + write_unlock(&cache->active_lock);
2021 +diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
2022 +index afbdc418966d..5e3bc9de7a16 100644
2023 +--- a/fs/cachefiles/rdwr.c
2024 ++++ b/fs/cachefiles/rdwr.c
2025 +@@ -27,6 +27,7 @@ static int cachefiles_read_waiter(wait_queue_t *wait, unsigned mode,
2026 + struct cachefiles_one_read *monitor =
2027 + container_of(wait, struct cachefiles_one_read, monitor);
2028 + struct cachefiles_object *object;
2029 ++ struct fscache_retrieval *op = monitor->op;
2030 + struct wait_bit_key *key = _key;
2031 + struct page *page = wait->private;
2032 +
2033 +@@ -51,16 +52,22 @@ static int cachefiles_read_waiter(wait_queue_t *wait, unsigned mode,
2034 + list_del(&wait->task_list);
2035 +
2036 + /* move onto the action list and queue for FS-Cache thread pool */
2037 +- ASSERT(monitor->op);
2038 ++ ASSERT(op);
2039 +
2040 +- object = container_of(monitor->op->op.object,
2041 +- struct cachefiles_object, fscache);
2042 ++ /* We need to temporarily bump the usage count as we don't own a ref
2043 ++ * here otherwise cachefiles_read_copier() may free the op between the
2044 ++ * monitor being enqueued on the op->to_do list and the op getting
2045 ++ * enqueued on the work queue.
2046 ++ */
2047 ++ fscache_get_retrieval(op);
2048 +
2049 ++ object = container_of(op->op.object, struct cachefiles_object, fscache);
2050 + spin_lock(&object->work_lock);
2051 +- list_add_tail(&monitor->op_link, &monitor->op->to_do);
2052 ++ list_add_tail(&monitor->op_link, &op->to_do);
2053 + spin_unlock(&object->work_lock);
2054 +
2055 +- fscache_enqueue_retrieval(monitor->op);
2056 ++ fscache_enqueue_retrieval(op);
2057 ++ fscache_put_retrieval(op);
2058 + return 0;
2059 + }
2060 +
2061 +diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
2062 +index 3d03e48a9213..ad8bd96093f7 100644
2063 +--- a/fs/cifs/cifs_debug.c
2064 ++++ b/fs/cifs/cifs_debug.c
2065 +@@ -123,25 +123,41 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v)
2066 + seq_printf(m, "CIFS Version %s\n", CIFS_VERSION);
2067 + seq_printf(m, "Features:");
2068 + #ifdef CONFIG_CIFS_DFS_UPCALL
2069 +- seq_printf(m, " dfs");
2070 ++ seq_printf(m, " DFS");
2071 + #endif
2072 + #ifdef CONFIG_CIFS_FSCACHE
2073 +- seq_printf(m, " fscache");
2074 ++ seq_printf(m, ",FSCACHE");
2075 ++#endif
2076 ++#ifdef CONFIG_CIFS_SMB_DIRECT
2077 ++ seq_printf(m, ",SMB_DIRECT");
2078 ++#endif
2079 ++#ifdef CONFIG_CIFS_STATS2
2080 ++ seq_printf(m, ",STATS2");
2081 ++#elif defined(CONFIG_CIFS_STATS)
2082 ++ seq_printf(m, ",STATS");
2083 ++#endif
2084 ++#ifdef CONFIG_CIFS_DEBUG2
2085 ++ seq_printf(m, ",DEBUG2");
2086 ++#elif defined(CONFIG_CIFS_DEBUG)
2087 ++ seq_printf(m, ",DEBUG");
2088 ++#endif
2089 ++#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
2090 ++ seq_printf(m, ",ALLOW_INSECURE_LEGACY");
2091 + #endif
2092 + #ifdef CONFIG_CIFS_WEAK_PW_HASH
2093 +- seq_printf(m, " lanman");
2094 ++ seq_printf(m, ",WEAK_PW_HASH");
2095 + #endif
2096 + #ifdef CONFIG_CIFS_POSIX
2097 +- seq_printf(m, " posix");
2098 ++ seq_printf(m, ",CIFS_POSIX");
2099 + #endif
2100 + #ifdef CONFIG_CIFS_UPCALL
2101 +- seq_printf(m, " spnego");
2102 ++ seq_printf(m, ",UPCALL(SPNEGO)");
2103 + #endif
2104 + #ifdef CONFIG_CIFS_XATTR
2105 +- seq_printf(m, " xattr");
2106 ++ seq_printf(m, ",XATTR");
2107 + #endif
2108 + #ifdef CONFIG_CIFS_ACL
2109 +- seq_printf(m, " acl");
2110 ++ seq_printf(m, ",ACL");
2111 + #endif
2112 + seq_putc(m, '\n');
2113 + seq_printf(m, "Active VFS Requests: %d\n", GlobalTotalActiveXid);
2114 +diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
2115 +index 24c19eb94fa3..a012f70bba5c 100644
2116 +--- a/fs/cifs/inode.c
2117 ++++ b/fs/cifs/inode.c
2118 +@@ -1116,6 +1116,8 @@ cifs_set_file_info(struct inode *inode, struct iattr *attrs, unsigned int xid,
2119 + if (!server->ops->set_file_info)
2120 + return -ENOSYS;
2121 +
2122 ++ info_buf.Pad = 0;
2123 ++
2124 + if (attrs->ia_valid & ATTR_ATIME) {
2125 + set_time = true;
2126 + info_buf.LastAccessTime =
2127 +diff --git a/fs/cifs/link.c b/fs/cifs/link.c
2128 +index d031af8d3d4d..38d26cbcad07 100644
2129 +--- a/fs/cifs/link.c
2130 ++++ b/fs/cifs/link.c
2131 +@@ -419,7 +419,7 @@ smb3_query_mf_symlink(unsigned int xid, struct cifs_tcon *tcon,
2132 + struct cifs_io_parms io_parms;
2133 + int buf_type = CIFS_NO_BUFFER;
2134 + __le16 *utf16_path;
2135 +- __u8 oplock = SMB2_OPLOCK_LEVEL_II;
2136 ++ __u8 oplock = SMB2_OPLOCK_LEVEL_NONE;
2137 + struct smb2_file_all_info *pfile_info = NULL;
2138 +
2139 + oparms.tcon = tcon;
2140 +@@ -481,7 +481,7 @@ smb3_create_mf_symlink(unsigned int xid, struct cifs_tcon *tcon,
2141 + struct cifs_io_parms io_parms;
2142 + int create_options = CREATE_NOT_DIR;
2143 + __le16 *utf16_path;
2144 +- __u8 oplock = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
2145 ++ __u8 oplock = SMB2_OPLOCK_LEVEL_NONE;
2146 + struct kvec iov[2];
2147 +
2148 + if (backup_cred(cifs_sb))
2149 +diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
2150 +index c3db2a882aee..bb208076cb71 100644
2151 +--- a/fs/cifs/sess.c
2152 ++++ b/fs/cifs/sess.c
2153 +@@ -398,6 +398,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
2154 + goto setup_ntlmv2_ret;
2155 + }
2156 + *pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL);
2157 ++ if (!*pbuffer) {
2158 ++ rc = -ENOMEM;
2159 ++ cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
2160 ++ *buflen = 0;
2161 ++ goto setup_ntlmv2_ret;
2162 ++ }
2163 + sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
2164 +
2165 + memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
2166 +diff --git a/fs/cifs/smb2inode.c b/fs/cifs/smb2inode.c
2167 +index 1238cd3552f9..0267d8cbc996 100644
2168 +--- a/fs/cifs/smb2inode.c
2169 ++++ b/fs/cifs/smb2inode.c
2170 +@@ -267,7 +267,7 @@ smb2_set_file_info(struct inode *inode, const char *full_path,
2171 + int rc;
2172 +
2173 + if ((buf->CreationTime == 0) && (buf->LastAccessTime == 0) &&
2174 +- (buf->LastWriteTime == 0) && (buf->ChangeTime) &&
2175 ++ (buf->LastWriteTime == 0) && (buf->ChangeTime == 0) &&
2176 + (buf->Attributes == 0))
2177 + return 0; /* would be a no op, no sense sending this */
2178 +
2179 +diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
2180 +index 812e4884c392..68622f1e706b 100644
2181 +--- a/fs/cifs/smb2ops.c
2182 ++++ b/fs/cifs/smb2ops.c
2183 +@@ -894,6 +894,13 @@ smb3_set_integrity(const unsigned int xid, struct cifs_tcon *tcon,
2184 +
2185 + }
2186 +
2187 ++/* GMT Token is @GMT-YYYY.MM.DD-HH.MM.SS Unicode which is 48 bytes + null */
2188 ++#define GMT_TOKEN_SIZE 50
2189 ++
2190 ++/*
2191 ++ * Input buffer contains (empty) struct smb_snapshot array with size filled in
2192 ++ * For output see struct SRV_SNAPSHOT_ARRAY in MS-SMB2 section 2.2.32.2
2193 ++ */
2194 + static int
2195 + smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
2196 + struct cifsFileInfo *cfile, void __user *ioc_buf)
2197 +@@ -922,14 +929,27 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon,
2198 + kfree(retbuf);
2199 + return rc;
2200 + }
2201 +- if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) {
2202 +- rc = -ERANGE;
2203 +- kfree(retbuf);
2204 +- return rc;
2205 +- }
2206 +
2207 +- if (ret_data_len > snapshot_in.snapshot_array_size)
2208 +- ret_data_len = snapshot_in.snapshot_array_size;
2209 ++ /*
2210 ++ * Check for min size, ie not large enough to fit even one GMT
2211 ++ * token (snapshot). On the first ioctl some users may pass in
2212 ++ * smaller size (or zero) to simply get the size of the array
2213 ++ * so the user space caller can allocate sufficient memory
2214 ++ * and retry the ioctl again with larger array size sufficient
2215 ++ * to hold all of the snapshot GMT tokens on the second try.
2216 ++ */
2217 ++ if (snapshot_in.snapshot_array_size < GMT_TOKEN_SIZE)
2218 ++ ret_data_len = sizeof(struct smb_snapshot_array);
2219 ++
2220 ++ /*
2221 ++ * We return struct SRV_SNAPSHOT_ARRAY, followed by
2222 ++ * the snapshot array (of 50 byte GMT tokens) each
2223 ++ * representing an available previous version of the data
2224 ++ */
2225 ++ if (ret_data_len > (snapshot_in.snapshot_array_size +
2226 ++ sizeof(struct smb_snapshot_array)))
2227 ++ ret_data_len = snapshot_in.snapshot_array_size +
2228 ++ sizeof(struct smb_snapshot_array);
2229 +
2230 + if (copy_to_user(ioc_buf, retbuf, ret_data_len))
2231 + rc = -EFAULT;
2232 +diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
2233 +index 248c43b63f13..a225a21d04ad 100644
2234 +--- a/fs/ext4/namei.c
2235 ++++ b/fs/ext4/namei.c
2236 +@@ -1415,6 +1415,7 @@ static struct buffer_head * ext4_find_entry (struct inode *dir,
2237 + goto cleanup_and_exit;
2238 + dxtrace(printk(KERN_DEBUG "ext4_find_entry: dx failed, "
2239 + "falling back\n"));
2240 ++ ret = NULL;
2241 + }
2242 + nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb);
2243 + if (!nblocks) {
2244 +diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
2245 +index 5dc655e410b4..54942d60e72a 100644
2246 +--- a/fs/ext4/sysfs.c
2247 ++++ b/fs/ext4/sysfs.c
2248 +@@ -277,8 +277,12 @@ static ssize_t ext4_attr_show(struct kobject *kobj,
2249 + case attr_pointer_ui:
2250 + if (!ptr)
2251 + return 0;
2252 +- return snprintf(buf, PAGE_SIZE, "%u\n",
2253 +- *((unsigned int *) ptr));
2254 ++ if (a->attr_ptr == ptr_ext4_super_block_offset)
2255 ++ return snprintf(buf, PAGE_SIZE, "%u\n",
2256 ++ le32_to_cpup(ptr));
2257 ++ else
2258 ++ return snprintf(buf, PAGE_SIZE, "%u\n",
2259 ++ *((unsigned int *) ptr));
2260 + case attr_pointer_atomic:
2261 + if (!ptr)
2262 + return 0;
2263 +@@ -311,7 +315,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
2264 + ret = kstrtoul(skip_spaces(buf), 0, &t);
2265 + if (ret)
2266 + return ret;
2267 +- *((unsigned int *) ptr) = t;
2268 ++ if (a->attr_ptr == ptr_ext4_super_block_offset)
2269 ++ *((__le32 *) ptr) = cpu_to_le32(t);
2270 ++ else
2271 ++ *((unsigned int *) ptr) = t;
2272 + return len;
2273 + case attr_inode_readahead:
2274 + return inode_readahead_blks_store(a, sbi, buf, len);
2275 +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
2276 +index 3fadfabcac39..fdcbe0f2814f 100644
2277 +--- a/fs/ext4/xattr.c
2278 ++++ b/fs/ext4/xattr.c
2279 +@@ -184,6 +184,8 @@ ext4_xattr_check_names(struct ext4_xattr_entry *entry, void *end,
2280 + struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e);
2281 + if ((void *)next >= end)
2282 + return -EFSCORRUPTED;
2283 ++ if (strnlen(e->e_name, e->e_name_len) != e->e_name_len)
2284 ++ return -EFSCORRUPTED;
2285 + e = next;
2286 + }
2287 +
2288 +diff --git a/fs/fscache/operation.c b/fs/fscache/operation.c
2289 +index de67745e1cd7..77946d6f617d 100644
2290 +--- a/fs/fscache/operation.c
2291 ++++ b/fs/fscache/operation.c
2292 +@@ -66,7 +66,8 @@ void fscache_enqueue_operation(struct fscache_operation *op)
2293 + ASSERT(op->processor != NULL);
2294 + ASSERT(fscache_object_is_available(op->object));
2295 + ASSERTCMP(atomic_read(&op->usage), >, 0);
2296 +- ASSERTCMP(op->state, ==, FSCACHE_OP_ST_IN_PROGRESS);
2297 ++ ASSERTIFCMP(op->state != FSCACHE_OP_ST_IN_PROGRESS,
2298 ++ op->state, ==, FSCACHE_OP_ST_CANCELLED);
2299 +
2300 + fscache_stat(&fscache_n_op_enqueue);
2301 + switch (op->flags & FSCACHE_OP_TYPE) {
2302 +@@ -481,7 +482,8 @@ void fscache_put_operation(struct fscache_operation *op)
2303 + struct fscache_cache *cache;
2304 +
2305 + _enter("{OBJ%x OP%x,%d}",
2306 +- op->object->debug_id, op->debug_id, atomic_read(&op->usage));
2307 ++ op->object ? op->object->debug_id : 0,
2308 ++ op->debug_id, atomic_read(&op->usage));
2309 +
2310 + ASSERTCMP(atomic_read(&op->usage), >, 0);
2311 +
2312 +diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
2313 +index f11792672977..c94bab6103f5 100644
2314 +--- a/fs/fuse/dev.c
2315 ++++ b/fs/fuse/dev.c
2316 +@@ -130,6 +130,16 @@ static bool fuse_block_alloc(struct fuse_conn *fc, bool for_background)
2317 + return !fc->initialized || (for_background && fc->blocked);
2318 + }
2319 +
2320 ++static void fuse_drop_waiting(struct fuse_conn *fc)
2321 ++{
2322 ++ if (fc->connected) {
2323 ++ atomic_dec(&fc->num_waiting);
2324 ++ } else if (atomic_dec_and_test(&fc->num_waiting)) {
2325 ++ /* wake up aborters */
2326 ++ wake_up_all(&fc->blocked_waitq);
2327 ++ }
2328 ++}
2329 ++
2330 + static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages,
2331 + bool for_background)
2332 + {
2333 +@@ -170,7 +180,7 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages,
2334 + return req;
2335 +
2336 + out:
2337 +- atomic_dec(&fc->num_waiting);
2338 ++ fuse_drop_waiting(fc);
2339 + return ERR_PTR(err);
2340 + }
2341 +
2342 +@@ -277,7 +287,7 @@ void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
2343 +
2344 + if (test_bit(FR_WAITING, &req->flags)) {
2345 + __clear_bit(FR_WAITING, &req->flags);
2346 +- atomic_dec(&fc->num_waiting);
2347 ++ fuse_drop_waiting(fc);
2348 + }
2349 +
2350 + if (req->stolen_file)
2351 +@@ -363,7 +373,7 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req)
2352 + struct fuse_iqueue *fiq = &fc->iq;
2353 +
2354 + if (test_and_set_bit(FR_FINISHED, &req->flags))
2355 +- return;
2356 ++ goto put_request;
2357 +
2358 + spin_lock(&fiq->waitq.lock);
2359 + list_del_init(&req->intr_entry);
2360 +@@ -393,6 +403,7 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req)
2361 + wake_up(&req->waitq);
2362 + if (req->end)
2363 + req->end(fc, req);
2364 ++put_request:
2365 + fuse_put_request(fc, req);
2366 + }
2367 +
2368 +@@ -1935,11 +1946,14 @@ static ssize_t fuse_dev_splice_write(struct pipe_inode_info *pipe,
2369 + if (!fud)
2370 + return -EPERM;
2371 +
2372 ++ pipe_lock(pipe);
2373 ++
2374 + bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
2375 +- if (!bufs)
2376 ++ if (!bufs) {
2377 ++ pipe_unlock(pipe);
2378 + return -ENOMEM;
2379 ++ }
2380 +
2381 +- pipe_lock(pipe);
2382 + nbuf = 0;
2383 + rem = 0;
2384 + for (idx = 0; idx < pipe->nrbufs && rem < len; idx++)
2385 +@@ -2094,6 +2108,7 @@ void fuse_abort_conn(struct fuse_conn *fc)
2386 + set_bit(FR_ABORTED, &req->flags);
2387 + if (!test_bit(FR_LOCKED, &req->flags)) {
2388 + set_bit(FR_PRIVATE, &req->flags);
2389 ++ __fuse_get_request(req);
2390 + list_move(&req->list, &to_end1);
2391 + }
2392 + spin_unlock(&req->waitq.lock);
2393 +@@ -2120,7 +2135,6 @@ void fuse_abort_conn(struct fuse_conn *fc)
2394 +
2395 + while (!list_empty(&to_end1)) {
2396 + req = list_first_entry(&to_end1, struct fuse_req, list);
2397 +- __fuse_get_request(req);
2398 + list_del_init(&req->list);
2399 + request_end(fc, req);
2400 + }
2401 +@@ -2131,6 +2145,11 @@ void fuse_abort_conn(struct fuse_conn *fc)
2402 + }
2403 + EXPORT_SYMBOL_GPL(fuse_abort_conn);
2404 +
2405 ++void fuse_wait_aborted(struct fuse_conn *fc)
2406 ++{
2407 ++ wait_event(fc->blocked_waitq, atomic_read(&fc->num_waiting) == 0);
2408 ++}
2409 ++
2410 + int fuse_dev_release(struct inode *inode, struct file *file)
2411 + {
2412 + struct fuse_dev *fud = fuse_get_dev(file);
2413 +@@ -2138,9 +2157,15 @@ int fuse_dev_release(struct inode *inode, struct file *file)
2414 + if (fud) {
2415 + struct fuse_conn *fc = fud->fc;
2416 + struct fuse_pqueue *fpq = &fud->pq;
2417 ++ LIST_HEAD(to_end);
2418 +
2419 ++ spin_lock(&fpq->lock);
2420 + WARN_ON(!list_empty(&fpq->io));
2421 +- end_requests(fc, &fpq->processing);
2422 ++ list_splice_init(&fpq->processing, &to_end);
2423 ++ spin_unlock(&fpq->lock);
2424 ++
2425 ++ end_requests(fc, &to_end);
2426 ++
2427 + /* Are we the last open device? */
2428 + if (atomic_dec_and_test(&fc->dev_count)) {
2429 + WARN_ON(fc->iq.fasync != NULL);
2430 +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
2431 +index cca8dd3bda09..60dd2bc10776 100644
2432 +--- a/fs/fuse/dir.c
2433 ++++ b/fs/fuse/dir.c
2434 +@@ -355,11 +355,12 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
2435 + struct inode *inode;
2436 + struct dentry *newent;
2437 + bool outarg_valid = true;
2438 ++ bool locked;
2439 +
2440 +- fuse_lock_inode(dir);
2441 ++ locked = fuse_lock_inode(dir);
2442 + err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
2443 + &outarg, &inode);
2444 +- fuse_unlock_inode(dir);
2445 ++ fuse_unlock_inode(dir, locked);
2446 + if (err == -ENOENT) {
2447 + outarg_valid = false;
2448 + err = 0;
2449 +@@ -1336,6 +1337,7 @@ static int fuse_readdir(struct file *file, struct dir_context *ctx)
2450 + struct fuse_conn *fc = get_fuse_conn(inode);
2451 + struct fuse_req *req;
2452 + u64 attr_version = 0;
2453 ++ bool locked;
2454 +
2455 + if (is_bad_inode(inode))
2456 + return -EIO;
2457 +@@ -1363,9 +1365,9 @@ static int fuse_readdir(struct file *file, struct dir_context *ctx)
2458 + fuse_read_fill(req, file, ctx->pos, PAGE_SIZE,
2459 + FUSE_READDIR);
2460 + }
2461 +- fuse_lock_inode(inode);
2462 ++ locked = fuse_lock_inode(inode);
2463 + fuse_request_send(fc, req);
2464 +- fuse_unlock_inode(inode);
2465 ++ fuse_unlock_inode(inode, locked);
2466 + nbytes = req->out.args[0].size;
2467 + err = req->out.h.error;
2468 + fuse_put_request(fc, req);
2469 +diff --git a/fs/fuse/file.c b/fs/fuse/file.c
2470 +index 996aa23c409e..4408abf6675b 100644
2471 +--- a/fs/fuse/file.c
2472 ++++ b/fs/fuse/file.c
2473 +@@ -868,6 +868,7 @@ static int fuse_readpages_fill(void *_data, struct page *page)
2474 + }
2475 +
2476 + if (WARN_ON(req->num_pages >= req->max_pages)) {
2477 ++ unlock_page(page);
2478 + fuse_put_request(fc, req);
2479 + return -EIO;
2480 + }
2481 +diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
2482 +index 91307940c8ac..1c905c7666de 100644
2483 +--- a/fs/fuse/fuse_i.h
2484 ++++ b/fs/fuse/fuse_i.h
2485 +@@ -854,6 +854,7 @@ void fuse_request_send_background_locked(struct fuse_conn *fc,
2486 +
2487 + /* Abort all requests */
2488 + void fuse_abort_conn(struct fuse_conn *fc);
2489 ++void fuse_wait_aborted(struct fuse_conn *fc);
2490 +
2491 + /**
2492 + * Invalidate inode attributes
2493 +@@ -967,8 +968,8 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
2494 +
2495 + void fuse_set_initialized(struct fuse_conn *fc);
2496 +
2497 +-void fuse_unlock_inode(struct inode *inode);
2498 +-void fuse_lock_inode(struct inode *inode);
2499 ++void fuse_unlock_inode(struct inode *inode, bool locked);
2500 ++bool fuse_lock_inode(struct inode *inode);
2501 +
2502 + int fuse_setxattr(struct inode *inode, const char *name, const void *value,
2503 + size_t size, int flags);
2504 +diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
2505 +index f95e1d49b048..7a9b1069d267 100644
2506 +--- a/fs/fuse/inode.c
2507 ++++ b/fs/fuse/inode.c
2508 +@@ -356,15 +356,21 @@ int fuse_reverse_inval_inode(struct super_block *sb, u64 nodeid,
2509 + return 0;
2510 + }
2511 +
2512 +-void fuse_lock_inode(struct inode *inode)
2513 ++bool fuse_lock_inode(struct inode *inode)
2514 + {
2515 +- if (!get_fuse_conn(inode)->parallel_dirops)
2516 ++ bool locked = false;
2517 ++
2518 ++ if (!get_fuse_conn(inode)->parallel_dirops) {
2519 + mutex_lock(&get_fuse_inode(inode)->mutex);
2520 ++ locked = true;
2521 ++ }
2522 ++
2523 ++ return locked;
2524 + }
2525 +
2526 +-void fuse_unlock_inode(struct inode *inode)
2527 ++void fuse_unlock_inode(struct inode *inode, bool locked)
2528 + {
2529 +- if (!get_fuse_conn(inode)->parallel_dirops)
2530 ++ if (locked)
2531 + mutex_unlock(&get_fuse_inode(inode)->mutex);
2532 + }
2533 +
2534 +@@ -396,9 +402,6 @@ static void fuse_put_super(struct super_block *sb)
2535 + {
2536 + struct fuse_conn *fc = get_fuse_conn_super(sb);
2537 +
2538 +- fuse_send_destroy(fc);
2539 +-
2540 +- fuse_abort_conn(fc);
2541 + mutex_lock(&fuse_mutex);
2542 + list_del(&fc->entry);
2543 + fuse_ctl_remove_conn(fc);
2544 +@@ -1198,16 +1201,25 @@ static struct dentry *fuse_mount(struct file_system_type *fs_type,
2545 + return mount_nodev(fs_type, flags, raw_data, fuse_fill_super);
2546 + }
2547 +
2548 +-static void fuse_kill_sb_anon(struct super_block *sb)
2549 ++static void fuse_sb_destroy(struct super_block *sb)
2550 + {
2551 + struct fuse_conn *fc = get_fuse_conn_super(sb);
2552 +
2553 + if (fc) {
2554 ++ fuse_send_destroy(fc);
2555 ++
2556 ++ fuse_abort_conn(fc);
2557 ++ fuse_wait_aborted(fc);
2558 ++
2559 + down_write(&fc->killsb);
2560 + fc->sb = NULL;
2561 + up_write(&fc->killsb);
2562 + }
2563 ++}
2564 +
2565 ++static void fuse_kill_sb_anon(struct super_block *sb)
2566 ++{
2567 ++ fuse_sb_destroy(sb);
2568 + kill_anon_super(sb);
2569 + }
2570 +
2571 +@@ -1230,14 +1242,7 @@ static struct dentry *fuse_mount_blk(struct file_system_type *fs_type,
2572 +
2573 + static void fuse_kill_sb_blk(struct super_block *sb)
2574 + {
2575 +- struct fuse_conn *fc = get_fuse_conn_super(sb);
2576 +-
2577 +- if (fc) {
2578 +- down_write(&fc->killsb);
2579 +- fc->sb = NULL;
2580 +- up_write(&fc->killsb);
2581 +- }
2582 +-
2583 ++ fuse_sb_destroy(sb);
2584 + kill_block_super(sb);
2585 + }
2586 +
2587 +diff --git a/fs/squashfs/file.c b/fs/squashfs/file.c
2588 +index fcff2e0487fe..f1c1430ae721 100644
2589 +--- a/fs/squashfs/file.c
2590 ++++ b/fs/squashfs/file.c
2591 +@@ -374,13 +374,29 @@ static int read_blocklist(struct inode *inode, int index, u64 *block)
2592 + return squashfs_block_size(size);
2593 + }
2594 +
2595 ++void squashfs_fill_page(struct page *page, struct squashfs_cache_entry *buffer, int offset, int avail)
2596 ++{
2597 ++ int copied;
2598 ++ void *pageaddr;
2599 ++
2600 ++ pageaddr = kmap_atomic(page);
2601 ++ copied = squashfs_copy_data(pageaddr, buffer, offset, avail);
2602 ++ memset(pageaddr + copied, 0, PAGE_SIZE - copied);
2603 ++ kunmap_atomic(pageaddr);
2604 ++
2605 ++ flush_dcache_page(page);
2606 ++ if (copied == avail)
2607 ++ SetPageUptodate(page);
2608 ++ else
2609 ++ SetPageError(page);
2610 ++}
2611 ++
2612 + /* Copy data into page cache */
2613 + void squashfs_copy_cache(struct page *page, struct squashfs_cache_entry *buffer,
2614 + int bytes, int offset)
2615 + {
2616 + struct inode *inode = page->mapping->host;
2617 + struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
2618 +- void *pageaddr;
2619 + int i, mask = (1 << (msblk->block_log - PAGE_SHIFT)) - 1;
2620 + int start_index = page->index & ~mask, end_index = start_index | mask;
2621 +
2622 +@@ -406,12 +422,7 @@ void squashfs_copy_cache(struct page *page, struct squashfs_cache_entry *buffer,
2623 + if (PageUptodate(push_page))
2624 + goto skip_page;
2625 +
2626 +- pageaddr = kmap_atomic(push_page);
2627 +- squashfs_copy_data(pageaddr, buffer, offset, avail);
2628 +- memset(pageaddr + avail, 0, PAGE_SIZE - avail);
2629 +- kunmap_atomic(pageaddr);
2630 +- flush_dcache_page(push_page);
2631 +- SetPageUptodate(push_page);
2632 ++ squashfs_fill_page(push_page, buffer, offset, avail);
2633 + skip_page:
2634 + unlock_page(push_page);
2635 + if (i != page->index)
2636 +@@ -420,10 +431,9 @@ skip_page:
2637 + }
2638 +
2639 + /* Read datablock stored packed inside a fragment (tail-end packed block) */
2640 +-static int squashfs_readpage_fragment(struct page *page)
2641 ++static int squashfs_readpage_fragment(struct page *page, int expected)
2642 + {
2643 + struct inode *inode = page->mapping->host;
2644 +- struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
2645 + struct squashfs_cache_entry *buffer = squashfs_get_fragment(inode->i_sb,
2646 + squashfs_i(inode)->fragment_block,
2647 + squashfs_i(inode)->fragment_size);
2648 +@@ -434,23 +444,16 @@ static int squashfs_readpage_fragment(struct page *page)
2649 + squashfs_i(inode)->fragment_block,
2650 + squashfs_i(inode)->fragment_size);
2651 + else
2652 +- squashfs_copy_cache(page, buffer, i_size_read(inode) &
2653 +- (msblk->block_size - 1),
2654 ++ squashfs_copy_cache(page, buffer, expected,
2655 + squashfs_i(inode)->fragment_offset);
2656 +
2657 + squashfs_cache_put(buffer);
2658 + return res;
2659 + }
2660 +
2661 +-static int squashfs_readpage_sparse(struct page *page, int index, int file_end)
2662 ++static int squashfs_readpage_sparse(struct page *page, int expected)
2663 + {
2664 +- struct inode *inode = page->mapping->host;
2665 +- struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
2666 +- int bytes = index == file_end ?
2667 +- (i_size_read(inode) & (msblk->block_size - 1)) :
2668 +- msblk->block_size;
2669 +-
2670 +- squashfs_copy_cache(page, NULL, bytes, 0);
2671 ++ squashfs_copy_cache(page, NULL, expected, 0);
2672 + return 0;
2673 + }
2674 +
2675 +@@ -460,6 +463,9 @@ static int squashfs_readpage(struct file *file, struct page *page)
2676 + struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
2677 + int index = page->index >> (msblk->block_log - PAGE_SHIFT);
2678 + int file_end = i_size_read(inode) >> msblk->block_log;
2679 ++ int expected = index == file_end ?
2680 ++ (i_size_read(inode) & (msblk->block_size - 1)) :
2681 ++ msblk->block_size;
2682 + int res;
2683 + void *pageaddr;
2684 +
2685 +@@ -478,11 +484,11 @@ static int squashfs_readpage(struct file *file, struct page *page)
2686 + goto error_out;
2687 +
2688 + if (bsize == 0)
2689 +- res = squashfs_readpage_sparse(page, index, file_end);
2690 ++ res = squashfs_readpage_sparse(page, expected);
2691 + else
2692 +- res = squashfs_readpage_block(page, block, bsize);
2693 ++ res = squashfs_readpage_block(page, block, bsize, expected);
2694 + } else
2695 +- res = squashfs_readpage_fragment(page);
2696 ++ res = squashfs_readpage_fragment(page, expected);
2697 +
2698 + if (!res)
2699 + return 0;
2700 +diff --git a/fs/squashfs/file_cache.c b/fs/squashfs/file_cache.c
2701 +index f2310d2a2019..a9ba8d96776a 100644
2702 +--- a/fs/squashfs/file_cache.c
2703 ++++ b/fs/squashfs/file_cache.c
2704 +@@ -20,7 +20,7 @@
2705 + #include "squashfs.h"
2706 +
2707 + /* Read separately compressed datablock and memcopy into page cache */
2708 +-int squashfs_readpage_block(struct page *page, u64 block, int bsize)
2709 ++int squashfs_readpage_block(struct page *page, u64 block, int bsize, int expected)
2710 + {
2711 + struct inode *i = page->mapping->host;
2712 + struct squashfs_cache_entry *buffer = squashfs_get_datablock(i->i_sb,
2713 +@@ -31,7 +31,7 @@ int squashfs_readpage_block(struct page *page, u64 block, int bsize)
2714 + ERROR("Unable to read page, block %llx, size %x\n", block,
2715 + bsize);
2716 + else
2717 +- squashfs_copy_cache(page, buffer, buffer->length, 0);
2718 ++ squashfs_copy_cache(page, buffer, expected, 0);
2719 +
2720 + squashfs_cache_put(buffer);
2721 + return res;
2722 +diff --git a/fs/squashfs/file_direct.c b/fs/squashfs/file_direct.c
2723 +index cb485d8e0e91..80db1b86a27c 100644
2724 +--- a/fs/squashfs/file_direct.c
2725 ++++ b/fs/squashfs/file_direct.c
2726 +@@ -21,10 +21,11 @@
2727 + #include "page_actor.h"
2728 +
2729 + static int squashfs_read_cache(struct page *target_page, u64 block, int bsize,
2730 +- int pages, struct page **page);
2731 ++ int pages, struct page **page, int bytes);
2732 +
2733 + /* Read separately compressed datablock directly into page cache */
2734 +-int squashfs_readpage_block(struct page *target_page, u64 block, int bsize)
2735 ++int squashfs_readpage_block(struct page *target_page, u64 block, int bsize,
2736 ++ int expected)
2737 +
2738 + {
2739 + struct inode *inode = target_page->mapping->host;
2740 +@@ -83,7 +84,7 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize)
2741 + * using an intermediate buffer.
2742 + */
2743 + res = squashfs_read_cache(target_page, block, bsize, pages,
2744 +- page);
2745 ++ page, expected);
2746 + if (res < 0)
2747 + goto mark_errored;
2748 +
2749 +@@ -95,6 +96,11 @@ int squashfs_readpage_block(struct page *target_page, u64 block, int bsize)
2750 + if (res < 0)
2751 + goto mark_errored;
2752 +
2753 ++ if (res != expected) {
2754 ++ res = -EIO;
2755 ++ goto mark_errored;
2756 ++ }
2757 ++
2758 + /* Last page may have trailing bytes not filled */
2759 + bytes = res % PAGE_SIZE;
2760 + if (bytes) {
2761 +@@ -138,13 +144,12 @@ out:
2762 +
2763 +
2764 + static int squashfs_read_cache(struct page *target_page, u64 block, int bsize,
2765 +- int pages, struct page **page)
2766 ++ int pages, struct page **page, int bytes)
2767 + {
2768 + struct inode *i = target_page->mapping->host;
2769 + struct squashfs_cache_entry *buffer = squashfs_get_datablock(i->i_sb,
2770 + block, bsize);
2771 +- int bytes = buffer->length, res = buffer->error, n, offset = 0;
2772 +- void *pageaddr;
2773 ++ int res = buffer->error, n, offset = 0;
2774 +
2775 + if (res) {
2776 + ERROR("Unable to read page, block %llx, size %x\n", block,
2777 +@@ -159,12 +164,7 @@ static int squashfs_read_cache(struct page *target_page, u64 block, int bsize,
2778 + if (page[n] == NULL)
2779 + continue;
2780 +
2781 +- pageaddr = kmap_atomic(page[n]);
2782 +- squashfs_copy_data(pageaddr, buffer, offset, avail);
2783 +- memset(pageaddr + avail, 0, PAGE_SIZE - avail);
2784 +- kunmap_atomic(pageaddr);
2785 +- flush_dcache_page(page[n]);
2786 +- SetPageUptodate(page[n]);
2787 ++ squashfs_fill_page(page[n], buffer, offset, avail);
2788 + unlock_page(page[n]);
2789 + if (page[n] != target_page)
2790 + put_page(page[n]);
2791 +diff --git a/fs/squashfs/squashfs.h b/fs/squashfs/squashfs.h
2792 +index 887d6d270080..f89f8a74c6ce 100644
2793 +--- a/fs/squashfs/squashfs.h
2794 ++++ b/fs/squashfs/squashfs.h
2795 +@@ -67,11 +67,12 @@ extern __le64 *squashfs_read_fragment_index_table(struct super_block *,
2796 + u64, u64, unsigned int);
2797 +
2798 + /* file.c */
2799 ++void squashfs_fill_page(struct page *, struct squashfs_cache_entry *, int, int);
2800 + void squashfs_copy_cache(struct page *, struct squashfs_cache_entry *, int,
2801 + int);
2802 +
2803 + /* file_xxx.c */
2804 +-extern int squashfs_readpage_block(struct page *, u64, int);
2805 ++extern int squashfs_readpage_block(struct page *, u64, int, int);
2806 +
2807 + /* id.c */
2808 + extern int squashfs_get_id(struct super_block *, unsigned int, unsigned int *);
2809 +diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
2810 +index 39c75a86c67f..666986b95c5d 100644
2811 +--- a/fs/sysfs/file.c
2812 ++++ b/fs/sysfs/file.c
2813 +@@ -407,6 +407,50 @@ int sysfs_chmod_file(struct kobject *kobj, const struct attribute *attr,
2814 + }
2815 + EXPORT_SYMBOL_GPL(sysfs_chmod_file);
2816 +
2817 ++/**
2818 ++ * sysfs_break_active_protection - break "active" protection
2819 ++ * @kobj: The kernel object @attr is associated with.
2820 ++ * @attr: The attribute to break the "active" protection for.
2821 ++ *
2822 ++ * With sysfs, just like kernfs, deletion of an attribute is postponed until
2823 ++ * all active .show() and .store() callbacks have finished unless this function
2824 ++ * is called. Hence this function is useful in methods that implement self
2825 ++ * deletion.
2826 ++ */
2827 ++struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj,
2828 ++ const struct attribute *attr)
2829 ++{
2830 ++ struct kernfs_node *kn;
2831 ++
2832 ++ kobject_get(kobj);
2833 ++ kn = kernfs_find_and_get(kobj->sd, attr->name);
2834 ++ if (kn)
2835 ++ kernfs_break_active_protection(kn);
2836 ++ return kn;
2837 ++}
2838 ++EXPORT_SYMBOL_GPL(sysfs_break_active_protection);
2839 ++
2840 ++/**
2841 ++ * sysfs_unbreak_active_protection - restore "active" protection
2842 ++ * @kn: Pointer returned by sysfs_break_active_protection().
2843 ++ *
2844 ++ * Undo the effects of sysfs_break_active_protection(). Since this function
2845 ++ * calls kernfs_put() on the kernfs node that corresponds to the 'attr'
2846 ++ * argument passed to sysfs_break_active_protection() that attribute may have
2847 ++ * been removed between the sysfs_break_active_protection() and
2848 ++ * sysfs_unbreak_active_protection() calls, it is not safe to access @kn after
2849 ++ * this function has returned.
2850 ++ */
2851 ++void sysfs_unbreak_active_protection(struct kernfs_node *kn)
2852 ++{
2853 ++ struct kobject *kobj = kn->parent->priv;
2854 ++
2855 ++ kernfs_unbreak_active_protection(kn);
2856 ++ kernfs_put(kn);
2857 ++ kobject_put(kobj);
2858 ++}
2859 ++EXPORT_SYMBOL_GPL(sysfs_unbreak_active_protection);
2860 ++
2861 + /**
2862 + * sysfs_remove_file_ns - remove an object attribute with a custom ns tag
2863 + * @kobj: object we're acting for
2864 +diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
2865 +index 00a1f330f93a..d3c19f8c4564 100644
2866 +--- a/include/linux/sysfs.h
2867 ++++ b/include/linux/sysfs.h
2868 +@@ -238,6 +238,9 @@ int __must_check sysfs_create_files(struct kobject *kobj,
2869 + const struct attribute **attr);
2870 + int __must_check sysfs_chmod_file(struct kobject *kobj,
2871 + const struct attribute *attr, umode_t mode);
2872 ++struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj,
2873 ++ const struct attribute *attr);
2874 ++void sysfs_unbreak_active_protection(struct kernfs_node *kn);
2875 + void sysfs_remove_file_ns(struct kobject *kobj, const struct attribute *attr,
2876 + const void *ns);
2877 + bool sysfs_remove_file_self(struct kobject *kobj, const struct attribute *attr);
2878 +@@ -351,6 +354,17 @@ static inline int sysfs_chmod_file(struct kobject *kobj,
2879 + return 0;
2880 + }
2881 +
2882 ++static inline struct kernfs_node *
2883 ++sysfs_break_active_protection(struct kobject *kobj,
2884 ++ const struct attribute *attr)
2885 ++{
2886 ++ return NULL;
2887 ++}
2888 ++
2889 ++static inline void sysfs_unbreak_active_protection(struct kernfs_node *kn)
2890 ++{
2891 ++}
2892 ++
2893 + static inline void sysfs_remove_file_ns(struct kobject *kobj,
2894 + const struct attribute *attr,
2895 + const void *ns)
2896 +diff --git a/kernel/kprobes.c b/kernel/kprobes.c
2897 +index 69485183af79..b9e966bcdd20 100644
2898 +--- a/kernel/kprobes.c
2899 ++++ b/kernel/kprobes.c
2900 +@@ -2441,7 +2441,7 @@ static int __init debugfs_kprobe_init(void)
2901 + if (!dir)
2902 + return -ENOMEM;
2903 +
2904 +- file = debugfs_create_file("list", 0444, dir, NULL,
2905 ++ file = debugfs_create_file("list", 0400, dir, NULL,
2906 + &debugfs_kprobes_operations);
2907 + if (!file)
2908 + goto error;
2909 +@@ -2451,7 +2451,7 @@ static int __init debugfs_kprobe_init(void)
2910 + if (!file)
2911 + goto error;
2912 +
2913 +- file = debugfs_create_file("blacklist", 0444, dir, NULL,
2914 ++ file = debugfs_create_file("blacklist", 0400, dir, NULL,
2915 + &debugfs_kprobe_blacklist_ops);
2916 + if (!file)
2917 + goto error;
2918 +diff --git a/kernel/sysctl.c b/kernel/sysctl.c
2919 +index 24d603d29512..7df6be31be36 100644
2920 +--- a/kernel/sysctl.c
2921 ++++ b/kernel/sysctl.c
2922 +@@ -345,7 +345,8 @@ static struct ctl_table kern_table[] = {
2923 + .data = &sysctl_sched_time_avg,
2924 + .maxlen = sizeof(unsigned int),
2925 + .mode = 0644,
2926 +- .proc_handler = proc_dointvec,
2927 ++ .proc_handler = proc_dointvec_minmax,
2928 ++ .extra1 = &one,
2929 + },
2930 + {
2931 + .procname = "sched_shares_window_ns",
2932 +diff --git a/mm/memcontrol.c b/mm/memcontrol.c
2933 +index 349f4a8e3c4f..86a6b331b964 100644
2934 +--- a/mm/memcontrol.c
2935 ++++ b/mm/memcontrol.c
2936 +@@ -4072,6 +4072,14 @@ static struct cftype mem_cgroup_legacy_files[] = {
2937 +
2938 + static DEFINE_IDR(mem_cgroup_idr);
2939 +
2940 ++static void mem_cgroup_id_remove(struct mem_cgroup *memcg)
2941 ++{
2942 ++ if (memcg->id.id > 0) {
2943 ++ idr_remove(&mem_cgroup_idr, memcg->id.id);
2944 ++ memcg->id.id = 0;
2945 ++ }
2946 ++}
2947 ++
2948 + static void mem_cgroup_id_get_many(struct mem_cgroup *memcg, unsigned int n)
2949 + {
2950 + VM_BUG_ON(atomic_read(&memcg->id.ref) <= 0);
2951 +@@ -4082,8 +4090,7 @@ static void mem_cgroup_id_put_many(struct mem_cgroup *memcg, unsigned int n)
2952 + {
2953 + VM_BUG_ON(atomic_read(&memcg->id.ref) < n);
2954 + if (atomic_sub_and_test(n, &memcg->id.ref)) {
2955 +- idr_remove(&mem_cgroup_idr, memcg->id.id);
2956 +- memcg->id.id = 0;
2957 ++ mem_cgroup_id_remove(memcg);
2958 +
2959 + /* Memcg ID pins CSS */
2960 + css_put(&memcg->css);
2961 +@@ -4208,8 +4215,7 @@ static struct mem_cgroup *mem_cgroup_alloc(void)
2962 + idr_replace(&mem_cgroup_idr, memcg, memcg->id.id);
2963 + return memcg;
2964 + fail:
2965 +- if (memcg->id.id > 0)
2966 +- idr_remove(&mem_cgroup_idr, memcg->id.id);
2967 ++ mem_cgroup_id_remove(memcg);
2968 + __mem_cgroup_free(memcg);
2969 + return NULL;
2970 + }
2971 +@@ -4268,6 +4274,7 @@ mem_cgroup_css_alloc(struct cgroup_subsys_state *parent_css)
2972 +
2973 + return &memcg->css;
2974 + fail:
2975 ++ mem_cgroup_id_remove(memcg);
2976 + mem_cgroup_free(memcg);
2977 + return ERR_PTR(-ENOMEM);
2978 + }
2979 +diff --git a/mm/memory.c b/mm/memory.c
2980 +index 88f8d6a2af05..0ff735601654 100644
2981 +--- a/mm/memory.c
2982 ++++ b/mm/memory.c
2983 +@@ -3861,6 +3861,9 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
2984 + return -EINVAL;
2985 +
2986 + maddr = ioremap_prot(phys_addr, PAGE_ALIGN(len + offset), prot);
2987 ++ if (!maddr)
2988 ++ return -ENOMEM;
2989 ++
2990 + if (write)
2991 + memcpy_toio(maddr + offset, buf, len);
2992 + else
2993 +diff --git a/mm/zswap.c b/mm/zswap.c
2994 +index ded051e3433d..c2b5435fe617 100644
2995 +--- a/mm/zswap.c
2996 ++++ b/mm/zswap.c
2997 +@@ -1018,6 +1018,15 @@ static int zswap_frontswap_store(unsigned type, pgoff_t offset,
2998 + ret = -ENOMEM;
2999 + goto reject;
3000 + }
3001 ++
3002 ++ /* A second zswap_is_full() check after
3003 ++ * zswap_shrink() to make sure it's now
3004 ++ * under the max_pool_percent
3005 ++ */
3006 ++ if (zswap_is_full()) {
3007 ++ ret = -ENOMEM;
3008 ++ goto reject;
3009 ++ }
3010 + }
3011 +
3012 + /* allocate entry */
3013 +diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c
3014 +index d730a0f68f46..a0443d40d677 100644
3015 +--- a/net/caif/caif_dev.c
3016 ++++ b/net/caif/caif_dev.c
3017 +@@ -131,8 +131,10 @@ static void caif_flow_cb(struct sk_buff *skb)
3018 + caifd = caif_get(skb->dev);
3019 +
3020 + WARN_ON(caifd == NULL);
3021 +- if (caifd == NULL)
3022 ++ if (!caifd) {
3023 ++ rcu_read_unlock();
3024 + return;
3025 ++ }
3026 +
3027 + caifd_hold(caifd);
3028 + rcu_read_unlock();
3029 +diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
3030 +index 972353cd1778..65a15889d432 100644
3031 +--- a/net/ipv4/cipso_ipv4.c
3032 ++++ b/net/ipv4/cipso_ipv4.c
3033 +@@ -1523,9 +1523,17 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
3034 + int taglen;
3035 +
3036 + for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) {
3037 +- if (optptr[0] == IPOPT_CIPSO)
3038 ++ switch (optptr[0]) {
3039 ++ case IPOPT_CIPSO:
3040 + return optptr;
3041 +- taglen = optptr[1];
3042 ++ case IPOPT_END:
3043 ++ return NULL;
3044 ++ case IPOPT_NOOP:
3045 ++ taglen = 1;
3046 ++ break;
3047 ++ default:
3048 ++ taglen = optptr[1];
3049 ++ }
3050 + optlen -= taglen;
3051 + optptr += taglen;
3052 + }
3053 +diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
3054 +index beae93fd66d5..a5aeeb613fac 100644
3055 +--- a/net/ipv6/ip6_vti.c
3056 ++++ b/net/ipv6/ip6_vti.c
3057 +@@ -480,10 +480,6 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
3058 + goto tx_err_dst_release;
3059 + }
3060 +
3061 +- skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
3062 +- skb_dst_set(skb, dst);
3063 +- skb->dev = skb_dst(skb)->dev;
3064 +-
3065 + mtu = dst_mtu(dst);
3066 + if (!skb->ignore_df && skb->len > mtu) {
3067 + skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu);
3068 +@@ -498,9 +494,14 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
3069 + htonl(mtu));
3070 + }
3071 +
3072 +- return -EMSGSIZE;
3073 ++ err = -EMSGSIZE;
3074 ++ goto tx_err_dst_release;
3075 + }
3076 +
3077 ++ skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
3078 ++ skb_dst_set(skb, dst);
3079 ++ skb->dev = skb_dst(skb)->dev;
3080 ++
3081 + err = dst_output(t->net, skb->sk, skb);
3082 + if (net_xmit_eval(err) == 0) {
3083 + struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
3084 +diff --git a/net/mac80211/util.c b/net/mac80211/util.c
3085 +index a2756096b94a..ca7de02e0a6e 100644
3086 +--- a/net/mac80211/util.c
3087 ++++ b/net/mac80211/util.c
3088 +@@ -2061,7 +2061,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
3089 + if (!sta->uploaded)
3090 + continue;
3091 +
3092 +- if (sta->sdata->vif.type != NL80211_IFTYPE_AP)
3093 ++ if (sta->sdata->vif.type != NL80211_IFTYPE_AP &&
3094 ++ sta->sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
3095 + continue;
3096 +
3097 + for (state = IEEE80211_STA_NOTEXIST;
3098 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
3099 +index 5b75468b5acd..146d83785b37 100644
3100 +--- a/net/wireless/nl80211.c
3101 ++++ b/net/wireless/nl80211.c
3102 +@@ -4058,6 +4058,7 @@ static int parse_station_flags(struct genl_info *info,
3103 + params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3104 + BIT(NL80211_STA_FLAG_MFP) |
3105 + BIT(NL80211_STA_FLAG_AUTHORIZED);
3106 ++ break;
3107 + default:
3108 + return -EINVAL;
3109 + }
3110 +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
3111 +index 5b8fa6832687..1f943d97dc29 100644
3112 +--- a/net/xfrm/xfrm_policy.c
3113 ++++ b/net/xfrm/xfrm_policy.c
3114 +@@ -2354,6 +2354,9 @@ struct dst_entry *xfrm_lookup_route(struct net *net, struct dst_entry *dst_orig,
3115 + if (IS_ERR(dst) && PTR_ERR(dst) == -EREMOTE)
3116 + return make_blackhole(net, dst_orig->ops->family, dst_orig);
3117 +
3118 ++ if (IS_ERR(dst))
3119 ++ dst_release(dst_orig);
3120 ++
3121 + return dst;
3122 + }
3123 + EXPORT_SYMBOL(xfrm_lookup_route);
3124 +diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
3125 +index bb61956c0f9c..6e768093d7c8 100644
3126 +--- a/net/xfrm/xfrm_user.c
3127 ++++ b/net/xfrm/xfrm_user.c
3128 +@@ -984,10 +984,12 @@ static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb,
3129 + {
3130 + struct sock *nlsk = rcu_dereference(net->xfrm.nlsk);
3131 +
3132 +- if (nlsk)
3133 +- return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC);
3134 +- else
3135 +- return -1;
3136 ++ if (!nlsk) {
3137 ++ kfree_skb(skb);
3138 ++ return -EPIPE;
3139 ++ }
3140 ++
3141 ++ return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC);
3142 + }
3143 +
3144 + static inline size_t xfrm_spdinfo_msgsize(void)
3145 +diff --git a/sound/soc/sirf/sirf-usp.c b/sound/soc/sirf/sirf-usp.c
3146 +index 45fc06c0e0e5..6b504f407079 100644
3147 +--- a/sound/soc/sirf/sirf-usp.c
3148 ++++ b/sound/soc/sirf/sirf-usp.c
3149 +@@ -367,10 +367,9 @@ static int sirf_usp_pcm_probe(struct platform_device *pdev)
3150 + platform_set_drvdata(pdev, usp);
3151 +
3152 + mem_res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
3153 +- base = devm_ioremap(&pdev->dev, mem_res->start,
3154 +- resource_size(mem_res));
3155 +- if (base == NULL)
3156 +- return -ENOMEM;
3157 ++ base = devm_ioremap_resource(&pdev->dev, mem_res);
3158 ++ if (IS_ERR(base))
3159 ++ return PTR_ERR(base);
3160 + usp->regmap = devm_regmap_init_mmio(&pdev->dev, base,
3161 + &sirf_usp_regmap_config);
3162 + if (IS_ERR(usp->regmap))
3163 +diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
3164 +index 20680a490897..b111ecda6439 100644
3165 +--- a/sound/soc/soc-pcm.c
3166 ++++ b/sound/soc/soc-pcm.c
3167 +@@ -1621,6 +1621,14 @@ static u64 dpcm_runtime_base_format(struct snd_pcm_substream *substream)
3168 + int i;
3169 +
3170 + for (i = 0; i < be->num_codecs; i++) {
3171 ++ /*
3172 ++ * Skip CODECs which don't support the current stream
3173 ++ * type. See soc_pcm_init_runtime_hw() for more details
3174 ++ */
3175 ++ if (!snd_soc_dai_stream_valid(be->codec_dais[i],
3176 ++ stream))
3177 ++ continue;
3178 ++
3179 + codec_dai_drv = be->codec_dais[i]->driver;
3180 + if (stream == SNDRV_PCM_STREAM_PLAYBACK)
3181 + codec_stream = &codec_dai_drv->playback;
3182 +diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
3183 +index 9664b1ff4285..5ec2de8f49b4 100644
3184 +--- a/tools/power/x86/turbostat/turbostat.c
3185 ++++ b/tools/power/x86/turbostat/turbostat.c
3186 +@@ -733,9 +733,7 @@ void format_all_counters(struct thread_data *t, struct core_data *c, struct pkg_
3187 + if (!printed || !summary_only)
3188 + print_header();
3189 +
3190 +- if (topo.num_cpus > 1)
3191 +- format_counters(&average.threads, &average.cores,
3192 +- &average.packages);
3193 ++ format_counters(&average.threads, &average.cores, &average.packages);
3194 +
3195 + printed = 1;
3196 +
3197 +@@ -3202,7 +3200,9 @@ void process_cpuid()
3198 + family = (fms >> 8) & 0xf;
3199 + model = (fms >> 4) & 0xf;
3200 + stepping = fms & 0xf;
3201 +- if (family == 6 || family == 0xf)
3202 ++ if (family == 0xf)
3203 ++ family += (fms >> 20) & 0xff;
3204 ++ if (family >= 6)
3205 + model += ((fms >> 16) & 0xf) << 4;
3206 +
3207 + if (debug) {
3208 +diff --git a/tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc b/tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc
3209 +new file mode 100644
3210 +index 000000000000..3b1f45e13a2e
3211 +--- /dev/null
3212 ++++ b/tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc
3213 +@@ -0,0 +1,28 @@
3214 ++#!/bin/sh
3215 ++# description: Snapshot and tracing setting
3216 ++# flags: instance
3217 ++
3218 ++[ ! -f snapshot ] && exit_unsupported
3219 ++
3220 ++echo "Set tracing off"
3221 ++echo 0 > tracing_on
3222 ++
3223 ++echo "Allocate and take a snapshot"
3224 ++echo 1 > snapshot
3225 ++
3226 ++# Since trace buffer is empty, snapshot is also empty, but allocated
3227 ++grep -q "Snapshot is allocated" snapshot
3228 ++
3229 ++echo "Ensure keep tracing off"
3230 ++test `cat tracing_on` -eq 0
3231 ++
3232 ++echo "Set tracing on"
3233 ++echo 1 > tracing_on
3234 ++
3235 ++echo "Take a snapshot again"
3236 ++echo 1 > snapshot
3237 ++
3238 ++echo "Ensure keep tracing on"
3239 ++test `cat tracing_on` -eq 1
3240 ++
3241 ++exit 0
3242 +diff --git a/tools/usb/ffs-test.c b/tools/usb/ffs-test.c
3243 +index 88d5e71be044..47dfa0b0fcd7 100644
3244 +--- a/tools/usb/ffs-test.c
3245 ++++ b/tools/usb/ffs-test.c
3246 +@@ -44,12 +44,25 @@
3247 +
3248 + /******************** Little Endian Handling ********************************/
3249 +
3250 +-#define cpu_to_le16(x) htole16(x)
3251 +-#define cpu_to_le32(x) htole32(x)
3252 ++/*
3253 ++ * cpu_to_le16/32 are used when initializing structures, a context where a
3254 ++ * function call is not allowed. To solve this, we code cpu_to_le16/32 in a way
3255 ++ * that allows them to be used when initializing structures.
3256 ++ */
3257 ++
3258 ++#if __BYTE_ORDER == __LITTLE_ENDIAN
3259 ++#define cpu_to_le16(x) (x)
3260 ++#define cpu_to_le32(x) (x)
3261 ++#else
3262 ++#define cpu_to_le16(x) ((((x) >> 8) & 0xffu) | (((x) & 0xffu) << 8))
3263 ++#define cpu_to_le32(x) \
3264 ++ ((((x) & 0xff000000u) >> 24) | (((x) & 0x00ff0000u) >> 8) | \
3265 ++ (((x) & 0x0000ff00u) << 8) | (((x) & 0x000000ffu) << 24))
3266 ++#endif
3267 ++
3268 + #define le32_to_cpu(x) le32toh(x)
3269 + #define le16_to_cpu(x) le16toh(x)
3270 +
3271 +-
3272 + /******************** Messages and Errors ***********************************/
3273 +
3274 + static const char argv0[] = "ffs-test";
Report Message
Find on MARC Find on Google Groups