Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 03 Apr 2019 10:48:36
Message-Id: 1554288486.22ef91783c01811b111fe515ead18c5f4336220b.mpagano@gentoo
1 commit: 22ef91783c01811b111fe515ead18c5f4336220b
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Apr 3 10:48:06 2019 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Apr 3 10:48:06 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=22ef9178
7
8 Linux patch 4.9.167
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1166_linux-4.9.167.patch | 1840 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1844 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 64cbb0c..112b631 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -707,6 +707,10 @@ Patch: 1165_linux-4.9.166.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.166
23
24 +Patch: 1166_linux-4.9.167.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.167
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1166_linux-4.9.167.patch b/1166_linux-4.9.167.patch
33 new file mode 100644
34 index 0000000..6d6de0d
35 --- /dev/null
36 +++ b/1166_linux-4.9.167.patch
37 @@ -0,0 +1,1840 @@
38 +diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
39 +index 3ff58a8ffabb..d1908e50b506 100644
40 +--- a/Documentation/virtual/kvm/api.txt
41 ++++ b/Documentation/virtual/kvm/api.txt
42 +@@ -13,7 +13,7 @@ of a virtual machine. The ioctls belong to three classes
43 +
44 + - VM ioctls: These query and set attributes that affect an entire virtual
45 + machine, for example memory layout. In addition a VM ioctl is used to
46 +- create virtual cpus (vcpus).
47 ++ create virtual cpus (vcpus) and devices.
48 +
49 + Only run VM ioctls from the same process (address space) that was used
50 + to create the VM.
51 +@@ -24,6 +24,11 @@ of a virtual machine. The ioctls belong to three classes
52 + Only run vcpu ioctls from the same thread that was used to create the
53 + vcpu.
54 +
55 ++ - device ioctls: These query and set attributes that control the operation
56 ++ of a single device.
57 ++
58 ++ device ioctls must be issued from the same process (address space) that
59 ++ was used to create the VM.
60 +
61 + 2. File descriptors
62 + -------------------
63 +@@ -32,10 +37,11 @@ The kvm API is centered around file descriptors. An initial
64 + open("/dev/kvm") obtains a handle to the kvm subsystem; this handle
65 + can be used to issue system ioctls. A KVM_CREATE_VM ioctl on this
66 + handle will create a VM file descriptor which can be used to issue VM
67 +-ioctls. A KVM_CREATE_VCPU ioctl on a VM fd will create a virtual cpu
68 +-and return a file descriptor pointing to it. Finally, ioctls on a vcpu
69 +-fd can be used to control the vcpu, including the important task of
70 +-actually running guest code.
71 ++ioctls. A KVM_CREATE_VCPU or KVM_CREATE_DEVICE ioctl on a VM fd will
72 ++create a virtual cpu or device and return a file descriptor pointing to
73 ++the new resource. Finally, ioctls on a vcpu or device fd can be used
74 ++to control the vcpu or device. For vcpus, this includes the important
75 ++task of actually running guest code.
76 +
77 + In general file descriptors can be migrated among processes by means
78 + of fork() and the SCM_RIGHTS facility of unix domain socket. These
79 +diff --git a/Makefile b/Makefile
80 +index 90478086eff5..2f030baeb162 100644
81 +--- a/Makefile
82 ++++ b/Makefile
83 +@@ -1,6 +1,6 @@
84 + VERSION = 4
85 + PATCHLEVEL = 9
86 +-SUBLEVEL = 166
87 ++SUBLEVEL = 167
88 + EXTRAVERSION =
89 + NAME = Roaring Lionus
90 +
91 +diff --git a/arch/arm/mach-imx/cpuidle-imx6q.c b/arch/arm/mach-imx/cpuidle-imx6q.c
92 +index bfeb25aaf9a2..326e870d7123 100644
93 +--- a/arch/arm/mach-imx/cpuidle-imx6q.c
94 ++++ b/arch/arm/mach-imx/cpuidle-imx6q.c
95 +@@ -16,30 +16,23 @@
96 + #include "cpuidle.h"
97 + #include "hardware.h"
98 +
99 +-static atomic_t master = ATOMIC_INIT(0);
100 +-static DEFINE_SPINLOCK(master_lock);
101 ++static int num_idle_cpus = 0;
102 ++static DEFINE_SPINLOCK(cpuidle_lock);
103 +
104 + static int imx6q_enter_wait(struct cpuidle_device *dev,
105 + struct cpuidle_driver *drv, int index)
106 + {
107 +- if (atomic_inc_return(&master) == num_online_cpus()) {
108 +- /*
109 +- * With this lock, we prevent other cpu to exit and enter
110 +- * this function again and become the master.
111 +- */
112 +- if (!spin_trylock(&master_lock))
113 +- goto idle;
114 ++ spin_lock(&cpuidle_lock);
115 ++ if (++num_idle_cpus == num_online_cpus())
116 + imx6_set_lpm(WAIT_UNCLOCKED);
117 +- cpu_do_idle();
118 +- imx6_set_lpm(WAIT_CLOCKED);
119 +- spin_unlock(&master_lock);
120 +- goto done;
121 +- }
122 ++ spin_unlock(&cpuidle_lock);
123 +
124 +-idle:
125 + cpu_do_idle();
126 +-done:
127 +- atomic_dec(&master);
128 ++
129 ++ spin_lock(&cpuidle_lock);
130 ++ if (num_idle_cpus-- == num_online_cpus())
131 ++ imx6_set_lpm(WAIT_CLOCKED);
132 ++ spin_unlock(&cpuidle_lock);
133 +
134 + return index;
135 + }
136 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
137 +index 3e43874568f9..2eb8ae1b2d03 100644
138 +--- a/arch/arm64/Kconfig
139 ++++ b/arch/arm64/Kconfig
140 +@@ -1079,6 +1079,10 @@ config SYSVIPC_COMPAT
141 + def_bool y
142 + depends on COMPAT && SYSVIPC
143 +
144 ++config KEYS_COMPAT
145 ++ def_bool y
146 ++ depends on COMPAT && KEYS
147 ++
148 + endmenu
149 +
150 + menu "Power management options"
151 +diff --git a/arch/powerpc/include/asm/ppc-opcode.h b/arch/powerpc/include/asm/ppc-opcode.h
152 +index c4ced1d01d57..48e8f1f14872 100644
153 +--- a/arch/powerpc/include/asm/ppc-opcode.h
154 ++++ b/arch/powerpc/include/asm/ppc-opcode.h
155 +@@ -225,6 +225,7 @@
156 + /* Misc instructions for BPF compiler */
157 + #define PPC_INST_LBZ 0x88000000
158 + #define PPC_INST_LD 0xe8000000
159 ++#define PPC_INST_LDX 0x7c00002a
160 + #define PPC_INST_LHZ 0xa0000000
161 + #define PPC_INST_LWZ 0x80000000
162 + #define PPC_INST_LHBRX 0x7c00062c
163 +@@ -232,6 +233,7 @@
164 + #define PPC_INST_STB 0x98000000
165 + #define PPC_INST_STH 0xb0000000
166 + #define PPC_INST_STD 0xf8000000
167 ++#define PPC_INST_STDX 0x7c00012a
168 + #define PPC_INST_STDU 0xf8000001
169 + #define PPC_INST_STW 0x90000000
170 + #define PPC_INST_STWU 0x94000000
171 +diff --git a/arch/powerpc/net/bpf_jit.h b/arch/powerpc/net/bpf_jit.h
172 +index 89f70073dec8..7b1d1721a26a 100644
173 +--- a/arch/powerpc/net/bpf_jit.h
174 ++++ b/arch/powerpc/net/bpf_jit.h
175 +@@ -51,6 +51,8 @@
176 + #define PPC_LIS(r, i) PPC_ADDIS(r, 0, i)
177 + #define PPC_STD(r, base, i) EMIT(PPC_INST_STD | ___PPC_RS(r) | \
178 + ___PPC_RA(base) | ((i) & 0xfffc))
179 ++#define PPC_STDX(r, base, b) EMIT(PPC_INST_STDX | ___PPC_RS(r) | \
180 ++ ___PPC_RA(base) | ___PPC_RB(b))
181 + #define PPC_STDU(r, base, i) EMIT(PPC_INST_STDU | ___PPC_RS(r) | \
182 + ___PPC_RA(base) | ((i) & 0xfffc))
183 + #define PPC_STW(r, base, i) EMIT(PPC_INST_STW | ___PPC_RS(r) | \
184 +@@ -65,7 +67,9 @@
185 + #define PPC_LBZ(r, base, i) EMIT(PPC_INST_LBZ | ___PPC_RT(r) | \
186 + ___PPC_RA(base) | IMM_L(i))
187 + #define PPC_LD(r, base, i) EMIT(PPC_INST_LD | ___PPC_RT(r) | \
188 +- ___PPC_RA(base) | IMM_L(i))
189 ++ ___PPC_RA(base) | ((i) & 0xfffc))
190 ++#define PPC_LDX(r, base, b) EMIT(PPC_INST_LDX | ___PPC_RT(r) | \
191 ++ ___PPC_RA(base) | ___PPC_RB(b))
192 + #define PPC_LWZ(r, base, i) EMIT(PPC_INST_LWZ | ___PPC_RT(r) | \
193 + ___PPC_RA(base) | IMM_L(i))
194 + #define PPC_LHZ(r, base, i) EMIT(PPC_INST_LHZ | ___PPC_RT(r) | \
195 +@@ -85,17 +89,6 @@
196 + ___PPC_RA(a) | ___PPC_RB(b))
197 + #define PPC_BPF_STDCX(s, a, b) EMIT(PPC_INST_STDCX | ___PPC_RS(s) | \
198 + ___PPC_RA(a) | ___PPC_RB(b))
199 +-
200 +-#ifdef CONFIG_PPC64
201 +-#define PPC_BPF_LL(r, base, i) do { PPC_LD(r, base, i); } while(0)
202 +-#define PPC_BPF_STL(r, base, i) do { PPC_STD(r, base, i); } while(0)
203 +-#define PPC_BPF_STLU(r, base, i) do { PPC_STDU(r, base, i); } while(0)
204 +-#else
205 +-#define PPC_BPF_LL(r, base, i) do { PPC_LWZ(r, base, i); } while(0)
206 +-#define PPC_BPF_STL(r, base, i) do { PPC_STW(r, base, i); } while(0)
207 +-#define PPC_BPF_STLU(r, base, i) do { PPC_STWU(r, base, i); } while(0)
208 +-#endif
209 +-
210 + #define PPC_CMPWI(a, i) EMIT(PPC_INST_CMPWI | ___PPC_RA(a) | IMM_L(i))
211 + #define PPC_CMPDI(a, i) EMIT(PPC_INST_CMPDI | ___PPC_RA(a) | IMM_L(i))
212 + #define PPC_CMPW(a, b) EMIT(PPC_INST_CMPW | ___PPC_RA(a) | \
213 +diff --git a/arch/powerpc/net/bpf_jit32.h b/arch/powerpc/net/bpf_jit32.h
214 +index a8cd7e289ecd..81a9045d8410 100644
215 +--- a/arch/powerpc/net/bpf_jit32.h
216 ++++ b/arch/powerpc/net/bpf_jit32.h
217 +@@ -122,6 +122,10 @@ DECLARE_LOAD_FUNC(sk_load_byte_msh);
218 + #define PPC_NTOHS_OFFS(r, base, i) PPC_LHZ_OFFS(r, base, i)
219 + #endif
220 +
221 ++#define PPC_BPF_LL(r, base, i) do { PPC_LWZ(r, base, i); } while(0)
222 ++#define PPC_BPF_STL(r, base, i) do { PPC_STW(r, base, i); } while(0)
223 ++#define PPC_BPF_STLU(r, base, i) do { PPC_STWU(r, base, i); } while(0)
224 ++
225 + #define SEEN_DATAREF 0x10000 /* might call external helpers */
226 + #define SEEN_XREG 0x20000 /* X reg is used */
227 + #define SEEN_MEM 0x40000 /* SEEN_MEM+(1<<n) = use mem[n] for temporary
228 +diff --git a/arch/powerpc/net/bpf_jit64.h b/arch/powerpc/net/bpf_jit64.h
229 +index 62fa7589db2b..bb944b6018d7 100644
230 +--- a/arch/powerpc/net/bpf_jit64.h
231 ++++ b/arch/powerpc/net/bpf_jit64.h
232 +@@ -86,6 +86,26 @@ DECLARE_LOAD_FUNC(sk_load_byte);
233 + (imm >= SKF_LL_OFF ? func##_negative_offset : func) : \
234 + func##_positive_offset)
235 +
236 ++/*
237 ++ * WARNING: These can use TMP_REG_2 if the offset is not at word boundary,
238 ++ * so ensure that it isn't in use already.
239 ++ */
240 ++#define PPC_BPF_LL(r, base, i) do { \
241 ++ if ((i) % 4) { \
242 ++ PPC_LI(b2p[TMP_REG_2], (i)); \
243 ++ PPC_LDX(r, base, b2p[TMP_REG_2]); \
244 ++ } else \
245 ++ PPC_LD(r, base, i); \
246 ++ } while(0)
247 ++#define PPC_BPF_STL(r, base, i) do { \
248 ++ if ((i) % 4) { \
249 ++ PPC_LI(b2p[TMP_REG_2], (i)); \
250 ++ PPC_STDX(r, base, b2p[TMP_REG_2]); \
251 ++ } else \
252 ++ PPC_STD(r, base, i); \
253 ++ } while(0)
254 ++#define PPC_BPF_STLU(r, base, i) do { PPC_STDU(r, base, i); } while(0)
255 ++
256 + #define SEEN_FUNC 0x1000 /* might call external helpers */
257 + #define SEEN_STACK 0x2000 /* uses BPF stack */
258 + #define SEEN_SKB 0x4000 /* uses sk_buff */
259 +diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c
260 +index bdbbc320b006..e7d78f9156ce 100644
261 +--- a/arch/powerpc/net/bpf_jit_comp64.c
262 ++++ b/arch/powerpc/net/bpf_jit_comp64.c
263 +@@ -265,7 +265,7 @@ static void bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32
264 + * if (tail_call_cnt > MAX_TAIL_CALL_CNT)
265 + * goto out;
266 + */
267 +- PPC_LD(b2p[TMP_REG_1], 1, bpf_jit_stack_tailcallcnt(ctx));
268 ++ PPC_BPF_LL(b2p[TMP_REG_1], 1, bpf_jit_stack_tailcallcnt(ctx));
269 + PPC_CMPLWI(b2p[TMP_REG_1], MAX_TAIL_CALL_CNT);
270 + PPC_BCC(COND_GT, out);
271 +
272 +@@ -278,7 +278,7 @@ static void bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32
273 + /* prog = array->ptrs[index]; */
274 + PPC_MULI(b2p[TMP_REG_1], b2p_index, 8);
275 + PPC_ADD(b2p[TMP_REG_1], b2p[TMP_REG_1], b2p_bpf_array);
276 +- PPC_LD(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_array, ptrs));
277 ++ PPC_BPF_LL(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_array, ptrs));
278 +
279 + /*
280 + * if (prog == NULL)
281 +@@ -288,7 +288,7 @@ static void bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32
282 + PPC_BCC(COND_EQ, out);
283 +
284 + /* goto *(prog->bpf_func + prologue_size); */
285 +- PPC_LD(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_prog, bpf_func));
286 ++ PPC_BPF_LL(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_prog, bpf_func));
287 + #ifdef PPC64_ELF_ABI_v1
288 + /* skip past the function descriptor */
289 + PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1],
290 +@@ -620,7 +620,7 @@ bpf_alu32_trunc:
291 + * the instructions generated will remain the
292 + * same across all passes
293 + */
294 +- PPC_STD(dst_reg, 1, bpf_jit_stack_local(ctx));
295 ++ PPC_BPF_STL(dst_reg, 1, bpf_jit_stack_local(ctx));
296 + PPC_ADDI(b2p[TMP_REG_1], 1, bpf_jit_stack_local(ctx));
297 + PPC_LDBRX(dst_reg, 0, b2p[TMP_REG_1]);
298 + break;
299 +@@ -676,7 +676,7 @@ emit_clear:
300 + PPC_LI32(b2p[TMP_REG_1], imm);
301 + src_reg = b2p[TMP_REG_1];
302 + }
303 +- PPC_STD(src_reg, dst_reg, off);
304 ++ PPC_BPF_STL(src_reg, dst_reg, off);
305 + break;
306 +
307 + /*
308 +@@ -723,7 +723,7 @@ emit_clear:
309 + break;
310 + /* dst = *(u64 *)(ul) (src + off) */
311 + case BPF_LDX | BPF_MEM | BPF_DW:
312 +- PPC_LD(dst_reg, src_reg, off);
313 ++ PPC_BPF_LL(dst_reg, src_reg, off);
314 + break;
315 +
316 + /*
317 +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
318 +index e31001ec4c07..5a4591ff8407 100644
319 +--- a/arch/x86/Kconfig
320 ++++ b/arch/x86/Kconfig
321 +@@ -2051,14 +2051,8 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING
322 + If unsure, leave at the default value.
323 +
324 + config HOTPLUG_CPU
325 +- bool "Support for hot-pluggable CPUs"
326 ++ def_bool y
327 + depends on SMP
328 +- ---help---
329 +- Say Y here to allow turning CPUs off and on. CPUs can be
330 +- controlled through /sys/devices/system/cpu.
331 +- ( Note: power management support will enable this option
332 +- automatically on SMP systems. )
333 +- Say N if you want to disable CPU hotplug.
334 +
335 + config BOOTPARAM_HOTPLUG_CPU0
336 + bool "Set default setting of cpu0_hotpluggable"
337 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
338 +index 9a8167b175d5..83b5b2990b49 100644
339 +--- a/arch/x86/include/asm/kvm_host.h
340 ++++ b/arch/x86/include/asm/kvm_host.h
341 +@@ -487,6 +487,7 @@ struct kvm_vcpu_arch {
342 + bool tpr_access_reporting;
343 + u64 ia32_xss;
344 + u64 microcode_version;
345 ++ u64 arch_capabilities;
346 +
347 + /*
348 + * Paging state of the vcpu
349 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
350 +index a34fb7284024..75466d9417b8 100644
351 +--- a/arch/x86/kvm/vmx.c
352 ++++ b/arch/x86/kvm/vmx.c
353 +@@ -714,7 +714,6 @@ struct vcpu_vmx {
354 + u64 msr_guest_kernel_gs_base;
355 + #endif
356 +
357 +- u64 arch_capabilities;
358 + u64 spec_ctrl;
359 +
360 + u32 vm_entry_controls_shadow;
361 +@@ -3209,12 +3208,6 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
362 +
363 + msr_info->data = to_vmx(vcpu)->spec_ctrl;
364 + break;
365 +- case MSR_IA32_ARCH_CAPABILITIES:
366 +- if (!msr_info->host_initiated &&
367 +- !guest_cpuid_has_arch_capabilities(vcpu))
368 +- return 1;
369 +- msr_info->data = to_vmx(vcpu)->arch_capabilities;
370 +- break;
371 + case MSR_IA32_SYSENTER_CS:
372 + msr_info->data = vmcs_read32(GUEST_SYSENTER_CS);
373 + break;
374 +@@ -3376,11 +3369,6 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
375 + vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD,
376 + MSR_TYPE_W);
377 + break;
378 +- case MSR_IA32_ARCH_CAPABILITIES:
379 +- if (!msr_info->host_initiated)
380 +- return 1;
381 +- vmx->arch_capabilities = data;
382 +- break;
383 + case MSR_IA32_CR_PAT:
384 + if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) {
385 + if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
386 +@@ -5468,8 +5456,6 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
387 + ++vmx->nmsrs;
388 + }
389 +
390 +- vmx->arch_capabilities = kvm_get_arch_capabilities();
391 +-
392 + vm_exit_controls_init(vmx, vmcs_config.vmexit_ctrl);
393 +
394 + /* 22.2.1, 20.8.1 */
395 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
396 +index a29df9ccbfde..8285142556b5 100644
397 +--- a/arch/x86/kvm/x86.c
398 ++++ b/arch/x86/kvm/x86.c
399 +@@ -2197,6 +2197,11 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
400 + if (msr_info->host_initiated)
401 + vcpu->arch.microcode_version = data;
402 + break;
403 ++ case MSR_IA32_ARCH_CAPABILITIES:
404 ++ if (!msr_info->host_initiated)
405 ++ return 1;
406 ++ vcpu->arch.arch_capabilities = data;
407 ++ break;
408 + case MSR_EFER:
409 + return set_efer(vcpu, data);
410 + case MSR_K7_HWCR:
411 +@@ -2473,6 +2478,12 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
412 + case MSR_IA32_UCODE_REV:
413 + msr_info->data = vcpu->arch.microcode_version;
414 + break;
415 ++ case MSR_IA32_ARCH_CAPABILITIES:
416 ++ if (!msr_info->host_initiated &&
417 ++ !guest_cpuid_has_arch_capabilities(vcpu))
418 ++ return 1;
419 ++ msr_info->data = vcpu->arch.arch_capabilities;
420 ++ break;
421 + case MSR_MTRRcap:
422 + case 0x200 ... 0x2ff:
423 + return kvm_mtrr_get_msr(vcpu, msr_info->index, &msr_info->data);
424 +@@ -7672,6 +7683,7 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
425 + {
426 + int r;
427 +
428 ++ vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
429 + kvm_vcpu_mtrr_init(vcpu);
430 + r = vcpu_load(vcpu);
431 + if (r)
432 +diff --git a/drivers/gpio/gpio-adnp.c b/drivers/gpio/gpio-adnp.c
433 +index 8ff7b0d3eac6..3b68c03a281d 100644
434 +--- a/drivers/gpio/gpio-adnp.c
435 ++++ b/drivers/gpio/gpio-adnp.c
436 +@@ -132,8 +132,10 @@ static int adnp_gpio_direction_input(struct gpio_chip *chip, unsigned offset)
437 + if (err < 0)
438 + goto out;
439 +
440 +- if (err & BIT(pos))
441 +- err = -EACCES;
442 ++ if (value & BIT(pos)) {
443 ++ err = -EPERM;
444 ++ goto out;
445 ++ }
446 +
447 + err = 0;
448 +
449 +diff --git a/drivers/isdn/hardware/mISDN/hfcmulti.c b/drivers/isdn/hardware/mISDN/hfcmulti.c
450 +index 480c2d7794eb..8feb8e9e29a6 100644
451 +--- a/drivers/isdn/hardware/mISDN/hfcmulti.c
452 ++++ b/drivers/isdn/hardware/mISDN/hfcmulti.c
453 +@@ -4370,7 +4370,8 @@ setup_pci(struct hfc_multi *hc, struct pci_dev *pdev,
454 + if (m->clock2)
455 + test_and_set_bit(HFC_CHIP_CLOCK2, &hc->chip);
456 +
457 +- if (ent->device == 0xB410) {
458 ++ if (ent->vendor == PCI_VENDOR_ID_DIGIUM &&
459 ++ ent->device == PCI_DEVICE_ID_DIGIUM_HFC4S) {
460 + test_and_set_bit(HFC_CHIP_B410P, &hc->chip);
461 + test_and_set_bit(HFC_CHIP_PCM_MASTER, &hc->chip);
462 + test_and_clear_bit(HFC_CHIP_PCM_SLAVE, &hc->chip);
463 +diff --git a/drivers/net/dsa/qca8k.c b/drivers/net/dsa/qca8k.c
464 +index 7f64a76acd37..ebfbaf8597f4 100644
465 +--- a/drivers/net/dsa/qca8k.c
466 ++++ b/drivers/net/dsa/qca8k.c
467 +@@ -630,22 +630,6 @@ qca8k_adjust_link(struct dsa_switch *ds, int port, struct phy_device *phy)
468 + qca8k_port_set_status(priv, port, 1);
469 + }
470 +
471 +-static int
472 +-qca8k_phy_read(struct dsa_switch *ds, int phy, int regnum)
473 +-{
474 +- struct qca8k_priv *priv = (struct qca8k_priv *)ds->priv;
475 +-
476 +- return mdiobus_read(priv->bus, phy, regnum);
477 +-}
478 +-
479 +-static int
480 +-qca8k_phy_write(struct dsa_switch *ds, int phy, int regnum, u16 val)
481 +-{
482 +- struct qca8k_priv *priv = (struct qca8k_priv *)ds->priv;
483 +-
484 +- return mdiobus_write(priv->bus, phy, regnum, val);
485 +-}
486 +-
487 + static void
488 + qca8k_get_strings(struct dsa_switch *ds, int port, uint8_t *data)
489 + {
490 +@@ -961,8 +945,6 @@ static struct dsa_switch_ops qca8k_switch_ops = {
491 + .setup = qca8k_setup,
492 + .adjust_link = qca8k_adjust_link,
493 + .get_strings = qca8k_get_strings,
494 +- .phy_read = qca8k_phy_read,
495 +- .phy_write = qca8k_phy_write,
496 + .get_ethtool_stats = qca8k_get_ethtool_stats,
497 + .get_sset_count = qca8k_get_sset_count,
498 + .get_eee = qca8k_get_eee,
499 +diff --git a/drivers/net/ethernet/8390/mac8390.c b/drivers/net/ethernet/8390/mac8390.c
500 +index b9283901136e..0fdc9ad32a2e 100644
501 +--- a/drivers/net/ethernet/8390/mac8390.c
502 ++++ b/drivers/net/ethernet/8390/mac8390.c
503 +@@ -156,8 +156,6 @@ static void dayna_block_output(struct net_device *dev, int count,
504 + #define memcpy_fromio(a, b, c) memcpy((a), (void *)(b), (c))
505 + #define memcpy_toio(a, b, c) memcpy((void *)(a), (b), (c))
506 +
507 +-#define memcmp_withio(a, b, c) memcmp((a), (void *)(b), (c))
508 +-
509 + /* Slow Sane (16-bit chunk memory read/write) Cabletron uses this */
510 + static void slow_sane_get_8390_hdr(struct net_device *dev,
511 + struct e8390_pkt_hdr *hdr, int ring_page);
512 +@@ -237,19 +235,26 @@ static enum mac8390_type __init mac8390_ident(struct nubus_dev *dev)
513 +
514 + static enum mac8390_access __init mac8390_testio(volatile unsigned long membase)
515 + {
516 +- unsigned long outdata = 0xA5A0B5B0;
517 +- unsigned long indata = 0x00000000;
518 ++ u32 outdata = 0xA5A0B5B0;
519 ++ u32 indata = 0;
520 ++
521 + /* Try writing 32 bits */
522 +- memcpy_toio(membase, &outdata, 4);
523 +- /* Now compare them */
524 +- if (memcmp_withio(&outdata, membase, 4) == 0)
525 ++ nubus_writel(outdata, membase);
526 ++ /* Now read it back */
527 ++ indata = nubus_readl(membase);
528 ++ if (outdata == indata)
529 + return ACCESS_32;
530 ++
531 ++ outdata = 0xC5C0D5D0;
532 ++ indata = 0;
533 ++
534 + /* Write 16 bit output */
535 + word_memcpy_tocard(membase, &outdata, 4);
536 + /* Now read it back */
537 + word_memcpy_fromcard(&indata, membase, 4);
538 + if (outdata == indata)
539 + return ACCESS_16;
540 ++
541 + return ACCESS_UNKNOWN;
542 + }
543 +
544 +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
545 +index 20a2b01b392c..fc437d75ac76 100644
546 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
547 ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
548 +@@ -2931,6 +2931,20 @@ static int stmmac_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
549 + return ret;
550 + }
551 +
552 ++static int stmmac_set_mac_address(struct net_device *ndev, void *addr)
553 ++{
554 ++ struct stmmac_priv *priv = netdev_priv(ndev);
555 ++ int ret = 0;
556 ++
557 ++ ret = eth_mac_addr(ndev, addr);
558 ++ if (ret)
559 ++ return ret;
560 ++
561 ++ priv->hw->mac->set_umac_addr(priv->hw, ndev->dev_addr, 0);
562 ++
563 ++ return ret;
564 ++}
565 ++
566 + #ifdef CONFIG_DEBUG_FS
567 + static struct dentry *stmmac_fs_dir;
568 +
569 +@@ -3137,7 +3151,7 @@ static const struct net_device_ops stmmac_netdev_ops = {
570 + #ifdef CONFIG_NET_POLL_CONTROLLER
571 + .ndo_poll_controller = stmmac_poll_controller,
572 + #endif
573 +- .ndo_set_mac_address = eth_mac_addr,
574 ++ .ndo_set_mac_address = stmmac_set_mac_address,
575 + };
576 +
577 + /**
578 +diff --git a/drivers/net/tun.c b/drivers/net/tun.c
579 +index 24cc94453d38..88fe38d6a7ef 100644
580 +--- a/drivers/net/tun.c
581 ++++ b/drivers/net/tun.c
582 +@@ -1194,9 +1194,6 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
583 + u32 rxhash;
584 + ssize_t n;
585 +
586 +- if (!(tun->dev->flags & IFF_UP))
587 +- return -EIO;
588 +-
589 + if (!(tun->flags & IFF_NO_PI)) {
590 + if (len < sizeof(pi))
591 + return -EINVAL;
592 +@@ -1273,9 +1270,11 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
593 + err = skb_copy_datagram_from_iter(skb, 0, from, len);
594 +
595 + if (err) {
596 ++ err = -EFAULT;
597 ++drop:
598 + this_cpu_inc(tun->pcpu_stats->rx_dropped);
599 + kfree_skb(skb);
600 +- return -EFAULT;
601 ++ return err;
602 + }
603 +
604 + err = virtio_net_hdr_to_skb(skb, &gso, tun_is_little_endian(tun));
605 +@@ -1327,7 +1326,16 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
606 + skb_probe_transport_header(skb, 0);
607 +
608 + rxhash = skb_get_hash(skb);
609 ++
610 ++ rcu_read_lock();
611 ++ if (unlikely(!(tun->dev->flags & IFF_UP))) {
612 ++ err = -EIO;
613 ++ rcu_read_unlock();
614 ++ goto drop;
615 ++ }
616 ++
617 + netif_rx_ni(skb);
618 ++ rcu_read_unlock();
619 +
620 + stats = get_cpu_ptr(tun->pcpu_stats);
621 + u64_stats_update_begin(&stats->syncp);
622 +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
623 +index 016f5da425ab..b6ee0c1690d8 100644
624 +--- a/drivers/net/vxlan.c
625 ++++ b/drivers/net/vxlan.c
626 +@@ -3375,10 +3375,8 @@ static void __net_exit vxlan_exit_net(struct net *net)
627 + /* If vxlan->dev is in the same netns, it has already been added
628 + * to the list by the previous loop.
629 + */
630 +- if (!net_eq(dev_net(vxlan->dev), net)) {
631 +- gro_cells_destroy(&vxlan->gro_cells);
632 ++ if (!net_eq(dev_net(vxlan->dev), net))
633 + unregister_netdevice_queue(vxlan->dev, &list);
634 +- }
635 + }
636 +
637 + unregister_netdevice_many(&list);
638 +diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c
639 +index 2abcd331b05d..abe460eac712 100644
640 +--- a/drivers/s390/scsi/zfcp_erp.c
641 ++++ b/drivers/s390/scsi/zfcp_erp.c
642 +@@ -652,6 +652,20 @@ static void zfcp_erp_strategy_memwait(struct zfcp_erp_action *erp_action)
643 + add_timer(&erp_action->timer);
644 + }
645 +
646 ++void zfcp_erp_port_forced_reopen_all(struct zfcp_adapter *adapter,
647 ++ int clear, char *dbftag)
648 ++{
649 ++ unsigned long flags;
650 ++ struct zfcp_port *port;
651 ++
652 ++ write_lock_irqsave(&adapter->erp_lock, flags);
653 ++ read_lock(&adapter->port_list_lock);
654 ++ list_for_each_entry(port, &adapter->port_list, list)
655 ++ _zfcp_erp_port_forced_reopen(port, clear, dbftag);
656 ++ read_unlock(&adapter->port_list_lock);
657 ++ write_unlock_irqrestore(&adapter->erp_lock, flags);
658 ++}
659 ++
660 + static void _zfcp_erp_port_reopen_all(struct zfcp_adapter *adapter,
661 + int clear, char *id)
662 + {
663 +@@ -1306,6 +1320,9 @@ static void zfcp_erp_try_rport_unblock(struct zfcp_port *port)
664 + struct zfcp_scsi_dev *zsdev = sdev_to_zfcp(sdev);
665 + int lun_status;
666 +
667 ++ if (sdev->sdev_state == SDEV_DEL ||
668 ++ sdev->sdev_state == SDEV_CANCEL)
669 ++ continue;
670 + if (zsdev->port != port)
671 + continue;
672 + /* LUN under port of interest */
673 +diff --git a/drivers/s390/scsi/zfcp_ext.h b/drivers/s390/scsi/zfcp_ext.h
674 +index b326f05c7f89..a39a74500e23 100644
675 +--- a/drivers/s390/scsi/zfcp_ext.h
676 ++++ b/drivers/s390/scsi/zfcp_ext.h
677 +@@ -68,6 +68,8 @@ extern void zfcp_erp_clear_port_status(struct zfcp_port *, u32);
678 + extern int zfcp_erp_port_reopen(struct zfcp_port *, int, char *);
679 + extern void zfcp_erp_port_shutdown(struct zfcp_port *, int, char *);
680 + extern void zfcp_erp_port_forced_reopen(struct zfcp_port *, int, char *);
681 ++extern void zfcp_erp_port_forced_reopen_all(struct zfcp_adapter *adapter,
682 ++ int clear, char *dbftag);
683 + extern void zfcp_erp_set_lun_status(struct scsi_device *, u32);
684 + extern void zfcp_erp_clear_lun_status(struct scsi_device *, u32);
685 + extern void zfcp_erp_lun_reopen(struct scsi_device *, int, char *);
686 +diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c
687 +index 3afb200b2829..bdb257eaa2e5 100644
688 +--- a/drivers/s390/scsi/zfcp_scsi.c
689 ++++ b/drivers/s390/scsi/zfcp_scsi.c
690 +@@ -326,6 +326,10 @@ static int zfcp_scsi_eh_host_reset_handler(struct scsi_cmnd *scpnt)
691 + struct zfcp_adapter *adapter = zfcp_sdev->port->adapter;
692 + int ret = SUCCESS, fc_ret;
693 +
694 ++ if (!(adapter->connection_features & FSF_FEATURE_NPIV_MODE)) {
695 ++ zfcp_erp_port_forced_reopen_all(adapter, 0, "schrh_p");
696 ++ zfcp_erp_wait(adapter);
697 ++ }
698 + zfcp_erp_adapter_reopen(adapter, 0, "schrh_1");
699 + zfcp_erp_wait(adapter);
700 + fc_ret = fc_block_scsi_eh(scpnt);
701 +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
702 +index 3e9cbba41464..58345d3d4682 100644
703 +--- a/drivers/scsi/sd.c
704 ++++ b/drivers/scsi/sd.c
705 +@@ -1284,11 +1284,6 @@ static void sd_release(struct gendisk *disk, fmode_t mode)
706 + scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
707 + }
708 +
709 +- /*
710 +- * XXX and what if there are packets in flight and this close()
711 +- * XXX is followed by a "rmmod sd_mod"?
712 +- */
713 +-
714 + scsi_disk_put(sdkp);
715 + }
716 +
717 +@@ -2846,6 +2841,9 @@ static bool sd_validate_opt_xfer_size(struct scsi_disk *sdkp,
718 + unsigned int opt_xfer_bytes =
719 + logical_to_bytes(sdp, sdkp->opt_xfer_blocks);
720 +
721 ++ if (sdkp->opt_xfer_blocks == 0)
722 ++ return false;
723 ++
724 + if (sdkp->opt_xfer_blocks > dev_max) {
725 + sd_first_printk(KERN_WARNING, sdkp,
726 + "Optimal transfer size %u logical blocks " \
727 +@@ -3257,11 +3255,23 @@ static void scsi_disk_release(struct device *dev)
728 + {
729 + struct scsi_disk *sdkp = to_scsi_disk(dev);
730 + struct gendisk *disk = sdkp->disk;
731 +-
732 ++ struct request_queue *q = disk->queue;
733 ++
734 + spin_lock(&sd_index_lock);
735 + ida_remove(&sd_index_ida, sdkp->index);
736 + spin_unlock(&sd_index_lock);
737 +
738 ++ /*
739 ++ * Wait until all requests that are in progress have completed.
740 ++ * This is necessary to avoid that e.g. scsi_end_request() crashes
741 ++ * due to clearing the disk->private_data pointer. Wait from inside
742 ++ * scsi_disk_release() instead of from sd_release() to avoid that
743 ++ * freezing and unfreezing the request queue affects user space I/O
744 ++ * in case multiple processes open a /dev/sd... node concurrently.
745 ++ */
746 ++ blk_mq_freeze_queue(q);
747 ++ blk_mq_unfreeze_queue(q);
748 ++
749 + disk->private_data = NULL;
750 + put_disk(disk);
751 + put_device(&sdkp->device->sdev_gendev);
752 +diff --git a/drivers/staging/comedi/comedidev.h b/drivers/staging/comedi/comedidev.h
753 +index dcb637665eb7..35432fbd6551 100644
754 +--- a/drivers/staging/comedi/comedidev.h
755 ++++ b/drivers/staging/comedi/comedidev.h
756 +@@ -984,6 +984,8 @@ int comedi_dio_insn_config(struct comedi_device *, struct comedi_subdevice *,
757 + unsigned int mask);
758 + unsigned int comedi_dio_update_state(struct comedi_subdevice *,
759 + unsigned int *data);
760 ++unsigned int comedi_bytes_per_scan_cmd(struct comedi_subdevice *s,
761 ++ struct comedi_cmd *cmd);
762 + unsigned int comedi_bytes_per_scan(struct comedi_subdevice *s);
763 + unsigned int comedi_nscans_left(struct comedi_subdevice *s,
764 + unsigned int nscans);
765 +diff --git a/drivers/staging/comedi/drivers.c b/drivers/staging/comedi/drivers.c
766 +index 1736248bc5b8..8ca5493c66fe 100644
767 +--- a/drivers/staging/comedi/drivers.c
768 ++++ b/drivers/staging/comedi/drivers.c
769 +@@ -390,11 +390,13 @@ unsigned int comedi_dio_update_state(struct comedi_subdevice *s,
770 + EXPORT_SYMBOL_GPL(comedi_dio_update_state);
771 +
772 + /**
773 +- * comedi_bytes_per_scan() - Get length of asynchronous command "scan" in bytes
774 ++ * comedi_bytes_per_scan_cmd() - Get length of asynchronous command "scan" in
775 ++ * bytes
776 + * @s: COMEDI subdevice.
777 ++ * @cmd: COMEDI command.
778 + *
779 + * Determines the overall scan length according to the subdevice type and the
780 +- * number of channels in the scan.
781 ++ * number of channels in the scan for the specified command.
782 + *
783 + * For digital input, output or input/output subdevices, samples for
784 + * multiple channels are assumed to be packed into one or more unsigned
785 +@@ -404,9 +406,9 @@ EXPORT_SYMBOL_GPL(comedi_dio_update_state);
786 + *
787 + * Returns the overall scan length in bytes.
788 + */
789 +-unsigned int comedi_bytes_per_scan(struct comedi_subdevice *s)
790 ++unsigned int comedi_bytes_per_scan_cmd(struct comedi_subdevice *s,
791 ++ struct comedi_cmd *cmd)
792 + {
793 +- struct comedi_cmd *cmd = &s->async->cmd;
794 + unsigned int num_samples;
795 + unsigned int bits_per_sample;
796 +
797 +@@ -423,6 +425,29 @@ unsigned int comedi_bytes_per_scan(struct comedi_subdevice *s)
798 + }
799 + return comedi_samples_to_bytes(s, num_samples);
800 + }
801 ++EXPORT_SYMBOL_GPL(comedi_bytes_per_scan_cmd);
802 ++
803 ++/**
804 ++ * comedi_bytes_per_scan() - Get length of asynchronous command "scan" in bytes
805 ++ * @s: COMEDI subdevice.
806 ++ *
807 ++ * Determines the overall scan length according to the subdevice type and the
808 ++ * number of channels in the scan for the current command.
809 ++ *
810 ++ * For digital input, output or input/output subdevices, samples for
811 ++ * multiple channels are assumed to be packed into one or more unsigned
812 ++ * short or unsigned int values according to the subdevice's %SDF_LSAMPL
813 ++ * flag. For other types of subdevice, samples are assumed to occupy a
814 ++ * whole unsigned short or unsigned int according to the %SDF_LSAMPL flag.
815 ++ *
816 ++ * Returns the overall scan length in bytes.
817 ++ */
818 ++unsigned int comedi_bytes_per_scan(struct comedi_subdevice *s)
819 ++{
820 ++ struct comedi_cmd *cmd = &s->async->cmd;
821 ++
822 ++ return comedi_bytes_per_scan_cmd(s, cmd);
823 ++}
824 + EXPORT_SYMBOL_GPL(comedi_bytes_per_scan);
825 +
826 + static unsigned int __comedi_nscans_left(struct comedi_subdevice *s,
827 +diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c
828 +index 0fa85d55c82f..fe03a41dc5cf 100644
829 +--- a/drivers/staging/comedi/drivers/ni_mio_common.c
830 ++++ b/drivers/staging/comedi/drivers/ni_mio_common.c
831 +@@ -3477,6 +3477,7 @@ static int ni_cdio_check_chanlist(struct comedi_device *dev,
832 + static int ni_cdio_cmdtest(struct comedi_device *dev,
833 + struct comedi_subdevice *s, struct comedi_cmd *cmd)
834 + {
835 ++ unsigned int bytes_per_scan;
836 + int err = 0;
837 + int tmp;
838 +
839 +@@ -3506,9 +3507,12 @@ static int ni_cdio_cmdtest(struct comedi_device *dev,
840 + err |= comedi_check_trigger_arg_is(&cmd->convert_arg, 0);
841 + err |= comedi_check_trigger_arg_is(&cmd->scan_end_arg,
842 + cmd->chanlist_len);
843 +- err |= comedi_check_trigger_arg_max(&cmd->stop_arg,
844 +- s->async->prealloc_bufsz /
845 +- comedi_bytes_per_scan(s));
846 ++ bytes_per_scan = comedi_bytes_per_scan_cmd(s, cmd);
847 ++ if (bytes_per_scan) {
848 ++ err |= comedi_check_trigger_arg_max(&cmd->stop_arg,
849 ++ s->async->prealloc_bufsz /
850 ++ bytes_per_scan);
851 ++ }
852 +
853 + if (err)
854 + return 3;
855 +diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
856 +index ab96629b7889..22e5116e74f8 100644
857 +--- a/drivers/staging/vt6655/device_main.c
858 ++++ b/drivers/staging/vt6655/device_main.c
859 +@@ -977,8 +977,6 @@ static void vnt_interrupt_process(struct vnt_private *priv)
860 + return;
861 + }
862 +
863 +- MACvIntDisable(priv->PortOffset);
864 +-
865 + spin_lock_irqsave(&priv->lock, flags);
866 +
867 + /* Read low level stats */
868 +@@ -1067,8 +1065,6 @@ static void vnt_interrupt_process(struct vnt_private *priv)
869 + }
870 +
871 + spin_unlock_irqrestore(&priv->lock, flags);
872 +-
873 +- MACvIntEnable(priv->PortOffset, IMR_MASK_VALUE);
874 + }
875 +
876 + static void vnt_interrupt_work(struct work_struct *work)
877 +@@ -1078,14 +1074,17 @@ static void vnt_interrupt_work(struct work_struct *work)
878 +
879 + if (priv->vif)
880 + vnt_interrupt_process(priv);
881 ++
882 ++ MACvIntEnable(priv->PortOffset, IMR_MASK_VALUE);
883 + }
884 +
885 + static irqreturn_t vnt_interrupt(int irq, void *arg)
886 + {
887 + struct vnt_private *priv = arg;
888 +
889 +- if (priv->vif)
890 +- schedule_work(&priv->interrupt_work);
891 ++ schedule_work(&priv->interrupt_work);
892 ++
893 ++ MACvIntDisable(priv->PortOffset);
894 +
895 + return IRQ_HANDLED;
896 + }
897 +diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
898 +index 5a341b1c65c3..d8e1945cb627 100644
899 +--- a/drivers/tty/serial/atmel_serial.c
900 ++++ b/drivers/tty/serial/atmel_serial.c
901 +@@ -1166,6 +1166,10 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
902 + sg_dma_len(&atmel_port->sg_rx)/2,
903 + DMA_DEV_TO_MEM,
904 + DMA_PREP_INTERRUPT);
905 ++ if (!desc) {
906 ++ dev_err(port->dev, "Preparing DMA cyclic failed\n");
907 ++ goto chan_err;
908 ++ }
909 + desc->callback = atmel_complete_rx_dma;
910 + desc->callback_param = port;
911 + atmel_port->desc_rx = desc;
912 +diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c
913 +index f2b0d8cee8ef..0314e78e31ff 100644
914 +--- a/drivers/tty/serial/kgdboc.c
915 ++++ b/drivers/tty/serial/kgdboc.c
916 +@@ -148,8 +148,10 @@ static int configure_kgdboc(void)
917 + char *cptr = config;
918 + struct console *cons;
919 +
920 +- if (!strlen(config) || isspace(config[0]))
921 ++ if (!strlen(config) || isspace(config[0])) {
922 ++ err = 0;
923 + goto noconfig;
924 ++ }
925 +
926 + kgdboc_io_ops.is_console = 0;
927 + kgdb_tty_driver = NULL;
928 +diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
929 +index 8a3e92638e10..5331baf3f699 100644
930 +--- a/drivers/tty/serial/max310x.c
931 ++++ b/drivers/tty/serial/max310x.c
932 +@@ -1323,6 +1323,8 @@ static int max310x_spi_probe(struct spi_device *spi)
933 + if (spi->dev.of_node) {
934 + const struct of_device_id *of_id =
935 + of_match_device(max310x_dt_ids, &spi->dev);
936 ++ if (!of_id)
937 ++ return -ENODEV;
938 +
939 + devtype = (struct max310x_devtype *)of_id->data;
940 + } else {
941 +diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
942 +index 6ff53b604ff6..bcb997935c5e 100644
943 +--- a/drivers/tty/serial/sh-sci.c
944 ++++ b/drivers/tty/serial/sh-sci.c
945 +@@ -834,19 +834,9 @@ static void sci_transmit_chars(struct uart_port *port)
946 +
947 + if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
948 + uart_write_wakeup(port);
949 +- if (uart_circ_empty(xmit)) {
950 ++ if (uart_circ_empty(xmit))
951 + sci_stop_tx(port);
952 +- } else {
953 +- ctrl = serial_port_in(port, SCSCR);
954 +-
955 +- if (port->type != PORT_SCI) {
956 +- serial_port_in(port, SCxSR); /* Dummy read */
957 +- sci_clear_SCxSR(port, SCxSR_TDxE_CLEAR(port));
958 +- }
959 +
960 +- ctrl |= SCSCR_TIE;
961 +- serial_port_out(port, SCSCR, ctrl);
962 +- }
963 + }
964 +
965 + /* On SH3, SCIF may read end-of-break as a space->mark char */
966 +diff --git a/drivers/usb/common/common.c b/drivers/usb/common/common.c
967 +index 5ef8da6e67c3..64c76403a542 100644
968 +--- a/drivers/usb/common/common.c
969 ++++ b/drivers/usb/common/common.c
970 +@@ -148,6 +148,8 @@ enum usb_dr_mode of_usb_get_dr_mode_by_phy(struct device_node *np, int arg0)
971 +
972 + do {
973 + controller = of_find_node_with_property(controller, "phys");
974 ++ if (!of_device_is_available(controller))
975 ++ continue;
976 + index = 0;
977 + do {
978 + if (arg0 == -1) {
979 +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
980 +index c6578b321838..5e6136d2ed71 100644
981 +--- a/drivers/usb/core/config.c
982 ++++ b/drivers/usb/core/config.c
983 +@@ -763,21 +763,18 @@ void usb_destroy_configuration(struct usb_device *dev)
984 + return;
985 +
986 + if (dev->rawdescriptors) {
987 +- for (i = 0; i < dev->descriptor.bNumConfigurations &&
988 +- i < USB_MAXCONFIG; i++)
989 ++ for (i = 0; i < dev->descriptor.bNumConfigurations; i++)
990 + kfree(dev->rawdescriptors[i]);
991 +
992 + kfree(dev->rawdescriptors);
993 + dev->rawdescriptors = NULL;
994 + }
995 +
996 +- for (c = 0; c < dev->descriptor.bNumConfigurations &&
997 +- c < USB_MAXCONFIG; c++) {
998 ++ for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
999 + struct usb_host_config *cf = &dev->config[c];
1000 +
1001 + kfree(cf->string);
1002 +- for (i = 0; i < cf->desc.bNumInterfaces &&
1003 +- i < USB_MAXINTERFACES; i++) {
1004 ++ for (i = 0; i < cf->desc.bNumInterfaces; i++) {
1005 + if (cf->intf_cache[i])
1006 + kref_put(&cf->intf_cache[i]->ref,
1007 + usb_release_interface_cache);
1008 +diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
1009 +index 5815120c0402..8e83649f77ce 100644
1010 +--- a/drivers/usb/gadget/function/f_hid.c
1011 ++++ b/drivers/usb/gadget/function/f_hid.c
1012 +@@ -340,20 +340,20 @@ try_again:
1013 + req->complete = f_hidg_req_complete;
1014 + req->context = hidg;
1015 +
1016 ++ spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1017 ++
1018 + status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC);
1019 + if (status < 0) {
1020 + ERROR(hidg->func.config->cdev,
1021 + "usb_ep_queue error on int endpoint %zd\n", status);
1022 +- goto release_write_pending_unlocked;
1023 ++ goto release_write_pending;
1024 + } else {
1025 + status = count;
1026 + }
1027 +- spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1028 +
1029 + return status;
1030 + release_write_pending:
1031 + spin_lock_irqsave(&hidg->write_spinlock, flags);
1032 +-release_write_pending_unlocked:
1033 + hidg->write_pending = 0;
1034 + spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1035 +
1036 +diff --git a/drivers/usb/host/xhci-rcar.c b/drivers/usb/host/xhci-rcar.c
1037 +index 0e4535e632ec..64ee8154f2bb 100644
1038 +--- a/drivers/usb/host/xhci-rcar.c
1039 ++++ b/drivers/usb/host/xhci-rcar.c
1040 +@@ -192,5 +192,6 @@ int xhci_rcar_init_quirk(struct usb_hcd *hcd)
1041 + xhci_rcar_is_gen3(hcd->self.controller))
1042 + xhci->quirks |= XHCI_NO_64BIT_SUPPORT;
1043 +
1044 ++ xhci->quirks |= XHCI_TRUST_TX_LENGTH;
1045 + return xhci_rcar_download_firmware(hcd);
1046 + }
1047 +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
1048 +index f4e34a75d413..879d82223068 100644
1049 +--- a/drivers/usb/host/xhci-ring.c
1050 ++++ b/drivers/usb/host/xhci-ring.c
1051 +@@ -1645,10 +1645,13 @@ static void handle_port_status(struct xhci_hcd *xhci,
1052 + }
1053 + }
1054 +
1055 +- if ((temp & PORT_PLC) && (temp & PORT_PLS_MASK) == XDEV_U0 &&
1056 +- DEV_SUPERSPEED_ANY(temp)) {
1057 ++ if ((temp & PORT_PLC) &&
1058 ++ DEV_SUPERSPEED_ANY(temp) &&
1059 ++ ((temp & PORT_PLS_MASK) == XDEV_U0 ||
1060 ++ (temp & PORT_PLS_MASK) == XDEV_U1 ||
1061 ++ (temp & PORT_PLS_MASK) == XDEV_U2)) {
1062 + xhci_dbg(xhci, "resume SS port %d finished\n", port_id);
1063 +- /* We've just brought the device into U0 through either the
1064 ++ /* We've just brought the device into U0/1/2 through either the
1065 + * Resume state after a device remote wakeup, or through the
1066 + * U3Exit state after a host-initiated resume. If it's a device
1067 + * initiated remote wake, don't pass up the link state change,
1068 +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
1069 +index e679fec9ce3a..de4771ce0df6 100644
1070 +--- a/drivers/usb/host/xhci.h
1071 ++++ b/drivers/usb/host/xhci.h
1072 +@@ -311,6 +311,7 @@ struct xhci_op_regs {
1073 + */
1074 + #define PORT_PLS_MASK (0xf << 5)
1075 + #define XDEV_U0 (0x0 << 5)
1076 ++#define XDEV_U1 (0x1 << 5)
1077 + #define XDEV_U2 (0x2 << 5)
1078 + #define XDEV_U3 (0x3 << 5)
1079 + #define XDEV_INACTIVE (0x6 << 5)
1080 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
1081 +index 7bbf2ca73f68..40c58145bf80 100644
1082 +--- a/drivers/usb/serial/cp210x.c
1083 ++++ b/drivers/usb/serial/cp210x.c
1084 +@@ -77,6 +77,7 @@ static const struct usb_device_id id_table[] = {
1085 + { USB_DEVICE(0x10C4, 0x804E) }, /* Software Bisque Paramount ME build-in converter */
1086 + { USB_DEVICE(0x10C4, 0x8053) }, /* Enfora EDG1228 */
1087 + { USB_DEVICE(0x10C4, 0x8054) }, /* Enfora GSM2228 */
1088 ++ { USB_DEVICE(0x10C4, 0x8056) }, /* Lorenz Messtechnik devices */
1089 + { USB_DEVICE(0x10C4, 0x8066) }, /* Argussoft In-System Programmer */
1090 + { USB_DEVICE(0x10C4, 0x806F) }, /* IMS USB to RS422 Converter Cable */
1091 + { USB_DEVICE(0x10C4, 0x807A) }, /* Crumb128 board */
1092 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
1093 +index b88a72220acd..f54931aa7528 100644
1094 +--- a/drivers/usb/serial/ftdi_sio.c
1095 ++++ b/drivers/usb/serial/ftdi_sio.c
1096 +@@ -604,6 +604,8 @@ static const struct usb_device_id id_table_combined[] = {
1097 + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
1098 + { USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLXM_PID),
1099 + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
1100 ++ { USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLX_PLUS_PID) },
1101 ++ { USB_DEVICE(FTDI_VID, FTDI_NT_ORION_IO_PID) },
1102 + { USB_DEVICE(FTDI_VID, FTDI_SYNAPSE_SS200_PID) },
1103 + { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX_PID) },
1104 + { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX2_PID) },
1105 +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
1106 +index ddf5ab983dc9..15d220eaf6e6 100644
1107 +--- a/drivers/usb/serial/ftdi_sio_ids.h
1108 ++++ b/drivers/usb/serial/ftdi_sio_ids.h
1109 +@@ -566,7 +566,9 @@
1110 + /*
1111 + * NovaTech product ids (FTDI_VID)
1112 + */
1113 +-#define FTDI_NT_ORIONLXM_PID 0x7c90 /* OrionLXm Substation Automation Platform */
1114 ++#define FTDI_NT_ORIONLXM_PID 0x7c90 /* OrionLXm Substation Automation Platform */
1115 ++#define FTDI_NT_ORIONLX_PLUS_PID 0x7c91 /* OrionLX+ Substation Automation Platform */
1116 ++#define FTDI_NT_ORION_IO_PID 0x7c92 /* Orion I/O */
1117 +
1118 + /*
1119 + * Synapse Wireless product ids (FTDI_VID)
1120 +diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
1121 +index 135eb04368f9..ea20322e1416 100644
1122 +--- a/drivers/usb/serial/mos7720.c
1123 ++++ b/drivers/usb/serial/mos7720.c
1124 +@@ -368,8 +368,6 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport,
1125 + if (!urbtrack)
1126 + return -ENOMEM;
1127 +
1128 +- kref_get(&mos_parport->ref_count);
1129 +- urbtrack->mos_parport = mos_parport;
1130 + urbtrack->urb = usb_alloc_urb(0, GFP_ATOMIC);
1131 + if (!urbtrack->urb) {
1132 + kfree(urbtrack);
1133 +@@ -390,6 +388,8 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport,
1134 + usb_sndctrlpipe(usbdev, 0),
1135 + (unsigned char *)urbtrack->setup,
1136 + NULL, 0, async_complete, urbtrack);
1137 ++ kref_get(&mos_parport->ref_count);
1138 ++ urbtrack->mos_parport = mos_parport;
1139 + kref_init(&urbtrack->ref_count);
1140 + INIT_LIST_HEAD(&urbtrack->urblist_entry);
1141 +
1142 +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
1143 +index b2b7c12e5c86..9f96dd274370 100644
1144 +--- a/drivers/usb/serial/option.c
1145 ++++ b/drivers/usb/serial/option.c
1146 +@@ -1066,7 +1066,8 @@ static const struct usb_device_id option_ids[] = {
1147 + .driver_info = RSVD(3) },
1148 + { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x6613)}, /* Onda H600/ZTE MF330 */
1149 + { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x0023)}, /* ONYX 3G device */
1150 +- { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000)}, /* SIMCom SIM5218 */
1151 ++ { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000), /* SIMCom SIM5218 */
1152 ++ .driver_info = NCTRL(0) | NCTRL(1) | NCTRL(2) | NCTRL(3) | RSVD(4) },
1153 + /* Quectel products using Qualcomm vendor ID */
1154 + { USB_DEVICE(QUALCOMM_VENDOR_ID, QUECTEL_PRODUCT_UC15)},
1155 + { USB_DEVICE(QUALCOMM_VENDOR_ID, QUECTEL_PRODUCT_UC20),
1156 +@@ -1941,10 +1942,12 @@ static const struct usb_device_id option_ids[] = {
1157 + .driver_info = RSVD(4) },
1158 + { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7e35, 0xff), /* D-Link DWM-222 */
1159 + .driver_info = RSVD(4) },
1160 +- { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
1161 +- { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
1162 +- { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/A3 */
1163 +- { USB_DEVICE_INTERFACE_CLASS(0x2020, 0x4000, 0xff) }, /* OLICARD300 - MT6225 */
1164 ++ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
1165 ++ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
1166 ++ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/A3 */
1167 ++ { USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2031, 0xff), /* Olicard 600 */
1168 ++ .driver_info = RSVD(4) },
1169 ++ { USB_DEVICE_INTERFACE_CLASS(0x2020, 0x4000, 0xff) }, /* OLICARD300 - MT6225 */
1170 + { USB_DEVICE(INOVIA_VENDOR_ID, INOVIA_SEW858) },
1171 + { USB_DEVICE(VIATELECOM_VENDOR_ID, VIATELECOM_PRODUCT_CDS7) },
1172 + { USB_DEVICE_AND_INTERFACE_INFO(WETELECOM_VENDOR_ID, WETELECOM_PRODUCT_WMD200, 0xff, 0xff, 0xff) },
1173 +diff --git a/drivers/video/fbdev/goldfishfb.c b/drivers/video/fbdev/goldfishfb.c
1174 +index 14a93cb21310..66d58e93bc32 100644
1175 +--- a/drivers/video/fbdev/goldfishfb.c
1176 ++++ b/drivers/video/fbdev/goldfishfb.c
1177 +@@ -234,7 +234,7 @@ static int goldfish_fb_probe(struct platform_device *pdev)
1178 + fb->fb.var.activate = FB_ACTIVATE_NOW;
1179 + fb->fb.var.height = readl(fb->reg_base + FB_GET_PHYS_HEIGHT);
1180 + fb->fb.var.width = readl(fb->reg_base + FB_GET_PHYS_WIDTH);
1181 +- fb->fb.var.pixclock = 10000;
1182 ++ fb->fb.var.pixclock = 0;
1183 +
1184 + fb->fb.var.red.offset = 11;
1185 + fb->fb.var.red.length = 5;
1186 +diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
1187 +index af6a776fa18c..5aa07de5750e 100644
1188 +--- a/fs/btrfs/raid56.c
1189 ++++ b/fs/btrfs/raid56.c
1190 +@@ -2395,8 +2395,9 @@ static noinline void finish_parity_scrub(struct btrfs_raid_bio *rbio,
1191 + bitmap_clear(rbio->dbitmap, pagenr, 1);
1192 + kunmap(p);
1193 +
1194 +- for (stripe = 0; stripe < rbio->real_stripes; stripe++)
1195 ++ for (stripe = 0; stripe < nr_data; stripe++)
1196 + kunmap(page_in_rbio(rbio, stripe, pagenr, 0));
1197 ++ kunmap(p_page);
1198 + }
1199 +
1200 + __free_page(p_page);
1201 +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
1202 +index 47d11a30bee7..a36bb75383dc 100644
1203 +--- a/fs/btrfs/tree-log.c
1204 ++++ b/fs/btrfs/tree-log.c
1205 +@@ -3343,9 +3343,16 @@ static noinline int log_dir_items(struct btrfs_trans_handle *trans,
1206 + }
1207 + btrfs_release_path(path);
1208 +
1209 +- /* find the first key from this transaction again */
1210 ++ /*
1211 ++ * Find the first key from this transaction again. See the note for
1212 ++ * log_new_dir_dentries, if we're logging a directory recursively we
1213 ++ * won't be holding its i_mutex, which means we can modify the directory
1214 ++ * while we're logging it. If we remove an entry between our first
1215 ++ * search and this search we'll not find the key again and can just
1216 ++ * bail.
1217 ++ */
1218 + ret = btrfs_search_slot(NULL, root, &min_key, path, 0, 0);
1219 +- if (WARN_ON(ret != 0))
1220 ++ if (ret != 0)
1221 + goto done;
1222 +
1223 + /*
1224 +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
1225 +index eb55ab6930b5..6d0d94fc243d 100644
1226 +--- a/fs/nfs/nfs4proc.c
1227 ++++ b/fs/nfs/nfs4proc.c
1228 +@@ -2748,7 +2748,8 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
1229 + nfs4_schedule_stateid_recovery(server, state);
1230 + }
1231 + out:
1232 +- nfs4_sequence_free_slot(&opendata->o_res.seq_res);
1233 ++ if (!opendata->cancelled)
1234 ++ nfs4_sequence_free_slot(&opendata->o_res.seq_res);
1235 + return ret;
1236 + }
1237 +
1238 +diff --git a/fs/open.c b/fs/open.c
1239 +index a6c6244f4993..f1deb36ee1b7 100644
1240 +--- a/fs/open.c
1241 ++++ b/fs/open.c
1242 +@@ -717,6 +717,12 @@ static int do_dentry_open(struct file *f,
1243 + return 0;
1244 + }
1245 +
1246 ++ /* Any file opened for execve()/uselib() has to be a regular file. */
1247 ++ if (unlikely(f->f_flags & FMODE_EXEC && !S_ISREG(inode->i_mode))) {
1248 ++ error = -EACCES;
1249 ++ goto cleanup_file;
1250 ++ }
1251 ++
1252 + if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
1253 + error = get_write_access(inode);
1254 + if (unlikely(error))
1255 +diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
1256 +index 1999e85840d5..6f30cf8ef7a1 100644
1257 +--- a/fs/proc/proc_sysctl.c
1258 ++++ b/fs/proc/proc_sysctl.c
1259 +@@ -1604,7 +1604,8 @@ static void drop_sysctl_table(struct ctl_table_header *header)
1260 + if (--header->nreg)
1261 + return;
1262 +
1263 +- put_links(header);
1264 ++ if (parent)
1265 ++ put_links(header);
1266 + start_unregistering(header);
1267 + if (!--header->count)
1268 + kfree_rcu(header, rcu);
1269 +diff --git a/include/net/sctp/checksum.h b/include/net/sctp/checksum.h
1270 +index 4a5b9a306c69..803fc26ef0ba 100644
1271 +--- a/include/net/sctp/checksum.h
1272 ++++ b/include/net/sctp/checksum.h
1273 +@@ -60,7 +60,7 @@ static inline __wsum sctp_csum_combine(__wsum csum, __wsum csum2,
1274 + static inline __le32 sctp_compute_cksum(const struct sk_buff *skb,
1275 + unsigned int offset)
1276 + {
1277 +- struct sctphdr *sh = sctp_hdr(skb);
1278 ++ struct sctphdr *sh = (struct sctphdr *)(skb->data + offset);
1279 + __le32 ret, old = sh->checksum;
1280 + const struct skb_checksum_ops ops = {
1281 + .update = sctp_csum_update,
1282 +diff --git a/include/net/sock.h b/include/net/sock.h
1283 +index 15bb04dec40e..116308632fae 100644
1284 +--- a/include/net/sock.h
1285 ++++ b/include/net/sock.h
1286 +@@ -650,6 +650,12 @@ static inline void sk_add_node_rcu(struct sock *sk, struct hlist_head *list)
1287 + hlist_add_head_rcu(&sk->sk_node, list);
1288 + }
1289 +
1290 ++static inline void sk_add_node_tail_rcu(struct sock *sk, struct hlist_head *list)
1291 ++{
1292 ++ sock_hold(sk);
1293 ++ hlist_add_tail_rcu(&sk->sk_node, list);
1294 ++}
1295 ++
1296 + static inline void __sk_nulls_add_node_rcu(struct sock *sk, struct hlist_nulls_head *list)
1297 + {
1298 + hlist_nulls_add_head_rcu(&sk->sk_nulls_node, list);
1299 +diff --git a/kernel/cpu.c b/kernel/cpu.c
1300 +index b5a0165b7300..bf24e8400903 100644
1301 +--- a/kernel/cpu.c
1302 ++++ b/kernel/cpu.c
1303 +@@ -591,6 +591,20 @@ static void undo_cpu_up(unsigned int cpu, struct cpuhp_cpu_state *st)
1304 + }
1305 + }
1306 +
1307 ++static inline bool can_rollback_cpu(struct cpuhp_cpu_state *st)
1308 ++{
1309 ++ if (IS_ENABLED(CONFIG_HOTPLUG_CPU))
1310 ++ return true;
1311 ++ /*
1312 ++ * When CPU hotplug is disabled, then taking the CPU down is not
1313 ++ * possible because takedown_cpu() and the architecture and
1314 ++ * subsystem specific mechanisms are not available. So the CPU
1315 ++ * which would be completely unplugged again needs to stay around
1316 ++ * in the current state.
1317 ++ */
1318 ++ return st->state <= CPUHP_BRINGUP_CPU;
1319 ++}
1320 ++
1321 + static int cpuhp_up_callbacks(unsigned int cpu, struct cpuhp_cpu_state *st,
1322 + enum cpuhp_state target)
1323 + {
1324 +@@ -601,8 +615,10 @@ static int cpuhp_up_callbacks(unsigned int cpu, struct cpuhp_cpu_state *st,
1325 + st->state++;
1326 + ret = cpuhp_invoke_callback(cpu, st->state, true, NULL);
1327 + if (ret) {
1328 +- st->target = prev_state;
1329 +- undo_cpu_up(cpu, st);
1330 ++ if (can_rollback_cpu(st)) {
1331 ++ st->target = prev_state;
1332 ++ undo_cpu_up(cpu, st);
1333 ++ }
1334 + break;
1335 + }
1336 + }
1337 +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
1338 +index 1fc23cb4a3e0..d49aa4e6c916 100644
1339 +--- a/net/bluetooth/l2cap_core.c
1340 ++++ b/net/bluetooth/l2cap_core.c
1341 +@@ -3326,16 +3326,22 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data
1342 +
1343 + while (len >= L2CAP_CONF_OPT_SIZE) {
1344 + len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1345 ++ if (len < 0)
1346 ++ break;
1347 +
1348 + hint = type & L2CAP_CONF_HINT;
1349 + type &= L2CAP_CONF_MASK;
1350 +
1351 + switch (type) {
1352 + case L2CAP_CONF_MTU:
1353 ++ if (olen != 2)
1354 ++ break;
1355 + mtu = val;
1356 + break;
1357 +
1358 + case L2CAP_CONF_FLUSH_TO:
1359 ++ if (olen != 2)
1360 ++ break;
1361 + chan->flush_to = val;
1362 + break;
1363 +
1364 +@@ -3343,26 +3349,30 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data
1365 + break;
1366 +
1367 + case L2CAP_CONF_RFC:
1368 +- if (olen == sizeof(rfc))
1369 +- memcpy(&rfc, (void *) val, olen);
1370 ++ if (olen != sizeof(rfc))
1371 ++ break;
1372 ++ memcpy(&rfc, (void *) val, olen);
1373 + break;
1374 +
1375 + case L2CAP_CONF_FCS:
1376 ++ if (olen != 1)
1377 ++ break;
1378 + if (val == L2CAP_FCS_NONE)
1379 + set_bit(CONF_RECV_NO_FCS, &chan->conf_state);
1380 + break;
1381 +
1382 + case L2CAP_CONF_EFS:
1383 +- if (olen == sizeof(efs)) {
1384 +- remote_efs = 1;
1385 +- memcpy(&efs, (void *) val, olen);
1386 +- }
1387 ++ if (olen != sizeof(efs))
1388 ++ break;
1389 ++ remote_efs = 1;
1390 ++ memcpy(&efs, (void *) val, olen);
1391 + break;
1392 +
1393 + case L2CAP_CONF_EWS:
1394 ++ if (olen != 2)
1395 ++ break;
1396 + if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP))
1397 + return -ECONNREFUSED;
1398 +-
1399 + set_bit(FLAG_EXT_CTRL, &chan->flags);
1400 + set_bit(CONF_EWS_RECV, &chan->conf_state);
1401 + chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
1402 +@@ -3372,7 +3382,6 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data
1403 + default:
1404 + if (hint)
1405 + break;
1406 +-
1407 + result = L2CAP_CONF_UNKNOWN;
1408 + *((u8 *) ptr++) = type;
1409 + break;
1410 +@@ -3537,58 +3546,65 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
1411 +
1412 + while (len >= L2CAP_CONF_OPT_SIZE) {
1413 + len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1414 ++ if (len < 0)
1415 ++ break;
1416 +
1417 + switch (type) {
1418 + case L2CAP_CONF_MTU:
1419 ++ if (olen != 2)
1420 ++ break;
1421 + if (val < L2CAP_DEFAULT_MIN_MTU) {
1422 + *result = L2CAP_CONF_UNACCEPT;
1423 + chan->imtu = L2CAP_DEFAULT_MIN_MTU;
1424 + } else
1425 + chan->imtu = val;
1426 +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, endptr - ptr);
1427 ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu,
1428 ++ endptr - ptr);
1429 + break;
1430 +
1431 + case L2CAP_CONF_FLUSH_TO:
1432 ++ if (olen != 2)
1433 ++ break;
1434 + chan->flush_to = val;
1435 +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
1436 +- 2, chan->flush_to, endptr - ptr);
1437 ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2,
1438 ++ chan->flush_to, endptr - ptr);
1439 + break;
1440 +
1441 + case L2CAP_CONF_RFC:
1442 +- if (olen == sizeof(rfc))
1443 +- memcpy(&rfc, (void *)val, olen);
1444 +-
1445 ++ if (olen != sizeof(rfc))
1446 ++ break;
1447 ++ memcpy(&rfc, (void *)val, olen);
1448 + if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
1449 + rfc.mode != chan->mode)
1450 + return -ECONNREFUSED;
1451 +-
1452 + chan->fcs = 0;
1453 +-
1454 +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1455 +- sizeof(rfc), (unsigned long) &rfc, endptr - ptr);
1456 ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1457 ++ (unsigned long) &rfc, endptr - ptr);
1458 + break;
1459 +
1460 + case L2CAP_CONF_EWS:
1461 ++ if (olen != 2)
1462 ++ break;
1463 + chan->ack_win = min_t(u16, val, chan->ack_win);
1464 + l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
1465 + chan->tx_win, endptr - ptr);
1466 + break;
1467 +
1468 + case L2CAP_CONF_EFS:
1469 +- if (olen == sizeof(efs)) {
1470 +- memcpy(&efs, (void *)val, olen);
1471 +-
1472 +- if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
1473 +- efs.stype != L2CAP_SERV_NOTRAFIC &&
1474 +- efs.stype != chan->local_stype)
1475 +- return -ECONNREFUSED;
1476 +-
1477 +- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
1478 +- (unsigned long) &efs, endptr - ptr);
1479 +- }
1480 ++ if (olen != sizeof(efs))
1481 ++ break;
1482 ++ memcpy(&efs, (void *)val, olen);
1483 ++ if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
1484 ++ efs.stype != L2CAP_SERV_NOTRAFIC &&
1485 ++ efs.stype != chan->local_stype)
1486 ++ return -ECONNREFUSED;
1487 ++ l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
1488 ++ (unsigned long) &efs, endptr - ptr);
1489 + break;
1490 +
1491 + case L2CAP_CONF_FCS:
1492 ++ if (olen != 1)
1493 ++ break;
1494 + if (*result == L2CAP_CONF_PENDING)
1495 + if (val == L2CAP_FCS_NONE)
1496 + set_bit(CONF_RECV_NO_FCS,
1497 +@@ -3717,13 +3733,18 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
1498 +
1499 + while (len >= L2CAP_CONF_OPT_SIZE) {
1500 + len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
1501 ++ if (len < 0)
1502 ++ break;
1503 +
1504 + switch (type) {
1505 + case L2CAP_CONF_RFC:
1506 +- if (olen == sizeof(rfc))
1507 +- memcpy(&rfc, (void *)val, olen);
1508 ++ if (olen != sizeof(rfc))
1509 ++ break;
1510 ++ memcpy(&rfc, (void *)val, olen);
1511 + break;
1512 + case L2CAP_CONF_EWS:
1513 ++ if (olen != 2)
1514 ++ break;
1515 + txwin_ext = val;
1516 + break;
1517 + }
1518 +diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
1519 +index 93c706172f40..87c513b5ff2e 100644
1520 +--- a/net/dccp/ipv6.c
1521 ++++ b/net/dccp/ipv6.c
1522 +@@ -431,8 +431,8 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
1523 + newnp->ipv6_mc_list = NULL;
1524 + newnp->ipv6_ac_list = NULL;
1525 + newnp->ipv6_fl_list = NULL;
1526 +- newnp->mcast_oif = inet6_iif(skb);
1527 +- newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1528 ++ newnp->mcast_oif = inet_iif(skb);
1529 ++ newnp->mcast_hops = ip_hdr(skb)->ttl;
1530 +
1531 + /*
1532 + * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1533 +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
1534 +index 0a69d39880f2..4953466cf98f 100644
1535 +--- a/net/ipv6/tcp_ipv6.c
1536 ++++ b/net/ipv6/tcp_ipv6.c
1537 +@@ -1056,11 +1056,11 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
1538 + newnp->ipv6_fl_list = NULL;
1539 + newnp->pktoptions = NULL;
1540 + newnp->opt = NULL;
1541 +- newnp->mcast_oif = tcp_v6_iif(skb);
1542 +- newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1543 +- newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1544 ++ newnp->mcast_oif = inet_iif(skb);
1545 ++ newnp->mcast_hops = ip_hdr(skb)->ttl;
1546 ++ newnp->rcv_flowinfo = 0;
1547 + if (np->repflow)
1548 +- newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1549 ++ newnp->flow_label = 0;
1550 +
1551 + /*
1552 + * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1553 +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
1554 +index 14df2fcf6138..522d4ca715c9 100644
1555 +--- a/net/packet/af_packet.c
1556 ++++ b/net/packet/af_packet.c
1557 +@@ -3278,7 +3278,7 @@ static int packet_create(struct net *net, struct socket *sock, int protocol,
1558 + }
1559 +
1560 + mutex_lock(&net->packet.sklist_lock);
1561 +- sk_add_node_rcu(sk, &net->packet.sklist);
1562 ++ sk_add_node_tail_rcu(sk, &net->packet.sklist);
1563 + mutex_unlock(&net->packet.sklist_lock);
1564 +
1565 + preempt_disable();
1566 +@@ -4229,7 +4229,7 @@ static struct pgv *alloc_pg_vec(struct tpacket_req *req, int order)
1567 + struct pgv *pg_vec;
1568 + int i;
1569 +
1570 +- pg_vec = kcalloc(block_nr, sizeof(struct pgv), GFP_KERNEL);
1571 ++ pg_vec = kcalloc(block_nr, sizeof(struct pgv), GFP_KERNEL | __GFP_NOWARN);
1572 + if (unlikely(!pg_vec))
1573 + goto out;
1574 +
1575 +diff --git a/net/rose/rose_subr.c b/net/rose/rose_subr.c
1576 +index 7ca57741b2fb..7849f286bb93 100644
1577 +--- a/net/rose/rose_subr.c
1578 ++++ b/net/rose/rose_subr.c
1579 +@@ -105,16 +105,17 @@ void rose_write_internal(struct sock *sk, int frametype)
1580 + struct sk_buff *skb;
1581 + unsigned char *dptr;
1582 + unsigned char lci1, lci2;
1583 +- char buffer[100];
1584 +- int len, faclen = 0;
1585 ++ int maxfaclen = 0;
1586 ++ int len, faclen;
1587 ++ int reserve;
1588 +
1589 +- len = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN + 1;
1590 ++ reserve = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1;
1591 ++ len = ROSE_MIN_LEN;
1592 +
1593 + switch (frametype) {
1594 + case ROSE_CALL_REQUEST:
1595 + len += 1 + ROSE_ADDR_LEN + ROSE_ADDR_LEN;
1596 +- faclen = rose_create_facilities(buffer, rose);
1597 +- len += faclen;
1598 ++ maxfaclen = 256;
1599 + break;
1600 + case ROSE_CALL_ACCEPTED:
1601 + case ROSE_CLEAR_REQUEST:
1602 +@@ -123,15 +124,16 @@ void rose_write_internal(struct sock *sk, int frametype)
1603 + break;
1604 + }
1605 +
1606 +- if ((skb = alloc_skb(len, GFP_ATOMIC)) == NULL)
1607 ++ skb = alloc_skb(reserve + len + maxfaclen, GFP_ATOMIC);
1608 ++ if (!skb)
1609 + return;
1610 +
1611 + /*
1612 + * Space for AX.25 header and PID.
1613 + */
1614 +- skb_reserve(skb, AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1);
1615 ++ skb_reserve(skb, reserve);
1616 +
1617 +- dptr = skb_put(skb, skb_tailroom(skb));
1618 ++ dptr = skb_put(skb, len);
1619 +
1620 + lci1 = (rose->lci >> 8) & 0x0F;
1621 + lci2 = (rose->lci >> 0) & 0xFF;
1622 +@@ -146,7 +148,8 @@ void rose_write_internal(struct sock *sk, int frametype)
1623 + dptr += ROSE_ADDR_LEN;
1624 + memcpy(dptr, &rose->source_addr, ROSE_ADDR_LEN);
1625 + dptr += ROSE_ADDR_LEN;
1626 +- memcpy(dptr, buffer, faclen);
1627 ++ faclen = rose_create_facilities(dptr, rose);
1628 ++ skb_put(skb, faclen);
1629 + dptr += faclen;
1630 + break;
1631 +
1632 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
1633 +index 549d0a4083b3..09a353c6373a 100644
1634 +--- a/net/wireless/nl80211.c
1635 ++++ b/net/wireless/nl80211.c
1636 +@@ -12942,7 +12942,7 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
1637 + struct sk_buff *msg;
1638 + void *hdr;
1639 +
1640 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
1641 ++ msg = nlmsg_new(100 + len, gfp);
1642 + if (!msg)
1643 + return;
1644 +
1645 +@@ -13094,7 +13094,7 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
1646 + struct sk_buff *msg;
1647 + void *hdr;
1648 +
1649 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
1650 ++ msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
1651 + if (!msg)
1652 + return;
1653 +
1654 +@@ -13136,7 +13136,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
1655 + struct sk_buff *msg;
1656 + void *hdr;
1657 +
1658 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
1659 ++ msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
1660 + if (!msg)
1661 + return;
1662 +
1663 +@@ -13173,7 +13173,7 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
1664 + struct sk_buff *msg;
1665 + void *hdr;
1666 +
1667 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1668 ++ msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
1669 + if (!msg)
1670 + return;
1671 +
1672 +@@ -13249,7 +13249,7 @@ void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
1673 +
1674 + trace_cfg80211_notify_new_peer_candidate(dev, addr);
1675 +
1676 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
1677 ++ msg = nlmsg_new(100 + ie_len, gfp);
1678 + if (!msg)
1679 + return;
1680 +
1681 +@@ -13620,7 +13620,7 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
1682 + struct sk_buff *msg;
1683 + void *hdr;
1684 +
1685 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
1686 ++ msg = nlmsg_new(100 + len, gfp);
1687 + if (!msg)
1688 + return -ENOMEM;
1689 +
1690 +@@ -13664,7 +13664,7 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
1691 +
1692 + trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
1693 +
1694 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
1695 ++ msg = nlmsg_new(100 + len, gfp);
1696 + if (!msg)
1697 + return;
1698 +
1699 +@@ -14473,7 +14473,7 @@ void cfg80211_ft_event(struct net_device *netdev,
1700 + if (!ft_event->target_ap)
1701 + return;
1702 +
1703 +- msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1704 ++ msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
1705 + if (!msg)
1706 + return;
1707 +
1708 +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
1709 +index cfb8f5896787..824097571467 100644
1710 +--- a/sound/core/oss/pcm_oss.c
1711 ++++ b/sound/core/oss/pcm_oss.c
1712 +@@ -951,6 +951,28 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream)
1713 + oss_frame_size = snd_pcm_format_physical_width(params_format(params)) *
1714 + params_channels(params) / 8;
1715 +
1716 ++ err = snd_pcm_oss_period_size(substream, params, sparams);
1717 ++ if (err < 0)
1718 ++ goto failure;
1719 ++
1720 ++ n = snd_pcm_plug_slave_size(substream, runtime->oss.period_bytes / oss_frame_size);
1721 ++ err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, n, NULL);
1722 ++ if (err < 0)
1723 ++ goto failure;
1724 ++
1725 ++ err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIODS,
1726 ++ runtime->oss.periods, NULL);
1727 ++ if (err < 0)
1728 ++ goto failure;
1729 ++
1730 ++ snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_DROP, NULL);
1731 ++
1732 ++ err = snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_HW_PARAMS, sparams);
1733 ++ if (err < 0) {
1734 ++ pcm_dbg(substream->pcm, "HW_PARAMS failed: %i\n", err);
1735 ++ goto failure;
1736 ++ }
1737 ++
1738 + #ifdef CONFIG_SND_PCM_OSS_PLUGINS
1739 + snd_pcm_oss_plugin_clear(substream);
1740 + if (!direct) {
1741 +@@ -985,27 +1007,6 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream)
1742 + }
1743 + #endif
1744 +
1745 +- err = snd_pcm_oss_period_size(substream, params, sparams);
1746 +- if (err < 0)
1747 +- goto failure;
1748 +-
1749 +- n = snd_pcm_plug_slave_size(substream, runtime->oss.period_bytes / oss_frame_size);
1750 +- err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, n, NULL);
1751 +- if (err < 0)
1752 +- goto failure;
1753 +-
1754 +- err = snd_pcm_hw_param_near(substream, sparams, SNDRV_PCM_HW_PARAM_PERIODS,
1755 +- runtime->oss.periods, NULL);
1756 +- if (err < 0)
1757 +- goto failure;
1758 +-
1759 +- snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_DROP, NULL);
1760 +-
1761 +- if ((err = snd_pcm_kernel_ioctl(substream, SNDRV_PCM_IOCTL_HW_PARAMS, sparams)) < 0) {
1762 +- pcm_dbg(substream->pcm, "HW_PARAMS failed: %i\n", err);
1763 +- goto failure;
1764 +- }
1765 +-
1766 + if (runtime->oss.trigger) {
1767 + sw_params->start_threshold = 1;
1768 + } else {
1769 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
1770 +index 3586ab41dec4..e1138e70dbb3 100644
1771 +--- a/sound/core/pcm_native.c
1772 ++++ b/sound/core/pcm_native.c
1773 +@@ -1258,8 +1258,15 @@ static int snd_pcm_pause(struct snd_pcm_substream *substream, int push)
1774 + static int snd_pcm_pre_suspend(struct snd_pcm_substream *substream, int state)
1775 + {
1776 + struct snd_pcm_runtime *runtime = substream->runtime;
1777 +- if (runtime->status->state == SNDRV_PCM_STATE_SUSPENDED)
1778 ++ switch (runtime->status->state) {
1779 ++ case SNDRV_PCM_STATE_SUSPENDED:
1780 + return -EBUSY;
1781 ++ /* unresumable PCM state; return -EBUSY for skipping suspend */
1782 ++ case SNDRV_PCM_STATE_OPEN:
1783 ++ case SNDRV_PCM_STATE_SETUP:
1784 ++ case SNDRV_PCM_STATE_DISCONNECTED:
1785 ++ return -EBUSY;
1786 ++ }
1787 + runtime->trigger_master = substream;
1788 + return 0;
1789 + }
1790 +diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
1791 +index 59111cadaec2..c8b2309352d7 100644
1792 +--- a/sound/core/rawmidi.c
1793 ++++ b/sound/core/rawmidi.c
1794 +@@ -29,6 +29,7 @@
1795 + #include <linux/mutex.h>
1796 + #include <linux/module.h>
1797 + #include <linux/delay.h>
1798 ++#include <linux/nospec.h>
1799 + #include <sound/rawmidi.h>
1800 + #include <sound/info.h>
1801 + #include <sound/control.h>
1802 +@@ -591,6 +592,7 @@ static int __snd_rawmidi_info_select(struct snd_card *card,
1803 + return -ENXIO;
1804 + if (info->stream < 0 || info->stream > 1)
1805 + return -EINVAL;
1806 ++ info->stream = array_index_nospec(info->stream, 2);
1807 + pstr = &rmidi->streams[info->stream];
1808 + if (pstr->substream_count == 0)
1809 + return -ENOENT;
1810 +diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
1811 +index 278ebb993122..c93945917235 100644
1812 +--- a/sound/core/seq/oss/seq_oss_synth.c
1813 ++++ b/sound/core/seq/oss/seq_oss_synth.c
1814 +@@ -617,13 +617,14 @@ int
1815 + snd_seq_oss_synth_make_info(struct seq_oss_devinfo *dp, int dev, struct synth_info *inf)
1816 + {
1817 + struct seq_oss_synth *rec;
1818 ++ struct seq_oss_synthinfo *info = get_synthinfo_nospec(dp, dev);
1819 +
1820 +- if (dev < 0 || dev >= dp->max_synthdev)
1821 ++ if (!info)
1822 + return -ENXIO;
1823 +
1824 +- if (dp->synths[dev].is_midi) {
1825 ++ if (info->is_midi) {
1826 + struct midi_info minf;
1827 +- snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf);
1828 ++ snd_seq_oss_midi_make_info(dp, info->midi_mapped, &minf);
1829 + inf->synth_type = SYNTH_TYPE_MIDI;
1830 + inf->synth_subtype = 0;
1831 + inf->nr_voices = 16;
1832 +diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
1833 +index 94764efb0a6a..3c1372655c33 100644
1834 +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
1835 ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
1836 +@@ -240,19 +240,15 @@ struct intel_pt_decoder *intel_pt_decoder_new(struct intel_pt_params *params)
1837 + if (!(decoder->tsc_ctc_ratio_n % decoder->tsc_ctc_ratio_d))
1838 + decoder->tsc_ctc_mult = decoder->tsc_ctc_ratio_n /
1839 + decoder->tsc_ctc_ratio_d;
1840 +-
1841 +- /*
1842 +- * Allow for timestamps appearing to backwards because a TSC
1843 +- * packet has slipped past a MTC packet, so allow 2 MTC ticks
1844 +- * or ...
1845 +- */
1846 +- decoder->tsc_slip = multdiv(2 << decoder->mtc_shift,
1847 +- decoder->tsc_ctc_ratio_n,
1848 +- decoder->tsc_ctc_ratio_d);
1849 + }
1850 +- /* ... or 0x100 paranoia */
1851 +- if (decoder->tsc_slip < 0x100)
1852 +- decoder->tsc_slip = 0x100;
1853 ++
1854 ++ /*
1855 ++ * A TSC packet can slip past MTC packets so that the timestamp appears
1856 ++ * to go backwards. One estimate is that can be up to about 40 CPU
1857 ++ * cycles, which is certainly less than 0x1000 TSC ticks, but accept
1858 ++ * slippage an order of magnitude more to be on the safe side.
1859 ++ */
1860 ++ decoder->tsc_slip = 0x10000;
1861 +
1862 + intel_pt_log("timestamp: mtc_shift %u\n", decoder->mtc_shift);
1863 + intel_pt_log("timestamp: tsc_ctc_ratio_n %u\n", decoder->tsc_ctc_ratio_n);
1864 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
1865 +index 60de4c337f0a..c72586a094ed 100644
1866 +--- a/virt/kvm/kvm_main.c
1867 ++++ b/virt/kvm/kvm_main.c
1868 +@@ -2793,6 +2793,9 @@ static long kvm_device_ioctl(struct file *filp, unsigned int ioctl,
1869 + {
1870 + struct kvm_device *dev = filp->private_data;
1871 +
1872 ++ if (dev->kvm->mm != current->mm)
1873 ++ return -EIO;
1874 ++
1875 + switch (ioctl) {
1876 + case KVM_SET_DEVICE_ATTR:
1877 + return kvm_device_ioctl_attr(dev, dev->ops->set_attr, arg);
Report Message
Find on MARC Find on Google Groups