Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.5/, 4.2.4/
Date: Sat, 31 Oct 2015 06:05:28
Message-Id: 1446271858.fa38620120f5717d335b43af2e661758267ee529.blueness@gentoo
1 commit: fa38620120f5717d335b43af2e661758267ee529
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Thu Oct 29 20:57:52 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Oct 31 06:10:58 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fa386201
7
8 grsecurity-3.1-4.2.5-201510290852
9
10 4.2.4/1003_linux-4.2.4.patch | 10010 -------------------
11 {4.2.4 => 4.2.5}/0000_README | 6 +-
12 .../4420_grsecurity-3.1-4.2.5-201510290852.patch | 516 +-
13 {4.2.4 => 4.2.5}/4425_grsec_remove_EI_PAX.patch | 0
14 {4.2.4 => 4.2.5}/4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {4.2.4 => 4.2.5}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 {4.2.4 => 4.2.5}/4470_disable-compat_vdso.patch | 0
21 {4.2.4 => 4.2.5}/4475_emutramp_default_on.patch | 0
22 12 files changed, 331 insertions(+), 10201 deletions(-)
23
24 diff --git a/4.2.4/1003_linux-4.2.4.patch b/4.2.4/1003_linux-4.2.4.patch
25 deleted file mode 100644
26 index a7e5a43..0000000
27 --- a/4.2.4/1003_linux-4.2.4.patch
28 +++ /dev/null
29 @@ -1,10010 +0,0 @@
30 -diff --git a/Documentation/HOWTO b/Documentation/HOWTO
31 -index 93aa860..21152d3 100644
32 ---- a/Documentation/HOWTO
33 -+++ b/Documentation/HOWTO
34 -@@ -218,16 +218,16 @@ The development process
35 - Linux kernel development process currently consists of a few different
36 - main kernel "branches" and lots of different subsystem-specific kernel
37 - branches. These different branches are:
38 -- - main 3.x kernel tree
39 -- - 3.x.y -stable kernel tree
40 -- - 3.x -git kernel patches
41 -+ - main 4.x kernel tree
42 -+ - 4.x.y -stable kernel tree
43 -+ - 4.x -git kernel patches
44 - - subsystem specific kernel trees and patches
45 -- - the 3.x -next kernel tree for integration tests
46 -+ - the 4.x -next kernel tree for integration tests
47 -
48 --3.x kernel tree
49 -+4.x kernel tree
50 - -----------------
51 --3.x kernels are maintained by Linus Torvalds, and can be found on
52 --kernel.org in the pub/linux/kernel/v3.x/ directory. Its development
53 -+4.x kernels are maintained by Linus Torvalds, and can be found on
54 -+kernel.org in the pub/linux/kernel/v4.x/ directory. Its development
55 - process is as follows:
56 - - As soon as a new kernel is released a two weeks window is open,
57 - during this period of time maintainers can submit big diffs to
58 -@@ -262,20 +262,20 @@ mailing list about kernel releases:
59 - released according to perceived bug status, not according to a
60 - preconceived timeline."
61 -
62 --3.x.y -stable kernel tree
63 -+4.x.y -stable kernel tree
64 - ---------------------------
65 - Kernels with 3-part versions are -stable kernels. They contain
66 - relatively small and critical fixes for security problems or significant
67 --regressions discovered in a given 3.x kernel.
68 -+regressions discovered in a given 4.x kernel.
69 -
70 - This is the recommended branch for users who want the most recent stable
71 - kernel and are not interested in helping test development/experimental
72 - versions.
73 -
74 --If no 3.x.y kernel is available, then the highest numbered 3.x
75 -+If no 4.x.y kernel is available, then the highest numbered 4.x
76 - kernel is the current stable kernel.
77 -
78 --3.x.y are maintained by the "stable" team <stable@×××××××××××.org>, and
79 -+4.x.y are maintained by the "stable" team <stable@×××××××××××.org>, and
80 - are released as needs dictate. The normal release period is approximately
81 - two weeks, but it can be longer if there are no pressing problems. A
82 - security-related problem, instead, can cause a release to happen almost
83 -@@ -285,7 +285,7 @@ The file Documentation/stable_kernel_rules.txt in the kernel tree
84 - documents what kinds of changes are acceptable for the -stable tree, and
85 - how the release process works.
86 -
87 --3.x -git patches
88 -+4.x -git patches
89 - ------------------
90 - These are daily snapshots of Linus' kernel tree which are managed in a
91 - git repository (hence the name.) These patches are usually released
92 -@@ -317,9 +317,9 @@ revisions to it, and maintainers can mark patches as under review,
93 - accepted, or rejected. Most of these patchwork sites are listed at
94 - http://patchwork.kernel.org/.
95 -
96 --3.x -next kernel tree for integration tests
97 -+4.x -next kernel tree for integration tests
98 - ---------------------------------------------
99 --Before updates from subsystem trees are merged into the mainline 3.x
100 -+Before updates from subsystem trees are merged into the mainline 4.x
101 - tree, they need to be integration-tested. For this purpose, a special
102 - testing repository exists into which virtually all subsystem trees are
103 - pulled on an almost daily basis:
104 -diff --git a/Makefile b/Makefile
105 -index a6edbb1..a952801 100644
106 ---- a/Makefile
107 -+++ b/Makefile
108 -@@ -1,6 +1,6 @@
109 - VERSION = 4
110 - PATCHLEVEL = 2
111 --SUBLEVEL = 3
112 -+SUBLEVEL = 4
113 - EXTRAVERSION =
114 - NAME = Hurr durr I'ma sheep
115 -
116 -diff --git a/arch/arc/plat-axs10x/axs10x.c b/arch/arc/plat-axs10x/axs10x.c
117 -index e7769c3..ac79491 100644
118 ---- a/arch/arc/plat-axs10x/axs10x.c
119 -+++ b/arch/arc/plat-axs10x/axs10x.c
120 -@@ -402,6 +402,8 @@ static void __init axs103_early_init(void)
121 - unsigned int num_cores = (read_aux_reg(ARC_REG_MCIP_BCR) >> 16) & 0x3F;
122 - if (num_cores > 2)
123 - arc_set_core_freq(50 * 1000000);
124 -+ else if (num_cores == 2)
125 -+ arc_set_core_freq(75 * 1000000);
126 - #endif
127 -
128 - switch (arc_get_core_freq()/1000000) {
129 -diff --git a/arch/arm/Makefile b/arch/arm/Makefile
130 -index 7451b44..2c2b28e 100644
131 ---- a/arch/arm/Makefile
132 -+++ b/arch/arm/Makefile
133 -@@ -54,6 +54,14 @@ AS += -EL
134 - LD += -EL
135 - endif
136 -
137 -+#
138 -+# The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and
139 -+# later may result in code being generated that handles signed short and signed
140 -+# char struct members incorrectly. So disable it.
141 -+# (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65932)
142 -+#
143 -+KBUILD_CFLAGS += $(call cc-option,-fno-ipa-sra)
144 -+
145 - # This selects which instruction set is used.
146 - # Note that GCC does not numerically define an architecture version
147 - # macro, but instead defines a whole series of macros which makes
148 -diff --git a/arch/arm/boot/dts/exynos5420.dtsi b/arch/arm/boot/dts/exynos5420.dtsi
149 -index 534f27c..fa8107d 100644
150 ---- a/arch/arm/boot/dts/exynos5420.dtsi
151 -+++ b/arch/arm/boot/dts/exynos5420.dtsi
152 -@@ -1118,7 +1118,7 @@
153 - interrupt-parent = <&combiner>;
154 - interrupts = <3 0>;
155 - clock-names = "sysmmu", "master";
156 -- clocks = <&clock CLK_SMMU_FIMD1M0>, <&clock CLK_FIMD1>;
157 -+ clocks = <&clock CLK_SMMU_FIMD1M1>, <&clock CLK_FIMD1>;
158 - power-domains = <&disp_pd>;
159 - #iommu-cells = <0>;
160 - };
161 -diff --git a/arch/arm/boot/dts/imx6qdl-rex.dtsi b/arch/arm/boot/dts/imx6qdl-rex.dtsi
162 -index 3373fd9..a5035624 100644
163 ---- a/arch/arm/boot/dts/imx6qdl-rex.dtsi
164 -+++ b/arch/arm/boot/dts/imx6qdl-rex.dtsi
165 -@@ -35,7 +35,6 @@
166 - compatible = "regulator-fixed";
167 - reg = <1>;
168 - pinctrl-names = "default";
169 -- pinctrl-0 = <&pinctrl_usbh1>;
170 - regulator-name = "usbh1_vbus";
171 - regulator-min-microvolt = <5000000>;
172 - regulator-max-microvolt = <5000000>;
173 -@@ -47,7 +46,6 @@
174 - compatible = "regulator-fixed";
175 - reg = <2>;
176 - pinctrl-names = "default";
177 -- pinctrl-0 = <&pinctrl_usbotg>;
178 - regulator-name = "usb_otg_vbus";
179 - regulator-min-microvolt = <5000000>;
180 - regulator-max-microvolt = <5000000>;
181 -diff --git a/arch/arm/boot/dts/omap3-beagle.dts b/arch/arm/boot/dts/omap3-beagle.dts
182 -index a547411..67659a0 100644
183 ---- a/arch/arm/boot/dts/omap3-beagle.dts
184 -+++ b/arch/arm/boot/dts/omap3-beagle.dts
185 -@@ -202,7 +202,7 @@
186 -
187 - tfp410_pins: pinmux_tfp410_pins {
188 - pinctrl-single,pins = <
189 -- 0x194 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */
190 -+ 0x196 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */
191 - >;
192 - };
193 -
194 -diff --git a/arch/arm/boot/dts/omap5-uevm.dts b/arch/arm/boot/dts/omap5-uevm.dts
195 -index 275618f..5771a14 100644
196 ---- a/arch/arm/boot/dts/omap5-uevm.dts
197 -+++ b/arch/arm/boot/dts/omap5-uevm.dts
198 -@@ -174,8 +174,8 @@
199 -
200 - i2c5_pins: pinmux_i2c5_pins {
201 - pinctrl-single,pins = <
202 -- 0x184 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */
203 -- 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */
204 -+ 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */
205 -+ 0x188 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */
206 - >;
207 - };
208 -
209 -diff --git a/arch/arm/boot/dts/sun7i-a20.dtsi b/arch/arm/boot/dts/sun7i-a20.dtsi
210 -index 6a63f30..f5f384c 100644
211 ---- a/arch/arm/boot/dts/sun7i-a20.dtsi
212 -+++ b/arch/arm/boot/dts/sun7i-a20.dtsi
213 -@@ -107,7 +107,7 @@
214 - 720000 1200000
215 - 528000 1100000
216 - 312000 1000000
217 -- 144000 900000
218 -+ 144000 1000000
219 - >;
220 - #cooling-cells = <2>;
221 - cooling-min-level = <0>;
222 -diff --git a/arch/arm/kernel/kgdb.c b/arch/arm/kernel/kgdb.c
223 -index a6ad93c..fd9eefc 100644
224 ---- a/arch/arm/kernel/kgdb.c
225 -+++ b/arch/arm/kernel/kgdb.c
226 -@@ -259,15 +259,17 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
227 - if (err)
228 - return err;
229 -
230 -- patch_text((void *)bpt->bpt_addr,
231 -- *(unsigned int *)arch_kgdb_ops.gdb_bpt_instr);
232 -+ /* Machine is already stopped, so we can use __patch_text() directly */
233 -+ __patch_text((void *)bpt->bpt_addr,
234 -+ *(unsigned int *)arch_kgdb_ops.gdb_bpt_instr);
235 -
236 - return err;
237 - }
238 -
239 - int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
240 - {
241 -- patch_text((void *)bpt->bpt_addr, *(unsigned int *)bpt->saved_instr);
242 -+ /* Machine is already stopped, so we can use __patch_text() directly */
243 -+ __patch_text((void *)bpt->bpt_addr, *(unsigned int *)bpt->saved_instr);
244 -
245 - return 0;
246 - }
247 -diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
248 -index 54272e0..7d5379c 100644
249 ---- a/arch/arm/kernel/perf_event.c
250 -+++ b/arch/arm/kernel/perf_event.c
251 -@@ -795,8 +795,10 @@ static int of_pmu_irq_cfg(struct arm_pmu *pmu)
252 -
253 - /* Don't bother with PPIs; they're already affine */
254 - irq = platform_get_irq(pdev, 0);
255 -- if (irq >= 0 && irq_is_percpu(irq))
256 -+ if (irq >= 0 && irq_is_percpu(irq)) {
257 -+ cpumask_setall(&pmu->supported_cpus);
258 - return 0;
259 -+ }
260 -
261 - irqs = kcalloc(pdev->num_resources, sizeof(*irqs), GFP_KERNEL);
262 - if (!irqs)
263 -diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
264 -index 423663e..586eef2 100644
265 ---- a/arch/arm/kernel/signal.c
266 -+++ b/arch/arm/kernel/signal.c
267 -@@ -343,12 +343,17 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
268 - */
269 - thumb = handler & 1;
270 -
271 --#if __LINUX_ARM_ARCH__ >= 7
272 -+#if __LINUX_ARM_ARCH__ >= 6
273 - /*
274 -- * Clear the If-Then Thumb-2 execution state
275 -- * ARM spec requires this to be all 000s in ARM mode
276 -- * Snapdragon S4/Krait misbehaves on a Thumb=>ARM
277 -- * signal transition without this.
278 -+ * Clear the If-Then Thumb-2 execution state. ARM spec
279 -+ * requires this to be all 000s in ARM mode. Snapdragon
280 -+ * S4/Krait misbehaves on a Thumb=>ARM signal transition
281 -+ * without this.
282 -+ *
283 -+ * We must do this whenever we are running on a Thumb-2
284 -+ * capable CPU, which includes ARMv6T2. However, we elect
285 -+ * to do this whenever we're on an ARMv6 or later CPU for
286 -+ * simplicity.
287 - */
288 - cpsr &= ~PSR_IT_MASK;
289 - #endif
290 -diff --git a/arch/arm/kvm/interrupts_head.S b/arch/arm/kvm/interrupts_head.S
291 -index 702740d..51a5950 100644
292 ---- a/arch/arm/kvm/interrupts_head.S
293 -+++ b/arch/arm/kvm/interrupts_head.S
294 -@@ -515,8 +515,7 @@ ARM_BE8(rev r6, r6 )
295 -
296 - mrc p15, 0, r2, c14, c3, 1 @ CNTV_CTL
297 - str r2, [vcpu, #VCPU_TIMER_CNTV_CTL]
298 -- bic r2, #1 @ Clear ENABLE
299 -- mcr p15, 0, r2, c14, c3, 1 @ CNTV_CTL
300 -+
301 - isb
302 -
303 - mrrc p15, 3, rr_lo_hi(r2, r3), c14 @ CNTV_CVAL
304 -@@ -529,6 +528,9 @@ ARM_BE8(rev r6, r6 )
305 - mcrr p15, 4, r2, r2, c14 @ CNTVOFF
306 -
307 - 1:
308 -+ mov r2, #0 @ Clear ENABLE
309 -+ mcr p15, 0, r2, c14, c3, 1 @ CNTV_CTL
310 -+
311 - @ Allow physical timer/counter access for the host
312 - mrc p15, 4, r2, c14, c1, 0 @ CNTHCTL
313 - orr r2, r2, #(CNTHCTL_PL1PCEN | CNTHCTL_PL1PCTEN)
314 -diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
315 -index 7b42012..6984342 100644
316 ---- a/arch/arm/kvm/mmu.c
317 -+++ b/arch/arm/kvm/mmu.c
318 -@@ -1792,8 +1792,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
319 - if (vma->vm_flags & VM_PFNMAP) {
320 - gpa_t gpa = mem->guest_phys_addr +
321 - (vm_start - mem->userspace_addr);
322 -- phys_addr_t pa = (vma->vm_pgoff << PAGE_SHIFT) +
323 -- vm_start - vma->vm_start;
324 -+ phys_addr_t pa;
325 -+
326 -+ pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
327 -+ pa += vm_start - vma->vm_start;
328 -
329 - /* IO region dirty page logging not allowed */
330 - if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES)
331 -diff --git a/arch/arm/mach-exynos/mcpm-exynos.c b/arch/arm/mach-exynos/mcpm-exynos.c
332 -index 9bdf547..5697819 100644
333 ---- a/arch/arm/mach-exynos/mcpm-exynos.c
334 -+++ b/arch/arm/mach-exynos/mcpm-exynos.c
335 -@@ -20,6 +20,7 @@
336 - #include <asm/cputype.h>
337 - #include <asm/cp15.h>
338 - #include <asm/mcpm.h>
339 -+#include <asm/smp_plat.h>
340 -
341 - #include "regs-pmu.h"
342 - #include "common.h"
343 -@@ -70,7 +71,31 @@ static int exynos_cpu_powerup(unsigned int cpu, unsigned int cluster)
344 - cluster >= EXYNOS5420_NR_CLUSTERS)
345 - return -EINVAL;
346 -
347 -- exynos_cpu_power_up(cpunr);
348 -+ if (!exynos_cpu_power_state(cpunr)) {
349 -+ exynos_cpu_power_up(cpunr);
350 -+
351 -+ /*
352 -+ * This assumes the cluster number of the big cores(Cortex A15)
353 -+ * is 0 and the Little cores(Cortex A7) is 1.
354 -+ * When the system was booted from the Little core,
355 -+ * they should be reset during power up cpu.
356 -+ */
357 -+ if (cluster &&
358 -+ cluster == MPIDR_AFFINITY_LEVEL(cpu_logical_map(0), 1)) {
359 -+ /*
360 -+ * Before we reset the Little cores, we should wait
361 -+ * the SPARE2 register is set to 1 because the init
362 -+ * codes of the iROM will set the register after
363 -+ * initialization.
364 -+ */
365 -+ while (!pmu_raw_readl(S5P_PMU_SPARE2))
366 -+ udelay(10);
367 -+
368 -+ pmu_raw_writel(EXYNOS5420_KFC_CORE_RESET(cpu),
369 -+ EXYNOS_SWRESET);
370 -+ }
371 -+ }
372 -+
373 - return 0;
374 - }
375 -
376 -diff --git a/arch/arm/mach-exynos/regs-pmu.h b/arch/arm/mach-exynos/regs-pmu.h
377 -index b761433..fba9068 100644
378 ---- a/arch/arm/mach-exynos/regs-pmu.h
379 -+++ b/arch/arm/mach-exynos/regs-pmu.h
380 -@@ -513,6 +513,12 @@ static inline unsigned int exynos_pmu_cpunr(unsigned int mpidr)
381 - #define SPREAD_ENABLE 0xF
382 - #define SPREAD_USE_STANDWFI 0xF
383 -
384 -+#define EXYNOS5420_KFC_CORE_RESET0 BIT(8)
385 -+#define EXYNOS5420_KFC_ETM_RESET0 BIT(20)
386 -+
387 -+#define EXYNOS5420_KFC_CORE_RESET(_nr) \
388 -+ ((EXYNOS5420_KFC_CORE_RESET0 | EXYNOS5420_KFC_ETM_RESET0) << (_nr))
389 -+
390 - #define EXYNOS5420_BB_CON1 0x0784
391 - #define EXYNOS5420_BB_SEL_EN BIT(31)
392 - #define EXYNOS5420_BB_PMOS_EN BIT(7)
393 -diff --git a/arch/arm/plat-pxa/ssp.c b/arch/arm/plat-pxa/ssp.c
394 -index ad9529c..daa1a65 100644
395 ---- a/arch/arm/plat-pxa/ssp.c
396 -+++ b/arch/arm/plat-pxa/ssp.c
397 -@@ -107,7 +107,6 @@ static const struct of_device_id pxa_ssp_of_ids[] = {
398 - { .compatible = "mvrl,pxa168-ssp", .data = (void *) PXA168_SSP },
399 - { .compatible = "mrvl,pxa910-ssp", .data = (void *) PXA910_SSP },
400 - { .compatible = "mrvl,ce4100-ssp", .data = (void *) CE4100_SSP },
401 -- { .compatible = "mrvl,lpss-ssp", .data = (void *) LPSS_SSP },
402 - { },
403 - };
404 - MODULE_DEVICE_TABLE(of, pxa_ssp_of_ids);
405 -diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c
406 -index e8ca6ea..13671a9 100644
407 ---- a/arch/arm64/kernel/efi.c
408 -+++ b/arch/arm64/kernel/efi.c
409 -@@ -258,7 +258,8 @@ static bool __init efi_virtmap_init(void)
410 - */
411 - if (!is_normal_ram(md))
412 - prot = __pgprot(PROT_DEVICE_nGnRE);
413 -- else if (md->type == EFI_RUNTIME_SERVICES_CODE)
414 -+ else if (md->type == EFI_RUNTIME_SERVICES_CODE ||
415 -+ !PAGE_ALIGNED(md->phys_addr))
416 - prot = PAGE_KERNEL_EXEC;
417 - else
418 - prot = PAGE_KERNEL;
419 -diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S
420 -index 08cafc5..0f03a8f 100644
421 ---- a/arch/arm64/kernel/entry-ftrace.S
422 -+++ b/arch/arm64/kernel/entry-ftrace.S
423 -@@ -178,6 +178,24 @@ ENTRY(ftrace_stub)
424 - ENDPROC(ftrace_stub)
425 -
426 - #ifdef CONFIG_FUNCTION_GRAPH_TRACER
427 -+ /* save return value regs*/
428 -+ .macro save_return_regs
429 -+ sub sp, sp, #64
430 -+ stp x0, x1, [sp]
431 -+ stp x2, x3, [sp, #16]
432 -+ stp x4, x5, [sp, #32]
433 -+ stp x6, x7, [sp, #48]
434 -+ .endm
435 -+
436 -+ /* restore return value regs*/
437 -+ .macro restore_return_regs
438 -+ ldp x0, x1, [sp]
439 -+ ldp x2, x3, [sp, #16]
440 -+ ldp x4, x5, [sp, #32]
441 -+ ldp x6, x7, [sp, #48]
442 -+ add sp, sp, #64
443 -+ .endm
444 -+
445 - /*
446 - * void ftrace_graph_caller(void)
447 - *
448 -@@ -204,11 +222,11 @@ ENDPROC(ftrace_graph_caller)
449 - * only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.
450 - */
451 - ENTRY(return_to_handler)
452 -- str x0, [sp, #-16]!
453 -+ save_return_regs
454 - mov x0, x29 // parent's fp
455 - bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);
456 - mov x30, x0 // restore the original return address
457 -- ldr x0, [sp], #16
458 -+ restore_return_regs
459 - ret
460 - END(return_to_handler)
461 - #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
462 -diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
463 -index 94d98cd..27c3e6f 100644
464 ---- a/arch/arm64/mm/fault.c
465 -+++ b/arch/arm64/mm/fault.c
466 -@@ -278,6 +278,7 @@ retry:
467 - * starvation.
468 - */
469 - mm_flags &= ~FAULT_FLAG_ALLOW_RETRY;
470 -+ mm_flags |= FAULT_FLAG_TRIED;
471 - goto retry;
472 - }
473 - }
474 -diff --git a/arch/m68k/include/asm/linkage.h b/arch/m68k/include/asm/linkage.h
475 -index 5a822bb..066e74f 100644
476 ---- a/arch/m68k/include/asm/linkage.h
477 -+++ b/arch/m68k/include/asm/linkage.h
478 -@@ -4,4 +4,34 @@
479 - #define __ALIGN .align 4
480 - #define __ALIGN_STR ".align 4"
481 -
482 -+/*
483 -+ * Make sure the compiler doesn't do anything stupid with the
484 -+ * arguments on the stack - they are owned by the *caller*, not
485 -+ * the callee. This just fools gcc into not spilling into them,
486 -+ * and keeps it from doing tailcall recursion and/or using the
487 -+ * stack slots for temporaries, since they are live and "used"
488 -+ * all the way to the end of the function.
489 -+ */
490 -+#define asmlinkage_protect(n, ret, args...) \
491 -+ __asmlinkage_protect##n(ret, ##args)
492 -+#define __asmlinkage_protect_n(ret, args...) \
493 -+ __asm__ __volatile__ ("" : "=r" (ret) : "0" (ret), ##args)
494 -+#define __asmlinkage_protect0(ret) \
495 -+ __asmlinkage_protect_n(ret)
496 -+#define __asmlinkage_protect1(ret, arg1) \
497 -+ __asmlinkage_protect_n(ret, "m" (arg1))
498 -+#define __asmlinkage_protect2(ret, arg1, arg2) \
499 -+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2))
500 -+#define __asmlinkage_protect3(ret, arg1, arg2, arg3) \
501 -+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3))
502 -+#define __asmlinkage_protect4(ret, arg1, arg2, arg3, arg4) \
503 -+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
504 -+ "m" (arg4))
505 -+#define __asmlinkage_protect5(ret, arg1, arg2, arg3, arg4, arg5) \
506 -+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
507 -+ "m" (arg4), "m" (arg5))
508 -+#define __asmlinkage_protect6(ret, arg1, arg2, arg3, arg4, arg5, arg6) \
509 -+ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
510 -+ "m" (arg4), "m" (arg5), "m" (arg6))
511 -+
512 - #endif
513 -diff --git a/arch/mips/kernel/cps-vec.S b/arch/mips/kernel/cps-vec.S
514 -index 9f71c06..209ded1 100644
515 ---- a/arch/mips/kernel/cps-vec.S
516 -+++ b/arch/mips/kernel/cps-vec.S
517 -@@ -39,6 +39,7 @@
518 - mfc0 \dest, CP0_CONFIG, 3
519 - andi \dest, \dest, MIPS_CONF3_MT
520 - beqz \dest, \nomt
521 -+ nop
522 - .endm
523 -
524 - .section .text.cps-vec
525 -@@ -223,10 +224,9 @@ LEAF(excep_ejtag)
526 - END(excep_ejtag)
527 -
528 - LEAF(mips_cps_core_init)
529 --#ifdef CONFIG_MIPS_MT
530 -+#ifdef CONFIG_MIPS_MT_SMP
531 - /* Check that the core implements the MT ASE */
532 - has_mt t0, 3f
533 -- nop
534 -
535 - .set push
536 - .set mips64r2
537 -@@ -310,8 +310,9 @@ LEAF(mips_cps_boot_vpes)
538 - PTR_ADDU t0, t0, t1
539 -
540 - /* Calculate this VPEs ID. If the core doesn't support MT use 0 */
541 -+ li t9, 0
542 -+#ifdef CONFIG_MIPS_MT_SMP
543 - has_mt ta2, 1f
544 -- li t9, 0
545 -
546 - /* Find the number of VPEs present in the core */
547 - mfc0 t1, CP0_MVPCONF0
548 -@@ -330,6 +331,7 @@ LEAF(mips_cps_boot_vpes)
549 - /* Retrieve the VPE ID from EBase.CPUNum */
550 - mfc0 t9, $15, 1
551 - and t9, t9, t1
552 -+#endif
553 -
554 - 1: /* Calculate a pointer to this VPEs struct vpe_boot_config */
555 - li t1, VPEBOOTCFG_SIZE
556 -@@ -337,7 +339,7 @@ LEAF(mips_cps_boot_vpes)
557 - PTR_L ta3, COREBOOTCFG_VPECONFIG(t0)
558 - PTR_ADDU v0, v0, ta3
559 -
560 --#ifdef CONFIG_MIPS_MT
561 -+#ifdef CONFIG_MIPS_MT_SMP
562 -
563 - /* If the core doesn't support MT then return */
564 - bnez ta2, 1f
565 -@@ -451,7 +453,7 @@ LEAF(mips_cps_boot_vpes)
566 -
567 - 2: .set pop
568 -
569 --#endif /* CONFIG_MIPS_MT */
570 -+#endif /* CONFIG_MIPS_MT_SMP */
571 -
572 - /* Return */
573 - jr ra
574 -diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c
575 -index 008b337..4ceac5c 100644
576 ---- a/arch/mips/kernel/setup.c
577 -+++ b/arch/mips/kernel/setup.c
578 -@@ -338,7 +338,7 @@ static void __init bootmem_init(void)
579 - if (end <= reserved_end)
580 - continue;
581 - #ifdef CONFIG_BLK_DEV_INITRD
582 -- /* mapstart should be after initrd_end */
583 -+ /* Skip zones before initrd and initrd itself */
584 - if (initrd_end && end <= (unsigned long)PFN_UP(__pa(initrd_end)))
585 - continue;
586 - #endif
587 -@@ -371,6 +371,14 @@ static void __init bootmem_init(void)
588 - max_low_pfn = PFN_DOWN(HIGHMEM_START);
589 - }
590 -
591 -+#ifdef CONFIG_BLK_DEV_INITRD
592 -+ /*
593 -+ * mapstart should be after initrd_end
594 -+ */
595 -+ if (initrd_end)
596 -+ mapstart = max(mapstart, (unsigned long)PFN_UP(__pa(initrd_end)));
597 -+#endif
598 -+
599 - /*
600 - * Initialize the boot-time allocator with low memory only.
601 - */
602 -diff --git a/arch/mips/loongson64/common/env.c b/arch/mips/loongson64/common/env.c
603 -index f6c44dd..d6d07ad 100644
604 ---- a/arch/mips/loongson64/common/env.c
605 -+++ b/arch/mips/loongson64/common/env.c
606 -@@ -64,6 +64,9 @@ void __init prom_init_env(void)
607 - }
608 - if (memsize == 0)
609 - memsize = 256;
610 -+
611 -+ loongson_sysconf.nr_uarts = 1;
612 -+
613 - pr_info("memsize=%u, highmemsize=%u\n", memsize, highmemsize);
614 - #else
615 - struct boot_params *boot_p;
616 -diff --git a/arch/mips/mm/dma-default.c b/arch/mips/mm/dma-default.c
617 -index eeaf024..815892e 100644
618 ---- a/arch/mips/mm/dma-default.c
619 -+++ b/arch/mips/mm/dma-default.c
620 -@@ -100,7 +100,7 @@ static gfp_t massage_gfp_flags(const struct device *dev, gfp_t gfp)
621 - else
622 - #endif
623 - #if defined(CONFIG_ZONE_DMA) && !defined(CONFIG_ZONE_DMA32)
624 -- if (dev->coherent_dma_mask < DMA_BIT_MASK(64))
625 -+ if (dev->coherent_dma_mask < DMA_BIT_MASK(sizeof(phys_addr_t) * 8))
626 - dma_flag = __GFP_DMA;
627 - else
628 - #endif
629 -diff --git a/arch/mips/net/bpf_jit_asm.S b/arch/mips/net/bpf_jit_asm.S
630 -index e927260..dabf417 100644
631 ---- a/arch/mips/net/bpf_jit_asm.S
632 -+++ b/arch/mips/net/bpf_jit_asm.S
633 -@@ -64,8 +64,20 @@ sk_load_word_positive:
634 - PTR_ADDU t1, $r_skb_data, offset
635 - lw $r_A, 0(t1)
636 - #ifdef CONFIG_CPU_LITTLE_ENDIAN
637 -+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
638 - wsbh t0, $r_A
639 - rotr $r_A, t0, 16
640 -+# else
641 -+ sll t0, $r_A, 24
642 -+ srl t1, $r_A, 24
643 -+ srl t2, $r_A, 8
644 -+ or t0, t0, t1
645 -+ andi t2, t2, 0xff00
646 -+ andi t1, $r_A, 0xff00
647 -+ or t0, t0, t2
648 -+ sll t1, t1, 8
649 -+ or $r_A, t0, t1
650 -+# endif
651 - #endif
652 - jr $r_ra
653 - move $r_ret, zero
654 -@@ -80,8 +92,16 @@ sk_load_half_positive:
655 - PTR_ADDU t1, $r_skb_data, offset
656 - lh $r_A, 0(t1)
657 - #ifdef CONFIG_CPU_LITTLE_ENDIAN
658 -+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
659 - wsbh t0, $r_A
660 - seh $r_A, t0
661 -+# else
662 -+ sll t0, $r_A, 24
663 -+ andi t1, $r_A, 0xff00
664 -+ sra t0, t0, 16
665 -+ srl t1, t1, 8
666 -+ or $r_A, t0, t1
667 -+# endif
668 - #endif
669 - jr $r_ra
670 - move $r_ret, zero
671 -@@ -148,23 +168,47 @@ sk_load_byte_positive:
672 - NESTED(bpf_slow_path_word, (6 * SZREG), $r_sp)
673 - bpf_slow_path_common(4)
674 - #ifdef CONFIG_CPU_LITTLE_ENDIAN
675 -+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
676 - wsbh t0, $r_s0
677 - jr $r_ra
678 - rotr $r_A, t0, 16
679 --#endif
680 -+# else
681 -+ sll t0, $r_s0, 24
682 -+ srl t1, $r_s0, 24
683 -+ srl t2, $r_s0, 8
684 -+ or t0, t0, t1
685 -+ andi t2, t2, 0xff00
686 -+ andi t1, $r_s0, 0xff00
687 -+ or t0, t0, t2
688 -+ sll t1, t1, 8
689 -+ jr $r_ra
690 -+ or $r_A, t0, t1
691 -+# endif
692 -+#else
693 - jr $r_ra
694 -- move $r_A, $r_s0
695 -+ move $r_A, $r_s0
696 -+#endif
697 -
698 - END(bpf_slow_path_word)
699 -
700 - NESTED(bpf_slow_path_half, (6 * SZREG), $r_sp)
701 - bpf_slow_path_common(2)
702 - #ifdef CONFIG_CPU_LITTLE_ENDIAN
703 -+# if defined(__mips_isa_rev) && (__mips_isa_rev >= 2)
704 - jr $r_ra
705 - wsbh $r_A, $r_s0
706 --#endif
707 -+# else
708 -+ sll t0, $r_s0, 8
709 -+ andi t1, $r_s0, 0xff00
710 -+ andi t0, t0, 0xff00
711 -+ srl t1, t1, 8
712 -+ jr $r_ra
713 -+ or $r_A, t0, t1
714 -+# endif
715 -+#else
716 - jr $r_ra
717 - move $r_A, $r_s0
718 -+#endif
719 -
720 - END(bpf_slow_path_half)
721 -
722 -diff --git a/arch/powerpc/kvm/book3s.c b/arch/powerpc/kvm/book3s.c
723 -index 05ea8fc..4816fe2 100644
724 ---- a/arch/powerpc/kvm/book3s.c
725 -+++ b/arch/powerpc/kvm/book3s.c
726 -@@ -827,12 +827,15 @@ int kvmppc_h_logical_ci_load(struct kvm_vcpu *vcpu)
727 - unsigned long size = kvmppc_get_gpr(vcpu, 4);
728 - unsigned long addr = kvmppc_get_gpr(vcpu, 5);
729 - u64 buf;
730 -+ int srcu_idx;
731 - int ret;
732 -
733 - if (!is_power_of_2(size) || (size > sizeof(buf)))
734 - return H_TOO_HARD;
735 -
736 -+ srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
737 - ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, addr, size, &buf);
738 -+ srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
739 - if (ret != 0)
740 - return H_TOO_HARD;
741 -
742 -@@ -867,6 +870,7 @@ int kvmppc_h_logical_ci_store(struct kvm_vcpu *vcpu)
743 - unsigned long addr = kvmppc_get_gpr(vcpu, 5);
744 - unsigned long val = kvmppc_get_gpr(vcpu, 6);
745 - u64 buf;
746 -+ int srcu_idx;
747 - int ret;
748 -
749 - switch (size) {
750 -@@ -890,7 +894,9 @@ int kvmppc_h_logical_ci_store(struct kvm_vcpu *vcpu)
751 - return H_TOO_HARD;
752 - }
753 -
754 -+ srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
755 - ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, addr, size, &buf);
756 -+ srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx);
757 - if (ret != 0)
758 - return H_TOO_HARD;
759 -
760 -diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
761 -index 68d067a..a9f753f 100644
762 ---- a/arch/powerpc/kvm/book3s_hv.c
763 -+++ b/arch/powerpc/kvm/book3s_hv.c
764 -@@ -2178,7 +2178,7 @@ static int kvmppc_run_vcpu(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
765 - vc->runner = vcpu;
766 - if (n_ceded == vc->n_runnable) {
767 - kvmppc_vcore_blocked(vc);
768 -- } else if (should_resched()) {
769 -+ } else if (need_resched()) {
770 - vc->vcore_state = VCORE_PREEMPT;
771 - /* Let something else run */
772 - cond_resched_lock(&vc->lock);
773 -diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
774 -index 76408cf..437f643 100644
775 ---- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
776 -+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
777 -@@ -1171,6 +1171,7 @@ mc_cont:
778 - bl kvmhv_accumulate_time
779 - #endif
780 -
781 -+ mr r3, r12
782 - /* Increment exit count, poke other threads to exit */
783 - bl kvmhv_commence_exit
784 - nop
785 -diff --git a/arch/powerpc/platforms/pasemi/msi.c b/arch/powerpc/platforms/pasemi/msi.c
786 -index 27f2b18..ff1bb4b 100644
787 ---- a/arch/powerpc/platforms/pasemi/msi.c
788 -+++ b/arch/powerpc/platforms/pasemi/msi.c
789 -@@ -63,6 +63,7 @@ static struct irq_chip mpic_pasemi_msi_chip = {
790 - static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev)
791 - {
792 - struct msi_desc *entry;
793 -+ irq_hw_number_t hwirq;
794 -
795 - pr_debug("pasemi_msi_teardown_msi_irqs, pdev %p\n", pdev);
796 -
797 -@@ -70,10 +71,10 @@ static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev)
798 - if (entry->irq == NO_IRQ)
799 - continue;
800 -
801 -+ hwirq = virq_to_hw(entry->irq);
802 - irq_set_msi_desc(entry->irq, NULL);
803 -- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
804 -- virq_to_hw(entry->irq), ALLOC_CHUNK);
805 - irq_dispose_mapping(entry->irq);
806 -+ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, hwirq, ALLOC_CHUNK);
807 - }
808 -
809 - return;
810 -diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c
811 -index 765d8ed..fd16f86 100644
812 ---- a/arch/powerpc/platforms/powernv/pci.c
813 -+++ b/arch/powerpc/platforms/powernv/pci.c
814 -@@ -99,6 +99,7 @@ void pnv_teardown_msi_irqs(struct pci_dev *pdev)
815 - struct pci_controller *hose = pci_bus_to_host(pdev->bus);
816 - struct pnv_phb *phb = hose->private_data;
817 - struct msi_desc *entry;
818 -+ irq_hw_number_t hwirq;
819 -
820 - if (WARN_ON(!phb))
821 - return;
822 -@@ -106,10 +107,10 @@ void pnv_teardown_msi_irqs(struct pci_dev *pdev)
823 - list_for_each_entry(entry, &pdev->msi_list, list) {
824 - if (entry->irq == NO_IRQ)
825 - continue;
826 -+ hwirq = virq_to_hw(entry->irq);
827 - irq_set_msi_desc(entry->irq, NULL);
828 -- msi_bitmap_free_hwirqs(&phb->msi_bmp,
829 -- virq_to_hw(entry->irq) - phb->msi_base, 1);
830 - irq_dispose_mapping(entry->irq);
831 -+ msi_bitmap_free_hwirqs(&phb->msi_bmp, hwirq - phb->msi_base, 1);
832 - }
833 - }
834 - #endif /* CONFIG_PCI_MSI */
835 -diff --git a/arch/powerpc/sysdev/fsl_msi.c b/arch/powerpc/sysdev/fsl_msi.c
836 -index 5236e54..691e8e5 100644
837 ---- a/arch/powerpc/sysdev/fsl_msi.c
838 -+++ b/arch/powerpc/sysdev/fsl_msi.c
839 -@@ -128,15 +128,16 @@ static void fsl_teardown_msi_irqs(struct pci_dev *pdev)
840 - {
841 - struct msi_desc *entry;
842 - struct fsl_msi *msi_data;
843 -+ irq_hw_number_t hwirq;
844 -
845 - list_for_each_entry(entry, &pdev->msi_list, list) {
846 - if (entry->irq == NO_IRQ)
847 - continue;
848 -+ hwirq = virq_to_hw(entry->irq);
849 - msi_data = irq_get_chip_data(entry->irq);
850 - irq_set_msi_desc(entry->irq, NULL);
851 -- msi_bitmap_free_hwirqs(&msi_data->bitmap,
852 -- virq_to_hw(entry->irq), 1);
853 - irq_dispose_mapping(entry->irq);
854 -+ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1);
855 - }
856 -
857 - return;
858 -diff --git a/arch/powerpc/sysdev/mpic_u3msi.c b/arch/powerpc/sysdev/mpic_u3msi.c
859 -index fc46ef3..4c3165f 100644
860 ---- a/arch/powerpc/sysdev/mpic_u3msi.c
861 -+++ b/arch/powerpc/sysdev/mpic_u3msi.c
862 -@@ -107,15 +107,16 @@ static u64 find_u4_magic_addr(struct pci_dev *pdev, unsigned int hwirq)
863 - static void u3msi_teardown_msi_irqs(struct pci_dev *pdev)
864 - {
865 - struct msi_desc *entry;
866 -+ irq_hw_number_t hwirq;
867 -
868 - list_for_each_entry(entry, &pdev->msi_list, list) {
869 - if (entry->irq == NO_IRQ)
870 - continue;
871 -
872 -+ hwirq = virq_to_hw(entry->irq);
873 - irq_set_msi_desc(entry->irq, NULL);
874 -- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
875 -- virq_to_hw(entry->irq), 1);
876 - irq_dispose_mapping(entry->irq);
877 -+ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, hwirq, 1);
878 - }
879 -
880 - return;
881 -diff --git a/arch/powerpc/sysdev/ppc4xx_msi.c b/arch/powerpc/sysdev/ppc4xx_msi.c
882 -index 6eb21f2..060f237 100644
883 ---- a/arch/powerpc/sysdev/ppc4xx_msi.c
884 -+++ b/arch/powerpc/sysdev/ppc4xx_msi.c
885 -@@ -124,16 +124,17 @@ void ppc4xx_teardown_msi_irqs(struct pci_dev *dev)
886 - {
887 - struct msi_desc *entry;
888 - struct ppc4xx_msi *msi_data = &ppc4xx_msi;
889 -+ irq_hw_number_t hwirq;
890 -
891 - dev_dbg(&dev->dev, "PCIE-MSI: tearing down msi irqs\n");
892 -
893 - list_for_each_entry(entry, &dev->msi_list, list) {
894 - if (entry->irq == NO_IRQ)
895 - continue;
896 -+ hwirq = virq_to_hw(entry->irq);
897 - irq_set_msi_desc(entry->irq, NULL);
898 -- msi_bitmap_free_hwirqs(&msi_data->bitmap,
899 -- virq_to_hw(entry->irq), 1);
900 - irq_dispose_mapping(entry->irq);
901 -+ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1);
902 - }
903 - }
904 -
905 -diff --git a/arch/s390/boot/compressed/Makefile b/arch/s390/boot/compressed/Makefile
906 -index d478811..fac6ac9 100644
907 ---- a/arch/s390/boot/compressed/Makefile
908 -+++ b/arch/s390/boot/compressed/Makefile
909 -@@ -10,7 +10,7 @@ targets += misc.o piggy.o sizes.h head.o
910 -
911 - KBUILD_CFLAGS := -m64 -D__KERNEL__ $(LINUX_INCLUDE) -O2
912 - KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
913 --KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks
914 -+KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks -msoft-float
915 - KBUILD_CFLAGS += $(call cc-option,-mpacked-stack)
916 - KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
917 -
918 -diff --git a/arch/s390/kernel/compat_signal.c b/arch/s390/kernel/compat_signal.c
919 -index fe8d692..c78ba51 100644
920 ---- a/arch/s390/kernel/compat_signal.c
921 -+++ b/arch/s390/kernel/compat_signal.c
922 -@@ -48,6 +48,19 @@ typedef struct
923 - struct ucontext32 uc;
924 - } rt_sigframe32;
925 -
926 -+static inline void sigset_to_sigset32(unsigned long *set64,
927 -+ compat_sigset_word *set32)
928 -+{
929 -+ set32[0] = (compat_sigset_word) set64[0];
930 -+ set32[1] = (compat_sigset_word)(set64[0] >> 32);
931 -+}
932 -+
933 -+static inline void sigset32_to_sigset(compat_sigset_word *set32,
934 -+ unsigned long *set64)
935 -+{
936 -+ set64[0] = (unsigned long) set32[0] | ((unsigned long) set32[1] << 32);
937 -+}
938 -+
939 - int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
940 - {
941 - int err;
942 -@@ -303,10 +316,12 @@ COMPAT_SYSCALL_DEFINE0(sigreturn)
943 - {
944 - struct pt_regs *regs = task_pt_regs(current);
945 - sigframe32 __user *frame = (sigframe32 __user *)regs->gprs[15];
946 -+ compat_sigset_t cset;
947 - sigset_t set;
948 -
949 -- if (__copy_from_user(&set.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
950 -+ if (__copy_from_user(&cset.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
951 - goto badframe;
952 -+ sigset32_to_sigset(cset.sig, set.sig);
953 - set_current_blocked(&set);
954 - if (restore_sigregs32(regs, &frame->sregs))
955 - goto badframe;
956 -@@ -323,10 +338,12 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
957 - {
958 - struct pt_regs *regs = task_pt_regs(current);
959 - rt_sigframe32 __user *frame = (rt_sigframe32 __user *)regs->gprs[15];
960 -+ compat_sigset_t cset;
961 - sigset_t set;
962 -
963 -- if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
964 -+ if (__copy_from_user(&cset, &frame->uc.uc_sigmask, sizeof(cset)))
965 - goto badframe;
966 -+ sigset32_to_sigset(cset.sig, set.sig);
967 - set_current_blocked(&set);
968 - if (compat_restore_altstack(&frame->uc.uc_stack))
969 - goto badframe;
970 -@@ -397,7 +414,7 @@ static int setup_frame32(struct ksignal *ksig, sigset_t *set,
971 - return -EFAULT;
972 -
973 - /* Create struct sigcontext32 on the signal stack */
974 -- memcpy(&sc.oldmask, &set->sig, _SIGMASK_COPY_SIZE32);
975 -+ sigset_to_sigset32(set->sig, sc.oldmask);
976 - sc.sregs = (__u32)(unsigned long __force) &frame->sregs;
977 - if (__copy_to_user(&frame->sc, &sc, sizeof(frame->sc)))
978 - return -EFAULT;
979 -@@ -458,6 +475,7 @@ static int setup_frame32(struct ksignal *ksig, sigset_t *set,
980 - static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set,
981 - struct pt_regs *regs)
982 - {
983 -+ compat_sigset_t cset;
984 - rt_sigframe32 __user *frame;
985 - unsigned long restorer;
986 - size_t frame_size;
987 -@@ -505,11 +523,12 @@ static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set,
988 - store_sigregs();
989 -
990 - /* Create ucontext on the signal stack. */
991 -+ sigset_to_sigset32(set->sig, cset.sig);
992 - if (__put_user(uc_flags, &frame->uc.uc_flags) ||
993 - __put_user(0, &frame->uc.uc_link) ||
994 - __compat_save_altstack(&frame->uc.uc_stack, regs->gprs[15]) ||
995 - save_sigregs32(regs, &frame->uc.uc_mcontext) ||
996 -- __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)) ||
997 -+ __copy_to_user(&frame->uc.uc_sigmask, &cset, sizeof(cset)) ||
998 - save_sigregs_ext32(regs, &frame->uc.uc_mcontext_ext))
999 - return -EFAULT;
1000 -
1001 -diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
1002 -index 8cb3e43..d330840 100644
1003 ---- a/arch/x86/entry/entry_64.S
1004 -+++ b/arch/x86/entry/entry_64.S
1005 -@@ -1219,7 +1219,18 @@ END(error_exit)
1006 -
1007 - /* Runs on exception stack */
1008 - ENTRY(nmi)
1009 -+ /*
1010 -+ * Fix up the exception frame if we're on Xen.
1011 -+ * PARAVIRT_ADJUST_EXCEPTION_FRAME is guaranteed to push at most
1012 -+ * one value to the stack on native, so it may clobber the rdx
1013 -+ * scratch slot, but it won't clobber any of the important
1014 -+ * slots past it.
1015 -+ *
1016 -+ * Xen is a different story, because the Xen frame itself overlaps
1017 -+ * the "NMI executing" variable.
1018 -+ */
1019 - PARAVIRT_ADJUST_EXCEPTION_FRAME
1020 -+
1021 - /*
1022 - * We allow breakpoints in NMIs. If a breakpoint occurs, then
1023 - * the iretq it performs will take us out of NMI context.
1024 -@@ -1270,9 +1281,12 @@ ENTRY(nmi)
1025 - * we don't want to enable interrupts, because then we'll end
1026 - * up in an awkward situation in which IRQs are on but NMIs
1027 - * are off.
1028 -+ *
1029 -+ * We also must not push anything to the stack before switching
1030 -+ * stacks lest we corrupt the "NMI executing" variable.
1031 - */
1032 -
1033 -- SWAPGS
1034 -+ SWAPGS_UNSAFE_STACK
1035 - cld
1036 - movq %rsp, %rdx
1037 - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
1038 -diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
1039 -index 9ebc3d0..2350ab7 100644
1040 ---- a/arch/x86/include/asm/msr-index.h
1041 -+++ b/arch/x86/include/asm/msr-index.h
1042 -@@ -311,6 +311,7 @@
1043 - /* C1E active bits in int pending message */
1044 - #define K8_INTP_C1E_ACTIVE_MASK 0x18000000
1045 - #define MSR_K8_TSEG_ADDR 0xc0010112
1046 -+#define MSR_K8_TSEG_MASK 0xc0010113
1047 - #define K8_MTRRFIXRANGE_DRAM_ENABLE 0x00040000 /* MtrrFixDramEn bit */
1048 - #define K8_MTRRFIXRANGE_DRAM_MODIFY 0x00080000 /* MtrrFixDramModEn bit */
1049 - #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem */
1050 -diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
1051 -index dca71714..b12f810 100644
1052 ---- a/arch/x86/include/asm/preempt.h
1053 -+++ b/arch/x86/include/asm/preempt.h
1054 -@@ -90,9 +90,9 @@ static __always_inline bool __preempt_count_dec_and_test(void)
1055 - /*
1056 - * Returns true when we need to resched and can (barring IRQ state).
1057 - */
1058 --static __always_inline bool should_resched(void)
1059 -+static __always_inline bool should_resched(int preempt_offset)
1060 - {
1061 -- return unlikely(!raw_cpu_read_4(__preempt_count));
1062 -+ return unlikely(raw_cpu_read_4(__preempt_count) == preempt_offset);
1063 - }
1064 -
1065 - #ifdef CONFIG_PREEMPT
1066 -diff --git a/arch/x86/include/asm/qspinlock.h b/arch/x86/include/asm/qspinlock.h
1067 -index 9d51fae..eaba080 100644
1068 ---- a/arch/x86/include/asm/qspinlock.h
1069 -+++ b/arch/x86/include/asm/qspinlock.h
1070 -@@ -39,18 +39,27 @@ static inline void queued_spin_unlock(struct qspinlock *lock)
1071 - }
1072 - #endif
1073 -
1074 --#define virt_queued_spin_lock virt_queued_spin_lock
1075 --
1076 --static inline bool virt_queued_spin_lock(struct qspinlock *lock)
1077 -+#ifdef CONFIG_PARAVIRT
1078 -+#define virt_spin_lock virt_spin_lock
1079 -+static inline bool virt_spin_lock(struct qspinlock *lock)
1080 - {
1081 - if (!static_cpu_has(X86_FEATURE_HYPERVISOR))
1082 - return false;
1083 -
1084 -- while (atomic_cmpxchg(&lock->val, 0, _Q_LOCKED_VAL) != 0)
1085 -- cpu_relax();
1086 -+ /*
1087 -+ * On hypervisors without PARAVIRT_SPINLOCKS support we fall
1088 -+ * back to a Test-and-Set spinlock, because fair locks have
1089 -+ * horrible lock 'holder' preemption issues.
1090 -+ */
1091 -+
1092 -+ do {
1093 -+ while (atomic_read(&lock->val) != 0)
1094 -+ cpu_relax();
1095 -+ } while (atomic_cmpxchg(&lock->val, 0, _Q_LOCKED_VAL) != 0);
1096 -
1097 - return true;
1098 - }
1099 -+#endif /* CONFIG_PARAVIRT */
1100 -
1101 - #include <asm-generic/qspinlock.h>
1102 -
1103 -diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
1104 -index c42827e..25f9093 100644
1105 ---- a/arch/x86/kernel/alternative.c
1106 -+++ b/arch/x86/kernel/alternative.c
1107 -@@ -338,10 +338,15 @@ done:
1108 -
1109 - static void __init_or_module optimize_nops(struct alt_instr *a, u8 *instr)
1110 - {
1111 -+ unsigned long flags;
1112 -+
1113 - if (instr[0] != 0x90)
1114 - return;
1115 -
1116 -+ local_irq_save(flags);
1117 - add_nops(instr + (a->instrlen - a->padlen), a->padlen);
1118 -+ sync_core();
1119 -+ local_irq_restore(flags);
1120 -
1121 - DUMP_BYTES(instr, a->instrlen, "%p: [%d:%d) optimized NOPs: ",
1122 - instr, a->instrlen - a->padlen, a->padlen);
1123 -diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
1124 -index cde732c..307a498 100644
1125 ---- a/arch/x86/kernel/apic/apic.c
1126 -+++ b/arch/x86/kernel/apic/apic.c
1127 -@@ -336,6 +336,13 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
1128 - apic_write(APIC_LVTT, lvtt_value);
1129 -
1130 - if (lvtt_value & APIC_LVT_TIMER_TSCDEADLINE) {
1131 -+ /*
1132 -+ * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode,
1133 -+ * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized.
1134 -+ * According to Intel, MFENCE can do the serialization here.
1135 -+ */
1136 -+ asm volatile("mfence" : : : "memory");
1137 -+
1138 - printk_once(KERN_DEBUG "TSC deadline timer enabled\n");
1139 - return;
1140 - }
1141 -diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
1142 -index 206052e..5880b48 100644
1143 ---- a/arch/x86/kernel/apic/io_apic.c
1144 -+++ b/arch/x86/kernel/apic/io_apic.c
1145 -@@ -2522,6 +2522,7 @@ void __init setup_ioapic_dest(void)
1146 - int pin, ioapic, irq, irq_entry;
1147 - const struct cpumask *mask;
1148 - struct irq_data *idata;
1149 -+ struct irq_chip *chip;
1150 -
1151 - if (skip_ioapic_setup == 1)
1152 - return;
1153 -@@ -2545,9 +2546,9 @@ void __init setup_ioapic_dest(void)
1154 - else
1155 - mask = apic->target_cpus();
1156 -
1157 -- irq_set_affinity(irq, mask);
1158 -+ chip = irq_data_get_irq_chip(idata);
1159 -+ chip->irq_set_affinity(idata, mask, false);
1160 - }
1161 --
1162 - }
1163 - #endif
1164 -
1165 -diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
1166 -index 6326ae2..1b09c42 100644
1167 ---- a/arch/x86/kernel/cpu/perf_event_intel.c
1168 -+++ b/arch/x86/kernel/cpu/perf_event_intel.c
1169 -@@ -2102,9 +2102,12 @@ static struct event_constraint *
1170 - intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
1171 - struct perf_event *event)
1172 - {
1173 -- struct event_constraint *c1 = cpuc->event_constraint[idx];
1174 -+ struct event_constraint *c1 = NULL;
1175 - struct event_constraint *c2;
1176 -
1177 -+ if (idx >= 0) /* fake does < 0 */
1178 -+ c1 = cpuc->event_constraint[idx];
1179 -+
1180 - /*
1181 - * first time only
1182 - * - static constraint: no change across incremental scheduling calls
1183 -diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
1184 -index e068d66..74ca2fe 100644
1185 ---- a/arch/x86/kernel/crash.c
1186 -+++ b/arch/x86/kernel/crash.c
1187 -@@ -185,10 +185,9 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
1188 - }
1189 -
1190 - #ifdef CONFIG_KEXEC_FILE
1191 --static int get_nr_ram_ranges_callback(unsigned long start_pfn,
1192 -- unsigned long nr_pfn, void *arg)
1193 -+static int get_nr_ram_ranges_callback(u64 start, u64 end, void *arg)
1194 - {
1195 -- int *nr_ranges = arg;
1196 -+ unsigned int *nr_ranges = arg;
1197 -
1198 - (*nr_ranges)++;
1199 - return 0;
1200 -@@ -214,7 +213,7 @@ static void fill_up_crash_elf_data(struct crash_elf_data *ced,
1201 -
1202 - ced->image = image;
1203 -
1204 -- walk_system_ram_range(0, -1, &nr_ranges,
1205 -+ walk_system_ram_res(0, -1, &nr_ranges,
1206 - get_nr_ram_ranges_callback);
1207 -
1208 - ced->max_nr_ranges = nr_ranges;
1209 -diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
1210 -index 58bcfb6..ebb5657 100644
1211 ---- a/arch/x86/kernel/paravirt.c
1212 -+++ b/arch/x86/kernel/paravirt.c
1213 -@@ -41,10 +41,18 @@
1214 - #include <asm/timer.h>
1215 - #include <asm/special_insns.h>
1216 -
1217 --/* nop stub */
1218 --void _paravirt_nop(void)
1219 --{
1220 --}
1221 -+/*
1222 -+ * nop stub, which must not clobber anything *including the stack* to
1223 -+ * avoid confusing the entry prologues.
1224 -+ */
1225 -+extern void _paravirt_nop(void);
1226 -+asm (".pushsection .entry.text, \"ax\"\n"
1227 -+ ".global _paravirt_nop\n"
1228 -+ "_paravirt_nop:\n\t"
1229 -+ "ret\n\t"
1230 -+ ".size _paravirt_nop, . - _paravirt_nop\n\t"
1231 -+ ".type _paravirt_nop, @function\n\t"
1232 -+ ".popsection");
1233 -
1234 - /* identity function, which can be inlined */
1235 - u32 _paravirt_ident_32(u32 x)
1236 -diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
1237 -index f6b9163..a90ac95 100644
1238 ---- a/arch/x86/kernel/process_64.c
1239 -+++ b/arch/x86/kernel/process_64.c
1240 -@@ -497,27 +497,59 @@ void set_personality_ia32(bool x32)
1241 - }
1242 - EXPORT_SYMBOL_GPL(set_personality_ia32);
1243 -
1244 -+/*
1245 -+ * Called from fs/proc with a reference on @p to find the function
1246 -+ * which called into schedule(). This needs to be done carefully
1247 -+ * because the task might wake up and we might look at a stack
1248 -+ * changing under us.
1249 -+ */
1250 - unsigned long get_wchan(struct task_struct *p)
1251 - {
1252 -- unsigned long stack;
1253 -- u64 fp, ip;
1254 -+ unsigned long start, bottom, top, sp, fp, ip;
1255 - int count = 0;
1256 -
1257 - if (!p || p == current || p->state == TASK_RUNNING)
1258 - return 0;
1259 -- stack = (unsigned long)task_stack_page(p);
1260 -- if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
1261 -+
1262 -+ start = (unsigned long)task_stack_page(p);
1263 -+ if (!start)
1264 -+ return 0;
1265 -+
1266 -+ /*
1267 -+ * Layout of the stack page:
1268 -+ *
1269 -+ * ----------- topmax = start + THREAD_SIZE - sizeof(unsigned long)
1270 -+ * PADDING
1271 -+ * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING
1272 -+ * stack
1273 -+ * ----------- bottom = start + sizeof(thread_info)
1274 -+ * thread_info
1275 -+ * ----------- start
1276 -+ *
1277 -+ * The tasks stack pointer points at the location where the
1278 -+ * framepointer is stored. The data on the stack is:
1279 -+ * ... IP FP ... IP FP
1280 -+ *
1281 -+ * We need to read FP and IP, so we need to adjust the upper
1282 -+ * bound by another unsigned long.
1283 -+ */
1284 -+ top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
1285 -+ top -= 2 * sizeof(unsigned long);
1286 -+ bottom = start + sizeof(struct thread_info);
1287 -+
1288 -+ sp = READ_ONCE(p->thread.sp);
1289 -+ if (sp < bottom || sp > top)
1290 - return 0;
1291 -- fp = *(u64 *)(p->thread.sp);
1292 -+
1293 -+ fp = READ_ONCE(*(unsigned long *)sp);
1294 - do {
1295 -- if (fp < (unsigned long)stack ||
1296 -- fp >= (unsigned long)stack+THREAD_SIZE)
1297 -+ if (fp < bottom || fp > top)
1298 - return 0;
1299 -- ip = *(u64 *)(fp+8);
1300 -+ ip = READ_ONCE(*(unsigned long *)(fp + sizeof(unsigned long)));
1301 - if (!in_sched_functions(ip))
1302 - return ip;
1303 -- fp = *(u64 *)fp;
1304 -- } while (count++ < 16);
1305 -+ fp = READ_ONCE(*(unsigned long *)fp);
1306 -+ } while (count++ < 16 && p->state != TASK_RUNNING);
1307 - return 0;
1308 - }
1309 -
1310 -diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
1311 -index 7437b41..dc9af7a 100644
1312 ---- a/arch/x86/kernel/tsc.c
1313 -+++ b/arch/x86/kernel/tsc.c
1314 -@@ -21,6 +21,7 @@
1315 - #include <asm/hypervisor.h>
1316 - #include <asm/nmi.h>
1317 - #include <asm/x86_init.h>
1318 -+#include <asm/geode.h>
1319 -
1320 - unsigned int __read_mostly cpu_khz; /* TSC clocks / usec, not used here */
1321 - EXPORT_SYMBOL(cpu_khz);
1322 -@@ -1013,15 +1014,17 @@ EXPORT_SYMBOL_GPL(mark_tsc_unstable);
1323 -
1324 - static void __init check_system_tsc_reliable(void)
1325 - {
1326 --#ifdef CONFIG_MGEODE_LX
1327 -- /* RTSC counts during suspend */
1328 -+#if defined(CONFIG_MGEODEGX1) || defined(CONFIG_MGEODE_LX) || defined(CONFIG_X86_GENERIC)
1329 -+ if (is_geode_lx()) {
1330 -+ /* RTSC counts during suspend */
1331 - #define RTSC_SUSP 0x100
1332 -- unsigned long res_low, res_high;
1333 -+ unsigned long res_low, res_high;
1334 -
1335 -- rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
1336 -- /* Geode_LX - the OLPC CPU has a very reliable TSC */
1337 -- if (res_low & RTSC_SUSP)
1338 -- tsc_clocksource_reliable = 1;
1339 -+ rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
1340 -+ /* Geode_LX - the OLPC CPU has a very reliable TSC */
1341 -+ if (res_low & RTSC_SUSP)
1342 -+ tsc_clocksource_reliable = 1;
1343 -+ }
1344 - #endif
1345 - if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE))
1346 - tsc_clocksource_reliable = 1;
1347 -diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
1348 -index 8e0c084..2d32b67 100644
1349 ---- a/arch/x86/kvm/svm.c
1350 -+++ b/arch/x86/kvm/svm.c
1351 -@@ -513,7 +513,7 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
1352 - struct vcpu_svm *svm = to_svm(vcpu);
1353 -
1354 - if (svm->vmcb->control.next_rip != 0) {
1355 -- WARN_ON(!static_cpu_has(X86_FEATURE_NRIPS));
1356 -+ WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
1357 - svm->next_rip = svm->vmcb->control.next_rip;
1358 - }
1359 -
1360 -@@ -865,64 +865,6 @@ static void svm_disable_lbrv(struct vcpu_svm *svm)
1361 - set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
1362 - }
1363 -
1364 --#define MTRR_TYPE_UC_MINUS 7
1365 --#define MTRR2PROTVAL_INVALID 0xff
1366 --
1367 --static u8 mtrr2protval[8];
1368 --
1369 --static u8 fallback_mtrr_type(int mtrr)
1370 --{
1371 -- /*
1372 -- * WT and WP aren't always available in the host PAT. Treat
1373 -- * them as UC and UC- respectively. Everything else should be
1374 -- * there.
1375 -- */
1376 -- switch (mtrr)
1377 -- {
1378 -- case MTRR_TYPE_WRTHROUGH:
1379 -- return MTRR_TYPE_UNCACHABLE;
1380 -- case MTRR_TYPE_WRPROT:
1381 -- return MTRR_TYPE_UC_MINUS;
1382 -- default:
1383 -- BUG();
1384 -- }
1385 --}
1386 --
1387 --static void build_mtrr2protval(void)
1388 --{
1389 -- int i;
1390 -- u64 pat;
1391 --
1392 -- for (i = 0; i < 8; i++)
1393 -- mtrr2protval[i] = MTRR2PROTVAL_INVALID;
1394 --
1395 -- /* Ignore the invalid MTRR types. */
1396 -- mtrr2protval[2] = 0;
1397 -- mtrr2protval[3] = 0;
1398 --
1399 -- /*
1400 -- * Use host PAT value to figure out the mapping from guest MTRR
1401 -- * values to nested page table PAT/PCD/PWT values. We do not
1402 -- * want to change the host PAT value every time we enter the
1403 -- * guest.
1404 -- */
1405 -- rdmsrl(MSR_IA32_CR_PAT, pat);
1406 -- for (i = 0; i < 8; i++) {
1407 -- u8 mtrr = pat >> (8 * i);
1408 --
1409 -- if (mtrr2protval[mtrr] == MTRR2PROTVAL_INVALID)
1410 -- mtrr2protval[mtrr] = __cm_idx2pte(i);
1411 -- }
1412 --
1413 -- for (i = 0; i < 8; i++) {
1414 -- if (mtrr2protval[i] == MTRR2PROTVAL_INVALID) {
1415 -- u8 fallback = fallback_mtrr_type(i);
1416 -- mtrr2protval[i] = mtrr2protval[fallback];
1417 -- BUG_ON(mtrr2protval[i] == MTRR2PROTVAL_INVALID);
1418 -- }
1419 -- }
1420 --}
1421 --
1422 - static __init int svm_hardware_setup(void)
1423 - {
1424 - int cpu;
1425 -@@ -989,7 +931,6 @@ static __init int svm_hardware_setup(void)
1426 - } else
1427 - kvm_disable_tdp();
1428 -
1429 -- build_mtrr2protval();
1430 - return 0;
1431 -
1432 - err:
1433 -@@ -1144,39 +1085,6 @@ static u64 svm_compute_tsc_offset(struct kvm_vcpu *vcpu, u64 target_tsc)
1434 - return target_tsc - tsc;
1435 - }
1436 -
1437 --static void svm_set_guest_pat(struct vcpu_svm *svm, u64 *g_pat)
1438 --{
1439 -- struct kvm_vcpu *vcpu = &svm->vcpu;
1440 --
1441 -- /* Unlike Intel, AMD takes the guest's CR0.CD into account.
1442 -- *
1443 -- * AMD does not have IPAT. To emulate it for the case of guests
1444 -- * with no assigned devices, just set everything to WB. If guests
1445 -- * have assigned devices, however, we cannot force WB for RAM
1446 -- * pages only, so use the guest PAT directly.
1447 -- */
1448 -- if (!kvm_arch_has_assigned_device(vcpu->kvm))
1449 -- *g_pat = 0x0606060606060606;
1450 -- else
1451 -- *g_pat = vcpu->arch.pat;
1452 --}
1453 --
1454 --static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
1455 --{
1456 -- u8 mtrr;
1457 --
1458 -- /*
1459 -- * 1. MMIO: trust guest MTRR, so same as item 3.
1460 -- * 2. No passthrough: always map as WB, and force guest PAT to WB as well
1461 -- * 3. Passthrough: can't guarantee the result, try to trust guest.
1462 -- */
1463 -- if (!is_mmio && !kvm_arch_has_assigned_device(vcpu->kvm))
1464 -- return 0;
1465 --
1466 -- mtrr = kvm_mtrr_get_guest_memory_type(vcpu, gfn);
1467 -- return mtrr2protval[mtrr];
1468 --}
1469 --
1470 - static void init_vmcb(struct vcpu_svm *svm, bool init_event)
1471 - {
1472 - struct vmcb_control_area *control = &svm->vmcb->control;
1473 -@@ -1260,6 +1168,7 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
1474 - * It also updates the guest-visible cr0 value.
1475 - */
1476 - (void)kvm_set_cr0(&svm->vcpu, X86_CR0_NW | X86_CR0_CD | X86_CR0_ET);
1477 -+ kvm_mmu_reset_context(&svm->vcpu);
1478 -
1479 - save->cr4 = X86_CR4_PAE;
1480 - /* rdx = ?? */
1481 -@@ -1272,7 +1181,6 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
1482 - clr_cr_intercept(svm, INTERCEPT_CR3_READ);
1483 - clr_cr_intercept(svm, INTERCEPT_CR3_WRITE);
1484 - save->g_pat = svm->vcpu.arch.pat;
1485 -- svm_set_guest_pat(svm, &save->g_pat);
1486 - save->cr3 = 0;
1487 - save->cr4 = 0;
1488 - }
1489 -@@ -3347,16 +3255,6 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
1490 - case MSR_VM_IGNNE:
1491 - vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
1492 - break;
1493 -- case MSR_IA32_CR_PAT:
1494 -- if (npt_enabled) {
1495 -- if (!kvm_mtrr_valid(vcpu, MSR_IA32_CR_PAT, data))
1496 -- return 1;
1497 -- vcpu->arch.pat = data;
1498 -- svm_set_guest_pat(svm, &svm->vmcb->save.g_pat);
1499 -- mark_dirty(svm->vmcb, VMCB_NPT);
1500 -- break;
1501 -- }
1502 -- /* fall through */
1503 - default:
1504 - return kvm_set_msr_common(vcpu, msr);
1505 - }
1506 -@@ -4191,6 +4089,11 @@ static bool svm_has_high_real_mode_segbase(void)
1507 - return true;
1508 - }
1509 -
1510 -+static u64 svm_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
1511 -+{
1512 -+ return 0;
1513 -+}
1514 -+
1515 - static void svm_cpuid_update(struct kvm_vcpu *vcpu)
1516 - {
1517 - }
1518 -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
1519 -index 83b7b5c..aa9e822 100644
1520 ---- a/arch/x86/kvm/vmx.c
1521 -+++ b/arch/x86/kvm/vmx.c
1522 -@@ -6134,6 +6134,8 @@ static __init int hardware_setup(void)
1523 - memcpy(vmx_msr_bitmap_longmode_x2apic,
1524 - vmx_msr_bitmap_longmode, PAGE_SIZE);
1525 -
1526 -+ set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
1527 -+
1528 - if (enable_apicv) {
1529 - for (msr = 0x800; msr <= 0x8ff; msr++)
1530 - vmx_disable_intercept_msr_read_x2apic(msr);
1531 -@@ -8632,17 +8634,22 @@ static u64 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio)
1532 - u64 ipat = 0;
1533 -
1534 - /* For VT-d and EPT combination
1535 -- * 1. MMIO: guest may want to apply WC, trust it.
1536 -+ * 1. MMIO: always map as UC
1537 - * 2. EPT with VT-d:
1538 - * a. VT-d without snooping control feature: can't guarantee the
1539 -- * result, try to trust guest. So the same as item 1.
1540 -+ * result, try to trust guest.
1541 - * b. VT-d with snooping control feature: snooping control feature of
1542 - * VT-d engine can guarantee the cache correctness. Just set it
1543 - * to WB to keep consistent with host. So the same as item 3.
1544 - * 3. EPT without VT-d: always map as WB and set IPAT=1 to keep
1545 - * consistent with host MTRR
1546 - */
1547 -- if (!is_mmio && !kvm_arch_has_noncoherent_dma(vcpu->kvm)) {
1548 -+ if (is_mmio) {
1549 -+ cache = MTRR_TYPE_UNCACHABLE;
1550 -+ goto exit;
1551 -+ }
1552 -+
1553 -+ if (!kvm_arch_has_noncoherent_dma(vcpu->kvm)) {
1554 - ipat = VMX_EPT_IPAT_BIT;
1555 - cache = MTRR_TYPE_WRBACK;
1556 - goto exit;
1557 -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
1558 -index 8f0f6ec..32c6e6a 100644
1559 ---- a/arch/x86/kvm/x86.c
1560 -+++ b/arch/x86/kvm/x86.c
1561 -@@ -2388,6 +2388,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
1562 - case MSR_IA32_LASTINTFROMIP:
1563 - case MSR_IA32_LASTINTTOIP:
1564 - case MSR_K8_SYSCFG:
1565 -+ case MSR_K8_TSEG_ADDR:
1566 -+ case MSR_K8_TSEG_MASK:
1567 - case MSR_K7_HWCR:
1568 - case MSR_VM_HSAVE_PA:
1569 - case MSR_K8_INT_PENDING_MSG:
1570 -diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
1571 -index 3fba623..f9977a7 100644
1572 ---- a/arch/x86/mm/init_64.c
1573 -+++ b/arch/x86/mm/init_64.c
1574 -@@ -1132,7 +1132,7 @@ void mark_rodata_ro(void)
1575 - * has been zapped already via cleanup_highmem().
1576 - */
1577 - all_end = roundup((unsigned long)_brk_end, PMD_SIZE);
1578 -- set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT);
1579 -+ set_memory_nx(text_end, (all_end - text_end) >> PAGE_SHIFT);
1580 -
1581 - rodata_test();
1582 -
1583 -diff --git a/arch/x86/pci/intel_mid_pci.c b/arch/x86/pci/intel_mid_pci.c
1584 -index 2706230..7553921 100644
1585 ---- a/arch/x86/pci/intel_mid_pci.c
1586 -+++ b/arch/x86/pci/intel_mid_pci.c
1587 -@@ -35,6 +35,9 @@
1588 -
1589 - #define PCIE_CAP_OFFSET 0x100
1590 -
1591 -+/* Quirks for the listed devices */
1592 -+#define PCI_DEVICE_ID_INTEL_MRFL_MMC 0x1190
1593 -+
1594 - /* Fixed BAR fields */
1595 - #define PCIE_VNDR_CAP_ID_FIXED_BAR 0x00 /* Fixed BAR (TBD) */
1596 - #define PCI_FIXED_BAR_0_SIZE 0x04
1597 -@@ -214,10 +217,27 @@ static int intel_mid_pci_irq_enable(struct pci_dev *dev)
1598 - if (dev->irq_managed && dev->irq > 0)
1599 - return 0;
1600 -
1601 -- if (intel_mid_identify_cpu() == INTEL_MID_CPU_CHIP_TANGIER)
1602 -+ switch (intel_mid_identify_cpu()) {
1603 -+ case INTEL_MID_CPU_CHIP_TANGIER:
1604 - polarity = 0; /* active high */
1605 -- else
1606 -+
1607 -+ /* Special treatment for IRQ0 */
1608 -+ if (dev->irq == 0) {
1609 -+ /*
1610 -+ * TNG has IRQ0 assigned to eMMC controller. But there
1611 -+ * are also other devices with bogus PCI configuration
1612 -+ * that have IRQ0 assigned. This check ensures that
1613 -+ * eMMC gets it.
1614 -+ */
1615 -+ if (dev->device != PCI_DEVICE_ID_INTEL_MRFL_MMC)
1616 -+ return -EBUSY;
1617 -+ }
1618 -+ break;
1619 -+ default:
1620 - polarity = 1; /* active low */
1621 -+ break;
1622 -+ }
1623 -+
1624 - ioapic_set_alloc_attr(&info, dev_to_node(&dev->dev), 1, polarity);
1625 -
1626 - /*
1627 -diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
1628 -index e4308fe..c6835bf 100644
1629 ---- a/arch/x86/platform/efi/efi.c
1630 -+++ b/arch/x86/platform/efi/efi.c
1631 -@@ -705,6 +705,70 @@ out:
1632 - }
1633 -
1634 - /*
1635 -+ * Iterate the EFI memory map in reverse order because the regions
1636 -+ * will be mapped top-down. The end result is the same as if we had
1637 -+ * mapped things forward, but doesn't require us to change the
1638 -+ * existing implementation of efi_map_region().
1639 -+ */
1640 -+static inline void *efi_map_next_entry_reverse(void *entry)
1641 -+{
1642 -+ /* Initial call */
1643 -+ if (!entry)
1644 -+ return memmap.map_end - memmap.desc_size;
1645 -+
1646 -+ entry -= memmap.desc_size;
1647 -+ if (entry < memmap.map)
1648 -+ return NULL;
1649 -+
1650 -+ return entry;
1651 -+}
1652 -+
1653 -+/*
1654 -+ * efi_map_next_entry - Return the next EFI memory map descriptor
1655 -+ * @entry: Previous EFI memory map descriptor
1656 -+ *
1657 -+ * This is a helper function to iterate over the EFI memory map, which
1658 -+ * we do in different orders depending on the current configuration.
1659 -+ *
1660 -+ * To begin traversing the memory map @entry must be %NULL.
1661 -+ *
1662 -+ * Returns %NULL when we reach the end of the memory map.
1663 -+ */
1664 -+static void *efi_map_next_entry(void *entry)
1665 -+{
1666 -+ if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
1667 -+ /*
1668 -+ * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
1669 -+ * config table feature requires us to map all entries
1670 -+ * in the same order as they appear in the EFI memory
1671 -+ * map. That is to say, entry N must have a lower
1672 -+ * virtual address than entry N+1. This is because the
1673 -+ * firmware toolchain leaves relative references in
1674 -+ * the code/data sections, which are split and become
1675 -+ * separate EFI memory regions. Mapping things
1676 -+ * out-of-order leads to the firmware accessing
1677 -+ * unmapped addresses.
1678 -+ *
1679 -+ * Since we need to map things this way whether or not
1680 -+ * the kernel actually makes use of
1681 -+ * EFI_PROPERTIES_TABLE, let's just switch to this
1682 -+ * scheme by default for 64-bit.
1683 -+ */
1684 -+ return efi_map_next_entry_reverse(entry);
1685 -+ }
1686 -+
1687 -+ /* Initial call */
1688 -+ if (!entry)
1689 -+ return memmap.map;
1690 -+
1691 -+ entry += memmap.desc_size;
1692 -+ if (entry >= memmap.map_end)
1693 -+ return NULL;
1694 -+
1695 -+ return entry;
1696 -+}
1697 -+
1698 -+/*
1699 - * Map the efi memory ranges of the runtime services and update new_mmap with
1700 - * virtual addresses.
1701 - */
1702 -@@ -714,7 +778,8 @@ static void * __init efi_map_regions(int *count, int *pg_shift)
1703 - unsigned long left = 0;
1704 - efi_memory_desc_t *md;
1705 -
1706 -- for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
1707 -+ p = NULL;
1708 -+ while ((p = efi_map_next_entry(p))) {
1709 - md = p;
1710 - if (!(md->attribute & EFI_MEMORY_RUNTIME)) {
1711 - #ifdef CONFIG_X86_64
1712 -diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
1713 -index 11d6fb4..777ad2f 100644
1714 ---- a/arch/x86/xen/enlighten.c
1715 -+++ b/arch/x86/xen/enlighten.c
1716 -@@ -33,6 +33,10 @@
1717 - #include <linux/memblock.h>
1718 - #include <linux/edd.h>
1719 -
1720 -+#ifdef CONFIG_KEXEC_CORE
1721 -+#include <linux/kexec.h>
1722 -+#endif
1723 -+
1724 - #include <xen/xen.h>
1725 - #include <xen/events.h>
1726 - #include <xen/interface/xen.h>
1727 -@@ -1800,6 +1804,21 @@ static struct notifier_block xen_hvm_cpu_notifier = {
1728 - .notifier_call = xen_hvm_cpu_notify,
1729 - };
1730 -
1731 -+#ifdef CONFIG_KEXEC_CORE
1732 -+static void xen_hvm_shutdown(void)
1733 -+{
1734 -+ native_machine_shutdown();
1735 -+ if (kexec_in_progress)
1736 -+ xen_reboot(SHUTDOWN_soft_reset);
1737 -+}
1738 -+
1739 -+static void xen_hvm_crash_shutdown(struct pt_regs *regs)
1740 -+{
1741 -+ native_machine_crash_shutdown(regs);
1742 -+ xen_reboot(SHUTDOWN_soft_reset);
1743 -+}
1744 -+#endif
1745 -+
1746 - static void __init xen_hvm_guest_init(void)
1747 - {
1748 - if (xen_pv_domain())
1749 -@@ -1819,6 +1838,10 @@ static void __init xen_hvm_guest_init(void)
1750 - x86_init.irqs.intr_init = xen_init_IRQ;
1751 - xen_hvm_init_time_ops();
1752 - xen_hvm_init_mmu_ops();
1753 -+#ifdef CONFIG_KEXEC_CORE
1754 -+ machine_ops.shutdown = xen_hvm_shutdown;
1755 -+ machine_ops.crash_shutdown = xen_hvm_crash_shutdown;
1756 -+#endif
1757 - }
1758 - #endif
1759 -
1760 -diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
1761 -index d6283b3..9cc48d1d 100644
1762 ---- a/block/blk-cgroup.c
1763 -+++ b/block/blk-cgroup.c
1764 -@@ -387,6 +387,9 @@ static void blkg_destroy_all(struct request_queue *q)
1765 - blkg_destroy(blkg);
1766 - spin_unlock(&blkcg->lock);
1767 - }
1768 -+
1769 -+ q->root_blkg = NULL;
1770 -+ q->root_rl.blkg = NULL;
1771 - }
1772 -
1773 - /*
1774 -diff --git a/block/blk-mq.c b/block/blk-mq.c
1775 -index 176262e..c699026 100644
1776 ---- a/block/blk-mq.c
1777 -+++ b/block/blk-mq.c
1778 -@@ -1807,7 +1807,6 @@ static void blk_mq_map_swqueue(struct request_queue *q)
1779 -
1780 - hctx = q->mq_ops->map_queue(q, i);
1781 - cpumask_set_cpu(i, hctx->cpumask);
1782 -- cpumask_set_cpu(i, hctx->tags->cpumask);
1783 - ctx->index_hw = hctx->nr_ctx;
1784 - hctx->ctxs[hctx->nr_ctx++] = ctx;
1785 - }
1786 -@@ -1847,6 +1846,14 @@ static void blk_mq_map_swqueue(struct request_queue *q)
1787 - hctx->next_cpu = cpumask_first(hctx->cpumask);
1788 - hctx->next_cpu_batch = BLK_MQ_CPU_WORK_BATCH;
1789 - }
1790 -+
1791 -+ queue_for_each_ctx(q, ctx, i) {
1792 -+ if (!cpu_online(i))
1793 -+ continue;
1794 -+
1795 -+ hctx = q->mq_ops->map_queue(q, i);
1796 -+ cpumask_set_cpu(i, hctx->tags->cpumask);
1797 -+ }
1798 - }
1799 -
1800 - static void blk_mq_update_tag_set_depth(struct blk_mq_tag_set *set)
1801 -diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c
1802 -index 764280a..e9fd32e 100644
1803 ---- a/drivers/base/cacheinfo.c
1804 -+++ b/drivers/base/cacheinfo.c
1805 -@@ -148,7 +148,11 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
1806 -
1807 - if (sibling == cpu) /* skip itself */
1808 - continue;
1809 -+
1810 - sib_cpu_ci = get_cpu_cacheinfo(sibling);
1811 -+ if (!sib_cpu_ci->info_list)
1812 -+ continue;
1813 -+
1814 - sib_leaf = sib_cpu_ci->info_list + index;
1815 - cpumask_clear_cpu(cpu, &sib_leaf->shared_cpu_map);
1816 - cpumask_clear_cpu(sibling, &this_leaf->shared_cpu_map);
1817 -@@ -159,6 +163,9 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
1818 -
1819 - static void free_cache_attributes(unsigned int cpu)
1820 - {
1821 -+ if (!per_cpu_cacheinfo(cpu))
1822 -+ return;
1823 -+
1824 - cache_shared_cpu_map_remove(cpu);
1825 -
1826 - kfree(per_cpu_cacheinfo(cpu));
1827 -@@ -514,8 +521,7 @@ static int cacheinfo_cpu_callback(struct notifier_block *nfb,
1828 - break;
1829 - case CPU_DEAD:
1830 - cache_remove_dev(cpu);
1831 -- if (per_cpu_cacheinfo(cpu))
1832 -- free_cache_attributes(cpu);
1833 -+ free_cache_attributes(cpu);
1834 - break;
1835 - }
1836 - return notifier_from_errno(rc);
1837 -diff --git a/drivers/base/property.c b/drivers/base/property.c
1838 -index f3f6d16..37a7bb7 100644
1839 ---- a/drivers/base/property.c
1840 -+++ b/drivers/base/property.c
1841 -@@ -27,9 +27,10 @@
1842 - */
1843 - void device_add_property_set(struct device *dev, struct property_set *pset)
1844 - {
1845 -- if (pset)
1846 -- pset->fwnode.type = FWNODE_PDATA;
1847 -+ if (!pset)
1848 -+ return;
1849 -
1850 -+ pset->fwnode.type = FWNODE_PDATA;
1851 - set_secondary_fwnode(dev, &pset->fwnode);
1852 - }
1853 - EXPORT_SYMBOL_GPL(device_add_property_set);
1854 -diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
1855 -index 5799a0b..c8941f3 100644
1856 ---- a/drivers/base/regmap/regmap-debugfs.c
1857 -+++ b/drivers/base/regmap/regmap-debugfs.c
1858 -@@ -32,8 +32,7 @@ static DEFINE_MUTEX(regmap_debugfs_early_lock);
1859 - /* Calculate the length of a fixed format */
1860 - static size_t regmap_calc_reg_len(int max_val, char *buf, size_t buf_size)
1861 - {
1862 -- snprintf(buf, buf_size, "%x", max_val);
1863 -- return strlen(buf);
1864 -+ return snprintf(NULL, 0, "%x", max_val);
1865 - }
1866 -
1867 - static ssize_t regmap_name_read_file(struct file *file,
1868 -@@ -432,7 +431,7 @@ static ssize_t regmap_access_read_file(struct file *file,
1869 - /* If we're in the region the user is trying to read */
1870 - if (p >= *ppos) {
1871 - /* ...but not beyond it */
1872 -- if (buf_pos >= count - 1 - tot_len)
1873 -+ if (buf_pos + tot_len + 1 >= count)
1874 - break;
1875 -
1876 - /* Format the register */
1877 -diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c
1878 -index deb3f00..7676575 100644
1879 ---- a/drivers/block/xen-blkback/xenbus.c
1880 -+++ b/drivers/block/xen-blkback/xenbus.c
1881 -@@ -212,6 +212,9 @@ static int xen_blkif_map(struct xen_blkif *blkif, grant_ref_t *gref,
1882 -
1883 - static int xen_blkif_disconnect(struct xen_blkif *blkif)
1884 - {
1885 -+ struct pending_req *req, *n;
1886 -+ int i = 0, j;
1887 -+
1888 - if (blkif->xenblkd) {
1889 - kthread_stop(blkif->xenblkd);
1890 - wake_up(&blkif->shutdown_wq);
1891 -@@ -238,13 +241,28 @@ static int xen_blkif_disconnect(struct xen_blkif *blkif)
1892 - /* Remove all persistent grants and the cache of ballooned pages. */
1893 - xen_blkbk_free_caches(blkif);
1894 -
1895 -+ /* Check that there is no request in use */
1896 -+ list_for_each_entry_safe(req, n, &blkif->pending_free, free_list) {
1897 -+ list_del(&req->free_list);
1898 -+
1899 -+ for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++)
1900 -+ kfree(req->segments[j]);
1901 -+
1902 -+ for (j = 0; j < MAX_INDIRECT_PAGES; j++)
1903 -+ kfree(req->indirect_pages[j]);
1904 -+
1905 -+ kfree(req);
1906 -+ i++;
1907 -+ }
1908 -+
1909 -+ WARN_ON(i != (XEN_BLKIF_REQS_PER_PAGE * blkif->nr_ring_pages));
1910 -+ blkif->nr_ring_pages = 0;
1911 -+
1912 - return 0;
1913 - }
1914 -
1915 - static void xen_blkif_free(struct xen_blkif *blkif)
1916 - {
1917 -- struct pending_req *req, *n;
1918 -- int i = 0, j;
1919 -
1920 - xen_blkif_disconnect(blkif);
1921 - xen_vbd_free(&blkif->vbd);
1922 -@@ -257,22 +275,6 @@ static void xen_blkif_free(struct xen_blkif *blkif)
1923 - BUG_ON(!list_empty(&blkif->free_pages));
1924 - BUG_ON(!RB_EMPTY_ROOT(&blkif->persistent_gnts));
1925 -
1926 -- /* Check that there is no request in use */
1927 -- list_for_each_entry_safe(req, n, &blkif->pending_free, free_list) {
1928 -- list_del(&req->free_list);
1929 --
1930 -- for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++)
1931 -- kfree(req->segments[j]);
1932 --
1933 -- for (j = 0; j < MAX_INDIRECT_PAGES; j++)
1934 -- kfree(req->indirect_pages[j]);
1935 --
1936 -- kfree(req);
1937 -- i++;
1938 -- }
1939 --
1940 -- WARN_ON(i != (XEN_BLKIF_REQS_PER_PAGE * blkif->nr_ring_pages));
1941 --
1942 - kmem_cache_free(xen_blkif_cachep, blkif);
1943 - }
1944 -
1945 -diff --git a/drivers/clk/samsung/clk-cpu.c b/drivers/clk/samsung/clk-cpu.c
1946 -index 3a1fe07..dd02356 100644
1947 ---- a/drivers/clk/samsung/clk-cpu.c
1948 -+++ b/drivers/clk/samsung/clk-cpu.c
1949 -@@ -161,7 +161,7 @@ static int exynos_cpuclk_pre_rate_change(struct clk_notifier_data *ndata,
1950 - * the values for DIV_COPY and DIV_HPM dividers need not be set.
1951 - */
1952 - div0 = cfg_data->div0;
1953 -- if (test_bit(CLK_CPU_HAS_DIV1, &cpuclk->flags)) {
1954 -+ if (cpuclk->flags & CLK_CPU_HAS_DIV1) {
1955 - div1 = cfg_data->div1;
1956 - if (readl(base + E4210_SRC_CPU) & E4210_MUX_HPM_MASK)
1957 - div1 = readl(base + E4210_DIV_CPU1) &
1958 -@@ -182,7 +182,7 @@ static int exynos_cpuclk_pre_rate_change(struct clk_notifier_data *ndata,
1959 - alt_div = DIV_ROUND_UP(alt_prate, tmp_rate) - 1;
1960 - WARN_ON(alt_div >= MAX_DIV);
1961 -
1962 -- if (test_bit(CLK_CPU_NEEDS_DEBUG_ALT_DIV, &cpuclk->flags)) {
1963 -+ if (cpuclk->flags & CLK_CPU_NEEDS_DEBUG_ALT_DIV) {
1964 - /*
1965 - * In Exynos4210, ATB clock parent is also mout_core. So
1966 - * ATB clock also needs to be mantained at safe speed.
1967 -@@ -203,7 +203,7 @@ static int exynos_cpuclk_pre_rate_change(struct clk_notifier_data *ndata,
1968 - writel(div0, base + E4210_DIV_CPU0);
1969 - wait_until_divider_stable(base + E4210_DIV_STAT_CPU0, DIV_MASK_ALL);
1970 -
1971 -- if (test_bit(CLK_CPU_HAS_DIV1, &cpuclk->flags)) {
1972 -+ if (cpuclk->flags & CLK_CPU_HAS_DIV1) {
1973 - writel(div1, base + E4210_DIV_CPU1);
1974 - wait_until_divider_stable(base + E4210_DIV_STAT_CPU1,
1975 - DIV_MASK_ALL);
1976 -@@ -222,7 +222,7 @@ static int exynos_cpuclk_post_rate_change(struct clk_notifier_data *ndata,
1977 - unsigned long mux_reg;
1978 -
1979 - /* find out the divider values to use for clock data */
1980 -- if (test_bit(CLK_CPU_NEEDS_DEBUG_ALT_DIV, &cpuclk->flags)) {
1981 -+ if (cpuclk->flags & CLK_CPU_NEEDS_DEBUG_ALT_DIV) {
1982 - while ((cfg_data->prate * 1000) != ndata->new_rate) {
1983 - if (cfg_data->prate == 0)
1984 - return -EINVAL;
1985 -@@ -237,7 +237,7 @@ static int exynos_cpuclk_post_rate_change(struct clk_notifier_data *ndata,
1986 - writel(mux_reg & ~(1 << 16), base + E4210_SRC_CPU);
1987 - wait_until_mux_stable(base + E4210_STAT_CPU, 16, 1);
1988 -
1989 -- if (test_bit(CLK_CPU_NEEDS_DEBUG_ALT_DIV, &cpuclk->flags)) {
1990 -+ if (cpuclk->flags & CLK_CPU_NEEDS_DEBUG_ALT_DIV) {
1991 - div |= (cfg_data->div0 & E4210_DIV0_ATB_MASK);
1992 - div_mask |= E4210_DIV0_ATB_MASK;
1993 - }
1994 -diff --git a/drivers/clk/ti/clk-3xxx.c b/drivers/clk/ti/clk-3xxx.c
1995 -index 757636d..4ab28cf 100644
1996 ---- a/drivers/clk/ti/clk-3xxx.c
1997 -+++ b/drivers/clk/ti/clk-3xxx.c
1998 -@@ -163,7 +163,6 @@ static struct ti_dt_clk omap3xxx_clks[] = {
1999 - DT_CLK(NULL, "gpio2_ick", "gpio2_ick"),
2000 - DT_CLK(NULL, "wdt3_ick", "wdt3_ick"),
2001 - DT_CLK(NULL, "uart3_ick", "uart3_ick"),
2002 -- DT_CLK(NULL, "uart4_ick", "uart4_ick"),
2003 - DT_CLK(NULL, "gpt9_ick", "gpt9_ick"),
2004 - DT_CLK(NULL, "gpt8_ick", "gpt8_ick"),
2005 - DT_CLK(NULL, "gpt7_ick", "gpt7_ick"),
2006 -@@ -308,6 +307,7 @@ static struct ti_dt_clk am35xx_clks[] = {
2007 - static struct ti_dt_clk omap36xx_clks[] = {
2008 - DT_CLK(NULL, "omap_192m_alwon_fck", "omap_192m_alwon_fck"),
2009 - DT_CLK(NULL, "uart4_fck", "uart4_fck"),
2010 -+ DT_CLK(NULL, "uart4_ick", "uart4_ick"),
2011 - { .node_name = NULL },
2012 - };
2013 -
2014 -diff --git a/drivers/clk/ti/clk-7xx.c b/drivers/clk/ti/clk-7xx.c
2015 -index 63b8323..0eb82107 100644
2016 ---- a/drivers/clk/ti/clk-7xx.c
2017 -+++ b/drivers/clk/ti/clk-7xx.c
2018 -@@ -16,7 +16,6 @@
2019 - #include <linux/clkdev.h>
2020 - #include <linux/clk/ti.h>
2021 -
2022 --#define DRA7_DPLL_ABE_DEFFREQ 180633600
2023 - #define DRA7_DPLL_GMAC_DEFFREQ 1000000000
2024 - #define DRA7_DPLL_USB_DEFFREQ 960000000
2025 -
2026 -@@ -312,27 +311,12 @@ static struct ti_dt_clk dra7xx_clks[] = {
2027 - int __init dra7xx_dt_clk_init(void)
2028 - {
2029 - int rc;
2030 -- struct clk *abe_dpll_mux, *sys_clkin2, *dpll_ck, *hdcp_ck;
2031 -+ struct clk *dpll_ck, *hdcp_ck;
2032 -
2033 - ti_dt_clocks_register(dra7xx_clks);
2034 -
2035 - omap2_clk_disable_autoidle_all();
2036 -
2037 -- abe_dpll_mux = clk_get_sys(NULL, "abe_dpll_sys_clk_mux");
2038 -- sys_clkin2 = clk_get_sys(NULL, "sys_clkin2");
2039 -- dpll_ck = clk_get_sys(NULL, "dpll_abe_ck");
2040 --
2041 -- rc = clk_set_parent(abe_dpll_mux, sys_clkin2);
2042 -- if (!rc)
2043 -- rc = clk_set_rate(dpll_ck, DRA7_DPLL_ABE_DEFFREQ);
2044 -- if (rc)
2045 -- pr_err("%s: failed to configure ABE DPLL!\n", __func__);
2046 --
2047 -- dpll_ck = clk_get_sys(NULL, "dpll_abe_m2x2_ck");
2048 -- rc = clk_set_rate(dpll_ck, DRA7_DPLL_ABE_DEFFREQ * 2);
2049 -- if (rc)
2050 -- pr_err("%s: failed to configure ABE DPLL m2x2!\n", __func__);
2051 --
2052 - dpll_ck = clk_get_sys(NULL, "dpll_gmac_ck");
2053 - rc = clk_set_rate(dpll_ck, DRA7_DPLL_GMAC_DEFFREQ);
2054 - if (rc)
2055 -diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
2056 -index 0136dfc..7c2a738 100644
2057 ---- a/drivers/cpufreq/acpi-cpufreq.c
2058 -+++ b/drivers/cpufreq/acpi-cpufreq.c
2059 -@@ -146,6 +146,9 @@ static ssize_t show_freqdomain_cpus(struct cpufreq_policy *policy, char *buf)
2060 - {
2061 - struct acpi_cpufreq_data *data = per_cpu(acfreq_data, policy->cpu);
2062 -
2063 -+ if (unlikely(!data))
2064 -+ return -ENODEV;
2065 -+
2066 - return cpufreq_show_cpus(data->freqdomain_cpus, buf);
2067 - }
2068 -
2069 -diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
2070 -index 528a82bf..99a4065 100644
2071 ---- a/drivers/cpufreq/cpufreq-dt.c
2072 -+++ b/drivers/cpufreq/cpufreq-dt.c
2073 -@@ -255,7 +255,8 @@ static int cpufreq_init(struct cpufreq_policy *policy)
2074 - rcu_read_unlock();
2075 -
2076 - tol_uV = opp_uV * priv->voltage_tolerance / 100;
2077 -- if (regulator_is_supported_voltage(cpu_reg, opp_uV,
2078 -+ if (regulator_is_supported_voltage(cpu_reg,
2079 -+ opp_uV - tol_uV,
2080 - opp_uV + tol_uV)) {
2081 - if (opp_uV < min_uV)
2082 - min_uV = opp_uV;
2083 -diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h
2084 -index b60698b..bc2a55b 100644
2085 ---- a/drivers/crypto/marvell/cesa.h
2086 -+++ b/drivers/crypto/marvell/cesa.h
2087 -@@ -687,6 +687,33 @@ static inline u32 mv_cesa_get_int_mask(struct mv_cesa_engine *engine)
2088 -
2089 - int mv_cesa_queue_req(struct crypto_async_request *req);
2090 -
2091 -+/*
2092 -+ * Helper function that indicates whether a crypto request needs to be
2093 -+ * cleaned up or not after being enqueued using mv_cesa_queue_req().
2094 -+ */
2095 -+static inline int mv_cesa_req_needs_cleanup(struct crypto_async_request *req,
2096 -+ int ret)
2097 -+{
2098 -+ /*
2099 -+ * The queue still had some space, the request was queued
2100 -+ * normally, so there's no need to clean it up.
2101 -+ */
2102 -+ if (ret == -EINPROGRESS)
2103 -+ return false;
2104 -+
2105 -+ /*
2106 -+ * The queue had not space left, but since the request is
2107 -+ * flagged with CRYPTO_TFM_REQ_MAY_BACKLOG, it was added to
2108 -+ * the backlog and will be processed later. There's no need to
2109 -+ * clean it up.
2110 -+ */
2111 -+ if (ret == -EBUSY && req->flags & CRYPTO_TFM_REQ_MAY_BACKLOG)
2112 -+ return false;
2113 -+
2114 -+ /* Request wasn't queued, we need to clean it up */
2115 -+ return true;
2116 -+}
2117 -+
2118 - /* TDMA functions */
2119 -
2120 - static inline void mv_cesa_req_dma_iter_init(struct mv_cesa_dma_iter *iter,
2121 -diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c
2122 -index 0745cf3..3df2f4e 100644
2123 ---- a/drivers/crypto/marvell/cipher.c
2124 -+++ b/drivers/crypto/marvell/cipher.c
2125 -@@ -189,7 +189,6 @@ static inline void mv_cesa_ablkcipher_prepare(struct crypto_async_request *req,
2126 - {
2127 - struct ablkcipher_request *ablkreq = ablkcipher_request_cast(req);
2128 - struct mv_cesa_ablkcipher_req *creq = ablkcipher_request_ctx(ablkreq);
2129 --
2130 - creq->req.base.engine = engine;
2131 -
2132 - if (creq->req.base.type == CESA_DMA_REQ)
2133 -@@ -431,7 +430,7 @@ static int mv_cesa_des_op(struct ablkcipher_request *req,
2134 - return ret;
2135 -
2136 - ret = mv_cesa_queue_req(&req->base);
2137 -- if (ret && ret != -EINPROGRESS)
2138 -+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
2139 - mv_cesa_ablkcipher_cleanup(req);
2140 -
2141 - return ret;
2142 -@@ -551,7 +550,7 @@ static int mv_cesa_des3_op(struct ablkcipher_request *req,
2143 - return ret;
2144 -
2145 - ret = mv_cesa_queue_req(&req->base);
2146 -- if (ret && ret != -EINPROGRESS)
2147 -+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
2148 - mv_cesa_ablkcipher_cleanup(req);
2149 -
2150 - return ret;
2151 -@@ -693,7 +692,7 @@ static int mv_cesa_aes_op(struct ablkcipher_request *req,
2152 - return ret;
2153 -
2154 - ret = mv_cesa_queue_req(&req->base);
2155 -- if (ret && ret != -EINPROGRESS)
2156 -+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
2157 - mv_cesa_ablkcipher_cleanup(req);
2158 -
2159 - return ret;
2160 -diff --git a/drivers/crypto/marvell/hash.c b/drivers/crypto/marvell/hash.c
2161 -index ae9272e..e8d0d71 100644
2162 ---- a/drivers/crypto/marvell/hash.c
2163 -+++ b/drivers/crypto/marvell/hash.c
2164 -@@ -739,10 +739,8 @@ static int mv_cesa_ahash_update(struct ahash_request *req)
2165 - return 0;
2166 -
2167 - ret = mv_cesa_queue_req(&req->base);
2168 -- if (ret && ret != -EINPROGRESS) {
2169 -+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
2170 - mv_cesa_ahash_cleanup(req);
2171 -- return ret;
2172 -- }
2173 -
2174 - return ret;
2175 - }
2176 -@@ -766,7 +764,7 @@ static int mv_cesa_ahash_final(struct ahash_request *req)
2177 - return 0;
2178 -
2179 - ret = mv_cesa_queue_req(&req->base);
2180 -- if (ret && ret != -EINPROGRESS)
2181 -+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
2182 - mv_cesa_ahash_cleanup(req);
2183 -
2184 - return ret;
2185 -@@ -791,7 +789,7 @@ static int mv_cesa_ahash_finup(struct ahash_request *req)
2186 - return 0;
2187 -
2188 - ret = mv_cesa_queue_req(&req->base);
2189 -- if (ret && ret != -EINPROGRESS)
2190 -+ if (mv_cesa_req_needs_cleanup(&req->base, ret))
2191 - mv_cesa_ahash_cleanup(req);
2192 -
2193 - return ret;
2194 -diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c
2195 -index 40afa2a..da7917a 100644
2196 ---- a/drivers/dma/at_xdmac.c
2197 -+++ b/drivers/dma/at_xdmac.c
2198 -@@ -455,6 +455,15 @@ static struct at_xdmac_desc *at_xdmac_alloc_desc(struct dma_chan *chan,
2199 - return desc;
2200 - }
2201 -
2202 -+void at_xdmac_init_used_desc(struct at_xdmac_desc *desc)
2203 -+{
2204 -+ memset(&desc->lld, 0, sizeof(desc->lld));
2205 -+ INIT_LIST_HEAD(&desc->descs_list);
2206 -+ desc->direction = DMA_TRANS_NONE;
2207 -+ desc->xfer_size = 0;
2208 -+ desc->active_xfer = false;
2209 -+}
2210 -+
2211 - /* Call must be protected by lock. */
2212 - static struct at_xdmac_desc *at_xdmac_get_desc(struct at_xdmac_chan *atchan)
2213 - {
2214 -@@ -466,7 +475,7 @@ static struct at_xdmac_desc *at_xdmac_get_desc(struct at_xdmac_chan *atchan)
2215 - desc = list_first_entry(&atchan->free_descs_list,
2216 - struct at_xdmac_desc, desc_node);
2217 - list_del(&desc->desc_node);
2218 -- desc->active_xfer = false;
2219 -+ at_xdmac_init_used_desc(desc);
2220 - }
2221 -
2222 - return desc;
2223 -@@ -797,10 +806,7 @@ at_xdmac_prep_dma_cyclic(struct dma_chan *chan, dma_addr_t buf_addr,
2224 - list_add_tail(&desc->desc_node, &first->descs_list);
2225 - }
2226 -
2227 -- prev->lld.mbr_nda = first->tx_dma_desc.phys;
2228 -- dev_dbg(chan2dev(chan),
2229 -- "%s: chain lld: prev=0x%p, mbr_nda=%pad\n",
2230 -- __func__, prev, &prev->lld.mbr_nda);
2231 -+ at_xdmac_queue_desc(chan, prev, first);
2232 - first->tx_dma_desc.flags = flags;
2233 - first->xfer_size = buf_len;
2234 - first->direction = direction;
2235 -@@ -878,14 +884,14 @@ at_xdmac_interleaved_queue_desc(struct dma_chan *chan,
2236 -
2237 - if (xt->src_inc) {
2238 - if (xt->src_sgl)
2239 -- chan_cc |= AT_XDMAC_CC_SAM_UBS_DS_AM;
2240 -+ chan_cc |= AT_XDMAC_CC_SAM_UBS_AM;
2241 - else
2242 - chan_cc |= AT_XDMAC_CC_SAM_INCREMENTED_AM;
2243 - }
2244 -
2245 - if (xt->dst_inc) {
2246 - if (xt->dst_sgl)
2247 -- chan_cc |= AT_XDMAC_CC_DAM_UBS_DS_AM;
2248 -+ chan_cc |= AT_XDMAC_CC_DAM_UBS_AM;
2249 - else
2250 - chan_cc |= AT_XDMAC_CC_DAM_INCREMENTED_AM;
2251 - }
2252 -diff --git a/drivers/dma/dw/core.c b/drivers/dma/dw/core.c
2253 -index cf1c87f..bedce03 100644
2254 ---- a/drivers/dma/dw/core.c
2255 -+++ b/drivers/dma/dw/core.c
2256 -@@ -1591,7 +1591,6 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata)
2257 - INIT_LIST_HEAD(&dw->dma.channels);
2258 - for (i = 0; i < nr_channels; i++) {
2259 - struct dw_dma_chan *dwc = &dw->chan[i];
2260 -- int r = nr_channels - i - 1;
2261 -
2262 - dwc->chan.device = &dw->dma;
2263 - dma_cookie_init(&dwc->chan);
2264 -@@ -1603,7 +1602,7 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata)
2265 -
2266 - /* 7 is highest priority & 0 is lowest. */
2267 - if (pdata->chan_priority == CHAN_PRIORITY_ASCENDING)
2268 -- dwc->priority = r;
2269 -+ dwc->priority = nr_channels - i - 1;
2270 - else
2271 - dwc->priority = i;
2272 -
2273 -@@ -1622,6 +1621,7 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata)
2274 - /* Hardware configuration */
2275 - if (autocfg) {
2276 - unsigned int dwc_params;
2277 -+ unsigned int r = DW_DMA_MAX_NR_CHANNELS - i - 1;
2278 - void __iomem *addr = chip->regs + r * sizeof(u32);
2279 -
2280 - dwc_params = dma_read_byaddr(addr, DWC_PARAMS);
2281 -diff --git a/drivers/dma/pxa_dma.c b/drivers/dma/pxa_dma.c
2282 -index ddcbbf5..95bdbbe 100644
2283 ---- a/drivers/dma/pxa_dma.c
2284 -+++ b/drivers/dma/pxa_dma.c
2285 -@@ -888,6 +888,7 @@ pxad_tx_prep(struct virt_dma_chan *vc, struct virt_dma_desc *vd,
2286 - struct dma_async_tx_descriptor *tx;
2287 - struct pxad_chan *chan = container_of(vc, struct pxad_chan, vc);
2288 -
2289 -+ INIT_LIST_HEAD(&vd->node);
2290 - tx = vchan_tx_prep(vc, vd, tx_flags);
2291 - tx->tx_submit = pxad_tx_submit;
2292 - dev_dbg(&chan->vc.chan.dev->device,
2293 -diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
2294 -index 43b57b0..ca94f47 100644
2295 ---- a/drivers/extcon/extcon.c
2296 -+++ b/drivers/extcon/extcon.c
2297 -@@ -126,7 +126,7 @@ static int find_cable_index_by_id(struct extcon_dev *edev, const unsigned int id
2298 -
2299 - static int find_cable_id_by_name(struct extcon_dev *edev, const char *name)
2300 - {
2301 -- unsigned int id = -EINVAL;
2302 -+ int id = -EINVAL;
2303 - int i = 0;
2304 -
2305 - /* Find the id of extcon cable */
2306 -@@ -143,7 +143,7 @@ static int find_cable_id_by_name(struct extcon_dev *edev, const char *name)
2307 -
2308 - static int find_cable_index_by_name(struct extcon_dev *edev, const char *name)
2309 - {
2310 -- unsigned int id;
2311 -+ int id;
2312 -
2313 - if (edev->max_supported == 0)
2314 - return -EINVAL;
2315 -@@ -159,7 +159,7 @@ static int find_cable_index_by_name(struct extcon_dev *edev, const char *name)
2316 - static bool is_extcon_changed(u32 prev, u32 new, int idx, bool *attached)
2317 - {
2318 - if (((prev >> idx) & 0x1) != ((new >> idx) & 0x1)) {
2319 -- *attached = new ? true : false;
2320 -+ *attached = ((new >> idx) & 0x1) ? true : false;
2321 - return true;
2322 - }
2323 -
2324 -@@ -378,7 +378,7 @@ EXPORT_SYMBOL_GPL(extcon_get_cable_state_);
2325 - */
2326 - int extcon_get_cable_state(struct extcon_dev *edev, const char *cable_name)
2327 - {
2328 -- unsigned int id;
2329 -+ int id;
2330 -
2331 - id = find_cable_id_by_name(edev, cable_name);
2332 - if (id < 0)
2333 -@@ -426,7 +426,7 @@ EXPORT_SYMBOL_GPL(extcon_set_cable_state_);
2334 - int extcon_set_cable_state(struct extcon_dev *edev,
2335 - const char *cable_name, bool cable_state)
2336 - {
2337 -- unsigned int id;
2338 -+ int id;
2339 -
2340 - id = find_cable_id_by_name(edev, cable_name);
2341 - if (id < 0)
2342 -diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
2343 -index e29560e..950c87f 100644
2344 ---- a/drivers/firmware/efi/libstub/arm-stub.c
2345 -+++ b/drivers/firmware/efi/libstub/arm-stub.c
2346 -@@ -13,6 +13,7 @@
2347 - */
2348 -
2349 - #include <linux/efi.h>
2350 -+#include <linux/sort.h>
2351 - #include <asm/efi.h>
2352 -
2353 - #include "efistub.h"
2354 -@@ -305,6 +306,44 @@ fail:
2355 - */
2356 - #define EFI_RT_VIRTUAL_BASE 0x40000000
2357 -
2358 -+static int cmp_mem_desc(const void *l, const void *r)
2359 -+{
2360 -+ const efi_memory_desc_t *left = l, *right = r;
2361 -+
2362 -+ return (left->phys_addr > right->phys_addr) ? 1 : -1;
2363 -+}
2364 -+
2365 -+/*
2366 -+ * Returns whether region @left ends exactly where region @right starts,
2367 -+ * or false if either argument is NULL.
2368 -+ */
2369 -+static bool regions_are_adjacent(efi_memory_desc_t *left,
2370 -+ efi_memory_desc_t *right)
2371 -+{
2372 -+ u64 left_end;
2373 -+
2374 -+ if (left == NULL || right == NULL)
2375 -+ return false;
2376 -+
2377 -+ left_end = left->phys_addr + left->num_pages * EFI_PAGE_SIZE;
2378 -+
2379 -+ return left_end == right->phys_addr;
2380 -+}
2381 -+
2382 -+/*
2383 -+ * Returns whether region @left and region @right have compatible memory type
2384 -+ * mapping attributes, and are both EFI_MEMORY_RUNTIME regions.
2385 -+ */
2386 -+static bool regions_have_compatible_memory_type_attrs(efi_memory_desc_t *left,
2387 -+ efi_memory_desc_t *right)
2388 -+{
2389 -+ static const u64 mem_type_mask = EFI_MEMORY_WB | EFI_MEMORY_WT |
2390 -+ EFI_MEMORY_WC | EFI_MEMORY_UC |
2391 -+ EFI_MEMORY_RUNTIME;
2392 -+
2393 -+ return ((left->attribute ^ right->attribute) & mem_type_mask) == 0;
2394 -+}
2395 -+
2396 - /*
2397 - * efi_get_virtmap() - create a virtual mapping for the EFI memory map
2398 - *
2399 -@@ -317,33 +356,52 @@ void efi_get_virtmap(efi_memory_desc_t *memory_map, unsigned long map_size,
2400 - int *count)
2401 - {
2402 - u64 efi_virt_base = EFI_RT_VIRTUAL_BASE;
2403 -- efi_memory_desc_t *out = runtime_map;
2404 -+ efi_memory_desc_t *in, *prev = NULL, *out = runtime_map;
2405 - int l;
2406 -
2407 -- for (l = 0; l < map_size; l += desc_size) {
2408 -- efi_memory_desc_t *in = (void *)memory_map + l;
2409 -+ /*
2410 -+ * To work around potential issues with the Properties Table feature
2411 -+ * introduced in UEFI 2.5, which may split PE/COFF executable images
2412 -+ * in memory into several RuntimeServicesCode and RuntimeServicesData
2413 -+ * regions, we need to preserve the relative offsets between adjacent
2414 -+ * EFI_MEMORY_RUNTIME regions with the same memory type attributes.
2415 -+ * The easiest way to find adjacent regions is to sort the memory map
2416 -+ * before traversing it.
2417 -+ */
2418 -+ sort(memory_map, map_size / desc_size, desc_size, cmp_mem_desc, NULL);
2419 -+
2420 -+ for (l = 0; l < map_size; l += desc_size, prev = in) {
2421 - u64 paddr, size;
2422 -
2423 -+ in = (void *)memory_map + l;
2424 - if (!(in->attribute & EFI_MEMORY_RUNTIME))
2425 - continue;
2426 -
2427 -+ paddr = in->phys_addr;
2428 -+ size = in->num_pages * EFI_PAGE_SIZE;
2429 -+
2430 - /*
2431 - * Make the mapping compatible with 64k pages: this allows
2432 - * a 4k page size kernel to kexec a 64k page size kernel and
2433 - * vice versa.
2434 - */
2435 -- paddr = round_down(in->phys_addr, SZ_64K);
2436 -- size = round_up(in->num_pages * EFI_PAGE_SIZE +
2437 -- in->phys_addr - paddr, SZ_64K);
2438 --
2439 -- /*
2440 -- * Avoid wasting memory on PTEs by choosing a virtual base that
2441 -- * is compatible with section mappings if this region has the
2442 -- * appropriate size and physical alignment. (Sections are 2 MB
2443 -- * on 4k granule kernels)
2444 -- */
2445 -- if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M)
2446 -- efi_virt_base = round_up(efi_virt_base, SZ_2M);
2447 -+ if (!regions_are_adjacent(prev, in) ||
2448 -+ !regions_have_compatible_memory_type_attrs(prev, in)) {
2449 -+
2450 -+ paddr = round_down(in->phys_addr, SZ_64K);
2451 -+ size += in->phys_addr - paddr;
2452 -+
2453 -+ /*
2454 -+ * Avoid wasting memory on PTEs by choosing a virtual
2455 -+ * base that is compatible with section mappings if this
2456 -+ * region has the appropriate size and physical
2457 -+ * alignment. (Sections are 2 MB on 4k granule kernels)
2458 -+ */
2459 -+ if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M)
2460 -+ efi_virt_base = round_up(efi_virt_base, SZ_2M);
2461 -+ else
2462 -+ efi_virt_base = round_up(efi_virt_base, SZ_64K);
2463 -+ }
2464 -
2465 - in->virt_addr = efi_virt_base + in->phys_addr - paddr;
2466 - efi_virt_base += size;
2467 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c
2468 -index b4d36f0..c098d76 100644
2469 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c
2470 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c
2471 -@@ -140,7 +140,7 @@ void amdgpu_irq_preinstall(struct drm_device *dev)
2472 - */
2473 - int amdgpu_irq_postinstall(struct drm_device *dev)
2474 - {
2475 -- dev->max_vblank_count = 0x001fffff;
2476 -+ dev->max_vblank_count = 0x00ffffff;
2477 - return 0;
2478 - }
2479 -
2480 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c
2481 -index 2abc661..ddcfbf3 100644
2482 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c
2483 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c
2484 -@@ -543,46 +543,60 @@ static int amdgpu_uvd_cs_msg(struct amdgpu_uvd_cs_ctx *ctx,
2485 - return -EINVAL;
2486 - }
2487 -
2488 -- if (msg_type == 1) {
2489 -+ switch (msg_type) {
2490 -+ case 0:
2491 -+ /* it's a create msg, calc image size (width * height) */
2492 -+ amdgpu_bo_kunmap(bo);
2493 -+
2494 -+ /* try to alloc a new handle */
2495 -+ for (i = 0; i < AMDGPU_MAX_UVD_HANDLES; ++i) {
2496 -+ if (atomic_read(&adev->uvd.handles[i]) == handle) {
2497 -+ DRM_ERROR("Handle 0x%x already in use!\n", handle);
2498 -+ return -EINVAL;
2499 -+ }
2500 -+
2501 -+ if (!atomic_cmpxchg(&adev->uvd.handles[i], 0, handle)) {
2502 -+ adev->uvd.filp[i] = ctx->parser->filp;
2503 -+ return 0;
2504 -+ }
2505 -+ }
2506 -+
2507 -+ DRM_ERROR("No more free UVD handles!\n");
2508 -+ return -EINVAL;
2509 -+
2510 -+ case 1:
2511 - /* it's a decode msg, calc buffer sizes */
2512 - r = amdgpu_uvd_cs_msg_decode(msg, ctx->buf_sizes);
2513 - amdgpu_bo_kunmap(bo);
2514 - if (r)
2515 - return r;
2516 -
2517 -- } else if (msg_type == 2) {
2518 -+ /* validate the handle */
2519 -+ for (i = 0; i < AMDGPU_MAX_UVD_HANDLES; ++i) {
2520 -+ if (atomic_read(&adev->uvd.handles[i]) == handle) {
2521 -+ if (adev->uvd.filp[i] != ctx->parser->filp) {
2522 -+ DRM_ERROR("UVD handle collision detected!\n");
2523 -+ return -EINVAL;
2524 -+ }
2525 -+ return 0;
2526 -+ }
2527 -+ }
2528 -+
2529 -+ DRM_ERROR("Invalid UVD handle 0x%x!\n", handle);
2530 -+ return -ENOENT;
2531 -+
2532 -+ case 2:
2533 - /* it's a destroy msg, free the handle */
2534 - for (i = 0; i < AMDGPU_MAX_UVD_HANDLES; ++i)
2535 - atomic_cmpxchg(&adev->uvd.handles[i], handle, 0);
2536 - amdgpu_bo_kunmap(bo);
2537 - return 0;
2538 -- } else {
2539 -- /* it's a create msg */
2540 -- amdgpu_bo_kunmap(bo);
2541 --
2542 -- if (msg_type != 0) {
2543 -- DRM_ERROR("Illegal UVD message type (%d)!\n", msg_type);
2544 -- return -EINVAL;
2545 -- }
2546 --
2547 -- /* it's a create msg, no special handling needed */
2548 -- }
2549 --
2550 -- /* create or decode, validate the handle */
2551 -- for (i = 0; i < AMDGPU_MAX_UVD_HANDLES; ++i) {
2552 -- if (atomic_read(&adev->uvd.handles[i]) == handle)
2553 -- return 0;
2554 -- }
2555 -
2556 -- /* handle not found try to alloc a new one */
2557 -- for (i = 0; i < AMDGPU_MAX_UVD_HANDLES; ++i) {
2558 -- if (!atomic_cmpxchg(&adev->uvd.handles[i], 0, handle)) {
2559 -- adev->uvd.filp[i] = ctx->parser->filp;
2560 -- return 0;
2561 -- }
2562 -+ default:
2563 -+ DRM_ERROR("Illegal UVD message type (%d)!\n", msg_type);
2564 -+ return -EINVAL;
2565 - }
2566 --
2567 -- DRM_ERROR("No more free UVD handles!\n");
2568 -+ BUG();
2569 - return -EINVAL;
2570 - }
2571 -
2572 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
2573 -index 9a4e3b6..b07402f 100644
2574 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
2575 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
2576 -@@ -787,7 +787,7 @@ int amdgpu_vm_bo_update(struct amdgpu_device *adev,
2577 - int r;
2578 -
2579 - if (mem) {
2580 -- addr = mem->start << PAGE_SHIFT;
2581 -+ addr = (u64)mem->start << PAGE_SHIFT;
2582 - if (mem->mem_type != TTM_PL_TT)
2583 - addr += adev->vm_manager.vram_base_offset;
2584 - } else {
2585 -diff --git a/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c b/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
2586 -index ae8caca..e605574 100644
2587 ---- a/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
2588 -+++ b/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
2589 -@@ -1279,8 +1279,7 @@ amdgpu_atombios_encoder_setup_dig(struct drm_encoder *encoder, int action)
2590 - amdgpu_atombios_encoder_setup_dig_encoder(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0);
2591 - }
2592 - if (amdgpu_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT))
2593 -- amdgpu_atombios_encoder_setup_dig_transmitter(encoder,
2594 -- ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0);
2595 -+ amdgpu_atombios_encoder_set_backlight_level(amdgpu_encoder, dig->backlight_level);
2596 - if (ext_encoder)
2597 - amdgpu_atombios_encoder_setup_external_encoder(encoder, ext_encoder, ATOM_ENABLE);
2598 - } else {
2599 -diff --git a/drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c b/drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c
2600 -index 4efd671..9488ea6 100644
2601 ---- a/drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c
2602 -+++ b/drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c
2603 -@@ -224,11 +224,11 @@ static int uvd_v4_2_suspend(void *handle)
2604 - int r;
2605 - struct amdgpu_device *adev = (struct amdgpu_device *)handle;
2606 -
2607 -- r = uvd_v4_2_hw_fini(adev);
2608 -+ r = amdgpu_uvd_suspend(adev);
2609 - if (r)
2610 - return r;
2611 -
2612 -- r = amdgpu_uvd_suspend(adev);
2613 -+ r = uvd_v4_2_hw_fini(adev);
2614 - if (r)
2615 - return r;
2616 -
2617 -diff --git a/drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c b/drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c
2618 -index b756bd9..d0ed998 100644
2619 ---- a/drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c
2620 -+++ b/drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c
2621 -@@ -220,11 +220,11 @@ static int uvd_v5_0_suspend(void *handle)
2622 - int r;
2623 - struct amdgpu_device *adev = (struct amdgpu_device *)handle;
2624 -
2625 -- r = uvd_v5_0_hw_fini(adev);
2626 -+ r = amdgpu_uvd_suspend(adev);
2627 - if (r)
2628 - return r;
2629 -
2630 -- r = amdgpu_uvd_suspend(adev);
2631 -+ r = uvd_v5_0_hw_fini(adev);
2632 - if (r)
2633 - return r;
2634 -
2635 -diff --git a/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c b/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c
2636 -index 49aa931..345eb76 100644
2637 ---- a/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c
2638 -+++ b/drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c
2639 -@@ -214,11 +214,11 @@ static int uvd_v6_0_suspend(void *handle)
2640 - int r;
2641 - struct amdgpu_device *adev = (struct amdgpu_device *)handle;
2642 -
2643 -- r = uvd_v6_0_hw_fini(adev);
2644 -+ r = amdgpu_uvd_suspend(adev);
2645 - if (r)
2646 - return r;
2647 -
2648 -- r = amdgpu_uvd_suspend(adev);
2649 -+ r = uvd_v6_0_hw_fini(adev);
2650 - if (r)
2651 - return r;
2652 -
2653 -diff --git a/drivers/gpu/drm/amd/amdgpu/vi.c b/drivers/gpu/drm/amd/amdgpu/vi.c
2654 -index 68552da..4f58a1e 100644
2655 ---- a/drivers/gpu/drm/amd/amdgpu/vi.c
2656 -+++ b/drivers/gpu/drm/amd/amdgpu/vi.c
2657 -@@ -1290,7 +1290,8 @@ static int vi_common_early_init(void *handle)
2658 - case CHIP_CARRIZO:
2659 - adev->has_uvd = true;
2660 - adev->cg_flags = 0;
2661 -- adev->pg_flags = AMDGPU_PG_SUPPORT_UVD | AMDGPU_PG_SUPPORT_VCE;
2662 -+ /* Disable UVD pg */
2663 -+ adev->pg_flags = /* AMDGPU_PG_SUPPORT_UVD | */AMDGPU_PG_SUPPORT_VCE;
2664 - adev->external_rev_id = adev->rev_id + 0x1;
2665 - if (amdgpu_smc_load_fw && smc_enabled)
2666 - adev->firmware.smu_load = true;
2667 -diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
2668 -index eb603f1de..969e789 100644
2669 ---- a/drivers/gpu/drm/drm_dp_mst_topology.c
2670 -+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
2671 -@@ -804,8 +804,6 @@ static void drm_dp_destroy_mst_branch_device(struct kref *kref)
2672 - struct drm_dp_mst_port *port, *tmp;
2673 - bool wake_tx = false;
2674 -
2675 -- cancel_work_sync(&mstb->mgr->work);
2676 --
2677 - /*
2678 - * destroy all ports - don't need lock
2679 - * as there are no more references to the mst branch
2680 -@@ -863,29 +861,33 @@ static void drm_dp_destroy_port(struct kref *kref)
2681 - {
2682 - struct drm_dp_mst_port *port = container_of(kref, struct drm_dp_mst_port, kref);
2683 - struct drm_dp_mst_topology_mgr *mgr = port->mgr;
2684 -+
2685 - if (!port->input) {
2686 - port->vcpi.num_slots = 0;
2687 -
2688 - kfree(port->cached_edid);
2689 -
2690 -- /* we can't destroy the connector here, as
2691 -- we might be holding the mode_config.mutex
2692 -- from an EDID retrieval */
2693 -+ /*
2694 -+ * The only time we don't have a connector
2695 -+ * on an output port is if the connector init
2696 -+ * fails.
2697 -+ */
2698 - if (port->connector) {
2699 -+ /* we can't destroy the connector here, as
2700 -+ * we might be holding the mode_config.mutex
2701 -+ * from an EDID retrieval */
2702 -+
2703 - mutex_lock(&mgr->destroy_connector_lock);
2704 - list_add(&port->next, &mgr->destroy_connector_list);
2705 - mutex_unlock(&mgr->destroy_connector_lock);
2706 - schedule_work(&mgr->destroy_connector_work);
2707 - return;
2708 - }
2709 -+ /* no need to clean up vcpi
2710 -+ * as if we have no connector we never setup a vcpi */
2711 - drm_dp_port_teardown_pdt(port, port->pdt);
2712 --
2713 -- if (!port->input && port->vcpi.vcpi > 0)
2714 -- drm_dp_mst_put_payload_id(mgr, port->vcpi.vcpi);
2715 - }
2716 - kfree(port);
2717 --
2718 -- (*mgr->cbs->hotplug)(mgr);
2719 - }
2720 -
2721 - static void drm_dp_put_port(struct drm_dp_mst_port *port)
2722 -@@ -1115,12 +1117,21 @@ static void drm_dp_add_port(struct drm_dp_mst_branch *mstb,
2723 - char proppath[255];
2724 - build_mst_prop_path(port, mstb, proppath, sizeof(proppath));
2725 - port->connector = (*mstb->mgr->cbs->add_connector)(mstb->mgr, port, proppath);
2726 --
2727 -+ if (!port->connector) {
2728 -+ /* remove it from the port list */
2729 -+ mutex_lock(&mstb->mgr->lock);
2730 -+ list_del(&port->next);
2731 -+ mutex_unlock(&mstb->mgr->lock);
2732 -+ /* drop port list reference */
2733 -+ drm_dp_put_port(port);
2734 -+ goto out;
2735 -+ }
2736 - if (port->port_num >= 8) {
2737 - port->cached_edid = drm_get_edid(port->connector, &port->aux.ddc);
2738 - }
2739 - }
2740 -
2741 -+out:
2742 - /* put reference to this port */
2743 - drm_dp_put_port(port);
2744 - }
2745 -@@ -1978,6 +1989,8 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr)
2746 - drm_dp_dpcd_writeb(mgr->aux, DP_MSTM_CTRL,
2747 - DP_MST_EN | DP_UPSTREAM_IS_SRC);
2748 - mutex_unlock(&mgr->lock);
2749 -+ flush_work(&mgr->work);
2750 -+ flush_work(&mgr->destroy_connector_work);
2751 - }
2752 - EXPORT_SYMBOL(drm_dp_mst_topology_mgr_suspend);
2753 -
2754 -@@ -2661,7 +2674,7 @@ static void drm_dp_destroy_connector_work(struct work_struct *work)
2755 - {
2756 - struct drm_dp_mst_topology_mgr *mgr = container_of(work, struct drm_dp_mst_topology_mgr, destroy_connector_work);
2757 - struct drm_dp_mst_port *port;
2758 --
2759 -+ bool send_hotplug = false;
2760 - /*
2761 - * Not a regular list traverse as we have to drop the destroy
2762 - * connector lock before destroying the connector, to avoid AB->BA
2763 -@@ -2684,7 +2697,10 @@ static void drm_dp_destroy_connector_work(struct work_struct *work)
2764 - if (!port->input && port->vcpi.vcpi > 0)
2765 - drm_dp_mst_put_payload_id(mgr, port->vcpi.vcpi);
2766 - kfree(port);
2767 -+ send_hotplug = true;
2768 - }
2769 -+ if (send_hotplug)
2770 -+ (*mgr->cbs->hotplug)(mgr);
2771 - }
2772 -
2773 - /**
2774 -@@ -2737,6 +2753,7 @@ EXPORT_SYMBOL(drm_dp_mst_topology_mgr_init);
2775 - */
2776 - void drm_dp_mst_topology_mgr_destroy(struct drm_dp_mst_topology_mgr *mgr)
2777 - {
2778 -+ flush_work(&mgr->work);
2779 - flush_work(&mgr->destroy_connector_work);
2780 - mutex_lock(&mgr->payload_lock);
2781 - kfree(mgr->payloads);
2782 -diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
2783 -index f861361..4924d381 100644
2784 ---- a/drivers/gpu/drm/drm_lock.c
2785 -+++ b/drivers/gpu/drm/drm_lock.c
2786 -@@ -61,6 +61,9 @@ int drm_legacy_lock(struct drm_device *dev, void *data,
2787 - struct drm_master *master = file_priv->master;
2788 - int ret = 0;
2789 -
2790 -+ if (drm_core_check_feature(dev, DRIVER_MODESET))
2791 -+ return -EINVAL;
2792 -+
2793 - ++file_priv->lock_count;
2794 -
2795 - if (lock->context == DRM_KERNEL_CONTEXT) {
2796 -@@ -153,6 +156,9 @@ int drm_legacy_unlock(struct drm_device *dev, void *data, struct drm_file *file_
2797 - struct drm_lock *lock = data;
2798 - struct drm_master *master = file_priv->master;
2799 -
2800 -+ if (drm_core_check_feature(dev, DRIVER_MODESET))
2801 -+ return -EINVAL;
2802 -+
2803 - if (lock->context == DRM_KERNEL_CONTEXT) {
2804 - DRM_ERROR("Process %d using kernel context %d\n",
2805 - task_pid_nr(current), lock->context);
2806 -diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
2807 -index 198fc3c..17522f7 100644
2808 ---- a/drivers/gpu/drm/i915/intel_bios.c
2809 -+++ b/drivers/gpu/drm/i915/intel_bios.c
2810 -@@ -42,7 +42,7 @@ find_section(const void *_bdb, int section_id)
2811 - const struct bdb_header *bdb = _bdb;
2812 - const u8 *base = _bdb;
2813 - int index = 0;
2814 -- u16 total, current_size;
2815 -+ u32 total, current_size;
2816 - u8 current_id;
2817 -
2818 - /* skip to first section */
2819 -@@ -57,6 +57,10 @@ find_section(const void *_bdb, int section_id)
2820 - current_size = *((const u16 *)(base + index));
2821 - index += 2;
2822 -
2823 -+ /* The MIPI Sequence Block v3+ has a separate size field. */
2824 -+ if (current_id == BDB_MIPI_SEQUENCE && *(base + index) >= 3)
2825 -+ current_size = *((const u32 *)(base + index + 1));
2826 -+
2827 - if (index + current_size > total)
2828 - return NULL;
2829 -
2830 -@@ -859,6 +863,12 @@ parse_mipi(struct drm_i915_private *dev_priv, const struct bdb_header *bdb)
2831 - return;
2832 - }
2833 -
2834 -+ /* Fail gracefully for forward incompatible sequence block. */
2835 -+ if (sequence->version >= 3) {
2836 -+ DRM_ERROR("Unable to parse MIPI Sequence Block v3+\n");
2837 -+ return;
2838 -+ }
2839 -+
2840 - DRM_DEBUG_DRIVER("Found MIPI sequence block\n");
2841 -
2842 - block_size = get_blocksize(sequence);
2843 -diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c
2844 -index 7c6225c..4649bd2 100644
2845 ---- a/drivers/gpu/drm/qxl/qxl_display.c
2846 -+++ b/drivers/gpu/drm/qxl/qxl_display.c
2847 -@@ -618,7 +618,7 @@ static int qxl_crtc_mode_set(struct drm_crtc *crtc,
2848 - adjusted_mode->hdisplay,
2849 - adjusted_mode->vdisplay);
2850 -
2851 -- if (qcrtc->index == 0)
2852 -+ if (bo->is_primary == false)
2853 - recreate_primary = true;
2854 -
2855 - if (bo->surf.stride * bo->surf.height > qdev->vram_size) {
2856 -@@ -886,13 +886,15 @@ static enum drm_connector_status qxl_conn_detect(
2857 - drm_connector_to_qxl_output(connector);
2858 - struct drm_device *ddev = connector->dev;
2859 - struct qxl_device *qdev = ddev->dev_private;
2860 -- int connected;
2861 -+ bool connected = false;
2862 -
2863 - /* The first monitor is always connected */
2864 -- connected = (output->index == 0) ||
2865 -- (qdev->client_monitors_config &&
2866 -- qdev->client_monitors_config->count > output->index &&
2867 -- qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]));
2868 -+ if (!qdev->client_monitors_config) {
2869 -+ if (output->index == 0)
2870 -+ connected = true;
2871 -+ } else
2872 -+ connected = qdev->client_monitors_config->count > output->index &&
2873 -+ qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]);
2874 -
2875 - DRM_DEBUG("#%d connected: %d\n", output->index, connected);
2876 - if (!connected)
2877 -diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
2878 -index c387259..65adb9c 100644
2879 ---- a/drivers/gpu/drm/radeon/atombios_encoders.c
2880 -+++ b/drivers/gpu/drm/radeon/atombios_encoders.c
2881 -@@ -1624,8 +1624,9 @@ radeon_atom_encoder_dpms_avivo(struct drm_encoder *encoder, int mode)
2882 - } else
2883 - atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
2884 - if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) {
2885 -- args.ucAction = ATOM_LCD_BLON;
2886 -- atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
2887 -+ struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv;
2888 -+
2889 -+ atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
2890 - }
2891 - break;
2892 - case DRM_MODE_DPMS_STANDBY:
2893 -@@ -1706,8 +1707,7 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode)
2894 - atombios_dig_encoder_setup(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0);
2895 - }
2896 - if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT))
2897 -- atombios_dig_transmitter_setup(encoder,
2898 -- ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0);
2899 -+ atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
2900 - if (ext_encoder)
2901 - atombios_external_encoder_setup(encoder, ext_encoder, ATOM_ENABLE);
2902 - break;
2903 -diff --git a/drivers/hv/hv_utils_transport.c b/drivers/hv/hv_utils_transport.c
2904 -index ea7ba5e..6a9d80a 100644
2905 ---- a/drivers/hv/hv_utils_transport.c
2906 -+++ b/drivers/hv/hv_utils_transport.c
2907 -@@ -186,7 +186,7 @@ int hvutil_transport_send(struct hvutil_transport *hvt, void *msg, int len)
2908 - return -EINVAL;
2909 - } else if (hvt->mode == HVUTIL_TRANSPORT_NETLINK) {
2910 - cn_msg = kzalloc(sizeof(*cn_msg) + len, GFP_ATOMIC);
2911 -- if (!msg)
2912 -+ if (!cn_msg)
2913 - return -ENOMEM;
2914 - cn_msg->id.idx = hvt->cn_id.idx;
2915 - cn_msg->id.val = hvt->cn_id.val;
2916 -diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c
2917 -index bd1c99d..2aaedbe 100644
2918 ---- a/drivers/hwmon/nct6775.c
2919 -+++ b/drivers/hwmon/nct6775.c
2920 -@@ -354,6 +354,10 @@ static const u16 NCT6775_REG_TEMP_CRIT[ARRAY_SIZE(nct6775_temp_label) - 1]
2921 -
2922 - /* NCT6776 specific data */
2923 -
2924 -+/* STEP_UP_TIME and STEP_DOWN_TIME regs are swapped for all chips but NCT6775 */
2925 -+#define NCT6776_REG_FAN_STEP_UP_TIME NCT6775_REG_FAN_STEP_DOWN_TIME
2926 -+#define NCT6776_REG_FAN_STEP_DOWN_TIME NCT6775_REG_FAN_STEP_UP_TIME
2927 -+
2928 - static const s8 NCT6776_ALARM_BITS[] = {
2929 - 0, 1, 2, 3, 8, 21, 20, 16, /* in0.. in7 */
2930 - 17, -1, -1, -1, -1, -1, -1, /* in8..in14 */
2931 -@@ -3528,8 +3532,8 @@ static int nct6775_probe(struct platform_device *pdev)
2932 - data->REG_FAN_PULSES = NCT6776_REG_FAN_PULSES;
2933 - data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
2934 - data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
2935 -- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
2936 -- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
2937 -+ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
2938 -+ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
2939 - data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
2940 - data->REG_PWM[0] = NCT6775_REG_PWM;
2941 - data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
2942 -@@ -3600,8 +3604,8 @@ static int nct6775_probe(struct platform_device *pdev)
2943 - data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES;
2944 - data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
2945 - data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
2946 -- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
2947 -- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
2948 -+ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
2949 -+ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
2950 - data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
2951 - data->REG_PWM[0] = NCT6775_REG_PWM;
2952 - data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
2953 -@@ -3677,8 +3681,8 @@ static int nct6775_probe(struct platform_device *pdev)
2954 - data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES;
2955 - data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
2956 - data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
2957 -- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
2958 -- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
2959 -+ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
2960 -+ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
2961 - data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
2962 - data->REG_PWM[0] = NCT6775_REG_PWM;
2963 - data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
2964 -diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
2965 -index d851e18..85761b7 100644
2966 ---- a/drivers/infiniband/ulp/isert/ib_isert.c
2967 -+++ b/drivers/infiniband/ulp/isert/ib_isert.c
2968 -@@ -3012,9 +3012,16 @@ isert_get_dataout(struct iscsi_conn *conn, struct iscsi_cmd *cmd, bool recovery)
2969 - static int
2970 - isert_immediate_queue(struct iscsi_conn *conn, struct iscsi_cmd *cmd, int state)
2971 - {
2972 -- int ret;
2973 -+ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd);
2974 -+ int ret = 0;
2975 -
2976 - switch (state) {
2977 -+ case ISTATE_REMOVE:
2978 -+ spin_lock_bh(&conn->cmd_lock);
2979 -+ list_del_init(&cmd->i_conn_node);
2980 -+ spin_unlock_bh(&conn->cmd_lock);
2981 -+ isert_put_cmd(isert_cmd, true);
2982 -+ break;
2983 - case ISTATE_SEND_NOPIN_WANT_RESPONSE:
2984 - ret = isert_put_nopin(cmd, conn, false);
2985 - break;
2986 -@@ -3379,6 +3386,41 @@ isert_wait4flush(struct isert_conn *isert_conn)
2987 - wait_for_completion(&isert_conn->wait_comp_err);
2988 - }
2989 -
2990 -+/**
2991 -+ * isert_put_unsol_pending_cmds() - Drop commands waiting for
2992 -+ * unsolicitate dataout
2993 -+ * @conn: iscsi connection
2994 -+ *
2995 -+ * We might still have commands that are waiting for unsolicited
2996 -+ * dataouts messages. We must put the extra reference on those
2997 -+ * before blocking on the target_wait_for_session_cmds
2998 -+ */
2999 -+static void
3000 -+isert_put_unsol_pending_cmds(struct iscsi_conn *conn)
3001 -+{
3002 -+ struct iscsi_cmd *cmd, *tmp;
3003 -+ static LIST_HEAD(drop_cmd_list);
3004 -+
3005 -+ spin_lock_bh(&conn->cmd_lock);
3006 -+ list_for_each_entry_safe(cmd, tmp, &conn->conn_cmd_list, i_conn_node) {
3007 -+ if ((cmd->cmd_flags & ICF_NON_IMMEDIATE_UNSOLICITED_DATA) &&
3008 -+ (cmd->write_data_done < conn->sess->sess_ops->FirstBurstLength) &&
3009 -+ (cmd->write_data_done < cmd->se_cmd.data_length))
3010 -+ list_move_tail(&cmd->i_conn_node, &drop_cmd_list);
3011 -+ }
3012 -+ spin_unlock_bh(&conn->cmd_lock);
3013 -+
3014 -+ list_for_each_entry_safe(cmd, tmp, &drop_cmd_list, i_conn_node) {
3015 -+ list_del_init(&cmd->i_conn_node);
3016 -+ if (cmd->i_state != ISTATE_REMOVE) {
3017 -+ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd);
3018 -+
3019 -+ isert_info("conn %p dropping cmd %p\n", conn, cmd);
3020 -+ isert_put_cmd(isert_cmd, true);
3021 -+ }
3022 -+ }
3023 -+}
3024 -+
3025 - static void isert_wait_conn(struct iscsi_conn *conn)
3026 - {
3027 - struct isert_conn *isert_conn = conn->context;
3028 -@@ -3397,8 +3439,9 @@ static void isert_wait_conn(struct iscsi_conn *conn)
3029 - isert_conn_terminate(isert_conn);
3030 - mutex_unlock(&isert_conn->mutex);
3031 -
3032 -- isert_wait4cmds(conn);
3033 - isert_wait4flush(isert_conn);
3034 -+ isert_put_unsol_pending_cmds(conn);
3035 -+ isert_wait4cmds(conn);
3036 - isert_wait4logout(isert_conn);
3037 -
3038 - queue_work(isert_release_wq, &isert_conn->release_work);
3039 -diff --git a/drivers/irqchip/irq-atmel-aic5.c b/drivers/irqchip/irq-atmel-aic5.c
3040 -index 459bf44..7e077bf 100644
3041 ---- a/drivers/irqchip/irq-atmel-aic5.c
3042 -+++ b/drivers/irqchip/irq-atmel-aic5.c
3043 -@@ -88,28 +88,36 @@ static void aic5_mask(struct irq_data *d)
3044 - {
3045 - struct irq_domain *domain = d->domain;
3046 - struct irq_domain_chip_generic *dgc = domain->gc;
3047 -- struct irq_chip_generic *gc = dgc->gc[0];
3048 -+ struct irq_chip_generic *bgc = dgc->gc[0];
3049 -+ struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
3050 -
3051 -- /* Disable interrupt on AIC5 */
3052 -- irq_gc_lock(gc);
3053 -+ /*
3054 -+ * Disable interrupt on AIC5. We always take the lock of the
3055 -+ * first irq chip as all chips share the same registers.
3056 -+ */
3057 -+ irq_gc_lock(bgc);
3058 - irq_reg_writel(gc, d->hwirq, AT91_AIC5_SSR);
3059 - irq_reg_writel(gc, 1, AT91_AIC5_IDCR);
3060 - gc->mask_cache &= ~d->mask;
3061 -- irq_gc_unlock(gc);
3062 -+ irq_gc_unlock(bgc);
3063 - }
3064 -
3065 - static void aic5_unmask(struct irq_data *d)
3066 - {
3067 - struct irq_domain *domain = d->domain;
3068 - struct irq_domain_chip_generic *dgc = domain->gc;
3069 -- struct irq_chip_generic *gc = dgc->gc[0];
3070 -+ struct irq_chip_generic *bgc = dgc->gc[0];
3071 -+ struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
3072 -
3073 -- /* Enable interrupt on AIC5 */
3074 -- irq_gc_lock(gc);
3075 -+ /*
3076 -+ * Enable interrupt on AIC5. We always take the lock of the
3077 -+ * first irq chip as all chips share the same registers.
3078 -+ */
3079 -+ irq_gc_lock(bgc);
3080 - irq_reg_writel(gc, d->hwirq, AT91_AIC5_SSR);
3081 - irq_reg_writel(gc, 1, AT91_AIC5_IECR);
3082 - gc->mask_cache |= d->mask;
3083 -- irq_gc_unlock(gc);
3084 -+ irq_gc_unlock(bgc);
3085 - }
3086 -
3087 - static int aic5_retrigger(struct irq_data *d)
3088 -diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
3089 -index c00e2db..9a791dd 100644
3090 ---- a/drivers/irqchip/irq-gic-v3-its.c
3091 -+++ b/drivers/irqchip/irq-gic-v3-its.c
3092 -@@ -921,8 +921,10 @@ retry_baser:
3093 - * non-cacheable as well.
3094 - */
3095 - shr = tmp & GITS_BASER_SHAREABILITY_MASK;
3096 -- if (!shr)
3097 -+ if (!shr) {
3098 - cache = GITS_BASER_nC;
3099 -+ __flush_dcache_area(base, alloc_size);
3100 -+ }
3101 - goto retry_baser;
3102 - }
3103 -
3104 -@@ -1163,6 +1165,8 @@ static struct its_device *its_create_device(struct its_node *its, u32 dev_id,
3105 - return NULL;
3106 - }
3107 -
3108 -+ __flush_dcache_area(itt, sz);
3109 -+
3110 - dev->its = its;
3111 - dev->itt = itt;
3112 - dev->nr_ites = nr_ites;
3113 -diff --git a/drivers/leds/Kconfig b/drivers/leds/Kconfig
3114 -index 9ad35f7..433fb9d 100644
3115 ---- a/drivers/leds/Kconfig
3116 -+++ b/drivers/leds/Kconfig
3117 -@@ -229,7 +229,7 @@ config LEDS_LP55XX_COMMON
3118 - tristate "Common Driver for TI/National LP5521/5523/55231/5562/8501"
3119 - depends on LEDS_LP5521 || LEDS_LP5523 || LEDS_LP5562 || LEDS_LP8501
3120 - select FW_LOADER
3121 -- select FW_LOADER_USER_HELPER_FALLBACK
3122 -+ select FW_LOADER_USER_HELPER
3123 - help
3124 - This option supports common operations for LP5521/5523/55231/5562/8501
3125 - devices.
3126 -diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c
3127 -index beabfbc..ca51d58 100644
3128 ---- a/drivers/leds/led-class.c
3129 -+++ b/drivers/leds/led-class.c
3130 -@@ -228,12 +228,15 @@ static int led_classdev_next_name(const char *init_name, char *name,
3131 - {
3132 - unsigned int i = 0;
3133 - int ret = 0;
3134 -+ struct device *dev;
3135 -
3136 - strlcpy(name, init_name, len);
3137 -
3138 -- while (class_find_device(leds_class, NULL, name, match_name) &&
3139 -- (ret < len))
3140 -+ while ((ret < len) &&
3141 -+ (dev = class_find_device(leds_class, NULL, name, match_name))) {
3142 -+ put_device(dev);
3143 - ret = snprintf(name, len, "%s_%u", init_name, ++i);
3144 -+ }
3145 -
3146 - if (ret >= len)
3147 - return -ENOMEM;
3148 -diff --git a/drivers/macintosh/windfarm_core.c b/drivers/macintosh/windfarm_core.c
3149 -index 3ee198b..cc7ece1 100644
3150 ---- a/drivers/macintosh/windfarm_core.c
3151 -+++ b/drivers/macintosh/windfarm_core.c
3152 -@@ -435,7 +435,7 @@ int wf_unregister_client(struct notifier_block *nb)
3153 - {
3154 - mutex_lock(&wf_lock);
3155 - blocking_notifier_chain_unregister(&wf_client_list, nb);
3156 -- wf_client_count++;
3157 -+ wf_client_count--;
3158 - if (wf_client_count == 0)
3159 - wf_stop_thread();
3160 - mutex_unlock(&wf_lock);
3161 -diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
3162 -index e51de52..48b5890 100644
3163 ---- a/drivers/md/bitmap.c
3164 -+++ b/drivers/md/bitmap.c
3165 -@@ -1997,7 +1997,8 @@ int bitmap_resize(struct bitmap *bitmap, sector_t blocks,
3166 - if (bitmap->mddev->bitmap_info.offset || bitmap->mddev->bitmap_info.file)
3167 - ret = bitmap_storage_alloc(&store, chunks,
3168 - !bitmap->mddev->bitmap_info.external,
3169 -- bitmap->cluster_slot);
3170 -+ mddev_is_clustered(bitmap->mddev)
3171 -+ ? bitmap->cluster_slot : 0);
3172 - if (ret)
3173 - goto err;
3174 -
3175 -diff --git a/drivers/md/dm-cache-policy-cleaner.c b/drivers/md/dm-cache-policy-cleaner.c
3176 -index 240c9f0..8a09645 100644
3177 ---- a/drivers/md/dm-cache-policy-cleaner.c
3178 -+++ b/drivers/md/dm-cache-policy-cleaner.c
3179 -@@ -436,7 +436,7 @@ static struct dm_cache_policy *wb_create(dm_cblock_t cache_size,
3180 - static struct dm_cache_policy_type wb_policy_type = {
3181 - .name = "cleaner",
3182 - .version = {1, 0, 0},
3183 -- .hint_size = 0,
3184 -+ .hint_size = 4,
3185 - .owner = THIS_MODULE,
3186 - .create = wb_create
3187 - };
3188 -diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
3189 -index 0f48fed..0d28c5b 100644
3190 ---- a/drivers/md/dm-crypt.c
3191 -+++ b/drivers/md/dm-crypt.c
3192 -@@ -968,7 +968,8 @@ static void crypt_free_buffer_pages(struct crypt_config *cc, struct bio *clone);
3193 -
3194 - /*
3195 - * Generate a new unfragmented bio with the given size
3196 -- * This should never violate the device limitations
3197 -+ * This should never violate the device limitations (but only because
3198 -+ * max_segment_size is being constrained to PAGE_SIZE).
3199 - *
3200 - * This function may be called concurrently. If we allocate from the mempool
3201 - * concurrently, there is a possibility of deadlock. For example, if we have
3202 -@@ -2058,9 +2059,20 @@ static int crypt_iterate_devices(struct dm_target *ti,
3203 - return fn(ti, cc->dev, cc->start, ti->len, data);
3204 - }
3205 -
3206 -+static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits)
3207 -+{
3208 -+ /*
3209 -+ * Unfortunate constraint that is required to avoid the potential
3210 -+ * for exceeding underlying device's max_segments limits -- due to
3211 -+ * crypt_alloc_buffer() possibly allocating pages for the encryption
3212 -+ * bio that are not as physically contiguous as the original bio.
3213 -+ */
3214 -+ limits->max_segment_size = PAGE_SIZE;
3215 -+}
3216 -+
3217 - static struct target_type crypt_target = {
3218 - .name = "crypt",
3219 -- .version = {1, 14, 0},
3220 -+ .version = {1, 14, 1},
3221 - .module = THIS_MODULE,
3222 - .ctr = crypt_ctr,
3223 - .dtr = crypt_dtr,
3224 -@@ -2072,6 +2084,7 @@ static struct target_type crypt_target = {
3225 - .message = crypt_message,
3226 - .merge = crypt_merge,
3227 - .iterate_devices = crypt_iterate_devices,
3228 -+ .io_hints = crypt_io_hints,
3229 - };
3230 -
3231 - static int __init dm_crypt_init(void)
3232 -diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
3233 -index 2daa677..1257d48 100644
3234 ---- a/drivers/md/dm-raid.c
3235 -+++ b/drivers/md/dm-raid.c
3236 -@@ -329,8 +329,7 @@ static int validate_region_size(struct raid_set *rs, unsigned long region_size)
3237 - */
3238 - if (min_region_size > (1 << 13)) {
3239 - /* If not a power of 2, make it the next power of 2 */
3240 -- if (min_region_size & (min_region_size - 1))
3241 -- region_size = 1 << fls(region_size);
3242 -+ region_size = roundup_pow_of_two(min_region_size);
3243 - DMINFO("Choosing default region size of %lu sectors",
3244 - region_size);
3245 - } else {
3246 -diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
3247 -index d2bbe8c..75aef24 100644
3248 ---- a/drivers/md/dm-thin.c
3249 -+++ b/drivers/md/dm-thin.c
3250 -@@ -4333,6 +4333,10 @@ static void thin_io_hints(struct dm_target *ti, struct queue_limits *limits)
3251 - {
3252 - struct thin_c *tc = ti->private;
3253 - struct pool *pool = tc->pool;
3254 -+ struct queue_limits *pool_limits = dm_get_queue_limits(pool->pool_md);
3255 -+
3256 -+ if (!pool_limits->discard_granularity)
3257 -+ return; /* pool's discard support is disabled */
3258 -
3259 - limits->discard_granularity = pool->sectors_per_block << SECTOR_SHIFT;
3260 - limits->max_discard_sectors = 2048 * 1024 * 16; /* 16G */
3261 -diff --git a/drivers/md/dm.c b/drivers/md/dm.c
3262 -index 0d7ab20..3e32f4e 100644
3263 ---- a/drivers/md/dm.c
3264 -+++ b/drivers/md/dm.c
3265 -@@ -2952,8 +2952,6 @@ static void __dm_destroy(struct mapped_device *md, bool wait)
3266 -
3267 - might_sleep();
3268 -
3269 -- map = dm_get_live_table(md, &srcu_idx);
3270 --
3271 - spin_lock(&_minor_lock);
3272 - idr_replace(&_minor_idr, MINOR_ALLOCED, MINOR(disk_devt(dm_disk(md))));
3273 - set_bit(DMF_FREEING, &md->flags);
3274 -@@ -2967,14 +2965,14 @@ static void __dm_destroy(struct mapped_device *md, bool wait)
3275 - * do not race with internal suspend.
3276 - */
3277 - mutex_lock(&md->suspend_lock);
3278 -+ map = dm_get_live_table(md, &srcu_idx);
3279 - if (!dm_suspended_md(md)) {
3280 - dm_table_presuspend_targets(map);
3281 - dm_table_postsuspend_targets(map);
3282 - }
3283 -- mutex_unlock(&md->suspend_lock);
3284 --
3285 - /* dm_put_live_table must be before msleep, otherwise deadlock is possible */
3286 - dm_put_live_table(md, srcu_idx);
3287 -+ mutex_unlock(&md->suspend_lock);
3288 -
3289 - /*
3290 - * Rare, but there may be I/O requests still going to complete,
3291 -diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
3292 -index efb654e..0875e5e 100644
3293 ---- a/drivers/md/raid0.c
3294 -+++ b/drivers/md/raid0.c
3295 -@@ -83,7 +83,7 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf)
3296 - char b[BDEVNAME_SIZE];
3297 - char b2[BDEVNAME_SIZE];
3298 - struct r0conf *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
3299 -- bool discard_supported = false;
3300 -+ unsigned short blksize = 512;
3301 -
3302 - if (!conf)
3303 - return -ENOMEM;
3304 -@@ -98,6 +98,9 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf)
3305 - sector_div(sectors, mddev->chunk_sectors);
3306 - rdev1->sectors = sectors * mddev->chunk_sectors;
3307 -
3308 -+ blksize = max(blksize, queue_logical_block_size(
3309 -+ rdev1->bdev->bd_disk->queue));
3310 -+
3311 - rdev_for_each(rdev2, mddev) {
3312 - pr_debug("md/raid0:%s: comparing %s(%llu)"
3313 - " with %s(%llu)\n",
3314 -@@ -134,6 +137,18 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf)
3315 - }
3316 - pr_debug("md/raid0:%s: FINAL %d zones\n",
3317 - mdname(mddev), conf->nr_strip_zones);
3318 -+ /*
3319 -+ * now since we have the hard sector sizes, we can make sure
3320 -+ * chunk size is a multiple of that sector size
3321 -+ */
3322 -+ if ((mddev->chunk_sectors << 9) % blksize) {
3323 -+ printk(KERN_ERR "md/raid0:%s: chunk_size of %d not multiple of block size %d\n",
3324 -+ mdname(mddev),
3325 -+ mddev->chunk_sectors << 9, blksize);
3326 -+ err = -EINVAL;
3327 -+ goto abort;
3328 -+ }
3329 -+
3330 - err = -ENOMEM;
3331 - conf->strip_zone = kzalloc(sizeof(struct strip_zone)*
3332 - conf->nr_strip_zones, GFP_KERNEL);
3333 -@@ -188,19 +203,12 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf)
3334 - }
3335 - dev[j] = rdev1;
3336 -
3337 -- if (mddev->queue)
3338 -- disk_stack_limits(mddev->gendisk, rdev1->bdev,
3339 -- rdev1->data_offset << 9);
3340 --
3341 - if (rdev1->bdev->bd_disk->queue->merge_bvec_fn)
3342 - conf->has_merge_bvec = 1;
3343 -
3344 - if (!smallest || (rdev1->sectors < smallest->sectors))
3345 - smallest = rdev1;
3346 - cnt++;
3347 --
3348 -- if (blk_queue_discard(bdev_get_queue(rdev1->bdev)))
3349 -- discard_supported = true;
3350 - }
3351 - if (cnt != mddev->raid_disks) {
3352 - printk(KERN_ERR "md/raid0:%s: too few disks (%d of %d) - "
3353 -@@ -261,28 +269,6 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf)
3354 - (unsigned long long)smallest->sectors);
3355 - }
3356 -
3357 -- /*
3358 -- * now since we have the hard sector sizes, we can make sure
3359 -- * chunk size is a multiple of that sector size
3360 -- */
3361 -- if ((mddev->chunk_sectors << 9) % queue_logical_block_size(mddev->queue)) {
3362 -- printk(KERN_ERR "md/raid0:%s: chunk_size of %d not valid\n",
3363 -- mdname(mddev),
3364 -- mddev->chunk_sectors << 9);
3365 -- goto abort;
3366 -- }
3367 --
3368 -- if (mddev->queue) {
3369 -- blk_queue_io_min(mddev->queue, mddev->chunk_sectors << 9);
3370 -- blk_queue_io_opt(mddev->queue,
3371 -- (mddev->chunk_sectors << 9) * mddev->raid_disks);
3372 --
3373 -- if (!discard_supported)
3374 -- queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
3375 -- else
3376 -- queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
3377 -- }
3378 --
3379 - pr_debug("md/raid0:%s: done.\n", mdname(mddev));
3380 - *private_conf = conf;
3381 -
3382 -@@ -433,12 +419,6 @@ static int raid0_run(struct mddev *mddev)
3383 - if (md_check_no_bitmap(mddev))
3384 - return -EINVAL;
3385 -
3386 -- if (mddev->queue) {
3387 -- blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors);
3388 -- blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors);
3389 -- blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors);
3390 -- }
3391 --
3392 - /* if private is not null, we are here after takeover */
3393 - if (mddev->private == NULL) {
3394 - ret = create_strip_zones(mddev, &conf);
3395 -@@ -447,6 +427,29 @@ static int raid0_run(struct mddev *mddev)
3396 - mddev->private = conf;
3397 - }
3398 - conf = mddev->private;
3399 -+ if (mddev->queue) {
3400 -+ struct md_rdev *rdev;
3401 -+ bool discard_supported = false;
3402 -+
3403 -+ blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors);
3404 -+ blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors);
3405 -+ blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors);
3406 -+
3407 -+ blk_queue_io_min(mddev->queue, mddev->chunk_sectors << 9);
3408 -+ blk_queue_io_opt(mddev->queue,
3409 -+ (mddev->chunk_sectors << 9) * mddev->raid_disks);
3410 -+
3411 -+ rdev_for_each(rdev, mddev) {
3412 -+ disk_stack_limits(mddev->gendisk, rdev->bdev,
3413 -+ rdev->data_offset << 9);
3414 -+ if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
3415 -+ discard_supported = true;
3416 -+ }
3417 -+ if (!discard_supported)
3418 -+ queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
3419 -+ else
3420 -+ queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue);
3421 -+ }
3422 -
3423 - /* calculate array device size */
3424 - md_set_array_sectors(mddev, raid0_size(mddev, 0, 0));
3425 -diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
3426 -index 9e3fdbd..2f4503a 100644
3427 ---- a/drivers/mmc/core/core.c
3428 -+++ b/drivers/mmc/core/core.c
3429 -@@ -134,9 +134,11 @@ void mmc_request_done(struct mmc_host *host, struct mmc_request *mrq)
3430 - int err = cmd->error;
3431 -
3432 - /* Flag re-tuning needed on CRC errors */
3433 -- if (err == -EILSEQ || (mrq->sbc && mrq->sbc->error == -EILSEQ) ||
3434 -+ if ((cmd->opcode != MMC_SEND_TUNING_BLOCK &&
3435 -+ cmd->opcode != MMC_SEND_TUNING_BLOCK_HS200) &&
3436 -+ (err == -EILSEQ || (mrq->sbc && mrq->sbc->error == -EILSEQ) ||
3437 - (mrq->data && mrq->data->error == -EILSEQ) ||
3438 -- (mrq->stop && mrq->stop->error == -EILSEQ))
3439 -+ (mrq->stop && mrq->stop->error == -EILSEQ)))
3440 - mmc_retune_needed(host);
3441 -
3442 - if (err && cmd->retries && mmc_host_is_spi(host)) {
3443 -diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c
3444 -index 99a9c90..79979e9 100644
3445 ---- a/drivers/mmc/core/host.c
3446 -+++ b/drivers/mmc/core/host.c
3447 -@@ -457,7 +457,7 @@ int mmc_of_parse(struct mmc_host *host)
3448 - 0, &cd_gpio_invert);
3449 - if (!ret)
3450 - dev_info(host->parent, "Got CD GPIO\n");
3451 -- else if (ret != -ENOENT)
3452 -+ else if (ret != -ENOENT && ret != -ENOSYS)
3453 - return ret;
3454 -
3455 - /*
3456 -@@ -481,7 +481,7 @@ int mmc_of_parse(struct mmc_host *host)
3457 - ret = mmc_gpiod_request_ro(host, "wp", 0, false, 0, &ro_gpio_invert);
3458 - if (!ret)
3459 - dev_info(host->parent, "Got WP GPIO\n");
3460 -- else if (ret != -ENOENT)
3461 -+ else if (ret != -ENOENT && ret != -ENOSYS)
3462 - return ret;
3463 -
3464 - if (of_property_read_bool(np, "disable-wp"))
3465 -diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
3466 -index 40e9d8e..e41fb74 100644
3467 ---- a/drivers/mmc/host/dw_mmc.c
3468 -+++ b/drivers/mmc/host/dw_mmc.c
3469 -@@ -99,6 +99,9 @@ struct idmac_desc {
3470 -
3471 - __le32 des3; /* buffer 2 physical address */
3472 - };
3473 -+
3474 -+/* Each descriptor can transfer up to 4KB of data in chained mode */
3475 -+#define DW_MCI_DESC_DATA_LENGTH 0x1000
3476 - #endif /* CONFIG_MMC_DW_IDMAC */
3477 -
3478 - static bool dw_mci_reset(struct dw_mci *host);
3479 -@@ -462,66 +465,96 @@ static void dw_mci_idmac_complete_dma(struct dw_mci *host)
3480 - static void dw_mci_translate_sglist(struct dw_mci *host, struct mmc_data *data,
3481 - unsigned int sg_len)
3482 - {
3483 -+ unsigned int desc_len;
3484 - int i;
3485 - if (host->dma_64bit_address == 1) {
3486 -- struct idmac_desc_64addr *desc = host->sg_cpu;
3487 -+ struct idmac_desc_64addr *desc_first, *desc_last, *desc;
3488 -+
3489 -+ desc_first = desc_last = desc = host->sg_cpu;
3490 -
3491 -- for (i = 0; i < sg_len; i++, desc++) {
3492 -+ for (i = 0; i < sg_len; i++) {
3493 - unsigned int length = sg_dma_len(&data->sg[i]);
3494 - u64 mem_addr = sg_dma_address(&data->sg[i]);
3495 -
3496 -- /*
3497 -- * Set the OWN bit and disable interrupts for this
3498 -- * descriptor
3499 -- */
3500 -- desc->des0 = IDMAC_DES0_OWN | IDMAC_DES0_DIC |
3501 -- IDMAC_DES0_CH;
3502 -- /* Buffer length */
3503 -- IDMAC_64ADDR_SET_BUFFER1_SIZE(desc, length);
3504 --
3505 -- /* Physical address to DMA to/from */
3506 -- desc->des4 = mem_addr & 0xffffffff;
3507 -- desc->des5 = mem_addr >> 32;
3508 -+ for ( ; length ; desc++) {
3509 -+ desc_len = (length <= DW_MCI_DESC_DATA_LENGTH) ?
3510 -+ length : DW_MCI_DESC_DATA_LENGTH;
3511 -+
3512 -+ length -= desc_len;
3513 -+
3514 -+ /*
3515 -+ * Set the OWN bit and disable interrupts
3516 -+ * for this descriptor
3517 -+ */
3518 -+ desc->des0 = IDMAC_DES0_OWN | IDMAC_DES0_DIC |
3519 -+ IDMAC_DES0_CH;
3520 -+
3521 -+ /* Buffer length */
3522 -+ IDMAC_64ADDR_SET_BUFFER1_SIZE(desc, desc_len);
3523 -+
3524 -+ /* Physical address to DMA to/from */
3525 -+ desc->des4 = mem_addr & 0xffffffff;
3526 -+ desc->des5 = mem_addr >> 32;
3527 -+
3528 -+ /* Update physical address for the next desc */
3529 -+ mem_addr += desc_len;
3530 -+
3531 -+ /* Save pointer to the last descriptor */
3532 -+ desc_last = desc;
3533 -+ }
3534 - }
3535 -
3536 - /* Set first descriptor */
3537 -- desc = host->sg_cpu;
3538 -- desc->des0 |= IDMAC_DES0_FD;
3539 -+ desc_first->des0 |= IDMAC_DES0_FD;
3540 -
3541 - /* Set last descriptor */
3542 -- desc = host->sg_cpu + (i - 1) *
3543 -- sizeof(struct idmac_desc_64addr);
3544 -- desc->des0 &= ~(IDMAC_DES0_CH | IDMAC_DES0_DIC);
3545 -- desc->des0 |= IDMAC_DES0_LD;
3546 -+ desc_last->des0 &= ~(IDMAC_DES0_CH | IDMAC_DES0_DIC);
3547 -+ desc_last->des0 |= IDMAC_DES0_LD;
3548 -
3549 - } else {
3550 -- struct idmac_desc *desc = host->sg_cpu;
3551 -+ struct idmac_desc *desc_first, *desc_last, *desc;
3552 -+
3553 -+ desc_first = desc_last = desc = host->sg_cpu;
3554 -
3555 -- for (i = 0; i < sg_len; i++, desc++) {
3556 -+ for (i = 0; i < sg_len; i++) {
3557 - unsigned int length = sg_dma_len(&data->sg[i]);
3558 - u32 mem_addr = sg_dma_address(&data->sg[i]);
3559 -
3560 -- /*
3561 -- * Set the OWN bit and disable interrupts for this
3562 -- * descriptor
3563 -- */
3564 -- desc->des0 = cpu_to_le32(IDMAC_DES0_OWN |
3565 -- IDMAC_DES0_DIC | IDMAC_DES0_CH);
3566 -- /* Buffer length */
3567 -- IDMAC_SET_BUFFER1_SIZE(desc, length);
3568 -+ for ( ; length ; desc++) {
3569 -+ desc_len = (length <= DW_MCI_DESC_DATA_LENGTH) ?
3570 -+ length : DW_MCI_DESC_DATA_LENGTH;
3571 -+
3572 -+ length -= desc_len;
3573 -+
3574 -+ /*
3575 -+ * Set the OWN bit and disable interrupts
3576 -+ * for this descriptor
3577 -+ */
3578 -+ desc->des0 = cpu_to_le32(IDMAC_DES0_OWN |
3579 -+ IDMAC_DES0_DIC |
3580 -+ IDMAC_DES0_CH);
3581 -+
3582 -+ /* Buffer length */
3583 -+ IDMAC_SET_BUFFER1_SIZE(desc, desc_len);
3584 -
3585 -- /* Physical address to DMA to/from */
3586 -- desc->des2 = cpu_to_le32(mem_addr);
3587 -+ /* Physical address to DMA to/from */
3588 -+ desc->des2 = cpu_to_le32(mem_addr);
3589 -+
3590 -+ /* Update physical address for the next desc */
3591 -+ mem_addr += desc_len;
3592 -+
3593 -+ /* Save pointer to the last descriptor */
3594 -+ desc_last = desc;
3595 -+ }
3596 - }
3597 -
3598 - /* Set first descriptor */
3599 -- desc = host->sg_cpu;
3600 -- desc->des0 |= cpu_to_le32(IDMAC_DES0_FD);
3601 -+ desc_first->des0 |= cpu_to_le32(IDMAC_DES0_FD);
3602 -
3603 - /* Set last descriptor */
3604 -- desc = host->sg_cpu + (i - 1) * sizeof(struct idmac_desc);
3605 -- desc->des0 &= cpu_to_le32(~(IDMAC_DES0_CH | IDMAC_DES0_DIC));
3606 -- desc->des0 |= cpu_to_le32(IDMAC_DES0_LD);
3607 -+ desc_last->des0 &= cpu_to_le32(~(IDMAC_DES0_CH |
3608 -+ IDMAC_DES0_DIC));
3609 -+ desc_last->des0 |= cpu_to_le32(IDMAC_DES0_LD);
3610 - }
3611 -
3612 - wmb();
3613 -@@ -2394,7 +2427,7 @@ static int dw_mci_init_slot(struct dw_mci *host, unsigned int id)
3614 - #ifdef CONFIG_MMC_DW_IDMAC
3615 - mmc->max_segs = host->ring_size;
3616 - mmc->max_blk_size = 65536;
3617 -- mmc->max_seg_size = 0x1000;
3618 -+ mmc->max_seg_size = DW_MCI_DESC_DATA_LENGTH;
3619 - mmc->max_req_size = mmc->max_seg_size * host->ring_size;
3620 - mmc->max_blk_count = mmc->max_req_size / 512;
3621 - #else
3622 -diff --git a/drivers/mmc/host/sdhci-pxav3.c b/drivers/mmc/host/sdhci-pxav3.c
3623 -index 946d37f..f5edf9d 100644
3624 ---- a/drivers/mmc/host/sdhci-pxav3.c
3625 -+++ b/drivers/mmc/host/sdhci-pxav3.c
3626 -@@ -135,6 +135,7 @@ static int armada_38x_quirks(struct platform_device *pdev,
3627 - struct sdhci_pxa *pxa = pltfm_host->priv;
3628 - struct resource *res;
3629 -
3630 -+ host->quirks &= ~SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN;
3631 - host->quirks |= SDHCI_QUIRK_MISSING_CAPS;
3632 - res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
3633 - "conf-sdio3");
3634 -@@ -290,6 +291,9 @@ static void pxav3_set_uhs_signaling(struct sdhci_host *host, unsigned int uhs)
3635 - uhs == MMC_TIMING_UHS_DDR50) {
3636 - reg_val &= ~SDIO3_CONF_CLK_INV;
3637 - reg_val |= SDIO3_CONF_SD_FB_CLK;
3638 -+ } else if (uhs == MMC_TIMING_MMC_HS) {
3639 -+ reg_val &= ~SDIO3_CONF_CLK_INV;
3640 -+ reg_val &= ~SDIO3_CONF_SD_FB_CLK;
3641 - } else {
3642 - reg_val |= SDIO3_CONF_CLK_INV;
3643 - reg_val &= ~SDIO3_CONF_SD_FB_CLK;
3644 -@@ -398,7 +402,7 @@ static int sdhci_pxav3_probe(struct platform_device *pdev)
3645 - if (of_device_is_compatible(np, "marvell,armada-380-sdhci")) {
3646 - ret = armada_38x_quirks(pdev, host);
3647 - if (ret < 0)
3648 -- goto err_clk_get;
3649 -+ goto err_mbus_win;
3650 - ret = mv_conf_mbus_windows(pdev, mv_mbus_dram_info());
3651 - if (ret < 0)
3652 - goto err_mbus_win;
3653 -diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
3654 -index 1259cc5..5465fa4 100644
3655 ---- a/drivers/mtd/nand/pxa3xx_nand.c
3656 -+++ b/drivers/mtd/nand/pxa3xx_nand.c
3657 -@@ -1473,6 +1473,9 @@ static int pxa3xx_nand_scan(struct mtd_info *mtd)
3658 - if (pdata->keep_config && !pxa3xx_nand_detect_config(info))
3659 - goto KEEP_CONFIG;
3660 -
3661 -+ /* Set a default chunk size */
3662 -+ info->chunk_size = 512;
3663 -+
3664 - ret = pxa3xx_nand_sensing(info);
3665 - if (ret) {
3666 - dev_info(&info->pdev->dev, "There is no chip on cs %d!\n",
3667 -diff --git a/drivers/mtd/nand/sunxi_nand.c b/drivers/mtd/nand/sunxi_nand.c
3668 -index 6f93b29..499b8e43 100644
3669 ---- a/drivers/mtd/nand/sunxi_nand.c
3670 -+++ b/drivers/mtd/nand/sunxi_nand.c
3671 -@@ -138,6 +138,10 @@
3672 - #define NFC_ECC_MODE GENMASK(15, 12)
3673 - #define NFC_RANDOM_SEED GENMASK(30, 16)
3674 -
3675 -+/* NFC_USER_DATA helper macros */
3676 -+#define NFC_BUF_TO_USER_DATA(buf) ((buf)[0] | ((buf)[1] << 8) | \
3677 -+ ((buf)[2] << 16) | ((buf)[3] << 24))
3678 -+
3679 - #define NFC_DEFAULT_TIMEOUT_MS 1000
3680 -
3681 - #define NFC_SRAM_SIZE 1024
3682 -@@ -632,15 +636,9 @@ static int sunxi_nfc_hw_ecc_write_page(struct mtd_info *mtd,
3683 - offset = layout->eccpos[i * ecc->bytes] - 4 + mtd->writesize;
3684 -
3685 - /* Fill OOB data in */
3686 -- if (oob_required) {
3687 -- tmp = 0xffffffff;
3688 -- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, &tmp,
3689 -- 4);
3690 -- } else {
3691 -- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE,
3692 -- chip->oob_poi + offset - mtd->writesize,
3693 -- 4);
3694 -- }
3695 -+ writel(NFC_BUF_TO_USER_DATA(chip->oob_poi +
3696 -+ layout->oobfree[i].offset),
3697 -+ nfc->regs + NFC_REG_USER_DATA_BASE);
3698 -
3699 - chip->cmdfunc(mtd, NAND_CMD_RNDIN, offset, -1);
3700 -
3701 -@@ -770,14 +768,8 @@ static int sunxi_nfc_hw_syndrome_ecc_write_page(struct mtd_info *mtd,
3702 - offset += ecc->size;
3703 -
3704 - /* Fill OOB data in */
3705 -- if (oob_required) {
3706 -- tmp = 0xffffffff;
3707 -- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, &tmp,
3708 -- 4);
3709 -- } else {
3710 -- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, oob,
3711 -- 4);
3712 -- }
3713 -+ writel(NFC_BUF_TO_USER_DATA(oob),
3714 -+ nfc->regs + NFC_REG_USER_DATA_BASE);
3715 -
3716 - tmp = NFC_DATA_TRANS | NFC_DATA_SWAP_METHOD | NFC_ACCESS_DIR |
3717 - (1 << 30);
3718 -@@ -1312,6 +1304,7 @@ static void sunxi_nand_chips_cleanup(struct sunxi_nfc *nfc)
3719 - node);
3720 - nand_release(&chip->mtd);
3721 - sunxi_nand_ecc_cleanup(&chip->nand.ecc);
3722 -+ list_del(&chip->node);
3723 - }
3724 - }
3725 -
3726 -diff --git a/drivers/mtd/ubi/io.c b/drivers/mtd/ubi/io.c
3727 -index 5bbd1f0..1fc23e4 100644
3728 ---- a/drivers/mtd/ubi/io.c
3729 -+++ b/drivers/mtd/ubi/io.c
3730 -@@ -926,6 +926,11 @@ static int validate_vid_hdr(const struct ubi_device *ubi,
3731 - goto bad;
3732 - }
3733 -
3734 -+ if (data_size > ubi->leb_size) {
3735 -+ ubi_err(ubi, "bad data_size");
3736 -+ goto bad;
3737 -+ }
3738 -+
3739 - if (vol_type == UBI_VID_STATIC) {
3740 - /*
3741 - * Although from high-level point of view static volumes may
3742 -diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c
3743 -index 80bdd5b..d85c197 100644
3744 ---- a/drivers/mtd/ubi/vtbl.c
3745 -+++ b/drivers/mtd/ubi/vtbl.c
3746 -@@ -649,6 +649,7 @@ static int init_volumes(struct ubi_device *ubi,
3747 - if (ubi->corr_peb_count)
3748 - ubi_err(ubi, "%d PEBs are corrupted and not used",
3749 - ubi->corr_peb_count);
3750 -+ return -ENOSPC;
3751 - }
3752 - ubi->rsvd_pebs += reserved_pebs;
3753 - ubi->avail_pebs -= reserved_pebs;
3754 -diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
3755 -index 275d9fb..eb4489f9 100644
3756 ---- a/drivers/mtd/ubi/wl.c
3757 -+++ b/drivers/mtd/ubi/wl.c
3758 -@@ -1601,6 +1601,7 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
3759 - if (ubi->corr_peb_count)
3760 - ubi_err(ubi, "%d PEBs are corrupted and not used",
3761 - ubi->corr_peb_count);
3762 -+ err = -ENOSPC;
3763 - goto out_free;
3764 - }
3765 - ubi->avail_pebs -= reserved_pebs;
3766 -diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
3767 -index 89d788d..adfe1de 100644
3768 ---- a/drivers/net/ethernet/intel/e1000e/netdev.c
3769 -+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
3770 -@@ -4280,18 +4280,29 @@ static cycle_t e1000e_cyclecounter_read(const struct cyclecounter *cc)
3771 - struct e1000_adapter *adapter = container_of(cc, struct e1000_adapter,
3772 - cc);
3773 - struct e1000_hw *hw = &adapter->hw;
3774 -+ u32 systimel_1, systimel_2, systimeh;
3775 - cycle_t systim, systim_next;
3776 -- /* SYSTIMH latching upon SYSTIML read does not work well. To fix that
3777 -- * we don't want to allow overflow of SYSTIML and a change to SYSTIMH
3778 -- * to occur between reads, so if we read a vale close to overflow, we
3779 -- * wait for overflow to occur and read both registers when its safe.
3780 -+ /* SYSTIMH latching upon SYSTIML read does not work well.
3781 -+ * This means that if SYSTIML overflows after we read it but before
3782 -+ * we read SYSTIMH, the value of SYSTIMH has been incremented and we
3783 -+ * will experience a huge non linear increment in the systime value
3784 -+ * to fix that we test for overflow and if true, we re-read systime.
3785 - */
3786 -- u32 systim_overflow_latch_fix = 0x3FFFFFFF;
3787 --
3788 -- do {
3789 -- systim = (cycle_t)er32(SYSTIML);
3790 -- } while (systim > systim_overflow_latch_fix);
3791 -- systim |= (cycle_t)er32(SYSTIMH) << 32;
3792 -+ systimel_1 = er32(SYSTIML);
3793 -+ systimeh = er32(SYSTIMH);
3794 -+ systimel_2 = er32(SYSTIML);
3795 -+ /* Check for overflow. If there was no overflow, use the values */
3796 -+ if (systimel_1 < systimel_2) {
3797 -+ systim = (cycle_t)systimel_1;
3798 -+ systim |= (cycle_t)systimeh << 32;
3799 -+ } else {
3800 -+ /* There was an overflow, read again SYSTIMH, and use
3801 -+ * systimel_2
3802 -+ */
3803 -+ systimeh = er32(SYSTIMH);
3804 -+ systim = (cycle_t)systimel_2;
3805 -+ systim |= (cycle_t)systimeh << 32;
3806 -+ }
3807 -
3808 - if ((hw->mac.type == e1000_82574) || (hw->mac.type == e1000_82583)) {
3809 - u64 incvalue, time_delta, rem, temp;
3810 -diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
3811 -index 8d7b596..5bc9fca 100644
3812 ---- a/drivers/net/ethernet/intel/igb/igb_main.c
3813 -+++ b/drivers/net/ethernet/intel/igb/igb_main.c
3814 -@@ -2851,7 +2851,7 @@ static void igb_probe_vfs(struct igb_adapter *adapter)
3815 - return;
3816 -
3817 - pci_sriov_set_totalvfs(pdev, 7);
3818 -- igb_pci_enable_sriov(pdev, max_vfs);
3819 -+ igb_enable_sriov(pdev, max_vfs);
3820 -
3821 - #endif /* CONFIG_PCI_IOV */
3822 - }
3823 -diff --git a/drivers/net/ethernet/via/Kconfig b/drivers/net/ethernet/via/Kconfig
3824 -index 2f1264b..d3d0947 100644
3825 ---- a/drivers/net/ethernet/via/Kconfig
3826 -+++ b/drivers/net/ethernet/via/Kconfig
3827 -@@ -17,7 +17,7 @@ if NET_VENDOR_VIA
3828 -
3829 - config VIA_RHINE
3830 - tristate "VIA Rhine support"
3831 -- depends on (PCI || OF_IRQ)
3832 -+ depends on PCI || (OF_IRQ && GENERIC_PCI_IOMAP)
3833 - depends on HAS_DMA
3834 - select CRC32
3835 - select MII
3836 -diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c
3837 -index 85bfa2a..32d9ff1 100644
3838 ---- a/drivers/net/wireless/ath/ath10k/htc.c
3839 -+++ b/drivers/net/wireless/ath/ath10k/htc.c
3840 -@@ -145,8 +145,10 @@ int ath10k_htc_send(struct ath10k_htc *htc,
3841 - skb_cb->eid = eid;
3842 - skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE);
3843 - ret = dma_mapping_error(dev, skb_cb->paddr);
3844 -- if (ret)
3845 -+ if (ret) {
3846 -+ ret = -EIO;
3847 - goto err_credits;
3848 -+ }
3849 -
3850 - sg_item.transfer_id = ep->eid;
3851 - sg_item.transfer_context = skb;
3852 -diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c
3853 -index a60ef7d..7be3ce6 100644
3854 ---- a/drivers/net/wireless/ath/ath10k/htt_tx.c
3855 -+++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
3856 -@@ -371,8 +371,10 @@ int ath10k_htt_mgmt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
3857 - skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
3858 - DMA_TO_DEVICE);
3859 - res = dma_mapping_error(dev, skb_cb->paddr);
3860 -- if (res)
3861 -+ if (res) {
3862 -+ res = -EIO;
3863 - goto err_free_txdesc;
3864 -+ }
3865 -
3866 - skb_put(txdesc, len);
3867 - cmd = (struct htt_cmd *)txdesc->data;
3868 -@@ -456,8 +458,10 @@ int ath10k_htt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
3869 - skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
3870 - DMA_TO_DEVICE);
3871 - res = dma_mapping_error(dev, skb_cb->paddr);
3872 -- if (res)
3873 -+ if (res) {
3874 -+ res = -EIO;
3875 - goto err_free_txbuf;
3876 -+ }
3877 -
3878 - switch (skb_cb->txmode) {
3879 - case ATH10K_HW_TXRX_RAW:
3880 -diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
3881 -index 218b6af..0d3c474 100644
3882 ---- a/drivers/net/wireless/ath/ath10k/mac.c
3883 -+++ b/drivers/net/wireless/ath/ath10k/mac.c
3884 -@@ -591,11 +591,19 @@ ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
3885 - static int ath10k_peer_create(struct ath10k *ar, u32 vdev_id, const u8 *addr,
3886 - enum wmi_peer_type peer_type)
3887 - {
3888 -+ struct ath10k_vif *arvif;
3889 -+ int num_peers = 0;
3890 - int ret;
3891 -
3892 - lockdep_assert_held(&ar->conf_mutex);
3893 -
3894 -- if (ar->num_peers >= ar->max_num_peers)
3895 -+ num_peers = ar->num_peers;
3896 -+
3897 -+ /* Each vdev consumes a peer entry as well */
3898 -+ list_for_each_entry(arvif, &ar->arvifs, list)
3899 -+ num_peers++;
3900 -+
3901 -+ if (num_peers >= ar->max_num_peers)
3902 - return -ENOBUFS;
3903 -
3904 - ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
3905 -@@ -2995,6 +3003,8 @@ void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3906 - IEEE80211_IFACE_ITER_RESUME_ALL,
3907 - ath10k_mac_tx_unlock_iter,
3908 - ar);
3909 -+
3910 -+ ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3911 - }
3912 -
3913 - void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3914 -@@ -3034,38 +3044,16 @@ static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3915 -
3916 - lockdep_assert_held(&ar->htt.tx_lock);
3917 -
3918 -- switch (pause_id) {
3919 -- case WMI_TLV_TX_PAUSE_ID_MCC:
3920 -- case WMI_TLV_TX_PAUSE_ID_P2P_CLI_NOA:
3921 -- case WMI_TLV_TX_PAUSE_ID_P2P_GO_PS:
3922 -- case WMI_TLV_TX_PAUSE_ID_AP_PS:
3923 -- case WMI_TLV_TX_PAUSE_ID_IBSS_PS:
3924 -- switch (action) {
3925 -- case WMI_TLV_TX_PAUSE_ACTION_STOP:
3926 -- ath10k_mac_vif_tx_lock(arvif, pause_id);
3927 -- break;
3928 -- case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3929 -- ath10k_mac_vif_tx_unlock(arvif, pause_id);
3930 -- break;
3931 -- default:
3932 -- ath10k_warn(ar, "received unknown tx pause action %d on vdev %i, ignoring\n",
3933 -- action, arvif->vdev_id);
3934 -- break;
3935 -- }
3936 -+ switch (action) {
3937 -+ case WMI_TLV_TX_PAUSE_ACTION_STOP:
3938 -+ ath10k_mac_vif_tx_lock(arvif, pause_id);
3939 -+ break;
3940 -+ case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3941 -+ ath10k_mac_vif_tx_unlock(arvif, pause_id);
3942 - break;
3943 -- case WMI_TLV_TX_PAUSE_ID_AP_PEER_PS:
3944 -- case WMI_TLV_TX_PAUSE_ID_AP_PEER_UAPSD:
3945 -- case WMI_TLV_TX_PAUSE_ID_STA_ADD_BA:
3946 -- case WMI_TLV_TX_PAUSE_ID_HOST:
3947 - default:
3948 -- /* FIXME: Some pause_ids aren't vdev specific. Instead they
3949 -- * target peer_id and tid. Implementing these could improve
3950 -- * traffic scheduling fairness across multiple connected
3951 -- * stations in AP/IBSS modes.
3952 -- */
3953 -- ath10k_dbg(ar, ATH10K_DBG_MAC,
3954 -- "mac ignoring unsupported tx pause vdev %i id %d\n",
3955 -- arvif->vdev_id, pause_id);
3956 -+ ath10k_warn(ar, "received unknown tx pause action %d on vdev %i, ignoring\n",
3957 -+ action, arvif->vdev_id);
3958 - break;
3959 - }
3960 - }
3961 -@@ -3082,12 +3070,15 @@ static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3962 - struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
3963 - struct ath10k_mac_tx_pause *arg = data;
3964 -
3965 -+ if (arvif->vdev_id != arg->vdev_id)
3966 -+ return;
3967 -+
3968 - ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3969 - }
3970 -
3971 --void ath10k_mac_handle_tx_pause(struct ath10k *ar, u32 vdev_id,
3972 -- enum wmi_tlv_tx_pause_id pause_id,
3973 -- enum wmi_tlv_tx_pause_action action)
3974 -+void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3975 -+ enum wmi_tlv_tx_pause_id pause_id,
3976 -+ enum wmi_tlv_tx_pause_action action)
3977 - {
3978 - struct ath10k_mac_tx_pause arg = {
3979 - .vdev_id = vdev_id,
3980 -@@ -4080,6 +4071,11 @@ static int ath10k_add_interface(struct ieee80211_hw *hw,
3981 - sizeof(arvif->bitrate_mask.control[i].vht_mcs));
3982 - }
3983 -
3984 -+ if (ar->num_peers >= ar->max_num_peers) {
3985 -+ ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
3986 -+ return -ENOBUFS;
3987 -+ }
3988 -+
3989 - if (ar->free_vdev_map == 0) {
3990 - ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
3991 - ret = -EBUSY;
3992 -@@ -4287,6 +4283,11 @@ static int ath10k_add_interface(struct ieee80211_hw *hw,
3993 - }
3994 - }
3995 -
3996 -+ spin_lock_bh(&ar->htt.tx_lock);
3997 -+ if (!ar->tx_paused)
3998 -+ ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3999 -+ spin_unlock_bh(&ar->htt.tx_lock);
4000 -+
4001 - mutex_unlock(&ar->conf_mutex);
4002 - return 0;
4003 -
4004 -@@ -5561,6 +5562,21 @@ static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
4005 - return ret;
4006 - }
4007 -
4008 -+static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
4009 -+{
4010 -+ /* Even though there's a WMI enum for fragmentation threshold no known
4011 -+ * firmware actually implements it. Moreover it is not possible to rely
4012 -+ * frame fragmentation to mac80211 because firmware clears the "more
4013 -+ * fragments" bit in frame control making it impossible for remote
4014 -+ * devices to reassemble frames.
4015 -+ *
4016 -+ * Hence implement a dummy callback just to say fragmentation isn't
4017 -+ * supported. This effectively prevents mac80211 from doing frame
4018 -+ * fragmentation in software.
4019 -+ */
4020 -+ return -EOPNOTSUPP;
4021 -+}
4022 -+
4023 - static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
4024 - u32 queues, bool drop)
4025 - {
4026 -@@ -6395,6 +6411,7 @@ static const struct ieee80211_ops ath10k_ops = {
4027 - .remain_on_channel = ath10k_remain_on_channel,
4028 - .cancel_remain_on_channel = ath10k_cancel_remain_on_channel,
4029 - .set_rts_threshold = ath10k_set_rts_threshold,
4030 -+ .set_frag_threshold = ath10k_mac_op_set_frag_threshold,
4031 - .flush = ath10k_flush,
4032 - .tx_last_beacon = ath10k_tx_last_beacon,
4033 - .set_antenna = ath10k_set_antenna,
4034 -diff --git a/drivers/net/wireless/ath/ath10k/mac.h b/drivers/net/wireless/ath/ath10k/mac.h
4035 -index b291f06..e3cefe4 100644
4036 ---- a/drivers/net/wireless/ath/ath10k/mac.h
4037 -+++ b/drivers/net/wireless/ath/ath10k/mac.h
4038 -@@ -61,9 +61,9 @@ int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
4039 -
4040 - void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb);
4041 - void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id);
4042 --void ath10k_mac_handle_tx_pause(struct ath10k *ar, u32 vdev_id,
4043 -- enum wmi_tlv_tx_pause_id pause_id,
4044 -- enum wmi_tlv_tx_pause_action action);
4045 -+void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
4046 -+ enum wmi_tlv_tx_pause_id pause_id,
4047 -+ enum wmi_tlv_tx_pause_action action);
4048 -
4049 - u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
4050 - u8 hw_rate);
4051 -diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c
4052 -index ea656e0..8c5cc1f 100644
4053 ---- a/drivers/net/wireless/ath/ath10k/pci.c
4054 -+++ b/drivers/net/wireless/ath/ath10k/pci.c
4055 -@@ -1546,8 +1546,10 @@ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar,
4056 -
4057 - req_paddr = dma_map_single(ar->dev, treq, req_len, DMA_TO_DEVICE);
4058 - ret = dma_mapping_error(ar->dev, req_paddr);
4059 -- if (ret)
4060 -+ if (ret) {
4061 -+ ret = -EIO;
4062 - goto err_dma;
4063 -+ }
4064 -
4065 - if (resp && resp_len) {
4066 - tresp = kzalloc(*resp_len, GFP_KERNEL);
4067 -@@ -1559,8 +1561,10 @@ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar,
4068 - resp_paddr = dma_map_single(ar->dev, tresp, *resp_len,
4069 - DMA_FROM_DEVICE);
4070 - ret = dma_mapping_error(ar->dev, resp_paddr);
4071 -- if (ret)
4072 -+ if (ret) {
4073 -+ ret = EIO;
4074 - goto err_req;
4075 -+ }
4076 -
4077 - xfer.wait_for_resp = true;
4078 - xfer.resp_len = 0;
4079 -diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
4080 -index 8fdba386..6f477e8 100644
4081 ---- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
4082 -+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
4083 -@@ -377,12 +377,34 @@ static int ath10k_wmi_tlv_event_tx_pause(struct ath10k *ar,
4084 - "wmi tlv tx pause pause_id %u action %u vdev_map 0x%08x peer_id %u tid_map 0x%08x\n",
4085 - pause_id, action, vdev_map, peer_id, tid_map);
4086 -
4087 -- for (vdev_id = 0; vdev_map; vdev_id++) {
4088 -- if (!(vdev_map & BIT(vdev_id)))
4089 -- continue;
4090 --
4091 -- vdev_map &= ~BIT(vdev_id);
4092 -- ath10k_mac_handle_tx_pause(ar, vdev_id, pause_id, action);
4093 -+ switch (pause_id) {
4094 -+ case WMI_TLV_TX_PAUSE_ID_MCC:
4095 -+ case WMI_TLV_TX_PAUSE_ID_P2P_CLI_NOA:
4096 -+ case WMI_TLV_TX_PAUSE_ID_P2P_GO_PS:
4097 -+ case WMI_TLV_TX_PAUSE_ID_AP_PS:
4098 -+ case WMI_TLV_TX_PAUSE_ID_IBSS_PS:
4099 -+ for (vdev_id = 0; vdev_map; vdev_id++) {
4100 -+ if (!(vdev_map & BIT(vdev_id)))
4101 -+ continue;
4102 -+
4103 -+ vdev_map &= ~BIT(vdev_id);
4104 -+ ath10k_mac_handle_tx_pause_vdev(ar, vdev_id, pause_id,
4105 -+ action);
4106 -+ }
4107 -+ break;
4108 -+ case WMI_TLV_TX_PAUSE_ID_AP_PEER_PS:
4109 -+ case WMI_TLV_TX_PAUSE_ID_AP_PEER_UAPSD:
4110 -+ case WMI_TLV_TX_PAUSE_ID_STA_ADD_BA:
4111 -+ case WMI_TLV_TX_PAUSE_ID_HOST:
4112 -+ ath10k_dbg(ar, ATH10K_DBG_MAC,
4113 -+ "mac ignoring unsupported tx pause id %d\n",
4114 -+ pause_id);
4115 -+ break;
4116 -+ default:
4117 -+ ath10k_dbg(ar, ATH10K_DBG_MAC,
4118 -+ "mac ignoring unknown tx pause vdev %d\n",
4119 -+ pause_id);
4120 -+ break;
4121 - }
4122 -
4123 - kfree(tb);
4124 -diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c
4125 -index 6c046c2..8dd84c1 100644
4126 ---- a/drivers/net/wireless/ath/ath10k/wmi.c
4127 -+++ b/drivers/net/wireless/ath/ath10k/wmi.c
4128 -@@ -2391,6 +2391,7 @@ void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb)
4129 - ath10k_warn(ar, "failed to map beacon: %d\n",
4130 - ret);
4131 - dev_kfree_skb_any(bcn);
4132 -+ ret = -EIO;
4133 - goto skip;
4134 - }
4135 -
4136 -diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
4137 -index 1c6788a..40d7231 100644
4138 ---- a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
4139 -+++ b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c
4140 -@@ -203,8 +203,10 @@ static int rsi_load_ta_instructions(struct rsi_common *common)
4141 -
4142 - /* Copy firmware into DMA-accessible memory */
4143 - fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
4144 -- if (!fw)
4145 -- return -ENOMEM;
4146 -+ if (!fw) {
4147 -+ status = -ENOMEM;
4148 -+ goto out;
4149 -+ }
4150 - len = fw_entry->size;
4151 -
4152 - if (len % 4)
4153 -@@ -217,6 +219,8 @@ static int rsi_load_ta_instructions(struct rsi_common *common)
4154 -
4155 - status = rsi_copy_to_card(common, fw, len, num_blocks);
4156 - kfree(fw);
4157 -+
4158 -+out:
4159 - release_firmware(fw_entry);
4160 - return status;
4161 - }
4162 -diff --git a/drivers/net/wireless/rsi/rsi_91x_usb_ops.c b/drivers/net/wireless/rsi/rsi_91x_usb_ops.c
4163 -index 30c2cf7..de49008 100644
4164 ---- a/drivers/net/wireless/rsi/rsi_91x_usb_ops.c
4165 -+++ b/drivers/net/wireless/rsi/rsi_91x_usb_ops.c
4166 -@@ -148,8 +148,10 @@ static int rsi_load_ta_instructions(struct rsi_common *common)
4167 -
4168 - /* Copy firmware into DMA-accessible memory */
4169 - fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
4170 -- if (!fw)
4171 -- return -ENOMEM;
4172 -+ if (!fw) {
4173 -+ status = -ENOMEM;
4174 -+ goto out;
4175 -+ }
4176 - len = fw_entry->size;
4177 -
4178 - if (len % 4)
4179 -@@ -162,6 +164,8 @@ static int rsi_load_ta_instructions(struct rsi_common *common)
4180 -
4181 - status = rsi_copy_to_card(common, fw, len, num_blocks);
4182 - kfree(fw);
4183 -+
4184 -+out:
4185 - release_firmware(fw_entry);
4186 - return status;
4187 - }
4188 -diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
4189 -index f948c46..5ff0cfd 100644
4190 ---- a/drivers/net/xen-netfront.c
4191 -+++ b/drivers/net/xen-netfront.c
4192 -@@ -1348,7 +1348,8 @@ static void xennet_disconnect_backend(struct netfront_info *info)
4193 - queue->tx_evtchn = queue->rx_evtchn = 0;
4194 - queue->tx_irq = queue->rx_irq = 0;
4195 -
4196 -- napi_synchronize(&queue->napi);
4197 -+ if (netif_running(info->netdev))
4198 -+ napi_synchronize(&queue->napi);
4199 -
4200 - xennet_release_tx_bufs(queue);
4201 - xennet_release_rx_bufs(queue);
4202 -diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c
4203 -index ade9eb9..b796d1b 100644
4204 ---- a/drivers/nvdimm/pmem.c
4205 -+++ b/drivers/nvdimm/pmem.c
4206 -@@ -86,6 +86,8 @@ static int pmem_rw_page(struct block_device *bdev, sector_t sector,
4207 - struct pmem_device *pmem = bdev->bd_disk->private_data;
4208 -
4209 - pmem_do_bvec(pmem, page, PAGE_CACHE_SIZE, 0, rw, sector);
4210 -+ if (rw & WRITE)
4211 -+ wmb_pmem();
4212 - page_endio(page, rw & WRITE, 0);
4213 -
4214 - return 0;
4215 -diff --git a/drivers/pci/access.c b/drivers/pci/access.c
4216 -index b965c12..502a82c 100644
4217 ---- a/drivers/pci/access.c
4218 -+++ b/drivers/pci/access.c
4219 -@@ -442,7 +442,8 @@ static const struct pci_vpd_ops pci_vpd_pci22_ops = {
4220 - static ssize_t pci_vpd_f0_read(struct pci_dev *dev, loff_t pos, size_t count,
4221 - void *arg)
4222 - {
4223 -- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn));
4224 -+ struct pci_dev *tdev = pci_get_slot(dev->bus,
4225 -+ PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
4226 - ssize_t ret;
4227 -
4228 - if (!tdev)
4229 -@@ -456,7 +457,8 @@ static ssize_t pci_vpd_f0_read(struct pci_dev *dev, loff_t pos, size_t count,
4230 - static ssize_t pci_vpd_f0_write(struct pci_dev *dev, loff_t pos, size_t count,
4231 - const void *arg)
4232 - {
4233 -- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn));
4234 -+ struct pci_dev *tdev = pci_get_slot(dev->bus,
4235 -+ PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
4236 - ssize_t ret;
4237 -
4238 - if (!tdev)
4239 -@@ -473,22 +475,6 @@ static const struct pci_vpd_ops pci_vpd_f0_ops = {
4240 - .release = pci_vpd_pci22_release,
4241 - };
4242 -
4243 --static int pci_vpd_f0_dev_check(struct pci_dev *dev)
4244 --{
4245 -- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn));
4246 -- int ret = 0;
4247 --
4248 -- if (!tdev)
4249 -- return -ENODEV;
4250 -- if (!tdev->vpd || !tdev->multifunction ||
4251 -- dev->class != tdev->class || dev->vendor != tdev->vendor ||
4252 -- dev->device != tdev->device)
4253 -- ret = -ENODEV;
4254 --
4255 -- pci_dev_put(tdev);
4256 -- return ret;
4257 --}
4258 --
4259 - int pci_vpd_pci22_init(struct pci_dev *dev)
4260 - {
4261 - struct pci_vpd_pci22 *vpd;
4262 -@@ -497,12 +483,7 @@ int pci_vpd_pci22_init(struct pci_dev *dev)
4263 - cap = pci_find_capability(dev, PCI_CAP_ID_VPD);
4264 - if (!cap)
4265 - return -ENODEV;
4266 -- if (dev->dev_flags & PCI_DEV_FLAGS_VPD_REF_F0) {
4267 -- int ret = pci_vpd_f0_dev_check(dev);
4268 -
4269 -- if (ret)
4270 -- return ret;
4271 -- }
4272 - vpd = kzalloc(sizeof(*vpd), GFP_ATOMIC);
4273 - if (!vpd)
4274 - return -ENOMEM;
4275 -diff --git a/drivers/pci/bus.c b/drivers/pci/bus.c
4276 -index 6fbd3f2..d3346d2 100644
4277 ---- a/drivers/pci/bus.c
4278 -+++ b/drivers/pci/bus.c
4279 -@@ -256,6 +256,8 @@ bool pci_bus_clip_resource(struct pci_dev *dev, int idx)
4280 -
4281 - res->start = start;
4282 - res->end = end;
4283 -+ res->flags &= ~IORESOURCE_UNSET;
4284 -+ orig_res.flags &= ~IORESOURCE_UNSET;
4285 - dev_printk(KERN_DEBUG, &dev->dev, "%pR clipped to %pR\n",
4286 - &orig_res, res);
4287 -
4288 -diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
4289 -index dbd1385..6b1c6a9 100644
4290 ---- a/drivers/pci/quirks.c
4291 -+++ b/drivers/pci/quirks.c
4292 -@@ -1906,11 +1906,27 @@ static void quirk_netmos(struct pci_dev *dev)
4293 - DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NETMOS, PCI_ANY_ID,
4294 - PCI_CLASS_COMMUNICATION_SERIAL, 8, quirk_netmos);
4295 -
4296 -+/*
4297 -+ * Quirk non-zero PCI functions to route VPD access through function 0 for
4298 -+ * devices that share VPD resources between functions. The functions are
4299 -+ * expected to be identical devices.
4300 -+ */
4301 - static void quirk_f0_vpd_link(struct pci_dev *dev)
4302 - {
4303 -- if (!dev->multifunction || !PCI_FUNC(dev->devfn))
4304 -+ struct pci_dev *f0;
4305 -+
4306 -+ if (!PCI_FUNC(dev->devfn))
4307 - return;
4308 -- dev->dev_flags |= PCI_DEV_FLAGS_VPD_REF_F0;
4309 -+
4310 -+ f0 = pci_get_slot(dev->bus, PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
4311 -+ if (!f0)
4312 -+ return;
4313 -+
4314 -+ if (f0->vpd && dev->class == f0->class &&
4315 -+ dev->vendor == f0->vendor && dev->device == f0->device)
4316 -+ dev->dev_flags |= PCI_DEV_FLAGS_VPD_REF_F0;
4317 -+
4318 -+ pci_dev_put(f0);
4319 - }
4320 - DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_INTEL, PCI_ANY_ID,
4321 - PCI_CLASS_NETWORK_ETHERNET, 8, quirk_f0_vpd_link);
4322 -diff --git a/drivers/pcmcia/sa1100_generic.c b/drivers/pcmcia/sa1100_generic.c
4323 -index 8039452..42861cc 100644
4324 ---- a/drivers/pcmcia/sa1100_generic.c
4325 -+++ b/drivers/pcmcia/sa1100_generic.c
4326 -@@ -93,7 +93,6 @@ static int sa11x0_drv_pcmcia_remove(struct platform_device *dev)
4327 - for (i = 0; i < sinfo->nskt; i++)
4328 - soc_pcmcia_remove_one(&sinfo->skt[i]);
4329 -
4330 -- clk_put(sinfo->clk);
4331 - kfree(sinfo);
4332 - return 0;
4333 - }
4334 -diff --git a/drivers/pcmcia/sa11xx_base.c b/drivers/pcmcia/sa11xx_base.c
4335 -index cf6de2c..553d70a 100644
4336 ---- a/drivers/pcmcia/sa11xx_base.c
4337 -+++ b/drivers/pcmcia/sa11xx_base.c
4338 -@@ -222,7 +222,7 @@ int sa11xx_drv_pcmcia_probe(struct device *dev, struct pcmcia_low_level *ops,
4339 - int i, ret = 0;
4340 - struct clk *clk;
4341 -
4342 -- clk = clk_get(dev, NULL);
4343 -+ clk = devm_clk_get(dev, NULL);
4344 - if (IS_ERR(clk))
4345 - return PTR_ERR(clk);
4346 -
4347 -@@ -251,7 +251,6 @@ int sa11xx_drv_pcmcia_probe(struct device *dev, struct pcmcia_low_level *ops,
4348 - if (ret) {
4349 - while (--i >= 0)
4350 - soc_pcmcia_remove_one(&sinfo->skt[i]);
4351 -- clk_put(clk);
4352 - kfree(sinfo);
4353 - } else {
4354 - dev_set_drvdata(dev, sinfo);
4355 -diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c
4356 -index 3ad7b1f..6f4f310 100644
4357 ---- a/drivers/platform/x86/toshiba_acpi.c
4358 -+++ b/drivers/platform/x86/toshiba_acpi.c
4359 -@@ -2408,11 +2408,9 @@ static int toshiba_acpi_setup_keyboard(struct toshiba_acpi_dev *dev)
4360 - if (error)
4361 - return error;
4362 -
4363 -- error = toshiba_hotkey_event_type_get(dev, &events_type);
4364 -- if (error) {
4365 -- pr_err("Unable to query Hotkey Event Type\n");
4366 -- return error;
4367 -- }
4368 -+ if (toshiba_hotkey_event_type_get(dev, &events_type))
4369 -+ pr_notice("Unable to query Hotkey Event Type\n");
4370 -+
4371 - dev->hotkey_event_type = events_type;
4372 -
4373 - dev->hotkey_dev = input_allocate_device();
4374 -diff --git a/drivers/power/avs/Kconfig b/drivers/power/avs/Kconfig
4375 -index 7f3d389..a67eeac 100644
4376 ---- a/drivers/power/avs/Kconfig
4377 -+++ b/drivers/power/avs/Kconfig
4378 -@@ -13,7 +13,7 @@ menuconfig POWER_AVS
4379 -
4380 - config ROCKCHIP_IODOMAIN
4381 - tristate "Rockchip IO domain support"
4382 -- depends on ARCH_ROCKCHIP && OF
4383 -+ depends on POWER_AVS && ARCH_ROCKCHIP && OF
4384 - help
4385 - Say y here to enable support io domains on Rockchip SoCs. It is
4386 - necessary for the io domain setting of the SoC to match the
4387 -diff --git a/drivers/regulator/axp20x-regulator.c b/drivers/regulator/axp20x-regulator.c
4388 -index 6468291..1dea0e8 100644
4389 ---- a/drivers/regulator/axp20x-regulator.c
4390 -+++ b/drivers/regulator/axp20x-regulator.c
4391 -@@ -192,9 +192,9 @@ static const struct regulator_desc axp22x_regulators[] = {
4392 - AXP_DESC(AXP22X, DCDC3, "dcdc3", "vin3", 600, 1860, 20,
4393 - AXP22X_DCDC3_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(3)),
4394 - AXP_DESC(AXP22X, DCDC4, "dcdc4", "vin4", 600, 1540, 20,
4395 -- AXP22X_DCDC4_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(3)),
4396 -+ AXP22X_DCDC4_V_OUT, 0x3f, AXP22X_PWR_OUT_CTRL1, BIT(4)),
4397 - AXP_DESC(AXP22X, DCDC5, "dcdc5", "vin5", 1000, 2550, 50,
4398 -- AXP22X_DCDC5_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL1, BIT(4)),
4399 -+ AXP22X_DCDC5_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL1, BIT(5)),
4400 - /* secondary switchable output of DCDC1 */
4401 - AXP_DESC_SW(AXP22X, DC1SW, "dc1sw", "dcdc1", 1600, 3400, 100,
4402 - AXP22X_DCDC1_V_OUT, 0x1f, AXP22X_PWR_OUT_CTRL2, BIT(7)),
4403 -diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
4404 -index 78387a6..5081533 100644
4405 ---- a/drivers/regulator/core.c
4406 -+++ b/drivers/regulator/core.c
4407 -@@ -1376,15 +1376,19 @@ static int regulator_resolve_supply(struct regulator_dev *rdev)
4408 - return 0;
4409 -
4410 - r = regulator_dev_lookup(dev, rdev->supply_name, &ret);
4411 -- if (ret == -ENODEV) {
4412 -- /*
4413 -- * No supply was specified for this regulator and
4414 -- * there will never be one.
4415 -- */
4416 -- return 0;
4417 -- }
4418 --
4419 - if (!r) {
4420 -+ if (ret == -ENODEV) {
4421 -+ /*
4422 -+ * No supply was specified for this regulator and
4423 -+ * there will never be one.
4424 -+ */
4425 -+ return 0;
4426 -+ }
4427 -+
4428 -+ /* Did the lookup explicitly defer for us? */
4429 -+ if (ret == -EPROBE_DEFER)
4430 -+ return ret;
4431 -+
4432 - if (have_full_constraints()) {
4433 - r = dummy_regulator_rdev;
4434 - } else {
4435 -diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
4436 -index add419d..a56a7b2 100644
4437 ---- a/drivers/scsi/3w-9xxx.c
4438 -+++ b/drivers/scsi/3w-9xxx.c
4439 -@@ -212,6 +212,17 @@ static const struct file_operations twa_fops = {
4440 - .llseek = noop_llseek,
4441 - };
4442 -
4443 -+/*
4444 -+ * The controllers use an inline buffer instead of a mapped SGL for small,
4445 -+ * single entry buffers. Note that we treat a zero-length transfer like
4446 -+ * a mapped SGL.
4447 -+ */
4448 -+static bool twa_command_mapped(struct scsi_cmnd *cmd)
4449 -+{
4450 -+ return scsi_sg_count(cmd) != 1 ||
4451 -+ scsi_bufflen(cmd) >= TW_MIN_SGL_LENGTH;
4452 -+}
4453 -+
4454 - /* This function will complete an aen request from the isr */
4455 - static int twa_aen_complete(TW_Device_Extension *tw_dev, int request_id)
4456 - {
4457 -@@ -1339,7 +1350,8 @@ static irqreturn_t twa_interrupt(int irq, void *dev_instance)
4458 - }
4459 -
4460 - /* Now complete the io */
4461 -- scsi_dma_unmap(cmd);
4462 -+ if (twa_command_mapped(cmd))
4463 -+ scsi_dma_unmap(cmd);
4464 - cmd->scsi_done(cmd);
4465 - tw_dev->state[request_id] = TW_S_COMPLETED;
4466 - twa_free_request_id(tw_dev, request_id);
4467 -@@ -1582,7 +1594,8 @@ static int twa_reset_device_extension(TW_Device_Extension *tw_dev)
4468 - struct scsi_cmnd *cmd = tw_dev->srb[i];
4469 -
4470 - cmd->result = (DID_RESET << 16);
4471 -- scsi_dma_unmap(cmd);
4472 -+ if (twa_command_mapped(cmd))
4473 -+ scsi_dma_unmap(cmd);
4474 - cmd->scsi_done(cmd);
4475 - }
4476 - }
4477 -@@ -1765,12 +1778,14 @@ static int twa_scsi_queue_lck(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_
4478 - retval = twa_scsiop_execute_scsi(tw_dev, request_id, NULL, 0, NULL);
4479 - switch (retval) {
4480 - case SCSI_MLQUEUE_HOST_BUSY:
4481 -- scsi_dma_unmap(SCpnt);
4482 -+ if (twa_command_mapped(SCpnt))
4483 -+ scsi_dma_unmap(SCpnt);
4484 - twa_free_request_id(tw_dev, request_id);
4485 - break;
4486 - case 1:
4487 - SCpnt->result = (DID_ERROR << 16);
4488 -- scsi_dma_unmap(SCpnt);
4489 -+ if (twa_command_mapped(SCpnt))
4490 -+ scsi_dma_unmap(SCpnt);
4491 - done(SCpnt);
4492 - tw_dev->state[request_id] = TW_S_COMPLETED;
4493 - twa_free_request_id(tw_dev, request_id);
4494 -@@ -1831,8 +1846,7 @@ static int twa_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id,
4495 - /* Map sglist from scsi layer to cmd packet */
4496 -
4497 - if (scsi_sg_count(srb)) {
4498 -- if ((scsi_sg_count(srb) == 1) &&
4499 -- (scsi_bufflen(srb) < TW_MIN_SGL_LENGTH)) {
4500 -+ if (!twa_command_mapped(srb)) {
4501 - if (srb->sc_data_direction == DMA_TO_DEVICE ||
4502 - srb->sc_data_direction == DMA_BIDIRECTIONAL)
4503 - scsi_sg_copy_to_buffer(srb,
4504 -@@ -1905,7 +1919,7 @@ static void twa_scsiop_execute_scsi_complete(TW_Device_Extension *tw_dev, int re
4505 - {
4506 - struct scsi_cmnd *cmd = tw_dev->srb[request_id];
4507 -
4508 -- if (scsi_bufflen(cmd) < TW_MIN_SGL_LENGTH &&
4509 -+ if (!twa_command_mapped(cmd) &&
4510 - (cmd->sc_data_direction == DMA_FROM_DEVICE ||
4511 - cmd->sc_data_direction == DMA_BIDIRECTIONAL)) {
4512 - if (scsi_sg_count(cmd) == 1) {
4513 -diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
4514 -index 1dafeb4..cab4e98 100644
4515 ---- a/drivers/scsi/hpsa.c
4516 -+++ b/drivers/scsi/hpsa.c
4517 -@@ -5104,7 +5104,7 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
4518 - int rc;
4519 - struct ctlr_info *h;
4520 - struct hpsa_scsi_dev_t *dev;
4521 -- char msg[40];
4522 -+ char msg[48];
4523 -
4524 - /* find the controller to which the command to be aborted was sent */
4525 - h = sdev_to_hba(scsicmd->device);
4526 -@@ -5122,16 +5122,18 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
4527 -
4528 - /* if controller locked up, we can guarantee command won't complete */
4529 - if (lockup_detected(h)) {
4530 -- sprintf(msg, "cmd %d RESET FAILED, lockup detected",
4531 -- hpsa_get_cmd_index(scsicmd));
4532 -+ snprintf(msg, sizeof(msg),
4533 -+ "cmd %d RESET FAILED, lockup detected",
4534 -+ hpsa_get_cmd_index(scsicmd));
4535 - hpsa_show_dev_msg(KERN_WARNING, h, dev, msg);
4536 - return FAILED;
4537 - }
4538 -
4539 - /* this reset request might be the result of a lockup; check */
4540 - if (detect_controller_lockup(h)) {
4541 -- sprintf(msg, "cmd %d RESET FAILED, new lockup detected",
4542 -- hpsa_get_cmd_index(scsicmd));
4543 -+ snprintf(msg, sizeof(msg),
4544 -+ "cmd %d RESET FAILED, new lockup detected",
4545 -+ hpsa_get_cmd_index(scsicmd));
4546 - hpsa_show_dev_msg(KERN_WARNING, h, dev, msg);
4547 - return FAILED;
4548 - }
4549 -@@ -5145,7 +5147,8 @@ static int hpsa_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
4550 - /* send a reset to the SCSI LUN which the command was sent to */
4551 - rc = hpsa_do_reset(h, dev, dev->scsi3addr, HPSA_RESET_TYPE_LUN,
4552 - DEFAULT_REPLY_QUEUE);
4553 -- sprintf(msg, "reset %s", rc == 0 ? "completed successfully" : "failed");
4554 -+ snprintf(msg, sizeof(msg), "reset %s",
4555 -+ rc == 0 ? "completed successfully" : "failed");
4556 - hpsa_show_dev_msg(KERN_WARNING, h, dev, msg);
4557 - return rc == 0 ? SUCCESS : FAILED;
4558 - }
4559 -diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
4560 -index a9aa389..cccab61 100644
4561 ---- a/drivers/scsi/ipr.c
4562 -+++ b/drivers/scsi/ipr.c
4563 -@@ -4554,7 +4554,7 @@ static ssize_t ipr_store_raw_mode(struct device *dev,
4564 - spin_lock_irqsave(ioa_cfg->host->host_lock, lock_flags);
4565 - res = (struct ipr_resource_entry *)sdev->hostdata;
4566 - if (res) {
4567 -- if (ioa_cfg->sis64 && ipr_is_af_dasd_device(res)) {
4568 -+ if (ipr_is_af_dasd_device(res)) {
4569 - res->raw_mode = simple_strtoul(buf, NULL, 10);
4570 - len = strlen(buf);
4571 - if (res->sdev)
4572 -diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
4573 -index 6457a8a..bf3d801 100644
4574 ---- a/drivers/scsi/scsi_error.c
4575 -+++ b/drivers/scsi/scsi_error.c
4576 -@@ -2169,8 +2169,17 @@ int scsi_error_handler(void *data)
4577 - * We never actually get interrupted because kthread_run
4578 - * disables signal delivery for the created thread.
4579 - */
4580 -- while (!kthread_should_stop()) {
4581 -+ while (true) {
4582 -+ /*
4583 -+ * The sequence in kthread_stop() sets the stop flag first
4584 -+ * then wakes the process. To avoid missed wakeups, the task
4585 -+ * should always be in a non running state before the stop
4586 -+ * flag is checked
4587 -+ */
4588 - set_current_state(TASK_INTERRUPTIBLE);
4589 -+ if (kthread_should_stop())
4590 -+ break;
4591 -+
4592 - if ((shost->host_failed == 0 && shost->host_eh_scheduled == 0) ||
4593 - shost->host_failed != atomic_read(&shost->host_busy)) {
4594 - SCSI_LOG_ERROR_RECOVERY(1,
4595 -diff --git a/drivers/spi/spi-bcm2835.c b/drivers/spi/spi-bcm2835.c
4596 -index c9357bb..7445964 100644
4597 ---- a/drivers/spi/spi-bcm2835.c
4598 -+++ b/drivers/spi/spi-bcm2835.c
4599 -@@ -386,14 +386,14 @@ static bool bcm2835_spi_can_dma(struct spi_master *master,
4600 - /* otherwise we only allow transfers within the same page
4601 - * to avoid wasting time on dma_mapping when it is not practical
4602 - */
4603 -- if (((size_t)tfr->tx_buf & PAGE_MASK) + tfr->len > PAGE_SIZE) {
4604 -+ if (((size_t)tfr->tx_buf & (PAGE_SIZE - 1)) + tfr->len > PAGE_SIZE) {
4605 - dev_warn_once(&spi->dev,
4606 - "Unaligned spi tx-transfer bridging page\n");
4607 - return false;
4608 - }
4609 -- if (((size_t)tfr->rx_buf & PAGE_MASK) + tfr->len > PAGE_SIZE) {
4610 -+ if (((size_t)tfr->rx_buf & (PAGE_SIZE - 1)) + tfr->len > PAGE_SIZE) {
4611 - dev_warn_once(&spi->dev,
4612 -- "Unaligned spi tx-transfer bridging page\n");
4613 -+ "Unaligned spi rx-transfer bridging page\n");
4614 - return false;
4615 - }
4616 -
4617 -diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
4618 -index 7293d6d..8e4b1a7 100644
4619 ---- a/drivers/spi/spi-pxa2xx.c
4620 -+++ b/drivers/spi/spi-pxa2xx.c
4621 -@@ -643,6 +643,10 @@ static irqreturn_t ssp_int(int irq, void *dev_id)
4622 - if (!(sccr1_reg & SSCR1_TIE))
4623 - mask &= ~SSSR_TFS;
4624 -
4625 -+ /* Ignore RX timeout interrupt if it is disabled */
4626 -+ if (!(sccr1_reg & SSCR1_TINTE))
4627 -+ mask &= ~SSSR_TINT;
4628 -+
4629 - if (!(status & mask))
4630 - return IRQ_NONE;
4631 -
4632 -diff --git a/drivers/spi/spi-xtensa-xtfpga.c b/drivers/spi/spi-xtensa-xtfpga.c
4633 -index 2e32ea2..be6155c 100644
4634 ---- a/drivers/spi/spi-xtensa-xtfpga.c
4635 -+++ b/drivers/spi/spi-xtensa-xtfpga.c
4636 -@@ -34,13 +34,13 @@ struct xtfpga_spi {
4637 - static inline void xtfpga_spi_write32(const struct xtfpga_spi *spi,
4638 - unsigned addr, u32 val)
4639 - {
4640 -- iowrite32(val, spi->regs + addr);
4641 -+ __raw_writel(val, spi->regs + addr);
4642 - }
4643 -
4644 - static inline unsigned int xtfpga_spi_read32(const struct xtfpga_spi *spi,
4645 - unsigned addr)
4646 - {
4647 -- return ioread32(spi->regs + addr);
4648 -+ return __raw_readl(spi->regs + addr);
4649 - }
4650 -
4651 - static inline void xtfpga_spi_wait_busy(struct xtfpga_spi *xspi)
4652 -diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
4653 -index cf8b91b..9ce2f15 100644
4654 ---- a/drivers/spi/spi.c
4655 -+++ b/drivers/spi/spi.c
4656 -@@ -1437,8 +1437,7 @@ static struct class spi_master_class = {
4657 - *
4658 - * The caller is responsible for assigning the bus number and initializing
4659 - * the master's methods before calling spi_register_master(); and (after errors
4660 -- * adding the device) calling spi_master_put() and kfree() to prevent a memory
4661 -- * leak.
4662 -+ * adding the device) calling spi_master_put() to prevent a memory leak.
4663 - */
4664 - struct spi_master *spi_alloc_master(struct device *dev, unsigned size)
4665 - {
4666 -diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
4667 -index c7de641..97aad8f 100644
4668 ---- a/drivers/spi/spidev.c
4669 -+++ b/drivers/spi/spidev.c
4670 -@@ -651,7 +651,8 @@ static int spidev_release(struct inode *inode, struct file *filp)
4671 - kfree(spidev->rx_buffer);
4672 - spidev->rx_buffer = NULL;
4673 -
4674 -- spidev->speed_hz = spidev->spi->max_speed_hz;
4675 -+ if (spidev->spi)
4676 -+ spidev->speed_hz = spidev->spi->max_speed_hz;
4677 -
4678 - /* ... after we unbound from the underlying device? */
4679 - spin_lock_irq(&spidev->spi_lock);
4680 -diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
4681 -index 6f48112..b71b1f2 100644
4682 ---- a/drivers/staging/android/ion/ion.c
4683 -+++ b/drivers/staging/android/ion/ion.c
4684 -@@ -1179,13 +1179,13 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd)
4685 - mutex_unlock(&client->lock);
4686 - goto end;
4687 - }
4688 -- mutex_unlock(&client->lock);
4689 -
4690 - handle = ion_handle_create(client, buffer);
4691 -- if (IS_ERR(handle))
4692 -+ if (IS_ERR(handle)) {
4693 -+ mutex_unlock(&client->lock);
4694 - goto end;
4695 -+ }
4696 -
4697 -- mutex_lock(&client->lock);
4698 - ret = ion_handle_add(client, handle);
4699 - mutex_unlock(&client->lock);
4700 - if (ret) {
4701 -diff --git a/drivers/staging/speakup/fakekey.c b/drivers/staging/speakup/fakekey.c
4702 -index 4299cf4..5e1f16c 100644
4703 ---- a/drivers/staging/speakup/fakekey.c
4704 -+++ b/drivers/staging/speakup/fakekey.c
4705 -@@ -81,6 +81,7 @@ void speakup_fake_down_arrow(void)
4706 - __this_cpu_write(reporting_keystroke, true);
4707 - input_report_key(virt_keyboard, KEY_DOWN, PRESSED);
4708 - input_report_key(virt_keyboard, KEY_DOWN, RELEASED);
4709 -+ input_sync(virt_keyboard);
4710 - __this_cpu_write(reporting_keystroke, false);
4711 -
4712 - /* reenable preemption */
4713 -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
4714 -index fd09290..56cf199 100644
4715 ---- a/drivers/target/iscsi/iscsi_target.c
4716 -+++ b/drivers/target/iscsi/iscsi_target.c
4717 -@@ -341,7 +341,6 @@ static struct iscsi_np *iscsit_get_np(
4718 -
4719 - struct iscsi_np *iscsit_add_np(
4720 - struct __kernel_sockaddr_storage *sockaddr,
4721 -- char *ip_str,
4722 - int network_transport)
4723 - {
4724 - struct sockaddr_in *sock_in;
4725 -@@ -370,11 +369,9 @@ struct iscsi_np *iscsit_add_np(
4726 - np->np_flags |= NPF_IP_NETWORK;
4727 - if (sockaddr->ss_family == AF_INET6) {
4728 - sock_in6 = (struct sockaddr_in6 *)sockaddr;
4729 -- snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str);
4730 - np->np_port = ntohs(sock_in6->sin6_port);
4731 - } else {
4732 - sock_in = (struct sockaddr_in *)sockaddr;
4733 -- sprintf(np->np_ip, "%s", ip_str);
4734 - np->np_port = ntohs(sock_in->sin_port);
4735 - }
4736 -
4737 -@@ -411,8 +408,8 @@ struct iscsi_np *iscsit_add_np(
4738 - list_add_tail(&np->np_list, &g_np_list);
4739 - mutex_unlock(&np_lock);
4740 -
4741 -- pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n",
4742 -- np->np_ip, np->np_port, np->np_transport->name);
4743 -+ pr_debug("CORE[0] - Added Network Portal: %pISc:%hu on %s\n",
4744 -+ &np->np_sockaddr, np->np_port, np->np_transport->name);
4745 -
4746 - return np;
4747 - }
4748 -@@ -481,8 +478,8 @@ int iscsit_del_np(struct iscsi_np *np)
4749 - list_del(&np->np_list);
4750 - mutex_unlock(&np_lock);
4751 -
4752 -- pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n",
4753 -- np->np_ip, np->np_port, np->np_transport->name);
4754 -+ pr_debug("CORE[0] - Removed Network Portal: %pISc:%hu on %s\n",
4755 -+ &np->np_sockaddr, np->np_port, np->np_transport->name);
4756 -
4757 - iscsit_put_transport(np->np_transport);
4758 - kfree(np);
4759 -@@ -3464,7 +3461,6 @@ iscsit_build_sendtargets_response(struct iscsi_cmd *cmd,
4760 - tpg_np_list) {
4761 - struct iscsi_np *np = tpg_np->tpg_np;
4762 - bool inaddr_any = iscsit_check_inaddr_any(np);
4763 -- char *fmt_str;
4764 -
4765 - if (np->np_network_transport != network_transport)
4766 - continue;
4767 -@@ -3492,15 +3488,18 @@ iscsit_build_sendtargets_response(struct iscsi_cmd *cmd,
4768 - }
4769 - }
4770 -
4771 -- if (np->np_sockaddr.ss_family == AF_INET6)
4772 -- fmt_str = "TargetAddress=[%s]:%hu,%hu";
4773 -- else
4774 -- fmt_str = "TargetAddress=%s:%hu,%hu";
4775 --
4776 -- len = sprintf(buf, fmt_str,
4777 -- inaddr_any ? conn->local_ip : np->np_ip,
4778 -- np->np_port,
4779 -- tpg->tpgt);
4780 -+ if (inaddr_any) {
4781 -+ len = sprintf(buf, "TargetAddress="
4782 -+ "%s:%hu,%hu",
4783 -+ conn->local_ip,
4784 -+ np->np_port,
4785 -+ tpg->tpgt);
4786 -+ } else {
4787 -+ len = sprintf(buf, "TargetAddress="
4788 -+ "%pISpc,%hu",
4789 -+ &np->np_sockaddr,
4790 -+ tpg->tpgt);
4791 -+ }
4792 - len += 1;
4793 -
4794 - if ((len + payload_len) > buffer_len) {
4795 -diff --git a/drivers/target/iscsi/iscsi_target.h b/drivers/target/iscsi/iscsi_target.h
4796 -index 7d0f9c0..d294f03 100644
4797 ---- a/drivers/target/iscsi/iscsi_target.h
4798 -+++ b/drivers/target/iscsi/iscsi_target.h
4799 -@@ -13,7 +13,7 @@ extern int iscsit_deaccess_np(struct iscsi_np *, struct iscsi_portal_group *,
4800 - extern bool iscsit_check_np_match(struct __kernel_sockaddr_storage *,
4801 - struct iscsi_np *, int);
4802 - extern struct iscsi_np *iscsit_add_np(struct __kernel_sockaddr_storage *,
4803 -- char *, int);
4804 -+ int);
4805 - extern int iscsit_reset_np_thread(struct iscsi_np *, struct iscsi_tpg_np *,
4806 - struct iscsi_portal_group *, bool);
4807 - extern int iscsit_del_np(struct iscsi_np *);
4808 -diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c
4809 -index c1898c8..db3b9b9 100644
4810 ---- a/drivers/target/iscsi/iscsi_target_configfs.c
4811 -+++ b/drivers/target/iscsi/iscsi_target_configfs.c
4812 -@@ -99,7 +99,7 @@ static ssize_t lio_target_np_store_sctp(
4813 - * Use existing np->np_sockaddr for SCTP network portal reference
4814 - */
4815 - tpg_np_sctp = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr,
4816 -- np->np_ip, tpg_np, ISCSI_SCTP_TCP);
4817 -+ tpg_np, ISCSI_SCTP_TCP);
4818 - if (!tpg_np_sctp || IS_ERR(tpg_np_sctp))
4819 - goto out;
4820 - } else {
4821 -@@ -177,7 +177,7 @@ static ssize_t lio_target_np_store_iser(
4822 - }
4823 -
4824 - tpg_np_iser = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr,
4825 -- np->np_ip, tpg_np, ISCSI_INFINIBAND);
4826 -+ tpg_np, ISCSI_INFINIBAND);
4827 - if (IS_ERR(tpg_np_iser)) {
4828 - rc = PTR_ERR(tpg_np_iser);
4829 - goto out;
4830 -@@ -248,8 +248,8 @@ static struct se_tpg_np *lio_target_call_addnptotpg(
4831 - return ERR_PTR(-EINVAL);
4832 - }
4833 - str++; /* Skip over leading "[" */
4834 -- *str2 = '\0'; /* Terminate the IPv6 address */
4835 -- str2++; /* Skip over the "]" */
4836 -+ *str2 = '\0'; /* Terminate the unbracketed IPv6 address */
4837 -+ str2++; /* Skip over the \0 */
4838 - port_str = strstr(str2, ":");
4839 - if (!port_str) {
4840 - pr_err("Unable to locate \":port\""
4841 -@@ -316,7 +316,7 @@ static struct se_tpg_np *lio_target_call_addnptotpg(
4842 - * sys/kernel/config/iscsi/$IQN/$TPG/np/$IP:$PORT/
4843 - *
4844 - */
4845 -- tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, str, NULL,
4846 -+ tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, NULL,
4847 - ISCSI_TCP);
4848 - if (IS_ERR(tpg_np)) {
4849 - iscsit_put_tpg(tpg);
4850 -@@ -344,8 +344,8 @@ static void lio_target_call_delnpfromtpg(
4851 -
4852 - se_tpg = &tpg->tpg_se_tpg;
4853 - pr_debug("LIO_Target_ConfigFS: DEREGISTER -> %s TPGT: %hu"
4854 -- " PORTAL: %s:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item),
4855 -- tpg->tpgt, tpg_np->tpg_np->np_ip, tpg_np->tpg_np->np_port);
4856 -+ " PORTAL: %pISc:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item),
4857 -+ tpg->tpgt, &tpg_np->tpg_np->np_sockaddr, tpg_np->tpg_np->np_port);
4858 -
4859 - ret = iscsit_tpg_del_network_portal(tpg, tpg_np);
4860 - if (ret < 0)
4861 -diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
4862 -index 7e8f65e..666c073 100644
4863 ---- a/drivers/target/iscsi/iscsi_target_login.c
4864 -+++ b/drivers/target/iscsi/iscsi_target_login.c
4865 -@@ -823,8 +823,8 @@ static void iscsi_handle_login_thread_timeout(unsigned long data)
4866 - struct iscsi_np *np = (struct iscsi_np *) data;
4867 -
4868 - spin_lock_bh(&np->np_thread_lock);
4869 -- pr_err("iSCSI Login timeout on Network Portal %s:%hu\n",
4870 -- np->np_ip, np->np_port);
4871 -+ pr_err("iSCSI Login timeout on Network Portal %pISc:%hu\n",
4872 -+ &np->np_sockaddr, np->np_port);
4873 -
4874 - if (np->np_login_timer_flags & ISCSI_TF_STOP) {
4875 - spin_unlock_bh(&np->np_thread_lock);
4876 -@@ -1302,8 +1302,8 @@ static int __iscsi_target_login_thread(struct iscsi_np *np)
4877 - spin_lock_bh(&np->np_thread_lock);
4878 - if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
4879 - spin_unlock_bh(&np->np_thread_lock);
4880 -- pr_err("iSCSI Network Portal on %s:%hu currently not"
4881 -- " active.\n", np->np_ip, np->np_port);
4882 -+ pr_err("iSCSI Network Portal on %pISc:%hu currently not"
4883 -+ " active.\n", &np->np_sockaddr, np->np_port);
4884 - iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
4885 - ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
4886 - goto new_sess_out;
4887 -diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
4888 -index e8a52f7..51d1734 100644
4889 ---- a/drivers/target/iscsi/iscsi_target_parameters.c
4890 -+++ b/drivers/target/iscsi/iscsi_target_parameters.c
4891 -@@ -407,6 +407,7 @@ int iscsi_create_default_params(struct iscsi_param_list **param_list_ptr)
4892 - TYPERANGE_UTF8, USE_INITIAL_ONLY);
4893 - if (!param)
4894 - goto out;
4895 -+
4896 - /*
4897 - * Extra parameters for ISER from RFC-5046
4898 - */
4899 -@@ -496,9 +497,9 @@ int iscsi_set_keys_to_negotiate(
4900 - } else if (!strcmp(param->name, SESSIONTYPE)) {
4901 - SET_PSTATE_NEGOTIATE(param);
4902 - } else if (!strcmp(param->name, IFMARKER)) {
4903 -- SET_PSTATE_NEGOTIATE(param);
4904 -+ SET_PSTATE_REJECT(param);
4905 - } else if (!strcmp(param->name, OFMARKER)) {
4906 -- SET_PSTATE_NEGOTIATE(param);
4907 -+ SET_PSTATE_REJECT(param);
4908 - } else if (!strcmp(param->name, IFMARKINT)) {
4909 - SET_PSTATE_REJECT(param);
4910 - } else if (!strcmp(param->name, OFMARKINT)) {
4911 -diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c
4912 -index 968068f..de26bee 100644
4913 ---- a/drivers/target/iscsi/iscsi_target_tpg.c
4914 -+++ b/drivers/target/iscsi/iscsi_target_tpg.c
4915 -@@ -460,7 +460,6 @@ static bool iscsit_tpg_check_network_portal(
4916 - struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4917 - struct iscsi_portal_group *tpg,
4918 - struct __kernel_sockaddr_storage *sockaddr,
4919 -- char *ip_str,
4920 - struct iscsi_tpg_np *tpg_np_parent,
4921 - int network_transport)
4922 - {
4923 -@@ -470,8 +469,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4924 - if (!tpg_np_parent) {
4925 - if (iscsit_tpg_check_network_portal(tpg->tpg_tiqn, sockaddr,
4926 - network_transport)) {
4927 -- pr_err("Network Portal: %s already exists on a"
4928 -- " different TPG on %s\n", ip_str,
4929 -+ pr_err("Network Portal: %pISc already exists on a"
4930 -+ " different TPG on %s\n", sockaddr,
4931 - tpg->tpg_tiqn->tiqn);
4932 - return ERR_PTR(-EEXIST);
4933 - }
4934 -@@ -484,7 +483,7 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4935 - return ERR_PTR(-ENOMEM);
4936 - }
4937 -
4938 -- np = iscsit_add_np(sockaddr, ip_str, network_transport);
4939 -+ np = iscsit_add_np(sockaddr, network_transport);
4940 - if (IS_ERR(np)) {
4941 - kfree(tpg_np);
4942 - return ERR_CAST(np);
4943 -@@ -514,8 +513,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4944 - spin_unlock(&tpg_np_parent->tpg_np_parent_lock);
4945 - }
4946 -
4947 -- pr_debug("CORE[%s] - Added Network Portal: %s:%hu,%hu on %s\n",
4948 -- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
4949 -+ pr_debug("CORE[%s] - Added Network Portal: %pISc:%hu,%hu on %s\n",
4950 -+ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt,
4951 - np->np_transport->name);
4952 -
4953 - return tpg_np;
4954 -@@ -528,8 +527,8 @@ static int iscsit_tpg_release_np(
4955 - {
4956 - iscsit_clear_tpg_np_login_thread(tpg_np, tpg, true);
4957 -
4958 -- pr_debug("CORE[%s] - Removed Network Portal: %s:%hu,%hu on %s\n",
4959 -- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
4960 -+ pr_debug("CORE[%s] - Removed Network Portal: %pISc:%hu,%hu on %s\n",
4961 -+ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt,
4962 - np->np_transport->name);
4963 -
4964 - tpg_np->tpg_np = NULL;
4965 -diff --git a/drivers/target/iscsi/iscsi_target_tpg.h b/drivers/target/iscsi/iscsi_target_tpg.h
4966 -index 95ff5bd..28abda8 100644
4967 ---- a/drivers/target/iscsi/iscsi_target_tpg.h
4968 -+++ b/drivers/target/iscsi/iscsi_target_tpg.h
4969 -@@ -22,7 +22,7 @@ extern struct iscsi_node_attrib *iscsit_tpg_get_node_attrib(struct iscsi_session
4970 - extern void iscsit_tpg_del_external_nps(struct iscsi_tpg_np *);
4971 - extern struct iscsi_tpg_np *iscsit_tpg_locate_child_np(struct iscsi_tpg_np *, int);
4972 - extern struct iscsi_tpg_np *iscsit_tpg_add_network_portal(struct iscsi_portal_group *,
4973 -- struct __kernel_sockaddr_storage *, char *, struct iscsi_tpg_np *,
4974 -+ struct __kernel_sockaddr_storage *, struct iscsi_tpg_np *,
4975 - int);
4976 - extern int iscsit_tpg_del_network_portal(struct iscsi_portal_group *,
4977 - struct iscsi_tpg_np *);
4978 -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
4979 -index 09e682b..8f1cd19 100644
4980 ---- a/drivers/target/target_core_device.c
4981 -+++ b/drivers/target/target_core_device.c
4982 -@@ -427,8 +427,6 @@ void core_disable_device_list_for_node(
4983 -
4984 - hlist_del_rcu(&orig->link);
4985 - clear_bit(DEF_PR_REG_ACTIVE, &orig->deve_flags);
4986 -- rcu_assign_pointer(orig->se_lun, NULL);
4987 -- rcu_assign_pointer(orig->se_lun_acl, NULL);
4988 - orig->lun_flags = 0;
4989 - orig->creation_time = 0;
4990 - orig->attach_count--;
4991 -@@ -439,6 +437,9 @@ void core_disable_device_list_for_node(
4992 - kref_put(&orig->pr_kref, target_pr_kref_release);
4993 - wait_for_completion(&orig->pr_comp);
4994 -
4995 -+ rcu_assign_pointer(orig->se_lun, NULL);
4996 -+ rcu_assign_pointer(orig->se_lun_acl, NULL);
4997 -+
4998 - kfree_rcu(orig, rcu_head);
4999 -
5000 - core_scsi3_free_pr_reg_from_nacl(dev, nacl);
5001 -diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c
5002 -index 5ab7100..e793311 100644
5003 ---- a/drivers/target/target_core_pr.c
5004 -+++ b/drivers/target/target_core_pr.c
5005 -@@ -618,7 +618,7 @@ static struct t10_pr_registration *__core_scsi3_do_alloc_registration(
5006 - struct se_device *dev,
5007 - struct se_node_acl *nacl,
5008 - struct se_lun *lun,
5009 -- struct se_dev_entry *deve,
5010 -+ struct se_dev_entry *dest_deve,
5011 - u64 mapped_lun,
5012 - unsigned char *isid,
5013 - u64 sa_res_key,
5014 -@@ -640,7 +640,29 @@ static struct t10_pr_registration *__core_scsi3_do_alloc_registration(
5015 - INIT_LIST_HEAD(&pr_reg->pr_reg_atp_mem_list);
5016 - atomic_set(&pr_reg->pr_res_holders, 0);
5017 - pr_reg->pr_reg_nacl = nacl;
5018 -- pr_reg->pr_reg_deve = deve;
5019 -+ /*
5020 -+ * For destination registrations for ALL_TG_PT=1 and SPEC_I_PT=1,
5021 -+ * the se_dev_entry->pr_ref will have been already obtained by
5022 -+ * core_get_se_deve_from_rtpi() or __core_scsi3_alloc_registration().
5023 -+ *
5024 -+ * Otherwise, locate se_dev_entry now and obtain a reference until
5025 -+ * registration completes in __core_scsi3_add_registration().
5026 -+ */
5027 -+ if (dest_deve) {
5028 -+ pr_reg->pr_reg_deve = dest_deve;
5029 -+ } else {
5030 -+ rcu_read_lock();
5031 -+ pr_reg->pr_reg_deve = target_nacl_find_deve(nacl, mapped_lun);
5032 -+ if (!pr_reg->pr_reg_deve) {
5033 -+ rcu_read_unlock();
5034 -+ pr_err("Unable to locate PR deve %s mapped_lun: %llu\n",
5035 -+ nacl->initiatorname, mapped_lun);
5036 -+ kmem_cache_free(t10_pr_reg_cache, pr_reg);
5037 -+ return NULL;
5038 -+ }
5039 -+ kref_get(&pr_reg->pr_reg_deve->pr_kref);
5040 -+ rcu_read_unlock();
5041 -+ }
5042 - pr_reg->pr_res_mapped_lun = mapped_lun;
5043 - pr_reg->pr_aptpl_target_lun = lun->unpacked_lun;
5044 - pr_reg->tg_pt_sep_rtpi = lun->lun_rtpi;
5045 -@@ -936,17 +958,29 @@ static int __core_scsi3_check_aptpl_registration(
5046 - !(strcmp(pr_reg->pr_tport, t_port)) &&
5047 - (pr_reg->pr_reg_tpgt == tpgt) &&
5048 - (pr_reg->pr_aptpl_target_lun == target_lun)) {
5049 -+ /*
5050 -+ * Obtain the ->pr_reg_deve pointer + reference, that
5051 -+ * is released by __core_scsi3_add_registration() below.
5052 -+ */
5053 -+ rcu_read_lock();
5054 -+ pr_reg->pr_reg_deve = target_nacl_find_deve(nacl, mapped_lun);
5055 -+ if (!pr_reg->pr_reg_deve) {
5056 -+ pr_err("Unable to locate PR APTPL %s mapped_lun:"
5057 -+ " %llu\n", nacl->initiatorname, mapped_lun);
5058 -+ rcu_read_unlock();
5059 -+ continue;
5060 -+ }
5061 -+ kref_get(&pr_reg->pr_reg_deve->pr_kref);
5062 -+ rcu_read_unlock();
5063 -
5064 - pr_reg->pr_reg_nacl = nacl;
5065 - pr_reg->tg_pt_sep_rtpi = lun->lun_rtpi;
5066 --
5067 - list_del(&pr_reg->pr_reg_aptpl_list);
5068 - spin_unlock(&pr_tmpl->aptpl_reg_lock);
5069 - /*
5070 - * At this point all of the pointers in *pr_reg will
5071 - * be setup, so go ahead and add the registration.
5072 - */
5073 --
5074 - __core_scsi3_add_registration(dev, nacl, pr_reg, 0, 0);
5075 - /*
5076 - * If this registration is the reservation holder,
5077 -@@ -1044,18 +1078,11 @@ static void __core_scsi3_add_registration(
5078 -
5079 - __core_scsi3_dump_registration(tfo, dev, nacl, pr_reg, register_type);
5080 - spin_unlock(&pr_tmpl->registration_lock);
5081 --
5082 -- rcu_read_lock();
5083 -- deve = pr_reg->pr_reg_deve;
5084 -- if (deve)
5085 -- set_bit(DEF_PR_REG_ACTIVE, &deve->deve_flags);
5086 -- rcu_read_unlock();
5087 --
5088 - /*
5089 - * Skip extra processing for ALL_TG_PT=0 or REGISTER_AND_MOVE.
5090 - */
5091 - if (!pr_reg->pr_reg_all_tg_pt || register_move)
5092 -- return;
5093 -+ goto out;
5094 - /*
5095 - * Walk pr_reg->pr_reg_atp_list and add registrations for ALL_TG_PT=1
5096 - * allocated in __core_scsi3_alloc_registration()
5097 -@@ -1075,19 +1102,31 @@ static void __core_scsi3_add_registration(
5098 - __core_scsi3_dump_registration(tfo, dev, nacl_tmp, pr_reg_tmp,
5099 - register_type);
5100 - spin_unlock(&pr_tmpl->registration_lock);
5101 --
5102 -+ /*
5103 -+ * Drop configfs group dependency reference and deve->pr_kref
5104 -+ * obtained from __core_scsi3_alloc_registration() code.
5105 -+ */
5106 - rcu_read_lock();
5107 - deve = pr_reg_tmp->pr_reg_deve;
5108 -- if (deve)
5109 -+ if (deve) {
5110 - set_bit(DEF_PR_REG_ACTIVE, &deve->deve_flags);
5111 -+ core_scsi3_lunacl_undepend_item(deve);
5112 -+ pr_reg_tmp->pr_reg_deve = NULL;
5113 -+ }
5114 - rcu_read_unlock();
5115 --
5116 -- /*
5117 -- * Drop configfs group dependency reference from
5118 -- * __core_scsi3_alloc_registration()
5119 -- */
5120 -- core_scsi3_lunacl_undepend_item(pr_reg_tmp->pr_reg_deve);
5121 - }
5122 -+out:
5123 -+ /*
5124 -+ * Drop deve->pr_kref obtained in __core_scsi3_do_alloc_registration()
5125 -+ */
5126 -+ rcu_read_lock();
5127 -+ deve = pr_reg->pr_reg_deve;
5128 -+ if (deve) {
5129 -+ set_bit(DEF_PR_REG_ACTIVE, &deve->deve_flags);
5130 -+ kref_put(&deve->pr_kref, target_pr_kref_release);
5131 -+ pr_reg->pr_reg_deve = NULL;
5132 -+ }
5133 -+ rcu_read_unlock();
5134 - }
5135 -
5136 - static int core_scsi3_alloc_registration(
5137 -@@ -1785,9 +1824,11 @@ core_scsi3_decode_spec_i_port(
5138 - dest_node_acl->initiatorname, i_buf, (dest_se_deve) ?
5139 - dest_se_deve->mapped_lun : 0);
5140 -
5141 -- if (!dest_se_deve)
5142 -+ if (!dest_se_deve) {
5143 -+ kref_put(&local_pr_reg->pr_reg_deve->pr_kref,
5144 -+ target_pr_kref_release);
5145 - continue;
5146 --
5147 -+ }
5148 - core_scsi3_lunacl_undepend_item(dest_se_deve);
5149 - core_scsi3_nodeacl_undepend_item(dest_node_acl);
5150 - core_scsi3_tpg_undepend_item(dest_tpg);
5151 -@@ -1823,9 +1864,11 @@ out:
5152 -
5153 - kmem_cache_free(t10_pr_reg_cache, dest_pr_reg);
5154 -
5155 -- if (!dest_se_deve)
5156 -+ if (!dest_se_deve) {
5157 -+ kref_put(&local_pr_reg->pr_reg_deve->pr_kref,
5158 -+ target_pr_kref_release);
5159 - continue;
5160 --
5161 -+ }
5162 - core_scsi3_lunacl_undepend_item(dest_se_deve);
5163 - core_scsi3_nodeacl_undepend_item(dest_node_acl);
5164 - core_scsi3_tpg_undepend_item(dest_tpg);
5165 -diff --git a/drivers/target/target_core_xcopy.c b/drivers/target/target_core_xcopy.c
5166 -index 4515f52..47fe94e 100644
5167 ---- a/drivers/target/target_core_xcopy.c
5168 -+++ b/drivers/target/target_core_xcopy.c
5169 -@@ -450,6 +450,8 @@ int target_xcopy_setup_pt(void)
5170 - memset(&xcopy_pt_sess, 0, sizeof(struct se_session));
5171 - INIT_LIST_HEAD(&xcopy_pt_sess.sess_list);
5172 - INIT_LIST_HEAD(&xcopy_pt_sess.sess_acl_list);
5173 -+ INIT_LIST_HEAD(&xcopy_pt_sess.sess_cmd_list);
5174 -+ spin_lock_init(&xcopy_pt_sess.sess_cmd_lock);
5175 -
5176 - xcopy_pt_nacl.se_tpg = &xcopy_pt_tpg;
5177 - xcopy_pt_nacl.nacl_sess = &xcopy_pt_sess;
5178 -@@ -644,7 +646,7 @@ static int target_xcopy_read_source(
5179 - pr_debug("XCOPY: Built READ_16: LBA: %llu Sectors: %u Length: %u\n",
5180 - (unsigned long long)src_lba, src_sectors, length);
5181 -
5182 -- transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, NULL, length,
5183 -+ transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, &xcopy_pt_sess, length,
5184 - DMA_FROM_DEVICE, 0, &xpt_cmd->sense_buffer[0]);
5185 - xop->src_pt_cmd = xpt_cmd;
5186 -
5187 -@@ -704,7 +706,7 @@ static int target_xcopy_write_destination(
5188 - pr_debug("XCOPY: Built WRITE_16: LBA: %llu Sectors: %u Length: %u\n",
5189 - (unsigned long long)dst_lba, dst_sectors, length);
5190 -
5191 -- transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, NULL, length,
5192 -+ transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, &xcopy_pt_sess, length,
5193 - DMA_TO_DEVICE, 0, &xpt_cmd->sense_buffer[0]);
5194 - xop->dst_pt_cmd = xpt_cmd;
5195 -
5196 -diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c
5197 -index 620dcd4..42c6f71 100644
5198 ---- a/drivers/thermal/cpu_cooling.c
5199 -+++ b/drivers/thermal/cpu_cooling.c
5200 -@@ -262,7 +262,9 @@ static int cpufreq_thermal_notifier(struct notifier_block *nb,
5201 - * efficiently. Power is stored in mW, frequency in KHz. The
5202 - * resulting table is in ascending order.
5203 - *
5204 -- * Return: 0 on success, -E* on error.
5205 -+ * Return: 0 on success, -EINVAL if there are no OPPs for any CPUs,
5206 -+ * -ENOMEM if we run out of memory or -EAGAIN if an OPP was
5207 -+ * added/enabled while the function was executing.
5208 - */
5209 - static int build_dyn_power_table(struct cpufreq_cooling_device *cpufreq_device,
5210 - u32 capacitance)
5211 -@@ -273,8 +275,6 @@ static int build_dyn_power_table(struct cpufreq_cooling_device *cpufreq_device,
5212 - int num_opps = 0, cpu, i, ret = 0;
5213 - unsigned long freq;
5214 -
5215 -- rcu_read_lock();
5216 --
5217 - for_each_cpu(cpu, &cpufreq_device->allowed_cpus) {
5218 - dev = get_cpu_device(cpu);
5219 - if (!dev) {
5220 -@@ -284,24 +284,20 @@ static int build_dyn_power_table(struct cpufreq_cooling_device *cpufreq_device,
5221 - }
5222 -
5223 - num_opps = dev_pm_opp_get_opp_count(dev);
5224 -- if (num_opps > 0) {
5225 -+ if (num_opps > 0)
5226 - break;
5227 -- } else if (num_opps < 0) {
5228 -- ret = num_opps;
5229 -- goto unlock;
5230 -- }
5231 -+ else if (num_opps < 0)
5232 -+ return num_opps;
5233 - }
5234 -
5235 -- if (num_opps == 0) {
5236 -- ret = -EINVAL;
5237 -- goto unlock;
5238 -- }
5239 -+ if (num_opps == 0)
5240 -+ return -EINVAL;
5241 -
5242 - power_table = kcalloc(num_opps, sizeof(*power_table), GFP_KERNEL);
5243 -- if (!power_table) {
5244 -- ret = -ENOMEM;
5245 -- goto unlock;
5246 -- }
5247 -+ if (!power_table)
5248 -+ return -ENOMEM;
5249 -+
5250 -+ rcu_read_lock();
5251 -
5252 - for (freq = 0, i = 0;
5253 - opp = dev_pm_opp_find_freq_ceil(dev, &freq), !IS_ERR(opp);
5254 -@@ -309,6 +305,12 @@ static int build_dyn_power_table(struct cpufreq_cooling_device *cpufreq_device,
5255 - u32 freq_mhz, voltage_mv;
5256 - u64 power;
5257 -
5258 -+ if (i >= num_opps) {
5259 -+ rcu_read_unlock();
5260 -+ ret = -EAGAIN;
5261 -+ goto free_power_table;
5262 -+ }
5263 -+
5264 - freq_mhz = freq / 1000000;
5265 - voltage_mv = dev_pm_opp_get_voltage(opp) / 1000;
5266 -
5267 -@@ -326,17 +328,22 @@ static int build_dyn_power_table(struct cpufreq_cooling_device *cpufreq_device,
5268 - power_table[i].power = power;
5269 - }
5270 -
5271 -- if (i == 0) {
5272 -+ rcu_read_unlock();
5273 -+
5274 -+ if (i != num_opps) {
5275 - ret = PTR_ERR(opp);
5276 -- goto unlock;
5277 -+ goto free_power_table;
5278 - }
5279 -
5280 - cpufreq_device->cpu_dev = dev;
5281 - cpufreq_device->dyn_power_table = power_table;
5282 - cpufreq_device->dyn_power_table_entries = i;
5283 -
5284 --unlock:
5285 -- rcu_read_unlock();
5286 -+ return 0;
5287 -+
5288 -+free_power_table:
5289 -+ kfree(power_table);
5290 -+
5291 - return ret;
5292 - }
5293 -
5294 -@@ -847,7 +854,7 @@ __cpufreq_cooling_register(struct device_node *np,
5295 - ret = get_idr(&cpufreq_idr, &cpufreq_dev->id);
5296 - if (ret) {
5297 - cool_dev = ERR_PTR(ret);
5298 -- goto free_table;
5299 -+ goto free_power_table;
5300 - }
5301 -
5302 - snprintf(dev_name, sizeof(dev_name), "thermal-cpufreq-%d",
5303 -@@ -889,6 +896,8 @@ __cpufreq_cooling_register(struct device_node *np,
5304 -
5305 - remove_idr:
5306 - release_idr(&cpufreq_idr, cpufreq_dev->id);
5307 -+free_power_table:
5308 -+ kfree(cpufreq_dev->dyn_power_table);
5309 - free_table:
5310 - kfree(cpufreq_dev->freq_table);
5311 - free_time_in_idle_timestamp:
5312 -@@ -1039,6 +1048,7 @@ void cpufreq_cooling_unregister(struct thermal_cooling_device *cdev)
5313 -
5314 - thermal_cooling_device_unregister(cpufreq_dev->cool_dev);
5315 - release_idr(&cpufreq_idr, cpufreq_dev->id);
5316 -+ kfree(cpufreq_dev->dyn_power_table);
5317 - kfree(cpufreq_dev->time_in_idle_timestamp);
5318 - kfree(cpufreq_dev->time_in_idle);
5319 - kfree(cpufreq_dev->freq_table);
5320 -diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
5321 -index ee8bfac..afc1879 100644
5322 ---- a/drivers/tty/n_tty.c
5323 -+++ b/drivers/tty/n_tty.c
5324 -@@ -343,8 +343,7 @@ static void n_tty_packet_mode_flush(struct tty_struct *tty)
5325 - spin_lock_irqsave(&tty->ctrl_lock, flags);
5326 - tty->ctrl_status |= TIOCPKT_FLUSHREAD;
5327 - spin_unlock_irqrestore(&tty->ctrl_lock, flags);
5328 -- if (waitqueue_active(&tty->link->read_wait))
5329 -- wake_up_interruptible(&tty->link->read_wait);
5330 -+ wake_up_interruptible(&tty->link->read_wait);
5331 - }
5332 - }
5333 -
5334 -@@ -1382,8 +1381,7 @@ handle_newline:
5335 - put_tty_queue(c, ldata);
5336 - smp_store_release(&ldata->canon_head, ldata->read_head);
5337 - kill_fasync(&tty->fasync, SIGIO, POLL_IN);
5338 -- if (waitqueue_active(&tty->read_wait))
5339 -- wake_up_interruptible_poll(&tty->read_wait, POLLIN);
5340 -+ wake_up_interruptible_poll(&tty->read_wait, POLLIN);
5341 - return 0;
5342 - }
5343 - }
5344 -@@ -1667,8 +1665,7 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
5345 -
5346 - if ((read_cnt(ldata) >= ldata->minimum_to_wake) || L_EXTPROC(tty)) {
5347 - kill_fasync(&tty->fasync, SIGIO, POLL_IN);
5348 -- if (waitqueue_active(&tty->read_wait))
5349 -- wake_up_interruptible_poll(&tty->read_wait, POLLIN);
5350 -+ wake_up_interruptible_poll(&tty->read_wait, POLLIN);
5351 - }
5352 - }
5353 -
5354 -@@ -1887,10 +1884,8 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
5355 - }
5356 -
5357 - /* The termios change make the tty ready for I/O */
5358 -- if (waitqueue_active(&tty->write_wait))
5359 -- wake_up_interruptible(&tty->write_wait);
5360 -- if (waitqueue_active(&tty->read_wait))
5361 -- wake_up_interruptible(&tty->read_wait);
5362 -+ wake_up_interruptible(&tty->write_wait);
5363 -+ wake_up_interruptible(&tty->read_wait);
5364 - }
5365 -
5366 - /**
5367 -diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
5368 -index 37fff12..c35d96e 100644
5369 ---- a/drivers/tty/serial/8250/8250_core.c
5370 -+++ b/drivers/tty/serial/8250/8250_core.c
5371 -@@ -326,6 +326,14 @@ configured less than Maximum supported fifo bytes */
5372 - UART_FCR7_64BYTE,
5373 - .flags = UART_CAP_FIFO,
5374 - },
5375 -+ [PORT_RT2880] = {
5376 -+ .name = "Palmchip BK-3103",
5377 -+ .fifo_size = 16,
5378 -+ .tx_loadsz = 16,
5379 -+ .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10,
5380 -+ .rxtrig_bytes = {1, 4, 8, 14},
5381 -+ .flags = UART_CAP_FIFO,
5382 -+ },
5383 - };
5384 -
5385 - /* Uart divisor latch read */
5386 -diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
5387 -index 2a8f528..40326b3 100644
5388 ---- a/drivers/tty/serial/atmel_serial.c
5389 -+++ b/drivers/tty/serial/atmel_serial.c
5390 -@@ -2641,7 +2641,7 @@ static int atmel_serial_probe(struct platform_device *pdev)
5391 - ret = atmel_init_gpios(port, &pdev->dev);
5392 - if (ret < 0) {
5393 - dev_err(&pdev->dev, "Failed to initialize GPIOs.");
5394 -- goto err;
5395 -+ goto err_clear_bit;
5396 - }
5397 -
5398 - ret = atmel_init_port(port, pdev);
5399 -diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
5400 -index 57fc6ee..774df35 100644
5401 ---- a/drivers/tty/tty_io.c
5402 -+++ b/drivers/tty/tty_io.c
5403 -@@ -2136,8 +2136,24 @@ retry_open:
5404 - if (!noctty &&
5405 - current->signal->leader &&
5406 - !current->signal->tty &&
5407 -- tty->session == NULL)
5408 -- __proc_set_tty(tty);
5409 -+ tty->session == NULL) {
5410 -+ /*
5411 -+ * Don't let a process that only has write access to the tty
5412 -+ * obtain the privileges associated with having a tty as
5413 -+ * controlling terminal (being able to reopen it with full
5414 -+ * access through /dev/tty, being able to perform pushback).
5415 -+ * Many distributions set the group of all ttys to "tty" and
5416 -+ * grant write-only access to all terminals for setgid tty
5417 -+ * binaries, which should not imply full privileges on all ttys.
5418 -+ *
5419 -+ * This could theoretically break old code that performs open()
5420 -+ * on a write-only file descriptor. In that case, it might be
5421 -+ * necessary to also permit this if
5422 -+ * inode_permission(inode, MAY_READ) == 0.
5423 -+ */
5424 -+ if (filp->f_mode & FMODE_READ)
5425 -+ __proc_set_tty(tty);
5426 -+ }
5427 - spin_unlock_irq(&current->sighand->siglock);
5428 - read_unlock(&tasklist_lock);
5429 - tty_unlock(tty);
5430 -@@ -2426,7 +2442,7 @@ static int fionbio(struct file *file, int __user *p)
5431 - * Takes ->siglock() when updating signal->tty
5432 - */
5433 -
5434 --static int tiocsctty(struct tty_struct *tty, int arg)
5435 -+static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
5436 - {
5437 - int ret = 0;
5438 -
5439 -@@ -2460,6 +2476,13 @@ static int tiocsctty(struct tty_struct *tty, int arg)
5440 - goto unlock;
5441 - }
5442 - }
5443 -+
5444 -+ /* See the comment in tty_open(). */
5445 -+ if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
5446 -+ ret = -EPERM;
5447 -+ goto unlock;
5448 -+ }
5449 -+
5450 - proc_set_tty(tty);
5451 - unlock:
5452 - read_unlock(&tasklist_lock);
5453 -@@ -2852,7 +2875,7 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
5454 - no_tty();
5455 - return 0;
5456 - case TIOCSCTTY:
5457 -- return tiocsctty(tty, arg);
5458 -+ return tiocsctty(tty, file, arg);
5459 - case TIOCGPGRP:
5460 - return tiocgpgrp(tty, real_tty, p);
5461 - case TIOCSPGRP:
5462 -diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
5463 -index 389f0e0..fa77432 100644
5464 ---- a/drivers/usb/chipidea/ci_hdrc_imx.c
5465 -+++ b/drivers/usb/chipidea/ci_hdrc_imx.c
5466 -@@ -56,7 +56,7 @@ static const struct of_device_id ci_hdrc_imx_dt_ids[] = {
5467 - { .compatible = "fsl,imx27-usb", .data = &imx27_usb_data},
5468 - { .compatible = "fsl,imx6q-usb", .data = &imx6q_usb_data},
5469 - { .compatible = "fsl,imx6sl-usb", .data = &imx6sl_usb_data},
5470 -- { .compatible = "fsl,imx6sx-usb", .data = &imx6sl_usb_data},
5471 -+ { .compatible = "fsl,imx6sx-usb", .data = &imx6sx_usb_data},
5472 - { /* sentinel */ }
5473 - };
5474 - MODULE_DEVICE_TABLE(of, ci_hdrc_imx_dt_ids);
5475 -diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
5476 -index 764f668..6e53c24 100644
5477 ---- a/drivers/usb/chipidea/udc.c
5478 -+++ b/drivers/usb/chipidea/udc.c
5479 -@@ -656,6 +656,44 @@ __acquires(hwep->lock)
5480 - return 0;
5481 - }
5482 -
5483 -+static int _ep_set_halt(struct usb_ep *ep, int value, bool check_transfer)
5484 -+{
5485 -+ struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
5486 -+ int direction, retval = 0;
5487 -+ unsigned long flags;
5488 -+
5489 -+ if (ep == NULL || hwep->ep.desc == NULL)
5490 -+ return -EINVAL;
5491 -+
5492 -+ if (usb_endpoint_xfer_isoc(hwep->ep.desc))
5493 -+ return -EOPNOTSUPP;
5494 -+
5495 -+ spin_lock_irqsave(hwep->lock, flags);
5496 -+
5497 -+ if (value && hwep->dir == TX && check_transfer &&
5498 -+ !list_empty(&hwep->qh.queue) &&
5499 -+ !usb_endpoint_xfer_control(hwep->ep.desc)) {
5500 -+ spin_unlock_irqrestore(hwep->lock, flags);
5501 -+ return -EAGAIN;
5502 -+ }
5503 -+
5504 -+ direction = hwep->dir;
5505 -+ do {
5506 -+ retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
5507 -+
5508 -+ if (!value)
5509 -+ hwep->wedge = 0;
5510 -+
5511 -+ if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
5512 -+ hwep->dir = (hwep->dir == TX) ? RX : TX;
5513 -+
5514 -+ } while (hwep->dir != direction);
5515 -+
5516 -+ spin_unlock_irqrestore(hwep->lock, flags);
5517 -+ return retval;
5518 -+}
5519 -+
5520 -+
5521 - /**
5522 - * _gadget_stop_activity: stops all USB activity, flushes & disables all endpts
5523 - * @gadget: gadget
5524 -@@ -1051,7 +1089,7 @@ __acquires(ci->lock)
5525 - num += ci->hw_ep_max / 2;
5526 -
5527 - spin_unlock(&ci->lock);
5528 -- err = usb_ep_set_halt(&ci->ci_hw_ep[num].ep);
5529 -+ err = _ep_set_halt(&ci->ci_hw_ep[num].ep, 1, false);
5530 - spin_lock(&ci->lock);
5531 - if (!err)
5532 - isr_setup_status_phase(ci);
5533 -@@ -1110,8 +1148,8 @@ delegate:
5534 -
5535 - if (err < 0) {
5536 - spin_unlock(&ci->lock);
5537 -- if (usb_ep_set_halt(&hwep->ep))
5538 -- dev_err(ci->dev, "error: ep_set_halt\n");
5539 -+ if (_ep_set_halt(&hwep->ep, 1, false))
5540 -+ dev_err(ci->dev, "error: _ep_set_halt\n");
5541 - spin_lock(&ci->lock);
5542 - }
5543 - }
5544 -@@ -1142,9 +1180,9 @@ __acquires(ci->lock)
5545 - err = isr_setup_status_phase(ci);
5546 - if (err < 0) {
5547 - spin_unlock(&ci->lock);
5548 -- if (usb_ep_set_halt(&hwep->ep))
5549 -+ if (_ep_set_halt(&hwep->ep, 1, false))
5550 - dev_err(ci->dev,
5551 -- "error: ep_set_halt\n");
5552 -+ "error: _ep_set_halt\n");
5553 - spin_lock(&ci->lock);
5554 - }
5555 - }
5556 -@@ -1390,41 +1428,7 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req)
5557 - */
5558 - static int ep_set_halt(struct usb_ep *ep, int value)
5559 - {
5560 -- struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
5561 -- int direction, retval = 0;
5562 -- unsigned long flags;
5563 --
5564 -- if (ep == NULL || hwep->ep.desc == NULL)
5565 -- return -EINVAL;
5566 --
5567 -- if (usb_endpoint_xfer_isoc(hwep->ep.desc))
5568 -- return -EOPNOTSUPP;
5569 --
5570 -- spin_lock_irqsave(hwep->lock, flags);
5571 --
5572 --#ifndef STALL_IN
5573 -- /* g_file_storage MS compliant but g_zero fails chapter 9 compliance */
5574 -- if (value && hwep->type == USB_ENDPOINT_XFER_BULK && hwep->dir == TX &&
5575 -- !list_empty(&hwep->qh.queue)) {
5576 -- spin_unlock_irqrestore(hwep->lock, flags);
5577 -- return -EAGAIN;
5578 -- }
5579 --#endif
5580 --
5581 -- direction = hwep->dir;
5582 -- do {
5583 -- retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
5584 --
5585 -- if (!value)
5586 -- hwep->wedge = 0;
5587 --
5588 -- if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
5589 -- hwep->dir = (hwep->dir == TX) ? RX : TX;
5590 --
5591 -- } while (hwep->dir != direction);
5592 --
5593 -- spin_unlock_irqrestore(hwep->lock, flags);
5594 -- return retval;
5595 -+ return _ep_set_halt(ep, value, true);
5596 - }
5597 -
5598 - /**
5599 -diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
5600 -index b2a540b..b9ddf0c 100644
5601 ---- a/drivers/usb/core/config.c
5602 -+++ b/drivers/usb/core/config.c
5603 -@@ -112,7 +112,7 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
5604 - cfgno, inum, asnum, ep->desc.bEndpointAddress);
5605 - ep->ss_ep_comp.bmAttributes = 16;
5606 - } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
5607 -- desc->bmAttributes > 2) {
5608 -+ USB_SS_MULT(desc->bmAttributes) > 3) {
5609 - dev_warn(ddev, "Isoc endpoint has Mult of %d in "
5610 - "config %d interface %d altsetting %d ep %d: "
5611 - "setting to 3\n", desc->bmAttributes + 1,
5612 -@@ -121,7 +121,8 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
5613 - }
5614 -
5615 - if (usb_endpoint_xfer_isoc(&ep->desc))
5616 -- max_tx = (desc->bMaxBurst + 1) * (desc->bmAttributes + 1) *
5617 -+ max_tx = (desc->bMaxBurst + 1) *
5618 -+ (USB_SS_MULT(desc->bmAttributes)) *
5619 - usb_endpoint_maxp(&ep->desc);
5620 - else if (usb_endpoint_xfer_int(&ep->desc))
5621 - max_tx = usb_endpoint_maxp(&ep->desc) *
5622 -diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
5623 -index d85abfe..f5a3819 100644
5624 ---- a/drivers/usb/core/quirks.c
5625 -+++ b/drivers/usb/core/quirks.c
5626 -@@ -54,6 +54,13 @@ static const struct usb_device_id usb_quirk_list[] = {
5627 - { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT },
5628 - { USB_DEVICE(0x046d, 0x0843), .driver_info = USB_QUIRK_DELAY_INIT },
5629 -
5630 -+ /* Logitech ConferenceCam CC3000e */
5631 -+ { USB_DEVICE(0x046d, 0x0847), .driver_info = USB_QUIRK_DELAY_INIT },
5632 -+ { USB_DEVICE(0x046d, 0x0848), .driver_info = USB_QUIRK_DELAY_INIT },
5633 -+
5634 -+ /* Logitech PTZ Pro Camera */
5635 -+ { USB_DEVICE(0x046d, 0x0853), .driver_info = USB_QUIRK_DELAY_INIT },
5636 -+
5637 - /* Logitech Quickcam Fusion */
5638 - { USB_DEVICE(0x046d, 0x08c1), .driver_info = USB_QUIRK_RESET_RESUME },
5639 -
5640 -@@ -78,6 +85,12 @@ static const struct usb_device_id usb_quirk_list[] = {
5641 - /* Philips PSC805 audio device */
5642 - { USB_DEVICE(0x0471, 0x0155), .driver_info = USB_QUIRK_RESET_RESUME },
5643 -
5644 -+ /* Plantronic Audio 655 DSP */
5645 -+ { USB_DEVICE(0x047f, 0xc008), .driver_info = USB_QUIRK_RESET_RESUME },
5646 -+
5647 -+ /* Plantronic Audio 648 USB */
5648 -+ { USB_DEVICE(0x047f, 0xc013), .driver_info = USB_QUIRK_RESET_RESUME },
5649 -+
5650 - /* Artisman Watchdog Dongle */
5651 - { USB_DEVICE(0x04b4, 0x0526), .driver_info =
5652 - USB_QUIRK_CONFIG_INTF_STRINGS },
5653 -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
5654 -index 9a8c936..41f841f 100644
5655 ---- a/drivers/usb/host/xhci-mem.c
5656 -+++ b/drivers/usb/host/xhci-mem.c
5657 -@@ -1498,10 +1498,10 @@ int xhci_endpoint_init(struct xhci_hcd *xhci,
5658 - * use Event Data TRBs, and we don't chain in a link TRB on short
5659 - * transfers, we're basically dividing by 1.
5660 - *
5661 -- * xHCI 1.0 specification indicates that the Average TRB Length should
5662 -- * be set to 8 for control endpoints.
5663 -+ * xHCI 1.0 and 1.1 specification indicates that the Average TRB Length
5664 -+ * should be set to 8 for control endpoints.
5665 - */
5666 -- if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version == 0x100)
5667 -+ if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version >= 0x100)
5668 - ep_ctx->tx_info |= cpu_to_le32(AVG_TRB_LENGTH_FOR_EP(8));
5669 - else
5670 - ep_ctx->tx_info |=
5671 -@@ -1792,8 +1792,7 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci)
5672 - int size;
5673 - int i, j, num_ports;
5674 -
5675 -- if (timer_pending(&xhci->cmd_timer))
5676 -- del_timer_sync(&xhci->cmd_timer);
5677 -+ del_timer_sync(&xhci->cmd_timer);
5678 -
5679 - /* Free the Event Ring Segment Table and the actual Event Ring */
5680 - size = sizeof(struct xhci_erst_entry)*(xhci->erst.num_entries);
5681 -@@ -2321,6 +2320,10 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
5682 -
5683 - INIT_LIST_HEAD(&xhci->cmd_list);
5684 -
5685 -+ /* init command timeout timer */
5686 -+ setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout,
5687 -+ (unsigned long)xhci);
5688 -+
5689 - page_size = readl(&xhci->op_regs->page_size);
5690 - xhci_dbg_trace(xhci, trace_xhci_dbg_init,
5691 - "Supported page size register = 0x%x", page_size);
5692 -@@ -2505,10 +2508,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
5693 - "Wrote ERST address to ir_set 0.");
5694 - xhci_print_ir_set(xhci, 0);
5695 -
5696 -- /* init command timeout timer */
5697 -- setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout,
5698 -- (unsigned long)xhci);
5699 --
5700 - /*
5701 - * XXX: Might need to set the Interrupter Moderation Register to
5702 - * something other than the default (~1ms minimum between interrupts).
5703 -diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
5704 -index 5590eac..c79d336 100644
5705 ---- a/drivers/usb/host/xhci-pci.c
5706 -+++ b/drivers/usb/host/xhci-pci.c
5707 -@@ -180,51 +180,6 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
5708 - "QUIRK: Resetting on resume");
5709 - }
5710 -
5711 --/*
5712 -- * In some Intel xHCI controllers, in order to get D3 working,
5713 -- * through a vendor specific SSIC CONFIG register at offset 0x883c,
5714 -- * SSIC PORT need to be marked as "unused" before putting xHCI
5715 -- * into D3. After D3 exit, the SSIC port need to be marked as "used".
5716 -- * Without this change, xHCI might not enter D3 state.
5717 -- * Make sure PME works on some Intel xHCI controllers by writing 1 to clear
5718 -- * the Internal PME flag bit in vendor specific PMCTRL register at offset 0x80a4
5719 -- */
5720 --static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
5721 --{
5722 -- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
5723 -- struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
5724 -- u32 val;
5725 -- void __iomem *reg;
5726 --
5727 -- if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
5728 -- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
5729 --
5730 -- reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
5731 --
5732 -- /* Notify SSIC that SSIC profile programming is not done */
5733 -- val = readl(reg) & ~PROG_DONE;
5734 -- writel(val, reg);
5735 --
5736 -- /* Mark SSIC port as unused(suspend) or used(resume) */
5737 -- val = readl(reg);
5738 -- if (suspend)
5739 -- val |= SSIC_PORT_UNUSED;
5740 -- else
5741 -- val &= ~SSIC_PORT_UNUSED;
5742 -- writel(val, reg);
5743 --
5744 -- /* Notify SSIC that SSIC profile programming is done */
5745 -- val = readl(reg) | PROG_DONE;
5746 -- writel(val, reg);
5747 -- readl(reg);
5748 -- }
5749 --
5750 -- reg = (void __iomem *) xhci->cap_regs + 0x80a4;
5751 -- val = readl(reg);
5752 -- writel(val | BIT(28), reg);
5753 -- readl(reg);
5754 --}
5755 --
5756 - #ifdef CONFIG_ACPI
5757 - static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev)
5758 - {
5759 -@@ -345,6 +300,51 @@ static void xhci_pci_remove(struct pci_dev *dev)
5760 - }
5761 -
5762 - #ifdef CONFIG_PM
5763 -+/*
5764 -+ * In some Intel xHCI controllers, in order to get D3 working,
5765 -+ * through a vendor specific SSIC CONFIG register at offset 0x883c,
5766 -+ * SSIC PORT need to be marked as "unused" before putting xHCI
5767 -+ * into D3. After D3 exit, the SSIC port need to be marked as "used".
5768 -+ * Without this change, xHCI might not enter D3 state.
5769 -+ * Make sure PME works on some Intel xHCI controllers by writing 1 to clear
5770 -+ * the Internal PME flag bit in vendor specific PMCTRL register at offset 0x80a4
5771 -+ */
5772 -+static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
5773 -+{
5774 -+ struct xhci_hcd *xhci = hcd_to_xhci(hcd);
5775 -+ struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
5776 -+ u32 val;
5777 -+ void __iomem *reg;
5778 -+
5779 -+ if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
5780 -+ pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
5781 -+
5782 -+ reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
5783 -+
5784 -+ /* Notify SSIC that SSIC profile programming is not done */
5785 -+ val = readl(reg) & ~PROG_DONE;
5786 -+ writel(val, reg);
5787 -+
5788 -+ /* Mark SSIC port as unused(suspend) or used(resume) */
5789 -+ val = readl(reg);
5790 -+ if (suspend)
5791 -+ val |= SSIC_PORT_UNUSED;
5792 -+ else
5793 -+ val &= ~SSIC_PORT_UNUSED;
5794 -+ writel(val, reg);
5795 -+
5796 -+ /* Notify SSIC that SSIC profile programming is done */
5797 -+ val = readl(reg) | PROG_DONE;
5798 -+ writel(val, reg);
5799 -+ readl(reg);
5800 -+ }
5801 -+
5802 -+ reg = (void __iomem *) xhci->cap_regs + 0x80a4;
5803 -+ val = readl(reg);
5804 -+ writel(val | BIT(28), reg);
5805 -+ readl(reg);
5806 -+}
5807 -+
5808 - static int xhci_pci_suspend(struct usb_hcd *hcd, bool do_wakeup)
5809 - {
5810 - struct xhci_hcd *xhci = hcd_to_xhci(hcd);
5811 -diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
5812 -index 32f4d56..8aadf3d 100644
5813 ---- a/drivers/usb/host/xhci-ring.c
5814 -+++ b/drivers/usb/host/xhci-ring.c
5815 -@@ -302,6 +302,15 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci)
5816 - ret = xhci_handshake(&xhci->op_regs->cmd_ring,
5817 - CMD_RING_RUNNING, 0, 5 * 1000 * 1000);
5818 - if (ret < 0) {
5819 -+ /* we are about to kill xhci, give it one more chance */
5820 -+ xhci_write_64(xhci, temp_64 | CMD_RING_ABORT,
5821 -+ &xhci->op_regs->cmd_ring);
5822 -+ udelay(1000);
5823 -+ ret = xhci_handshake(&xhci->op_regs->cmd_ring,
5824 -+ CMD_RING_RUNNING, 0, 3 * 1000 * 1000);
5825 -+ if (ret == 0)
5826 -+ return 0;
5827 -+
5828 - xhci_err(xhci, "Stopped the command ring failed, "
5829 - "maybe the host is dead\n");
5830 - xhci->xhc_state |= XHCI_STATE_DYING;
5831 -@@ -3041,9 +3050,11 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5832 - struct xhci_td *td;
5833 - struct scatterlist *sg;
5834 - int num_sgs;
5835 -- int trb_buff_len, this_sg_len, running_total;
5836 -+ int trb_buff_len, this_sg_len, running_total, ret;
5837 - unsigned int total_packet_count;
5838 -+ bool zero_length_needed;
5839 - bool first_trb;
5840 -+ int last_trb_num;
5841 - u64 addr;
5842 - bool more_trbs_coming;
5843 -
5844 -@@ -3059,13 +3070,27 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5845 - total_packet_count = DIV_ROUND_UP(urb->transfer_buffer_length,
5846 - usb_endpoint_maxp(&urb->ep->desc));
5847 -
5848 -- trb_buff_len = prepare_transfer(xhci, xhci->devs[slot_id],
5849 -+ ret = prepare_transfer(xhci, xhci->devs[slot_id],
5850 - ep_index, urb->stream_id,
5851 - num_trbs, urb, 0, mem_flags);
5852 -- if (trb_buff_len < 0)
5853 -- return trb_buff_len;
5854 -+ if (ret < 0)
5855 -+ return ret;
5856 -
5857 - urb_priv = urb->hcpriv;
5858 -+
5859 -+ /* Deal with URB_ZERO_PACKET - need one more td/trb */
5860 -+ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET &&
5861 -+ urb_priv->length == 2;
5862 -+ if (zero_length_needed) {
5863 -+ num_trbs++;
5864 -+ xhci_dbg(xhci, "Creating zero length td.\n");
5865 -+ ret = prepare_transfer(xhci, xhci->devs[slot_id],
5866 -+ ep_index, urb->stream_id,
5867 -+ 1, urb, 1, mem_flags);
5868 -+ if (ret < 0)
5869 -+ return ret;
5870 -+ }
5871 -+
5872 - td = urb_priv->td[0];
5873 -
5874 - /*
5875 -@@ -3095,6 +3120,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5876 - trb_buff_len = urb->transfer_buffer_length;
5877 -
5878 - first_trb = true;
5879 -+ last_trb_num = zero_length_needed ? 2 : 1;
5880 - /* Queue the first TRB, even if it's zero-length */
5881 - do {
5882 - u32 field = 0;
5883 -@@ -3112,12 +3138,15 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5884 - /* Chain all the TRBs together; clear the chain bit in the last
5885 - * TRB to indicate it's the last TRB in the chain.
5886 - */
5887 -- if (num_trbs > 1) {
5888 -+ if (num_trbs > last_trb_num) {
5889 - field |= TRB_CHAIN;
5890 -- } else {
5891 -- /* FIXME - add check for ZERO_PACKET flag before this */
5892 -+ } else if (num_trbs == last_trb_num) {
5893 - td->last_trb = ep_ring->enqueue;
5894 - field |= TRB_IOC;
5895 -+ } else if (zero_length_needed && num_trbs == 1) {
5896 -+ trb_buff_len = 0;
5897 -+ urb_priv->td[1]->last_trb = ep_ring->enqueue;
5898 -+ field |= TRB_IOC;
5899 - }
5900 -
5901 - /* Only set interrupt on short packet for IN endpoints */
5902 -@@ -3179,7 +3208,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5903 - if (running_total + trb_buff_len > urb->transfer_buffer_length)
5904 - trb_buff_len =
5905 - urb->transfer_buffer_length - running_total;
5906 -- } while (running_total < urb->transfer_buffer_length);
5907 -+ } while (num_trbs > 0);
5908 -
5909 - check_trb_math(urb, num_trbs, running_total);
5910 - giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id,
5911 -@@ -3197,7 +3226,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5912 - int num_trbs;
5913 - struct xhci_generic_trb *start_trb;
5914 - bool first_trb;
5915 -+ int last_trb_num;
5916 - bool more_trbs_coming;
5917 -+ bool zero_length_needed;
5918 - int start_cycle;
5919 - u32 field, length_field;
5920 -
5921 -@@ -3228,7 +3259,6 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5922 - num_trbs++;
5923 - running_total += TRB_MAX_BUFF_SIZE;
5924 - }
5925 -- /* FIXME: this doesn't deal with URB_ZERO_PACKET - need one more */
5926 -
5927 - ret = prepare_transfer(xhci, xhci->devs[slot_id],
5928 - ep_index, urb->stream_id,
5929 -@@ -3237,6 +3267,20 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5930 - return ret;
5931 -
5932 - urb_priv = urb->hcpriv;
5933 -+
5934 -+ /* Deal with URB_ZERO_PACKET - need one more td/trb */
5935 -+ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET &&
5936 -+ urb_priv->length == 2;
5937 -+ if (zero_length_needed) {
5938 -+ num_trbs++;
5939 -+ xhci_dbg(xhci, "Creating zero length td.\n");
5940 -+ ret = prepare_transfer(xhci, xhci->devs[slot_id],
5941 -+ ep_index, urb->stream_id,
5942 -+ 1, urb, 1, mem_flags);
5943 -+ if (ret < 0)
5944 -+ return ret;
5945 -+ }
5946 -+
5947 - td = urb_priv->td[0];
5948 -
5949 - /*
5950 -@@ -3258,7 +3302,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5951 - trb_buff_len = urb->transfer_buffer_length;
5952 -
5953 - first_trb = true;
5954 --
5955 -+ last_trb_num = zero_length_needed ? 2 : 1;
5956 - /* Queue the first TRB, even if it's zero-length */
5957 - do {
5958 - u32 remainder = 0;
5959 -@@ -3275,12 +3319,15 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5960 - /* Chain all the TRBs together; clear the chain bit in the last
5961 - * TRB to indicate it's the last TRB in the chain.
5962 - */
5963 -- if (num_trbs > 1) {
5964 -+ if (num_trbs > last_trb_num) {
5965 - field |= TRB_CHAIN;
5966 -- } else {
5967 -- /* FIXME - add check for ZERO_PACKET flag before this */
5968 -+ } else if (num_trbs == last_trb_num) {
5969 - td->last_trb = ep_ring->enqueue;
5970 - field |= TRB_IOC;
5971 -+ } else if (zero_length_needed && num_trbs == 1) {
5972 -+ trb_buff_len = 0;
5973 -+ urb_priv->td[1]->last_trb = ep_ring->enqueue;
5974 -+ field |= TRB_IOC;
5975 - }
5976 -
5977 - /* Only set interrupt on short packet for IN endpoints */
5978 -@@ -3318,7 +3365,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5979 - trb_buff_len = urb->transfer_buffer_length - running_total;
5980 - if (trb_buff_len > TRB_MAX_BUFF_SIZE)
5981 - trb_buff_len = TRB_MAX_BUFF_SIZE;
5982 -- } while (running_total < urb->transfer_buffer_length);
5983 -+ } while (num_trbs > 0);
5984 -
5985 - check_trb_math(urb, num_trbs, running_total);
5986 - giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id,
5987 -@@ -3385,8 +3432,8 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
5988 - if (start_cycle == 0)
5989 - field |= 0x1;
5990 -
5991 -- /* xHCI 1.0 6.4.1.2.1: Transfer Type field */
5992 -- if (xhci->hci_version == 0x100) {
5993 -+ /* xHCI 1.0/1.1 6.4.1.2.1: Transfer Type field */
5994 -+ if (xhci->hci_version >= 0x100) {
5995 - if (urb->transfer_buffer_length > 0) {
5996 - if (setup->bRequestType & USB_DIR_IN)
5997 - field |= TRB_TX_TYPE(TRB_DATA_IN);
5998 -diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
5999 -index 526ebc0..d7b9f484 100644
6000 ---- a/drivers/usb/host/xhci.c
6001 -+++ b/drivers/usb/host/xhci.c
6002 -@@ -146,7 +146,8 @@ static int xhci_start(struct xhci_hcd *xhci)
6003 - "waited %u microseconds.\n",
6004 - XHCI_MAX_HALT_USEC);
6005 - if (!ret)
6006 -- xhci->xhc_state &= ~XHCI_STATE_HALTED;
6007 -+ xhci->xhc_state &= ~(XHCI_STATE_HALTED | XHCI_STATE_DYING);
6008 -+
6009 - return ret;
6010 - }
6011 -
6012 -@@ -654,15 +655,6 @@ int xhci_run(struct usb_hcd *hcd)
6013 - }
6014 - EXPORT_SYMBOL_GPL(xhci_run);
6015 -
6016 --static void xhci_only_stop_hcd(struct usb_hcd *hcd)
6017 --{
6018 -- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
6019 --
6020 -- spin_lock_irq(&xhci->lock);
6021 -- xhci_halt(xhci);
6022 -- spin_unlock_irq(&xhci->lock);
6023 --}
6024 --
6025 - /*
6026 - * Stop xHCI driver.
6027 - *
6028 -@@ -677,12 +669,14 @@ void xhci_stop(struct usb_hcd *hcd)
6029 - u32 temp;
6030 - struct xhci_hcd *xhci = hcd_to_xhci(hcd);
6031 -
6032 -- if (!usb_hcd_is_primary_hcd(hcd)) {
6033 -- xhci_only_stop_hcd(xhci->shared_hcd);
6034 -+ if (xhci->xhc_state & XHCI_STATE_HALTED)
6035 - return;
6036 -- }
6037 -
6038 -+ mutex_lock(&xhci->mutex);
6039 - spin_lock_irq(&xhci->lock);
6040 -+ xhci->xhc_state |= XHCI_STATE_HALTED;
6041 -+ xhci->cmd_ring_state = CMD_RING_STATE_STOPPED;
6042 -+
6043 - /* Make sure the xHC is halted for a USB3 roothub
6044 - * (xhci_stop() could be called as part of failed init).
6045 - */
6046 -@@ -717,6 +711,7 @@ void xhci_stop(struct usb_hcd *hcd)
6047 - xhci_dbg_trace(xhci, trace_xhci_dbg_init,
6048 - "xhci_stop completed - status = %x",
6049 - readl(&xhci->op_regs->status));
6050 -+ mutex_unlock(&xhci->mutex);
6051 - }
6052 -
6053 - /*
6054 -@@ -1340,6 +1335,11 @@ int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flags)
6055 -
6056 - if (usb_endpoint_xfer_isoc(&urb->ep->desc))
6057 - size = urb->number_of_packets;
6058 -+ else if (usb_endpoint_is_bulk_out(&urb->ep->desc) &&
6059 -+ urb->transfer_buffer_length > 0 &&
6060 -+ urb->transfer_flags & URB_ZERO_PACKET &&
6061 -+ !(urb->transfer_buffer_length % usb_endpoint_maxp(&urb->ep->desc)))
6062 -+ size = 2;
6063 - else
6064 - size = 1;
6065 -
6066 -@@ -3788,6 +3788,9 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
6067 -
6068 - mutex_lock(&xhci->mutex);
6069 -
6070 -+ if (xhci->xhc_state) /* dying or halted */
6071 -+ goto out;
6072 -+
6073 - if (!udev->slot_id) {
6074 - xhci_dbg_trace(xhci, trace_xhci_dbg_address,
6075 - "Bad Slot ID %d", udev->slot_id);
6076 -diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c
6077 -index 3ad5d19..23c7948 100644
6078 ---- a/drivers/usb/misc/chaoskey.c
6079 -+++ b/drivers/usb/misc/chaoskey.c
6080 -@@ -472,7 +472,7 @@ static int chaoskey_rng_read(struct hwrng *rng, void *data,
6081 - if (this_time > max)
6082 - this_time = max;
6083 -
6084 -- memcpy(data, dev->buf, this_time);
6085 -+ memcpy(data, dev->buf + dev->used, this_time);
6086 -
6087 - dev->used += this_time;
6088 -
6089 -diff --git a/drivers/usb/musb/musb_cppi41.c b/drivers/usb/musb/musb_cppi41.c
6090 -index 4d1b44c..d07cafb 100644
6091 ---- a/drivers/usb/musb/musb_cppi41.c
6092 -+++ b/drivers/usb/musb/musb_cppi41.c
6093 -@@ -614,7 +614,7 @@ static int cppi41_dma_controller_start(struct cppi41_dma_controller *controller)
6094 - {
6095 - struct musb *musb = controller->musb;
6096 - struct device *dev = musb->controller;
6097 -- struct device_node *np = dev->of_node;
6098 -+ struct device_node *np = dev->parent->of_node;
6099 - struct cppi41_dma_channel *cppi41_channel;
6100 - int count;
6101 - int i;
6102 -@@ -664,7 +664,7 @@ static int cppi41_dma_controller_start(struct cppi41_dma_controller *controller)
6103 - musb_dma->status = MUSB_DMA_STATUS_FREE;
6104 - musb_dma->max_len = SZ_4M;
6105 -
6106 -- dc = dma_request_slave_channel(dev, str);
6107 -+ dc = dma_request_slave_channel(dev->parent, str);
6108 - if (!dc) {
6109 - dev_err(dev, "Failed to request %s.\n", str);
6110 - ret = -EPROBE_DEFER;
6111 -@@ -695,7 +695,7 @@ cppi41_dma_controller_create(struct musb *musb, void __iomem *base)
6112 - struct cppi41_dma_controller *controller;
6113 - int ret = 0;
6114 -
6115 -- if (!musb->controller->of_node) {
6116 -+ if (!musb->controller->parent->of_node) {
6117 - dev_err(musb->controller, "Need DT for the DMA engine.\n");
6118 - return NULL;
6119 - }
6120 -diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
6121 -index 1334a3d..67325ec 100644
6122 ---- a/drivers/usb/musb/musb_dsps.c
6123 -+++ b/drivers/usb/musb/musb_dsps.c
6124 -@@ -225,8 +225,11 @@ static void dsps_musb_enable(struct musb *musb)
6125 -
6126 - dsps_writel(reg_base, wrp->epintr_set, epmask);
6127 - dsps_writel(reg_base, wrp->coreintr_set, coremask);
6128 -- /* start polling for ID change. */
6129 -- mod_timer(&glue->timer, jiffies + msecs_to_jiffies(wrp->poll_timeout));
6130 -+ /* start polling for ID change in dual-role idle mode */
6131 -+ if (musb->xceiv->otg->state == OTG_STATE_B_IDLE &&
6132 -+ musb->port_mode == MUSB_PORT_MODE_DUAL_ROLE)
6133 -+ mod_timer(&glue->timer, jiffies +
6134 -+ msecs_to_jiffies(wrp->poll_timeout));
6135 - dsps_musb_try_idle(musb, 0);
6136 - }
6137 -
6138 -diff --git a/drivers/usb/phy/phy-generic.c b/drivers/usb/phy/phy-generic.c
6139 -index deee68e..0cd85f2 100644
6140 ---- a/drivers/usb/phy/phy-generic.c
6141 -+++ b/drivers/usb/phy/phy-generic.c
6142 -@@ -230,7 +230,8 @@ int usb_phy_gen_create_phy(struct device *dev, struct usb_phy_generic *nop,
6143 - clk_rate = pdata->clk_rate;
6144 - needs_vcc = pdata->needs_vcc;
6145 - if (gpio_is_valid(pdata->gpio_reset)) {
6146 -- err = devm_gpio_request_one(dev, pdata->gpio_reset, 0,
6147 -+ err = devm_gpio_request_one(dev, pdata->gpio_reset,
6148 -+ GPIOF_ACTIVE_LOW,
6149 - dev_name(dev));
6150 - if (!err)
6151 - nop->gpiod_reset =
6152 -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
6153 -index 876423b..7c8eb4c 100644
6154 ---- a/drivers/usb/serial/option.c
6155 -+++ b/drivers/usb/serial/option.c
6156 -@@ -278,6 +278,10 @@ static void option_instat_callback(struct urb *urb);
6157 - #define ZTE_PRODUCT_MF622 0x0001
6158 - #define ZTE_PRODUCT_MF628 0x0015
6159 - #define ZTE_PRODUCT_MF626 0x0031
6160 -+#define ZTE_PRODUCT_ZM8620_X 0x0396
6161 -+#define ZTE_PRODUCT_ME3620_MBIM 0x0426
6162 -+#define ZTE_PRODUCT_ME3620_X 0x1432
6163 -+#define ZTE_PRODUCT_ME3620_L 0x1433
6164 - #define ZTE_PRODUCT_AC2726 0xfff1
6165 - #define ZTE_PRODUCT_MG880 0xfffd
6166 - #define ZTE_PRODUCT_CDMA_TECH 0xfffe
6167 -@@ -544,6 +548,18 @@ static const struct option_blacklist_info zte_mc2716_z_blacklist = {
6168 - .sendsetup = BIT(1) | BIT(2) | BIT(3),
6169 - };
6170 -
6171 -+static const struct option_blacklist_info zte_me3620_mbim_blacklist = {
6172 -+ .reserved = BIT(2) | BIT(3) | BIT(4),
6173 -+};
6174 -+
6175 -+static const struct option_blacklist_info zte_me3620_xl_blacklist = {
6176 -+ .reserved = BIT(3) | BIT(4) | BIT(5),
6177 -+};
6178 -+
6179 -+static const struct option_blacklist_info zte_zm8620_x_blacklist = {
6180 -+ .reserved = BIT(3) | BIT(4) | BIT(5),
6181 -+};
6182 -+
6183 - static const struct option_blacklist_info huawei_cdc12_blacklist = {
6184 - .reserved = BIT(1) | BIT(2),
6185 - };
6186 -@@ -1591,6 +1607,14 @@ static const struct usb_device_id option_ids[] = {
6187 - .driver_info = (kernel_ulong_t)&zte_ad3812_z_blacklist },
6188 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MC2716, 0xff, 0xff, 0xff),
6189 - .driver_info = (kernel_ulong_t)&zte_mc2716_z_blacklist },
6190 -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_L),
6191 -+ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist },
6192 -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_MBIM),
6193 -+ .driver_info = (kernel_ulong_t)&zte_me3620_mbim_blacklist },
6194 -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_X),
6195 -+ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist },
6196 -+ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ZM8620_X),
6197 -+ .driver_info = (kernel_ulong_t)&zte_zm8620_x_blacklist },
6198 - { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x01) },
6199 - { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x05) },
6200 - { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x86, 0x10) },
6201 -diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
6202 -index 6c3734d..d3ea90b 100644
6203 ---- a/drivers/usb/serial/whiteheat.c
6204 -+++ b/drivers/usb/serial/whiteheat.c
6205 -@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(struct usb_serial *serial,
6206 - static int whiteheat_firmware_attach(struct usb_serial *serial);
6207 -
6208 - /* function prototypes for the Connect Tech WhiteHEAT serial converter */
6209 -+static int whiteheat_probe(struct usb_serial *serial,
6210 -+ const struct usb_device_id *id);
6211 - static int whiteheat_attach(struct usb_serial *serial);
6212 - static void whiteheat_release(struct usb_serial *serial);
6213 - static int whiteheat_port_probe(struct usb_serial_port *port);
6214 -@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = {
6215 - .description = "Connect Tech - WhiteHEAT",
6216 - .id_table = id_table_std,
6217 - .num_ports = 4,
6218 -+ .probe = whiteheat_probe,
6219 - .attach = whiteheat_attach,
6220 - .release = whiteheat_release,
6221 - .port_probe = whiteheat_port_probe,
6222 -@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
6223 - /*****************************************************************************
6224 - * Connect Tech's White Heat serial driver functions
6225 - *****************************************************************************/
6226 -+
6227 -+static int whiteheat_probe(struct usb_serial *serial,
6228 -+ const struct usb_device_id *id)
6229 -+{
6230 -+ struct usb_host_interface *iface_desc;
6231 -+ struct usb_endpoint_descriptor *endpoint;
6232 -+ size_t num_bulk_in = 0;
6233 -+ size_t num_bulk_out = 0;
6234 -+ size_t min_num_bulk;
6235 -+ unsigned int i;
6236 -+
6237 -+ iface_desc = serial->interface->cur_altsetting;
6238 -+
6239 -+ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
6240 -+ endpoint = &iface_desc->endpoint[i].desc;
6241 -+ if (usb_endpoint_is_bulk_in(endpoint))
6242 -+ ++num_bulk_in;
6243 -+ if (usb_endpoint_is_bulk_out(endpoint))
6244 -+ ++num_bulk_out;
6245 -+ }
6246 -+
6247 -+ min_num_bulk = COMMAND_PORT + 1;
6248 -+ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
6249 -+ return -ENODEV;
6250 -+
6251 -+ return 0;
6252 -+}
6253 -+
6254 - static int whiteheat_attach(struct usb_serial *serial)
6255 - {
6256 - struct usb_serial_port *command_port;
6257 -diff --git a/drivers/watchdog/imgpdc_wdt.c b/drivers/watchdog/imgpdc_wdt.c
6258 -index 0f73621..15ab072 100644
6259 ---- a/drivers/watchdog/imgpdc_wdt.c
6260 -+++ b/drivers/watchdog/imgpdc_wdt.c
6261 -@@ -316,6 +316,7 @@ static int pdc_wdt_remove(struct platform_device *pdev)
6262 - {
6263 - struct pdc_wdt_dev *pdc_wdt = platform_get_drvdata(pdev);
6264 -
6265 -+ unregister_restart_handler(&pdc_wdt->restart_handler);
6266 - pdc_wdt_stop(&pdc_wdt->wdt_dev);
6267 - watchdog_unregister_device(&pdc_wdt->wdt_dev);
6268 - clk_disable_unprepare(pdc_wdt->wdt_clk);
6269 -diff --git a/drivers/watchdog/sunxi_wdt.c b/drivers/watchdog/sunxi_wdt.c
6270 -index a29afb3..47bd8a1 100644
6271 ---- a/drivers/watchdog/sunxi_wdt.c
6272 -+++ b/drivers/watchdog/sunxi_wdt.c
6273 -@@ -184,7 +184,7 @@ static int sunxi_wdt_start(struct watchdog_device *wdt_dev)
6274 - /* Set system reset function */
6275 - reg = readl(wdt_base + regs->wdt_cfg);
6276 - reg &= ~(regs->wdt_reset_mask);
6277 -- reg |= ~(regs->wdt_reset_val);
6278 -+ reg |= regs->wdt_reset_val;
6279 - writel(reg, wdt_base + regs->wdt_cfg);
6280 -
6281 - /* Enable watchdog */
6282 -diff --git a/drivers/xen/preempt.c b/drivers/xen/preempt.c
6283 -index a1800c1..08cb419 100644
6284 ---- a/drivers/xen/preempt.c
6285 -+++ b/drivers/xen/preempt.c
6286 -@@ -31,7 +31,7 @@ EXPORT_SYMBOL_GPL(xen_in_preemptible_hcall);
6287 - asmlinkage __visible void xen_maybe_preempt_hcall(void)
6288 - {
6289 - if (unlikely(__this_cpu_read(xen_in_preemptible_hcall)
6290 -- && should_resched())) {
6291 -+ && need_resched())) {
6292 - /*
6293 - * Clear flag as we may be rescheduled on a different
6294 - * cpu.
6295 -diff --git a/fs/block_dev.c b/fs/block_dev.c
6296 -index 1982437..1170f8c 100644
6297 ---- a/fs/block_dev.c
6298 -+++ b/fs/block_dev.c
6299 -@@ -1241,6 +1241,13 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part)
6300 - goto out_clear;
6301 - }
6302 - bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9);
6303 -+ /*
6304 -+ * If the partition is not aligned on a page
6305 -+ * boundary, we can't do dax I/O to it.
6306 -+ */
6307 -+ if ((bdev->bd_part->start_sect % (PAGE_SIZE / 512)) ||
6308 -+ (bdev->bd_part->nr_sects % (PAGE_SIZE / 512)))
6309 -+ bdev->bd_inode->i_flags &= ~S_DAX;
6310 - }
6311 - } else {
6312 - if (bdev->bd_contains == bdev) {
6313 -diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
6314 -index 02d0581..3fc4fec 100644
6315 ---- a/fs/btrfs/extent_io.c
6316 -+++ b/fs/btrfs/extent_io.c
6317 -@@ -2798,7 +2798,8 @@ static int submit_extent_page(int rw, struct extent_io_tree *tree,
6318 - bio_end_io_t end_io_func,
6319 - int mirror_num,
6320 - unsigned long prev_bio_flags,
6321 -- unsigned long bio_flags)
6322 -+ unsigned long bio_flags,
6323 -+ bool force_bio_submit)
6324 - {
6325 - int ret = 0;
6326 - struct bio *bio;
6327 -@@ -2816,6 +2817,7 @@ static int submit_extent_page(int rw, struct extent_io_tree *tree,
6328 - contig = bio_end_sector(bio) == sector;
6329 -
6330 - if (prev_bio_flags != bio_flags || !contig ||
6331 -+ force_bio_submit ||
6332 - merge_bio(rw, tree, page, offset, page_size, bio, bio_flags) ||
6333 - bio_add_page(bio, page, page_size, offset) < page_size) {
6334 - ret = submit_one_bio(rw, bio, mirror_num,
6335 -@@ -2909,7 +2911,8 @@ static int __do_readpage(struct extent_io_tree *tree,
6336 - get_extent_t *get_extent,
6337 - struct extent_map **em_cached,
6338 - struct bio **bio, int mirror_num,
6339 -- unsigned long *bio_flags, int rw)
6340 -+ unsigned long *bio_flags, int rw,
6341 -+ u64 *prev_em_start)
6342 - {
6343 - struct inode *inode = page->mapping->host;
6344 - u64 start = page_offset(page);
6345 -@@ -2957,6 +2960,7 @@ static int __do_readpage(struct extent_io_tree *tree,
6346 - }
6347 - while (cur <= end) {
6348 - unsigned long pnr = (last_byte >> PAGE_CACHE_SHIFT) + 1;
6349 -+ bool force_bio_submit = false;
6350 -
6351 - if (cur >= last_byte) {
6352 - char *userpage;
6353 -@@ -3007,6 +3011,49 @@ static int __do_readpage(struct extent_io_tree *tree,
6354 - block_start = em->block_start;
6355 - if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags))
6356 - block_start = EXTENT_MAP_HOLE;
6357 -+
6358 -+ /*
6359 -+ * If we have a file range that points to a compressed extent
6360 -+ * and it's followed by a consecutive file range that points to
6361 -+ * to the same compressed extent (possibly with a different
6362 -+ * offset and/or length, so it either points to the whole extent
6363 -+ * or only part of it), we must make sure we do not submit a
6364 -+ * single bio to populate the pages for the 2 ranges because
6365 -+ * this makes the compressed extent read zero out the pages
6366 -+ * belonging to the 2nd range. Imagine the following scenario:
6367 -+ *
6368 -+ * File layout
6369 -+ * [0 - 8K] [8K - 24K]
6370 -+ * | |
6371 -+ * | |
6372 -+ * points to extent X, points to extent X,
6373 -+ * offset 4K, length of 8K offset 0, length 16K
6374 -+ *
6375 -+ * [extent X, compressed length = 4K uncompressed length = 16K]
6376 -+ *
6377 -+ * If the bio to read the compressed extent covers both ranges,
6378 -+ * it will decompress extent X into the pages belonging to the
6379 -+ * first range and then it will stop, zeroing out the remaining
6380 -+ * pages that belong to the other range that points to extent X.
6381 -+ * So here we make sure we submit 2 bios, one for the first
6382 -+ * range and another one for the third range. Both will target
6383 -+ * the same physical extent from disk, but we can't currently
6384 -+ * make the compressed bio endio callback populate the pages
6385 -+ * for both ranges because each compressed bio is tightly
6386 -+ * coupled with a single extent map, and each range can have
6387 -+ * an extent map with a different offset value relative to the
6388 -+ * uncompressed data of our extent and different lengths. This
6389 -+ * is a corner case so we prioritize correctness over
6390 -+ * non-optimal behavior (submitting 2 bios for the same extent).
6391 -+ */
6392 -+ if (test_bit(EXTENT_FLAG_COMPRESSED, &em->flags) &&
6393 -+ prev_em_start && *prev_em_start != (u64)-1 &&
6394 -+ *prev_em_start != em->orig_start)
6395 -+ force_bio_submit = true;
6396 -+
6397 -+ if (prev_em_start)
6398 -+ *prev_em_start = em->orig_start;
6399 -+
6400 - free_extent_map(em);
6401 - em = NULL;
6402 -
6403 -@@ -3056,7 +3103,8 @@ static int __do_readpage(struct extent_io_tree *tree,
6404 - bdev, bio, pnr,
6405 - end_bio_extent_readpage, mirror_num,
6406 - *bio_flags,
6407 -- this_bio_flag);
6408 -+ this_bio_flag,
6409 -+ force_bio_submit);
6410 - if (!ret) {
6411 - nr++;
6412 - *bio_flags = this_bio_flag;
6413 -@@ -3083,7 +3131,8 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree,
6414 - get_extent_t *get_extent,
6415 - struct extent_map **em_cached,
6416 - struct bio **bio, int mirror_num,
6417 -- unsigned long *bio_flags, int rw)
6418 -+ unsigned long *bio_flags, int rw,
6419 -+ u64 *prev_em_start)
6420 - {
6421 - struct inode *inode;
6422 - struct btrfs_ordered_extent *ordered;
6423 -@@ -3103,7 +3152,7 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree,
6424 -
6425 - for (index = 0; index < nr_pages; index++) {
6426 - __do_readpage(tree, pages[index], get_extent, em_cached, bio,
6427 -- mirror_num, bio_flags, rw);
6428 -+ mirror_num, bio_flags, rw, prev_em_start);
6429 - page_cache_release(pages[index]);
6430 - }
6431 - }
6432 -@@ -3113,7 +3162,8 @@ static void __extent_readpages(struct extent_io_tree *tree,
6433 - int nr_pages, get_extent_t *get_extent,
6434 - struct extent_map **em_cached,
6435 - struct bio **bio, int mirror_num,
6436 -- unsigned long *bio_flags, int rw)
6437 -+ unsigned long *bio_flags, int rw,
6438 -+ u64 *prev_em_start)
6439 - {
6440 - u64 start = 0;
6441 - u64 end = 0;
6442 -@@ -3134,7 +3184,7 @@ static void __extent_readpages(struct extent_io_tree *tree,
6443 - index - first_index, start,
6444 - end, get_extent, em_cached,
6445 - bio, mirror_num, bio_flags,
6446 -- rw);
6447 -+ rw, prev_em_start);
6448 - start = page_start;
6449 - end = start + PAGE_CACHE_SIZE - 1;
6450 - first_index = index;
6451 -@@ -3145,7 +3195,8 @@ static void __extent_readpages(struct extent_io_tree *tree,
6452 - __do_contiguous_readpages(tree, &pages[first_index],
6453 - index - first_index, start,
6454 - end, get_extent, em_cached, bio,
6455 -- mirror_num, bio_flags, rw);
6456 -+ mirror_num, bio_flags, rw,
6457 -+ prev_em_start);
6458 - }
6459 -
6460 - static int __extent_read_full_page(struct extent_io_tree *tree,
6461 -@@ -3171,7 +3222,7 @@ static int __extent_read_full_page(struct extent_io_tree *tree,
6462 - }
6463 -
6464 - ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num,
6465 -- bio_flags, rw);
6466 -+ bio_flags, rw, NULL);
6467 - return ret;
6468 - }
6469 -
6470 -@@ -3197,7 +3248,7 @@ int extent_read_full_page_nolock(struct extent_io_tree *tree, struct page *page,
6471 - int ret;
6472 -
6473 - ret = __do_readpage(tree, page, get_extent, NULL, &bio, mirror_num,
6474 -- &bio_flags, READ);
6475 -+ &bio_flags, READ, NULL);
6476 - if (bio)
6477 - ret = submit_one_bio(READ, bio, mirror_num, bio_flags);
6478 - return ret;
6479 -@@ -3450,7 +3501,7 @@ static noinline_for_stack int __extent_writepage_io(struct inode *inode,
6480 - sector, iosize, pg_offset,
6481 - bdev, &epd->bio, max_nr,
6482 - end_bio_extent_writepage,
6483 -- 0, 0, 0);
6484 -+ 0, 0, 0, false);
6485 - if (ret)
6486 - SetPageError(page);
6487 - }
6488 -@@ -3752,7 +3803,7 @@ static noinline_for_stack int write_one_eb(struct extent_buffer *eb,
6489 - ret = submit_extent_page(rw, tree, p, offset >> 9,
6490 - PAGE_CACHE_SIZE, 0, bdev, &epd->bio,
6491 - -1, end_bio_extent_buffer_writepage,
6492 -- 0, epd->bio_flags, bio_flags);
6493 -+ 0, epd->bio_flags, bio_flags, false);
6494 - epd->bio_flags = bio_flags;
6495 - if (ret) {
6496 - set_btree_ioerr(p);
6497 -@@ -4156,6 +4207,7 @@ int extent_readpages(struct extent_io_tree *tree,
6498 - struct page *page;
6499 - struct extent_map *em_cached = NULL;
6500 - int nr = 0;
6501 -+ u64 prev_em_start = (u64)-1;
6502 -
6503 - for (page_idx = 0; page_idx < nr_pages; page_idx++) {
6504 - page = list_entry(pages->prev, struct page, lru);
6505 -@@ -4172,12 +4224,12 @@ int extent_readpages(struct extent_io_tree *tree,
6506 - if (nr < ARRAY_SIZE(pagepool))
6507 - continue;
6508 - __extent_readpages(tree, pagepool, nr, get_extent, &em_cached,
6509 -- &bio, 0, &bio_flags, READ);
6510 -+ &bio, 0, &bio_flags, READ, &prev_em_start);
6511 - nr = 0;
6512 - }
6513 - if (nr)
6514 - __extent_readpages(tree, pagepool, nr, get_extent, &em_cached,
6515 -- &bio, 0, &bio_flags, READ);
6516 -+ &bio, 0, &bio_flags, READ, &prev_em_start);
6517 -
6518 - if (em_cached)
6519 - free_extent_map(em_cached);
6520 -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
6521 -index e33dff3..b54e630 100644
6522 ---- a/fs/btrfs/inode.c
6523 -+++ b/fs/btrfs/inode.c
6524 -@@ -5051,7 +5051,8 @@ void btrfs_evict_inode(struct inode *inode)
6525 - goto no_delete;
6526 - }
6527 - /* do we really want it for ->i_nlink > 0 and zero btrfs_root_refs? */
6528 -- btrfs_wait_ordered_range(inode, 0, (u64)-1);
6529 -+ if (!special_file(inode->i_mode))
6530 -+ btrfs_wait_ordered_range(inode, 0, (u64)-1);
6531 -
6532 - btrfs_free_io_failure_record(inode, 0, (u64)-1);
6533 -
6534 -diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
6535 -index aa0dc25..afa09fc 100644
6536 ---- a/fs/cifs/cifsencrypt.c
6537 -+++ b/fs/cifs/cifsencrypt.c
6538 -@@ -444,6 +444,48 @@ find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp)
6539 - return 0;
6540 - }
6541 -
6542 -+/* Server has provided av pairs/target info in the type 2 challenge
6543 -+ * packet and we have plucked it and stored within smb session.
6544 -+ * We parse that blob here to find the server given timestamp
6545 -+ * as part of ntlmv2 authentication (or local current time as
6546 -+ * default in case of failure)
6547 -+ */
6548 -+static __le64
6549 -+find_timestamp(struct cifs_ses *ses)
6550 -+{
6551 -+ unsigned int attrsize;
6552 -+ unsigned int type;
6553 -+ unsigned int onesize = sizeof(struct ntlmssp2_name);
6554 -+ unsigned char *blobptr;
6555 -+ unsigned char *blobend;
6556 -+ struct ntlmssp2_name *attrptr;
6557 -+
6558 -+ if (!ses->auth_key.len || !ses->auth_key.response)
6559 -+ return 0;
6560 -+
6561 -+ blobptr = ses->auth_key.response;
6562 -+ blobend = blobptr + ses->auth_key.len;
6563 -+
6564 -+ while (blobptr + onesize < blobend) {
6565 -+ attrptr = (struct ntlmssp2_name *) blobptr;
6566 -+ type = le16_to_cpu(attrptr->type);
6567 -+ if (type == NTLMSSP_AV_EOL)
6568 -+ break;
6569 -+ blobptr += 2; /* advance attr type */
6570 -+ attrsize = le16_to_cpu(attrptr->length);
6571 -+ blobptr += 2; /* advance attr size */
6572 -+ if (blobptr + attrsize > blobend)
6573 -+ break;
6574 -+ if (type == NTLMSSP_AV_TIMESTAMP) {
6575 -+ if (attrsize == sizeof(u64))
6576 -+ return *((__le64 *)blobptr);
6577 -+ }
6578 -+ blobptr += attrsize; /* advance attr value */
6579 -+ }
6580 -+
6581 -+ return cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
6582 -+}
6583 -+
6584 - static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
6585 - const struct nls_table *nls_cp)
6586 - {
6587 -@@ -641,6 +683,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
6588 - struct ntlmv2_resp *ntlmv2;
6589 - char ntlmv2_hash[16];
6590 - unsigned char *tiblob = NULL; /* target info blob */
6591 -+ __le64 rsp_timestamp;
6592 -
6593 - if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
6594 - if (!ses->domainName) {
6595 -@@ -659,6 +702,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
6596 - }
6597 - }
6598 -
6599 -+ /* Must be within 5 minutes of the server (or in range +/-2h
6600 -+ * in case of Mac OS X), so simply carry over server timestamp
6601 -+ * (as Windows 7 does)
6602 -+ */
6603 -+ rsp_timestamp = find_timestamp(ses);
6604 -+
6605 - baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
6606 - tilen = ses->auth_key.len;
6607 - tiblob = ses->auth_key.response;
6608 -@@ -675,8 +724,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
6609 - (ses->auth_key.response + CIFS_SESS_KEY_SIZE);
6610 - ntlmv2->blob_signature = cpu_to_le32(0x00000101);
6611 - ntlmv2->reserved = 0;
6612 -- /* Must be within 5 minutes of the server */
6613 -- ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
6614 -+ ntlmv2->time = rsp_timestamp;
6615 -+
6616 - get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
6617 - ntlmv2->reserved2 = 0;
6618 -
6619 -diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
6620 -index f621b44..6b66dd5 100644
6621 ---- a/fs/cifs/inode.c
6622 -+++ b/fs/cifs/inode.c
6623 -@@ -2034,7 +2034,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
6624 - struct tcon_link *tlink = NULL;
6625 - struct cifs_tcon *tcon = NULL;
6626 - struct TCP_Server_Info *server;
6627 -- struct cifs_io_parms io_parms;
6628 -
6629 - /*
6630 - * To avoid spurious oplock breaks from server, in the case of
6631 -@@ -2056,18 +2055,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
6632 - rc = -ENOSYS;
6633 - cifsFileInfo_put(open_file);
6634 - cifs_dbg(FYI, "SetFSize for attrs rc = %d\n", rc);
6635 -- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) {
6636 -- unsigned int bytes_written;
6637 --
6638 -- io_parms.netfid = open_file->fid.netfid;
6639 -- io_parms.pid = open_file->pid;
6640 -- io_parms.tcon = tcon;
6641 -- io_parms.offset = 0;
6642 -- io_parms.length = attrs->ia_size;
6643 -- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written,
6644 -- NULL, NULL, 1);
6645 -- cifs_dbg(FYI, "Wrt seteof rc %d\n", rc);
6646 -- }
6647 - } else
6648 - rc = -EINVAL;
6649 -
6650 -@@ -2093,28 +2080,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
6651 - else
6652 - rc = -ENOSYS;
6653 - cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc);
6654 -- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) {
6655 -- __u16 netfid;
6656 -- int oplock = 0;
6657 -
6658 -- rc = SMBLegacyOpen(xid, tcon, full_path, FILE_OPEN,
6659 -- GENERIC_WRITE, CREATE_NOT_DIR, &netfid,
6660 -- &oplock, NULL, cifs_sb->local_nls,
6661 -- cifs_remap(cifs_sb));
6662 -- if (rc == 0) {
6663 -- unsigned int bytes_written;
6664 --
6665 -- io_parms.netfid = netfid;
6666 -- io_parms.pid = current->tgid;
6667 -- io_parms.tcon = tcon;
6668 -- io_parms.offset = 0;
6669 -- io_parms.length = attrs->ia_size;
6670 -- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, NULL,
6671 -- NULL, 1);
6672 -- cifs_dbg(FYI, "wrt seteof rc %d\n", rc);
6673 -- CIFSSMBClose(xid, tcon, netfid);
6674 -- }
6675 -- }
6676 - if (tlink)
6677 - cifs_put_tlink(tlink);
6678 -
6679 -diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
6680 -index df91bcf..18da19f 100644
6681 ---- a/fs/cifs/smb2ops.c
6682 -+++ b/fs/cifs/smb2ops.c
6683 -@@ -50,9 +50,13 @@ change_conf(struct TCP_Server_Info *server)
6684 - break;
6685 - default:
6686 - server->echoes = true;
6687 -- server->oplocks = true;
6688 -+ if (enable_oplocks) {
6689 -+ server->oplocks = true;
6690 -+ server->oplock_credits = 1;
6691 -+ } else
6692 -+ server->oplocks = false;
6693 -+
6694 - server->echo_credits = 1;
6695 -- server->oplock_credits = 1;
6696 - }
6697 - server->credits -= server->echo_credits + server->oplock_credits;
6698 - return 0;
6699 -diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
6700 -index b8b4f08..60dd831 100644
6701 ---- a/fs/cifs/smb2pdu.c
6702 -+++ b/fs/cifs/smb2pdu.c
6703 -@@ -46,6 +46,7 @@
6704 - #include "smb2status.h"
6705 - #include "smb2glob.h"
6706 - #include "cifspdu.h"
6707 -+#include "cifs_spnego.h"
6708 -
6709 - /*
6710 - * The following table defines the expected "StructureSize" of SMB2 requests
6711 -@@ -486,19 +487,15 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
6712 - cifs_dbg(FYI, "missing security blob on negprot\n");
6713 -
6714 - rc = cifs_enable_signing(server, ses->sign);
6715 --#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */
6716 - if (rc)
6717 - goto neg_exit;
6718 -- if (blob_length)
6719 -+ if (blob_length) {
6720 - rc = decode_negTokenInit(security_blob, blob_length, server);
6721 -- if (rc == 1)
6722 -- rc = 0;
6723 -- else if (rc == 0) {
6724 -- rc = -EIO;
6725 -- goto neg_exit;
6726 -+ if (rc == 1)
6727 -+ rc = 0;
6728 -+ else if (rc == 0)
6729 -+ rc = -EIO;
6730 - }
6731 --#endif
6732 --
6733 - neg_exit:
6734 - free_rsp_buf(resp_buftype, rsp);
6735 - return rc;
6736 -@@ -592,7 +589,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
6737 - __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
6738 - struct TCP_Server_Info *server = ses->server;
6739 - u16 blob_length = 0;
6740 -- char *security_blob;
6741 -+ struct key *spnego_key = NULL;
6742 -+ char *security_blob = NULL;
6743 - char *ntlmssp_blob = NULL;
6744 - bool use_spnego = false; /* else use raw ntlmssp */
6745 -
6746 -@@ -620,7 +618,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
6747 - ses->ntlmssp->sesskey_per_smbsess = true;
6748 -
6749 - /* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */
6750 -- ses->sectype = RawNTLMSSP;
6751 -+ if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP)
6752 -+ ses->sectype = RawNTLMSSP;
6753 -
6754 - ssetup_ntlmssp_authenticate:
6755 - if (phase == NtLmChallenge)
6756 -@@ -649,7 +648,48 @@ ssetup_ntlmssp_authenticate:
6757 - iov[0].iov_base = (char *)req;
6758 - /* 4 for rfc1002 length field and 1 for pad */
6759 - iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
6760 -- if (phase == NtLmNegotiate) {
6761 -+
6762 -+ if (ses->sectype == Kerberos) {
6763 -+#ifdef CONFIG_CIFS_UPCALL
6764 -+ struct cifs_spnego_msg *msg;
6765 -+
6766 -+ spnego_key = cifs_get_spnego_key(ses);
6767 -+ if (IS_ERR(spnego_key)) {
6768 -+ rc = PTR_ERR(spnego_key);
6769 -+ spnego_key = NULL;
6770 -+ goto ssetup_exit;
6771 -+ }
6772 -+
6773 -+ msg = spnego_key->payload.data;
6774 -+ /*
6775 -+ * check version field to make sure that cifs.upcall is
6776 -+ * sending us a response in an expected form
6777 -+ */
6778 -+ if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
6779 -+ cifs_dbg(VFS,
6780 -+ "bad cifs.upcall version. Expected %d got %d",
6781 -+ CIFS_SPNEGO_UPCALL_VERSION, msg->version);
6782 -+ rc = -EKEYREJECTED;
6783 -+ goto ssetup_exit;
6784 -+ }
6785 -+ ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
6786 -+ GFP_KERNEL);
6787 -+ if (!ses->auth_key.response) {
6788 -+ cifs_dbg(VFS,
6789 -+ "Kerberos can't allocate (%u bytes) memory",
6790 -+ msg->sesskey_len);
6791 -+ rc = -ENOMEM;
6792 -+ goto ssetup_exit;
6793 -+ }
6794 -+ ses->auth_key.len = msg->sesskey_len;
6795 -+ blob_length = msg->secblob_len;
6796 -+ iov[1].iov_base = msg->data + msg->sesskey_len;
6797 -+ iov[1].iov_len = blob_length;
6798 -+#else
6799 -+ rc = -EOPNOTSUPP;
6800 -+ goto ssetup_exit;
6801 -+#endif /* CONFIG_CIFS_UPCALL */
6802 -+ } else if (phase == NtLmNegotiate) { /* if not krb5 must be ntlmssp */
6803 - ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
6804 - GFP_KERNEL);
6805 - if (ntlmssp_blob == NULL) {
6806 -@@ -672,6 +712,8 @@ ssetup_ntlmssp_authenticate:
6807 - /* with raw NTLMSSP we don't encapsulate in SPNEGO */
6808 - security_blob = ntlmssp_blob;
6809 - }
6810 -+ iov[1].iov_base = security_blob;
6811 -+ iov[1].iov_len = blob_length;
6812 - } else if (phase == NtLmAuthenticate) {
6813 - req->hdr.SessionId = ses->Suid;
6814 - ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500,
6815 -@@ -699,6 +741,8 @@ ssetup_ntlmssp_authenticate:
6816 - } else {
6817 - security_blob = ntlmssp_blob;
6818 - }
6819 -+ iov[1].iov_base = security_blob;
6820 -+ iov[1].iov_len = blob_length;
6821 - } else {
6822 - cifs_dbg(VFS, "illegal ntlmssp phase\n");
6823 - rc = -EIO;
6824 -@@ -710,8 +754,6 @@ ssetup_ntlmssp_authenticate:
6825 - cpu_to_le16(sizeof(struct smb2_sess_setup_req) -
6826 - 1 /* pad */ - 4 /* rfc1001 len */);
6827 - req->SecurityBufferLength = cpu_to_le16(blob_length);
6828 -- iov[1].iov_base = security_blob;
6829 -- iov[1].iov_len = blob_length;
6830 -
6831 - inc_rfc1001_len(req, blob_length - 1 /* pad */);
6832 -
6833 -@@ -722,6 +764,7 @@ ssetup_ntlmssp_authenticate:
6834 -
6835 - kfree(security_blob);
6836 - rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base;
6837 -+ ses->Suid = rsp->hdr.SessionId;
6838 - if (resp_buftype != CIFS_NO_BUFFER &&
6839 - rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) {
6840 - if (phase != NtLmNegotiate) {
6841 -@@ -739,7 +782,6 @@ ssetup_ntlmssp_authenticate:
6842 - /* NTLMSSP Negotiate sent now processing challenge (response) */
6843 - phase = NtLmChallenge; /* process ntlmssp challenge */
6844 - rc = 0; /* MORE_PROCESSING is not an error here but expected */
6845 -- ses->Suid = rsp->hdr.SessionId;
6846 - rc = decode_ntlmssp_challenge(rsp->Buffer,
6847 - le16_to_cpu(rsp->SecurityBufferLength), ses);
6848 - }
6849 -@@ -796,6 +838,10 @@ keygen_exit:
6850 - kfree(ses->auth_key.response);
6851 - ses->auth_key.response = NULL;
6852 - }
6853 -+ if (spnego_key) {
6854 -+ key_invalidate(spnego_key);
6855 -+ key_put(spnego_key);
6856 -+ }
6857 - kfree(ses->ntlmssp);
6858 -
6859 - return rc;
6860 -diff --git a/fs/dax.c b/fs/dax.c
6861 -index a7f77e1..ef35a20 100644
6862 ---- a/fs/dax.c
6863 -+++ b/fs/dax.c
6864 -@@ -116,7 +116,8 @@ static ssize_t dax_io(struct inode *inode, struct iov_iter *iter,
6865 - unsigned len;
6866 - if (pos == max) {
6867 - unsigned blkbits = inode->i_blkbits;
6868 -- sector_t block = pos >> blkbits;
6869 -+ long page = pos >> PAGE_SHIFT;
6870 -+ sector_t block = page << (PAGE_SHIFT - blkbits);
6871 - unsigned first = pos - (block << blkbits);
6872 - long size;
6873 -
6874 -diff --git a/fs/dcache.c b/fs/dcache.c
6875 -index 9b5fe50..e3b44ca 100644
6876 ---- a/fs/dcache.c
6877 -+++ b/fs/dcache.c
6878 -@@ -2926,6 +2926,13 @@ restart:
6879 -
6880 - if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
6881 - struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
6882 -+ /* Escaped? */
6883 -+ if (dentry != vfsmnt->mnt_root) {
6884 -+ bptr = *buffer;
6885 -+ blen = *buflen;
6886 -+ error = 3;
6887 -+ break;
6888 -+ }
6889 - /* Global root? */
6890 - if (mnt != parent) {
6891 - dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
6892 -diff --git a/fs/namei.c b/fs/namei.c
6893 -index 1c2105e..36df481 100644
6894 ---- a/fs/namei.c
6895 -+++ b/fs/namei.c
6896 -@@ -560,6 +560,24 @@ static int __nd_alloc_stack(struct nameidata *nd)
6897 - return 0;
6898 - }
6899 -
6900 -+/**
6901 -+ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
6902 -+ * @path: nameidate to verify
6903 -+ *
6904 -+ * Rename can sometimes move a file or directory outside of a bind
6905 -+ * mount, path_connected allows those cases to be detected.
6906 -+ */
6907 -+static bool path_connected(const struct path *path)
6908 -+{
6909 -+ struct vfsmount *mnt = path->mnt;
6910 -+
6911 -+ /* Only bind mounts can have disconnected paths */
6912 -+ if (mnt->mnt_root == mnt->mnt_sb->s_root)
6913 -+ return true;
6914 -+
6915 -+ return is_subdir(path->dentry, mnt->mnt_root);
6916 -+}
6917 -+
6918 - static inline int nd_alloc_stack(struct nameidata *nd)
6919 - {
6920 - if (likely(nd->depth != EMBEDDED_LEVELS))
6921 -@@ -1296,6 +1314,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
6922 - return -ECHILD;
6923 - nd->path.dentry = parent;
6924 - nd->seq = seq;
6925 -+ if (unlikely(!path_connected(&nd->path)))
6926 -+ return -ENOENT;
6927 - break;
6928 - } else {
6929 - struct mount *mnt = real_mount(nd->path.mnt);
6930 -@@ -1396,7 +1416,7 @@ static void follow_mount(struct path *path)
6931 - }
6932 - }
6933 -
6934 --static void follow_dotdot(struct nameidata *nd)
6935 -+static int follow_dotdot(struct nameidata *nd)
6936 - {
6937 - if (!nd->root.mnt)
6938 - set_root(nd);
6939 -@@ -1412,6 +1432,8 @@ static void follow_dotdot(struct nameidata *nd)
6940 - /* rare case of legitimate dget_parent()... */
6941 - nd->path.dentry = dget_parent(nd->path.dentry);
6942 - dput(old);
6943 -+ if (unlikely(!path_connected(&nd->path)))
6944 -+ return -ENOENT;
6945 - break;
6946 - }
6947 - if (!follow_up(&nd->path))
6948 -@@ -1419,6 +1441,7 @@ static void follow_dotdot(struct nameidata *nd)
6949 - }
6950 - follow_mount(&nd->path);
6951 - nd->inode = nd->path.dentry->d_inode;
6952 -+ return 0;
6953 - }
6954 -
6955 - /*
6956 -@@ -1535,8 +1558,6 @@ static int lookup_fast(struct nameidata *nd,
6957 - negative = d_is_negative(dentry);
6958 - if (read_seqcount_retry(&dentry->d_seq, seq))
6959 - return -ECHILD;
6960 -- if (negative)
6961 -- return -ENOENT;
6962 -
6963 - /*
6964 - * This sequence count validates that the parent had no
6965 -@@ -1557,6 +1578,12 @@ static int lookup_fast(struct nameidata *nd,
6966 - goto unlazy;
6967 - }
6968 - }
6969 -+ /*
6970 -+ * Note: do negative dentry check after revalidation in
6971 -+ * case that drops it.
6972 -+ */
6973 -+ if (negative)
6974 -+ return -ENOENT;
6975 - path->mnt = mnt;
6976 - path->dentry = dentry;
6977 - if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
6978 -@@ -1634,7 +1661,7 @@ static inline int handle_dots(struct nameidata *nd, int type)
6979 - if (nd->flags & LOOKUP_RCU) {
6980 - return follow_dotdot_rcu(nd);
6981 - } else
6982 -- follow_dotdot(nd);
6983 -+ return follow_dotdot(nd);
6984 - }
6985 - return 0;
6986 - }
6987 -diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c
6988 -index 029d688..c568868 100644
6989 ---- a/fs/nfs/delegation.c
6990 -+++ b/fs/nfs/delegation.c
6991 -@@ -113,7 +113,8 @@ out:
6992 - return status;
6993 - }
6994 -
6995 --static int nfs_delegation_claim_opens(struct inode *inode, const nfs4_stateid *stateid)
6996 -+static int nfs_delegation_claim_opens(struct inode *inode,
6997 -+ const nfs4_stateid *stateid, fmode_t type)
6998 - {
6999 - struct nfs_inode *nfsi = NFS_I(inode);
7000 - struct nfs_open_context *ctx;
7001 -@@ -140,7 +141,7 @@ again:
7002 - /* Block nfs4_proc_unlck */
7003 - mutex_lock(&sp->so_delegreturn_mutex);
7004 - seq = raw_seqcount_begin(&sp->so_reclaim_seqcount);
7005 -- err = nfs4_open_delegation_recall(ctx, state, stateid);
7006 -+ err = nfs4_open_delegation_recall(ctx, state, stateid, type);
7007 - if (!err)
7008 - err = nfs_delegation_claim_locks(ctx, state, stateid);
7009 - if (!err && read_seqcount_retry(&sp->so_reclaim_seqcount, seq))
7010 -@@ -411,7 +412,8 @@ static int nfs_end_delegation_return(struct inode *inode, struct nfs_delegation
7011 - do {
7012 - if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags))
7013 - break;
7014 -- err = nfs_delegation_claim_opens(inode, &delegation->stateid);
7015 -+ err = nfs_delegation_claim_opens(inode, &delegation->stateid,
7016 -+ delegation->type);
7017 - if (!issync || err != -EAGAIN)
7018 - break;
7019 - /*
7020 -diff --git a/fs/nfs/delegation.h b/fs/nfs/delegation.h
7021 -index e3c20a3..785c852 100644
7022 ---- a/fs/nfs/delegation.h
7023 -+++ b/fs/nfs/delegation.h
7024 -@@ -54,7 +54,7 @@ void nfs_delegation_reap_unclaimed(struct nfs_client *clp);
7025 -
7026 - /* NFSv4 delegation-related procedures */
7027 - int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync);
7028 --int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid);
7029 -+int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid, fmode_t type);
7030 - int nfs4_lock_delegation_recall(struct file_lock *fl, struct nfs4_state *state, const nfs4_stateid *stateid);
7031 - bool nfs4_copy_delegation_stateid(nfs4_stateid *dst, struct inode *inode, fmode_t flags);
7032 -
7033 -diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c
7034 -index b34f2e2..02ec079 100644
7035 ---- a/fs/nfs/filelayout/filelayout.c
7036 -+++ b/fs/nfs/filelayout/filelayout.c
7037 -@@ -629,23 +629,18 @@ out_put:
7038 - goto out;
7039 - }
7040 -
7041 --static void filelayout_free_fh_array(struct nfs4_filelayout_segment *fl)
7042 -+static void _filelayout_free_lseg(struct nfs4_filelayout_segment *fl)
7043 - {
7044 - int i;
7045 -
7046 -- for (i = 0; i < fl->num_fh; i++) {
7047 -- if (!fl->fh_array[i])
7048 -- break;
7049 -- kfree(fl->fh_array[i]);
7050 -+ if (fl->fh_array) {
7051 -+ for (i = 0; i < fl->num_fh; i++) {
7052 -+ if (!fl->fh_array[i])
7053 -+ break;
7054 -+ kfree(fl->fh_array[i]);
7055 -+ }
7056 -+ kfree(fl->fh_array);
7057 - }
7058 -- kfree(fl->fh_array);
7059 -- fl->fh_array = NULL;
7060 --}
7061 --
7062 --static void
7063 --_filelayout_free_lseg(struct nfs4_filelayout_segment *fl)
7064 --{
7065 -- filelayout_free_fh_array(fl);
7066 - kfree(fl);
7067 - }
7068 -
7069 -@@ -716,21 +711,21 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo,
7070 - /* Do we want to use a mempool here? */
7071 - fl->fh_array[i] = kmalloc(sizeof(struct nfs_fh), gfp_flags);
7072 - if (!fl->fh_array[i])
7073 -- goto out_err_free;
7074 -+ goto out_err;
7075 -
7076 - p = xdr_inline_decode(&stream, 4);
7077 - if (unlikely(!p))
7078 -- goto out_err_free;
7079 -+ goto out_err;
7080 - fl->fh_array[i]->size = be32_to_cpup(p++);
7081 - if (sizeof(struct nfs_fh) < fl->fh_array[i]->size) {
7082 - printk(KERN_ERR "NFS: Too big fh %d received %d\n",
7083 - i, fl->fh_array[i]->size);
7084 -- goto out_err_free;
7085 -+ goto out_err;
7086 - }
7087 -
7088 - p = xdr_inline_decode(&stream, fl->fh_array[i]->size);
7089 - if (unlikely(!p))
7090 -- goto out_err_free;
7091 -+ goto out_err;
7092 - memcpy(fl->fh_array[i]->data, p, fl->fh_array[i]->size);
7093 - dprintk("DEBUG: %s: fh len %d\n", __func__,
7094 - fl->fh_array[i]->size);
7095 -@@ -739,8 +734,6 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo,
7096 - __free_page(scratch);
7097 - return 0;
7098 -
7099 --out_err_free:
7100 -- filelayout_free_fh_array(fl);
7101 - out_err:
7102 - __free_page(scratch);
7103 - return -EIO;
7104 -diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
7105 -index d731bbf..0f020e4 100644
7106 ---- a/fs/nfs/nfs42proc.c
7107 -+++ b/fs/nfs/nfs42proc.c
7108 -@@ -175,10 +175,12 @@ loff_t nfs42_proc_llseek(struct file *filep, loff_t offset, int whence)
7109 - {
7110 - struct nfs_server *server = NFS_SERVER(file_inode(filep));
7111 - struct nfs4_exception exception = { };
7112 -- int err;
7113 -+ loff_t err;
7114 -
7115 - do {
7116 - err = _nfs42_proc_llseek(filep, offset, whence);
7117 -+ if (err >= 0)
7118 -+ break;
7119 - if (err == -ENOTSUPP)
7120 - return -EOPNOTSUPP;
7121 - err = nfs4_handle_exception(server, err, &exception);
7122 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
7123 -index 73c8204..d2daaca 100644
7124 ---- a/fs/nfs/nfs4proc.c
7125 -+++ b/fs/nfs/nfs4proc.c
7126 -@@ -1127,6 +1127,21 @@ static int nfs4_wait_for_completion_rpc_task(struct rpc_task *task)
7127 - return ret;
7128 - }
7129 -
7130 -+static bool nfs4_mode_match_open_stateid(struct nfs4_state *state,
7131 -+ fmode_t fmode)
7132 -+{
7133 -+ switch(fmode & (FMODE_READ|FMODE_WRITE)) {
7134 -+ case FMODE_READ|FMODE_WRITE:
7135 -+ return state->n_rdwr != 0;
7136 -+ case FMODE_WRITE:
7137 -+ return state->n_wronly != 0;
7138 -+ case FMODE_READ:
7139 -+ return state->n_rdonly != 0;
7140 -+ }
7141 -+ WARN_ON_ONCE(1);
7142 -+ return false;
7143 -+}
7144 -+
7145 - static int can_open_cached(struct nfs4_state *state, fmode_t mode, int open_mode)
7146 - {
7147 - int ret = 0;
7148 -@@ -1561,17 +1576,13 @@ static struct nfs4_opendata *nfs4_open_recoverdata_alloc(struct nfs_open_context
7149 - return opendata;
7150 - }
7151 -
7152 --static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, fmode_t fmode, struct nfs4_state **res)
7153 -+static int nfs4_open_recover_helper(struct nfs4_opendata *opendata,
7154 -+ fmode_t fmode)
7155 - {
7156 - struct nfs4_state *newstate;
7157 - int ret;
7158 -
7159 -- if ((opendata->o_arg.claim == NFS4_OPEN_CLAIM_DELEGATE_CUR ||
7160 -- opendata->o_arg.claim == NFS4_OPEN_CLAIM_DELEG_CUR_FH) &&
7161 -- (opendata->o_arg.u.delegation_type & fmode) != fmode)
7162 -- /* This mode can't have been delegated, so we must have
7163 -- * a valid open_stateid to cover it - not need to reclaim.
7164 -- */
7165 -+ if (!nfs4_mode_match_open_stateid(opendata->state, fmode))
7166 - return 0;
7167 - opendata->o_arg.open_flags = 0;
7168 - opendata->o_arg.fmode = fmode;
7169 -@@ -1587,14 +1598,14 @@ static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, fmode_t fmod
7170 - newstate = nfs4_opendata_to_nfs4_state(opendata);
7171 - if (IS_ERR(newstate))
7172 - return PTR_ERR(newstate);
7173 -+ if (newstate != opendata->state)
7174 -+ ret = -ESTALE;
7175 - nfs4_close_state(newstate, fmode);
7176 -- *res = newstate;
7177 -- return 0;
7178 -+ return ret;
7179 - }
7180 -
7181 - static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *state)
7182 - {
7183 -- struct nfs4_state *newstate;
7184 - int ret;
7185 -
7186 - /* Don't trigger recovery in nfs_test_and_clear_all_open_stateid */
7187 -@@ -1605,27 +1616,15 @@ static int nfs4_open_recover(struct nfs4_opendata *opendata, struct nfs4_state *
7188 - clear_bit(NFS_DELEGATED_STATE, &state->flags);
7189 - clear_bit(NFS_OPEN_STATE, &state->flags);
7190 - smp_rmb();
7191 -- if (state->n_rdwr != 0) {
7192 -- ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE, &newstate);
7193 -- if (ret != 0)
7194 -- return ret;
7195 -- if (newstate != state)
7196 -- return -ESTALE;
7197 -- }
7198 -- if (state->n_wronly != 0) {
7199 -- ret = nfs4_open_recover_helper(opendata, FMODE_WRITE, &newstate);
7200 -- if (ret != 0)
7201 -- return ret;
7202 -- if (newstate != state)
7203 -- return -ESTALE;
7204 -- }
7205 -- if (state->n_rdonly != 0) {
7206 -- ret = nfs4_open_recover_helper(opendata, FMODE_READ, &newstate);
7207 -- if (ret != 0)
7208 -- return ret;
7209 -- if (newstate != state)
7210 -- return -ESTALE;
7211 -- }
7212 -+ ret = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE);
7213 -+ if (ret != 0)
7214 -+ return ret;
7215 -+ ret = nfs4_open_recover_helper(opendata, FMODE_WRITE);
7216 -+ if (ret != 0)
7217 -+ return ret;
7218 -+ ret = nfs4_open_recover_helper(opendata, FMODE_READ);
7219 -+ if (ret != 0)
7220 -+ return ret;
7221 - /*
7222 - * We may have performed cached opens for all three recoveries.
7223 - * Check if we need to update the current stateid.
7224 -@@ -1749,18 +1748,32 @@ static int nfs4_handle_delegation_recall_error(struct nfs_server *server, struct
7225 - return err;
7226 - }
7227 -
7228 --int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
7229 -+int nfs4_open_delegation_recall(struct nfs_open_context *ctx,
7230 -+ struct nfs4_state *state, const nfs4_stateid *stateid,
7231 -+ fmode_t type)
7232 - {
7233 - struct nfs_server *server = NFS_SERVER(state->inode);
7234 - struct nfs4_opendata *opendata;
7235 -- int err;
7236 -+ int err = 0;
7237 -
7238 - opendata = nfs4_open_recoverdata_alloc(ctx, state,
7239 - NFS4_OPEN_CLAIM_DELEG_CUR_FH);
7240 - if (IS_ERR(opendata))
7241 - return PTR_ERR(opendata);
7242 - nfs4_stateid_copy(&opendata->o_arg.u.delegation, stateid);
7243 -- err = nfs4_open_recover(opendata, state);
7244 -+ clear_bit(NFS_DELEGATED_STATE, &state->flags);
7245 -+ switch (type & (FMODE_READ|FMODE_WRITE)) {
7246 -+ case FMODE_READ|FMODE_WRITE:
7247 -+ case FMODE_WRITE:
7248 -+ err = nfs4_open_recover_helper(opendata, FMODE_READ|FMODE_WRITE);
7249 -+ if (err)
7250 -+ break;
7251 -+ err = nfs4_open_recover_helper(opendata, FMODE_WRITE);
7252 -+ if (err)
7253 -+ break;
7254 -+ case FMODE_READ:
7255 -+ err = nfs4_open_recover_helper(opendata, FMODE_READ);
7256 -+ }
7257 - nfs4_opendata_put(opendata);
7258 - return nfs4_handle_delegation_recall_error(server, state, stateid, err);
7259 - }
7260 -diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
7261 -index 7c5718b..fe3ddd2 100644
7262 ---- a/fs/nfs/pagelist.c
7263 -+++ b/fs/nfs/pagelist.c
7264 -@@ -508,7 +508,7 @@ size_t nfs_generic_pg_test(struct nfs_pageio_descriptor *desc,
7265 - * for it without upsetting the slab allocator.
7266 - */
7267 - if (((mirror->pg_count + req->wb_bytes) >> PAGE_SHIFT) *
7268 -- sizeof(struct page) > PAGE_SIZE)
7269 -+ sizeof(struct page *) > PAGE_SIZE)
7270 - return 0;
7271 -
7272 - return min(mirror->pg_bsize - mirror->pg_count, (size_t)req->wb_bytes);
7273 -diff --git a/fs/nfs/read.c b/fs/nfs/read.c
7274 -index ae0ff7a..01b8cc8 100644
7275 ---- a/fs/nfs/read.c
7276 -+++ b/fs/nfs/read.c
7277 -@@ -72,6 +72,9 @@ void nfs_pageio_reset_read_mds(struct nfs_pageio_descriptor *pgio)
7278 - {
7279 - struct nfs_pgio_mirror *mirror;
7280 -
7281 -+ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup)
7282 -+ pgio->pg_ops->pg_cleanup(pgio);
7283 -+
7284 - pgio->pg_ops = &nfs_pgio_rw_ops;
7285 -
7286 - /* read path should never have more than one mirror */
7287 -diff --git a/fs/nfs/write.c b/fs/nfs/write.c
7288 -index fdee927..b45b465 100644
7289 ---- a/fs/nfs/write.c
7290 -+++ b/fs/nfs/write.c
7291 -@@ -1223,7 +1223,7 @@ static int nfs_can_extend_write(struct file *file, struct page *page, struct ino
7292 - return 1;
7293 - if (!flctx || (list_empty_careful(&flctx->flc_flock) &&
7294 - list_empty_careful(&flctx->flc_posix)))
7295 -- return 0;
7296 -+ return 1;
7297 -
7298 - /* Check to see if there are whole file write locks */
7299 - ret = 0;
7300 -@@ -1351,6 +1351,9 @@ void nfs_pageio_reset_write_mds(struct nfs_pageio_descriptor *pgio)
7301 - {
7302 - struct nfs_pgio_mirror *mirror;
7303 -
7304 -+ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup)
7305 -+ pgio->pg_ops->pg_cleanup(pgio);
7306 -+
7307 - pgio->pg_ops = &nfs_pgio_rw_ops;
7308 -
7309 - nfs_pageio_stop_mirroring(pgio);
7310 -diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
7311 -index fdf4b41..482cfd3 100644
7312 ---- a/fs/ocfs2/dlm/dlmmaster.c
7313 -+++ b/fs/ocfs2/dlm/dlmmaster.c
7314 -@@ -1439,6 +1439,7 @@ int dlm_master_request_handler(struct o2net_msg *msg, u32 len, void *data,
7315 - int found, ret;
7316 - int set_maybe;
7317 - int dispatch_assert = 0;
7318 -+ int dispatched = 0;
7319 -
7320 - if (!dlm_grab(dlm))
7321 - return DLM_MASTER_RESP_NO;
7322 -@@ -1658,15 +1659,18 @@ send_response:
7323 - mlog(ML_ERROR, "failed to dispatch assert master work\n");
7324 - response = DLM_MASTER_RESP_ERROR;
7325 - dlm_lockres_put(res);
7326 -- } else
7327 -+ } else {
7328 -+ dispatched = 1;
7329 - __dlm_lockres_grab_inflight_worker(dlm, res);
7330 -+ }
7331 - spin_unlock(&res->spinlock);
7332 - } else {
7333 - if (res)
7334 - dlm_lockres_put(res);
7335 - }
7336 -
7337 -- dlm_put(dlm);
7338 -+ if (!dispatched)
7339 -+ dlm_put(dlm);
7340 - return response;
7341 - }
7342 -
7343 -@@ -2090,7 +2094,6 @@ int dlm_dispatch_assert_master(struct dlm_ctxt *dlm,
7344 -
7345 -
7346 - /* queue up work for dlm_assert_master_worker */
7347 -- dlm_grab(dlm); /* get an extra ref for the work item */
7348 - dlm_init_work_item(dlm, item, dlm_assert_master_worker, NULL);
7349 - item->u.am.lockres = res; /* already have a ref */
7350 - /* can optionally ignore node numbers higher than this node */
7351 -diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
7352 -index ce12e0b..3d90ad7 100644
7353 ---- a/fs/ocfs2/dlm/dlmrecovery.c
7354 -+++ b/fs/ocfs2/dlm/dlmrecovery.c
7355 -@@ -1694,6 +1694,7 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data,
7356 - unsigned int hash;
7357 - int master = DLM_LOCK_RES_OWNER_UNKNOWN;
7358 - u32 flags = DLM_ASSERT_MASTER_REQUERY;
7359 -+ int dispatched = 0;
7360 -
7361 - if (!dlm_grab(dlm)) {
7362 - /* since the domain has gone away on this
7363 -@@ -1719,8 +1720,10 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data,
7364 - dlm_put(dlm);
7365 - /* sender will take care of this and retry */
7366 - return ret;
7367 -- } else
7368 -+ } else {
7369 -+ dispatched = 1;
7370 - __dlm_lockres_grab_inflight_worker(dlm, res);
7371 -+ }
7372 - spin_unlock(&res->spinlock);
7373 - } else {
7374 - /* put.. incase we are not the master */
7375 -@@ -1730,7 +1733,8 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data,
7376 - }
7377 - spin_unlock(&dlm->spinlock);
7378 -
7379 -- dlm_put(dlm);
7380 -+ if (!dispatched)
7381 -+ dlm_put(dlm);
7382 - return master;
7383 - }
7384 -
7385 -diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
7386 -index 96f3448..fd65b3f 100644
7387 ---- a/fs/ubifs/xattr.c
7388 -+++ b/fs/ubifs/xattr.c
7389 -@@ -652,11 +652,8 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode,
7390 - {
7391 - int err;
7392 -
7393 -- mutex_lock(&inode->i_mutex);
7394 - err = security_inode_init_security(inode, dentry, qstr,
7395 - &init_xattrs, 0);
7396 -- mutex_unlock(&inode->i_mutex);
7397 --
7398 - if (err) {
7399 - struct ubifs_info *c = dentry->i_sb->s_fs_info;
7400 - ubifs_err(c, "cannot initialize security for inode %lu, error %d",
7401 -diff --git a/include/asm-generic/preempt.h b/include/asm-generic/preempt.h
7402 -index d0a7a47..0bec580 100644
7403 ---- a/include/asm-generic/preempt.h
7404 -+++ b/include/asm-generic/preempt.h
7405 -@@ -71,9 +71,10 @@ static __always_inline bool __preempt_count_dec_and_test(void)
7406 - /*
7407 - * Returns true when we need to resched and can (barring IRQ state).
7408 - */
7409 --static __always_inline bool should_resched(void)
7410 -+static __always_inline bool should_resched(int preempt_offset)
7411 - {
7412 -- return unlikely(!preempt_count() && tif_need_resched());
7413 -+ return unlikely(preempt_count() == preempt_offset &&
7414 -+ tif_need_resched());
7415 - }
7416 -
7417 - #ifdef CONFIG_PREEMPT
7418 -diff --git a/include/asm-generic/qspinlock.h b/include/asm-generic/qspinlock.h
7419 -index 83bfb87..e2aadbc 100644
7420 ---- a/include/asm-generic/qspinlock.h
7421 -+++ b/include/asm-generic/qspinlock.h
7422 -@@ -111,8 +111,8 @@ static inline void queued_spin_unlock_wait(struct qspinlock *lock)
7423 - cpu_relax();
7424 - }
7425 -
7426 --#ifndef virt_queued_spin_lock
7427 --static __always_inline bool virt_queued_spin_lock(struct qspinlock *lock)
7428 -+#ifndef virt_spin_lock
7429 -+static __always_inline bool virt_spin_lock(struct qspinlock *lock)
7430 - {
7431 - return false;
7432 - }
7433 -diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
7434 -index 93755a6..430c876 100644
7435 ---- a/include/linux/cgroup-defs.h
7436 -+++ b/include/linux/cgroup-defs.h
7437 -@@ -463,31 +463,8 @@ struct cgroup_subsys {
7438 - unsigned int depends_on;
7439 - };
7440 -
7441 --extern struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
7442 --
7443 --/**
7444 -- * cgroup_threadgroup_change_begin - threadgroup exclusion for cgroups
7445 -- * @tsk: target task
7446 -- *
7447 -- * Called from threadgroup_change_begin() and allows cgroup operations to
7448 -- * synchronize against threadgroup changes using a percpu_rw_semaphore.
7449 -- */
7450 --static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
7451 --{
7452 -- percpu_down_read(&cgroup_threadgroup_rwsem);
7453 --}
7454 --
7455 --/**
7456 -- * cgroup_threadgroup_change_end - threadgroup exclusion for cgroups
7457 -- * @tsk: target task
7458 -- *
7459 -- * Called from threadgroup_change_end(). Counterpart of
7460 -- * cgroup_threadcgroup_change_begin().
7461 -- */
7462 --static inline void cgroup_threadgroup_change_end(struct task_struct *tsk)
7463 --{
7464 -- percpu_up_read(&cgroup_threadgroup_rwsem);
7465 --}
7466 -+void cgroup_threadgroup_change_begin(struct task_struct *tsk);
7467 -+void cgroup_threadgroup_change_end(struct task_struct *tsk);
7468 -
7469 - #else /* CONFIG_CGROUPS */
7470 -
7471 -diff --git a/include/linux/init_task.h b/include/linux/init_task.h
7472 -index e8493fe..bb9b075 100644
7473 ---- a/include/linux/init_task.h
7474 -+++ b/include/linux/init_task.h
7475 -@@ -25,6 +25,13 @@
7476 - extern struct files_struct init_files;
7477 - extern struct fs_struct init_fs;
7478 -
7479 -+#ifdef CONFIG_CGROUPS
7480 -+#define INIT_GROUP_RWSEM(sig) \
7481 -+ .group_rwsem = __RWSEM_INITIALIZER(sig.group_rwsem),
7482 -+#else
7483 -+#define INIT_GROUP_RWSEM(sig)
7484 -+#endif
7485 -+
7486 - #ifdef CONFIG_CPUSETS
7487 - #define INIT_CPUSET_SEQ(tsk) \
7488 - .mems_allowed_seq = SEQCNT_ZERO(tsk.mems_allowed_seq),
7489 -@@ -48,6 +55,7 @@ extern struct fs_struct init_fs;
7490 - }, \
7491 - .cred_guard_mutex = \
7492 - __MUTEX_INITIALIZER(sig.cred_guard_mutex), \
7493 -+ INIT_GROUP_RWSEM(sig) \
7494 - }
7495 -
7496 - extern struct nsproxy init_nsproxy;
7497 -diff --git a/include/linux/mm.h b/include/linux/mm.h
7498 -index bf6f117..2b05068 100644
7499 ---- a/include/linux/mm.h
7500 -+++ b/include/linux/mm.h
7501 -@@ -916,6 +916,27 @@ static inline void set_page_links(struct page *page, enum zone_type zone,
7502 - #endif
7503 - }
7504 -
7505 -+#ifdef CONFIG_MEMCG
7506 -+static inline struct mem_cgroup *page_memcg(struct page *page)
7507 -+{
7508 -+ return page->mem_cgroup;
7509 -+}
7510 -+
7511 -+static inline void set_page_memcg(struct page *page, struct mem_cgroup *memcg)
7512 -+{
7513 -+ page->mem_cgroup = memcg;
7514 -+}
7515 -+#else
7516 -+static inline struct mem_cgroup *page_memcg(struct page *page)
7517 -+{
7518 -+ return NULL;
7519 -+}
7520 -+
7521 -+static inline void set_page_memcg(struct page *page, struct mem_cgroup *memcg)
7522 -+{
7523 -+}
7524 -+#endif
7525 -+
7526 - /*
7527 - * Some inline functions in vmstat.h depend on page_zone()
7528 - */
7529 -diff --git a/include/linux/preempt.h b/include/linux/preempt.h
7530 -index 84991f1..bea8dd8 100644
7531 ---- a/include/linux/preempt.h
7532 -+++ b/include/linux/preempt.h
7533 -@@ -84,13 +84,21 @@
7534 - */
7535 - #define in_nmi() (preempt_count() & NMI_MASK)
7536 -
7537 -+/*
7538 -+ * The preempt_count offset after preempt_disable();
7539 -+ */
7540 - #if defined(CONFIG_PREEMPT_COUNT)
7541 --# define PREEMPT_DISABLE_OFFSET 1
7542 -+# define PREEMPT_DISABLE_OFFSET PREEMPT_OFFSET
7543 - #else
7544 --# define PREEMPT_DISABLE_OFFSET 0
7545 -+# define PREEMPT_DISABLE_OFFSET 0
7546 - #endif
7547 -
7548 - /*
7549 -+ * The preempt_count offset after spin_lock()
7550 -+ */
7551 -+#define PREEMPT_LOCK_OFFSET PREEMPT_DISABLE_OFFSET
7552 -+
7553 -+/*
7554 - * The preempt_count offset needed for things like:
7555 - *
7556 - * spin_lock_bh()
7557 -@@ -103,7 +111,7 @@
7558 - *
7559 - * Work as expected.
7560 - */
7561 --#define SOFTIRQ_LOCK_OFFSET (SOFTIRQ_DISABLE_OFFSET + PREEMPT_DISABLE_OFFSET)
7562 -+#define SOFTIRQ_LOCK_OFFSET (SOFTIRQ_DISABLE_OFFSET + PREEMPT_LOCK_OFFSET)
7563 -
7564 - /*
7565 - * Are we running in atomic context? WARNING: this macro cannot
7566 -@@ -124,7 +132,8 @@
7567 - #if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER)
7568 - extern void preempt_count_add(int val);
7569 - extern void preempt_count_sub(int val);
7570 --#define preempt_count_dec_and_test() ({ preempt_count_sub(1); should_resched(); })
7571 -+#define preempt_count_dec_and_test() \
7572 -+ ({ preempt_count_sub(1); should_resched(0); })
7573 - #else
7574 - #define preempt_count_add(val) __preempt_count_add(val)
7575 - #define preempt_count_sub(val) __preempt_count_sub(val)
7576 -@@ -184,7 +193,7 @@ do { \
7577 -
7578 - #define preempt_check_resched() \
7579 - do { \
7580 -- if (should_resched()) \
7581 -+ if (should_resched(0)) \
7582 - __preempt_schedule(); \
7583 - } while (0)
7584 -
7585 -diff --git a/include/linux/sched.h b/include/linux/sched.h
7586 -index 04b5ada..bfca8aa 100644
7587 ---- a/include/linux/sched.h
7588 -+++ b/include/linux/sched.h
7589 -@@ -754,6 +754,18 @@ struct signal_struct {
7590 - unsigned audit_tty_log_passwd;
7591 - struct tty_audit_buf *tty_audit_buf;
7592 - #endif
7593 -+#ifdef CONFIG_CGROUPS
7594 -+ /*
7595 -+ * group_rwsem prevents new tasks from entering the threadgroup and
7596 -+ * member tasks from exiting,a more specifically, setting of
7597 -+ * PF_EXITING. fork and exit paths are protected with this rwsem
7598 -+ * using threadgroup_change_begin/end(). Users which require
7599 -+ * threadgroup to remain stable should use threadgroup_[un]lock()
7600 -+ * which also takes care of exec path. Currently, cgroup is the
7601 -+ * only user.
7602 -+ */
7603 -+ struct rw_semaphore group_rwsem;
7604 -+#endif
7605 -
7606 - oom_flags_t oom_flags;
7607 - short oom_score_adj; /* OOM kill score adjustment */
7608 -@@ -2897,12 +2909,6 @@ extern int _cond_resched(void);
7609 -
7610 - extern int __cond_resched_lock(spinlock_t *lock);
7611 -
7612 --#ifdef CONFIG_PREEMPT_COUNT
7613 --#define PREEMPT_LOCK_OFFSET PREEMPT_OFFSET
7614 --#else
7615 --#define PREEMPT_LOCK_OFFSET 0
7616 --#endif
7617 --
7618 - #define cond_resched_lock(lock) ({ \
7619 - ___might_sleep(__FILE__, __LINE__, PREEMPT_LOCK_OFFSET);\
7620 - __cond_resched_lock(lock); \
7621 -diff --git a/include/linux/security.h b/include/linux/security.h
7622 -index 79d85dd..2f4c1f7 100644
7623 ---- a/include/linux/security.h
7624 -+++ b/include/linux/security.h
7625 -@@ -946,7 +946,7 @@ static inline int security_task_prctl(int option, unsigned long arg2,
7626 - unsigned long arg4,
7627 - unsigned long arg5)
7628 - {
7629 -- return cap_task_prctl(option, arg2, arg3, arg3, arg5);
7630 -+ return cap_task_prctl(option, arg2, arg3, arg4, arg5);
7631 - }
7632 -
7633 - static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
7634 -diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h
7635 -index bab824b..d4c6b5f 100644
7636 ---- a/include/net/netfilter/br_netfilter.h
7637 -+++ b/include/net/netfilter/br_netfilter.h
7638 -@@ -59,7 +59,7 @@ static inline unsigned int
7639 - br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb,
7640 - const struct nf_hook_state *state)
7641 - {
7642 -- return NF_DROP;
7643 -+ return NF_ACCEPT;
7644 - }
7645 - #endif
7646 -
7647 -diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
7648 -index 37cd391..4023c4c 100644
7649 ---- a/include/net/netfilter/nf_conntrack.h
7650 -+++ b/include/net/netfilter/nf_conntrack.h
7651 -@@ -292,6 +292,7 @@ extern unsigned int nf_conntrack_hash_rnd;
7652 - void init_nf_conntrack_hash_rnd(void);
7653 -
7654 - struct nf_conn *nf_ct_tmpl_alloc(struct net *net, u16 zone, gfp_t flags);
7655 -+void nf_ct_tmpl_free(struct nf_conn *tmpl);
7656 -
7657 - #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
7658 - #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
7659 -diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
7660 -index 2a24668..aa8bee7 100644
7661 ---- a/include/net/netfilter/nf_tables.h
7662 -+++ b/include/net/netfilter/nf_tables.h
7663 -@@ -125,7 +125,7 @@ static inline enum nft_data_types nft_dreg_to_type(enum nft_registers reg)
7664 -
7665 - static inline enum nft_registers nft_type_to_reg(enum nft_data_types type)
7666 - {
7667 -- return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1;
7668 -+ return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE;
7669 - }
7670 -
7671 - unsigned int nft_parse_register(const struct nlattr *attr);
7672 -diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h
7673 -index 0aedbb2..7e7f887 100644
7674 ---- a/include/target/iscsi/iscsi_target_core.h
7675 -+++ b/include/target/iscsi/iscsi_target_core.h
7676 -@@ -776,7 +776,6 @@ struct iscsi_np {
7677 - enum iscsi_timer_flags_table np_login_timer_flags;
7678 - u32 np_exports;
7679 - enum np_flags_table np_flags;
7680 -- unsigned char np_ip[IPV6_ADDRESS_SPACE];
7681 - u16 np_port;
7682 - spinlock_t np_thread_lock;
7683 - struct completion np_restart_comp;
7684 -diff --git a/include/xen/interface/sched.h b/include/xen/interface/sched.h
7685 -index 9ce0839..f184909 100644
7686 ---- a/include/xen/interface/sched.h
7687 -+++ b/include/xen/interface/sched.h
7688 -@@ -107,5 +107,13 @@ struct sched_watchdog {
7689 - #define SHUTDOWN_suspend 2 /* Clean up, save suspend info, kill. */
7690 - #define SHUTDOWN_crash 3 /* Tell controller we've crashed. */
7691 - #define SHUTDOWN_watchdog 4 /* Restart because watchdog time expired. */
7692 -+/*
7693 -+ * Domain asked to perform 'soft reset' for it. The expected behavior is to
7694 -+ * reset internal Xen state for the domain returning it to the point where it
7695 -+ * was created but leaving the domain's memory contents and vCPU contexts
7696 -+ * intact. This will allow the domain to start over and set up all Xen specific
7697 -+ * interfaces again.
7698 -+ */
7699 -+#define SHUTDOWN_soft_reset 5
7700 -
7701 - #endif /* __XEN_PUBLIC_SCHED_H__ */
7702 -diff --git a/ipc/msg.c b/ipc/msg.c
7703 -index 66c4f56..1471db9 100644
7704 ---- a/ipc/msg.c
7705 -+++ b/ipc/msg.c
7706 -@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
7707 - return retval;
7708 - }
7709 -
7710 -- /* ipc_addid() locks msq upon success. */
7711 -- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
7712 -- if (id < 0) {
7713 -- ipc_rcu_putref(msq, msg_rcu_free);
7714 -- return id;
7715 -- }
7716 --
7717 - msq->q_stime = msq->q_rtime = 0;
7718 - msq->q_ctime = get_seconds();
7719 - msq->q_cbytes = msq->q_qnum = 0;
7720 -@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
7721 - INIT_LIST_HEAD(&msq->q_receivers);
7722 - INIT_LIST_HEAD(&msq->q_senders);
7723 -
7724 -+ /* ipc_addid() locks msq upon success. */
7725 -+ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
7726 -+ if (id < 0) {
7727 -+ ipc_rcu_putref(msq, msg_rcu_free);
7728 -+ return id;
7729 -+ }
7730 -+
7731 - ipc_unlock_object(&msq->q_perm);
7732 - rcu_read_unlock();
7733 -
7734 -diff --git a/ipc/shm.c b/ipc/shm.c
7735 -index 4aef24d..0e61fd4 100644
7736 ---- a/ipc/shm.c
7737 -+++ b/ipc/shm.c
7738 -@@ -551,12 +551,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
7739 - if (IS_ERR(file))
7740 - goto no_file;
7741 -
7742 -- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
7743 -- if (id < 0) {
7744 -- error = id;
7745 -- goto no_id;
7746 -- }
7747 --
7748 - shp->shm_cprid = task_tgid_vnr(current);
7749 - shp->shm_lprid = 0;
7750 - shp->shm_atim = shp->shm_dtim = 0;
7751 -@@ -565,6 +559,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
7752 - shp->shm_nattch = 0;
7753 - shp->shm_file = file;
7754 - shp->shm_creator = current;
7755 -+
7756 -+ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
7757 -+ if (id < 0) {
7758 -+ error = id;
7759 -+ goto no_id;
7760 -+ }
7761 -+
7762 - list_add(&shp->shm_clist, &current->sysvshm.shm_clist);
7763 -
7764 - /*
7765 -diff --git a/ipc/util.c b/ipc/util.c
7766 -index be42300..0f401d9 100644
7767 ---- a/ipc/util.c
7768 -+++ b/ipc/util.c
7769 -@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
7770 - rcu_read_lock();
7771 - spin_lock(&new->lock);
7772 -
7773 -+ current_euid_egid(&euid, &egid);
7774 -+ new->cuid = new->uid = euid;
7775 -+ new->gid = new->cgid = egid;
7776 -+
7777 - id = idr_alloc(&ids->ipcs_idr, new,
7778 - (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
7779 - GFP_NOWAIT);
7780 -@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
7781 -
7782 - ids->in_use++;
7783 -
7784 -- current_euid_egid(&euid, &egid);
7785 -- new->cuid = new->uid = euid;
7786 -- new->gid = new->cgid = egid;
7787 --
7788 - if (next_id < 0) {
7789 - new->seq = ids->seq++;
7790 - if (ids->seq > IPCID_SEQ_MAX)
7791 -diff --git a/kernel/cgroup.c b/kernel/cgroup.c
7792 -index c6c4240..fe6f855 100644
7793 ---- a/kernel/cgroup.c
7794 -+++ b/kernel/cgroup.c
7795 -@@ -46,7 +46,6 @@
7796 - #include <linux/slab.h>
7797 - #include <linux/spinlock.h>
7798 - #include <linux/rwsem.h>
7799 --#include <linux/percpu-rwsem.h>
7800 - #include <linux/string.h>
7801 - #include <linux/sort.h>
7802 - #include <linux/kmod.h>
7803 -@@ -104,8 +103,6 @@ static DEFINE_SPINLOCK(cgroup_idr_lock);
7804 - */
7805 - static DEFINE_SPINLOCK(release_agent_path_lock);
7806 -
7807 --struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
7808 --
7809 - #define cgroup_assert_mutex_or_rcu_locked() \
7810 - rcu_lockdep_assert(rcu_read_lock_held() || \
7811 - lockdep_is_held(&cgroup_mutex), \
7812 -@@ -870,6 +867,48 @@ static struct css_set *find_css_set(struct css_set *old_cset,
7813 - return cset;
7814 - }
7815 -
7816 -+void cgroup_threadgroup_change_begin(struct task_struct *tsk)
7817 -+{
7818 -+ down_read(&tsk->signal->group_rwsem);
7819 -+}
7820 -+
7821 -+void cgroup_threadgroup_change_end(struct task_struct *tsk)
7822 -+{
7823 -+ up_read(&tsk->signal->group_rwsem);
7824 -+}
7825 -+
7826 -+/**
7827 -+ * threadgroup_lock - lock threadgroup
7828 -+ * @tsk: member task of the threadgroup to lock
7829 -+ *
7830 -+ * Lock the threadgroup @tsk belongs to. No new task is allowed to enter
7831 -+ * and member tasks aren't allowed to exit (as indicated by PF_EXITING) or
7832 -+ * change ->group_leader/pid. This is useful for cases where the threadgroup
7833 -+ * needs to stay stable across blockable operations.
7834 -+ *
7835 -+ * fork and exit explicitly call threadgroup_change_{begin|end}() for
7836 -+ * synchronization. While held, no new task will be added to threadgroup
7837 -+ * and no existing live task will have its PF_EXITING set.
7838 -+ *
7839 -+ * de_thread() does threadgroup_change_{begin|end}() when a non-leader
7840 -+ * sub-thread becomes a new leader.
7841 -+ */
7842 -+static void threadgroup_lock(struct task_struct *tsk)
7843 -+{
7844 -+ down_write(&tsk->signal->group_rwsem);
7845 -+}
7846 -+
7847 -+/**
7848 -+ * threadgroup_unlock - unlock threadgroup
7849 -+ * @tsk: member task of the threadgroup to unlock
7850 -+ *
7851 -+ * Reverse threadgroup_lock().
7852 -+ */
7853 -+static inline void threadgroup_unlock(struct task_struct *tsk)
7854 -+{
7855 -+ up_write(&tsk->signal->group_rwsem);
7856 -+}
7857 -+
7858 - static struct cgroup_root *cgroup_root_from_kf(struct kernfs_root *kf_root)
7859 - {
7860 - struct cgroup *root_cgrp = kf_root->kn->priv;
7861 -@@ -2066,9 +2105,9 @@ static void cgroup_task_migrate(struct cgroup *old_cgrp,
7862 - lockdep_assert_held(&css_set_rwsem);
7863 -
7864 - /*
7865 -- * We are synchronized through cgroup_threadgroup_rwsem against
7866 -- * PF_EXITING setting such that we can't race against cgroup_exit()
7867 -- * changing the css_set to init_css_set and dropping the old one.
7868 -+ * We are synchronized through threadgroup_lock() against PF_EXITING
7869 -+ * setting such that we can't race against cgroup_exit() changing the
7870 -+ * css_set to init_css_set and dropping the old one.
7871 - */
7872 - WARN_ON_ONCE(tsk->flags & PF_EXITING);
7873 - old_cset = task_css_set(tsk);
7874 -@@ -2125,11 +2164,10 @@ static void cgroup_migrate_finish(struct list_head *preloaded_csets)
7875 - * @src_cset and add it to @preloaded_csets, which should later be cleaned
7876 - * up by cgroup_migrate_finish().
7877 - *
7878 -- * This function may be called without holding cgroup_threadgroup_rwsem
7879 -- * even if the target is a process. Threads may be created and destroyed
7880 -- * but as long as cgroup_mutex is not dropped, no new css_set can be put
7881 -- * into play and the preloaded css_sets are guaranteed to cover all
7882 -- * migrations.
7883 -+ * This function may be called without holding threadgroup_lock even if the
7884 -+ * target is a process. Threads may be created and destroyed but as long
7885 -+ * as cgroup_mutex is not dropped, no new css_set can be put into play and
7886 -+ * the preloaded css_sets are guaranteed to cover all migrations.
7887 - */
7888 - static void cgroup_migrate_add_src(struct css_set *src_cset,
7889 - struct cgroup *dst_cgrp,
7890 -@@ -2232,7 +2270,7 @@ err:
7891 - * @threadgroup: whether @leader points to the whole process or a single task
7892 - *
7893 - * Migrate a process or task denoted by @leader to @cgrp. If migrating a
7894 -- * process, the caller must be holding cgroup_threadgroup_rwsem. The
7895 -+ * process, the caller must be holding threadgroup_lock of @leader. The
7896 - * caller is also responsible for invoking cgroup_migrate_add_src() and
7897 - * cgroup_migrate_prepare_dst() on the targets before invoking this
7898 - * function and following up with cgroup_migrate_finish().
7899 -@@ -2360,7 +2398,7 @@ out_release_tset:
7900 - * @leader: the task or the leader of the threadgroup to be attached
7901 - * @threadgroup: attach the whole threadgroup?
7902 - *
7903 -- * Call holding cgroup_mutex and cgroup_threadgroup_rwsem.
7904 -+ * Call holding cgroup_mutex and threadgroup_lock of @leader.
7905 - */
7906 - static int cgroup_attach_task(struct cgroup *dst_cgrp,
7907 - struct task_struct *leader, bool threadgroup)
7908 -@@ -2452,13 +2490,14 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
7909 - if (!cgrp)
7910 - return -ENODEV;
7911 -
7912 -- percpu_down_write(&cgroup_threadgroup_rwsem);
7913 -+retry_find_task:
7914 - rcu_read_lock();
7915 - if (pid) {
7916 - tsk = find_task_by_vpid(pid);
7917 - if (!tsk) {
7918 -+ rcu_read_unlock();
7919 - ret = -ESRCH;
7920 -- goto out_unlock_rcu;
7921 -+ goto out_unlock_cgroup;
7922 - }
7923 - } else {
7924 - tsk = current;
7925 -@@ -2474,23 +2513,37 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
7926 - */
7927 - if (tsk == kthreadd_task || (tsk->flags & PF_NO_SETAFFINITY)) {
7928 - ret = -EINVAL;
7929 -- goto out_unlock_rcu;
7930 -+ rcu_read_unlock();
7931 -+ goto out_unlock_cgroup;
7932 - }
7933 -
7934 - get_task_struct(tsk);
7935 - rcu_read_unlock();
7936 -
7937 -+ threadgroup_lock(tsk);
7938 -+ if (threadgroup) {
7939 -+ if (!thread_group_leader(tsk)) {
7940 -+ /*
7941 -+ * a race with de_thread from another thread's exec()
7942 -+ * may strip us of our leadership, if this happens,
7943 -+ * there is no choice but to throw this task away and
7944 -+ * try again; this is
7945 -+ * "double-double-toil-and-trouble-check locking".
7946 -+ */
7947 -+ threadgroup_unlock(tsk);
7948 -+ put_task_struct(tsk);
7949 -+ goto retry_find_task;
7950 -+ }
7951 -+ }
7952 -+
7953 - ret = cgroup_procs_write_permission(tsk, cgrp, of);
7954 - if (!ret)
7955 - ret = cgroup_attach_task(cgrp, tsk, threadgroup);
7956 -
7957 -- put_task_struct(tsk);
7958 -- goto out_unlock_threadgroup;
7959 -+ threadgroup_unlock(tsk);
7960 -
7961 --out_unlock_rcu:
7962 -- rcu_read_unlock();
7963 --out_unlock_threadgroup:
7964 -- percpu_up_write(&cgroup_threadgroup_rwsem);
7965 -+ put_task_struct(tsk);
7966 -+out_unlock_cgroup:
7967 - cgroup_kn_unlock(of->kn);
7968 - return ret ?: nbytes;
7969 - }
7970 -@@ -2635,8 +2688,6 @@ static int cgroup_update_dfl_csses(struct cgroup *cgrp)
7971 -
7972 - lockdep_assert_held(&cgroup_mutex);
7973 -
7974 -- percpu_down_write(&cgroup_threadgroup_rwsem);
7975 --
7976 - /* look up all csses currently attached to @cgrp's subtree */
7977 - down_read(&css_set_rwsem);
7978 - css_for_each_descendant_pre(css, cgroup_css(cgrp, NULL)) {
7979 -@@ -2692,8 +2743,17 @@ static int cgroup_update_dfl_csses(struct cgroup *cgrp)
7980 - goto out_finish;
7981 - last_task = task;
7982 -
7983 -+ threadgroup_lock(task);
7984 -+ /* raced against de_thread() from another thread? */
7985 -+ if (!thread_group_leader(task)) {
7986 -+ threadgroup_unlock(task);
7987 -+ put_task_struct(task);
7988 -+ continue;
7989 -+ }
7990 -+
7991 - ret = cgroup_migrate(src_cset->dfl_cgrp, task, true);
7992 -
7993 -+ threadgroup_unlock(task);
7994 - put_task_struct(task);
7995 -
7996 - if (WARN(ret, "cgroup: failed to update controllers for the default hierarchy (%d), further operations may crash or hang\n", ret))
7997 -@@ -2703,7 +2763,6 @@ static int cgroup_update_dfl_csses(struct cgroup *cgrp)
7998 -
7999 - out_finish:
8000 - cgroup_migrate_finish(&preloaded_csets);
8001 -- percpu_up_write(&cgroup_threadgroup_rwsem);
8002 - return ret;
8003 - }
8004 -
8005 -@@ -5013,7 +5072,6 @@ int __init cgroup_init(void)
8006 - unsigned long key;
8007 - int ssid, err;
8008 -
8009 -- BUG_ON(percpu_init_rwsem(&cgroup_threadgroup_rwsem));
8010 - BUG_ON(cgroup_init_cftypes(NULL, cgroup_dfl_base_files));
8011 - BUG_ON(cgroup_init_cftypes(NULL, cgroup_legacy_base_files));
8012 -
8013 -diff --git a/kernel/fork.c b/kernel/fork.c
8014 -index 26a70dc..e769c8c 100644
8015 ---- a/kernel/fork.c
8016 -+++ b/kernel/fork.c
8017 -@@ -1146,6 +1146,10 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
8018 - tty_audit_fork(sig);
8019 - sched_autogroup_fork(sig);
8020 -
8021 -+#ifdef CONFIG_CGROUPS
8022 -+ init_rwsem(&sig->group_rwsem);
8023 -+#endif
8024 -+
8025 - sig->oom_score_adj = current->signal->oom_score_adj;
8026 - sig->oom_score_adj_min = current->signal->oom_score_adj_min;
8027 -
8028 -diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c
8029 -index 0e97c14..4e6267a 100644
8030 ---- a/kernel/irq/proc.c
8031 -+++ b/kernel/irq/proc.c
8032 -@@ -12,6 +12,7 @@
8033 - #include <linux/seq_file.h>
8034 - #include <linux/interrupt.h>
8035 - #include <linux/kernel_stat.h>
8036 -+#include <linux/mutex.h>
8037 -
8038 - #include "internals.h"
8039 -
8040 -@@ -323,18 +324,29 @@ void register_handler_proc(unsigned int irq, struct irqaction *action)
8041 -
8042 - void register_irq_proc(unsigned int irq, struct irq_desc *desc)
8043 - {
8044 -+ static DEFINE_MUTEX(register_lock);
8045 - char name [MAX_NAMELEN];
8046 -
8047 -- if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip) || desc->dir)
8048 -+ if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip))
8049 - return;
8050 -
8051 -+ /*
8052 -+ * irq directories are registered only when a handler is
8053 -+ * added, not when the descriptor is created, so multiple
8054 -+ * tasks might try to register at the same time.
8055 -+ */
8056 -+ mutex_lock(&register_lock);
8057 -+
8058 -+ if (desc->dir)
8059 -+ goto out_unlock;
8060 -+
8061 - memset(name, 0, MAX_NAMELEN);
8062 - sprintf(name, "%d", irq);
8063 -
8064 - /* create /proc/irq/1234 */
8065 - desc->dir = proc_mkdir(name, root_irq_dir);
8066 - if (!desc->dir)
8067 -- return;
8068 -+ goto out_unlock;
8069 -
8070 - #ifdef CONFIG_SMP
8071 - /* create /proc/irq/<irq>/smp_affinity */
8072 -@@ -355,6 +367,9 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc)
8073 -
8074 - proc_create_data("spurious", 0444, desc->dir,
8075 - &irq_spurious_proc_fops, (void *)(long)irq);
8076 -+
8077 -+out_unlock:
8078 -+ mutex_unlock(&register_lock);
8079 - }
8080 -
8081 - void unregister_irq_proc(unsigned int irq, struct irq_desc *desc)
8082 -diff --git a/kernel/locking/qspinlock.c b/kernel/locking/qspinlock.c
8083 -index 38c4920..8ed0161 100644
8084 ---- a/kernel/locking/qspinlock.c
8085 -+++ b/kernel/locking/qspinlock.c
8086 -@@ -289,7 +289,7 @@ void queued_spin_lock_slowpath(struct qspinlock *lock, u32 val)
8087 - if (pv_enabled())
8088 - goto queue;
8089 -
8090 -- if (virt_queued_spin_lock(lock))
8091 -+ if (virt_spin_lock(lock))
8092 - return;
8093 -
8094 - /*
8095 -diff --git a/kernel/sched/core.c b/kernel/sched/core.c
8096 -index e967343..6776631 100644
8097 ---- a/kernel/sched/core.c
8098 -+++ b/kernel/sched/core.c
8099 -@@ -2461,11 +2461,11 @@ static struct rq *finish_task_switch(struct task_struct *prev)
8100 - * If a task dies, then it sets TASK_DEAD in tsk->state and calls
8101 - * schedule one last time. The schedule call will never return, and
8102 - * the scheduled task must drop that reference.
8103 -- * The test for TASK_DEAD must occur while the runqueue locks are
8104 -- * still held, otherwise prev could be scheduled on another cpu, die
8105 -- * there before we look at prev->state, and then the reference would
8106 -- * be dropped twice.
8107 -- * Manfred Spraul <manfred@××××××××××××.com>
8108 -+ *
8109 -+ * We must observe prev->state before clearing prev->on_cpu (in
8110 -+ * finish_lock_switch), otherwise a concurrent wakeup can get prev
8111 -+ * running on another CPU and we could rave with its RUNNING -> DEAD
8112 -+ * transition, resulting in a double drop.
8113 - */
8114 - prev_state = prev->state;
8115 - vtime_task_switch(prev);
8116 -@@ -2614,13 +2614,20 @@ unsigned long nr_running(void)
8117 -
8118 - /*
8119 - * Check if only the current task is running on the cpu.
8120 -+ *
8121 -+ * Caution: this function does not check that the caller has disabled
8122 -+ * preemption, thus the result might have a time-of-check-to-time-of-use
8123 -+ * race. The caller is responsible to use it correctly, for example:
8124 -+ *
8125 -+ * - from a non-preemptable section (of course)
8126 -+ *
8127 -+ * - from a thread that is bound to a single CPU
8128 -+ *
8129 -+ * - in a loop with very short iterations (e.g. a polling loop)
8130 - */
8131 - bool single_task_running(void)
8132 - {
8133 -- if (cpu_rq(smp_processor_id())->nr_running == 1)
8134 -- return true;
8135 -- else
8136 -- return false;
8137 -+ return raw_rq()->nr_running == 1;
8138 - }
8139 - EXPORT_SYMBOL(single_task_running);
8140 -
8141 -@@ -4492,7 +4499,7 @@ SYSCALL_DEFINE0(sched_yield)
8142 -
8143 - int __sched _cond_resched(void)
8144 - {
8145 -- if (should_resched()) {
8146 -+ if (should_resched(0)) {
8147 - preempt_schedule_common();
8148 - return 1;
8149 - }
8150 -@@ -4510,7 +4517,7 @@ EXPORT_SYMBOL(_cond_resched);
8151 - */
8152 - int __cond_resched_lock(spinlock_t *lock)
8153 - {
8154 -- int resched = should_resched();
8155 -+ int resched = should_resched(PREEMPT_LOCK_OFFSET);
8156 - int ret = 0;
8157 -
8158 - lockdep_assert_held(lock);
8159 -@@ -4532,7 +4539,7 @@ int __sched __cond_resched_softirq(void)
8160 - {
8161 - BUG_ON(!in_softirq());
8162 -
8163 -- if (should_resched()) {
8164 -+ if (should_resched(SOFTIRQ_DISABLE_OFFSET)) {
8165 - local_bh_enable();
8166 - preempt_schedule_common();
8167 - local_bh_disable();
8168 -diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
8169 -index 84d4879..08ab96b 100644
8170 ---- a/kernel/sched/sched.h
8171 -+++ b/kernel/sched/sched.h
8172 -@@ -1091,9 +1091,10 @@ static inline void finish_lock_switch(struct rq *rq, struct task_struct *prev)
8173 - * After ->on_cpu is cleared, the task can be moved to a different CPU.
8174 - * We must ensure this doesn't happen until the switch is completely
8175 - * finished.
8176 -+ *
8177 -+ * Pairs with the control dependency and rmb in try_to_wake_up().
8178 - */
8179 -- smp_wmb();
8180 -- prev->on_cpu = 0;
8181 -+ smp_store_release(&prev->on_cpu, 0);
8182 - #endif
8183 - #ifdef CONFIG_DEBUG_SPINLOCK
8184 - /* this is a valid case when another task releases the spinlock */
8185 -diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
8186 -index 841b72f..3a38775 100644
8187 ---- a/kernel/time/clocksource.c
8188 -+++ b/kernel/time/clocksource.c
8189 -@@ -217,7 +217,7 @@ static void clocksource_watchdog(unsigned long data)
8190 - continue;
8191 -
8192 - /* Check the deviation from the watchdog clocksource. */
8193 -- if ((abs(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD)) {
8194 -+ if (abs64(cs_nsec - wd_nsec) > WATCHDOG_THRESHOLD) {
8195 - pr_warn("timekeeping watchdog: Marking clocksource '%s' as unstable because the skew is too large:\n",
8196 - cs->name);
8197 - pr_warn(" '%s' wd_now: %llx wd_last: %llx mask: %llx\n",
8198 -diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
8199 -index bca3667..a20d411 100644
8200 ---- a/kernel/time/timekeeping.c
8201 -+++ b/kernel/time/timekeeping.c
8202 -@@ -1607,7 +1607,7 @@ static __always_inline void timekeeping_freqadjust(struct timekeeper *tk,
8203 - negative = (tick_error < 0);
8204 -
8205 - /* Sort out the magnitude of the correction */
8206 -- tick_error = abs(tick_error);
8207 -+ tick_error = abs64(tick_error);
8208 - for (adj = 0; tick_error > interval; adj++)
8209 - tick_error >>= 1;
8210 -
8211 -diff --git a/lib/iommu-common.c b/lib/iommu-common.c
8212 -index ff19f66..b1c93e9 100644
8213 ---- a/lib/iommu-common.c
8214 -+++ b/lib/iommu-common.c
8215 -@@ -21,8 +21,7 @@ static DEFINE_PER_CPU(unsigned int, iommu_hash_common);
8216 -
8217 - static inline bool need_flush(struct iommu_map_table *iommu)
8218 - {
8219 -- return (iommu->lazy_flush != NULL &&
8220 -- (iommu->flags & IOMMU_NEED_FLUSH) != 0);
8221 -+ return ((iommu->flags & IOMMU_NEED_FLUSH) != 0);
8222 - }
8223 -
8224 - static inline void set_flush(struct iommu_map_table *iommu)
8225 -@@ -211,7 +210,8 @@ unsigned long iommu_tbl_range_alloc(struct device *dev,
8226 - goto bail;
8227 - }
8228 - }
8229 -- if (n < pool->hint || need_flush(iommu)) {
8230 -+ if (iommu->lazy_flush &&
8231 -+ (n < pool->hint || need_flush(iommu))) {
8232 - clear_flush(iommu);
8233 - iommu->lazy_flush(iommu);
8234 - }
8235 -diff --git a/mm/hugetlb.c b/mm/hugetlb.c
8236 -index a8c3087..62c1ec5 100644
8237 ---- a/mm/hugetlb.c
8238 -+++ b/mm/hugetlb.c
8239 -@@ -2974,6 +2974,14 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
8240 - continue;
8241 -
8242 - /*
8243 -+ * Shared VMAs have their own reserves and do not affect
8244 -+ * MAP_PRIVATE accounting but it is possible that a shared
8245 -+ * VMA is using the same page so check and skip such VMAs.
8246 -+ */
8247 -+ if (iter_vma->vm_flags & VM_MAYSHARE)
8248 -+ continue;
8249 -+
8250 -+ /*
8251 - * Unmap the page from other VMAs without their own reserves.
8252 - * They get marked to be SIGKILLed if they fault in these
8253 - * areas. This is because a future no-page fault on this VMA
8254 -diff --git a/mm/memcontrol.c b/mm/memcontrol.c
8255 -index acb93c5..237d468 100644
8256 ---- a/mm/memcontrol.c
8257 -+++ b/mm/memcontrol.c
8258 -@@ -806,12 +806,14 @@ mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_zone *mctz)
8259 - }
8260 -
8261 - /*
8262 -+ * Return page count for single (non recursive) @memcg.
8263 -+ *
8264 - * Implementation Note: reading percpu statistics for memcg.
8265 - *
8266 - * Both of vmstat[] and percpu_counter has threshold and do periodic
8267 - * synchronization to implement "quick" read. There are trade-off between
8268 - * reading cost and precision of value. Then, we may have a chance to implement
8269 -- * a periodic synchronizion of counter in memcg's counter.
8270 -+ * a periodic synchronization of counter in memcg's counter.
8271 - *
8272 - * But this _read() function is used for user interface now. The user accounts
8273 - * memory usage by memory cgroup and he _always_ requires exact value because
8274 -@@ -821,17 +823,24 @@ mem_cgroup_largest_soft_limit_node(struct mem_cgroup_tree_per_zone *mctz)
8275 - *
8276 - * If there are kernel internal actions which can make use of some not-exact
8277 - * value, and reading all cpu value can be performance bottleneck in some
8278 -- * common workload, threashold and synchonization as vmstat[] should be
8279 -+ * common workload, threshold and synchronization as vmstat[] should be
8280 - * implemented.
8281 - */
8282 --static long mem_cgroup_read_stat(struct mem_cgroup *memcg,
8283 -- enum mem_cgroup_stat_index idx)
8284 -+static unsigned long
8285 -+mem_cgroup_read_stat(struct mem_cgroup *memcg, enum mem_cgroup_stat_index idx)
8286 - {
8287 - long val = 0;
8288 - int cpu;
8289 -
8290 -+ /* Per-cpu values can be negative, use a signed accumulator */
8291 - for_each_possible_cpu(cpu)
8292 - val += per_cpu(memcg->stat->count[idx], cpu);
8293 -+ /*
8294 -+ * Summing races with updates, so val may be negative. Avoid exposing
8295 -+ * transient negative values.
8296 -+ */
8297 -+ if (val < 0)
8298 -+ val = 0;
8299 - return val;
8300 - }
8301 -
8302 -@@ -1498,7 +1507,7 @@ void mem_cgroup_print_oom_info(struct mem_cgroup *memcg, struct task_struct *p)
8303 - for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
8304 - if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
8305 - continue;
8306 -- pr_cont(" %s:%ldKB", mem_cgroup_stat_names[i],
8307 -+ pr_cont(" %s:%luKB", mem_cgroup_stat_names[i],
8308 - K(mem_cgroup_read_stat(iter, i)));
8309 - }
8310 -
8311 -@@ -3119,14 +3128,11 @@ static unsigned long tree_stat(struct mem_cgroup *memcg,
8312 - enum mem_cgroup_stat_index idx)
8313 - {
8314 - struct mem_cgroup *iter;
8315 -- long val = 0;
8316 -+ unsigned long val = 0;
8317 -
8318 -- /* Per-cpu values can be negative, use a signed accumulator */
8319 - for_each_mem_cgroup_tree(iter, memcg)
8320 - val += mem_cgroup_read_stat(iter, idx);
8321 -
8322 -- if (val < 0) /* race ? */
8323 -- val = 0;
8324 - return val;
8325 - }
8326 -
8327 -@@ -3469,7 +3475,7 @@ static int memcg_stat_show(struct seq_file *m, void *v)
8328 - for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
8329 - if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
8330 - continue;
8331 -- seq_printf(m, "%s %ld\n", mem_cgroup_stat_names[i],
8332 -+ seq_printf(m, "%s %lu\n", mem_cgroup_stat_names[i],
8333 - mem_cgroup_read_stat(memcg, i) * PAGE_SIZE);
8334 - }
8335 -
8336 -@@ -3494,13 +3500,13 @@ static int memcg_stat_show(struct seq_file *m, void *v)
8337 - (u64)memsw * PAGE_SIZE);
8338 -
8339 - for (i = 0; i < MEM_CGROUP_STAT_NSTATS; i++) {
8340 -- long long val = 0;
8341 -+ unsigned long long val = 0;
8342 -
8343 - if (i == MEM_CGROUP_STAT_SWAP && !do_swap_account)
8344 - continue;
8345 - for_each_mem_cgroup_tree(mi, memcg)
8346 - val += mem_cgroup_read_stat(mi, i) * PAGE_SIZE;
8347 -- seq_printf(m, "total_%s %lld\n", mem_cgroup_stat_names[i], val);
8348 -+ seq_printf(m, "total_%s %llu\n", mem_cgroup_stat_names[i], val);
8349 - }
8350 -
8351 - for (i = 0; i < MEM_CGROUP_EVENTS_NSTATS; i++) {
8352 -diff --git a/mm/migrate.c b/mm/migrate.c
8353 -index eb42671..fcb6204 100644
8354 ---- a/mm/migrate.c
8355 -+++ b/mm/migrate.c
8356 -@@ -734,6 +734,15 @@ static int move_to_new_page(struct page *newpage, struct page *page,
8357 - if (PageSwapBacked(page))
8358 - SetPageSwapBacked(newpage);
8359 -
8360 -+ /*
8361 -+ * Indirectly called below, migrate_page_copy() copies PG_dirty and thus
8362 -+ * needs newpage's memcg set to transfer memcg dirty page accounting.
8363 -+ * So perform memcg migration in two steps:
8364 -+ * 1. set newpage->mem_cgroup (here)
8365 -+ * 2. clear page->mem_cgroup (below)
8366 -+ */
8367 -+ set_page_memcg(newpage, page_memcg(page));
8368 -+
8369 - mapping = page_mapping(page);
8370 - if (!mapping)
8371 - rc = migrate_page(mapping, newpage, page, mode);
8372 -@@ -750,9 +759,10 @@ static int move_to_new_page(struct page *newpage, struct page *page,
8373 - rc = fallback_migrate_page(mapping, newpage, page, mode);
8374 -
8375 - if (rc != MIGRATEPAGE_SUCCESS) {
8376 -+ set_page_memcg(newpage, NULL);
8377 - newpage->mapping = NULL;
8378 - } else {
8379 -- mem_cgroup_migrate(page, newpage, false);
8380 -+ set_page_memcg(page, NULL);
8381 - if (page_was_mapped)
8382 - remove_migration_ptes(page, newpage);
8383 - page->mapping = NULL;
8384 -@@ -1068,7 +1078,7 @@ out:
8385 - if (rc != MIGRATEPAGE_SUCCESS && put_new_page)
8386 - put_new_page(new_hpage, private);
8387 - else
8388 -- put_page(new_hpage);
8389 -+ putback_active_hugepage(new_hpage);
8390 -
8391 - if (result) {
8392 - if (rc)
8393 -diff --git a/mm/slab.c b/mm/slab.c
8394 -index bbd0b47..ae36028 100644
8395 ---- a/mm/slab.c
8396 -+++ b/mm/slab.c
8397 -@@ -2190,9 +2190,16 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
8398 - size += BYTES_PER_WORD;
8399 - }
8400 - #if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC)
8401 -- if (size >= kmalloc_size(INDEX_NODE + 1)
8402 -- && cachep->object_size > cache_line_size()
8403 -- && ALIGN(size, cachep->align) < PAGE_SIZE) {
8404 -+ /*
8405 -+ * To activate debug pagealloc, off-slab management is necessary
8406 -+ * requirement. In early phase of initialization, small sized slab
8407 -+ * doesn't get initialized so it would not be possible. So, we need
8408 -+ * to check size >= 256. It guarantees that all necessary small
8409 -+ * sized slab is initialized in current slab initialization sequence.
8410 -+ */
8411 -+ if (!slab_early_init && size >= kmalloc_size(INDEX_NODE) &&
8412 -+ size >= 256 && cachep->object_size > cache_line_size() &&
8413 -+ ALIGN(size, cachep->align) < PAGE_SIZE) {
8414 - cachep->obj_offset += PAGE_SIZE - ALIGN(size, cachep->align);
8415 - size = PAGE_SIZE;
8416 - }
8417 -diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
8418 -index 6d0b471..cc7d87d 100644
8419 ---- a/net/batman-adv/distributed-arp-table.c
8420 -+++ b/net/batman-adv/distributed-arp-table.c
8421 -@@ -19,6 +19,7 @@
8422 - #include "main.h"
8423 -
8424 - #include <linux/atomic.h>
8425 -+#include <linux/bitops.h>
8426 - #include <linux/byteorder/generic.h>
8427 - #include <linux/errno.h>
8428 - #include <linux/etherdevice.h>
8429 -@@ -453,7 +454,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
8430 - int j;
8431 -
8432 - /* check if orig node candidate is running DAT */
8433 -- if (!(candidate->capabilities & BATADV_ORIG_CAPA_HAS_DAT))
8434 -+ if (!test_bit(BATADV_ORIG_CAPA_HAS_DAT, &candidate->capabilities))
8435 - goto out;
8436 -
8437 - /* Check if this node has already been selected... */
8438 -@@ -713,9 +714,9 @@ static void batadv_dat_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
8439 - uint16_t tvlv_value_len)
8440 - {
8441 - if (flags & BATADV_TVLV_HANDLER_OGM_CIFNOTFND)
8442 -- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_DAT;
8443 -+ clear_bit(BATADV_ORIG_CAPA_HAS_DAT, &orig->capabilities);
8444 - else
8445 -- orig->capabilities |= BATADV_ORIG_CAPA_HAS_DAT;
8446 -+ set_bit(BATADV_ORIG_CAPA_HAS_DAT, &orig->capabilities);
8447 - }
8448 -
8449 - /**
8450 -diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c
8451 -index 7aa480b..68a9554 100644
8452 ---- a/net/batman-adv/multicast.c
8453 -+++ b/net/batman-adv/multicast.c
8454 -@@ -19,6 +19,8 @@
8455 - #include "main.h"
8456 -
8457 - #include <linux/atomic.h>
8458 -+#include <linux/bitops.h>
8459 -+#include <linux/bug.h>
8460 - #include <linux/byteorder/generic.h>
8461 - #include <linux/errno.h>
8462 - #include <linux/etherdevice.h>
8463 -@@ -588,19 +590,26 @@ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb,
8464 - *
8465 - * If the BATADV_MCAST_WANT_ALL_UNSNOOPABLES flag of this originator,
8466 - * orig, has toggled then this method updates counter and list accordingly.
8467 -+ *
8468 -+ * Caller needs to hold orig->mcast_handler_lock.
8469 - */
8470 - static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv,
8471 - struct batadv_orig_node *orig,
8472 - uint8_t mcast_flags)
8473 - {
8474 -+ struct hlist_node *node = &orig->mcast_want_all_unsnoopables_node;
8475 -+ struct hlist_head *head = &bat_priv->mcast.want_all_unsnoopables_list;
8476 -+
8477 - /* switched from flag unset to set */
8478 - if (mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES &&
8479 - !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES)) {
8480 - atomic_inc(&bat_priv->mcast.num_want_all_unsnoopables);
8481 -
8482 - spin_lock_bh(&bat_priv->mcast.want_lists_lock);
8483 -- hlist_add_head_rcu(&orig->mcast_want_all_unsnoopables_node,
8484 -- &bat_priv->mcast.want_all_unsnoopables_list);
8485 -+ /* flag checks above + mcast_handler_lock prevents this */
8486 -+ WARN_ON(!hlist_unhashed(node));
8487 -+
8488 -+ hlist_add_head_rcu(node, head);
8489 - spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
8490 - /* switched from flag set to unset */
8491 - } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES) &&
8492 -@@ -608,7 +617,10 @@ static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv,
8493 - atomic_dec(&bat_priv->mcast.num_want_all_unsnoopables);
8494 -
8495 - spin_lock_bh(&bat_priv->mcast.want_lists_lock);
8496 -- hlist_del_rcu(&orig->mcast_want_all_unsnoopables_node);
8497 -+ /* flag checks above + mcast_handler_lock prevents this */
8498 -+ WARN_ON(hlist_unhashed(node));
8499 -+
8500 -+ hlist_del_init_rcu(node);
8501 - spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
8502 - }
8503 - }
8504 -@@ -621,19 +633,26 @@ static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv,
8505 - *
8506 - * If the BATADV_MCAST_WANT_ALL_IPV4 flag of this originator, orig, has
8507 - * toggled then this method updates counter and list accordingly.
8508 -+ *
8509 -+ * Caller needs to hold orig->mcast_handler_lock.
8510 - */
8511 - static void batadv_mcast_want_ipv4_update(struct batadv_priv *bat_priv,
8512 - struct batadv_orig_node *orig,
8513 - uint8_t mcast_flags)
8514 - {
8515 -+ struct hlist_node *node = &orig->mcast_want_all_ipv4_node;
8516 -+ struct hlist_head *head = &bat_priv->mcast.want_all_ipv4_list;
8517 -+
8518 - /* switched from flag unset to set */
8519 - if (mcast_flags & BATADV_MCAST_WANT_ALL_IPV4 &&
8520 - !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_IPV4)) {
8521 - atomic_inc(&bat_priv->mcast.num_want_all_ipv4);
8522 -
8523 - spin_lock_bh(&bat_priv->mcast.want_lists_lock);
8524 -- hlist_add_head_rcu(&orig->mcast_want_all_ipv4_node,
8525 -- &bat_priv->mcast.want_all_ipv4_list);
8526 -+ /* flag checks above + mcast_handler_lock prevents this */
8527 -+ WARN_ON(!hlist_unhashed(node));
8528 -+
8529 -+ hlist_add_head_rcu(node, head);
8530 - spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
8531 - /* switched from flag set to unset */
8532 - } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_IPV4) &&
8533 -@@ -641,7 +660,10 @@ static void batadv_mcast_want_ipv4_update(struct batadv_priv *bat_priv,
8534 - atomic_dec(&bat_priv->mcast.num_want_all_ipv4);
8535 -
8536 - spin_lock_bh(&bat_priv->mcast.want_lists_lock);
8537 -- hlist_del_rcu(&orig->mcast_want_all_ipv4_node);
8538 -+ /* flag checks above + mcast_handler_lock prevents this */
8539 -+ WARN_ON(hlist_unhashed(node));
8540 -+
8541 -+ hlist_del_init_rcu(node);
8542 - spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
8543 - }
8544 - }
8545 -@@ -654,19 +676,26 @@ static void batadv_mcast_want_ipv4_update(struct batadv_priv *bat_priv,
8546 - *
8547 - * If the BATADV_MCAST_WANT_ALL_IPV6 flag of this originator, orig, has
8548 - * toggled then this method updates counter and list accordingly.
8549 -+ *
8550 -+ * Caller needs to hold orig->mcast_handler_lock.
8551 - */
8552 - static void batadv_mcast_want_ipv6_update(struct batadv_priv *bat_priv,
8553 - struct batadv_orig_node *orig,
8554 - uint8_t mcast_flags)
8555 - {
8556 -+ struct hlist_node *node = &orig->mcast_want_all_ipv6_node;
8557 -+ struct hlist_head *head = &bat_priv->mcast.want_all_ipv6_list;
8558 -+
8559 - /* switched from flag unset to set */
8560 - if (mcast_flags & BATADV_MCAST_WANT_ALL_IPV6 &&
8561 - !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_IPV6)) {
8562 - atomic_inc(&bat_priv->mcast.num_want_all_ipv6);
8563 -
8564 - spin_lock_bh(&bat_priv->mcast.want_lists_lock);
8565 -- hlist_add_head_rcu(&orig->mcast_want_all_ipv6_node,
8566 -- &bat_priv->mcast.want_all_ipv6_list);
8567 -+ /* flag checks above + mcast_handler_lock prevents this */
8568 -+ WARN_ON(!hlist_unhashed(node));
8569 -+
8570 -+ hlist_add_head_rcu(node, head);
8571 - spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
8572 - /* switched from flag set to unset */
8573 - } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_IPV6) &&
8574 -@@ -674,7 +703,10 @@ static void batadv_mcast_want_ipv6_update(struct batadv_priv *bat_priv,
8575 - atomic_dec(&bat_priv->mcast.num_want_all_ipv6);
8576 -
8577 - spin_lock_bh(&bat_priv->mcast.want_lists_lock);
8578 -- hlist_del_rcu(&orig->mcast_want_all_ipv6_node);
8579 -+ /* flag checks above + mcast_handler_lock prevents this */
8580 -+ WARN_ON(hlist_unhashed(node));
8581 -+
8582 -+ hlist_del_init_rcu(node);
8583 - spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
8584 - }
8585 - }
8586 -@@ -697,39 +729,42 @@ static void batadv_mcast_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
8587 - uint8_t mcast_flags = BATADV_NO_FLAGS;
8588 - bool orig_initialized;
8589 -
8590 -- orig_initialized = orig->capa_initialized & BATADV_ORIG_CAPA_HAS_MCAST;
8591 -+ if (orig_mcast_enabled && tvlv_value &&
8592 -+ (tvlv_value_len >= sizeof(mcast_flags)))
8593 -+ mcast_flags = *(uint8_t *)tvlv_value;
8594 -+
8595 -+ spin_lock_bh(&orig->mcast_handler_lock);
8596 -+ orig_initialized = test_bit(BATADV_ORIG_CAPA_HAS_MCAST,
8597 -+ &orig->capa_initialized);
8598 -
8599 - /* If mcast support is turned on decrease the disabled mcast node
8600 - * counter only if we had increased it for this node before. If this
8601 - * is a completely new orig_node no need to decrease the counter.
8602 - */
8603 - if (orig_mcast_enabled &&
8604 -- !(orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST)) {
8605 -+ !test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities)) {
8606 - if (orig_initialized)
8607 - atomic_dec(&bat_priv->mcast.num_disabled);
8608 -- orig->capabilities |= BATADV_ORIG_CAPA_HAS_MCAST;
8609 -+ set_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities);
8610 - /* If mcast support is being switched off or if this is an initial
8611 - * OGM without mcast support then increase the disabled mcast
8612 - * node counter.
8613 - */
8614 - } else if (!orig_mcast_enabled &&
8615 -- (orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST ||
8616 -+ (test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities) ||
8617 - !orig_initialized)) {
8618 - atomic_inc(&bat_priv->mcast.num_disabled);
8619 -- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_MCAST;
8620 -+ clear_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities);
8621 - }
8622 -
8623 -- orig->capa_initialized |= BATADV_ORIG_CAPA_HAS_MCAST;
8624 --
8625 -- if (orig_mcast_enabled && tvlv_value &&
8626 -- (tvlv_value_len >= sizeof(mcast_flags)))
8627 -- mcast_flags = *(uint8_t *)tvlv_value;
8628 -+ set_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capa_initialized);
8629 -
8630 - batadv_mcast_want_unsnoop_update(bat_priv, orig, mcast_flags);
8631 - batadv_mcast_want_ipv4_update(bat_priv, orig, mcast_flags);
8632 - batadv_mcast_want_ipv6_update(bat_priv, orig, mcast_flags);
8633 -
8634 - orig->mcast_flags = mcast_flags;
8635 -+ spin_unlock_bh(&orig->mcast_handler_lock);
8636 - }
8637 -
8638 - /**
8639 -@@ -763,11 +798,15 @@ void batadv_mcast_purge_orig(struct batadv_orig_node *orig)
8640 - {
8641 - struct batadv_priv *bat_priv = orig->bat_priv;
8642 -
8643 -- if (!(orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST) &&
8644 -- orig->capa_initialized & BATADV_ORIG_CAPA_HAS_MCAST)
8645 -+ spin_lock_bh(&orig->mcast_handler_lock);
8646 -+
8647 -+ if (!test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities) &&
8648 -+ test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capa_initialized))
8649 - atomic_dec(&bat_priv->mcast.num_disabled);
8650 -
8651 - batadv_mcast_want_unsnoop_update(bat_priv, orig, BATADV_NO_FLAGS);
8652 - batadv_mcast_want_ipv4_update(bat_priv, orig, BATADV_NO_FLAGS);
8653 - batadv_mcast_want_ipv6_update(bat_priv, orig, BATADV_NO_FLAGS);
8654 -+
8655 -+ spin_unlock_bh(&orig->mcast_handler_lock);
8656 - }
8657 -diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
8658 -index f0a50f3..4660401 100644
8659 ---- a/net/batman-adv/network-coding.c
8660 -+++ b/net/batman-adv/network-coding.c
8661 -@@ -19,6 +19,7 @@
8662 - #include "main.h"
8663 -
8664 - #include <linux/atomic.h>
8665 -+#include <linux/bitops.h>
8666 - #include <linux/byteorder/generic.h>
8667 - #include <linux/compiler.h>
8668 - #include <linux/debugfs.h>
8669 -@@ -134,9 +135,9 @@ static void batadv_nc_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
8670 - uint16_t tvlv_value_len)
8671 - {
8672 - if (flags & BATADV_TVLV_HANDLER_OGM_CIFNOTFND)
8673 -- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_NC;
8674 -+ clear_bit(BATADV_ORIG_CAPA_HAS_NC, &orig->capabilities);
8675 - else
8676 -- orig->capabilities |= BATADV_ORIG_CAPA_HAS_NC;
8677 -+ set_bit(BATADV_ORIG_CAPA_HAS_NC, &orig->capabilities);
8678 - }
8679 -
8680 - /**
8681 -@@ -894,7 +895,7 @@ void batadv_nc_update_nc_node(struct batadv_priv *bat_priv,
8682 - goto out;
8683 -
8684 - /* check if orig node is network coding enabled */
8685 -- if (!(orig_node->capabilities & BATADV_ORIG_CAPA_HAS_NC))
8686 -+ if (!test_bit(BATADV_ORIG_CAPA_HAS_NC, &orig_node->capabilities))
8687 - goto out;
8688 -
8689 - /* accept ogms from 'good' neighbors and single hop neighbors */
8690 -diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
8691 -index 018b749..32a0fcf 100644
8692 ---- a/net/batman-adv/originator.c
8693 -+++ b/net/batman-adv/originator.c
8694 -@@ -696,8 +696,13 @@ struct batadv_orig_node *batadv_orig_node_new(struct batadv_priv *bat_priv,
8695 - orig_node->last_seen = jiffies;
8696 - reset_time = jiffies - 1 - msecs_to_jiffies(BATADV_RESET_PROTECTION_MS);
8697 - orig_node->bcast_seqno_reset = reset_time;
8698 -+
8699 - #ifdef CONFIG_BATMAN_ADV_MCAST
8700 - orig_node->mcast_flags = BATADV_NO_FLAGS;
8701 -+ INIT_HLIST_NODE(&orig_node->mcast_want_all_unsnoopables_node);
8702 -+ INIT_HLIST_NODE(&orig_node->mcast_want_all_ipv4_node);
8703 -+ INIT_HLIST_NODE(&orig_node->mcast_want_all_ipv6_node);
8704 -+ spin_lock_init(&orig_node->mcast_handler_lock);
8705 - #endif
8706 -
8707 - /* create a vlan object for the "untagged" LAN */
8708 -diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
8709 -index a2fc843..51cda3a 100644
8710 ---- a/net/batman-adv/soft-interface.c
8711 -+++ b/net/batman-adv/soft-interface.c
8712 -@@ -202,6 +202,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
8713 - int gw_mode;
8714 - enum batadv_forw_mode forw_mode;
8715 - struct batadv_orig_node *mcast_single_orig = NULL;
8716 -+ int network_offset = ETH_HLEN;
8717 -
8718 - if (atomic_read(&bat_priv->mesh_state) != BATADV_MESH_ACTIVE)
8719 - goto dropped;
8720 -@@ -214,14 +215,18 @@ static int batadv_interface_tx(struct sk_buff *skb,
8721 - case ETH_P_8021Q:
8722 - vhdr = vlan_eth_hdr(skb);
8723 -
8724 -- if (vhdr->h_vlan_encapsulated_proto != ethertype)
8725 -+ if (vhdr->h_vlan_encapsulated_proto != ethertype) {
8726 -+ network_offset += VLAN_HLEN;
8727 - break;
8728 -+ }
8729 -
8730 - /* fall through */
8731 - case ETH_P_BATMAN:
8732 - goto dropped;
8733 - }
8734 -
8735 -+ skb_set_network_header(skb, network_offset);
8736 -+
8737 - if (batadv_bla_tx(bat_priv, skb, vid))
8738 - goto dropped;
8739 -
8740 -diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
8741 -index 5809b39..c9b2629 100644
8742 ---- a/net/batman-adv/translation-table.c
8743 -+++ b/net/batman-adv/translation-table.c
8744 -@@ -19,6 +19,7 @@
8745 - #include "main.h"
8746 -
8747 - #include <linux/atomic.h>
8748 -+#include <linux/bitops.h>
8749 - #include <linux/bug.h>
8750 - #include <linux/byteorder/generic.h>
8751 - #include <linux/compiler.h>
8752 -@@ -1882,7 +1883,7 @@ void batadv_tt_global_del_orig(struct batadv_priv *bat_priv,
8753 - }
8754 - spin_unlock_bh(list_lock);
8755 - }
8756 -- orig_node->capa_initialized &= ~BATADV_ORIG_CAPA_HAS_TT;
8757 -+ clear_bit(BATADV_ORIG_CAPA_HAS_TT, &orig_node->capa_initialized);
8758 - }
8759 -
8760 - static bool batadv_tt_global_to_purge(struct batadv_tt_global_entry *tt_global,
8761 -@@ -2841,7 +2842,7 @@ static void _batadv_tt_update_changes(struct batadv_priv *bat_priv,
8762 - return;
8763 - }
8764 - }
8765 -- orig_node->capa_initialized |= BATADV_ORIG_CAPA_HAS_TT;
8766 -+ set_bit(BATADV_ORIG_CAPA_HAS_TT, &orig_node->capa_initialized);
8767 - }
8768 -
8769 - static void batadv_tt_fill_gtable(struct batadv_priv *bat_priv,
8770 -@@ -3343,7 +3344,8 @@ static void batadv_tt_update_orig(struct batadv_priv *bat_priv,
8771 - bool has_tt_init;
8772 -
8773 - tt_vlan = (struct batadv_tvlv_tt_vlan_data *)tt_buff;
8774 -- has_tt_init = orig_node->capa_initialized & BATADV_ORIG_CAPA_HAS_TT;
8775 -+ has_tt_init = test_bit(BATADV_ORIG_CAPA_HAS_TT,
8776 -+ &orig_node->capa_initialized);
8777 -
8778 - /* orig table not initialised AND first diff is in the OGM OR the ttvn
8779 - * increased by one -> we can apply the attached changes
8780 -diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
8781 -index 67d6348..55610a8 100644
8782 ---- a/net/batman-adv/types.h
8783 -+++ b/net/batman-adv/types.h
8784 -@@ -221,6 +221,7 @@ struct batadv_orig_bat_iv {
8785 - * @batadv_dat_addr_t: address of the orig node in the distributed hash
8786 - * @last_seen: time when last packet from this node was received
8787 - * @bcast_seqno_reset: time when the broadcast seqno window was reset
8788 -+ * @mcast_handler_lock: synchronizes mcast-capability and -flag changes
8789 - * @mcast_flags: multicast flags announced by the orig node
8790 - * @mcast_want_all_unsnoop_node: a list node for the
8791 - * mcast.want_all_unsnoopables list
8792 -@@ -268,13 +269,15 @@ struct batadv_orig_node {
8793 - unsigned long last_seen;
8794 - unsigned long bcast_seqno_reset;
8795 - #ifdef CONFIG_BATMAN_ADV_MCAST
8796 -+ /* synchronizes mcast tvlv specific orig changes */
8797 -+ spinlock_t mcast_handler_lock;
8798 - uint8_t mcast_flags;
8799 - struct hlist_node mcast_want_all_unsnoopables_node;
8800 - struct hlist_node mcast_want_all_ipv4_node;
8801 - struct hlist_node mcast_want_all_ipv6_node;
8802 - #endif
8803 -- uint8_t capabilities;
8804 -- uint8_t capa_initialized;
8805 -+ unsigned long capabilities;
8806 -+ unsigned long capa_initialized;
8807 - atomic_t last_ttvn;
8808 - unsigned char *tt_buff;
8809 - int16_t tt_buff_len;
8810 -@@ -313,10 +316,10 @@ struct batadv_orig_node {
8811 - * (= orig node announces a tvlv of type BATADV_TVLV_MCAST)
8812 - */
8813 - enum batadv_orig_capabilities {
8814 -- BATADV_ORIG_CAPA_HAS_DAT = BIT(0),
8815 -- BATADV_ORIG_CAPA_HAS_NC = BIT(1),
8816 -- BATADV_ORIG_CAPA_HAS_TT = BIT(2),
8817 -- BATADV_ORIG_CAPA_HAS_MCAST = BIT(3),
8818 -+ BATADV_ORIG_CAPA_HAS_DAT,
8819 -+ BATADV_ORIG_CAPA_HAS_NC,
8820 -+ BATADV_ORIG_CAPA_HAS_TT,
8821 -+ BATADV_ORIG_CAPA_HAS_MCAST,
8822 - };
8823 -
8824 - /**
8825 -diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
8826 -index ad82324..0510a57 100644
8827 ---- a/net/bluetooth/smp.c
8828 -+++ b/net/bluetooth/smp.c
8829 -@@ -2311,12 +2311,6 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
8830 - if (!conn)
8831 - return 1;
8832 -
8833 -- chan = conn->smp;
8834 -- if (!chan) {
8835 -- BT_ERR("SMP security requested but not available");
8836 -- return 1;
8837 -- }
8838 --
8839 - if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
8840 - return 1;
8841 -
8842 -@@ -2330,6 +2324,12 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
8843 - if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
8844 - return 0;
8845 -
8846 -+ chan = conn->smp;
8847 -+ if (!chan) {
8848 -+ BT_ERR("SMP security requested but not available");
8849 -+ return 1;
8850 -+ }
8851 -+
8852 - l2cap_chan_lock(chan);
8853 -
8854 - /* If SMP is already in progress ignore this request */
8855 -diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
8856 -index afe905c..691b54f 100644
8857 ---- a/net/netfilter/ipset/ip_set_hash_gen.h
8858 -+++ b/net/netfilter/ipset/ip_set_hash_gen.h
8859 -@@ -152,9 +152,13 @@ htable_bits(u32 hashsize)
8860 - #define SET_HOST_MASK(family) (family == AF_INET ? 32 : 128)
8861 -
8862 - #ifdef IP_SET_HASH_WITH_NET0
8863 -+/* cidr from 0 to SET_HOST_MASK() value and c = cidr + 1 */
8864 - #define NLEN(family) (SET_HOST_MASK(family) + 1)
8865 -+#define CIDR_POS(c) ((c) - 1)
8866 - #else
8867 -+/* cidr from 1 to SET_HOST_MASK() value and c = cidr + 1 */
8868 - #define NLEN(family) SET_HOST_MASK(family)
8869 -+#define CIDR_POS(c) ((c) - 2)
8870 - #endif
8871 -
8872 - #else
8873 -@@ -305,7 +309,7 @@ mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n)
8874 - } else if (h->nets[i].cidr[n] < cidr) {
8875 - j = i;
8876 - } else if (h->nets[i].cidr[n] == cidr) {
8877 -- h->nets[cidr - 1].nets[n]++;
8878 -+ h->nets[CIDR_POS(cidr)].nets[n]++;
8879 - return;
8880 - }
8881 - }
8882 -@@ -314,7 +318,7 @@ mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n)
8883 - h->nets[i].cidr[n] = h->nets[i - 1].cidr[n];
8884 - }
8885 - h->nets[i].cidr[n] = cidr;
8886 -- h->nets[cidr - 1].nets[n] = 1;
8887 -+ h->nets[CIDR_POS(cidr)].nets[n] = 1;
8888 - }
8889 -
8890 - static void
8891 -@@ -325,8 +329,8 @@ mtype_del_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n)
8892 - for (i = 0; i < nets_length; i++) {
8893 - if (h->nets[i].cidr[n] != cidr)
8894 - continue;
8895 -- h->nets[cidr - 1].nets[n]--;
8896 -- if (h->nets[cidr - 1].nets[n] > 0)
8897 -+ h->nets[CIDR_POS(cidr)].nets[n]--;
8898 -+ if (h->nets[CIDR_POS(cidr)].nets[n] > 0)
8899 - return;
8900 - for (j = i; j < net_end && h->nets[j].cidr[n]; j++)
8901 - h->nets[j].cidr[n] = h->nets[j + 1].cidr[n];
8902 -diff --git a/net/netfilter/ipset/ip_set_hash_netnet.c b/net/netfilter/ipset/ip_set_hash_netnet.c
8903 -index 3c862c0..a93dfeb 100644
8904 ---- a/net/netfilter/ipset/ip_set_hash_netnet.c
8905 -+++ b/net/netfilter/ipset/ip_set_hash_netnet.c
8906 -@@ -131,6 +131,13 @@ hash_netnet4_data_next(struct hash_netnet4_elem *next,
8907 - #define HOST_MASK 32
8908 - #include "ip_set_hash_gen.h"
8909 -
8910 -+static void
8911 -+hash_netnet4_init(struct hash_netnet4_elem *e)
8912 -+{
8913 -+ e->cidr[0] = HOST_MASK;
8914 -+ e->cidr[1] = HOST_MASK;
8915 -+}
8916 -+
8917 - static int
8918 - hash_netnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
8919 - const struct xt_action_param *par,
8920 -@@ -160,7 +167,7 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
8921 - {
8922 - const struct hash_netnet *h = set->data;
8923 - ipset_adtfn adtfn = set->variant->adt[adt];
8924 -- struct hash_netnet4_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
8925 -+ struct hash_netnet4_elem e = { };
8926 - struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
8927 - u32 ip = 0, ip_to = 0, last;
8928 - u32 ip2 = 0, ip2_from = 0, ip2_to = 0, last2;
8929 -@@ -169,6 +176,7 @@ hash_netnet4_uadt(struct ip_set *set, struct nlattr *tb[],
8930 - if (tb[IPSET_ATTR_LINENO])
8931 - *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
8932 -
8933 -+ hash_netnet4_init(&e);
8934 - if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
8935 - !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
8936 - return -IPSET_ERR_PROTOCOL;
8937 -@@ -357,6 +365,13 @@ hash_netnet6_data_next(struct hash_netnet4_elem *next,
8938 - #define IP_SET_EMIT_CREATE
8939 - #include "ip_set_hash_gen.h"
8940 -
8941 -+static void
8942 -+hash_netnet6_init(struct hash_netnet6_elem *e)
8943 -+{
8944 -+ e->cidr[0] = HOST_MASK;
8945 -+ e->cidr[1] = HOST_MASK;
8946 -+}
8947 -+
8948 - static int
8949 - hash_netnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
8950 - const struct xt_action_param *par,
8951 -@@ -385,13 +400,14 @@ hash_netnet6_uadt(struct ip_set *set, struct nlattr *tb[],
8952 - enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
8953 - {
8954 - ipset_adtfn adtfn = set->variant->adt[adt];
8955 -- struct hash_netnet6_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
8956 -+ struct hash_netnet6_elem e = { };
8957 - struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
8958 - int ret;
8959 -
8960 - if (tb[IPSET_ATTR_LINENO])
8961 - *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
8962 -
8963 -+ hash_netnet6_init(&e);
8964 - if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
8965 - !ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
8966 - return -IPSET_ERR_PROTOCOL;
8967 -diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c
8968 -index 0c68734..9a14c23 100644
8969 ---- a/net/netfilter/ipset/ip_set_hash_netportnet.c
8970 -+++ b/net/netfilter/ipset/ip_set_hash_netportnet.c
8971 -@@ -142,6 +142,13 @@ hash_netportnet4_data_next(struct hash_netportnet4_elem *next,
8972 - #define HOST_MASK 32
8973 - #include "ip_set_hash_gen.h"
8974 -
8975 -+static void
8976 -+hash_netportnet4_init(struct hash_netportnet4_elem *e)
8977 -+{
8978 -+ e->cidr[0] = HOST_MASK;
8979 -+ e->cidr[1] = HOST_MASK;
8980 -+}
8981 -+
8982 - static int
8983 - hash_netportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
8984 - const struct xt_action_param *par,
8985 -@@ -175,7 +182,7 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
8986 - {
8987 - const struct hash_netportnet *h = set->data;
8988 - ipset_adtfn adtfn = set->variant->adt[adt];
8989 -- struct hash_netportnet4_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
8990 -+ struct hash_netportnet4_elem e = { };
8991 - struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
8992 - u32 ip = 0, ip_to = 0, ip_last, p = 0, port, port_to;
8993 - u32 ip2_from = 0, ip2_to = 0, ip2_last, ip2;
8994 -@@ -185,6 +192,7 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
8995 - if (tb[IPSET_ATTR_LINENO])
8996 - *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
8997 -
8998 -+ hash_netportnet4_init(&e);
8999 - if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
9000 - !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
9001 - !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
9002 -@@ -412,6 +420,13 @@ hash_netportnet6_data_next(struct hash_netportnet4_elem *next,
9003 - #define IP_SET_EMIT_CREATE
9004 - #include "ip_set_hash_gen.h"
9005 -
9006 -+static void
9007 -+hash_netportnet6_init(struct hash_netportnet6_elem *e)
9008 -+{
9009 -+ e->cidr[0] = HOST_MASK;
9010 -+ e->cidr[1] = HOST_MASK;
9011 -+}
9012 -+
9013 - static int
9014 - hash_netportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
9015 - const struct xt_action_param *par,
9016 -@@ -445,7 +460,7 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
9017 - {
9018 - const struct hash_netportnet *h = set->data;
9019 - ipset_adtfn adtfn = set->variant->adt[adt];
9020 -- struct hash_netportnet6_elem e = { .cidr = { HOST_MASK, HOST_MASK, }, };
9021 -+ struct hash_netportnet6_elem e = { };
9022 - struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
9023 - u32 port, port_to;
9024 - bool with_ports = false;
9025 -@@ -454,6 +469,7 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[],
9026 - if (tb[IPSET_ATTR_LINENO])
9027 - *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]);
9028 -
9029 -+ hash_netportnet6_init(&e);
9030 - if (unlikely(!tb[IPSET_ATTR_IP] || !tb[IPSET_ATTR_IP2] ||
9031 - !ip_set_attr_netorder(tb, IPSET_ATTR_PORT) ||
9032 - !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) ||
9033 -diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
9034 -index 3c20d02..0625a42 100644
9035 ---- a/net/netfilter/nf_conntrack_core.c
9036 -+++ b/net/netfilter/nf_conntrack_core.c
9037 -@@ -320,12 +320,13 @@ out_free:
9038 - }
9039 - EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc);
9040 -
9041 --static void nf_ct_tmpl_free(struct nf_conn *tmpl)
9042 -+void nf_ct_tmpl_free(struct nf_conn *tmpl)
9043 - {
9044 - nf_ct_ext_destroy(tmpl);
9045 - nf_ct_ext_free(tmpl);
9046 - kfree(tmpl);
9047 - }
9048 -+EXPORT_SYMBOL_GPL(nf_ct_tmpl_free);
9049 -
9050 - static void
9051 - destroy_conntrack(struct nf_conntrack *nfct)
9052 -diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
9053 -index 675d12c..a5d41df 100644
9054 ---- a/net/netfilter/nf_log.c
9055 -+++ b/net/netfilter/nf_log.c
9056 -@@ -107,12 +107,17 @@ EXPORT_SYMBOL(nf_log_register);
9057 -
9058 - void nf_log_unregister(struct nf_logger *logger)
9059 - {
9060 -+ const struct nf_logger *log;
9061 - int i;
9062 -
9063 - mutex_lock(&nf_log_mutex);
9064 -- for (i = 0; i < NFPROTO_NUMPROTO; i++)
9065 -- RCU_INIT_POINTER(loggers[i][logger->type], NULL);
9066 -+ for (i = 0; i < NFPROTO_NUMPROTO; i++) {
9067 -+ log = nft_log_dereference(loggers[i][logger->type]);
9068 -+ if (log == logger)
9069 -+ RCU_INIT_POINTER(loggers[i][logger->type], NULL);
9070 -+ }
9071 - mutex_unlock(&nf_log_mutex);
9072 -+ synchronize_rcu();
9073 - }
9074 - EXPORT_SYMBOL(nf_log_unregister);
9075 -
9076 -diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
9077 -index d7f1685..d6ee8f8 100644
9078 ---- a/net/netfilter/nf_synproxy_core.c
9079 -+++ b/net/netfilter/nf_synproxy_core.c
9080 -@@ -378,7 +378,7 @@ static int __net_init synproxy_net_init(struct net *net)
9081 - err3:
9082 - free_percpu(snet->stats);
9083 - err2:
9084 -- nf_conntrack_free(ct);
9085 -+ nf_ct_tmpl_free(ct);
9086 - err1:
9087 - return err;
9088 - }
9089 -diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
9090 -index 0c0e8ec..70277b1 100644
9091 ---- a/net/netfilter/nfnetlink.c
9092 -+++ b/net/netfilter/nfnetlink.c
9093 -@@ -444,6 +444,7 @@ done:
9094 - static void nfnetlink_rcv(struct sk_buff *skb)
9095 - {
9096 - struct nlmsghdr *nlh = nlmsg_hdr(skb);
9097 -+ u_int16_t res_id;
9098 - int msglen;
9099 -
9100 - if (nlh->nlmsg_len < NLMSG_HDRLEN ||
9101 -@@ -468,7 +469,12 @@ static void nfnetlink_rcv(struct sk_buff *skb)
9102 -
9103 - nfgenmsg = nlmsg_data(nlh);
9104 - skb_pull(skb, msglen);
9105 -- nfnetlink_rcv_batch(skb, nlh, nfgenmsg->res_id);
9106 -+ /* Work around old nft using host byte order */
9107 -+ if (nfgenmsg->res_id == NFNL_SUBSYS_NFTABLES)
9108 -+ res_id = NFNL_SUBSYS_NFTABLES;
9109 -+ else
9110 -+ res_id = ntohs(nfgenmsg->res_id);
9111 -+ nfnetlink_rcv_batch(skb, nlh, res_id);
9112 - } else {
9113 - netlink_rcv_skb(skb, &nfnetlink_rcv_msg);
9114 - }
9115 -diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
9116 -index 66def31..9c8fab0 100644
9117 ---- a/net/netfilter/nft_compat.c
9118 -+++ b/net/netfilter/nft_compat.c
9119 -@@ -619,6 +619,13 @@ struct nft_xt {
9120 -
9121 - static struct nft_expr_type nft_match_type;
9122 -
9123 -+static bool nft_match_cmp(const struct xt_match *match,
9124 -+ const char *name, u32 rev, u32 family)
9125 -+{
9126 -+ return strcmp(match->name, name) == 0 && match->revision == rev &&
9127 -+ (match->family == NFPROTO_UNSPEC || match->family == family);
9128 -+}
9129 -+
9130 - static const struct nft_expr_ops *
9131 - nft_match_select_ops(const struct nft_ctx *ctx,
9132 - const struct nlattr * const tb[])
9133 -@@ -626,7 +633,7 @@ nft_match_select_ops(const struct nft_ctx *ctx,
9134 - struct nft_xt *nft_match;
9135 - struct xt_match *match;
9136 - char *mt_name;
9137 -- __u32 rev, family;
9138 -+ u32 rev, family;
9139 -
9140 - if (tb[NFTA_MATCH_NAME] == NULL ||
9141 - tb[NFTA_MATCH_REV] == NULL ||
9142 -@@ -641,8 +648,7 @@ nft_match_select_ops(const struct nft_ctx *ctx,
9143 - list_for_each_entry(nft_match, &nft_match_list, head) {
9144 - struct xt_match *match = nft_match->ops.data;
9145 -
9146 -- if (strcmp(match->name, mt_name) == 0 &&
9147 -- match->revision == rev && match->family == family) {
9148 -+ if (nft_match_cmp(match, mt_name, rev, family)) {
9149 - if (!try_module_get(match->me))
9150 - return ERR_PTR(-ENOENT);
9151 -
9152 -@@ -693,6 +699,13 @@ static LIST_HEAD(nft_target_list);
9153 -
9154 - static struct nft_expr_type nft_target_type;
9155 -
9156 -+static bool nft_target_cmp(const struct xt_target *tg,
9157 -+ const char *name, u32 rev, u32 family)
9158 -+{
9159 -+ return strcmp(tg->name, name) == 0 && tg->revision == rev &&
9160 -+ (tg->family == NFPROTO_UNSPEC || tg->family == family);
9161 -+}
9162 -+
9163 - static const struct nft_expr_ops *
9164 - nft_target_select_ops(const struct nft_ctx *ctx,
9165 - const struct nlattr * const tb[])
9166 -@@ -700,7 +713,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
9167 - struct nft_xt *nft_target;
9168 - struct xt_target *target;
9169 - char *tg_name;
9170 -- __u32 rev, family;
9171 -+ u32 rev, family;
9172 -
9173 - if (tb[NFTA_TARGET_NAME] == NULL ||
9174 - tb[NFTA_TARGET_REV] == NULL ||
9175 -@@ -715,8 +728,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
9176 - list_for_each_entry(nft_target, &nft_target_list, head) {
9177 - struct xt_target *target = nft_target->ops.data;
9178 -
9179 -- if (strcmp(target->name, tg_name) == 0 &&
9180 -- target->revision == rev && target->family == family) {
9181 -+ if (nft_target_cmp(target, tg_name, rev, family)) {
9182 - if (!try_module_get(target->me))
9183 - return ERR_PTR(-ENOENT);
9184 -
9185 -diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
9186 -index 43ddeee..f3377ce 100644
9187 ---- a/net/netfilter/xt_CT.c
9188 -+++ b/net/netfilter/xt_CT.c
9189 -@@ -233,7 +233,7 @@ out:
9190 - return 0;
9191 -
9192 - err3:
9193 -- nf_conntrack_free(ct);
9194 -+ nf_ct_tmpl_free(ct);
9195 - err2:
9196 - nf_ct_l3proto_module_put(par->family);
9197 - err1:
9198 -diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
9199 -index d25cd43..95412ab 100644
9200 ---- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c
9201 -+++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
9202 -@@ -384,6 +384,7 @@ static int send_reply(struct svcxprt_rdma *rdma,
9203 - int byte_count)
9204 - {
9205 - struct ib_send_wr send_wr;
9206 -+ u32 xdr_off;
9207 - int sge_no;
9208 - int sge_bytes;
9209 - int page_no;
9210 -@@ -418,8 +419,8 @@ static int send_reply(struct svcxprt_rdma *rdma,
9211 - ctxt->direction = DMA_TO_DEVICE;
9212 -
9213 - /* Map the payload indicated by 'byte_count' */
9214 -+ xdr_off = 0;
9215 - for (sge_no = 1; byte_count && sge_no < vec->count; sge_no++) {
9216 -- int xdr_off = 0;
9217 - sge_bytes = min_t(size_t, vec->sge[sge_no].iov_len, byte_count);
9218 - byte_count -= sge_bytes;
9219 - ctxt->sge[sge_no].addr =
9220 -@@ -457,6 +458,13 @@ static int send_reply(struct svcxprt_rdma *rdma,
9221 - }
9222 - rqstp->rq_next_page = rqstp->rq_respages + 1;
9223 -
9224 -+ /* The loop above bumps sc_dma_used for each sge. The
9225 -+ * xdr_buf.tail gets a separate sge, but resides in the
9226 -+ * same page as xdr_buf.head. Don't count it twice.
9227 -+ */
9228 -+ if (sge_no > ctxt->count)
9229 -+ atomic_dec(&rdma->sc_dma_used);
9230 -+
9231 - if (sge_no > rdma->sc_max_sge) {
9232 - pr_err("svcrdma: Too many sges (%d)\n", sge_no);
9233 - goto err;
9234 -diff --git a/sound/arm/Kconfig b/sound/arm/Kconfig
9235 -index 885683a..e040621 100644
9236 ---- a/sound/arm/Kconfig
9237 -+++ b/sound/arm/Kconfig
9238 -@@ -9,6 +9,14 @@ menuconfig SND_ARM
9239 - Drivers that are implemented on ASoC can be found in
9240 - "ALSA for SoC audio support" section.
9241 -
9242 -+config SND_PXA2XX_LIB
9243 -+ tristate
9244 -+ select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97
9245 -+ select SND_DMAENGINE_PCM
9246 -+
9247 -+config SND_PXA2XX_LIB_AC97
9248 -+ bool
9249 -+
9250 - if SND_ARM
9251 -
9252 - config SND_ARMAACI
9253 -@@ -21,13 +29,6 @@ config SND_PXA2XX_PCM
9254 - tristate
9255 - select SND_PCM
9256 -
9257 --config SND_PXA2XX_LIB
9258 -- tristate
9259 -- select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97
9260 --
9261 --config SND_PXA2XX_LIB_AC97
9262 -- bool
9263 --
9264 - config SND_PXA2XX_AC97
9265 - tristate "AC97 driver for the Intel PXA2xx chip"
9266 - depends on ARCH_PXA
9267 -diff --git a/sound/pci/hda/hda_tegra.c b/sound/pci/hda/hda_tegra.c
9268 -index 477742c..58c0aad 100644
9269 ---- a/sound/pci/hda/hda_tegra.c
9270 -+++ b/sound/pci/hda/hda_tegra.c
9271 -@@ -73,6 +73,7 @@ struct hda_tegra {
9272 - struct clk *hda2codec_2x_clk;
9273 - struct clk *hda2hdmi_clk;
9274 - void __iomem *regs;
9275 -+ struct work_struct probe_work;
9276 - };
9277 -
9278 - #ifdef CONFIG_PM
9279 -@@ -294,7 +295,9 @@ static int hda_tegra_dev_disconnect(struct snd_device *device)
9280 - static int hda_tegra_dev_free(struct snd_device *device)
9281 - {
9282 - struct azx *chip = device->device_data;
9283 -+ struct hda_tegra *hda = container_of(chip, struct hda_tegra, chip);
9284 -
9285 -+ cancel_work_sync(&hda->probe_work);
9286 - if (azx_bus(chip)->chip_init) {
9287 - azx_stop_all_streams(chip);
9288 - azx_stop_chip(chip);
9289 -@@ -426,6 +429,9 @@ static int hda_tegra_first_init(struct azx *chip, struct platform_device *pdev)
9290 - /*
9291 - * constructor
9292 - */
9293 -+
9294 -+static void hda_tegra_probe_work(struct work_struct *work);
9295 -+
9296 - static int hda_tegra_create(struct snd_card *card,
9297 - unsigned int driver_caps,
9298 - struct hda_tegra *hda)
9299 -@@ -452,6 +458,8 @@ static int hda_tegra_create(struct snd_card *card,
9300 - chip->single_cmd = false;
9301 - chip->snoop = true;
9302 -
9303 -+ INIT_WORK(&hda->probe_work, hda_tegra_probe_work);
9304 -+
9305 - err = azx_bus_init(chip, NULL, &hda_tegra_io_ops);
9306 - if (err < 0)
9307 - return err;
9308 -@@ -499,6 +507,21 @@ static int hda_tegra_probe(struct platform_device *pdev)
9309 - card->private_data = chip;
9310 -
9311 - dev_set_drvdata(&pdev->dev, card);
9312 -+ schedule_work(&hda->probe_work);
9313 -+
9314 -+ return 0;
9315 -+
9316 -+out_free:
9317 -+ snd_card_free(card);
9318 -+ return err;
9319 -+}
9320 -+
9321 -+static void hda_tegra_probe_work(struct work_struct *work)
9322 -+{
9323 -+ struct hda_tegra *hda = container_of(work, struct hda_tegra, probe_work);
9324 -+ struct azx *chip = &hda->chip;
9325 -+ struct platform_device *pdev = to_platform_device(hda->dev);
9326 -+ int err;
9327 -
9328 - err = hda_tegra_first_init(chip, pdev);
9329 - if (err < 0)
9330 -@@ -520,11 +543,8 @@ static int hda_tegra_probe(struct platform_device *pdev)
9331 - chip->running = 1;
9332 - snd_hda_set_power_save(&chip->bus, power_save * 1000);
9333 -
9334 -- return 0;
9335 --
9336 --out_free:
9337 -- snd_card_free(card);
9338 -- return err;
9339 -+ out_free:
9340 -+ return; /* no error return from async probe */
9341 - }
9342 -
9343 - static int hda_tegra_remove(struct platform_device *pdev)
9344 -diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
9345 -index 584a034..85813de 100644
9346 ---- a/sound/pci/hda/patch_cirrus.c
9347 -+++ b/sound/pci/hda/patch_cirrus.c
9348 -@@ -633,6 +633,7 @@ static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
9349 - SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11),
9350 - SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
9351 - SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
9352 -+ SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11),
9353 - {} /* terminator */
9354 - };
9355 -
9356 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
9357 -index c8f01cc..6a66139 100644
9358 ---- a/sound/pci/hda/patch_realtek.c
9359 -+++ b/sound/pci/hda/patch_realtek.c
9360 -@@ -4188,6 +4188,24 @@ static void alc_fixup_disable_aamix(struct hda_codec *codec,
9361 - }
9362 - }
9363 -
9364 -+/* fixup for Thinkpad docks: add dock pins, avoid HP parser fixup */
9365 -+static void alc_fixup_tpt440_dock(struct hda_codec *codec,
9366 -+ const struct hda_fixup *fix, int action)
9367 -+{
9368 -+ static const struct hda_pintbl pincfgs[] = {
9369 -+ { 0x16, 0x21211010 }, /* dock headphone */
9370 -+ { 0x19, 0x21a11010 }, /* dock mic */
9371 -+ { }
9372 -+ };
9373 -+ struct alc_spec *spec = codec->spec;
9374 -+
9375 -+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
9376 -+ spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP;
9377 -+ codec->power_save_node = 0; /* avoid click noises */
9378 -+ snd_hda_apply_pincfgs(codec, pincfgs);
9379 -+ }
9380 -+}
9381 -+
9382 - static void alc_shutup_dell_xps13(struct hda_codec *codec)
9383 - {
9384 - struct alc_spec *spec = codec->spec;
9385 -@@ -4562,7 +4580,6 @@ enum {
9386 - ALC255_FIXUP_HEADSET_MODE_NO_HP_MIC,
9387 - ALC293_FIXUP_DELL1_MIC_NO_PRESENCE,
9388 - ALC292_FIXUP_TPT440_DOCK,
9389 -- ALC292_FIXUP_TPT440_DOCK2,
9390 - ALC283_FIXUP_BXBT2807_MIC,
9391 - ALC255_FIXUP_DELL_WMI_MIC_MUTE_LED,
9392 - ALC282_FIXUP_ASPIRE_V5_PINS,
9393 -@@ -5029,17 +5046,7 @@ static const struct hda_fixup alc269_fixups[] = {
9394 - },
9395 - [ALC292_FIXUP_TPT440_DOCK] = {
9396 - .type = HDA_FIXUP_FUNC,
9397 -- .v.func = alc269_fixup_pincfg_no_hp_to_lineout,
9398 -- .chained = true,
9399 -- .chain_id = ALC292_FIXUP_TPT440_DOCK2
9400 -- },
9401 -- [ALC292_FIXUP_TPT440_DOCK2] = {
9402 -- .type = HDA_FIXUP_PINS,
9403 -- .v.pins = (const struct hda_pintbl[]) {
9404 -- { 0x16, 0x21211010 }, /* dock headphone */
9405 -- { 0x19, 0x21a11010 }, /* dock mic */
9406 -- { }
9407 -- },
9408 -+ .v.func = alc_fixup_tpt440_dock,
9409 - .chained = true,
9410 - .chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST
9411 - },
9412 -@@ -5299,6 +5306,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
9413 - SND_PCI_QUIRK(0x17aa, 0x2212, "Thinkpad T440", ALC292_FIXUP_TPT440_DOCK),
9414 - SND_PCI_QUIRK(0x17aa, 0x2214, "Thinkpad X240", ALC292_FIXUP_TPT440_DOCK),
9415 - SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
9416 -+ SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
9417 - SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
9418 - SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
9419 - SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
9420 -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
9421 -index 9d947ae..def5cc8 100644
9422 ---- a/sound/pci/hda/patch_sigmatel.c
9423 -+++ b/sound/pci/hda/patch_sigmatel.c
9424 -@@ -4520,7 +4520,11 @@ static int patch_stac92hd73xx(struct hda_codec *codec)
9425 - return err;
9426 -
9427 - spec = codec->spec;
9428 -- codec->power_save_node = 1;
9429 -+ /* enable power_save_node only for new 92HD89xx chips, as it causes
9430 -+ * click noises on old 92HD73xx chips.
9431 -+ */
9432 -+ if ((codec->core.vendor_id & 0xfffffff0) != 0x111d7670)
9433 -+ codec->power_save_node = 1;
9434 - spec->linear_tone_beep = 0;
9435 - spec->gen.mixer_nid = 0x1d;
9436 - spec->have_spdif_mux = 1;
9437 -diff --git a/sound/soc/au1x/db1200.c b/sound/soc/au1x/db1200.c
9438 -index 58c3164..8c907eb 100644
9439 ---- a/sound/soc/au1x/db1200.c
9440 -+++ b/sound/soc/au1x/db1200.c
9441 -@@ -129,6 +129,8 @@ static struct snd_soc_dai_link db1300_i2s_dai = {
9442 - .cpu_dai_name = "au1xpsc_i2s.2",
9443 - .platform_name = "au1xpsc-pcm.2",
9444 - .codec_name = "wm8731.0-001b",
9445 -+ .dai_fmt = SND_SOC_DAIFMT_LEFT_J | SND_SOC_DAIFMT_NB_NF |
9446 -+ SND_SOC_DAIFMT_CBM_CFM,
9447 - .ops = &db1200_i2s_wm8731_ops,
9448 - };
9449 -
9450 -@@ -146,6 +148,8 @@ static struct snd_soc_dai_link db1550_i2s_dai = {
9451 - .cpu_dai_name = "au1xpsc_i2s.3",
9452 - .platform_name = "au1xpsc-pcm.3",
9453 - .codec_name = "wm8731.0-001b",
9454 -+ .dai_fmt = SND_SOC_DAIFMT_LEFT_J | SND_SOC_DAIFMT_NB_NF |
9455 -+ SND_SOC_DAIFMT_CBM_CFM,
9456 - .ops = &db1200_i2s_wm8731_ops,
9457 - };
9458 -
9459 -diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
9460 -index e673f6c..7c41129 100644
9461 ---- a/sound/soc/codecs/sgtl5000.c
9462 -+++ b/sound/soc/codecs/sgtl5000.c
9463 -@@ -1377,8 +1377,8 @@ static int sgtl5000_probe(struct snd_soc_codec *codec)
9464 - sgtl5000->micbias_resistor << SGTL5000_BIAS_R_SHIFT);
9465 -
9466 - snd_soc_update_bits(codec, SGTL5000_CHIP_MIC_CTRL,
9467 -- SGTL5000_BIAS_R_MASK,
9468 -- sgtl5000->micbias_voltage << SGTL5000_BIAS_R_SHIFT);
9469 -+ SGTL5000_BIAS_VOLT_MASK,
9470 -+ sgtl5000->micbias_voltage << SGTL5000_BIAS_VOLT_SHIFT);
9471 - /*
9472 - * disable DAP
9473 - * TODO:
9474 -diff --git a/sound/soc/codecs/tas2552.c b/sound/soc/codecs/tas2552.c
9475 -index 4f25a7d..b3e5685 100644
9476 ---- a/sound/soc/codecs/tas2552.c
9477 -+++ b/sound/soc/codecs/tas2552.c
9478 -@@ -551,7 +551,7 @@ static struct snd_soc_dai_driver tas2552_dai[] = {
9479 - /*
9480 - * DAC digital volumes. From -7 to 24 dB in 1 dB steps
9481 - */
9482 --static DECLARE_TLV_DB_SCALE(dac_tlv, -7, 100, 0);
9483 -+static DECLARE_TLV_DB_SCALE(dac_tlv, -700, 100, 0);
9484 -
9485 - static const char * const tas2552_din_source_select[] = {
9486 - "Muted",
9487 -diff --git a/sound/soc/dwc/designware_i2s.c b/sound/soc/dwc/designware_i2s.c
9488 -index a3e97b4..0d28e3b 100644
9489 ---- a/sound/soc/dwc/designware_i2s.c
9490 -+++ b/sound/soc/dwc/designware_i2s.c
9491 -@@ -131,10 +131,10 @@ static inline void i2s_clear_irqs(struct dw_i2s_dev *dev, u32 stream)
9492 -
9493 - if (stream == SNDRV_PCM_STREAM_PLAYBACK) {
9494 - for (i = 0; i < 4; i++)
9495 -- i2s_write_reg(dev->i2s_base, TOR(i), 0);
9496 -+ i2s_read_reg(dev->i2s_base, TOR(i));
9497 - } else {
9498 - for (i = 0; i < 4; i++)
9499 -- i2s_write_reg(dev->i2s_base, ROR(i), 0);
9500 -+ i2s_read_reg(dev->i2s_base, ROR(i));
9501 - }
9502 - }
9503 -
9504 -diff --git a/sound/soc/pxa/Kconfig b/sound/soc/pxa/Kconfig
9505 -index 39cea80..f2bf866 100644
9506 ---- a/sound/soc/pxa/Kconfig
9507 -+++ b/sound/soc/pxa/Kconfig
9508 -@@ -1,7 +1,6 @@
9509 - config SND_PXA2XX_SOC
9510 - tristate "SoC Audio for the Intel PXA2xx chip"
9511 - depends on ARCH_PXA
9512 -- select SND_ARM
9513 - select SND_PXA2XX_LIB
9514 - help
9515 - Say Y or M if you want to add support for codecs attached to
9516 -@@ -25,7 +24,6 @@ config SND_PXA2XX_AC97
9517 - config SND_PXA2XX_SOC_AC97
9518 - tristate
9519 - select AC97_BUS
9520 -- select SND_ARM
9521 - select SND_PXA2XX_LIB_AC97
9522 - select SND_SOC_AC97_BUS
9523 -
9524 -diff --git a/sound/soc/pxa/pxa2xx-ac97.c b/sound/soc/pxa/pxa2xx-ac97.c
9525 -index 1f60546..9e4b04e 100644
9526 ---- a/sound/soc/pxa/pxa2xx-ac97.c
9527 -+++ b/sound/soc/pxa/pxa2xx-ac97.c
9528 -@@ -49,7 +49,7 @@ static struct snd_ac97_bus_ops pxa2xx_ac97_ops = {
9529 - .reset = pxa2xx_ac97_cold_reset,
9530 - };
9531 -
9532 --static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 12;
9533 -+static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 11;
9534 - static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = {
9535 - .addr = __PREG(PCDR),
9536 - .addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES,
9537 -@@ -57,7 +57,7 @@ static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = {
9538 - .filter_data = &pxa2xx_ac97_pcm_stereo_in_req,
9539 - };
9540 -
9541 --static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 11;
9542 -+static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 12;
9543 - static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_out = {
9544 - .addr = __PREG(PCDR),
9545 - .addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES,
9546 -diff --git a/sound/synth/emux/emux_oss.c b/sound/synth/emux/emux_oss.c
9547 -index 82e350e..ac75816 100644
9548 ---- a/sound/synth/emux/emux_oss.c
9549 -+++ b/sound/synth/emux/emux_oss.c
9550 -@@ -69,7 +69,8 @@ snd_emux_init_seq_oss(struct snd_emux *emu)
9551 - struct snd_seq_oss_reg *arg;
9552 - struct snd_seq_device *dev;
9553 -
9554 -- if (snd_seq_device_new(emu->card, 0, SNDRV_SEQ_DEV_ID_OSS,
9555 -+ /* using device#1 here for avoiding conflicts with OPL3 */
9556 -+ if (snd_seq_device_new(emu->card, 1, SNDRV_SEQ_DEV_ID_OSS,
9557 - sizeof(struct snd_seq_oss_reg), &dev) < 0)
9558 - return;
9559 -
9560 -diff --git a/tools/lguest/lguest.c b/tools/lguest/lguest.c
9561 -index e440524..80159e6 100644
9562 ---- a/tools/lguest/lguest.c
9563 -+++ b/tools/lguest/lguest.c
9564 -@@ -125,7 +125,11 @@ struct device_list {
9565 - /* The list of Guest devices, based on command line arguments. */
9566 - static struct device_list devices;
9567 -
9568 --struct virtio_pci_cfg_cap {
9569 -+/*
9570 -+ * Just like struct virtio_pci_cfg_cap in uapi/linux/virtio_pci.h,
9571 -+ * but uses a u32 explicitly for the data.
9572 -+ */
9573 -+struct virtio_pci_cfg_cap_u32 {
9574 - struct virtio_pci_cap cap;
9575 - u32 pci_cfg_data; /* Data for BAR access. */
9576 - };
9577 -@@ -157,7 +161,7 @@ struct pci_config {
9578 - struct virtio_pci_notify_cap notify;
9579 - struct virtio_pci_cap isr;
9580 - struct virtio_pci_cap device;
9581 -- struct virtio_pci_cfg_cap cfg_access;
9582 -+ struct virtio_pci_cfg_cap_u32 cfg_access;
9583 - };
9584 -
9585 - /* The device structure describes a single device. */
9586 -@@ -1291,7 +1295,7 @@ static struct device *dev_and_reg(u32 *reg)
9587 - * only fault if they try to write with some invalid bar/offset/length.
9588 - */
9589 - static bool valid_bar_access(struct device *d,
9590 -- struct virtio_pci_cfg_cap *cfg_access)
9591 -+ struct virtio_pci_cfg_cap_u32 *cfg_access)
9592 - {
9593 - /* We only have 1 bar (BAR0) */
9594 - if (cfg_access->cap.bar != 0)
9595 -diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
9596 -index cc25f05..a843bee 100644
9597 ---- a/tools/lib/traceevent/event-parse.c
9598 -+++ b/tools/lib/traceevent/event-parse.c
9599 -@@ -3721,7 +3721,7 @@ static void print_str_arg(struct trace_seq *s, void *data, int size,
9600 - struct format_field *field;
9601 - struct printk_map *printk;
9602 - long long val, fval;
9603 -- unsigned long addr;
9604 -+ unsigned long long addr;
9605 - char *str;
9606 - unsigned char *hex;
9607 - int print;
9608 -@@ -3754,13 +3754,30 @@ static void print_str_arg(struct trace_seq *s, void *data, int size,
9609 - */
9610 - if (!(field->flags & FIELD_IS_ARRAY) &&
9611 - field->size == pevent->long_size) {
9612 -- addr = *(unsigned long *)(data + field->offset);
9613 -+
9614 -+ /* Handle heterogeneous recording and processing
9615 -+ * architectures
9616 -+ *
9617 -+ * CASE I:
9618 -+ * Traces recorded on 32-bit devices (32-bit
9619 -+ * addressing) and processed on 64-bit devices:
9620 -+ * In this case, only 32 bits should be read.
9621 -+ *
9622 -+ * CASE II:
9623 -+ * Traces recorded on 64 bit devices and processed
9624 -+ * on 32-bit devices:
9625 -+ * In this case, 64 bits must be read.
9626 -+ */
9627 -+ addr = (pevent->long_size == 8) ?
9628 -+ *(unsigned long long *)(data + field->offset) :
9629 -+ (unsigned long long)*(unsigned int *)(data + field->offset);
9630 -+
9631 - /* Check if it matches a print format */
9632 - printk = find_printk(pevent, addr);
9633 - if (printk)
9634 - trace_seq_puts(s, printk->printk);
9635 - else
9636 -- trace_seq_printf(s, "%lx", addr);
9637 -+ trace_seq_printf(s, "%llx", addr);
9638 - break;
9639 - }
9640 - str = malloc(len + 1);
9641 -diff --git a/tools/perf/arch/alpha/Build b/tools/perf/arch/alpha/Build
9642 -new file mode 100644
9643 -index 0000000..1bb8bf6
9644 ---- /dev/null
9645 -+++ b/tools/perf/arch/alpha/Build
9646 -@@ -0,0 +1 @@
9647 -+# empty
9648 -diff --git a/tools/perf/arch/mips/Build b/tools/perf/arch/mips/Build
9649 -new file mode 100644
9650 -index 0000000..1bb8bf6
9651 ---- /dev/null
9652 -+++ b/tools/perf/arch/mips/Build
9653 -@@ -0,0 +1 @@
9654 -+# empty
9655 -diff --git a/tools/perf/arch/parisc/Build b/tools/perf/arch/parisc/Build
9656 -new file mode 100644
9657 -index 0000000..1bb8bf6
9658 ---- /dev/null
9659 -+++ b/tools/perf/arch/parisc/Build
9660 -@@ -0,0 +1 @@
9661 -+# empty
9662 -diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
9663 -index d99d850..ef355fc 100644
9664 ---- a/tools/perf/builtin-stat.c
9665 -+++ b/tools/perf/builtin-stat.c
9666 -@@ -694,7 +694,7 @@ static void abs_printout(int id, int nr, struct perf_evsel *evsel, double avg)
9667 - static void print_aggr(char *prefix)
9668 - {
9669 - struct perf_evsel *counter;
9670 -- int cpu, cpu2, s, s2, id, nr;
9671 -+ int cpu, s, s2, id, nr;
9672 - double uval;
9673 - u64 ena, run, val;
9674 -
9675 -@@ -707,8 +707,7 @@ static void print_aggr(char *prefix)
9676 - val = ena = run = 0;
9677 - nr = 0;
9678 - for (cpu = 0; cpu < perf_evsel__nr_cpus(counter); cpu++) {
9679 -- cpu2 = perf_evsel__cpus(counter)->map[cpu];
9680 -- s2 = aggr_get_id(evsel_list->cpus, cpu2);
9681 -+ s2 = aggr_get_id(perf_evsel__cpus(counter), cpu);
9682 - if (s2 != id)
9683 - continue;
9684 - val += perf_counts(counter->counts, cpu, 0)->val;
9685 -diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
9686 -index 03ace57..4215cc1 100644
9687 ---- a/tools/perf/util/header.c
9688 -+++ b/tools/perf/util/header.c
9689 -@@ -1442,7 +1442,7 @@ static int process_nrcpus(struct perf_file_section *section __maybe_unused,
9690 - if (ph->needs_swap)
9691 - nr = bswap_32(nr);
9692 -
9693 -- ph->env.nr_cpus_online = nr;
9694 -+ ph->env.nr_cpus_avail = nr;
9695 -
9696 - ret = readn(fd, &nr, sizeof(nr));
9697 - if (ret != sizeof(nr))
9698 -@@ -1451,7 +1451,7 @@ static int process_nrcpus(struct perf_file_section *section __maybe_unused,
9699 - if (ph->needs_swap)
9700 - nr = bswap_32(nr);
9701 -
9702 -- ph->env.nr_cpus_avail = nr;
9703 -+ ph->env.nr_cpus_online = nr;
9704 - return 0;
9705 - }
9706 -
9707 -diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
9708 -index 6f28d53..f298c69 100644
9709 ---- a/tools/perf/util/hist.c
9710 -+++ b/tools/perf/util/hist.c
9711 -@@ -151,6 +151,9 @@ void hists__calc_col_len(struct hists *hists, struct hist_entry *h)
9712 - hists__new_col_len(hists, HISTC_LOCAL_WEIGHT, 12);
9713 - hists__new_col_len(hists, HISTC_GLOBAL_WEIGHT, 12);
9714 -
9715 -+ if (h->srcline)
9716 -+ hists__new_col_len(hists, HISTC_SRCLINE, strlen(h->srcline));
9717 -+
9718 - if (h->transaction)
9719 - hists__new_col_len(hists, HISTC_TRANSACTION,
9720 - hist_entry__transaction_len());
9721 -diff --git a/tools/perf/util/parse-events.y b/tools/perf/util/parse-events.y
9722 -index 591905a..9cd7081 100644
9723 ---- a/tools/perf/util/parse-events.y
9724 -+++ b/tools/perf/util/parse-events.y
9725 -@@ -255,7 +255,7 @@ PE_PMU_EVENT_PRE '-' PE_PMU_EVENT_SUF sep_dc
9726 - list_add_tail(&term->list, head);
9727 -
9728 - ALLOC_LIST(list);
9729 -- ABORT_ON(parse_events_add_pmu(list, &data->idx, "cpu", head));
9730 -+ ABORT_ON(parse_events_add_pmu(data, list, "cpu", head));
9731 - parse_events__free_terms(head);
9732 - $$ = list;
9733 - }
9734 -diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
9735 -index 381f23a..ae6351d 100644
9736 ---- a/tools/perf/util/probe-event.c
9737 -+++ b/tools/perf/util/probe-event.c
9738 -@@ -274,12 +274,13 @@ static int kernel_get_module_dso(const char *module, struct dso **pdso)
9739 - int ret = 0;
9740 -
9741 - if (module) {
9742 -- list_for_each_entry(dso, &host_machine->dsos.head, node) {
9743 -- if (!dso->kernel)
9744 -- continue;
9745 -- if (strncmp(dso->short_name + 1, module,
9746 -- dso->short_name_len - 2) == 0)
9747 -- goto found;
9748 -+ char module_name[128];
9749 -+
9750 -+ snprintf(module_name, sizeof(module_name), "[%s]", module);
9751 -+ map = map_groups__find_by_name(&host_machine->kmaps, MAP__FUNCTION, module_name);
9752 -+ if (map) {
9753 -+ dso = map->dso;
9754 -+ goto found;
9755 - }
9756 - pr_debug("Failed to find module %s.\n", module);
9757 - return -ENOENT;
9758 -diff --git a/tools/perf/util/probe-event.h b/tools/perf/util/probe-event.h
9759 -index 31db6ee..cd55c6d 100644
9760 ---- a/tools/perf/util/probe-event.h
9761 -+++ b/tools/perf/util/probe-event.h
9762 -@@ -106,6 +106,8 @@ struct variable_list {
9763 - struct strlist *vars; /* Available variables */
9764 - };
9765 -
9766 -+struct map;
9767 -+
9768 - /* Command string to events */
9769 - extern int parse_perf_probe_command(const char *cmd,
9770 - struct perf_probe_event *pev);
9771 -diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
9772 -index 65f7e38..3338588 100644
9773 ---- a/tools/perf/util/symbol-elf.c
9774 -+++ b/tools/perf/util/symbol-elf.c
9775 -@@ -1260,8 +1260,6 @@ out_close:
9776 - static int kcore__init(struct kcore *kcore, char *filename, int elfclass,
9777 - bool temp)
9778 - {
9779 -- GElf_Ehdr *ehdr;
9780 --
9781 - kcore->elfclass = elfclass;
9782 -
9783 - if (temp)
9784 -@@ -1278,9 +1276,7 @@ static int kcore__init(struct kcore *kcore, char *filename, int elfclass,
9785 - if (!gelf_newehdr(kcore->elf, elfclass))
9786 - goto out_end;
9787 -
9788 -- ehdr = gelf_getehdr(kcore->elf, &kcore->ehdr);
9789 -- if (!ehdr)
9790 -- goto out_end;
9791 -+ memset(&kcore->ehdr, 0, sizeof(GElf_Ehdr));
9792 -
9793 - return 0;
9794 -
9795 -@@ -1337,23 +1333,18 @@ static int kcore__copy_hdr(struct kcore *from, struct kcore *to, size_t count)
9796 - static int kcore__add_phdr(struct kcore *kcore, int idx, off_t offset,
9797 - u64 addr, u64 len)
9798 - {
9799 -- GElf_Phdr gphdr;
9800 -- GElf_Phdr *phdr;
9801 --
9802 -- phdr = gelf_getphdr(kcore->elf, idx, &gphdr);
9803 -- if (!phdr)
9804 -- return -1;
9805 --
9806 -- phdr->p_type = PT_LOAD;
9807 -- phdr->p_flags = PF_R | PF_W | PF_X;
9808 -- phdr->p_offset = offset;
9809 -- phdr->p_vaddr = addr;
9810 -- phdr->p_paddr = 0;
9811 -- phdr->p_filesz = len;
9812 -- phdr->p_memsz = len;
9813 -- phdr->p_align = page_size;
9814 --
9815 -- if (!gelf_update_phdr(kcore->elf, idx, phdr))
9816 -+ GElf_Phdr phdr = {
9817 -+ .p_type = PT_LOAD,
9818 -+ .p_flags = PF_R | PF_W | PF_X,
9819 -+ .p_offset = offset,
9820 -+ .p_vaddr = addr,
9821 -+ .p_paddr = 0,
9822 -+ .p_filesz = len,
9823 -+ .p_memsz = len,
9824 -+ .p_align = page_size,
9825 -+ };
9826 -+
9827 -+ if (!gelf_update_phdr(kcore->elf, idx, &phdr))
9828 - return -1;
9829 -
9830 - return 0;
9831 -diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
9832 -index 9ff4193..79db453 100644
9833 ---- a/virt/kvm/eventfd.c
9834 -+++ b/virt/kvm/eventfd.c
9835 -@@ -771,40 +771,14 @@ static enum kvm_bus ioeventfd_bus_from_flags(__u32 flags)
9836 - return KVM_MMIO_BUS;
9837 - }
9838 -
9839 --static int
9840 --kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9841 -+static int kvm_assign_ioeventfd_idx(struct kvm *kvm,
9842 -+ enum kvm_bus bus_idx,
9843 -+ struct kvm_ioeventfd *args)
9844 - {
9845 -- enum kvm_bus bus_idx;
9846 -- struct _ioeventfd *p;
9847 -- struct eventfd_ctx *eventfd;
9848 -- int ret;
9849 --
9850 -- bus_idx = ioeventfd_bus_from_flags(args->flags);
9851 -- /* must be natural-word sized, or 0 to ignore length */
9852 -- switch (args->len) {
9853 -- case 0:
9854 -- case 1:
9855 -- case 2:
9856 -- case 4:
9857 -- case 8:
9858 -- break;
9859 -- default:
9860 -- return -EINVAL;
9861 -- }
9862 --
9863 -- /* check for range overflow */
9864 -- if (args->addr + args->len < args->addr)
9865 -- return -EINVAL;
9866 -
9867 -- /* check for extra flags that we don't understand */
9868 -- if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
9869 -- return -EINVAL;
9870 --
9871 -- /* ioeventfd with no length can't be combined with DATAMATCH */
9872 -- if (!args->len &&
9873 -- args->flags & (KVM_IOEVENTFD_FLAG_PIO |
9874 -- KVM_IOEVENTFD_FLAG_DATAMATCH))
9875 -- return -EINVAL;
9876 -+ struct eventfd_ctx *eventfd;
9877 -+ struct _ioeventfd *p;
9878 -+ int ret;
9879 -
9880 - eventfd = eventfd_ctx_fdget(args->fd);
9881 - if (IS_ERR(eventfd))
9882 -@@ -843,16 +817,6 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9883 - if (ret < 0)
9884 - goto unlock_fail;
9885 -
9886 -- /* When length is ignored, MMIO is also put on a separate bus, for
9887 -- * faster lookups.
9888 -- */
9889 -- if (!args->len && !(args->flags & KVM_IOEVENTFD_FLAG_PIO)) {
9890 -- ret = kvm_io_bus_register_dev(kvm, KVM_FAST_MMIO_BUS,
9891 -- p->addr, 0, &p->dev);
9892 -- if (ret < 0)
9893 -- goto register_fail;
9894 -- }
9895 --
9896 - kvm->buses[bus_idx]->ioeventfd_count++;
9897 - list_add_tail(&p->list, &kvm->ioeventfds);
9898 -
9899 -@@ -860,8 +824,6 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9900 -
9901 - return 0;
9902 -
9903 --register_fail:
9904 -- kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
9905 - unlock_fail:
9906 - mutex_unlock(&kvm->slots_lock);
9907 -
9908 -@@ -873,14 +835,13 @@ fail:
9909 - }
9910 -
9911 - static int
9912 --kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9913 -+kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx,
9914 -+ struct kvm_ioeventfd *args)
9915 - {
9916 -- enum kvm_bus bus_idx;
9917 - struct _ioeventfd *p, *tmp;
9918 - struct eventfd_ctx *eventfd;
9919 - int ret = -ENOENT;
9920 -
9921 -- bus_idx = ioeventfd_bus_from_flags(args->flags);
9922 - eventfd = eventfd_ctx_fdget(args->fd);
9923 - if (IS_ERR(eventfd))
9924 - return PTR_ERR(eventfd);
9925 -@@ -901,10 +862,6 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9926 - continue;
9927 -
9928 - kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
9929 -- if (!p->length) {
9930 -- kvm_io_bus_unregister_dev(kvm, KVM_FAST_MMIO_BUS,
9931 -- &p->dev);
9932 -- }
9933 - kvm->buses[bus_idx]->ioeventfd_count--;
9934 - ioeventfd_release(p);
9935 - ret = 0;
9936 -@@ -918,6 +875,71 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9937 - return ret;
9938 - }
9939 -
9940 -+static int kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9941 -+{
9942 -+ enum kvm_bus bus_idx = ioeventfd_bus_from_flags(args->flags);
9943 -+ int ret = kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
9944 -+
9945 -+ if (!args->len && bus_idx == KVM_MMIO_BUS)
9946 -+ kvm_deassign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args);
9947 -+
9948 -+ return ret;
9949 -+}
9950 -+
9951 -+static int
9952 -+kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9953 -+{
9954 -+ enum kvm_bus bus_idx;
9955 -+ int ret;
9956 -+
9957 -+ bus_idx = ioeventfd_bus_from_flags(args->flags);
9958 -+ /* must be natural-word sized, or 0 to ignore length */
9959 -+ switch (args->len) {
9960 -+ case 0:
9961 -+ case 1:
9962 -+ case 2:
9963 -+ case 4:
9964 -+ case 8:
9965 -+ break;
9966 -+ default:
9967 -+ return -EINVAL;
9968 -+ }
9969 -+
9970 -+ /* check for range overflow */
9971 -+ if (args->addr + args->len < args->addr)
9972 -+ return -EINVAL;
9973 -+
9974 -+ /* check for extra flags that we don't understand */
9975 -+ if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
9976 -+ return -EINVAL;
9977 -+
9978 -+ /* ioeventfd with no length can't be combined with DATAMATCH */
9979 -+ if (!args->len &&
9980 -+ args->flags & (KVM_IOEVENTFD_FLAG_PIO |
9981 -+ KVM_IOEVENTFD_FLAG_DATAMATCH))
9982 -+ return -EINVAL;
9983 -+
9984 -+ ret = kvm_assign_ioeventfd_idx(kvm, bus_idx, args);
9985 -+ if (ret)
9986 -+ goto fail;
9987 -+
9988 -+ /* When length is ignored, MMIO is also put on a separate bus, for
9989 -+ * faster lookups.
9990 -+ */
9991 -+ if (!args->len && bus_idx == KVM_MMIO_BUS) {
9992 -+ ret = kvm_assign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args);
9993 -+ if (ret < 0)
9994 -+ goto fast_fail;
9995 -+ }
9996 -+
9997 -+ return 0;
9998 -+
9999 -+fast_fail:
10000 -+ kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
10001 -+fail:
10002 -+ return ret;
10003 -+}
10004 -+
10005 - int
10006 - kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
10007 - {
10008 -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
10009 -index 8b8a444..5a2a78a 100644
10010 ---- a/virt/kvm/kvm_main.c
10011 -+++ b/virt/kvm/kvm_main.c
10012 -@@ -3080,10 +3080,25 @@ static void kvm_io_bus_destroy(struct kvm_io_bus *bus)
10013 - static inline int kvm_io_bus_cmp(const struct kvm_io_range *r1,
10014 - const struct kvm_io_range *r2)
10015 - {
10016 -- if (r1->addr < r2->addr)
10017 -+ gpa_t addr1 = r1->addr;
10018 -+ gpa_t addr2 = r2->addr;
10019 -+
10020 -+ if (addr1 < addr2)
10021 - return -1;
10022 -- if (r1->addr + r1->len > r2->addr + r2->len)
10023 -+
10024 -+ /* If r2->len == 0, match the exact address. If r2->len != 0,
10025 -+ * accept any overlapping write. Any order is acceptable for
10026 -+ * overlapping ranges, because kvm_io_bus_get_first_dev ensures
10027 -+ * we process all of them.
10028 -+ */
10029 -+ if (r2->len) {
10030 -+ addr1 += r1->len;
10031 -+ addr2 += r2->len;
10032 -+ }
10033 -+
10034 -+ if (addr1 > addr2)
10035 - return 1;
10036 -+
10037 - return 0;
10038 - }
10039 -
10040
10041 diff --git a/4.2.4/0000_README b/4.2.5/0000_README
10042 similarity index 92%
10043 rename from 4.2.4/0000_README
10044 rename to 4.2.5/0000_README
10045 index 83460c6..0d8d90f 100644
10046 --- a/4.2.4/0000_README
10047 +++ b/4.2.5/0000_README
10048 @@ -2,11 +2,7 @@ README
10049 -----------------------------------------------------------------------------
10050 Individual Patch Descriptions:
10051 -----------------------------------------------------------------------------
10052 -Patch: 1003_linux-4.2.4.patch
10053 -From: http://www.kernel.org
10054 -Desc: Linux 4.2.4
10055 -
10056 -Patch: 4420_grsecurity-3.1-4.2.4-201510251836.patch
10057 +Patch: 4420_grsecurity-3.1-4.2.5-201510290852.patch
10058 From: http://www.grsecurity.net
10059 Desc: hardened-sources base patch from upstream grsecurity
10060
10061
10062 diff --git a/4.2.4/4420_grsecurity-3.1-4.2.4-201510251836.patch b/4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch
10063 similarity index 99%
10064 rename from 4.2.4/4420_grsecurity-3.1-4.2.4-201510251836.patch
10065 rename to 4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch
10066 index 394cd9b..db09c8a 100644
10067 --- a/4.2.4/4420_grsecurity-3.1-4.2.4-201510251836.patch
10068 +++ b/4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch
10069 @@ -406,7 +406,7 @@ index 6fccb69..60c7c7a 100644
10070
10071 A toggle value indicating if modules are allowed to be loaded
10072 diff --git a/Makefile b/Makefile
10073 -index a952801..9da1dcb 100644
10074 +index 96076dc..451272d 100644
10075 --- a/Makefile
10076 +++ b/Makefile
10077 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
10078 @@ -10043,58 +10043,6 @@ index 6777177..cb5e44f 100644
10079 info.high_limit = TASK_SIZE;
10080 addr = vm_unmapped_area(&info);
10081 }
10082 -diff --git a/arch/sparc/crypto/aes_glue.c b/arch/sparc/crypto/aes_glue.c
10083 -index 2e48eb8..c90930d 100644
10084 ---- a/arch/sparc/crypto/aes_glue.c
10085 -+++ b/arch/sparc/crypto/aes_glue.c
10086 -@@ -433,6 +433,7 @@ static struct crypto_alg algs[] = { {
10087 - .blkcipher = {
10088 - .min_keysize = AES_MIN_KEY_SIZE,
10089 - .max_keysize = AES_MAX_KEY_SIZE,
10090 -+ .ivsize = AES_BLOCK_SIZE,
10091 - .setkey = aes_set_key,
10092 - .encrypt = cbc_encrypt,
10093 - .decrypt = cbc_decrypt,
10094 -@@ -452,6 +453,7 @@ static struct crypto_alg algs[] = { {
10095 - .blkcipher = {
10096 - .min_keysize = AES_MIN_KEY_SIZE,
10097 - .max_keysize = AES_MAX_KEY_SIZE,
10098 -+ .ivsize = AES_BLOCK_SIZE,
10099 - .setkey = aes_set_key,
10100 - .encrypt = ctr_crypt,
10101 - .decrypt = ctr_crypt,
10102 -diff --git a/arch/sparc/crypto/camellia_glue.c b/arch/sparc/crypto/camellia_glue.c
10103 -index 6bf2479..561a84d 100644
10104 ---- a/arch/sparc/crypto/camellia_glue.c
10105 -+++ b/arch/sparc/crypto/camellia_glue.c
10106 -@@ -274,6 +274,7 @@ static struct crypto_alg algs[] = { {
10107 - .blkcipher = {
10108 - .min_keysize = CAMELLIA_MIN_KEY_SIZE,
10109 - .max_keysize = CAMELLIA_MAX_KEY_SIZE,
10110 -+ .ivsize = CAMELLIA_BLOCK_SIZE,
10111 - .setkey = camellia_set_key,
10112 - .encrypt = cbc_encrypt,
10113 - .decrypt = cbc_decrypt,
10114 -diff --git a/arch/sparc/crypto/des_glue.c b/arch/sparc/crypto/des_glue.c
10115 -index dd6a34f..61af794 100644
10116 ---- a/arch/sparc/crypto/des_glue.c
10117 -+++ b/arch/sparc/crypto/des_glue.c
10118 -@@ -429,6 +429,7 @@ static struct crypto_alg algs[] = { {
10119 - .blkcipher = {
10120 - .min_keysize = DES_KEY_SIZE,
10121 - .max_keysize = DES_KEY_SIZE,
10122 -+ .ivsize = DES_BLOCK_SIZE,
10123 - .setkey = des_set_key,
10124 - .encrypt = cbc_encrypt,
10125 - .decrypt = cbc_decrypt,
10126 -@@ -485,6 +486,7 @@ static struct crypto_alg algs[] = { {
10127 - .blkcipher = {
10128 - .min_keysize = DES3_EDE_KEY_SIZE,
10129 - .max_keysize = DES3_EDE_KEY_SIZE,
10130 -+ .ivsize = DES3_EDE_BLOCK_SIZE,
10131 - .setkey = des3_ede_set_key,
10132 - .encrypt = cbc3_encrypt,
10133 - .decrypt = cbc3_decrypt,
10134 diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
10135 index 4082749..fd97781 100644
10136 --- a/arch/sparc/include/asm/atomic_64.h
10137 @@ -19232,7 +19180,7 @@ index 1c7eefe..d0e4702 100644
10138 };
10139
10140 diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
10141 -index 3c3550c..33cb41a 100644
10142 +index 3c3550c..ca9e4c3 100644
10143 --- a/arch/x86/include/asm/fpu/internal.h
10144 +++ b/arch/x86/include/asm/fpu/internal.h
10145 @@ -97,8 +97,11 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
10146 @@ -19268,7 +19216,15 @@ index 3c3550c..33cb41a 100644
10147 else {
10148 /* Using "rex64; fxsave %0" is broken because, if the memory
10149 * operand uses any extended registers for addressing, a second
10150 -@@ -212,8 +216,8 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
10151 +@@ -205,15 +209,15 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
10152 + * an extended register is needed for addressing (fix submitted
10153 + * to mainline 2005-11-21).
10154 + *
10155 +- * asm volatile("rex64/fxsave %0" : "=m" (fpu->state.fxsave));
10156 ++ * asm volatile("rex64/fxsave %0" : "=m" (fpu->state->fxsave));
10157 + *
10158 + * This, however, we can work around by forcing the compiler to
10159 + * select an addressing mode that doesn't require extended
10160 * registers.
10161 */
10162 asm volatile( "rex64/fxsave (%[fx])"
10163 @@ -19376,22 +19332,101 @@ index 3c3550c..33cb41a 100644
10164
10165 /*
10166 diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h
10167 -index c49c517..55ff1d0 100644
10168 +index c49c517..0a6e089 100644
10169 --- a/arch/x86/include/asm/fpu/types.h
10170 +++ b/arch/x86/include/asm/fpu/types.h
10171 -@@ -287,10 +287,9 @@ struct fpu {
10172 - * logic, which unconditionally saves/restores all FPU state
10173 - * across context switches. (if FPU state exists.)
10174 +@@ -189,7 +189,6 @@ union fpregs_state {
10175 + struct fxregs_state fxsave;
10176 + struct swregs_state soft;
10177 + struct xregs_state xsave;
10178 +- u8 __padding[PAGE_SIZE];
10179 + };
10180 +
10181 + /*
10182 +@@ -199,6 +198,39 @@ union fpregs_state {
10183 + */
10184 + struct fpu {
10185 + /*
10186 ++ * @state:
10187 ++ *
10188 ++ * In-memory copy of all FPU registers that we save/restore
10189 ++ * over context switches. If the task is using the FPU then
10190 ++ * the registers in the FPU are more recent than this state
10191 ++ * copy. If the task context-switches away then they get
10192 ++ * saved here and represent the FPU state.
10193 ++ *
10194 ++ * After context switches there may be a (short) time period
10195 ++ * during which the in-FPU hardware registers are unchanged
10196 ++ * and still perfectly match this state, if the tasks
10197 ++ * scheduled afterwards are not using the FPU.
10198 ++ *
10199 ++ * This is the 'lazy restore' window of optimization, which
10200 ++ * we track though 'fpu_fpregs_owner_ctx' and 'fpu->last_cpu'.
10201 ++ *
10202 ++ * We detect whether a subsequent task uses the FPU via setting
10203 ++ * CR0::TS to 1, which causes any FPU use to raise a #NM fault.
10204 ++ *
10205 ++ * During this window, if the task gets scheduled again, we
10206 ++ * might be able to skip having to do a restore from this
10207 ++ * memory buffer to the hardware registers - at the cost of
10208 ++ * incurring the overhead of #NM fault traps.
10209 ++ *
10210 ++ * Note that on modern CPUs that support the XSAVEOPT (or other
10211 ++ * optimized XSAVE instructions), we don't use #NM traps anymore,
10212 ++ * as the hardware can track whether FPU registers need saving
10213 ++ * or not. On such CPUs we activate the non-lazy ('eagerfpu')
10214 ++ * logic, which unconditionally saves/restores all FPU state
10215 ++ * across context switches. (if FPU state exists.)
10216 ++ */
10217 ++ union fpregs_state *state;
10218 ++ /*
10219 + * @last_cpu:
10220 + *
10221 + * Records the last CPU on which this context was loaded into
10222 +@@ -255,43 +287,6 @@ struct fpu {
10223 + * deal with bursty apps that only use the FPU for a short time:
10224 */
10225 + unsigned char counter;
10226 +- /*
10227 +- * @state:
10228 +- *
10229 +- * In-memory copy of all FPU registers that we save/restore
10230 +- * over context switches. If the task is using the FPU then
10231 +- * the registers in the FPU are more recent than this state
10232 +- * copy. If the task context-switches away then they get
10233 +- * saved here and represent the FPU state.
10234 +- *
10235 +- * After context switches there may be a (short) time period
10236 +- * during which the in-FPU hardware registers are unchanged
10237 +- * and still perfectly match this state, if the tasks
10238 +- * scheduled afterwards are not using the FPU.
10239 +- *
10240 +- * This is the 'lazy restore' window of optimization, which
10241 +- * we track though 'fpu_fpregs_owner_ctx' and 'fpu->last_cpu'.
10242 +- *
10243 +- * We detect whether a subsequent task uses the FPU via setting
10244 +- * CR0::TS to 1, which causes any FPU use to raise a #NM fault.
10245 +- *
10246 +- * During this window, if the task gets scheduled again, we
10247 +- * might be able to skip having to do a restore from this
10248 +- * memory buffer to the hardware registers - at the cost of
10249 +- * incurring the overhead of #NM fault traps.
10250 +- *
10251 +- * Note that on modern CPUs that support the XSAVEOPT (or other
10252 +- * optimized XSAVE instructions), we don't use #NM traps anymore,
10253 +- * as the hardware can track whether FPU registers need saving
10254 +- * or not. On such CPUs we activate the non-lazy ('eagerfpu')
10255 +- * logic, which unconditionally saves/restores all FPU state
10256 +- * across context switches. (if FPU state exists.)
10257 +- */
10258 - union fpregs_state state;
10259 -+ union fpregs_state *state;
10260 - /*
10261 +- /*
10262 - * WARNING: 'state' is dynamically-sized. Do not put
10263 - * anything after it here.
10264 -+ * WARNING: 'state' is dynamically-sized.
10265 - */
10266 +- */
10267 };
10268
10269 + #endif /* _ASM_X86_FPU_H */
10270 diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
10271 index b4c1f54..e290c08 100644
10272 --- a/arch/x86/include/asm/futex.h
10273 @@ -20943,7 +20978,7 @@ index b12f810..aedcc13 100644
10274
10275 /*
10276 diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
10277 -index 944f178..12f1c25 100644
10278 +index 944f178..f2269de 100644
10279 --- a/arch/x86/include/asm/processor.h
10280 +++ b/arch/x86/include/asm/processor.h
10281 @@ -136,7 +136,7 @@ struct cpuinfo_x86 {
10282 @@ -20999,7 +21034,31 @@ index 944f178..12f1c25 100644
10283 #endif
10284 #ifdef CONFIG_X86_32
10285 unsigned long ip;
10286 -@@ -463,10 +474,10 @@ static inline void native_swapgs(void)
10287 +@@ -390,6 +401,9 @@ struct thread_struct {
10288 + #endif
10289 + unsigned long gs;
10290 +
10291 ++ /* Floating point and extended processor state */
10292 ++ struct fpu fpu;
10293 ++
10294 + /* Save middle states of ptrace breakpoints */
10295 + struct perf_event *ptrace_bps[HBP_NUM];
10296 + /* Debug status used for traps, single steps, etc... */
10297 +@@ -415,13 +429,6 @@ struct thread_struct {
10298 + unsigned long iopl;
10299 + /* Max allowed port in the bitmap, in bytes: */
10300 + unsigned io_bitmap_max;
10301 +-
10302 +- /* Floating point and extended processor state */
10303 +- struct fpu fpu;
10304 +- /*
10305 +- * WARNING: 'fpu' is dynamically-sized. It *MUST* be at
10306 +- * the end.
10307 +- */
10308 + };
10309 +
10310 + /*
10311 +@@ -463,10 +470,10 @@ static inline void native_swapgs(void)
10312 #endif
10313 }
10314
10315 @@ -21012,7 +21071,7 @@ index 944f178..12f1c25 100644
10316 #else
10317 /* sp0 on x86_32 is special in and around vm86 mode. */
10318 return this_cpu_read_stable(cpu_current_top_of_stack);
10319 -@@ -709,20 +720,30 @@ static inline void spin_lock_prefetch(const void *x)
10320 +@@ -709,20 +716,30 @@ static inline void spin_lock_prefetch(const void *x)
10321 #define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
10322 TOP_OF_KERNEL_STACK_PADDING)
10323
10324 @@ -21044,7 +21103,7 @@ index 944f178..12f1c25 100644
10325 }
10326
10327 extern unsigned long thread_saved_pc(struct task_struct *tsk);
10328 -@@ -737,12 +758,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
10329 +@@ -737,12 +754,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
10330 * "struct pt_regs" is possible, but they may contain the
10331 * completely wrong values.
10332 */
10333 @@ -21058,7 +21117,7 @@ index 944f178..12f1c25 100644
10334
10335 #define KSTK_ESP(task) (task_pt_regs(task)->sp)
10336
10337 -@@ -756,13 +772,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
10338 +@@ -756,13 +768,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
10339 * particular problem by preventing anything from being mapped
10340 * at the maximum canonical address.
10341 */
10342 @@ -21074,7 +21133,7 @@ index 944f178..12f1c25 100644
10343
10344 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
10345 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
10346 -@@ -773,7 +789,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
10347 +@@ -773,7 +785,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
10348 #define STACK_TOP_MAX TASK_SIZE_MAX
10349
10350 #define INIT_THREAD { \
10351 @@ -21084,7 +21143,7 @@ index 944f178..12f1c25 100644
10352 }
10353
10354 /*
10355 -@@ -796,6 +813,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
10356 +@@ -796,6 +809,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
10357 */
10358 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
10359
10360 @@ -21095,7 +21154,7 @@ index 944f178..12f1c25 100644
10361 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
10362
10363 /* Get/set a process' ability to use the timestamp counter instruction */
10364 -@@ -841,7 +862,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
10365 +@@ -841,7 +858,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
10366 return 0;
10367 }
10368
10369 @@ -21104,7 +21163,7 @@ index 944f178..12f1c25 100644
10370 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
10371
10372 void default_idle(void);
10373 -@@ -851,6 +872,6 @@ bool xen_set_default_idle(void);
10374 +@@ -851,6 +868,6 @@ bool xen_set_default_idle(void);
10375 #define xen_set_default_idle 0
10376 #endif
10377
10378 @@ -25114,7 +25173,7 @@ index d25097c..e2df353 100644
10379 return MXCSR_DEFAULT;
10380 }
10381 diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
10382 -index d14e9ac..fab0813 100644
10383 +index d14e9ac..f1334f8 100644
10384 --- a/arch/x86/kernel/fpu/init.c
10385 +++ b/arch/x86/kernel/fpu/init.c
10386 @@ -42,7 +42,7 @@ static void fpu__init_cpu_generic(void)
10387 @@ -25126,17 +25185,19 @@ index d14e9ac..fab0813 100644
10388 else
10389 #endif
10390 asm volatile ("fninit");
10391 -@@ -147,37 +147,21 @@ EXPORT_SYMBOL_GPL(xstate_size);
10392 - #define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \
10393 - BUILD_BUG_ON(sizeof(TYPE) != offsetofend(TYPE, MEMBER))
10394 +@@ -143,42 +143,7 @@ static void __init fpu__init_system_generic(void)
10395 + unsigned int xstate_size;
10396 + EXPORT_SYMBOL_GPL(xstate_size);
10397
10398 -+union fpregs_state init_fpregs_state;
10399 -+
10400 - /*
10401 - * We append the 'struct fpu' to the task_struct:
10402 - */
10403 - static void __init fpu__init_task_struct_size(void)
10404 - {
10405 +-/* Enforce that 'MEMBER' is the last field of 'TYPE': */
10406 +-#define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \
10407 +- BUILD_BUG_ON(sizeof(TYPE) != offsetofend(TYPE, MEMBER))
10408 +-
10409 +-/*
10410 +- * We append the 'struct fpu' to the task_struct:
10411 +- */
10412 +-static void __init fpu__init_task_struct_size(void)
10413 +-{
10414 - int task_size = sizeof(struct task_struct);
10415 -
10416 - /*
10417 @@ -25151,22 +25212,41 @@ index d14e9ac..fab0813 100644
10418 - */
10419 - task_size += xstate_size;
10420 -
10421 - /*
10422 - * We dynamically size 'struct fpu', so we require that
10423 +- /*
10424 +- * We dynamically size 'struct fpu', so we require that
10425 - * it be at the end of 'thread_struct' and that
10426 - * 'thread_struct' be at the end of 'task_struct'. If
10427 -+ * it be at the end of 'thread_struct'. If
10428 - * you hit a compile error here, check the structure to
10429 - * see if something got added to the end.
10430 - */
10431 - CHECK_MEMBER_AT_END_OF(struct fpu, state);
10432 - CHECK_MEMBER_AT_END_OF(struct thread_struct, fpu);
10433 +- * you hit a compile error here, check the structure to
10434 +- * see if something got added to the end.
10435 +- */
10436 +- CHECK_MEMBER_AT_END_OF(struct fpu, state);
10437 +- CHECK_MEMBER_AT_END_OF(struct thread_struct, fpu);
10438 - CHECK_MEMBER_AT_END_OF(struct task_struct, thread);
10439 -
10440 - arch_task_struct_size = task_size;
10441 - }
10442 +-}
10443 ++union fpregs_state init_fpregs_state;
10444
10445 /*
10446 + * Set up the xstate_size based on the legacy FPU context size.
10447 +@@ -300,6 +265,9 @@ static void __init fpu__init_system_ctx_switch(void)
10448 + }
10449 + }
10450 +
10451 ++ /* XXX: Temporarily forcing eager FPU mode */
10452 ++ eagerfpu = ENABLE;
10453 ++
10454 + if (eagerfpu == ENABLE)
10455 + setup_force_cpu_cap(X86_FEATURE_EAGER_FPU);
10456 +
10457 +@@ -331,7 +299,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c)
10458 + fpu__init_system_generic();
10459 + fpu__init_system_xstate_size_legacy();
10460 + fpu__init_system_xstate();
10461 +- fpu__init_task_struct_size();
10462 +
10463 + fpu__init_system_ctx_switch();
10464 + }
10465 diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
10466 index dc60810..6c8a1fa 100644
10467 --- a/arch/x86/kernel/fpu/regset.c
10468 @@ -29776,10 +29856,10 @@ index 2fbea25..9e0f8c7 100644
10469
10470 out:
10471 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
10472 -index e7a4fde..623af93 100644
10473 +index 2392541a..2aefc2a 100644
10474 --- a/arch/x86/kvm/emulate.c
10475 +++ b/arch/x86/kvm/emulate.c
10476 -@@ -3847,7 +3847,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
10477 +@@ -3851,7 +3851,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
10478 int cr = ctxt->modrm_reg;
10479 u64 efer = 0;
10480
10481 @@ -30029,7 +30109,7 @@ index aa9e8229..ab09cc4 100644
10482
10483 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
10484 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
10485 -index 32c6e6a..d6c5bc2 100644
10486 +index 373328b7..ebd267f 100644
10487 --- a/arch/x86/kvm/x86.c
10488 +++ b/arch/x86/kvm/x86.c
10489 @@ -1842,8 +1842,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
10490 @@ -30097,7 +30177,7 @@ index 32c6e6a..d6c5bc2 100644
10491 {
10492 int r;
10493 struct kvm_x86_ops *ops = opaque;
10494 -@@ -7212,7 +7214,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
10495 +@@ -7217,7 +7219,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
10496 int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
10497 {
10498 struct fxregs_state *fxsave =
10499 @@ -30106,7 +30186,7 @@ index 32c6e6a..d6c5bc2 100644
10500
10501 memcpy(fpu->fpr, fxsave->st_space, 128);
10502 fpu->fcw = fxsave->cwd;
10503 -@@ -7229,7 +7231,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
10504 +@@ -7234,7 +7236,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
10505 int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
10506 {
10507 struct fxregs_state *fxsave =
10508 @@ -30115,7 +30195,7 @@ index 32c6e6a..d6c5bc2 100644
10509
10510 memcpy(fxsave->st_space, fpu->fpr, 128);
10511 fxsave->cwd = fpu->fcw;
10512 -@@ -7245,9 +7247,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
10513 +@@ -7250,9 +7252,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
10514
10515 static void fx_init(struct kvm_vcpu *vcpu)
10516 {
10517 @@ -30127,7 +30207,7 @@ index 32c6e6a..d6c5bc2 100644
10518 host_xcr0 | XSTATE_COMPACTION_ENABLED;
10519
10520 /*
10521 -@@ -7271,7 +7273,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
10522 +@@ -7276,7 +7278,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
10523 kvm_put_guest_xcr0(vcpu);
10524 vcpu->guest_fpu_loaded = 1;
10525 __kernel_fpu_begin();
10526 @@ -30136,7 +30216,7 @@ index 32c6e6a..d6c5bc2 100644
10527 trace_kvm_fpu(1);
10528 }
10529
10530 -@@ -7549,6 +7551,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
10531 +@@ -7554,6 +7556,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
10532
10533 struct static_key kvm_no_apic_vcpu __read_mostly;
10534
10535 @@ -30145,7 +30225,7 @@ index 32c6e6a..d6c5bc2 100644
10536 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
10537 {
10538 struct page *page;
10539 -@@ -7565,11 +7569,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
10540 +@@ -7570,11 +7574,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
10541 else
10542 vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
10543
10544 @@ -30164,7 +30244,7 @@ index 32c6e6a..d6c5bc2 100644
10545 vcpu->arch.pio_data = page_address(page);
10546
10547 kvm_set_tsc_khz(vcpu, max_tsc_khz);
10548 -@@ -7623,6 +7630,9 @@ fail_mmu_destroy:
10549 +@@ -7628,6 +7635,9 @@ fail_mmu_destroy:
10550 kvm_mmu_destroy(vcpu);
10551 fail_free_pio_data:
10552 free_page((unsigned long)vcpu->arch.pio_data);
10553 @@ -30174,7 +30254,7 @@ index 32c6e6a..d6c5bc2 100644
10554 fail:
10555 return r;
10556 }
10557 -@@ -7640,6 +7650,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
10558 +@@ -7645,6 +7655,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
10559 free_page((unsigned long)vcpu->arch.pio_data);
10560 if (!irqchip_in_kernel(vcpu->kvm))
10561 static_key_slow_dec(&kvm_no_apic_vcpu);
10562 @@ -37280,6 +37360,63 @@ index dda653c..028a13ee 100644
10563 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
10564 goto error;
10565
10566 +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
10567 +index b788f16..b4ffc5b 100644
10568 +--- a/crypto/ablkcipher.c
10569 ++++ b/crypto/ablkcipher.c
10570 +@@ -706,7 +706,7 @@ struct crypto_ablkcipher *crypto_alloc_ablkcipher(const char *alg_name,
10571 + err:
10572 + if (err != -EAGAIN)
10573 + break;
10574 +- if (signal_pending(current)) {
10575 ++ if (fatal_signal_pending(current)) {
10576 + err = -EINTR;
10577 + break;
10578 + }
10579 +diff --git a/crypto/algapi.c b/crypto/algapi.c
10580 +index 3c079b7..b603b34 100644
10581 +--- a/crypto/algapi.c
10582 ++++ b/crypto/algapi.c
10583 +@@ -335,7 +335,7 @@ static void crypto_wait_for_test(struct crypto_larval *larval)
10584 + crypto_alg_tested(larval->alg.cra_driver_name, 0);
10585 + }
10586 +
10587 +- err = wait_for_completion_interruptible(&larval->completion);
10588 ++ err = wait_for_completion_killable(&larval->completion);
10589 + WARN_ON(err);
10590 +
10591 + out:
10592 +diff --git a/crypto/api.c b/crypto/api.c
10593 +index afe4610..bbc147c 100644
10594 +--- a/crypto/api.c
10595 ++++ b/crypto/api.c
10596 +@@ -172,7 +172,7 @@ static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg)
10597 + struct crypto_larval *larval = (void *)alg;
10598 + long timeout;
10599 +
10600 +- timeout = wait_for_completion_interruptible_timeout(
10601 ++ timeout = wait_for_completion_killable_timeout(
10602 + &larval->completion, 60 * HZ);
10603 +
10604 + alg = larval->adult;
10605 +@@ -445,7 +445,7 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask)
10606 + err:
10607 + if (err != -EAGAIN)
10608 + break;
10609 +- if (signal_pending(current)) {
10610 ++ if (fatal_signal_pending(current)) {
10611 + err = -EINTR;
10612 + break;
10613 + }
10614 +@@ -562,7 +562,7 @@ void *crypto_alloc_tfm(const char *alg_name,
10615 + err:
10616 + if (err != -EAGAIN)
10617 + break;
10618 +- if (signal_pending(current)) {
10619 ++ if (fatal_signal_pending(current)) {
10620 + err = -EINTR;
10621 + break;
10622 + }
10623 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
10624 index 22ba81f..1acac67 100644
10625 --- a/crypto/cryptd.c
10626 @@ -37302,6 +37439,19 @@ index 22ba81f..1acac67 100644
10627
10628 static void cryptd_queue_worker(struct work_struct *work);
10629
10630 +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
10631 +index 08ea286..d59fb4e 100644
10632 +--- a/crypto/crypto_user.c
10633 ++++ b/crypto/crypto_user.c
10634 +@@ -376,7 +376,7 @@ static struct crypto_alg *crypto_user_skcipher_alg(const char *name, u32 type,
10635 + err = PTR_ERR(alg);
10636 + if (err != -EAGAIN)
10637 + break;
10638 +- if (signal_pending(current)) {
10639 ++ if (fatal_signal_pending(current)) {
10640 + err = -EINTR;
10641 + break;
10642 + }
10643 diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
10644 index 45e7d51..2967121 100644
10645 --- a/crypto/pcrypt.c
10646 @@ -39609,7 +39759,7 @@ index 4c20c22..caef1eb 100644
10647 if (ti.nwa_v) {
10648 pd->nwa = be32_to_cpu(ti.next_writable);
10649 diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
10650 -index bc67a93..d552e86 100644
10651 +index 324bf35..02b54e6 100644
10652 --- a/drivers/block/rbd.c
10653 +++ b/drivers/block/rbd.c
10654 @@ -64,7 +64,7 @@
10655 @@ -58251,6 +58401,19 @@ index 84a110a..96312c3 100644
10656 {
10657 .ident = "Sahara Touch-iT",
10658 .matches = {
10659 +diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
10660 +index 1aaf893..da2885a 100644
10661 +--- a/drivers/video/console/fbcon.c
10662 ++++ b/drivers/video/console/fbcon.c
10663 +@@ -106,7 +106,7 @@ static int fbcon_softback_size = 32768;
10664 + static unsigned long softback_buf, softback_curr;
10665 + static unsigned long softback_in;
10666 + static unsigned long softback_top, softback_end;
10667 +-static int softback_lines;
10668 ++static long softback_lines;
10669 + /* console mappings */
10670 + static int first_fb_vc;
10671 + static int last_fb_vc = MAX_NR_CONSOLES - 1;
10672 diff --git a/drivers/video/fbdev/arcfb.c b/drivers/video/fbdev/arcfb.c
10673 index 1b0b233..6f34c2c 100644
10674 --- a/drivers/video/fbdev/arcfb.c
10675 @@ -94171,7 +94334,7 @@ index 0000000..a24b338
10676 +}
10677 diff --git a/grsecurity/grsec_mem.c b/grsecurity/grsec_mem.c
10678 new file mode 100644
10679 -index 0000000..0e39d8c7
10680 +index 0000000..0e39d8c
10681 --- /dev/null
10682 +++ b/grsecurity/grsec_mem.c
10683 @@ -0,0 +1,48 @@
10684 @@ -96842,7 +97005,7 @@ index a76c917..63b52db 100644
10685 asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
10686 /*
10687 diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
10688 -index dfaa7b3..115dcfc 100644
10689 +index dfaa7b3..d8bb2a0 100644
10690 --- a/include/linux/compiler-gcc.h
10691 +++ b/include/linux/compiler-gcc.h
10692 @@ -116,8 +116,8 @@
10693 @@ -96895,13 +97058,12 @@ index dfaa7b3..115dcfc 100644
10694 /*
10695 * Mark a position in code as unreachable. This can be used to
10696 * suppress control flow warnings after asm blocks that transfer
10697 -@@ -237,6 +266,11 @@
10698 +@@ -237,6 +266,10 @@
10699 #define KASAN_ABI_VERSION 3
10700 #endif
10701
10702 +#if GCC_VERSION >= 50000
10703 -+// Disable for now as size_overflow doesn't support it
10704 -+// #define CC_HAVE_BUILTIN_OVERFLOW
10705 ++//#define CC_HAVE_BUILTIN_OVERFLOW
10706 +#endif
10707 +
10708 #endif /* gcc version >= 40000 specific checks */
10709 @@ -101254,7 +101416,7 @@ index 9b1ef0c..9fa3feb 100644
10710
10711 /*
10712 diff --git a/include/linux/sched.h b/include/linux/sched.h
10713 -index bfca8aa..c8b327c 100644
10714 +index bfca8aa..ac50d1b 100644
10715 --- a/include/linux/sched.h
10716 +++ b/include/linux/sched.h
10717 @@ -7,7 +7,7 @@
10718 @@ -101378,7 +101540,16 @@ index bfca8aa..c8b327c 100644
10719 char comm[TASK_COMM_LEN]; /* executable name excluding path
10720 - access with [gs]et_task_comm (which lock
10721 it with task_lock())
10722 -@@ -1610,6 +1641,10 @@ struct task_struct {
10723 +@@ -1534,6 +1565,8 @@ struct task_struct {
10724 + /* hung task detection */
10725 + unsigned long last_switch_count;
10726 + #endif
10727 ++/* CPU-specific state of this task */
10728 ++ struct thread_struct thread;
10729 + /* filesystem information */
10730 + struct fs_struct *fs;
10731 + /* open file information */
10732 +@@ -1610,6 +1643,10 @@ struct task_struct {
10733 gfp_t lockdep_reclaim_gfp;
10734 #endif
10735
10736 @@ -101389,7 +101560,7 @@ index bfca8aa..c8b327c 100644
10737 /* journalling filesystem info */
10738 void *journal_info;
10739
10740 -@@ -1648,6 +1683,10 @@ struct task_struct {
10741 +@@ -1648,6 +1685,10 @@ struct task_struct {
10742 /* cg_list protected by css_set_lock and tsk->alloc_lock */
10743 struct list_head cg_list;
10744 #endif
10745 @@ -101400,7 +101571,7 @@ index bfca8aa..c8b327c 100644
10746 #ifdef CONFIG_FUTEX
10747 struct robust_list_head __user *robust_list;
10748 #ifdef CONFIG_COMPAT
10749 -@@ -1759,7 +1798,7 @@ struct task_struct {
10750 +@@ -1759,7 +1800,7 @@ struct task_struct {
10751 * Number of functions that haven't been traced
10752 * because of depth overrun.
10753 */
10754 @@ -101409,10 +101580,19 @@ index bfca8aa..c8b327c 100644
10755 /* Pause for the tracing */
10756 atomic_t tracing_graph_pause;
10757 #endif
10758 -@@ -1788,22 +1827,91 @@ struct task_struct {
10759 +@@ -1788,22 +1829,89 @@ struct task_struct {
10760 unsigned long task_state_change;
10761 #endif
10762 int pagefault_disabled;
10763 +-/* CPU-specific state of this task */
10764 +- struct thread_struct thread;
10765 +-/*
10766 +- * WARNING: on x86, 'thread_struct' contains a variable-sized
10767 +- * structure. It *MUST* be at the end of 'task_struct'.
10768 +- *
10769 +- * Do not put anything below here!
10770 +- */
10771 +-};
10772 +
10773 +#ifdef CONFIG_GRKERNSEC
10774 + /* grsecurity */
10775 @@ -101441,15 +101621,6 @@ index bfca8aa..c8b327c 100644
10776 +#ifdef CONFIG_X86
10777 + struct thread_info tinfo;
10778 +#endif
10779 - /* CPU-specific state of this task */
10780 - struct thread_struct thread;
10781 --/*
10782 -- * WARNING: on x86, 'thread_struct' contains a variable-sized
10783 -- * structure. It *MUST* be at the end of 'task_struct'.
10784 -- *
10785 -- * Do not put anything below here!
10786 -- */
10787 --};
10788 +} __randomize_layout;
10789
10790 #ifdef CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT
10791 @@ -101689,7 +101860,7 @@ index ab1e039..ad4229e 100644
10792
10793 static inline void disallow_signal(int sig)
10794 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
10795 -index 9b88536..db7cc7f 100644
10796 +index 2751588..dc96c12 100644
10797 --- a/include/linux/skbuff.h
10798 +++ b/include/linux/skbuff.h
10799 @@ -784,7 +784,7 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags,
10800 @@ -101728,7 +101899,7 @@ index 9b88536..db7cc7f 100644
10801 #endif
10802
10803 int ___pskb_trim(struct sk_buff *skb, unsigned int len);
10804 -@@ -2682,9 +2682,9 @@ struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock,
10805 +@@ -2685,9 +2685,9 @@ struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock,
10806 int *err);
10807 unsigned int datagram_poll(struct file *file, struct socket *sock,
10808 struct poll_table_struct *wait);
10809 @@ -101740,7 +101911,7 @@ index 9b88536..db7cc7f 100644
10810 struct msghdr *msg, int size)
10811 {
10812 return skb_copy_datagram_iter(from, offset, &msg->msg_iter, size);
10813 -@@ -3213,6 +3213,9 @@ static inline void nf_reset(struct sk_buff *skb)
10814 +@@ -3216,6 +3216,9 @@ static inline void nf_reset(struct sk_buff *skb)
10815 nf_bridge_put(skb->nf_bridge);
10816 skb->nf_bridge = NULL;
10817 #endif
10818 @@ -102830,7 +103001,7 @@ index 5122b5e..598b440 100644
10819 void v9fs_register_trans(struct p9_trans_module *m);
10820 void v9fs_unregister_trans(struct p9_trans_module *m);
10821 diff --git a/include/net/af_unix.h b/include/net/af_unix.h
10822 -index 4a167b3..73dcbb3 100644
10823 +index cb1b9bb..56b3ee0 100644
10824 --- a/include/net/af_unix.h
10825 +++ b/include/net/af_unix.h
10826 @@ -36,7 +36,7 @@ struct unix_skb_parms {
10827 @@ -103429,7 +103600,7 @@ index 495c87e..5b327ff 100644
10828
10829 /* Structure to track chunk fragments that have been acked, but peer
10830 diff --git a/include/net/sock.h b/include/net/sock.h
10831 -index f21f070..29ac73e 100644
10832 +index 4ca4c3f..1573f47 100644
10833 --- a/include/net/sock.h
10834 +++ b/include/net/sock.h
10835 @@ -198,7 +198,7 @@ struct sock_common {
10836 @@ -103450,7 +103621,7 @@ index f21f070..29ac73e 100644
10837 int sk_rcvbuf;
10838
10839 struct sk_filter __rcu *sk_filter;
10840 -@@ -1038,7 +1038,7 @@ struct proto {
10841 +@@ -1046,7 +1046,7 @@ struct proto {
10842 void (*destroy_cgroup)(struct mem_cgroup *memcg);
10843 struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg);
10844 #endif
10845 @@ -103459,7 +103630,7 @@ index f21f070..29ac73e 100644
10846
10847 /*
10848 * Bits in struct cg_proto.flags
10849 -@@ -1211,7 +1211,7 @@ static inline void memcg_memory_allocated_sub(struct cg_proto *prot,
10850 +@@ -1219,7 +1219,7 @@ static inline void memcg_memory_allocated_sub(struct cg_proto *prot,
10851 page_counter_uncharge(&prot->memory_allocated, amt);
10852 }
10853
10854 @@ -103468,7 +103639,7 @@ index f21f070..29ac73e 100644
10855 sk_memory_allocated(const struct sock *sk)
10856 {
10857 struct proto *prot = sk->sk_prot;
10858 -@@ -1776,7 +1776,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
10859 +@@ -1784,7 +1784,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
10860 }
10861
10862 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
10863 @@ -103477,7 +103648,7 @@ index f21f070..29ac73e 100644
10864 int copy, int offset)
10865 {
10866 if (skb->ip_summed == CHECKSUM_NONE) {
10867 -@@ -2023,7 +2023,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
10868 +@@ -2031,7 +2031,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
10869 }
10870 }
10871
10872 @@ -103486,7 +103657,7 @@ index f21f070..29ac73e 100644
10873 bool force_schedule);
10874
10875 /**
10876 -@@ -2099,7 +2099,7 @@ struct sock_skb_cb {
10877 +@@ -2107,7 +2107,7 @@ struct sock_skb_cb {
10878 static inline void
10879 sock_skb_set_dropcount(const struct sock *sk, struct sk_buff *skb)
10880 {
10881 @@ -110353,7 +110524,7 @@ index 85d5bb1..aeca463 100644
10882 update_vsyscall_tz();
10883 if (firsttime) {
10884 diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
10885 -index a20d411..255b10a 100644
10886 +index 3688f1e..3dfea48 100644
10887 --- a/kernel/time/timekeeping.c
10888 +++ b/kernel/time/timekeeping.c
10889 @@ -15,6 +15,7 @@
10890 @@ -111227,7 +111398,7 @@ index a6ffa43..e48103b 100644
10891 .thread_should_run = watchdog_should_run,
10892 .thread_fn = watchdog,
10893 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
10894 -index a413acb..9c3d36a 100644
10895 +index 1de0f5fab..dbf1ec6 100644
10896 --- a/kernel/workqueue.c
10897 +++ b/kernel/workqueue.c
10898 @@ -4452,7 +4452,7 @@ static void rebind_workers(struct worker_pool *pool)
10899 @@ -118405,21 +118576,8 @@ index b94b1d2..da3ed7c 100644
10900 }
10901 EXPORT_SYMBOL(dev_load);
10902
10903 -diff --git a/net/core/ethtool.c b/net/core/ethtool.c
10904 -index b495ab1..29edf74 100644
10905 ---- a/net/core/ethtool.c
10906 -+++ b/net/core/ethtool.c
10907 -@@ -1284,7 +1284,7 @@ static int ethtool_get_strings(struct net_device *dev, void __user *useraddr)
10908 -
10909 - gstrings.len = ret;
10910 -
10911 -- data = kmalloc(gstrings.len * ETH_GSTRING_LEN, GFP_USER);
10912 -+ data = kcalloc(gstrings.len, ETH_GSTRING_LEN, GFP_USER);
10913 - if (!data)
10914 - return -ENOMEM;
10915 -
10916 diff --git a/net/core/filter.c b/net/core/filter.c
10917 -index be3098f..51ee477 100644
10918 +index 8dcdd86..a809731 100644
10919 --- a/net/core/filter.c
10920 +++ b/net/core/filter.c
10921 @@ -582,7 +582,11 @@ do_pass:
10922 @@ -118453,21 +118611,6 @@ index be3098f..51ee477 100644
10923
10924 fp->len = fprog->len;
10925 /* Since unattached filters are not copied back to user
10926 -@@ -1701,9 +1705,13 @@ int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf,
10927 - goto out;
10928 -
10929 - /* We're copying the filter that has been originally attached,
10930 -- * so no conversion/decode needed anymore.
10931 -+ * so no conversion/decode needed anymore. eBPF programs that
10932 -+ * have no original program cannot be dumped through this.
10933 - */
10934 -+ ret = -EACCES;
10935 - fprog = filter->prog->orig_prog;
10936 -+ if (!fprog)
10937 -+ goto out;
10938 -
10939 - ret = fprog->len;
10940 - if (!len)
10941 diff --git a/net/core/flow.c b/net/core/flow.c
10942 index 1033725..340f65d 100644
10943 --- a/net/core/flow.c
10944 @@ -118770,7 +118913,7 @@ index 3b6899b..20d20e7 100644
10945 msg->msg_controllen -= cmlen;
10946 }
10947 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
10948 -index 7b84330..e0f5a86 100644
10949 +index 7bfa187..032715a 100644
10950 --- a/net/core/skbuff.c
10951 +++ b/net/core/skbuff.c
10952 @@ -2103,7 +2103,7 @@ EXPORT_SYMBOL(__skb_checksum);
10953 @@ -118782,7 +118925,7 @@ index 7b84330..e0f5a86 100644
10954 .update = csum_partial_ext,
10955 .combine = csum_block_add_ext,
10956 };
10957 -@@ -3317,12 +3317,14 @@ void __init skb_init(void)
10958 +@@ -3318,12 +3318,14 @@ void __init skb_init(void)
10959 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
10960 sizeof(struct sk_buff),
10961 0,
10962 @@ -119346,10 +119489,10 @@ index 3a06586..1020c5b 100644
10963 return nh->nh_saddr;
10964 }
10965 diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
10966 -index 1349571..e136d6e 100644
10967 +index 61b45a1..2970363 100644
10968 --- a/net/ipv4/inet_connection_sock.c
10969 +++ b/net/ipv4/inet_connection_sock.c
10970 -@@ -728,8 +728,8 @@ struct sock *inet_csk_clone_lock(const struct sock *sk,
10971 +@@ -729,8 +729,8 @@ struct sock *inet_csk_clone_lock(const struct sock *sk,
10972 newsk->sk_write_space = sk_stream_write_space;
10973
10974 newsk->sk_mark = inet_rsk(req)->ir_mark;
10975 @@ -120992,10 +121135,10 @@ index f1159bb..0db5dad 100644
10976 return -ENOMEM;
10977 }
10978 diff --git a/net/ipv6/route.c b/net/ipv6/route.c
10979 -index 00b64d4..da5099e 100644
10980 +index dd6ebba..69d56e8 100644
10981 --- a/net/ipv6/route.c
10982 +++ b/net/ipv6/route.c
10983 -@@ -3430,7 +3430,7 @@ struct ctl_table ipv6_route_table_template[] = {
10984 +@@ -3432,7 +3432,7 @@ struct ctl_table ipv6_route_table_template[] = {
10985
10986 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
10987 {
10988 @@ -122340,7 +122483,7 @@ index 11de55e..f25e448 100644
10989 return 0;
10990 }
10991 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
10992 -index 0857f72..e534fee 100644
10993 +index a133d16..fafee70 100644
10994 --- a/net/netlink/af_netlink.c
10995 +++ b/net/netlink/af_netlink.c
10996 @@ -286,7 +286,7 @@ static void netlink_overrun(struct sock *sk)
10997 @@ -122352,7 +122495,7 @@ index 0857f72..e534fee 100644
10998 }
10999
11000 static void netlink_rcv_wake(struct sock *sk)
11001 -@@ -3135,7 +3135,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
11002 +@@ -3145,7 +3145,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
11003 sk_wmem_alloc_get(s),
11004 nlk->cb_running,
11005 atomic_read(&s->sk_refcnt),
11006 @@ -123693,10 +123836,10 @@ index 2cd252f..eefac51 100644
11007 .proc_handler = read_reset_stat,
11008 },
11009 diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
11010 -index 2e1348b..2d3b463 100644
11011 +index 96d886a..35a2137 100644
11012 --- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
11013 +++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
11014 -@@ -209,7 +209,7 @@ int rdma_read_chunk_lcl(struct svcxprt_rdma *xprt,
11015 +@@ -210,7 +210,7 @@ int rdma_read_chunk_lcl(struct svcxprt_rdma *xprt,
11016 *page_no = pg_no;
11017 *page_offset = pg_off;
11018 ret = read;
11019 @@ -123705,7 +123848,7 @@ index 2e1348b..2d3b463 100644
11020 return ret;
11021 err:
11022 svc_rdma_unmap_dma(ctxt);
11023 -@@ -345,7 +345,7 @@ int rdma_read_chunk_frmr(struct svcxprt_rdma *xprt,
11024 +@@ -347,7 +347,7 @@ int rdma_read_chunk_frmr(struct svcxprt_rdma *xprt,
11025 *page_no = pg_no;
11026 *page_offset = pg_off;
11027 ret = read;
11028 @@ -123714,7 +123857,7 @@ index 2e1348b..2d3b463 100644
11029 return ret;
11030 err:
11031 svc_rdma_unmap_dma(ctxt);
11032 -@@ -599,7 +599,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp)
11033 +@@ -601,7 +601,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp)
11034 dto_q);
11035 list_del_init(&ctxt->dto_q);
11036 } else {
11037 @@ -123723,7 +123866,7 @@ index 2e1348b..2d3b463 100644
11038 clear_bit(XPT_DATA, &xprt->xpt_flags);
11039 ctxt = NULL;
11040 }
11041 -@@ -617,7 +617,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp)
11042 +@@ -619,7 +619,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp)
11043 }
11044 dprintk("svcrdma: processing ctxt=%p on xprt=%p, rqstp=%p, status=%d\n",
11045 ctxt, rdma_xprt, rqstp, ctxt->wc_status);
11046 @@ -123863,7 +124006,7 @@ index 350cca3..a108fc5 100644
11047 sub->evt.event = htohl(event, sub->swap);
11048 sub->evt.found_lower = htohl(found_lower, sub->swap);
11049 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
11050 -index 03ee4d3..55f7125 100644
11051 +index 94f6582..b71ef93 100644
11052 --- a/net/unix/af_unix.c
11053 +++ b/net/unix/af_unix.c
11054 @@ -802,6 +802,12 @@ static struct sock *unix_find_other(struct net *net,
11055 @@ -123912,7 +124055,7 @@ index 03ee4d3..55f7125 100644
11056 done_path_create(&path, dentry);
11057 return err;
11058 }
11059 -@@ -2440,11 +2459,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
11060 +@@ -2455,11 +2474,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
11061 writable = unix_writable(sk);
11062 other = unix_peer_get(sk);
11063 if (other) {
11064 @@ -123929,7 +124072,7 @@ index 03ee4d3..55f7125 100644
11065 sock_put(other);
11066 }
11067
11068 -@@ -2541,9 +2563,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
11069 +@@ -2556,9 +2578,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
11070 seq_puts(seq, "Num RefCount Protocol Flags Type St "
11071 "Inode Path\n");
11072 else {
11073 @@ -123944,7 +124087,7 @@ index 03ee4d3..55f7125 100644
11074
11075 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
11076 s,
11077 -@@ -2568,10 +2594,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
11078 +@@ -2583,10 +2609,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
11079 seq_putc(seq, '@');
11080 i++;
11081 }
11082 @@ -167255,10 +167398,10 @@ index 0000000..17bc0d8
11083 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
11084 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_ipa.c b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c
11085 new file mode 100644
11086 -index 0000000..9faa203
11087 +index 0000000..c8ebf92
11088 --- /dev/null
11089 +++ b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c
11090 -@@ -0,0 +1,1225 @@
11091 +@@ -0,0 +1,1226 @@
11092 +/*
11093 + * Copyright 2011-2015 by Emese Revfy <re.emese@×××××.com>
11094 + * Licensed under the GPL v2, or (at your option) v3
11095 @@ -167683,9 +167826,10 @@ index 0000000..9faa203
11096 + // TODO
11097 + case BIT_FIELD_REF:
11098 + case VIEW_CONVERT_EXPR:
11099 ++ case REALPART_EXPR:
11100 ++ case IMAGPART_EXPR:
11101 + return;
11102 + default:
11103 -+ // XXX: keep this syncronized with size_overflow_transform.c:search_interesting_structs()
11104 + debug_tree((tree)node);
11105 + gcc_unreachable();
11106 + }
11107 @@ -168997,7 +169141,7 @@ index 0000000..6075e8f
11108 +
11109 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
11110 new file mode 100644
11111 -index 0000000..9beb012
11112 +index 0000000..b6d179f
11113 --- /dev/null
11114 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
11115 @@ -0,0 +1,318 @@
11116 @@ -169032,7 +169176,7 @@ index 0000000..9beb012
11117 +tree size_overflow_type_TI;
11118 +
11119 +static struct plugin_info size_overflow_plugin_info = {
11120 -+ .version = "20151025",
11121 ++ .version = "20151026",
11122 + .help = "no-size-overflow\tturn off size overflow checking\n",
11123 +};
11124 +
11125
11126 diff --git a/4.2.4/4425_grsec_remove_EI_PAX.patch b/4.2.5/4425_grsec_remove_EI_PAX.patch
11127 similarity index 100%
11128 rename from 4.2.4/4425_grsec_remove_EI_PAX.patch
11129 rename to 4.2.5/4425_grsec_remove_EI_PAX.patch
11130
11131 diff --git a/4.2.4/4427_force_XATTR_PAX_tmpfs.patch b/4.2.5/4427_force_XATTR_PAX_tmpfs.patch
11132 similarity index 100%
11133 rename from 4.2.4/4427_force_XATTR_PAX_tmpfs.patch
11134 rename to 4.2.5/4427_force_XATTR_PAX_tmpfs.patch
11135
11136 diff --git a/4.2.4/4430_grsec-remove-localversion-grsec.patch b/4.2.5/4430_grsec-remove-localversion-grsec.patch
11137 similarity index 100%
11138 rename from 4.2.4/4430_grsec-remove-localversion-grsec.patch
11139 rename to 4.2.5/4430_grsec-remove-localversion-grsec.patch
11140
11141 diff --git a/4.2.4/4435_grsec-mute-warnings.patch b/4.2.5/4435_grsec-mute-warnings.patch
11142 similarity index 100%
11143 rename from 4.2.4/4435_grsec-mute-warnings.patch
11144 rename to 4.2.5/4435_grsec-mute-warnings.patch
11145
11146 diff --git a/4.2.4/4440_grsec-remove-protected-paths.patch b/4.2.5/4440_grsec-remove-protected-paths.patch
11147 similarity index 100%
11148 rename from 4.2.4/4440_grsec-remove-protected-paths.patch
11149 rename to 4.2.5/4440_grsec-remove-protected-paths.patch
11150
11151 diff --git a/4.2.4/4450_grsec-kconfig-default-gids.patch b/4.2.5/4450_grsec-kconfig-default-gids.patch
11152 similarity index 100%
11153 rename from 4.2.4/4450_grsec-kconfig-default-gids.patch
11154 rename to 4.2.5/4450_grsec-kconfig-default-gids.patch
11155
11156 diff --git a/4.2.4/4465_selinux-avc_audit-log-curr_ip.patch b/4.2.5/4465_selinux-avc_audit-log-curr_ip.patch
11157 similarity index 100%
11158 rename from 4.2.4/4465_selinux-avc_audit-log-curr_ip.patch
11159 rename to 4.2.5/4465_selinux-avc_audit-log-curr_ip.patch
11160
11161 diff --git a/4.2.4/4470_disable-compat_vdso.patch b/4.2.5/4470_disable-compat_vdso.patch
11162 similarity index 100%
11163 rename from 4.2.4/4470_disable-compat_vdso.patch
11164 rename to 4.2.5/4470_disable-compat_vdso.patch
11165
11166 diff --git a/4.2.4/4475_emutramp_default_on.patch b/4.2.5/4475_emutramp_default_on.patch
11167 similarity index 100%
11168 rename from 4.2.4/4475_emutramp_default_on.patch
11169 rename to 4.2.5/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups