Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.4 commit in: /
Date: Tue, 11 Feb 2020 15:35:44
Message-Id: 1581435316.017dcca4be57c6514a165e84650e101f9273aff9.mpagano@gentoo
1 commit: 017dcca4be57c6514a165e84650e101f9273aff9
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Tue Feb 11 15:35:16 2020 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Tue Feb 11 15:35:16 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=017dcca4
7
8 Linux patch 5.4.19
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1018_linux-5.4.19.patch | 15537 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 15541 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index a0fadf6..b15a5b3 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -115,6 +115,10 @@ Patch: 1017_linux-5.4.18.patch
21 From: http://www.kernel.org
22 Desc: Linux 5.4.18
23
24 +Patch: 1018_linux-5.4.19.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 5.4.19
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1018_linux-5.4.19.patch b/1018_linux-5.4.19.patch
33 new file mode 100644
34 index 0000000..a769bba
35 --- /dev/null
36 +++ b/1018_linux-5.4.19.patch
37 @@ -0,0 +1,15537 @@
38 +diff --git a/MAINTAINERS b/MAINTAINERS
39 +index 4f7ac27d8651..d1aeebb59e6a 100644
40 +--- a/MAINTAINERS
41 ++++ b/MAINTAINERS
42 +@@ -8704,8 +8704,10 @@ L: isdn4linux@×××××××××××××××××××.de (subscribers-only)
43 + L: netdev@×××××××××××.org
44 + W: http://www.isdn4linux.de
45 + S: Maintained
46 +-F: drivers/isdn/mISDN
47 +-F: drivers/isdn/hardware
48 ++F: drivers/isdn/mISDN/
49 ++F: drivers/isdn/hardware/
50 ++F: drivers/isdn/Kconfig
51 ++F: drivers/isdn/Makefile
52 +
53 + ISDN/CAPI SUBSYSTEM
54 + M: Karsten Keil <isdn@×××××××××××.de>
55 +diff --git a/Makefile b/Makefile
56 +index b6c151fd5227..2f55d377f0db 100644
57 +--- a/Makefile
58 ++++ b/Makefile
59 +@@ -1,7 +1,7 @@
60 + # SPDX-License-Identifier: GPL-2.0
61 + VERSION = 5
62 + PATCHLEVEL = 4
63 +-SUBLEVEL = 18
64 ++SUBLEVEL = 19
65 + EXTRAVERSION =
66 + NAME = Kleptomaniac Octopus
67 +
68 +diff --git a/arch/Kconfig b/arch/Kconfig
69 +index 5f8a5d84dbbe..43102756304c 100644
70 +--- a/arch/Kconfig
71 ++++ b/arch/Kconfig
72 +@@ -396,9 +396,6 @@ config HAVE_ARCH_JUMP_LABEL_RELATIVE
73 + config HAVE_RCU_TABLE_FREE
74 + bool
75 +
76 +-config HAVE_RCU_TABLE_NO_INVALIDATE
77 +- bool
78 +-
79 + config HAVE_MMU_GATHER_PAGE_SIZE
80 + bool
81 +
82 +diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h
83 +index 40002416efec..8e995ec796c8 100644
84 +--- a/arch/arm/include/asm/kvm_emulate.h
85 ++++ b/arch/arm/include/asm/kvm_emulate.h
86 +@@ -14,13 +14,25 @@
87 + #include <asm/cputype.h>
88 +
89 + /* arm64 compatibility macros */
90 ++#define PSR_AA32_MODE_FIQ FIQ_MODE
91 ++#define PSR_AA32_MODE_SVC SVC_MODE
92 + #define PSR_AA32_MODE_ABT ABT_MODE
93 + #define PSR_AA32_MODE_UND UND_MODE
94 + #define PSR_AA32_T_BIT PSR_T_BIT
95 ++#define PSR_AA32_F_BIT PSR_F_BIT
96 + #define PSR_AA32_I_BIT PSR_I_BIT
97 + #define PSR_AA32_A_BIT PSR_A_BIT
98 + #define PSR_AA32_E_BIT PSR_E_BIT
99 + #define PSR_AA32_IT_MASK PSR_IT_MASK
100 ++#define PSR_AA32_GE_MASK 0x000f0000
101 ++#define PSR_AA32_DIT_BIT 0x00200000
102 ++#define PSR_AA32_PAN_BIT 0x00400000
103 ++#define PSR_AA32_SSBS_BIT 0x00800000
104 ++#define PSR_AA32_Q_BIT PSR_Q_BIT
105 ++#define PSR_AA32_V_BIT PSR_V_BIT
106 ++#define PSR_AA32_C_BIT PSR_C_BIT
107 ++#define PSR_AA32_Z_BIT PSR_Z_BIT
108 ++#define PSR_AA32_N_BIT PSR_N_BIT
109 +
110 + unsigned long *vcpu_reg(struct kvm_vcpu *vcpu, u8 reg_num);
111 +
112 +@@ -41,6 +53,11 @@ static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v)
113 + *__vcpu_spsr(vcpu) = v;
114 + }
115 +
116 ++static inline unsigned long host_spsr_to_spsr32(unsigned long spsr)
117 ++{
118 ++ return spsr;
119 ++}
120 ++
121 + static inline unsigned long vcpu_get_reg(struct kvm_vcpu *vcpu,
122 + u8 reg_num)
123 + {
124 +@@ -177,6 +194,11 @@ static inline bool kvm_vcpu_dabt_issext(struct kvm_vcpu *vcpu)
125 + return kvm_vcpu_get_hsr(vcpu) & HSR_SSE;
126 + }
127 +
128 ++static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu)
129 ++{
130 ++ return false;
131 ++}
132 ++
133 + static inline int kvm_vcpu_dabt_get_rd(struct kvm_vcpu *vcpu)
134 + {
135 + return (kvm_vcpu_get_hsr(vcpu) & HSR_SRT_MASK) >> HSR_SRT_SHIFT;
136 +diff --git a/arch/arm/include/asm/kvm_mmio.h b/arch/arm/include/asm/kvm_mmio.h
137 +index 7c0eddb0adb2..32fbf82e3ebc 100644
138 +--- a/arch/arm/include/asm/kvm_mmio.h
139 ++++ b/arch/arm/include/asm/kvm_mmio.h
140 +@@ -14,6 +14,8 @@
141 + struct kvm_decode {
142 + unsigned long rt;
143 + bool sign_extend;
144 ++ /* Not used on 32-bit arm */
145 ++ bool sixty_four;
146 + };
147 +
148 + void kvm_mmio_write_buf(void *buf, unsigned int len, unsigned long data);
149 +diff --git a/arch/arm/mach-tegra/sleep-tegra30.S b/arch/arm/mach-tegra/sleep-tegra30.S
150 +index b408fa56eb89..6922dd8d3e2d 100644
151 +--- a/arch/arm/mach-tegra/sleep-tegra30.S
152 ++++ b/arch/arm/mach-tegra/sleep-tegra30.S
153 +@@ -370,6 +370,14 @@ _pll_m_c_x_done:
154 + pll_locked r1, r0, CLK_RESET_PLLC_BASE
155 + pll_locked r1, r0, CLK_RESET_PLLX_BASE
156 +
157 ++ tegra_get_soc_id TEGRA_APB_MISC_BASE, r1
158 ++ cmp r1, #TEGRA30
159 ++ beq 1f
160 ++ ldr r1, [r0, #CLK_RESET_PLLP_BASE]
161 ++ bic r1, r1, #(1<<31) @ disable PllP bypass
162 ++ str r1, [r0, #CLK_RESET_PLLP_BASE]
163 ++1:
164 ++
165 + mov32 r7, TEGRA_TMRUS_BASE
166 + ldr r1, [r7]
167 + add r1, r1, #LOCK_DELAY
168 +@@ -630,7 +638,10 @@ tegra30_switch_cpu_to_clk32k:
169 + str r0, [r4, #PMC_PLLP_WB0_OVERRIDE]
170 +
171 + /* disable PLLP, PLLA, PLLC and PLLX */
172 ++ tegra_get_soc_id TEGRA_APB_MISC_BASE, r1
173 ++ cmp r1, #TEGRA30
174 + ldr r0, [r5, #CLK_RESET_PLLP_BASE]
175 ++ orrne r0, r0, #(1 << 31) @ enable PllP bypass on fast cluster
176 + bic r0, r0, #(1 << 30)
177 + str r0, [r5, #CLK_RESET_PLLP_BASE]
178 + ldr r0, [r5, #CLK_RESET_PLLA_BASE]
179 +diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
180 +index 7d042d5c43e3..27576c7b836e 100644
181 +--- a/arch/arm/mm/dma-mapping.c
182 ++++ b/arch/arm/mm/dma-mapping.c
183 +@@ -221,7 +221,7 @@ EXPORT_SYMBOL(arm_coherent_dma_ops);
184 +
185 + static int __dma_supported(struct device *dev, u64 mask, bool warn)
186 + {
187 +- unsigned long max_dma_pfn = min(max_pfn, arm_dma_pfn_limit);
188 ++ unsigned long max_dma_pfn = min(max_pfn - 1, arm_dma_pfn_limit);
189 +
190 + /*
191 + * Translate the device's DMA mask to a PFN limit. This
192 +diff --git a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi
193 +index 501a7330dbc8..522d3ef72df5 100644
194 +--- a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi
195 ++++ b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi
196 +@@ -73,6 +73,7 @@
197 + regulator-always-on;
198 + regulator-boot-on;
199 + regulator-name = "vdd_apc";
200 ++ regulator-initial-mode = <1>;
201 + regulator-min-microvolt = <1048000>;
202 + regulator-max-microvolt = <1384000>;
203 + };
204 +diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c
205 +index 70b1469783f9..24bc0a3f26e2 100644
206 +--- a/arch/arm64/crypto/ghash-ce-glue.c
207 ++++ b/arch/arm64/crypto/ghash-ce-glue.c
208 +@@ -261,7 +261,7 @@ static int ghash_setkey(struct crypto_shash *tfm,
209 + static struct shash_alg ghash_alg[] = {{
210 + .base.cra_name = "ghash",
211 + .base.cra_driver_name = "ghash-neon",
212 +- .base.cra_priority = 100,
213 ++ .base.cra_priority = 150,
214 + .base.cra_blocksize = GHASH_BLOCK_SIZE,
215 + .base.cra_ctxsize = sizeof(struct ghash_key),
216 + .base.cra_module = THIS_MODULE,
217 +diff --git a/arch/arm64/include/asm/daifflags.h b/arch/arm64/include/asm/daifflags.h
218 +index 063c964af705..48bfbf70dbb0 100644
219 +--- a/arch/arm64/include/asm/daifflags.h
220 ++++ b/arch/arm64/include/asm/daifflags.h
221 +@@ -36,7 +36,7 @@ static inline void local_daif_mask(void)
222 + trace_hardirqs_off();
223 + }
224 +
225 +-static inline unsigned long local_daif_save(void)
226 ++static inline unsigned long local_daif_save_flags(void)
227 + {
228 + unsigned long flags;
229 +
230 +@@ -48,6 +48,15 @@ static inline unsigned long local_daif_save(void)
231 + flags |= PSR_I_BIT;
232 + }
233 +
234 ++ return flags;
235 ++}
236 ++
237 ++static inline unsigned long local_daif_save(void)
238 ++{
239 ++ unsigned long flags;
240 ++
241 ++ flags = local_daif_save_flags();
242 ++
243 + local_daif_mask();
244 +
245 + return flags;
246 +diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
247 +index d69c1efc63e7..6ff84f1f3b4c 100644
248 +--- a/arch/arm64/include/asm/kvm_emulate.h
249 ++++ b/arch/arm64/include/asm/kvm_emulate.h
250 +@@ -204,6 +204,38 @@ static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v)
251 + vcpu_gp_regs(vcpu)->spsr[KVM_SPSR_EL1] = v;
252 + }
253 +
254 ++/*
255 ++ * The layout of SPSR for an AArch32 state is different when observed from an
256 ++ * AArch64 SPSR_ELx or an AArch32 SPSR_*. This function generates the AArch32
257 ++ * view given an AArch64 view.
258 ++ *
259 ++ * In ARM DDI 0487E.a see:
260 ++ *
261 ++ * - The AArch64 view (SPSR_EL2) in section C5.2.18, page C5-426
262 ++ * - The AArch32 view (SPSR_abt) in section G8.2.126, page G8-6256
263 ++ * - The AArch32 view (SPSR_und) in section G8.2.132, page G8-6280
264 ++ *
265 ++ * Which show the following differences:
266 ++ *
267 ++ * | Bit | AA64 | AA32 | Notes |
268 ++ * +-----+------+------+-----------------------------|
269 ++ * | 24 | DIT | J | J is RES0 in ARMv8 |
270 ++ * | 21 | SS | DIT | SS doesn't exist in AArch32 |
271 ++ *
272 ++ * ... and all other bits are (currently) common.
273 ++ */
274 ++static inline unsigned long host_spsr_to_spsr32(unsigned long spsr)
275 ++{
276 ++ const unsigned long overlap = BIT(24) | BIT(21);
277 ++ unsigned long dit = !!(spsr & PSR_AA32_DIT_BIT);
278 ++
279 ++ spsr &= ~overlap;
280 ++
281 ++ spsr |= dit << 21;
282 ++
283 ++ return spsr;
284 ++}
285 ++
286 + static inline bool vcpu_mode_priv(const struct kvm_vcpu *vcpu)
287 + {
288 + u32 mode;
289 +@@ -263,6 +295,11 @@ static inline bool kvm_vcpu_dabt_issext(const struct kvm_vcpu *vcpu)
290 + return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SSE);
291 + }
292 +
293 ++static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu)
294 ++{
295 ++ return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SF);
296 ++}
297 ++
298 + static inline int kvm_vcpu_dabt_get_rd(const struct kvm_vcpu *vcpu)
299 + {
300 + return (kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SRT_MASK) >> ESR_ELx_SRT_SHIFT;
301 +diff --git a/arch/arm64/include/asm/kvm_mmio.h b/arch/arm64/include/asm/kvm_mmio.h
302 +index 02b5c48fd467..b204501a0c39 100644
303 +--- a/arch/arm64/include/asm/kvm_mmio.h
304 ++++ b/arch/arm64/include/asm/kvm_mmio.h
305 +@@ -10,13 +10,11 @@
306 + #include <linux/kvm_host.h>
307 + #include <asm/kvm_arm.h>
308 +
309 +-/*
310 +- * This is annoying. The mmio code requires this, even if we don't
311 +- * need any decoding. To be fixed.
312 +- */
313 + struct kvm_decode {
314 + unsigned long rt;
315 + bool sign_extend;
316 ++ /* Witdth of the register accessed by the faulting instruction is 64-bits */
317 ++ bool sixty_four;
318 + };
319 +
320 + void kvm_mmio_write_buf(void *buf, unsigned int len, unsigned long data);
321 +diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h
322 +index fbebb411ae20..bf57308fcd63 100644
323 +--- a/arch/arm64/include/asm/ptrace.h
324 ++++ b/arch/arm64/include/asm/ptrace.h
325 +@@ -62,6 +62,7 @@
326 + #define PSR_AA32_I_BIT 0x00000080
327 + #define PSR_AA32_A_BIT 0x00000100
328 + #define PSR_AA32_E_BIT 0x00000200
329 ++#define PSR_AA32_PAN_BIT 0x00400000
330 + #define PSR_AA32_SSBS_BIT 0x00800000
331 + #define PSR_AA32_DIT_BIT 0x01000000
332 + #define PSR_AA32_Q_BIT 0x08000000
333 +diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
334 +index 7ed9294e2004..d1bb5b69f1ce 100644
335 +--- a/arch/arm64/include/uapi/asm/ptrace.h
336 ++++ b/arch/arm64/include/uapi/asm/ptrace.h
337 +@@ -49,6 +49,7 @@
338 + #define PSR_SSBS_BIT 0x00001000
339 + #define PSR_PAN_BIT 0x00400000
340 + #define PSR_UAO_BIT 0x00800000
341 ++#define PSR_DIT_BIT 0x01000000
342 + #define PSR_V_BIT 0x10000000
343 + #define PSR_C_BIT 0x20000000
344 + #define PSR_Z_BIT 0x40000000
345 +diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c
346 +index 3a58e9db5cfe..a100483b47c4 100644
347 +--- a/arch/arm64/kernel/acpi.c
348 ++++ b/arch/arm64/kernel/acpi.c
349 +@@ -274,7 +274,7 @@ int apei_claim_sea(struct pt_regs *regs)
350 + if (!IS_ENABLED(CONFIG_ACPI_APEI_GHES))
351 + return err;
352 +
353 +- current_flags = arch_local_save_flags();
354 ++ current_flags = local_daif_save_flags();
355 +
356 + /*
357 + * SEA can interrupt SError, mask it and describe this as an NMI so
358 +diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
359 +index a9d25a305af5..a364a4ad5479 100644
360 +--- a/arch/arm64/kvm/inject_fault.c
361 ++++ b/arch/arm64/kvm/inject_fault.c
362 +@@ -14,9 +14,6 @@
363 + #include <asm/kvm_emulate.h>
364 + #include <asm/esr.h>
365 +
366 +-#define PSTATE_FAULT_BITS_64 (PSR_MODE_EL1h | PSR_A_BIT | PSR_F_BIT | \
367 +- PSR_I_BIT | PSR_D_BIT)
368 +-
369 + #define CURRENT_EL_SP_EL0_VECTOR 0x0
370 + #define CURRENT_EL_SP_ELx_VECTOR 0x200
371 + #define LOWER_EL_AArch64_VECTOR 0x400
372 +@@ -50,6 +47,69 @@ static u64 get_except_vector(struct kvm_vcpu *vcpu, enum exception_type type)
373 + return vcpu_read_sys_reg(vcpu, VBAR_EL1) + exc_offset + type;
374 + }
375 +
376 ++/*
377 ++ * When an exception is taken, most PSTATE fields are left unchanged in the
378 ++ * handler. However, some are explicitly overridden (e.g. M[4:0]). Luckily all
379 ++ * of the inherited bits have the same position in the AArch64/AArch32 SPSR_ELx
380 ++ * layouts, so we don't need to shuffle these for exceptions from AArch32 EL0.
381 ++ *
382 ++ * For the SPSR_ELx layout for AArch64, see ARM DDI 0487E.a page C5-429.
383 ++ * For the SPSR_ELx layout for AArch32, see ARM DDI 0487E.a page C5-426.
384 ++ *
385 ++ * Here we manipulate the fields in order of the AArch64 SPSR_ELx layout, from
386 ++ * MSB to LSB.
387 ++ */
388 ++static unsigned long get_except64_pstate(struct kvm_vcpu *vcpu)
389 ++{
390 ++ unsigned long sctlr = vcpu_read_sys_reg(vcpu, SCTLR_EL1);
391 ++ unsigned long old, new;
392 ++
393 ++ old = *vcpu_cpsr(vcpu);
394 ++ new = 0;
395 ++
396 ++ new |= (old & PSR_N_BIT);
397 ++ new |= (old & PSR_Z_BIT);
398 ++ new |= (old & PSR_C_BIT);
399 ++ new |= (old & PSR_V_BIT);
400 ++
401 ++ // TODO: TCO (if/when ARMv8.5-MemTag is exposed to guests)
402 ++
403 ++ new |= (old & PSR_DIT_BIT);
404 ++
405 ++ // PSTATE.UAO is set to zero upon any exception to AArch64
406 ++ // See ARM DDI 0487E.a, page D5-2579.
407 ++
408 ++ // PSTATE.PAN is unchanged unless SCTLR_ELx.SPAN == 0b0
409 ++ // SCTLR_ELx.SPAN is RES1 when ARMv8.1-PAN is not implemented
410 ++ // See ARM DDI 0487E.a, page D5-2578.
411 ++ new |= (old & PSR_PAN_BIT);
412 ++ if (!(sctlr & SCTLR_EL1_SPAN))
413 ++ new |= PSR_PAN_BIT;
414 ++
415 ++ // PSTATE.SS is set to zero upon any exception to AArch64
416 ++ // See ARM DDI 0487E.a, page D2-2452.
417 ++
418 ++ // PSTATE.IL is set to zero upon any exception to AArch64
419 ++ // See ARM DDI 0487E.a, page D1-2306.
420 ++
421 ++ // PSTATE.SSBS is set to SCTLR_ELx.DSSBS upon any exception to AArch64
422 ++ // See ARM DDI 0487E.a, page D13-3258
423 ++ if (sctlr & SCTLR_ELx_DSSBS)
424 ++ new |= PSR_SSBS_BIT;
425 ++
426 ++ // PSTATE.BTYPE is set to zero upon any exception to AArch64
427 ++ // See ARM DDI 0487E.a, pages D1-2293 to D1-2294.
428 ++
429 ++ new |= PSR_D_BIT;
430 ++ new |= PSR_A_BIT;
431 ++ new |= PSR_I_BIT;
432 ++ new |= PSR_F_BIT;
433 ++
434 ++ new |= PSR_MODE_EL1h;
435 ++
436 ++ return new;
437 ++}
438 ++
439 + static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr)
440 + {
441 + unsigned long cpsr = *vcpu_cpsr(vcpu);
442 +@@ -59,7 +119,7 @@ static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr
443 + vcpu_write_elr_el1(vcpu, *vcpu_pc(vcpu));
444 + *vcpu_pc(vcpu) = get_except_vector(vcpu, except_type_sync);
445 +
446 +- *vcpu_cpsr(vcpu) = PSTATE_FAULT_BITS_64;
447 ++ *vcpu_cpsr(vcpu) = get_except64_pstate(vcpu);
448 + vcpu_write_spsr(vcpu, cpsr);
449 +
450 + vcpu_write_sys_reg(vcpu, addr, FAR_EL1);
451 +@@ -94,7 +154,7 @@ static void inject_undef64(struct kvm_vcpu *vcpu)
452 + vcpu_write_elr_el1(vcpu, *vcpu_pc(vcpu));
453 + *vcpu_pc(vcpu) = get_except_vector(vcpu, except_type_sync);
454 +
455 +- *vcpu_cpsr(vcpu) = PSTATE_FAULT_BITS_64;
456 ++ *vcpu_cpsr(vcpu) = get_except64_pstate(vcpu);
457 + vcpu_write_spsr(vcpu, cpsr);
458 +
459 + /*
460 +diff --git a/arch/mips/Makefile.postlink b/arch/mips/Makefile.postlink
461 +index 4eea4188cb20..13e0beb9eee3 100644
462 +--- a/arch/mips/Makefile.postlink
463 ++++ b/arch/mips/Makefile.postlink
464 +@@ -12,7 +12,7 @@ __archpost:
465 + include scripts/Kbuild.include
466 +
467 + CMD_RELOCS = arch/mips/boot/tools/relocs
468 +-quiet_cmd_relocs = RELOCS $@
469 ++quiet_cmd_relocs = RELOCS $@
470 + cmd_relocs = $(CMD_RELOCS) $@
471 +
472 + # `@true` prevents complaint when there is nothing to be done
473 +diff --git a/arch/mips/boot/Makefile b/arch/mips/boot/Makefile
474 +index 528bd73d530a..4ed45ade32a1 100644
475 +--- a/arch/mips/boot/Makefile
476 ++++ b/arch/mips/boot/Makefile
477 +@@ -123,7 +123,7 @@ $(obj)/vmlinux.its.S: $(addprefix $(srctree)/arch/mips/$(PLATFORM)/,$(ITS_INPUTS
478 + targets += vmlinux.its
479 + targets += vmlinux.gz.its
480 + targets += vmlinux.bz2.its
481 +-targets += vmlinux.lzmo.its
482 ++targets += vmlinux.lzma.its
483 + targets += vmlinux.lzo.its
484 +
485 + quiet_cmd_cpp_its_S = ITS $@
486 +diff --git a/arch/mips/kernel/syscalls/Makefile b/arch/mips/kernel/syscalls/Makefile
487 +index a3d4bec695c6..6efb2f6889a7 100644
488 +--- a/arch/mips/kernel/syscalls/Makefile
489 ++++ b/arch/mips/kernel/syscalls/Makefile
490 +@@ -18,7 +18,7 @@ quiet_cmd_syshdr = SYSHDR $@
491 + '$(syshdr_pfx_$(basetarget))' \
492 + '$(syshdr_offset_$(basetarget))'
493 +
494 +-quiet_cmd_sysnr = SYSNR $@
495 ++quiet_cmd_sysnr = SYSNR $@
496 + cmd_sysnr = $(CONFIG_SHELL) '$(sysnr)' '$<' '$@' \
497 + '$(sysnr_abis_$(basetarget))' \
498 + '$(sysnr_pfx_$(basetarget))' \
499 +diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
500 +index 3e56c9c2f16e..2b1033f13210 100644
501 +--- a/arch/powerpc/Kconfig
502 ++++ b/arch/powerpc/Kconfig
503 +@@ -221,8 +221,7 @@ config PPC
504 + select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI && !HAVE_HARDLOCKUP_DETECTOR_ARCH
505 + select HAVE_PERF_REGS
506 + select HAVE_PERF_USER_STACK_DUMP
507 +- select HAVE_RCU_TABLE_FREE if SMP
508 +- select HAVE_RCU_TABLE_NO_INVALIDATE if HAVE_RCU_TABLE_FREE
509 ++ select HAVE_RCU_TABLE_FREE
510 + select HAVE_MMU_GATHER_PAGE_SIZE
511 + select HAVE_REGS_AND_STACK_ACCESS_API
512 + select HAVE_RELIABLE_STACKTRACE if PPC_BOOK3S_64 && CPU_LITTLE_ENDIAN
513 +@@ -237,6 +236,7 @@ config PPC
514 + select NEED_DMA_MAP_STATE if PPC64 || NOT_COHERENT_CACHE
515 + select NEED_SG_DMA_LENGTH
516 + select OF
517 ++ select OF_DMA_DEFAULT_COHERENT if !NOT_COHERENT_CACHE
518 + select OF_EARLY_FLATTREE
519 + select OLD_SIGACTION if PPC32
520 + select OLD_SIGSUSPEND
521 +diff --git a/arch/powerpc/boot/4xx.c b/arch/powerpc/boot/4xx.c
522 +index 1699e9531552..00c4d843a023 100644
523 +--- a/arch/powerpc/boot/4xx.c
524 ++++ b/arch/powerpc/boot/4xx.c
525 +@@ -228,7 +228,7 @@ void ibm4xx_denali_fixup_memsize(void)
526 + dpath = 8; /* 64 bits */
527 +
528 + /* get address pins (rows) */
529 +- val = SDRAM0_READ(DDR0_42);
530 ++ val = SDRAM0_READ(DDR0_42);
531 +
532 + row = DDR_GET_VAL(val, DDR_APIN, DDR_APIN_SHIFT);
533 + if (row > max_row)
534 +diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h
535 +index f9dc597b0b86..91c8f1d9bcee 100644
536 +--- a/arch/powerpc/include/asm/book3s/32/kup.h
537 ++++ b/arch/powerpc/include/asm/book3s/32/kup.h
538 +@@ -102,11 +102,13 @@ static inline void kuap_update_sr(u32 sr, u32 addr, u32 end)
539 + isync(); /* Context sync required after mtsrin() */
540 + }
541 +
542 +-static inline void allow_user_access(void __user *to, const void __user *from, u32 size)
543 ++static __always_inline void allow_user_access(void __user *to, const void __user *from,
544 ++ u32 size, unsigned long dir)
545 + {
546 + u32 addr, end;
547 +
548 +- if (__builtin_constant_p(to) && to == NULL)
549 ++ BUILD_BUG_ON(!__builtin_constant_p(dir));
550 ++ if (!(dir & KUAP_WRITE))
551 + return;
552 +
553 + addr = (__force u32)to;
554 +@@ -119,11 +121,16 @@ static inline void allow_user_access(void __user *to, const void __user *from, u
555 + kuap_update_sr(mfsrin(addr) & ~SR_KS, addr, end); /* Clear Ks */
556 + }
557 +
558 +-static inline void prevent_user_access(void __user *to, const void __user *from, u32 size)
559 ++static __always_inline void prevent_user_access(void __user *to, const void __user *from,
560 ++ u32 size, unsigned long dir)
561 + {
562 + u32 addr = (__force u32)to;
563 + u32 end = min(addr + size, TASK_SIZE);
564 +
565 ++ BUILD_BUG_ON(!__builtin_constant_p(dir));
566 ++ if (!(dir & KUAP_WRITE))
567 ++ return;
568 ++
569 + if (!addr || addr >= TASK_SIZE || !size)
570 + return;
571 +
572 +@@ -131,12 +138,17 @@ static inline void prevent_user_access(void __user *to, const void __user *from,
573 + kuap_update_sr(mfsrin(addr) | SR_KS, addr, end); /* set Ks */
574 + }
575 +
576 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write)
577 ++static inline bool
578 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
579 + {
580 ++ unsigned long begin = regs->kuap & 0xf0000000;
581 ++ unsigned long end = regs->kuap << 28;
582 ++
583 + if (!is_write)
584 + return false;
585 +
586 +- return WARN(!regs->kuap, "Bug: write fault blocked by segment registers !");
587 ++ return WARN(address < begin || address >= end,
588 ++ "Bug: write fault blocked by segment registers !");
589 + }
590 +
591 + #endif /* CONFIG_PPC_KUAP */
592 +diff --git a/arch/powerpc/include/asm/book3s/32/pgalloc.h b/arch/powerpc/include/asm/book3s/32/pgalloc.h
593 +index 998317702630..dc5c039eb28e 100644
594 +--- a/arch/powerpc/include/asm/book3s/32/pgalloc.h
595 ++++ b/arch/powerpc/include/asm/book3s/32/pgalloc.h
596 +@@ -49,7 +49,6 @@ static inline void pgtable_free(void *table, unsigned index_size)
597 +
598 + #define get_hugepd_cache_index(x) (x)
599 +
600 +-#ifdef CONFIG_SMP
601 + static inline void pgtable_free_tlb(struct mmu_gather *tlb,
602 + void *table, int shift)
603 + {
604 +@@ -66,13 +65,6 @@ static inline void __tlb_remove_table(void *_table)
605 +
606 + pgtable_free(table, shift);
607 + }
608 +-#else
609 +-static inline void pgtable_free_tlb(struct mmu_gather *tlb,
610 +- void *table, int shift)
611 +-{
612 +- pgtable_free(table, shift);
613 +-}
614 +-#endif
615 +
616 + static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t table,
617 + unsigned long address)
618 +diff --git a/arch/powerpc/include/asm/book3s/64/kup-radix.h b/arch/powerpc/include/asm/book3s/64/kup-radix.h
619 +index f254de956d6a..c8d1076e0ebb 100644
620 +--- a/arch/powerpc/include/asm/book3s/64/kup-radix.h
621 ++++ b/arch/powerpc/include/asm/book3s/64/kup-radix.h
622 +@@ -77,25 +77,27 @@ static inline void set_kuap(unsigned long value)
623 + isync();
624 + }
625 +
626 +-static inline void allow_user_access(void __user *to, const void __user *from,
627 +- unsigned long size)
628 ++static __always_inline void allow_user_access(void __user *to, const void __user *from,
629 ++ unsigned long size, unsigned long dir)
630 + {
631 + // This is written so we can resolve to a single case at build time
632 +- if (__builtin_constant_p(to) && to == NULL)
633 ++ BUILD_BUG_ON(!__builtin_constant_p(dir));
634 ++ if (dir == KUAP_READ)
635 + set_kuap(AMR_KUAP_BLOCK_WRITE);
636 +- else if (__builtin_constant_p(from) && from == NULL)
637 ++ else if (dir == KUAP_WRITE)
638 + set_kuap(AMR_KUAP_BLOCK_READ);
639 + else
640 + set_kuap(0);
641 + }
642 +
643 + static inline void prevent_user_access(void __user *to, const void __user *from,
644 +- unsigned long size)
645 ++ unsigned long size, unsigned long dir)
646 + {
647 + set_kuap(AMR_KUAP_BLOCKED);
648 + }
649 +
650 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write)
651 ++static inline bool
652 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
653 + {
654 + return WARN(mmu_has_feature(MMU_FTR_RADIX_KUAP) &&
655 + (regs->kuap & (is_write ? AMR_KUAP_BLOCK_WRITE : AMR_KUAP_BLOCK_READ)),
656 +diff --git a/arch/powerpc/include/asm/book3s/64/pgalloc.h b/arch/powerpc/include/asm/book3s/64/pgalloc.h
657 +index d5a44912902f..cae9e814593a 100644
658 +--- a/arch/powerpc/include/asm/book3s/64/pgalloc.h
659 ++++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h
660 +@@ -19,9 +19,7 @@ extern struct vmemmap_backing *vmemmap_list;
661 + extern pmd_t *pmd_fragment_alloc(struct mm_struct *, unsigned long);
662 + extern void pmd_fragment_free(unsigned long *);
663 + extern void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int shift);
664 +-#ifdef CONFIG_SMP
665 + extern void __tlb_remove_table(void *_table);
666 +-#endif
667 + void pte_frag_destroy(void *pte_frag);
668 +
669 + static inline pgd_t *radix__pgd_alloc(struct mm_struct *mm)
670 +diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h
671 +index eea28ca679db..bc7d9d06a6d9 100644
672 +--- a/arch/powerpc/include/asm/futex.h
673 ++++ b/arch/powerpc/include/asm/futex.h
674 +@@ -35,7 +35,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval,
675 + {
676 + int oldval = 0, ret;
677 +
678 +- allow_write_to_user(uaddr, sizeof(*uaddr));
679 ++ allow_read_write_user(uaddr, uaddr, sizeof(*uaddr));
680 + pagefault_disable();
681 +
682 + switch (op) {
683 +@@ -62,7 +62,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval,
684 +
685 + *oval = oldval;
686 +
687 +- prevent_write_to_user(uaddr, sizeof(*uaddr));
688 ++ prevent_read_write_user(uaddr, uaddr, sizeof(*uaddr));
689 + return ret;
690 + }
691 +
692 +@@ -76,7 +76,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
693 + if (!access_ok(uaddr, sizeof(u32)))
694 + return -EFAULT;
695 +
696 +- allow_write_to_user(uaddr, sizeof(*uaddr));
697 ++ allow_read_write_user(uaddr, uaddr, sizeof(*uaddr));
698 ++
699 + __asm__ __volatile__ (
700 + PPC_ATOMIC_ENTRY_BARRIER
701 + "1: lwarx %1,0,%3 # futex_atomic_cmpxchg_inatomic\n\
702 +@@ -97,7 +98,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
703 + : "cc", "memory");
704 +
705 + *uval = prev;
706 +- prevent_write_to_user(uaddr, sizeof(*uaddr));
707 ++ prevent_read_write_user(uaddr, uaddr, sizeof(*uaddr));
708 ++
709 + return ret;
710 + }
711 +
712 +diff --git a/arch/powerpc/include/asm/kup.h b/arch/powerpc/include/asm/kup.h
713 +index 5b5e39643a27..94f24928916a 100644
714 +--- a/arch/powerpc/include/asm/kup.h
715 ++++ b/arch/powerpc/include/asm/kup.h
716 +@@ -2,6 +2,10 @@
717 + #ifndef _ASM_POWERPC_KUP_H_
718 + #define _ASM_POWERPC_KUP_H_
719 +
720 ++#define KUAP_READ 1
721 ++#define KUAP_WRITE 2
722 ++#define KUAP_READ_WRITE (KUAP_READ | KUAP_WRITE)
723 ++
724 + #ifdef CONFIG_PPC64
725 + #include <asm/book3s/64/kup-radix.h>
726 + #endif
727 +@@ -42,32 +46,48 @@ void setup_kuap(bool disabled);
728 + #else
729 + static inline void setup_kuap(bool disabled) { }
730 + static inline void allow_user_access(void __user *to, const void __user *from,
731 +- unsigned long size) { }
732 ++ unsigned long size, unsigned long dir) { }
733 + static inline void prevent_user_access(void __user *to, const void __user *from,
734 +- unsigned long size) { }
735 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write) { return false; }
736 ++ unsigned long size, unsigned long dir) { }
737 ++static inline bool
738 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
739 ++{
740 ++ return false;
741 ++}
742 + #endif /* CONFIG_PPC_KUAP */
743 +
744 + static inline void allow_read_from_user(const void __user *from, unsigned long size)
745 + {
746 +- allow_user_access(NULL, from, size);
747 ++ allow_user_access(NULL, from, size, KUAP_READ);
748 + }
749 +
750 + static inline void allow_write_to_user(void __user *to, unsigned long size)
751 + {
752 +- allow_user_access(to, NULL, size);
753 ++ allow_user_access(to, NULL, size, KUAP_WRITE);
754 ++}
755 ++
756 ++static inline void allow_read_write_user(void __user *to, const void __user *from,
757 ++ unsigned long size)
758 ++{
759 ++ allow_user_access(to, from, size, KUAP_READ_WRITE);
760 + }
761 +
762 + static inline void prevent_read_from_user(const void __user *from, unsigned long size)
763 + {
764 +- prevent_user_access(NULL, from, size);
765 ++ prevent_user_access(NULL, from, size, KUAP_READ);
766 + }
767 +
768 + static inline void prevent_write_to_user(void __user *to, unsigned long size)
769 + {
770 +- prevent_user_access(to, NULL, size);
771 ++ prevent_user_access(to, NULL, size, KUAP_WRITE);
772 ++}
773 ++
774 ++static inline void prevent_read_write_user(void __user *to, const void __user *from,
775 ++ unsigned long size)
776 ++{
777 ++ prevent_user_access(to, from, size, KUAP_READ_WRITE);
778 + }
779 +
780 + #endif /* !__ASSEMBLY__ */
781 +
782 +-#endif /* _ASM_POWERPC_KUP_H_ */
783 ++#endif /* _ASM_POWERPC_KUAP_H_ */
784 +diff --git a/arch/powerpc/include/asm/nohash/32/kup-8xx.h b/arch/powerpc/include/asm/nohash/32/kup-8xx.h
785 +index 1c3133b5f86a..6fe97465e350 100644
786 +--- a/arch/powerpc/include/asm/nohash/32/kup-8xx.h
787 ++++ b/arch/powerpc/include/asm/nohash/32/kup-8xx.h
788 +@@ -34,18 +34,19 @@
789 + #include <asm/reg.h>
790 +
791 + static inline void allow_user_access(void __user *to, const void __user *from,
792 +- unsigned long size)
793 ++ unsigned long size, unsigned long dir)
794 + {
795 + mtspr(SPRN_MD_AP, MD_APG_INIT);
796 + }
797 +
798 + static inline void prevent_user_access(void __user *to, const void __user *from,
799 +- unsigned long size)
800 ++ unsigned long size, unsigned long dir)
801 + {
802 + mtspr(SPRN_MD_AP, MD_APG_KUAP);
803 + }
804 +
805 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write)
806 ++static inline bool
807 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
808 + {
809 + return WARN(!((regs->kuap ^ MD_APG_KUAP) & 0xf0000000),
810 + "Bug: fault blocked by AP register !");
811 +diff --git a/arch/powerpc/include/asm/nohash/pgalloc.h b/arch/powerpc/include/asm/nohash/pgalloc.h
812 +index 332b13b4ecdb..29c43665a753 100644
813 +--- a/arch/powerpc/include/asm/nohash/pgalloc.h
814 ++++ b/arch/powerpc/include/asm/nohash/pgalloc.h
815 +@@ -46,7 +46,6 @@ static inline void pgtable_free(void *table, int shift)
816 +
817 + #define get_hugepd_cache_index(x) (x)
818 +
819 +-#ifdef CONFIG_SMP
820 + static inline void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int shift)
821 + {
822 + unsigned long pgf = (unsigned long)table;
823 +@@ -64,13 +63,6 @@ static inline void __tlb_remove_table(void *_table)
824 + pgtable_free(table, shift);
825 + }
826 +
827 +-#else
828 +-static inline void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int shift)
829 +-{
830 +- pgtable_free(table, shift);
831 +-}
832 +-#endif
833 +-
834 + static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t table,
835 + unsigned long address)
836 + {
837 +diff --git a/arch/powerpc/include/asm/tlb.h b/arch/powerpc/include/asm/tlb.h
838 +index b2c0be93929d..7f3a8b902325 100644
839 +--- a/arch/powerpc/include/asm/tlb.h
840 ++++ b/arch/powerpc/include/asm/tlb.h
841 +@@ -26,6 +26,17 @@
842 +
843 + #define tlb_flush tlb_flush
844 + extern void tlb_flush(struct mmu_gather *tlb);
845 ++/*
846 ++ * book3s:
847 ++ * Hash does not use the linux page-tables, so we can avoid
848 ++ * the TLB invalidate for page-table freeing, Radix otoh does use the
849 ++ * page-tables and needs the TLBI.
850 ++ *
851 ++ * nohash:
852 ++ * We still do TLB invalidate in the __pte_free_tlb routine before we
853 ++ * add the page table pages to mmu gather table batch.
854 ++ */
855 ++#define tlb_needs_table_invalidate() radix_enabled()
856 +
857 + /* Get the generic bits... */
858 + #include <asm-generic/tlb.h>
859 +diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
860 +index c92fe7fe9692..cafad1960e76 100644
861 +--- a/arch/powerpc/include/asm/uaccess.h
862 ++++ b/arch/powerpc/include/asm/uaccess.h
863 +@@ -313,9 +313,9 @@ raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
864 + unsigned long ret;
865 +
866 + barrier_nospec();
867 +- allow_user_access(to, from, n);
868 ++ allow_read_write_user(to, from, n);
869 + ret = __copy_tofrom_user(to, from, n);
870 +- prevent_user_access(to, from, n);
871 ++ prevent_read_write_user(to, from, n);
872 + return ret;
873 + }
874 + #endif /* __powerpc64__ */
875 +diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
876 +index d60908ea37fb..59bb4f4ae316 100644
877 +--- a/arch/powerpc/kernel/entry_32.S
878 ++++ b/arch/powerpc/kernel/entry_32.S
879 +@@ -179,7 +179,7 @@ transfer_to_handler:
880 + 2: /* if from kernel, check interrupted DOZE/NAP mode and
881 + * check for stack overflow
882 + */
883 +- kuap_save_and_lock r11, r12, r9, r2, r0
884 ++ kuap_save_and_lock r11, r12, r9, r2, r6
885 + addi r2, r12, -THREAD
886 + lwz r9,KSP_LIMIT(r12)
887 + cmplw r1,r9 /* if r1 <= ksp_limit */
888 +@@ -284,6 +284,7 @@ reenable_mmu:
889 + rlwinm r9,r9,0,~MSR_EE
890 + lwz r12,_LINK(r11) /* and return to address in LR */
891 + kuap_restore r11, r2, r3, r4, r5
892 ++ lwz r2, GPR2(r11)
893 + b fast_exception_return
894 + #endif
895 +
896 +diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
897 +index 709cf1fd4cf4..36abbe3c346d 100644
898 +--- a/arch/powerpc/kvm/book3s_hv.c
899 ++++ b/arch/powerpc/kvm/book3s_hv.c
900 +@@ -2354,7 +2354,7 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
901 + mutex_unlock(&kvm->lock);
902 +
903 + if (!vcore)
904 +- goto free_vcpu;
905 ++ goto uninit_vcpu;
906 +
907 + spin_lock(&vcore->lock);
908 + ++vcore->num_threads;
909 +@@ -2371,6 +2371,8 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
910 +
911 + return vcpu;
912 +
913 ++uninit_vcpu:
914 ++ kvm_vcpu_uninit(vcpu);
915 + free_vcpu:
916 + kmem_cache_free(kvm_vcpu_cache, vcpu);
917 + out:
918 +diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
919 +index cc65af8fe6f7..3f6ad3f58628 100644
920 +--- a/arch/powerpc/kvm/book3s_pr.c
921 ++++ b/arch/powerpc/kvm/book3s_pr.c
922 +@@ -1769,10 +1769,12 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_pr(struct kvm *kvm,
923 +
924 + err = kvmppc_mmu_init(vcpu);
925 + if (err < 0)
926 +- goto uninit_vcpu;
927 ++ goto free_shared_page;
928 +
929 + return vcpu;
930 +
931 ++free_shared_page:
932 ++ free_page((unsigned long)vcpu->arch.shared);
933 + uninit_vcpu:
934 + kvm_vcpu_uninit(vcpu);
935 + free_shadow_vcpu:
936 +diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c
937 +index 5a3373e06e60..235d57d6c205 100644
938 +--- a/arch/powerpc/kvm/book3s_xive_native.c
939 ++++ b/arch/powerpc/kvm/book3s_xive_native.c
940 +@@ -638,7 +638,7 @@ static int kvmppc_xive_native_set_queue_config(struct kvmppc_xive *xive,
941 + srcu_idx = srcu_read_lock(&kvm->srcu);
942 + gfn = gpa_to_gfn(kvm_eq.qaddr);
943 +
944 +- page_size = kvm_host_page_size(kvm, gfn);
945 ++ page_size = kvm_host_page_size(vcpu, gfn);
946 + if (1ull << kvm_eq.qshift > page_size) {
947 + srcu_read_unlock(&kvm->srcu, srcu_idx);
948 + pr_warn("Incompatible host page size %lx!\n", page_size);
949 +diff --git a/arch/powerpc/mm/book3s64/pgtable.c b/arch/powerpc/mm/book3s64/pgtable.c
950 +index 75483b40fcb1..2bf7e1b4fd82 100644
951 +--- a/arch/powerpc/mm/book3s64/pgtable.c
952 ++++ b/arch/powerpc/mm/book3s64/pgtable.c
953 +@@ -378,7 +378,6 @@ static inline void pgtable_free(void *table, int index)
954 + }
955 + }
956 +
957 +-#ifdef CONFIG_SMP
958 + void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int index)
959 + {
960 + unsigned long pgf = (unsigned long)table;
961 +@@ -395,12 +394,6 @@ void __tlb_remove_table(void *_table)
962 +
963 + return pgtable_free(table, index);
964 + }
965 +-#else
966 +-void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int index)
967 +-{
968 +- return pgtable_free(table, index);
969 +-}
970 +-#endif
971 +
972 + #ifdef CONFIG_PROC_FS
973 + atomic_long_t direct_pages_count[MMU_PAGE_COUNT];
974 +diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
975 +index 8432c281de92..9298905cfe74 100644
976 +--- a/arch/powerpc/mm/fault.c
977 ++++ b/arch/powerpc/mm/fault.c
978 +@@ -233,7 +233,7 @@ static bool bad_kernel_fault(struct pt_regs *regs, unsigned long error_code,
979 +
980 + // Read/write fault in a valid region (the exception table search passed
981 + // above), but blocked by KUAP is bad, it can never succeed.
982 +- if (bad_kuap_fault(regs, is_write))
983 ++ if (bad_kuap_fault(regs, address, is_write))
984 + return true;
985 +
986 + // What's left? Kernel fault on user in well defined regions (extable
987 +diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c
988 +index 2f9ddc29c535..c73205172447 100644
989 +--- a/arch/powerpc/mm/ptdump/ptdump.c
990 ++++ b/arch/powerpc/mm/ptdump/ptdump.c
991 +@@ -173,10 +173,12 @@ static void dump_addr(struct pg_state *st, unsigned long addr)
992 +
993 + static void note_prot_wx(struct pg_state *st, unsigned long addr)
994 + {
995 ++ pte_t pte = __pte(st->current_flags);
996 ++
997 + if (!IS_ENABLED(CONFIG_PPC_DEBUG_WX) || !st->check_wx)
998 + return;
999 +
1000 +- if (!((st->current_flags & pgprot_val(PAGE_KERNEL_X)) == pgprot_val(PAGE_KERNEL_X)))
1001 ++ if (!pte_write(pte) || !pte_exec(pte))
1002 + return;
1003 +
1004 + WARN_ONCE(1, "powerpc/mm: Found insecure W+X mapping at address %p/%pS\n",
1005 +diff --git a/arch/powerpc/platforms/pseries/hotplug-memory.c b/arch/powerpc/platforms/pseries/hotplug-memory.c
1006 +index 8e700390f3d6..4c3af2e9eb8e 100644
1007 +--- a/arch/powerpc/platforms/pseries/hotplug-memory.c
1008 ++++ b/arch/powerpc/platforms/pseries/hotplug-memory.c
1009 +@@ -360,8 +360,10 @@ static bool lmb_is_removable(struct drmem_lmb *lmb)
1010 +
1011 + for (i = 0; i < scns_per_block; i++) {
1012 + pfn = PFN_DOWN(phys_addr);
1013 +- if (!pfn_present(pfn))
1014 ++ if (!pfn_present(pfn)) {
1015 ++ phys_addr += MIN_MEMORY_BLOCK_SIZE;
1016 + continue;
1017 ++ }
1018 +
1019 + rc &= is_mem_section_removable(pfn, PAGES_PER_SECTION);
1020 + phys_addr += MIN_MEMORY_BLOCK_SIZE;
1021 +diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c
1022 +index d83364ebc5c5..8057aafd5f5e 100644
1023 +--- a/arch/powerpc/xmon/xmon.c
1024 ++++ b/arch/powerpc/xmon/xmon.c
1025 +@@ -1894,15 +1894,14 @@ static void dump_300_sprs(void)
1026 +
1027 + printf("pidr = %.16lx tidr = %.16lx\n",
1028 + mfspr(SPRN_PID), mfspr(SPRN_TIDR));
1029 +- printf("asdr = %.16lx psscr = %.16lx\n",
1030 +- mfspr(SPRN_ASDR), hv ? mfspr(SPRN_PSSCR)
1031 +- : mfspr(SPRN_PSSCR_PR));
1032 ++ printf("psscr = %.16lx\n",
1033 ++ hv ? mfspr(SPRN_PSSCR) : mfspr(SPRN_PSSCR_PR));
1034 +
1035 + if (!hv)
1036 + return;
1037 +
1038 +- printf("ptcr = %.16lx\n",
1039 +- mfspr(SPRN_PTCR));
1040 ++ printf("ptcr = %.16lx asdr = %.16lx\n",
1041 ++ mfspr(SPRN_PTCR), mfspr(SPRN_ASDR));
1042 + #endif
1043 + }
1044 +
1045 +diff --git a/arch/riscv/net/bpf_jit_comp.c b/arch/riscv/net/bpf_jit_comp.c
1046 +index 7fbf56aab661..e2279fed8f56 100644
1047 +--- a/arch/riscv/net/bpf_jit_comp.c
1048 ++++ b/arch/riscv/net/bpf_jit_comp.c
1049 +@@ -120,6 +120,11 @@ static bool seen_reg(int reg, struct rv_jit_context *ctx)
1050 + return false;
1051 + }
1052 +
1053 ++static void mark_fp(struct rv_jit_context *ctx)
1054 ++{
1055 ++ __set_bit(RV_CTX_F_SEEN_S5, &ctx->flags);
1056 ++}
1057 ++
1058 + static void mark_call(struct rv_jit_context *ctx)
1059 + {
1060 + __set_bit(RV_CTX_F_SEEN_CALL, &ctx->flags);
1061 +@@ -596,7 +601,8 @@ static void __build_epilogue(u8 reg, struct rv_jit_context *ctx)
1062 +
1063 + emit(rv_addi(RV_REG_SP, RV_REG_SP, stack_adjust), ctx);
1064 + /* Set return value. */
1065 +- emit(rv_addi(RV_REG_A0, RV_REG_A5, 0), ctx);
1066 ++ if (reg == RV_REG_RA)
1067 ++ emit(rv_addi(RV_REG_A0, RV_REG_A5, 0), ctx);
1068 + emit(rv_jalr(RV_REG_ZERO, reg, 0), ctx);
1069 + }
1070 +
1071 +@@ -1426,6 +1432,10 @@ static void build_prologue(struct rv_jit_context *ctx)
1072 + {
1073 + int stack_adjust = 0, store_offset, bpf_stack_adjust;
1074 +
1075 ++ bpf_stack_adjust = round_up(ctx->prog->aux->stack_depth, 16);
1076 ++ if (bpf_stack_adjust)
1077 ++ mark_fp(ctx);
1078 ++
1079 + if (seen_reg(RV_REG_RA, ctx))
1080 + stack_adjust += 8;
1081 + stack_adjust += 8; /* RV_REG_FP */
1082 +@@ -1443,7 +1453,6 @@ static void build_prologue(struct rv_jit_context *ctx)
1083 + stack_adjust += 8;
1084 +
1085 + stack_adjust = round_up(stack_adjust, 16);
1086 +- bpf_stack_adjust = round_up(ctx->prog->aux->stack_depth, 16);
1087 + stack_adjust += bpf_stack_adjust;
1088 +
1089 + store_offset = stack_adjust - 8;
1090 +diff --git a/arch/s390/include/asm/page.h b/arch/s390/include/asm/page.h
1091 +index 823578c6b9e2..3f5cb55cde35 100644
1092 +--- a/arch/s390/include/asm/page.h
1093 ++++ b/arch/s390/include/asm/page.h
1094 +@@ -33,6 +33,8 @@
1095 + #define ARCH_HAS_PREPARE_HUGEPAGE
1096 + #define ARCH_HAS_HUGEPAGE_CLEAR_FLUSH
1097 +
1098 ++#define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
1099 ++
1100 + #include <asm/setup.h>
1101 + #ifndef __ASSEMBLY__
1102 +
1103 +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
1104 +index d047e846e1b9..756c627f7e54 100644
1105 +--- a/arch/s390/kvm/kvm-s390.c
1106 ++++ b/arch/s390/kvm/kvm-s390.c
1107 +@@ -2863,9 +2863,7 @@ static void kvm_s390_vcpu_initial_reset(struct kvm_vcpu *vcpu)
1108 + vcpu->arch.sie_block->gcr[14] = CR14_UNUSED_32 |
1109 + CR14_UNUSED_33 |
1110 + CR14_EXTERNAL_DAMAGE_SUBMASK;
1111 +- /* make sure the new fpc will be lazily loaded */
1112 +- save_fpu_regs();
1113 +- current->thread.fpu.fpc = 0;
1114 ++ vcpu->run->s.regs.fpc = 0;
1115 + vcpu->arch.sie_block->gbea = 1;
1116 + vcpu->arch.sie_block->pp = 0;
1117 + vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
1118 +@@ -4354,7 +4352,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
1119 + switch (ioctl) {
1120 + case KVM_S390_STORE_STATUS:
1121 + idx = srcu_read_lock(&vcpu->kvm->srcu);
1122 +- r = kvm_s390_vcpu_store_status(vcpu, arg);
1123 ++ r = kvm_s390_store_status_unloaded(vcpu, arg);
1124 + srcu_read_unlock(&vcpu->kvm->srcu, idx);
1125 + break;
1126 + case KVM_S390_SET_INITIAL_PSW: {
1127 +diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c
1128 +index b0246c705a19..5674710a4841 100644
1129 +--- a/arch/s390/mm/hugetlbpage.c
1130 ++++ b/arch/s390/mm/hugetlbpage.c
1131 +@@ -2,7 +2,7 @@
1132 + /*
1133 + * IBM System z Huge TLB Page Support for Kernel.
1134 + *
1135 +- * Copyright IBM Corp. 2007,2016
1136 ++ * Copyright IBM Corp. 2007,2020
1137 + * Author(s): Gerald Schaefer <gerald.schaefer@××××××.com>
1138 + */
1139 +
1140 +@@ -11,6 +11,9 @@
1141 +
1142 + #include <linux/mm.h>
1143 + #include <linux/hugetlb.h>
1144 ++#include <linux/mman.h>
1145 ++#include <linux/sched/mm.h>
1146 ++#include <linux/security.h>
1147 +
1148 + /*
1149 + * If the bit selected by single-bit bitmask "a" is set within "x", move
1150 +@@ -267,3 +270,98 @@ static __init int setup_hugepagesz(char *opt)
1151 + return 1;
1152 + }
1153 + __setup("hugepagesz=", setup_hugepagesz);
1154 ++
1155 ++static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
1156 ++ unsigned long addr, unsigned long len,
1157 ++ unsigned long pgoff, unsigned long flags)
1158 ++{
1159 ++ struct hstate *h = hstate_file(file);
1160 ++ struct vm_unmapped_area_info info;
1161 ++
1162 ++ info.flags = 0;
1163 ++ info.length = len;
1164 ++ info.low_limit = current->mm->mmap_base;
1165 ++ info.high_limit = TASK_SIZE;
1166 ++ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
1167 ++ info.align_offset = 0;
1168 ++ return vm_unmapped_area(&info);
1169 ++}
1170 ++
1171 ++static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
1172 ++ unsigned long addr0, unsigned long len,
1173 ++ unsigned long pgoff, unsigned long flags)
1174 ++{
1175 ++ struct hstate *h = hstate_file(file);
1176 ++ struct vm_unmapped_area_info info;
1177 ++ unsigned long addr;
1178 ++
1179 ++ info.flags = VM_UNMAPPED_AREA_TOPDOWN;
1180 ++ info.length = len;
1181 ++ info.low_limit = max(PAGE_SIZE, mmap_min_addr);
1182 ++ info.high_limit = current->mm->mmap_base;
1183 ++ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
1184 ++ info.align_offset = 0;
1185 ++ addr = vm_unmapped_area(&info);
1186 ++
1187 ++ /*
1188 ++ * A failed mmap() very likely causes application failure,
1189 ++ * so fall back to the bottom-up function here. This scenario
1190 ++ * can happen with large stack limits and large mmap()
1191 ++ * allocations.
1192 ++ */
1193 ++ if (addr & ~PAGE_MASK) {
1194 ++ VM_BUG_ON(addr != -ENOMEM);
1195 ++ info.flags = 0;
1196 ++ info.low_limit = TASK_UNMAPPED_BASE;
1197 ++ info.high_limit = TASK_SIZE;
1198 ++ addr = vm_unmapped_area(&info);
1199 ++ }
1200 ++
1201 ++ return addr;
1202 ++}
1203 ++
1204 ++unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
1205 ++ unsigned long len, unsigned long pgoff, unsigned long flags)
1206 ++{
1207 ++ struct hstate *h = hstate_file(file);
1208 ++ struct mm_struct *mm = current->mm;
1209 ++ struct vm_area_struct *vma;
1210 ++ int rc;
1211 ++
1212 ++ if (len & ~huge_page_mask(h))
1213 ++ return -EINVAL;
1214 ++ if (len > TASK_SIZE - mmap_min_addr)
1215 ++ return -ENOMEM;
1216 ++
1217 ++ if (flags & MAP_FIXED) {
1218 ++ if (prepare_hugepage_range(file, addr, len))
1219 ++ return -EINVAL;
1220 ++ goto check_asce_limit;
1221 ++ }
1222 ++
1223 ++ if (addr) {
1224 ++ addr = ALIGN(addr, huge_page_size(h));
1225 ++ vma = find_vma(mm, addr);
1226 ++ if (TASK_SIZE - len >= addr && addr >= mmap_min_addr &&
1227 ++ (!vma || addr + len <= vm_start_gap(vma)))
1228 ++ goto check_asce_limit;
1229 ++ }
1230 ++
1231 ++ if (mm->get_unmapped_area == arch_get_unmapped_area)
1232 ++ addr = hugetlb_get_unmapped_area_bottomup(file, addr, len,
1233 ++ pgoff, flags);
1234 ++ else
1235 ++ addr = hugetlb_get_unmapped_area_topdown(file, addr, len,
1236 ++ pgoff, flags);
1237 ++ if (addr & ~PAGE_MASK)
1238 ++ return addr;
1239 ++
1240 ++check_asce_limit:
1241 ++ if (addr + len > current->mm->context.asce_limit &&
1242 ++ addr + len <= TASK_SIZE) {
1243 ++ rc = crst_table_upgrade(mm, addr + len);
1244 ++ if (rc)
1245 ++ return (unsigned long) rc;
1246 ++ }
1247 ++ return addr;
1248 ++}
1249 +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
1250 +index eb24cb1afc11..18e9fb6fcf1b 100644
1251 +--- a/arch/sparc/Kconfig
1252 ++++ b/arch/sparc/Kconfig
1253 +@@ -65,7 +65,6 @@ config SPARC64
1254 + select HAVE_KRETPROBES
1255 + select HAVE_KPROBES
1256 + select HAVE_RCU_TABLE_FREE if SMP
1257 +- select HAVE_RCU_TABLE_NO_INVALIDATE if HAVE_RCU_TABLE_FREE
1258 + select HAVE_MEMBLOCK_NODE_MAP
1259 + select HAVE_ARCH_TRANSPARENT_HUGEPAGE
1260 + select HAVE_DYNAMIC_FTRACE
1261 +diff --git a/arch/sparc/include/asm/tlb_64.h b/arch/sparc/include/asm/tlb_64.h
1262 +index a2f3fa61ee36..8cb8f3833239 100644
1263 +--- a/arch/sparc/include/asm/tlb_64.h
1264 ++++ b/arch/sparc/include/asm/tlb_64.h
1265 +@@ -28,6 +28,15 @@ void flush_tlb_pending(void);
1266 + #define __tlb_remove_tlb_entry(tlb, ptep, address) do { } while (0)
1267 + #define tlb_flush(tlb) flush_tlb_pending()
1268 +
1269 ++/*
1270 ++ * SPARC64's hardware TLB fill does not use the Linux page-tables
1271 ++ * and therefore we don't need a TLBI when freeing page-table pages.
1272 ++ */
1273 ++
1274 ++#ifdef CONFIG_HAVE_RCU_TABLE_FREE
1275 ++#define tlb_needs_table_invalidate() (false)
1276 ++#endif
1277 ++
1278 + #include <asm-generic/tlb.h>
1279 +
1280 + #endif /* _SPARC64_TLB_H */
1281 +diff --git a/arch/sparc/include/uapi/asm/ipcbuf.h b/arch/sparc/include/uapi/asm/ipcbuf.h
1282 +index 9d0d125500e2..084b8949ddff 100644
1283 +--- a/arch/sparc/include/uapi/asm/ipcbuf.h
1284 ++++ b/arch/sparc/include/uapi/asm/ipcbuf.h
1285 +@@ -15,19 +15,19 @@
1286 +
1287 + struct ipc64_perm
1288 + {
1289 +- __kernel_key_t key;
1290 +- __kernel_uid_t uid;
1291 +- __kernel_gid_t gid;
1292 +- __kernel_uid_t cuid;
1293 +- __kernel_gid_t cgid;
1294 ++ __kernel_key_t key;
1295 ++ __kernel_uid32_t uid;
1296 ++ __kernel_gid32_t gid;
1297 ++ __kernel_uid32_t cuid;
1298 ++ __kernel_gid32_t cgid;
1299 + #ifndef __arch64__
1300 +- unsigned short __pad0;
1301 ++ unsigned short __pad0;
1302 + #endif
1303 +- __kernel_mode_t mode;
1304 +- unsigned short __pad1;
1305 +- unsigned short seq;
1306 +- unsigned long long __unused1;
1307 +- unsigned long long __unused2;
1308 ++ __kernel_mode_t mode;
1309 ++ unsigned short __pad1;
1310 ++ unsigned short seq;
1311 ++ unsigned long long __unused1;
1312 ++ unsigned long long __unused2;
1313 + };
1314 +
1315 + #endif /* __SPARC_IPCBUF_H */
1316 +diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
1317 +index 2ebc17d9c72c..19e94af9cc5d 100644
1318 +--- a/arch/x86/include/asm/apic.h
1319 ++++ b/arch/x86/include/asm/apic.h
1320 +@@ -140,6 +140,7 @@ extern void apic_soft_disable(void);
1321 + extern void lapic_shutdown(void);
1322 + extern void sync_Arb_IDs(void);
1323 + extern void init_bsp_APIC(void);
1324 ++extern void apic_intr_mode_select(void);
1325 + extern void apic_intr_mode_init(void);
1326 + extern void init_apic_mappings(void);
1327 + void register_lapic_address(unsigned long address);
1328 +@@ -188,6 +189,7 @@ static inline void disable_local_APIC(void) { }
1329 + # define setup_secondary_APIC_clock x86_init_noop
1330 + static inline void lapic_update_tsc_freq(void) { }
1331 + static inline void init_bsp_APIC(void) { }
1332 ++static inline void apic_intr_mode_select(void) { }
1333 + static inline void apic_intr_mode_init(void) { }
1334 + static inline void lapic_assign_system_vectors(void) { }
1335 + static inline void lapic_assign_legacy_vector(unsigned int i, bool r) { }
1336 +@@ -452,6 +454,14 @@ static inline void ack_APIC_irq(void)
1337 + apic_eoi();
1338 + }
1339 +
1340 ++
1341 ++static inline bool lapic_vector_set_in_irr(unsigned int vector)
1342 ++{
1343 ++ u32 irr = apic_read(APIC_IRR + (vector / 32 * 0x10));
1344 ++
1345 ++ return !!(irr & (1U << (vector % 32)));
1346 ++}
1347 ++
1348 + static inline unsigned default_get_apic_id(unsigned long x)
1349 + {
1350 + unsigned int ver = GET_APIC_VERSION(apic_read(APIC_LVR));
1351 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
1352 +index 4fc61483919a..c1ed054c103c 100644
1353 +--- a/arch/x86/include/asm/kvm_host.h
1354 ++++ b/arch/x86/include/asm/kvm_host.h
1355 +@@ -380,12 +380,12 @@ struct kvm_mmu {
1356 + void (*set_cr3)(struct kvm_vcpu *vcpu, unsigned long root);
1357 + unsigned long (*get_cr3)(struct kvm_vcpu *vcpu);
1358 + u64 (*get_pdptr)(struct kvm_vcpu *vcpu, int index);
1359 +- int (*page_fault)(struct kvm_vcpu *vcpu, gva_t gva, u32 err,
1360 ++ int (*page_fault)(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 err,
1361 + bool prefault);
1362 + void (*inject_page_fault)(struct kvm_vcpu *vcpu,
1363 + struct x86_exception *fault);
1364 +- gpa_t (*gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t gva, u32 access,
1365 +- struct x86_exception *exception);
1366 ++ gpa_t (*gva_to_gpa)(struct kvm_vcpu *vcpu, gpa_t gva_or_gpa,
1367 ++ u32 access, struct x86_exception *exception);
1368 + gpa_t (*translate_gpa)(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access,
1369 + struct x86_exception *exception);
1370 + int (*sync_page)(struct kvm_vcpu *vcpu,
1371 +@@ -667,10 +667,10 @@ struct kvm_vcpu_arch {
1372 + bool pvclock_set_guest_stopped_request;
1373 +
1374 + struct {
1375 ++ u8 preempted;
1376 + u64 msr_val;
1377 + u64 last_steal;
1378 +- struct gfn_to_hva_cache stime;
1379 +- struct kvm_steal_time steal;
1380 ++ struct gfn_to_pfn_cache cache;
1381 + } st;
1382 +
1383 + u64 tsc_offset;
1384 +@@ -1128,6 +1128,7 @@ struct kvm_x86_ops {
1385 + bool (*xsaves_supported)(void);
1386 + bool (*umip_emulated)(void);
1387 + bool (*pt_supported)(void);
1388 ++ bool (*pku_supported)(void);
1389 +
1390 + int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr);
1391 + void (*request_immediate_exit)(struct kvm_vcpu *vcpu);
1392 +@@ -1450,7 +1451,7 @@ void kvm_vcpu_deactivate_apicv(struct kvm_vcpu *vcpu);
1393 +
1394 + int kvm_emulate_hypercall(struct kvm_vcpu *vcpu);
1395 +
1396 +-int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t gva, u64 error_code,
1397 ++int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 error_code,
1398 + void *insn, int insn_len);
1399 + void kvm_mmu_invlpg(struct kvm_vcpu *vcpu, gva_t gva);
1400 + void kvm_mmu_invpcid_gva(struct kvm_vcpu *vcpu, gva_t gva, unsigned long pcid);
1401 +diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
1402 +index 19435858df5f..96d9cd208610 100644
1403 +--- a/arch/x86/include/asm/x86_init.h
1404 ++++ b/arch/x86/include/asm/x86_init.h
1405 +@@ -51,12 +51,14 @@ struct x86_init_resources {
1406 + * are set up.
1407 + * @intr_init: interrupt init code
1408 + * @trap_init: platform specific trap setup
1409 ++ * @intr_mode_select: interrupt delivery mode selection
1410 + * @intr_mode_init: interrupt delivery mode setup
1411 + */
1412 + struct x86_init_irqs {
1413 + void (*pre_vector_init)(void);
1414 + void (*intr_init)(void);
1415 + void (*trap_init)(void);
1416 ++ void (*intr_mode_select)(void);
1417 + void (*intr_mode_init)(void);
1418 + };
1419 +
1420 +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
1421 +index 2b0faf86da1b..df891f874614 100644
1422 +--- a/arch/x86/kernel/apic/apic.c
1423 ++++ b/arch/x86/kernel/apic/apic.c
1424 +@@ -830,8 +830,17 @@ bool __init apic_needs_pit(void)
1425 + if (!tsc_khz || !cpu_khz)
1426 + return true;
1427 +
1428 +- /* Is there an APIC at all? */
1429 +- if (!boot_cpu_has(X86_FEATURE_APIC))
1430 ++ /* Is there an APIC at all or is it disabled? */
1431 ++ if (!boot_cpu_has(X86_FEATURE_APIC) || disable_apic)
1432 ++ return true;
1433 ++
1434 ++ /*
1435 ++ * If interrupt delivery mode is legacy PIC or virtual wire without
1436 ++ * configuration, the local APIC timer wont be set up. Make sure
1437 ++ * that the PIT is initialized.
1438 ++ */
1439 ++ if (apic_intr_mode == APIC_PIC ||
1440 ++ apic_intr_mode == APIC_VIRTUAL_WIRE_NO_CONFIG)
1441 + return true;
1442 +
1443 + /* Virt guests may lack ARAT, but still have DEADLINE */
1444 +@@ -1322,7 +1331,7 @@ void __init sync_Arb_IDs(void)
1445 +
1446 + enum apic_intr_mode_id apic_intr_mode __ro_after_init;
1447 +
1448 +-static int __init apic_intr_mode_select(void)
1449 ++static int __init __apic_intr_mode_select(void)
1450 + {
1451 + /* Check kernel option */
1452 + if (disable_apic) {
1453 +@@ -1384,6 +1393,12 @@ static int __init apic_intr_mode_select(void)
1454 + return APIC_SYMMETRIC_IO;
1455 + }
1456 +
1457 ++/* Select the interrupt delivery mode for the BSP */
1458 ++void __init apic_intr_mode_select(void)
1459 ++{
1460 ++ apic_intr_mode = __apic_intr_mode_select();
1461 ++}
1462 ++
1463 + /*
1464 + * An initial setup of the virtual wire mode.
1465 + */
1466 +@@ -1440,8 +1455,6 @@ void __init apic_intr_mode_init(void)
1467 + {
1468 + bool upmode = IS_ENABLED(CONFIG_UP_LATE_INIT);
1469 +
1470 +- apic_intr_mode = apic_intr_mode_select();
1471 +-
1472 + switch (apic_intr_mode) {
1473 + case APIC_PIC:
1474 + pr_info("APIC: Keep in PIC mode(8259)\n");
1475 +diff --git a/arch/x86/kernel/apic/msi.c b/arch/x86/kernel/apic/msi.c
1476 +index 7f7533462474..159bd0cb8548 100644
1477 +--- a/arch/x86/kernel/apic/msi.c
1478 ++++ b/arch/x86/kernel/apic/msi.c
1479 +@@ -23,10 +23,8 @@
1480 +
1481 + static struct irq_domain *msi_default_domain;
1482 +
1483 +-static void irq_msi_compose_msg(struct irq_data *data, struct msi_msg *msg)
1484 ++static void __irq_msi_compose_msg(struct irq_cfg *cfg, struct msi_msg *msg)
1485 + {
1486 +- struct irq_cfg *cfg = irqd_cfg(data);
1487 +-
1488 + msg->address_hi = MSI_ADDR_BASE_HI;
1489 +
1490 + if (x2apic_enabled())
1491 +@@ -47,6 +45,127 @@ static void irq_msi_compose_msg(struct irq_data *data, struct msi_msg *msg)
1492 + MSI_DATA_VECTOR(cfg->vector);
1493 + }
1494 +
1495 ++static void irq_msi_compose_msg(struct irq_data *data, struct msi_msg *msg)
1496 ++{
1497 ++ __irq_msi_compose_msg(irqd_cfg(data), msg);
1498 ++}
1499 ++
1500 ++static void irq_msi_update_msg(struct irq_data *irqd, struct irq_cfg *cfg)
1501 ++{
1502 ++ struct msi_msg msg[2] = { [1] = { }, };
1503 ++
1504 ++ __irq_msi_compose_msg(cfg, msg);
1505 ++ irq_data_get_irq_chip(irqd)->irq_write_msi_msg(irqd, msg);
1506 ++}
1507 ++
1508 ++static int
1509 ++msi_set_affinity(struct irq_data *irqd, const struct cpumask *mask, bool force)
1510 ++{
1511 ++ struct irq_cfg old_cfg, *cfg = irqd_cfg(irqd);
1512 ++ struct irq_data *parent = irqd->parent_data;
1513 ++ unsigned int cpu;
1514 ++ int ret;
1515 ++
1516 ++ /* Save the current configuration */
1517 ++ cpu = cpumask_first(irq_data_get_effective_affinity_mask(irqd));
1518 ++ old_cfg = *cfg;
1519 ++
1520 ++ /* Allocate a new target vector */
1521 ++ ret = parent->chip->irq_set_affinity(parent, mask, force);
1522 ++ if (ret < 0 || ret == IRQ_SET_MASK_OK_DONE)
1523 ++ return ret;
1524 ++
1525 ++ /*
1526 ++ * For non-maskable and non-remapped MSI interrupts the migration
1527 ++ * to a different destination CPU and a different vector has to be
1528 ++ * done careful to handle the possible stray interrupt which can be
1529 ++ * caused by the non-atomic update of the address/data pair.
1530 ++ *
1531 ++ * Direct update is possible when:
1532 ++ * - The MSI is maskable (remapped MSI does not use this code path)).
1533 ++ * The quirk bit is not set in this case.
1534 ++ * - The new vector is the same as the old vector
1535 ++ * - The old vector is MANAGED_IRQ_SHUTDOWN_VECTOR (interrupt starts up)
1536 ++ * - The new destination CPU is the same as the old destination CPU
1537 ++ */
1538 ++ if (!irqd_msi_nomask_quirk(irqd) ||
1539 ++ cfg->vector == old_cfg.vector ||
1540 ++ old_cfg.vector == MANAGED_IRQ_SHUTDOWN_VECTOR ||
1541 ++ cfg->dest_apicid == old_cfg.dest_apicid) {
1542 ++ irq_msi_update_msg(irqd, cfg);
1543 ++ return ret;
1544 ++ }
1545 ++
1546 ++ /*
1547 ++ * Paranoia: Validate that the interrupt target is the local
1548 ++ * CPU.
1549 ++ */
1550 ++ if (WARN_ON_ONCE(cpu != smp_processor_id())) {
1551 ++ irq_msi_update_msg(irqd, cfg);
1552 ++ return ret;
1553 ++ }
1554 ++
1555 ++ /*
1556 ++ * Redirect the interrupt to the new vector on the current CPU
1557 ++ * first. This might cause a spurious interrupt on this vector if
1558 ++ * the device raises an interrupt right between this update and the
1559 ++ * update to the final destination CPU.
1560 ++ *
1561 ++ * If the vector is in use then the installed device handler will
1562 ++ * denote it as spurious which is no harm as this is a rare event
1563 ++ * and interrupt handlers have to cope with spurious interrupts
1564 ++ * anyway. If the vector is unused, then it is marked so it won't
1565 ++ * trigger the 'No irq handler for vector' warning in do_IRQ().
1566 ++ *
1567 ++ * This requires to hold vector lock to prevent concurrent updates to
1568 ++ * the affected vector.
1569 ++ */
1570 ++ lock_vector_lock();
1571 ++
1572 ++ /*
1573 ++ * Mark the new target vector on the local CPU if it is currently
1574 ++ * unused. Reuse the VECTOR_RETRIGGERED state which is also used in
1575 ++ * the CPU hotplug path for a similar purpose. This cannot be
1576 ++ * undone here as the current CPU has interrupts disabled and
1577 ++ * cannot handle the interrupt before the whole set_affinity()
1578 ++ * section is done. In the CPU unplug case, the current CPU is
1579 ++ * about to vanish and will not handle any interrupts anymore. The
1580 ++ * vector is cleaned up when the CPU comes online again.
1581 ++ */
1582 ++ if (IS_ERR_OR_NULL(this_cpu_read(vector_irq[cfg->vector])))
1583 ++ this_cpu_write(vector_irq[cfg->vector], VECTOR_RETRIGGERED);
1584 ++
1585 ++ /* Redirect it to the new vector on the local CPU temporarily */
1586 ++ old_cfg.vector = cfg->vector;
1587 ++ irq_msi_update_msg(irqd, &old_cfg);
1588 ++
1589 ++ /* Now transition it to the target CPU */
1590 ++ irq_msi_update_msg(irqd, cfg);
1591 ++
1592 ++ /*
1593 ++ * All interrupts after this point are now targeted at the new
1594 ++ * vector/CPU.
1595 ++ *
1596 ++ * Drop vector lock before testing whether the temporary assignment
1597 ++ * to the local CPU was hit by an interrupt raised in the device,
1598 ++ * because the retrigger function acquires vector lock again.
1599 ++ */
1600 ++ unlock_vector_lock();
1601 ++
1602 ++ /*
1603 ++ * Check whether the transition raced with a device interrupt and
1604 ++ * is pending in the local APICs IRR. It is safe to do this outside
1605 ++ * of vector lock as the irq_desc::lock of this interrupt is still
1606 ++ * held and interrupts are disabled: The check is not accessing the
1607 ++ * underlying vector store. It's just checking the local APIC's
1608 ++ * IRR.
1609 ++ */
1610 ++ if (lapic_vector_set_in_irr(cfg->vector))
1611 ++ irq_data_get_irq_chip(irqd)->irq_retrigger(irqd);
1612 ++
1613 ++ return ret;
1614 ++}
1615 ++
1616 + /*
1617 + * IRQ Chip for MSI PCI/PCI-X/PCI-Express Devices,
1618 + * which implement the MSI or MSI-X Capability Structure.
1619 +@@ -58,6 +177,7 @@ static struct irq_chip pci_msi_controller = {
1620 + .irq_ack = irq_chip_ack_parent,
1621 + .irq_retrigger = irq_chip_retrigger_hierarchy,
1622 + .irq_compose_msi_msg = irq_msi_compose_msg,
1623 ++ .irq_set_affinity = msi_set_affinity,
1624 + .flags = IRQCHIP_SKIP_SET_WAKE,
1625 + };
1626 +
1627 +@@ -146,6 +266,8 @@ void __init arch_init_msi_domain(struct irq_domain *parent)
1628 + }
1629 + if (!msi_default_domain)
1630 + pr_warn("failed to initialize irqdomain for MSI/MSI-x.\n");
1631 ++ else
1632 ++ msi_default_domain->flags |= IRQ_DOMAIN_MSI_NOMASK_QUIRK;
1633 + }
1634 +
1635 + #ifdef CONFIG_IRQ_REMAP
1636 +diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
1637 +index 3e20d322bc98..032509adf9de 100644
1638 +--- a/arch/x86/kernel/cpu/tsx.c
1639 ++++ b/arch/x86/kernel/cpu/tsx.c
1640 +@@ -115,11 +115,12 @@ void __init tsx_init(void)
1641 + tsx_disable();
1642 +
1643 + /*
1644 +- * tsx_disable() will change the state of the
1645 +- * RTM CPUID bit. Clear it here since it is now
1646 +- * expected to be not set.
1647 ++ * tsx_disable() will change the state of the RTM and HLE CPUID
1648 ++ * bits. Clear them here since they are now expected to be not
1649 ++ * set.
1650 + */
1651 + setup_clear_cpu_cap(X86_FEATURE_RTM);
1652 ++ setup_clear_cpu_cap(X86_FEATURE_HLE);
1653 + } else if (tsx_ctrl_state == TSX_CTRL_ENABLE) {
1654 +
1655 + /*
1656 +@@ -131,10 +132,10 @@ void __init tsx_init(void)
1657 + tsx_enable();
1658 +
1659 + /*
1660 +- * tsx_enable() will change the state of the
1661 +- * RTM CPUID bit. Force it here since it is now
1662 +- * expected to be set.
1663 ++ * tsx_enable() will change the state of the RTM and HLE CPUID
1664 ++ * bits. Force them here since they are now expected to be set.
1665 + */
1666 + setup_force_cpu_cap(X86_FEATURE_RTM);
1667 ++ setup_force_cpu_cap(X86_FEATURE_HLE);
1668 + }
1669 + }
1670 +diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c
1671 +index 7ce29cee9f9e..d8673d8a779b 100644
1672 +--- a/arch/x86/kernel/time.c
1673 ++++ b/arch/x86/kernel/time.c
1674 +@@ -91,10 +91,18 @@ void __init hpet_time_init(void)
1675 +
1676 + static __init void x86_late_time_init(void)
1677 + {
1678 ++ /*
1679 ++ * Before PIT/HPET init, select the interrupt mode. This is required
1680 ++ * to make the decision whether PIT should be initialized correct.
1681 ++ */
1682 ++ x86_init.irqs.intr_mode_select();
1683 ++
1684 ++ /* Setup the legacy timers */
1685 + x86_init.timers.timer_init();
1686 ++
1687 + /*
1688 +- * After PIT/HPET timers init, select and setup
1689 +- * the final interrupt mode for delivering IRQs.
1690 ++ * After PIT/HPET timers init, set up the final interrupt mode for
1691 ++ * delivering IRQs.
1692 + */
1693 + x86_init.irqs.intr_mode_init();
1694 + tsc_init();
1695 +diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
1696 +index 18a799c8fa28..1838b10a299c 100644
1697 +--- a/arch/x86/kernel/x86_init.c
1698 ++++ b/arch/x86/kernel/x86_init.c
1699 +@@ -58,6 +58,7 @@ struct x86_init_ops x86_init __initdata = {
1700 + .pre_vector_init = init_ISA_irqs,
1701 + .intr_init = native_init_IRQ,
1702 + .trap_init = x86_init_noop,
1703 ++ .intr_mode_select = apic_intr_mode_select,
1704 + .intr_mode_init = apic_intr_mode_init
1705 + },
1706 +
1707 +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
1708 +index b1d5a8c94a57..6fa946f983c9 100644
1709 +--- a/arch/x86/kvm/cpuid.c
1710 ++++ b/arch/x86/kvm/cpuid.c
1711 +@@ -352,6 +352,7 @@ static inline void do_cpuid_7_mask(struct kvm_cpuid_entry2 *entry, int index)
1712 + unsigned f_umip = kvm_x86_ops->umip_emulated() ? F(UMIP) : 0;
1713 + unsigned f_intel_pt = kvm_x86_ops->pt_supported() ? F(INTEL_PT) : 0;
1714 + unsigned f_la57;
1715 ++ unsigned f_pku = kvm_x86_ops->pku_supported() ? F(PKU) : 0;
1716 +
1717 + /* cpuid 7.0.ebx */
1718 + const u32 kvm_cpuid_7_0_ebx_x86_features =
1719 +@@ -363,7 +364,7 @@ static inline void do_cpuid_7_mask(struct kvm_cpuid_entry2 *entry, int index)
1720 +
1721 + /* cpuid 7.0.ecx*/
1722 + const u32 kvm_cpuid_7_0_ecx_x86_features =
1723 +- F(AVX512VBMI) | F(LA57) | F(PKU) | 0 /*OSPKE*/ | F(RDPID) |
1724 ++ F(AVX512VBMI) | F(LA57) | 0 /*PKU*/ | 0 /*OSPKE*/ | F(RDPID) |
1725 + F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) |
1726 + F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) |
1727 + F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/;
1728 +@@ -392,6 +393,7 @@ static inline void do_cpuid_7_mask(struct kvm_cpuid_entry2 *entry, int index)
1729 + /* Set LA57 based on hardware capability. */
1730 + entry->ecx |= f_la57;
1731 + entry->ecx |= f_umip;
1732 ++ entry->ecx |= f_pku;
1733 + /* PKU is not yet implemented for shadow paging. */
1734 + if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
1735 + entry->ecx &= ~F(PKU);
1736 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
1737 +index 698efb8c3897..37aa9ce29b33 100644
1738 +--- a/arch/x86/kvm/emulate.c
1739 ++++ b/arch/x86/kvm/emulate.c
1740 +@@ -22,6 +22,7 @@
1741 + #include "kvm_cache_regs.h"
1742 + #include <asm/kvm_emulate.h>
1743 + #include <linux/stringify.h>
1744 ++#include <asm/fpu/api.h>
1745 + #include <asm/debugreg.h>
1746 + #include <asm/nospec-branch.h>
1747 +
1748 +@@ -1075,8 +1076,23 @@ static void fetch_register_operand(struct operand *op)
1749 + }
1750 + }
1751 +
1752 ++static void emulator_get_fpu(void)
1753 ++{
1754 ++ fpregs_lock();
1755 ++
1756 ++ fpregs_assert_state_consistent();
1757 ++ if (test_thread_flag(TIF_NEED_FPU_LOAD))
1758 ++ switch_fpu_return();
1759 ++}
1760 ++
1761 ++static void emulator_put_fpu(void)
1762 ++{
1763 ++ fpregs_unlock();
1764 ++}
1765 ++
1766 + static void read_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data, int reg)
1767 + {
1768 ++ emulator_get_fpu();
1769 + switch (reg) {
1770 + case 0: asm("movdqa %%xmm0, %0" : "=m"(*data)); break;
1771 + case 1: asm("movdqa %%xmm1, %0" : "=m"(*data)); break;
1772 +@@ -1098,11 +1114,13 @@ static void read_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data, int reg)
1773 + #endif
1774 + default: BUG();
1775 + }
1776 ++ emulator_put_fpu();
1777 + }
1778 +
1779 + static void write_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data,
1780 + int reg)
1781 + {
1782 ++ emulator_get_fpu();
1783 + switch (reg) {
1784 + case 0: asm("movdqa %0, %%xmm0" : : "m"(*data)); break;
1785 + case 1: asm("movdqa %0, %%xmm1" : : "m"(*data)); break;
1786 +@@ -1124,10 +1142,12 @@ static void write_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data,
1787 + #endif
1788 + default: BUG();
1789 + }
1790 ++ emulator_put_fpu();
1791 + }
1792 +
1793 + static void read_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1794 + {
1795 ++ emulator_get_fpu();
1796 + switch (reg) {
1797 + case 0: asm("movq %%mm0, %0" : "=m"(*data)); break;
1798 + case 1: asm("movq %%mm1, %0" : "=m"(*data)); break;
1799 +@@ -1139,10 +1159,12 @@ static void read_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1800 + case 7: asm("movq %%mm7, %0" : "=m"(*data)); break;
1801 + default: BUG();
1802 + }
1803 ++ emulator_put_fpu();
1804 + }
1805 +
1806 + static void write_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1807 + {
1808 ++ emulator_get_fpu();
1809 + switch (reg) {
1810 + case 0: asm("movq %0, %%mm0" : : "m"(*data)); break;
1811 + case 1: asm("movq %0, %%mm1" : : "m"(*data)); break;
1812 +@@ -1154,6 +1176,7 @@ static void write_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1813 + case 7: asm("movq %0, %%mm7" : : "m"(*data)); break;
1814 + default: BUG();
1815 + }
1816 ++ emulator_put_fpu();
1817 + }
1818 +
1819 + static int em_fninit(struct x86_emulate_ctxt *ctxt)
1820 +@@ -1161,7 +1184,9 @@ static int em_fninit(struct x86_emulate_ctxt *ctxt)
1821 + if (ctxt->ops->get_cr(ctxt, 0) & (X86_CR0_TS | X86_CR0_EM))
1822 + return emulate_nm(ctxt);
1823 +
1824 ++ emulator_get_fpu();
1825 + asm volatile("fninit");
1826 ++ emulator_put_fpu();
1827 + return X86EMUL_CONTINUE;
1828 + }
1829 +
1830 +@@ -1172,7 +1197,9 @@ static int em_fnstcw(struct x86_emulate_ctxt *ctxt)
1831 + if (ctxt->ops->get_cr(ctxt, 0) & (X86_CR0_TS | X86_CR0_EM))
1832 + return emulate_nm(ctxt);
1833 +
1834 ++ emulator_get_fpu();
1835 + asm volatile("fnstcw %0": "+m"(fcw));
1836 ++ emulator_put_fpu();
1837 +
1838 + ctxt->dst.val = fcw;
1839 +
1840 +@@ -1186,7 +1213,9 @@ static int em_fnstsw(struct x86_emulate_ctxt *ctxt)
1841 + if (ctxt->ops->get_cr(ctxt, 0) & (X86_CR0_TS | X86_CR0_EM))
1842 + return emulate_nm(ctxt);
1843 +
1844 ++ emulator_get_fpu();
1845 + asm volatile("fnstsw %0": "+m"(fsw));
1846 ++ emulator_put_fpu();
1847 +
1848 + ctxt->dst.val = fsw;
1849 +
1850 +@@ -4094,8 +4123,12 @@ static int em_fxsave(struct x86_emulate_ctxt *ctxt)
1851 + if (rc != X86EMUL_CONTINUE)
1852 + return rc;
1853 +
1854 ++ emulator_get_fpu();
1855 ++
1856 + rc = asm_safe("fxsave %[fx]", , [fx] "+m"(fx_state));
1857 +
1858 ++ emulator_put_fpu();
1859 ++
1860 + if (rc != X86EMUL_CONTINUE)
1861 + return rc;
1862 +
1863 +@@ -4138,6 +4171,8 @@ static int em_fxrstor(struct x86_emulate_ctxt *ctxt)
1864 + if (rc != X86EMUL_CONTINUE)
1865 + return rc;
1866 +
1867 ++ emulator_get_fpu();
1868 ++
1869 + if (size < __fxstate_size(16)) {
1870 + rc = fxregs_fixup(&fx_state, size);
1871 + if (rc != X86EMUL_CONTINUE)
1872 +@@ -4153,6 +4188,8 @@ static int em_fxrstor(struct x86_emulate_ctxt *ctxt)
1873 + rc = asm_safe("fxrstor %[fx]", : [fx] "m"(fx_state));
1874 +
1875 + out:
1876 ++ emulator_put_fpu();
1877 ++
1878 + return rc;
1879 + }
1880 +
1881 +@@ -5212,16 +5249,28 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
1882 + ctxt->ad_bytes = def_ad_bytes ^ 6;
1883 + break;
1884 + case 0x26: /* ES override */
1885 ++ has_seg_override = true;
1886 ++ ctxt->seg_override = VCPU_SREG_ES;
1887 ++ break;
1888 + case 0x2e: /* CS override */
1889 ++ has_seg_override = true;
1890 ++ ctxt->seg_override = VCPU_SREG_CS;
1891 ++ break;
1892 + case 0x36: /* SS override */
1893 ++ has_seg_override = true;
1894 ++ ctxt->seg_override = VCPU_SREG_SS;
1895 ++ break;
1896 + case 0x3e: /* DS override */
1897 + has_seg_override = true;
1898 +- ctxt->seg_override = (ctxt->b >> 3) & 3;
1899 ++ ctxt->seg_override = VCPU_SREG_DS;
1900 + break;
1901 + case 0x64: /* FS override */
1902 ++ has_seg_override = true;
1903 ++ ctxt->seg_override = VCPU_SREG_FS;
1904 ++ break;
1905 + case 0x65: /* GS override */
1906 + has_seg_override = true;
1907 +- ctxt->seg_override = ctxt->b & 7;
1908 ++ ctxt->seg_override = VCPU_SREG_GS;
1909 + break;
1910 + case 0x40 ... 0x4f: /* REX */
1911 + if (mode != X86EMUL_MODE_PROT64)
1912 +@@ -5305,10 +5354,15 @@ done_prefixes:
1913 + }
1914 + break;
1915 + case Escape:
1916 +- if (ctxt->modrm > 0xbf)
1917 +- opcode = opcode.u.esc->high[ctxt->modrm - 0xc0];
1918 +- else
1919 ++ if (ctxt->modrm > 0xbf) {
1920 ++ size_t size = ARRAY_SIZE(opcode.u.esc->high);
1921 ++ u32 index = array_index_nospec(
1922 ++ ctxt->modrm - 0xc0, size);
1923 ++
1924 ++ opcode = opcode.u.esc->high[index];
1925 ++ } else {
1926 + opcode = opcode.u.esc->op[(ctxt->modrm >> 3) & 7];
1927 ++ }
1928 + break;
1929 + case InstrDual:
1930 + if ((ctxt->modrm >> 6) == 3)
1931 +@@ -5450,7 +5504,9 @@ static int flush_pending_x87_faults(struct x86_emulate_ctxt *ctxt)
1932 + {
1933 + int rc;
1934 +
1935 ++ emulator_get_fpu();
1936 + rc = asm_safe("fwait");
1937 ++ emulator_put_fpu();
1938 +
1939 + if (unlikely(rc != X86EMUL_CONTINUE))
1940 + return emulate_exception(ctxt, MF_VECTOR, 0, false);
1941 +diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
1942 +index 23ff65504d7e..26408434b9bc 100644
1943 +--- a/arch/x86/kvm/hyperv.c
1944 ++++ b/arch/x86/kvm/hyperv.c
1945 +@@ -809,11 +809,12 @@ static int kvm_hv_msr_get_crash_data(struct kvm_vcpu *vcpu,
1946 + u32 index, u64 *pdata)
1947 + {
1948 + struct kvm_hv *hv = &vcpu->kvm->arch.hyperv;
1949 ++ size_t size = ARRAY_SIZE(hv->hv_crash_param);
1950 +
1951 +- if (WARN_ON_ONCE(index >= ARRAY_SIZE(hv->hv_crash_param)))
1952 ++ if (WARN_ON_ONCE(index >= size))
1953 + return -EINVAL;
1954 +
1955 +- *pdata = hv->hv_crash_param[index];
1956 ++ *pdata = hv->hv_crash_param[array_index_nospec(index, size)];
1957 + return 0;
1958 + }
1959 +
1960 +@@ -852,11 +853,12 @@ static int kvm_hv_msr_set_crash_data(struct kvm_vcpu *vcpu,
1961 + u32 index, u64 data)
1962 + {
1963 + struct kvm_hv *hv = &vcpu->kvm->arch.hyperv;
1964 ++ size_t size = ARRAY_SIZE(hv->hv_crash_param);
1965 +
1966 +- if (WARN_ON_ONCE(index >= ARRAY_SIZE(hv->hv_crash_param)))
1967 ++ if (WARN_ON_ONCE(index >= size))
1968 + return -EINVAL;
1969 +
1970 +- hv->hv_crash_param[index] = data;
1971 ++ hv->hv_crash_param[array_index_nospec(index, size)] = data;
1972 + return 0;
1973 + }
1974 +
1975 +diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
1976 +index 8b38bb4868a6..629a09ca9860 100644
1977 +--- a/arch/x86/kvm/i8259.c
1978 ++++ b/arch/x86/kvm/i8259.c
1979 +@@ -460,10 +460,14 @@ static int picdev_write(struct kvm_pic *s,
1980 + switch (addr) {
1981 + case 0x20:
1982 + case 0x21:
1983 ++ pic_lock(s);
1984 ++ pic_ioport_write(&s->pics[0], addr, data);
1985 ++ pic_unlock(s);
1986 ++ break;
1987 + case 0xa0:
1988 + case 0xa1:
1989 + pic_lock(s);
1990 +- pic_ioport_write(&s->pics[addr >> 7], addr, data);
1991 ++ pic_ioport_write(&s->pics[1], addr, data);
1992 + pic_unlock(s);
1993 + break;
1994 + case 0x4d0:
1995 +diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
1996 +index d859ae8890d0..24a6905d60ee 100644
1997 +--- a/arch/x86/kvm/ioapic.c
1998 ++++ b/arch/x86/kvm/ioapic.c
1999 +@@ -36,6 +36,7 @@
2000 + #include <linux/io.h>
2001 + #include <linux/slab.h>
2002 + #include <linux/export.h>
2003 ++#include <linux/nospec.h>
2004 + #include <asm/processor.h>
2005 + #include <asm/page.h>
2006 + #include <asm/current.h>
2007 +@@ -68,13 +69,14 @@ static unsigned long ioapic_read_indirect(struct kvm_ioapic *ioapic,
2008 + default:
2009 + {
2010 + u32 redir_index = (ioapic->ioregsel - 0x10) >> 1;
2011 +- u64 redir_content;
2012 ++ u64 redir_content = ~0ULL;
2013 +
2014 +- if (redir_index < IOAPIC_NUM_PINS)
2015 +- redir_content =
2016 +- ioapic->redirtbl[redir_index].bits;
2017 +- else
2018 +- redir_content = ~0ULL;
2019 ++ if (redir_index < IOAPIC_NUM_PINS) {
2020 ++ u32 index = array_index_nospec(
2021 ++ redir_index, IOAPIC_NUM_PINS);
2022 ++
2023 ++ redir_content = ioapic->redirtbl[index].bits;
2024 ++ }
2025 +
2026 + result = (ioapic->ioregsel & 0x1) ?
2027 + (redir_content >> 32) & 0xffffffff :
2028 +@@ -291,6 +293,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
2029 +
2030 + if (index >= IOAPIC_NUM_PINS)
2031 + return;
2032 ++ index = array_index_nospec(index, IOAPIC_NUM_PINS);
2033 + e = &ioapic->redirtbl[index];
2034 + mask_before = e->fields.mask;
2035 + /* Preserve read-only fields */
2036 +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
2037 +index b29d00b661ff..15728971a430 100644
2038 +--- a/arch/x86/kvm/lapic.c
2039 ++++ b/arch/x86/kvm/lapic.c
2040 +@@ -1926,15 +1926,20 @@ int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
2041 + case APIC_LVTTHMR:
2042 + case APIC_LVTPC:
2043 + case APIC_LVT1:
2044 +- case APIC_LVTERR:
2045 ++ case APIC_LVTERR: {
2046 + /* TODO: Check vector */
2047 ++ size_t size;
2048 ++ u32 index;
2049 ++
2050 + if (!kvm_apic_sw_enabled(apic))
2051 + val |= APIC_LVT_MASKED;
2052 +-
2053 +- val &= apic_lvt_mask[(reg - APIC_LVTT) >> 4];
2054 ++ size = ARRAY_SIZE(apic_lvt_mask);
2055 ++ index = array_index_nospec(
2056 ++ (reg - APIC_LVTT) >> 4, size);
2057 ++ val &= apic_lvt_mask[index];
2058 + kvm_lapic_set_reg(apic, reg, val);
2059 +-
2060 + break;
2061 ++ }
2062 +
2063 + case APIC_LVTT:
2064 + if (!kvm_apic_sw_enabled(apic))
2065 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
2066 +index 2ce9da58611e..518100ea5ef4 100644
2067 +--- a/arch/x86/kvm/mmu.c
2068 ++++ b/arch/x86/kvm/mmu.c
2069 +@@ -418,22 +418,24 @@ static inline bool is_access_track_spte(u64 spte)
2070 + * requires a full MMU zap). The flag is instead explicitly queried when
2071 + * checking for MMIO spte cache hits.
2072 + */
2073 +-#define MMIO_SPTE_GEN_MASK GENMASK_ULL(18, 0)
2074 ++#define MMIO_SPTE_GEN_MASK GENMASK_ULL(17, 0)
2075 +
2076 + #define MMIO_SPTE_GEN_LOW_START 3
2077 + #define MMIO_SPTE_GEN_LOW_END 11
2078 + #define MMIO_SPTE_GEN_LOW_MASK GENMASK_ULL(MMIO_SPTE_GEN_LOW_END, \
2079 + MMIO_SPTE_GEN_LOW_START)
2080 +
2081 +-#define MMIO_SPTE_GEN_HIGH_START 52
2082 +-#define MMIO_SPTE_GEN_HIGH_END 61
2083 ++#define MMIO_SPTE_GEN_HIGH_START PT64_SECOND_AVAIL_BITS_SHIFT
2084 ++#define MMIO_SPTE_GEN_HIGH_END 62
2085 + #define MMIO_SPTE_GEN_HIGH_MASK GENMASK_ULL(MMIO_SPTE_GEN_HIGH_END, \
2086 + MMIO_SPTE_GEN_HIGH_START)
2087 ++
2088 + static u64 generation_mmio_spte_mask(u64 gen)
2089 + {
2090 + u64 mask;
2091 +
2092 + WARN_ON(gen & ~MMIO_SPTE_GEN_MASK);
2093 ++ BUILD_BUG_ON((MMIO_SPTE_GEN_HIGH_MASK | MMIO_SPTE_GEN_LOW_MASK) & SPTE_SPECIAL_MASK);
2094 +
2095 + mask = (gen << MMIO_SPTE_GEN_LOW_START) & MMIO_SPTE_GEN_LOW_MASK;
2096 + mask |= (gen << MMIO_SPTE_GEN_HIGH_START) & MMIO_SPTE_GEN_HIGH_MASK;
2097 +@@ -444,8 +446,6 @@ static u64 get_mmio_spte_generation(u64 spte)
2098 + {
2099 + u64 gen;
2100 +
2101 +- spte &= ~shadow_mmio_mask;
2102 +-
2103 + gen = (spte & MMIO_SPTE_GEN_LOW_MASK) >> MMIO_SPTE_GEN_LOW_START;
2104 + gen |= (spte & MMIO_SPTE_GEN_HIGH_MASK) >> MMIO_SPTE_GEN_HIGH_START;
2105 + return gen;
2106 +@@ -538,16 +538,20 @@ EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes);
2107 + static u8 kvm_get_shadow_phys_bits(void)
2108 + {
2109 + /*
2110 +- * boot_cpu_data.x86_phys_bits is reduced when MKTME is detected
2111 +- * in CPU detection code, but MKTME treats those reduced bits as
2112 +- * 'keyID' thus they are not reserved bits. Therefore for MKTME
2113 +- * we should still return physical address bits reported by CPUID.
2114 ++ * boot_cpu_data.x86_phys_bits is reduced when MKTME or SME are detected
2115 ++ * in CPU detection code, but the processor treats those reduced bits as
2116 ++ * 'keyID' thus they are not reserved bits. Therefore KVM needs to look at
2117 ++ * the physical address bits reported by CPUID.
2118 + */
2119 +- if (!boot_cpu_has(X86_FEATURE_TME) ||
2120 +- WARN_ON_ONCE(boot_cpu_data.extended_cpuid_level < 0x80000008))
2121 +- return boot_cpu_data.x86_phys_bits;
2122 ++ if (likely(boot_cpu_data.extended_cpuid_level >= 0x80000008))
2123 ++ return cpuid_eax(0x80000008) & 0xff;
2124 +
2125 +- return cpuid_eax(0x80000008) & 0xff;
2126 ++ /*
2127 ++ * Quite weird to have VMX or SVM but not MAXPHYADDR; probably a VM with
2128 ++ * custom CPUID. Proceed with whatever the kernel found since these features
2129 ++ * aren't virtualizable (SME/SEV also require CPUIDs higher than 0x80000008).
2130 ++ */
2131 ++ return boot_cpu_data.x86_phys_bits;
2132 + }
2133 +
2134 + static void kvm_mmu_reset_all_pte_masks(void)
2135 +@@ -1282,12 +1286,12 @@ static bool mmu_gfn_lpage_is_disallowed(struct kvm_vcpu *vcpu, gfn_t gfn,
2136 + return __mmu_gfn_lpage_is_disallowed(gfn, level, slot);
2137 + }
2138 +
2139 +-static int host_mapping_level(struct kvm *kvm, gfn_t gfn)
2140 ++static int host_mapping_level(struct kvm_vcpu *vcpu, gfn_t gfn)
2141 + {
2142 + unsigned long page_size;
2143 + int i, ret = 0;
2144 +
2145 +- page_size = kvm_host_page_size(kvm, gfn);
2146 ++ page_size = kvm_host_page_size(vcpu, gfn);
2147 +
2148 + for (i = PT_PAGE_TABLE_LEVEL; i <= PT_MAX_HUGEPAGE_LEVEL; ++i) {
2149 + if (page_size >= KVM_HPAGE_SIZE(i))
2150 +@@ -1337,7 +1341,7 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn,
2151 + if (unlikely(*force_pt_level))
2152 + return PT_PAGE_TABLE_LEVEL;
2153 +
2154 +- host_level = host_mapping_level(vcpu->kvm, large_gfn);
2155 ++ host_level = host_mapping_level(vcpu, large_gfn);
2156 +
2157 + if (host_level == PT_PAGE_TABLE_LEVEL)
2158 + return host_level;
2159 +@@ -3528,7 +3532,7 @@ static bool is_access_allowed(u32 fault_err_code, u64 spte)
2160 + * - true: let the vcpu to access on the same address again.
2161 + * - false: let the real page fault path to fix it.
2162 + */
2163 +-static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2164 ++static bool fast_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, int level,
2165 + u32 error_code)
2166 + {
2167 + struct kvm_shadow_walk_iterator iterator;
2168 +@@ -3548,7 +3552,7 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2169 + do {
2170 + u64 new_spte;
2171 +
2172 +- for_each_shadow_entry_lockless(vcpu, gva, iterator, spte)
2173 ++ for_each_shadow_entry_lockless(vcpu, cr2_or_gpa, iterator, spte)
2174 + if (!is_shadow_present_pte(spte) ||
2175 + iterator.level < level)
2176 + break;
2177 +@@ -3626,7 +3630,7 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2178 +
2179 + } while (true);
2180 +
2181 +- trace_fast_page_fault(vcpu, gva, error_code, iterator.sptep,
2182 ++ trace_fast_page_fault(vcpu, cr2_or_gpa, error_code, iterator.sptep,
2183 + spte, fault_handled);
2184 + walk_shadow_page_lockless_end(vcpu);
2185 +
2186 +@@ -3634,10 +3638,11 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2187 + }
2188 +
2189 + static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
2190 +- gva_t gva, kvm_pfn_t *pfn, bool write, bool *writable);
2191 ++ gpa_t cr2_or_gpa, kvm_pfn_t *pfn, bool write,
2192 ++ bool *writable);
2193 + static int make_mmu_pages_available(struct kvm_vcpu *vcpu);
2194 +
2195 +-static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
2196 ++static int nonpaging_map(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code,
2197 + gfn_t gfn, bool prefault)
2198 + {
2199 + int r;
2200 +@@ -3663,16 +3668,16 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
2201 + gfn &= ~(KVM_PAGES_PER_HPAGE(level) - 1);
2202 + }
2203 +
2204 +- if (fast_page_fault(vcpu, v, level, error_code))
2205 ++ if (fast_page_fault(vcpu, gpa, level, error_code))
2206 + return RET_PF_RETRY;
2207 +
2208 + mmu_seq = vcpu->kvm->mmu_notifier_seq;
2209 + smp_rmb();
2210 +
2211 +- if (try_async_pf(vcpu, prefault, gfn, v, &pfn, write, &map_writable))
2212 ++ if (try_async_pf(vcpu, prefault, gfn, gpa, &pfn, write, &map_writable))
2213 + return RET_PF_RETRY;
2214 +
2215 +- if (handle_abnormal_pfn(vcpu, v, gfn, pfn, ACC_ALL, &r))
2216 ++ if (handle_abnormal_pfn(vcpu, gpa, gfn, pfn, ACC_ALL, &r))
2217 + return r;
2218 +
2219 + r = RET_PF_RETRY;
2220 +@@ -3683,7 +3688,7 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
2221 + goto out_unlock;
2222 + if (likely(!force_pt_level))
2223 + transparent_hugepage_adjust(vcpu, gfn, &pfn, &level);
2224 +- r = __direct_map(vcpu, v, write, map_writable, level, pfn,
2225 ++ r = __direct_map(vcpu, gpa, write, map_writable, level, pfn,
2226 + prefault, false);
2227 + out_unlock:
2228 + spin_unlock(&vcpu->kvm->mmu_lock);
2229 +@@ -3981,7 +3986,7 @@ void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu)
2230 + }
2231 + EXPORT_SYMBOL_GPL(kvm_mmu_sync_roots);
2232 +
2233 +-static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr,
2234 ++static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gpa_t vaddr,
2235 + u32 access, struct x86_exception *exception)
2236 + {
2237 + if (exception)
2238 +@@ -3989,7 +3994,7 @@ static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr,
2239 + return vaddr;
2240 + }
2241 +
2242 +-static gpa_t nonpaging_gva_to_gpa_nested(struct kvm_vcpu *vcpu, gva_t vaddr,
2243 ++static gpa_t nonpaging_gva_to_gpa_nested(struct kvm_vcpu *vcpu, gpa_t vaddr,
2244 + u32 access,
2245 + struct x86_exception *exception)
2246 + {
2247 +@@ -4149,13 +4154,14 @@ static void shadow_page_table_clear_flood(struct kvm_vcpu *vcpu, gva_t addr)
2248 + walk_shadow_page_lockless_end(vcpu);
2249 + }
2250 +
2251 +-static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
2252 ++static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa,
2253 + u32 error_code, bool prefault)
2254 + {
2255 +- gfn_t gfn = gva >> PAGE_SHIFT;
2256 ++ gfn_t gfn = gpa >> PAGE_SHIFT;
2257 + int r;
2258 +
2259 +- pgprintk("%s: gva %lx error %x\n", __func__, gva, error_code);
2260 ++ /* Note, paging is disabled, ergo gva == gpa. */
2261 ++ pgprintk("%s: gva %lx error %x\n", __func__, gpa, error_code);
2262 +
2263 + if (page_fault_handle_page_track(vcpu, error_code, gfn))
2264 + return RET_PF_EMULATE;
2265 +@@ -4167,11 +4173,12 @@ static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
2266 + MMU_WARN_ON(!VALID_PAGE(vcpu->arch.mmu->root_hpa));
2267 +
2268 +
2269 +- return nonpaging_map(vcpu, gva & PAGE_MASK,
2270 ++ return nonpaging_map(vcpu, gpa & PAGE_MASK,
2271 + error_code, gfn, prefault);
2272 + }
2273 +
2274 +-static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
2275 ++static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
2276 ++ gfn_t gfn)
2277 + {
2278 + struct kvm_arch_async_pf arch;
2279 +
2280 +@@ -4180,11 +4187,13 @@ static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
2281 + arch.direct_map = vcpu->arch.mmu->direct_map;
2282 + arch.cr3 = vcpu->arch.mmu->get_cr3(vcpu);
2283 +
2284 +- return kvm_setup_async_pf(vcpu, gva, kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
2285 ++ return kvm_setup_async_pf(vcpu, cr2_or_gpa,
2286 ++ kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
2287 + }
2288 +
2289 + static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
2290 +- gva_t gva, kvm_pfn_t *pfn, bool write, bool *writable)
2291 ++ gpa_t cr2_or_gpa, kvm_pfn_t *pfn, bool write,
2292 ++ bool *writable)
2293 + {
2294 + struct kvm_memory_slot *slot;
2295 + bool async;
2296 +@@ -4204,12 +4213,12 @@ static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
2297 + return false; /* *pfn has correct page already */
2298 +
2299 + if (!prefault && kvm_can_do_async_pf(vcpu)) {
2300 +- trace_kvm_try_async_get_page(gva, gfn);
2301 ++ trace_kvm_try_async_get_page(cr2_or_gpa, gfn);
2302 + if (kvm_find_async_pf_gfn(vcpu, gfn)) {
2303 +- trace_kvm_async_pf_doublefault(gva, gfn);
2304 ++ trace_kvm_async_pf_doublefault(cr2_or_gpa, gfn);
2305 + kvm_make_request(KVM_REQ_APF_HALT, vcpu);
2306 + return true;
2307 +- } else if (kvm_arch_setup_async_pf(vcpu, gva, gfn))
2308 ++ } else if (kvm_arch_setup_async_pf(vcpu, cr2_or_gpa, gfn))
2309 + return true;
2310 + }
2311 +
2312 +@@ -4222,6 +4231,12 @@ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code,
2313 + {
2314 + int r = 1;
2315 +
2316 ++#ifndef CONFIG_X86_64
2317 ++ /* A 64-bit CR2 should be impossible on 32-bit KVM. */
2318 ++ if (WARN_ON_ONCE(fault_address >> 32))
2319 ++ return -EFAULT;
2320 ++#endif
2321 ++
2322 + vcpu->arch.l1tf_flush_l1d = true;
2323 + switch (vcpu->arch.apf.host_apf_reason) {
2324 + default:
2325 +@@ -4259,7 +4274,7 @@ check_hugepage_cache_consistency(struct kvm_vcpu *vcpu, gfn_t gfn, int level)
2326 + return kvm_mtrr_check_gfn_range_consistency(vcpu, gfn, page_num);
2327 + }
2328 +
2329 +-static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
2330 ++static int tdp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code,
2331 + bool prefault)
2332 + {
2333 + kvm_pfn_t pfn;
2334 +@@ -5516,7 +5531,7 @@ static int make_mmu_pages_available(struct kvm_vcpu *vcpu)
2335 + return 0;
2336 + }
2337 +
2338 +-int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2339 ++int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 error_code,
2340 + void *insn, int insn_len)
2341 + {
2342 + int r, emulation_type = 0;
2343 +@@ -5525,18 +5540,18 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2344 + /* With shadow page tables, fault_address contains a GVA or nGPA. */
2345 + if (vcpu->arch.mmu->direct_map) {
2346 + vcpu->arch.gpa_available = true;
2347 +- vcpu->arch.gpa_val = cr2;
2348 ++ vcpu->arch.gpa_val = cr2_or_gpa;
2349 + }
2350 +
2351 + r = RET_PF_INVALID;
2352 + if (unlikely(error_code & PFERR_RSVD_MASK)) {
2353 +- r = handle_mmio_page_fault(vcpu, cr2, direct);
2354 ++ r = handle_mmio_page_fault(vcpu, cr2_or_gpa, direct);
2355 + if (r == RET_PF_EMULATE)
2356 + goto emulate;
2357 + }
2358 +
2359 + if (r == RET_PF_INVALID) {
2360 +- r = vcpu->arch.mmu->page_fault(vcpu, cr2,
2361 ++ r = vcpu->arch.mmu->page_fault(vcpu, cr2_or_gpa,
2362 + lower_32_bits(error_code),
2363 + false);
2364 + WARN_ON(r == RET_PF_INVALID);
2365 +@@ -5556,7 +5571,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2366 + */
2367 + if (vcpu->arch.mmu->direct_map &&
2368 + (error_code & PFERR_NESTED_GUEST_PAGE) == PFERR_NESTED_GUEST_PAGE) {
2369 +- kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2));
2370 ++ kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2_or_gpa));
2371 + return 1;
2372 + }
2373 +
2374 +@@ -5571,7 +5586,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2375 + * explicitly shadowing L1's page tables, i.e. unprotecting something
2376 + * for L1 isn't going to magically fix whatever issue cause L2 to fail.
2377 + */
2378 +- if (!mmio_info_in_cache(vcpu, cr2, direct) && !is_guest_mode(vcpu))
2379 ++ if (!mmio_info_in_cache(vcpu, cr2_or_gpa, direct) && !is_guest_mode(vcpu))
2380 + emulation_type = EMULTYPE_ALLOW_RETRY;
2381 + emulate:
2382 + /*
2383 +@@ -5586,7 +5601,7 @@ emulate:
2384 + return 1;
2385 + }
2386 +
2387 +- return x86_emulate_instruction(vcpu, cr2, emulation_type, insn,
2388 ++ return x86_emulate_instruction(vcpu, cr2_or_gpa, emulation_type, insn,
2389 + insn_len);
2390 + }
2391 + EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
2392 +@@ -6249,7 +6264,7 @@ static void kvm_set_mmio_spte_mask(void)
2393 + * If reserved bit is not supported, clear the present bit to disable
2394 + * mmio page fault.
2395 + */
2396 +- if (IS_ENABLED(CONFIG_X86_64) && shadow_phys_bits == 52)
2397 ++ if (shadow_phys_bits == 52)
2398 + mask &= ~1ull;
2399 +
2400 + kvm_mmu_set_mmio_spte_mask(mask, mask, ACC_WRITE_MASK | ACC_USER_MASK);
2401 +diff --git a/arch/x86/kvm/mmutrace.h b/arch/x86/kvm/mmutrace.h
2402 +index 7ca8831c7d1a..3c6522b84ff1 100644
2403 +--- a/arch/x86/kvm/mmutrace.h
2404 ++++ b/arch/x86/kvm/mmutrace.h
2405 +@@ -249,13 +249,13 @@ TRACE_EVENT(
2406 +
2407 + TRACE_EVENT(
2408 + fast_page_fault,
2409 +- TP_PROTO(struct kvm_vcpu *vcpu, gva_t gva, u32 error_code,
2410 ++ TP_PROTO(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 error_code,
2411 + u64 *sptep, u64 old_spte, bool retry),
2412 +- TP_ARGS(vcpu, gva, error_code, sptep, old_spte, retry),
2413 ++ TP_ARGS(vcpu, cr2_or_gpa, error_code, sptep, old_spte, retry),
2414 +
2415 + TP_STRUCT__entry(
2416 + __field(int, vcpu_id)
2417 +- __field(gva_t, gva)
2418 ++ __field(gpa_t, cr2_or_gpa)
2419 + __field(u32, error_code)
2420 + __field(u64 *, sptep)
2421 + __field(u64, old_spte)
2422 +@@ -265,7 +265,7 @@ TRACE_EVENT(
2423 +
2424 + TP_fast_assign(
2425 + __entry->vcpu_id = vcpu->vcpu_id;
2426 +- __entry->gva = gva;
2427 ++ __entry->cr2_or_gpa = cr2_or_gpa;
2428 + __entry->error_code = error_code;
2429 + __entry->sptep = sptep;
2430 + __entry->old_spte = old_spte;
2431 +@@ -273,9 +273,9 @@ TRACE_EVENT(
2432 + __entry->retry = retry;
2433 + ),
2434 +
2435 +- TP_printk("vcpu %d gva %lx error_code %s sptep %p old %#llx"
2436 ++ TP_printk("vcpu %d gva %llx error_code %s sptep %p old %#llx"
2437 + " new %llx spurious %d fixed %d", __entry->vcpu_id,
2438 +- __entry->gva, __print_flags(__entry->error_code, "|",
2439 ++ __entry->cr2_or_gpa, __print_flags(__entry->error_code, "|",
2440 + kvm_mmu_trace_pferr_flags), __entry->sptep,
2441 + __entry->old_spte, __entry->new_spte,
2442 + __spte_satisfied(old_spte), __spte_satisfied(new_spte)
2443 +diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
2444 +index 25ce3edd1872..7f0059aa30e1 100644
2445 +--- a/arch/x86/kvm/mtrr.c
2446 ++++ b/arch/x86/kvm/mtrr.c
2447 +@@ -192,11 +192,15 @@ static bool fixed_msr_to_seg_unit(u32 msr, int *seg, int *unit)
2448 + break;
2449 + case MSR_MTRRfix16K_80000 ... MSR_MTRRfix16K_A0000:
2450 + *seg = 1;
2451 +- *unit = msr - MSR_MTRRfix16K_80000;
2452 ++ *unit = array_index_nospec(
2453 ++ msr - MSR_MTRRfix16K_80000,
2454 ++ MSR_MTRRfix16K_A0000 - MSR_MTRRfix16K_80000 + 1);
2455 + break;
2456 + case MSR_MTRRfix4K_C0000 ... MSR_MTRRfix4K_F8000:
2457 + *seg = 2;
2458 +- *unit = msr - MSR_MTRRfix4K_C0000;
2459 ++ *unit = array_index_nospec(
2460 ++ msr - MSR_MTRRfix4K_C0000,
2461 ++ MSR_MTRRfix4K_F8000 - MSR_MTRRfix4K_C0000 + 1);
2462 + break;
2463 + default:
2464 + return false;
2465 +diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
2466 +index 97b21e7fd013..c1d7b866a03f 100644
2467 +--- a/arch/x86/kvm/paging_tmpl.h
2468 ++++ b/arch/x86/kvm/paging_tmpl.h
2469 +@@ -291,11 +291,11 @@ static inline unsigned FNAME(gpte_pkeys)(struct kvm_vcpu *vcpu, u64 gpte)
2470 + }
2471 +
2472 + /*
2473 +- * Fetch a guest pte for a guest virtual address
2474 ++ * Fetch a guest pte for a guest virtual address, or for an L2's GPA.
2475 + */
2476 + static int FNAME(walk_addr_generic)(struct guest_walker *walker,
2477 + struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
2478 +- gva_t addr, u32 access)
2479 ++ gpa_t addr, u32 access)
2480 + {
2481 + int ret;
2482 + pt_element_t pte;
2483 +@@ -496,7 +496,7 @@ error:
2484 + }
2485 +
2486 + static int FNAME(walk_addr)(struct guest_walker *walker,
2487 +- struct kvm_vcpu *vcpu, gva_t addr, u32 access)
2488 ++ struct kvm_vcpu *vcpu, gpa_t addr, u32 access)
2489 + {
2490 + return FNAME(walk_addr_generic)(walker, vcpu, vcpu->arch.mmu, addr,
2491 + access);
2492 +@@ -611,7 +611,7 @@ static void FNAME(pte_prefetch)(struct kvm_vcpu *vcpu, struct guest_walker *gw,
2493 + * If the guest tries to write a write-protected page, we need to
2494 + * emulate this operation, return 1 to indicate this case.
2495 + */
2496 +-static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
2497 ++static int FNAME(fetch)(struct kvm_vcpu *vcpu, gpa_t addr,
2498 + struct guest_walker *gw,
2499 + int write_fault, int hlevel,
2500 + kvm_pfn_t pfn, bool map_writable, bool prefault,
2501 +@@ -765,7 +765,7 @@ FNAME(is_self_change_mapping)(struct kvm_vcpu *vcpu,
2502 + * Returns: 1 if we need to emulate the instruction, 0 otherwise, or
2503 + * a negative value on error.
2504 + */
2505 +-static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
2506 ++static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gpa_t addr, u32 error_code,
2507 + bool prefault)
2508 + {
2509 + int write_fault = error_code & PFERR_WRITE_MASK;
2510 +@@ -945,18 +945,19 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva, hpa_t root_hpa)
2511 + spin_unlock(&vcpu->kvm->mmu_lock);
2512 + }
2513 +
2514 +-static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t vaddr, u32 access,
2515 ++/* Note, @addr is a GPA when gva_to_gpa() translates an L2 GPA to an L1 GPA. */
2516 ++static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gpa_t addr, u32 access,
2517 + struct x86_exception *exception)
2518 + {
2519 + struct guest_walker walker;
2520 + gpa_t gpa = UNMAPPED_GVA;
2521 + int r;
2522 +
2523 +- r = FNAME(walk_addr)(&walker, vcpu, vaddr, access);
2524 ++ r = FNAME(walk_addr)(&walker, vcpu, addr, access);
2525 +
2526 + if (r) {
2527 + gpa = gfn_to_gpa(walker.gfn);
2528 +- gpa |= vaddr & ~PAGE_MASK;
2529 ++ gpa |= addr & ~PAGE_MASK;
2530 + } else if (exception)
2531 + *exception = walker.fault;
2532 +
2533 +@@ -964,7 +965,8 @@ static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t vaddr, u32 access,
2534 + }
2535 +
2536 + #if PTTYPE != PTTYPE_EPT
2537 +-static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gva_t vaddr,
2538 ++/* Note, gva_to_gpa_nested() is only used to translate L2 GVAs. */
2539 ++static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gpa_t vaddr,
2540 + u32 access,
2541 + struct x86_exception *exception)
2542 + {
2543 +@@ -972,6 +974,11 @@ static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gva_t vaddr,
2544 + gpa_t gpa = UNMAPPED_GVA;
2545 + int r;
2546 +
2547 ++#ifndef CONFIG_X86_64
2548 ++ /* A 64-bit GVA should be impossible on 32-bit KVM. */
2549 ++ WARN_ON_ONCE(vaddr >> 32);
2550 ++#endif
2551 ++
2552 + r = FNAME(walk_addr_nested)(&walker, vcpu, vaddr, access);
2553 +
2554 + if (r) {
2555 +diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h
2556 +index 58265f761c3b..3fc98afd72a8 100644
2557 +--- a/arch/x86/kvm/pmu.h
2558 ++++ b/arch/x86/kvm/pmu.h
2559 +@@ -2,6 +2,8 @@
2560 + #ifndef __KVM_X86_PMU_H
2561 + #define __KVM_X86_PMU_H
2562 +
2563 ++#include <linux/nospec.h>
2564 ++
2565 + #define vcpu_to_pmu(vcpu) (&(vcpu)->arch.pmu)
2566 + #define pmu_to_vcpu(pmu) (container_of((pmu), struct kvm_vcpu, arch.pmu))
2567 + #define pmc_to_pmu(pmc) (&(pmc)->vcpu->arch.pmu)
2568 +@@ -86,8 +88,12 @@ static inline bool pmc_is_enabled(struct kvm_pmc *pmc)
2569 + static inline struct kvm_pmc *get_gp_pmc(struct kvm_pmu *pmu, u32 msr,
2570 + u32 base)
2571 + {
2572 +- if (msr >= base && msr < base + pmu->nr_arch_gp_counters)
2573 +- return &pmu->gp_counters[msr - base];
2574 ++ if (msr >= base && msr < base + pmu->nr_arch_gp_counters) {
2575 ++ u32 index = array_index_nospec(msr - base,
2576 ++ pmu->nr_arch_gp_counters);
2577 ++
2578 ++ return &pmu->gp_counters[index];
2579 ++ }
2580 +
2581 + return NULL;
2582 + }
2583 +@@ -97,8 +103,12 @@ static inline struct kvm_pmc *get_fixed_pmc(struct kvm_pmu *pmu, u32 msr)
2584 + {
2585 + int base = MSR_CORE_PERF_FIXED_CTR0;
2586 +
2587 +- if (msr >= base && msr < base + pmu->nr_arch_fixed_counters)
2588 +- return &pmu->fixed_counters[msr - base];
2589 ++ if (msr >= base && msr < base + pmu->nr_arch_fixed_counters) {
2590 ++ u32 index = array_index_nospec(msr - base,
2591 ++ pmu->nr_arch_fixed_counters);
2592 ++
2593 ++ return &pmu->fixed_counters[index];
2594 ++ }
2595 +
2596 + return NULL;
2597 + }
2598 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
2599 +index c5673bda4b66..8d1be7c61f10 100644
2600 +--- a/arch/x86/kvm/svm.c
2601 ++++ b/arch/x86/kvm/svm.c
2602 +@@ -5986,6 +5986,11 @@ static bool svm_has_wbinvd_exit(void)
2603 + return true;
2604 + }
2605 +
2606 ++static bool svm_pku_supported(void)
2607 ++{
2608 ++ return false;
2609 ++}
2610 ++
2611 + #define PRE_EX(exit) { .exit_code = (exit), \
2612 + .stage = X86_ICPT_PRE_EXCEPT, }
2613 + #define POST_EX(exit) { .exit_code = (exit), \
2614 +@@ -7278,6 +7283,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
2615 + .xsaves_supported = svm_xsaves_supported,
2616 + .umip_emulated = svm_umip_emulated,
2617 + .pt_supported = svm_pt_supported,
2618 ++ .pku_supported = svm_pku_supported,
2619 +
2620 + .set_supported_cpuid = svm_set_supported_cpuid,
2621 +
2622 +diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
2623 +index 7aa69716d516..283bdb7071af 100644
2624 +--- a/arch/x86/kvm/vmx/capabilities.h
2625 ++++ b/arch/x86/kvm/vmx/capabilities.h
2626 +@@ -145,6 +145,11 @@ static inline bool vmx_umip_emulated(void)
2627 + SECONDARY_EXEC_DESC;
2628 + }
2629 +
2630 ++static inline bool vmx_pku_supported(void)
2631 ++{
2632 ++ return boot_cpu_has(X86_FEATURE_PKU);
2633 ++}
2634 ++
2635 + static inline bool cpu_has_vmx_rdtscp(void)
2636 + {
2637 + return vmcs_config.cpu_based_2nd_exec_ctrl &
2638 +diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
2639 +index d0523741fb03..931d3b5f3acd 100644
2640 +--- a/arch/x86/kvm/vmx/nested.c
2641 ++++ b/arch/x86/kvm/vmx/nested.c
2642 +@@ -4663,8 +4663,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
2643 + vmx_instruction_info, true, len, &gva))
2644 + return 1;
2645 + /* _system ok, nested_vmx_check_permission has verified cpl=0 */
2646 +- if (kvm_write_guest_virt_system(vcpu, gva, &field_value, len, &e))
2647 ++ if (kvm_write_guest_virt_system(vcpu, gva, &field_value, len, &e)) {
2648 + kvm_inject_page_fault(vcpu, &e);
2649 ++ return 1;
2650 ++ }
2651 + }
2652 +
2653 + return nested_vmx_succeed(vcpu);
2654 +diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
2655 +index 3e9c059099e9..f8998a7bc7d5 100644
2656 +--- a/arch/x86/kvm/vmx/pmu_intel.c
2657 ++++ b/arch/x86/kvm/vmx/pmu_intel.c
2658 +@@ -84,10 +84,14 @@ static unsigned intel_find_arch_event(struct kvm_pmu *pmu,
2659 +
2660 + static unsigned intel_find_fixed_event(int idx)
2661 + {
2662 +- if (idx >= ARRAY_SIZE(fixed_pmc_events))
2663 ++ u32 event;
2664 ++ size_t size = ARRAY_SIZE(fixed_pmc_events);
2665 ++
2666 ++ if (idx >= size)
2667 + return PERF_COUNT_HW_MAX;
2668 +
2669 +- return intel_arch_events[fixed_pmc_events[idx]].event_type;
2670 ++ event = fixed_pmc_events[array_index_nospec(idx, size)];
2671 ++ return intel_arch_events[event].event_type;
2672 + }
2673 +
2674 + /* check if a PMC is enabled by comparing it with globl_ctrl bits. */
2675 +@@ -128,16 +132,20 @@ static struct kvm_pmc *intel_msr_idx_to_pmc(struct kvm_vcpu *vcpu,
2676 + struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
2677 + bool fixed = idx & (1u << 30);
2678 + struct kvm_pmc *counters;
2679 ++ unsigned int num_counters;
2680 +
2681 + idx &= ~(3u << 30);
2682 +- if (!fixed && idx >= pmu->nr_arch_gp_counters)
2683 +- return NULL;
2684 +- if (fixed && idx >= pmu->nr_arch_fixed_counters)
2685 ++ if (fixed) {
2686 ++ counters = pmu->fixed_counters;
2687 ++ num_counters = pmu->nr_arch_fixed_counters;
2688 ++ } else {
2689 ++ counters = pmu->gp_counters;
2690 ++ num_counters = pmu->nr_arch_gp_counters;
2691 ++ }
2692 ++ if (idx >= num_counters)
2693 + return NULL;
2694 +- counters = fixed ? pmu->fixed_counters : pmu->gp_counters;
2695 + *mask &= pmu->counter_bitmask[fixed ? KVM_PMC_FIXED : KVM_PMC_GP];
2696 +-
2697 +- return &counters[idx];
2698 ++ return &counters[array_index_nospec(idx, num_counters)];
2699 + }
2700 +
2701 + static bool intel_is_valid_msr(struct kvm_vcpu *vcpu, u32 msr)
2702 +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
2703 +index f09a213fd5cb..dc7c166c4335 100644
2704 +--- a/arch/x86/kvm/vmx/vmx.c
2705 ++++ b/arch/x86/kvm/vmx/vmx.c
2706 +@@ -2140,6 +2140,8 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2707 + (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps,
2708 + PT_CAP_num_address_ranges)))
2709 + return 1;
2710 ++ if (is_noncanonical_address(data, vcpu))
2711 ++ return 1;
2712 + if (index % 2)
2713 + vmx->pt_desc.guest.addr_b[index / 2] = data;
2714 + else
2715 +@@ -7865,6 +7867,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
2716 + .xsaves_supported = vmx_xsaves_supported,
2717 + .umip_emulated = vmx_umip_emulated,
2718 + .pt_supported = vmx_pt_supported,
2719 ++ .pku_supported = vmx_pku_supported,
2720 +
2721 + .request_immediate_exit = vmx_request_immediate_exit,
2722 +
2723 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
2724 +index 8d82ec0482fc..edde5ee8c6f5 100644
2725 +--- a/arch/x86/kvm/x86.c
2726 ++++ b/arch/x86/kvm/x86.c
2727 +@@ -92,6 +92,8 @@ u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
2728 + static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
2729 + #endif
2730 +
2731 ++static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS;
2732 ++
2733 + #define VM_STAT(x, ...) offsetof(struct kvm, stat.x), KVM_STAT_VM, ## __VA_ARGS__
2734 + #define VCPU_STAT(x, ...) offsetof(struct kvm_vcpu, stat.x), KVM_STAT_VCPU, ## __VA_ARGS__
2735 +
2736 +@@ -886,9 +888,38 @@ int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
2737 + }
2738 + EXPORT_SYMBOL_GPL(kvm_set_xcr);
2739 +
2740 ++static u64 kvm_host_cr4_reserved_bits(struct cpuinfo_x86 *c)
2741 ++{
2742 ++ u64 reserved_bits = CR4_RESERVED_BITS;
2743 ++
2744 ++ if (!cpu_has(c, X86_FEATURE_XSAVE))
2745 ++ reserved_bits |= X86_CR4_OSXSAVE;
2746 ++
2747 ++ if (!cpu_has(c, X86_FEATURE_SMEP))
2748 ++ reserved_bits |= X86_CR4_SMEP;
2749 ++
2750 ++ if (!cpu_has(c, X86_FEATURE_SMAP))
2751 ++ reserved_bits |= X86_CR4_SMAP;
2752 ++
2753 ++ if (!cpu_has(c, X86_FEATURE_FSGSBASE))
2754 ++ reserved_bits |= X86_CR4_FSGSBASE;
2755 ++
2756 ++ if (!cpu_has(c, X86_FEATURE_PKU))
2757 ++ reserved_bits |= X86_CR4_PKE;
2758 ++
2759 ++ if (!cpu_has(c, X86_FEATURE_LA57) &&
2760 ++ !(cpuid_ecx(0x7) & bit(X86_FEATURE_LA57)))
2761 ++ reserved_bits |= X86_CR4_LA57;
2762 ++
2763 ++ if (!cpu_has(c, X86_FEATURE_UMIP) && !kvm_x86_ops->umip_emulated())
2764 ++ reserved_bits |= X86_CR4_UMIP;
2765 ++
2766 ++ return reserved_bits;
2767 ++}
2768 ++
2769 + static int kvm_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
2770 + {
2771 +- if (cr4 & CR4_RESERVED_BITS)
2772 ++ if (cr4 & cr4_reserved_bits)
2773 + return -EINVAL;
2774 +
2775 + if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && (cr4 & X86_CR4_OSXSAVE))
2776 +@@ -1054,9 +1085,11 @@ static u64 kvm_dr6_fixed(struct kvm_vcpu *vcpu)
2777 +
2778 + static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
2779 + {
2780 ++ size_t size = ARRAY_SIZE(vcpu->arch.db);
2781 ++
2782 + switch (dr) {
2783 + case 0 ... 3:
2784 +- vcpu->arch.db[dr] = val;
2785 ++ vcpu->arch.db[array_index_nospec(dr, size)] = val;
2786 + if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP))
2787 + vcpu->arch.eff_db[dr] = val;
2788 + break;
2789 +@@ -1093,9 +1126,11 @@ EXPORT_SYMBOL_GPL(kvm_set_dr);
2790 +
2791 + int kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
2792 + {
2793 ++ size_t size = ARRAY_SIZE(vcpu->arch.db);
2794 ++
2795 + switch (dr) {
2796 + case 0 ... 3:
2797 +- *val = vcpu->arch.db[dr];
2798 ++ *val = vcpu->arch.db[array_index_nospec(dr, size)];
2799 + break;
2800 + case 4:
2801 + /* fall through */
2802 +@@ -2490,7 +2525,10 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2803 + default:
2804 + if (msr >= MSR_IA32_MC0_CTL &&
2805 + msr < MSR_IA32_MCx_CTL(bank_num)) {
2806 +- u32 offset = msr - MSR_IA32_MC0_CTL;
2807 ++ u32 offset = array_index_nospec(
2808 ++ msr - MSR_IA32_MC0_CTL,
2809 ++ MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL);
2810 ++
2811 + /* only 0 or all 1s can be written to IA32_MCi_CTL
2812 + * some Linux kernels though clear bit 10 in bank 4 to
2813 + * workaround a BIOS/GART TBL issue on AMD K8s, ignore
2814 +@@ -2586,45 +2624,47 @@ static void kvm_vcpu_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa)
2815 +
2816 + static void record_steal_time(struct kvm_vcpu *vcpu)
2817 + {
2818 ++ struct kvm_host_map map;
2819 ++ struct kvm_steal_time *st;
2820 ++
2821 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
2822 + return;
2823 +
2824 +- if (unlikely(kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
2825 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time))))
2826 ++ /* -EAGAIN is returned in atomic context so we can just return. */
2827 ++ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT,
2828 ++ &map, &vcpu->arch.st.cache, false))
2829 + return;
2830 +
2831 ++ st = map.hva +
2832 ++ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
2833 ++
2834 + /*
2835 + * Doing a TLB flush here, on the guest's behalf, can avoid
2836 + * expensive IPIs.
2837 + */
2838 + trace_kvm_pv_tlb_flush(vcpu->vcpu_id,
2839 +- vcpu->arch.st.steal.preempted & KVM_VCPU_FLUSH_TLB);
2840 +- if (xchg(&vcpu->arch.st.steal.preempted, 0) & KVM_VCPU_FLUSH_TLB)
2841 ++ st->preempted & KVM_VCPU_FLUSH_TLB);
2842 ++ if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB)
2843 + kvm_vcpu_flush_tlb(vcpu, false);
2844 +
2845 +- if (vcpu->arch.st.steal.version & 1)
2846 +- vcpu->arch.st.steal.version += 1; /* first time write, random junk */
2847 ++ vcpu->arch.st.preempted = 0;
2848 +
2849 +- vcpu->arch.st.steal.version += 1;
2850 ++ if (st->version & 1)
2851 ++ st->version += 1; /* first time write, random junk */
2852 +
2853 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
2854 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
2855 ++ st->version += 1;
2856 +
2857 + smp_wmb();
2858 +
2859 +- vcpu->arch.st.steal.steal += current->sched_info.run_delay -
2860 ++ st->steal += current->sched_info.run_delay -
2861 + vcpu->arch.st.last_steal;
2862 + vcpu->arch.st.last_steal = current->sched_info.run_delay;
2863 +
2864 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
2865 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
2866 +-
2867 + smp_wmb();
2868 +
2869 +- vcpu->arch.st.steal.version += 1;
2870 ++ st->version += 1;
2871 +
2872 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
2873 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
2874 ++ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, false);
2875 + }
2876 +
2877 + int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2878 +@@ -2777,11 +2817,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2879 + if (data & KVM_STEAL_RESERVED_MASK)
2880 + return 1;
2881 +
2882 +- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
2883 +- data & KVM_STEAL_VALID_BITS,
2884 +- sizeof(struct kvm_steal_time)))
2885 +- return 1;
2886 +-
2887 + vcpu->arch.st.msr_val = data;
2888 +
2889 + if (!(data & KVM_MSR_ENABLED))
2890 +@@ -2917,7 +2952,10 @@ static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host)
2891 + default:
2892 + if (msr >= MSR_IA32_MC0_CTL &&
2893 + msr < MSR_IA32_MCx_CTL(bank_num)) {
2894 +- u32 offset = msr - MSR_IA32_MC0_CTL;
2895 ++ u32 offset = array_index_nospec(
2896 ++ msr - MSR_IA32_MC0_CTL,
2897 ++ MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL);
2898 ++
2899 + data = vcpu->arch.mce_banks[offset];
2900 + break;
2901 + }
2902 +@@ -3443,10 +3481,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
2903 +
2904 + kvm_x86_ops->vcpu_load(vcpu, cpu);
2905 +
2906 +- fpregs_assert_state_consistent();
2907 +- if (test_thread_flag(TIF_NEED_FPU_LOAD))
2908 +- switch_fpu_return();
2909 +-
2910 + /* Apply any externally detected TSC adjustments (due to suspend) */
2911 + if (unlikely(vcpu->arch.tsc_offset_adjustment)) {
2912 + adjust_tsc_offset_host(vcpu, vcpu->arch.tsc_offset_adjustment);
2913 +@@ -3486,15 +3520,25 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
2914 +
2915 + static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
2916 + {
2917 ++ struct kvm_host_map map;
2918 ++ struct kvm_steal_time *st;
2919 ++
2920 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
2921 + return;
2922 +
2923 +- vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED;
2924 ++ if (vcpu->arch.st.preempted)
2925 ++ return;
2926 ++
2927 ++ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map,
2928 ++ &vcpu->arch.st.cache, true))
2929 ++ return;
2930 +
2931 +- kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime,
2932 +- &vcpu->arch.st.steal.preempted,
2933 +- offsetof(struct kvm_steal_time, preempted),
2934 +- sizeof(vcpu->arch.st.steal.preempted));
2935 ++ st = map.hva +
2936 ++ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
2937 ++
2938 ++ st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED;
2939 ++
2940 ++ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true);
2941 + }
2942 +
2943 + void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
2944 +@@ -6365,11 +6409,11 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu, int emulation_type)
2945 + return 1;
2946 + }
2947 +
2948 +-static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
2949 ++static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
2950 + bool write_fault_to_shadow_pgtable,
2951 + int emulation_type)
2952 + {
2953 +- gpa_t gpa = cr2;
2954 ++ gpa_t gpa = cr2_or_gpa;
2955 + kvm_pfn_t pfn;
2956 +
2957 + if (!(emulation_type & EMULTYPE_ALLOW_RETRY))
2958 +@@ -6383,7 +6427,7 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
2959 + * Write permission should be allowed since only
2960 + * write access need to be emulated.
2961 + */
2962 +- gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL);
2963 ++ gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
2964 +
2965 + /*
2966 + * If the mapping is invalid in guest, let cpu retry
2967 +@@ -6440,10 +6484,10 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
2968 + }
2969 +
2970 + static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
2971 +- unsigned long cr2, int emulation_type)
2972 ++ gpa_t cr2_or_gpa, int emulation_type)
2973 + {
2974 + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
2975 +- unsigned long last_retry_eip, last_retry_addr, gpa = cr2;
2976 ++ unsigned long last_retry_eip, last_retry_addr, gpa = cr2_or_gpa;
2977 +
2978 + last_retry_eip = vcpu->arch.last_retry_eip;
2979 + last_retry_addr = vcpu->arch.last_retry_addr;
2980 +@@ -6472,14 +6516,14 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
2981 + if (x86_page_table_writing_insn(ctxt))
2982 + return false;
2983 +
2984 +- if (ctxt->eip == last_retry_eip && last_retry_addr == cr2)
2985 ++ if (ctxt->eip == last_retry_eip && last_retry_addr == cr2_or_gpa)
2986 + return false;
2987 +
2988 + vcpu->arch.last_retry_eip = ctxt->eip;
2989 +- vcpu->arch.last_retry_addr = cr2;
2990 ++ vcpu->arch.last_retry_addr = cr2_or_gpa;
2991 +
2992 + if (!vcpu->arch.mmu->direct_map)
2993 +- gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL);
2994 ++ gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
2995 +
2996 + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
2997 +
2998 +@@ -6625,11 +6669,8 @@ static bool is_vmware_backdoor_opcode(struct x86_emulate_ctxt *ctxt)
2999 + return false;
3000 + }
3001 +
3002 +-int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3003 +- unsigned long cr2,
3004 +- int emulation_type,
3005 +- void *insn,
3006 +- int insn_len)
3007 ++int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
3008 ++ int emulation_type, void *insn, int insn_len)
3009 + {
3010 + int r;
3011 + struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
3012 +@@ -6675,8 +6716,9 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3013 + kvm_queue_exception(vcpu, UD_VECTOR);
3014 + return 1;
3015 + }
3016 +- if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
3017 +- emulation_type))
3018 ++ if (reexecute_instruction(vcpu, cr2_or_gpa,
3019 ++ write_fault_to_spt,
3020 ++ emulation_type))
3021 + return 1;
3022 + if (ctxt->have_exception) {
3023 + /*
3024 +@@ -6710,7 +6752,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3025 + return 1;
3026 + }
3027 +
3028 +- if (retry_instruction(ctxt, cr2, emulation_type))
3029 ++ if (retry_instruction(ctxt, cr2_or_gpa, emulation_type))
3030 + return 1;
3031 +
3032 + /* this is needed for vmware backdoor interface to work since it
3033 +@@ -6722,7 +6764,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3034 +
3035 + restart:
3036 + /* Save the faulting GPA (cr2) in the address field */
3037 +- ctxt->exception.address = cr2;
3038 ++ ctxt->exception.address = cr2_or_gpa;
3039 +
3040 + r = x86_emulate_insn(ctxt);
3041 +
3042 +@@ -6730,7 +6772,7 @@ restart:
3043 + return 1;
3044 +
3045 + if (r == EMULATION_FAILED) {
3046 +- if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
3047 ++ if (reexecute_instruction(vcpu, cr2_or_gpa, write_fault_to_spt,
3048 + emulation_type))
3049 + return 1;
3050 +
3051 +@@ -8172,8 +8214,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
3052 + trace_kvm_entry(vcpu->vcpu_id);
3053 + guest_enter_irqoff();
3054 +
3055 +- /* The preempt notifier should have taken care of the FPU already. */
3056 +- WARN_ON_ONCE(test_thread_flag(TIF_NEED_FPU_LOAD));
3057 ++ fpregs_assert_state_consistent();
3058 ++ if (test_thread_flag(TIF_NEED_FPU_LOAD))
3059 ++ switch_fpu_return();
3060 +
3061 + if (unlikely(vcpu->arch.switch_db_regs)) {
3062 + set_debugreg(0, 7);
3063 +@@ -8445,12 +8488,26 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
3064 + return 0;
3065 + }
3066 +
3067 ++static void kvm_save_current_fpu(struct fpu *fpu)
3068 ++{
3069 ++ /*
3070 ++ * If the target FPU state is not resident in the CPU registers, just
3071 ++ * memcpy() from current, else save CPU state directly to the target.
3072 ++ */
3073 ++ if (test_thread_flag(TIF_NEED_FPU_LOAD))
3074 ++ memcpy(&fpu->state, &current->thread.fpu.state,
3075 ++ fpu_kernel_xstate_size);
3076 ++ else
3077 ++ copy_fpregs_to_fpstate(fpu);
3078 ++}
3079 ++
3080 + /* Swap (qemu) user FPU context for the guest FPU context. */
3081 + static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
3082 + {
3083 + fpregs_lock();
3084 +
3085 +- copy_fpregs_to_fpstate(vcpu->arch.user_fpu);
3086 ++ kvm_save_current_fpu(vcpu->arch.user_fpu);
3087 ++
3088 + /* PKRU is separately restored in kvm_x86_ops->run. */
3089 + __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state,
3090 + ~XFEATURE_MASK_PKRU);
3091 +@@ -8466,7 +8523,8 @@ static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu)
3092 + {
3093 + fpregs_lock();
3094 +
3095 +- copy_fpregs_to_fpstate(vcpu->arch.guest_fpu);
3096 ++ kvm_save_current_fpu(vcpu->arch.guest_fpu);
3097 ++
3098 + copy_kernel_to_fpregs(&vcpu->arch.user_fpu->state);
3099 +
3100 + fpregs_mark_activate();
3101 +@@ -8688,6 +8746,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
3102 + struct kvm_mp_state *mp_state)
3103 + {
3104 + vcpu_load(vcpu);
3105 ++ if (kvm_mpx_supported())
3106 ++ kvm_load_guest_fpu(vcpu);
3107 +
3108 + kvm_apic_accept_events(vcpu);
3109 + if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED &&
3110 +@@ -8696,6 +8756,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
3111 + else
3112 + mp_state->mp_state = vcpu->arch.mp_state;
3113 +
3114 ++ if (kvm_mpx_supported())
3115 ++ kvm_put_guest_fpu(vcpu);
3116 + vcpu_put(vcpu);
3117 + return 0;
3118 + }
3119 +@@ -9055,6 +9117,9 @@ static void fx_init(struct kvm_vcpu *vcpu)
3120 + void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
3121 + {
3122 + void *wbinvd_dirty_mask = vcpu->arch.wbinvd_dirty_mask;
3123 ++ struct gfn_to_pfn_cache *cache = &vcpu->arch.st.cache;
3124 ++
3125 ++ kvm_release_pfn(cache->pfn, cache->dirty, cache);
3126 +
3127 + kvmclock_reset(vcpu);
3128 +
3129 +@@ -9125,7 +9190,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
3130 + kvm_mmu_unload(vcpu);
3131 + vcpu_put(vcpu);
3132 +
3133 +- kvm_x86_ops->vcpu_free(vcpu);
3134 ++ kvm_arch_vcpu_free(vcpu);
3135 + }
3136 +
3137 + void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
3138 +@@ -9317,6 +9382,8 @@ int kvm_arch_hardware_setup(void)
3139 + if (r != 0)
3140 + return r;
3141 +
3142 ++ cr4_reserved_bits = kvm_host_cr4_reserved_bits(&boot_cpu_data);
3143 ++
3144 + if (kvm_has_tsc_control) {
3145 + /*
3146 + * Make sure the user can only configure tsc_khz values that
3147 +@@ -9719,11 +9786,18 @@ out_free:
3148 +
3149 + void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen)
3150 + {
3151 ++ struct kvm_vcpu *vcpu;
3152 ++ int i;
3153 ++
3154 + /*
3155 + * memslots->generation has been incremented.
3156 + * mmio generation may have reached its maximum value.
3157 + */
3158 + kvm_mmu_invalidate_mmio_sptes(kvm, gen);
3159 ++
3160 ++ /* Force re-initialization of steal_time cache */
3161 ++ kvm_for_each_vcpu(i, vcpu, kvm)
3162 ++ kvm_vcpu_kick(vcpu);
3163 + }
3164 +
3165 + int kvm_arch_prepare_memory_region(struct kvm *kvm,
3166 +@@ -9975,7 +10049,7 @@ void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
3167 + work->arch.cr3 != vcpu->arch.mmu->get_cr3(vcpu))
3168 + return;
3169 +
3170 +- vcpu->arch.mmu->page_fault(vcpu, work->gva, 0, true);
3171 ++ vcpu->arch.mmu->page_fault(vcpu, work->cr2_or_gpa, 0, true);
3172 + }
3173 +
3174 + static inline u32 kvm_async_pf_hash_fn(gfn_t gfn)
3175 +@@ -10088,7 +10162,7 @@ void kvm_arch_async_page_not_present(struct kvm_vcpu *vcpu,
3176 + {
3177 + struct x86_exception fault;
3178 +
3179 +- trace_kvm_async_pf_not_present(work->arch.token, work->gva);
3180 ++ trace_kvm_async_pf_not_present(work->arch.token, work->cr2_or_gpa);
3181 + kvm_add_async_pf_gfn(vcpu, work->arch.gfn);
3182 +
3183 + if (kvm_can_deliver_async_pf(vcpu) &&
3184 +@@ -10123,7 +10197,7 @@ void kvm_arch_async_page_present(struct kvm_vcpu *vcpu,
3185 + work->arch.token = ~0; /* broadcast wakeup */
3186 + else
3187 + kvm_del_async_pf_gfn(vcpu, work->arch.gfn);
3188 +- trace_kvm_async_pf_ready(work->arch.token, work->gva);
3189 ++ trace_kvm_async_pf_ready(work->arch.token, work->cr2_or_gpa);
3190 +
3191 + if (vcpu->arch.apf.msr_val & KVM_ASYNC_PF_ENABLED &&
3192 + !apf_get_user(vcpu, &val)) {
3193 +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
3194 +index dbf7442a822b..de6b55484876 100644
3195 +--- a/arch/x86/kvm/x86.h
3196 ++++ b/arch/x86/kvm/x86.h
3197 +@@ -286,7 +286,7 @@ int kvm_mtrr_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
3198 + bool kvm_mtrr_check_gfn_range_consistency(struct kvm_vcpu *vcpu, gfn_t gfn,
3199 + int page_num);
3200 + bool kvm_vector_hashing_enabled(void);
3201 +-int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
3202 ++int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
3203 + int emulation_type, void *insn, int insn_len);
3204 +
3205 + #define KVM_SUPPORTED_XCR0 (XFEATURE_MASK_FP | XFEATURE_MASK_SSE \
3206 +diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
3207 +index 5bfea374a160..6ea215cdeada 100644
3208 +--- a/arch/x86/xen/enlighten_pv.c
3209 ++++ b/arch/x86/xen/enlighten_pv.c
3210 +@@ -1215,6 +1215,7 @@ asmlinkage __visible void __init xen_start_kernel(void)
3211 + x86_platform.get_nmi_reason = xen_get_nmi_reason;
3212 +
3213 + x86_init.resources.memory_setup = xen_memory_setup;
3214 ++ x86_init.irqs.intr_mode_select = x86_init_noop;
3215 + x86_init.irqs.intr_mode_init = x86_init_noop;
3216 + x86_init.oem.arch_setup = xen_arch_setup;
3217 + x86_init.oem.banner = xen_banner;
3218 +diff --git a/crypto/algapi.c b/crypto/algapi.c
3219 +index de30ddc952d8..bb8329e49956 100644
3220 +--- a/crypto/algapi.c
3221 ++++ b/crypto/algapi.c
3222 +@@ -257,6 +257,7 @@ void crypto_alg_tested(const char *name, int err)
3223 + struct crypto_alg *alg;
3224 + struct crypto_alg *q;
3225 + LIST_HEAD(list);
3226 ++ bool best;
3227 +
3228 + down_write(&crypto_alg_sem);
3229 + list_for_each_entry(q, &crypto_alg_list, cra_list) {
3230 +@@ -280,6 +281,21 @@ found:
3231 +
3232 + alg->cra_flags |= CRYPTO_ALG_TESTED;
3233 +
3234 ++ /* Only satisfy larval waiters if we are the best. */
3235 ++ best = true;
3236 ++ list_for_each_entry(q, &crypto_alg_list, cra_list) {
3237 ++ if (crypto_is_moribund(q) || !crypto_is_larval(q))
3238 ++ continue;
3239 ++
3240 ++ if (strcmp(alg->cra_name, q->cra_name))
3241 ++ continue;
3242 ++
3243 ++ if (q->cra_priority > alg->cra_priority) {
3244 ++ best = false;
3245 ++ break;
3246 ++ }
3247 ++ }
3248 ++
3249 + list_for_each_entry(q, &crypto_alg_list, cra_list) {
3250 + if (q == alg)
3251 + continue;
3252 +@@ -303,10 +319,12 @@ found:
3253 + continue;
3254 + if ((q->cra_flags ^ alg->cra_flags) & larval->mask)
3255 + continue;
3256 +- if (!crypto_mod_get(alg))
3257 +- continue;
3258 +
3259 +- larval->adult = alg;
3260 ++ if (best && crypto_mod_get(alg))
3261 ++ larval->adult = alg;
3262 ++ else
3263 ++ larval->adult = ERR_PTR(-EAGAIN);
3264 ++
3265 + continue;
3266 + }
3267 +
3268 +@@ -669,11 +687,9 @@ EXPORT_SYMBOL_GPL(crypto_grab_spawn);
3269 +
3270 + void crypto_drop_spawn(struct crypto_spawn *spawn)
3271 + {
3272 +- if (!spawn->alg)
3273 +- return;
3274 +-
3275 + down_write(&crypto_alg_sem);
3276 +- list_del(&spawn->list);
3277 ++ if (spawn->alg)
3278 ++ list_del(&spawn->list);
3279 + up_write(&crypto_alg_sem);
3280 + }
3281 + EXPORT_SYMBOL_GPL(crypto_drop_spawn);
3282 +@@ -681,22 +697,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn);
3283 + static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
3284 + {
3285 + struct crypto_alg *alg;
3286 +- struct crypto_alg *alg2;
3287 +
3288 + down_read(&crypto_alg_sem);
3289 + alg = spawn->alg;
3290 +- alg2 = alg;
3291 +- if (alg2)
3292 +- alg2 = crypto_mod_get(alg2);
3293 +- up_read(&crypto_alg_sem);
3294 +-
3295 +- if (!alg2) {
3296 +- if (alg)
3297 +- crypto_shoot_alg(alg);
3298 +- return ERR_PTR(-EAGAIN);
3299 ++ if (alg && !crypto_mod_get(alg)) {
3300 ++ alg->cra_flags |= CRYPTO_ALG_DYING;
3301 ++ alg = NULL;
3302 + }
3303 ++ up_read(&crypto_alg_sem);
3304 +
3305 +- return alg;
3306 ++ return alg ?: ERR_PTR(-EAGAIN);
3307 + }
3308 +
3309 + struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
3310 +diff --git a/crypto/api.c b/crypto/api.c
3311 +index d8ba54142620..eda0c56b8615 100644
3312 +--- a/crypto/api.c
3313 ++++ b/crypto/api.c
3314 +@@ -97,7 +97,7 @@ static void crypto_larval_destroy(struct crypto_alg *alg)
3315 + struct crypto_larval *larval = (void *)alg;
3316 +
3317 + BUG_ON(!crypto_is_larval(alg));
3318 +- if (larval->adult)
3319 ++ if (!IS_ERR_OR_NULL(larval->adult))
3320 + crypto_mod_put(larval->adult);
3321 + kfree(larval);
3322 + }
3323 +@@ -178,6 +178,8 @@ static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg)
3324 + alg = ERR_PTR(-ETIMEDOUT);
3325 + else if (!alg)
3326 + alg = ERR_PTR(-ENOENT);
3327 ++ else if (IS_ERR(alg))
3328 ++ ;
3329 + else if (crypto_is_test_larval(larval) &&
3330 + !(alg->cra_flags & CRYPTO_ALG_TESTED))
3331 + alg = ERR_PTR(-EAGAIN);
3332 +@@ -344,13 +346,12 @@ static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask)
3333 + return len;
3334 + }
3335 +
3336 +-void crypto_shoot_alg(struct crypto_alg *alg)
3337 ++static void crypto_shoot_alg(struct crypto_alg *alg)
3338 + {
3339 + down_write(&crypto_alg_sem);
3340 + alg->cra_flags |= CRYPTO_ALG_DYING;
3341 + up_write(&crypto_alg_sem);
3342 + }
3343 +-EXPORT_SYMBOL_GPL(crypto_shoot_alg);
3344 +
3345 + struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
3346 + u32 mask)
3347 +diff --git a/crypto/internal.h b/crypto/internal.h
3348 +index 93df7bec844a..e506a57e2243 100644
3349 +--- a/crypto/internal.h
3350 ++++ b/crypto/internal.h
3351 +@@ -68,7 +68,6 @@ void crypto_alg_tested(const char *name, int err);
3352 + void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
3353 + struct crypto_alg *nalg);
3354 + void crypto_remove_final(struct list_head *list);
3355 +-void crypto_shoot_alg(struct crypto_alg *alg);
3356 + struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
3357 + u32 mask);
3358 + void *crypto_create_tfm(struct crypto_alg *alg,
3359 +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
3360 +index 81bbea7f2ba6..a4f3b3f342c8 100644
3361 +--- a/crypto/pcrypt.c
3362 ++++ b/crypto/pcrypt.c
3363 +@@ -24,6 +24,8 @@ static struct kset *pcrypt_kset;
3364 +
3365 + struct pcrypt_instance_ctx {
3366 + struct crypto_aead_spawn spawn;
3367 ++ struct padata_shell *psenc;
3368 ++ struct padata_shell *psdec;
3369 + atomic_t tfm_count;
3370 + };
3371 +
3372 +@@ -32,6 +34,12 @@ struct pcrypt_aead_ctx {
3373 + unsigned int cb_cpu;
3374 + };
3375 +
3376 ++static inline struct pcrypt_instance_ctx *pcrypt_tfm_ictx(
3377 ++ struct crypto_aead *tfm)
3378 ++{
3379 ++ return aead_instance_ctx(aead_alg_instance(tfm));
3380 ++}
3381 ++
3382 + static int pcrypt_aead_setkey(struct crypto_aead *parent,
3383 + const u8 *key, unsigned int keylen)
3384 + {
3385 +@@ -63,7 +71,6 @@ static void pcrypt_aead_done(struct crypto_async_request *areq, int err)
3386 + struct padata_priv *padata = pcrypt_request_padata(preq);
3387 +
3388 + padata->info = err;
3389 +- req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
3390 +
3391 + padata_do_serial(padata);
3392 + }
3393 +@@ -90,6 +97,9 @@ static int pcrypt_aead_encrypt(struct aead_request *req)
3394 + struct crypto_aead *aead = crypto_aead_reqtfm(req);
3395 + struct pcrypt_aead_ctx *ctx = crypto_aead_ctx(aead);
3396 + u32 flags = aead_request_flags(req);
3397 ++ struct pcrypt_instance_ctx *ictx;
3398 ++
3399 ++ ictx = pcrypt_tfm_ictx(aead);
3400 +
3401 + memset(padata, 0, sizeof(struct padata_priv));
3402 +
3403 +@@ -103,7 +113,7 @@ static int pcrypt_aead_encrypt(struct aead_request *req)
3404 + req->cryptlen, req->iv);
3405 + aead_request_set_ad(creq, req->assoclen);
3406 +
3407 +- err = padata_do_parallel(pencrypt, padata, &ctx->cb_cpu);
3408 ++ err = padata_do_parallel(ictx->psenc, padata, &ctx->cb_cpu);
3409 + if (!err)
3410 + return -EINPROGRESS;
3411 +
3412 +@@ -132,6 +142,9 @@ static int pcrypt_aead_decrypt(struct aead_request *req)
3413 + struct crypto_aead *aead = crypto_aead_reqtfm(req);
3414 + struct pcrypt_aead_ctx *ctx = crypto_aead_ctx(aead);
3415 + u32 flags = aead_request_flags(req);
3416 ++ struct pcrypt_instance_ctx *ictx;
3417 ++
3418 ++ ictx = pcrypt_tfm_ictx(aead);
3419 +
3420 + memset(padata, 0, sizeof(struct padata_priv));
3421 +
3422 +@@ -145,7 +158,7 @@ static int pcrypt_aead_decrypt(struct aead_request *req)
3423 + req->cryptlen, req->iv);
3424 + aead_request_set_ad(creq, req->assoclen);
3425 +
3426 +- err = padata_do_parallel(pdecrypt, padata, &ctx->cb_cpu);
3427 ++ err = padata_do_parallel(ictx->psdec, padata, &ctx->cb_cpu);
3428 + if (!err)
3429 + return -EINPROGRESS;
3430 +
3431 +@@ -192,6 +205,8 @@ static void pcrypt_free(struct aead_instance *inst)
3432 + struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst);
3433 +
3434 + crypto_drop_aead(&ctx->spawn);
3435 ++ padata_free_shell(ctx->psdec);
3436 ++ padata_free_shell(ctx->psenc);
3437 + kfree(inst);
3438 + }
3439 +
3440 +@@ -233,12 +248,22 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb,
3441 + if (!inst)
3442 + return -ENOMEM;
3443 +
3444 ++ err = -ENOMEM;
3445 ++
3446 + ctx = aead_instance_ctx(inst);
3447 ++ ctx->psenc = padata_alloc_shell(pencrypt);
3448 ++ if (!ctx->psenc)
3449 ++ goto out_free_inst;
3450 ++
3451 ++ ctx->psdec = padata_alloc_shell(pdecrypt);
3452 ++ if (!ctx->psdec)
3453 ++ goto out_free_psenc;
3454 ++
3455 + crypto_set_aead_spawn(&ctx->spawn, aead_crypto_instance(inst));
3456 +
3457 + err = crypto_grab_aead(&ctx->spawn, name, 0, 0);
3458 + if (err)
3459 +- goto out_free_inst;
3460 ++ goto out_free_psdec;
3461 +
3462 + alg = crypto_spawn_aead_alg(&ctx->spawn);
3463 + err = pcrypt_init_instance(aead_crypto_instance(inst), &alg->base);
3464 +@@ -271,6 +296,10 @@ out:
3465 +
3466 + out_drop_aead:
3467 + crypto_drop_aead(&ctx->spawn);
3468 ++out_free_psdec:
3469 ++ padata_free_shell(ctx->psdec);
3470 ++out_free_psenc:
3471 ++ padata_free_shell(ctx->psenc);
3472 + out_free_inst:
3473 + kfree(inst);
3474 + goto out;
3475 +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
3476 +index 558fedf8a7a1..254a7d98b9d4 100644
3477 +--- a/drivers/acpi/battery.c
3478 ++++ b/drivers/acpi/battery.c
3479 +@@ -38,6 +38,8 @@
3480 + #define PREFIX "ACPI: "
3481 +
3482 + #define ACPI_BATTERY_VALUE_UNKNOWN 0xFFFFFFFF
3483 ++#define ACPI_BATTERY_CAPACITY_VALID(capacity) \
3484 ++ ((capacity) != 0 && (capacity) != ACPI_BATTERY_VALUE_UNKNOWN)
3485 +
3486 + #define ACPI_BATTERY_DEVICE_NAME "Battery"
3487 +
3488 +@@ -192,7 +194,8 @@ static int acpi_battery_is_charged(struct acpi_battery *battery)
3489 +
3490 + static bool acpi_battery_is_degraded(struct acpi_battery *battery)
3491 + {
3492 +- return battery->full_charge_capacity && battery->design_capacity &&
3493 ++ return ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) &&
3494 ++ ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity) &&
3495 + battery->full_charge_capacity < battery->design_capacity;
3496 + }
3497 +
3498 +@@ -214,7 +217,7 @@ static int acpi_battery_get_property(struct power_supply *psy,
3499 + enum power_supply_property psp,
3500 + union power_supply_propval *val)
3501 + {
3502 +- int ret = 0;
3503 ++ int full_capacity = ACPI_BATTERY_VALUE_UNKNOWN, ret = 0;
3504 + struct acpi_battery *battery = to_acpi_battery(psy);
3505 +
3506 + if (acpi_battery_present(battery)) {
3507 +@@ -263,14 +266,14 @@ static int acpi_battery_get_property(struct power_supply *psy,
3508 + break;
3509 + case POWER_SUPPLY_PROP_CHARGE_FULL_DESIGN:
3510 + case POWER_SUPPLY_PROP_ENERGY_FULL_DESIGN:
3511 +- if (battery->design_capacity == ACPI_BATTERY_VALUE_UNKNOWN)
3512 ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity))
3513 + ret = -ENODEV;
3514 + else
3515 + val->intval = battery->design_capacity * 1000;
3516 + break;
3517 + case POWER_SUPPLY_PROP_CHARGE_FULL:
3518 + case POWER_SUPPLY_PROP_ENERGY_FULL:
3519 +- if (battery->full_charge_capacity == ACPI_BATTERY_VALUE_UNKNOWN)
3520 ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity))
3521 + ret = -ENODEV;
3522 + else
3523 + val->intval = battery->full_charge_capacity * 1000;
3524 +@@ -283,11 +286,17 @@ static int acpi_battery_get_property(struct power_supply *psy,
3525 + val->intval = battery->capacity_now * 1000;
3526 + break;
3527 + case POWER_SUPPLY_PROP_CAPACITY:
3528 +- if (battery->capacity_now && battery->full_charge_capacity)
3529 +- val->intval = battery->capacity_now * 100/
3530 +- battery->full_charge_capacity;
3531 ++ if (ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity))
3532 ++ full_capacity = battery->full_charge_capacity;
3533 ++ else if (ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity))
3534 ++ full_capacity = battery->design_capacity;
3535 ++
3536 ++ if (battery->capacity_now == ACPI_BATTERY_VALUE_UNKNOWN ||
3537 ++ full_capacity == ACPI_BATTERY_VALUE_UNKNOWN)
3538 ++ ret = -ENODEV;
3539 + else
3540 +- val->intval = 0;
3541 ++ val->intval = battery->capacity_now * 100/
3542 ++ full_capacity;
3543 + break;
3544 + case POWER_SUPPLY_PROP_CAPACITY_LEVEL:
3545 + if (battery->state & ACPI_BATTERY_STATE_CRITICAL)
3546 +@@ -333,6 +342,20 @@ static enum power_supply_property charge_battery_props[] = {
3547 + POWER_SUPPLY_PROP_SERIAL_NUMBER,
3548 + };
3549 +
3550 ++static enum power_supply_property charge_battery_full_cap_broken_props[] = {
3551 ++ POWER_SUPPLY_PROP_STATUS,
3552 ++ POWER_SUPPLY_PROP_PRESENT,
3553 ++ POWER_SUPPLY_PROP_TECHNOLOGY,
3554 ++ POWER_SUPPLY_PROP_CYCLE_COUNT,
3555 ++ POWER_SUPPLY_PROP_VOLTAGE_MIN_DESIGN,
3556 ++ POWER_SUPPLY_PROP_VOLTAGE_NOW,
3557 ++ POWER_SUPPLY_PROP_CURRENT_NOW,
3558 ++ POWER_SUPPLY_PROP_CHARGE_NOW,
3559 ++ POWER_SUPPLY_PROP_MODEL_NAME,
3560 ++ POWER_SUPPLY_PROP_MANUFACTURER,
3561 ++ POWER_SUPPLY_PROP_SERIAL_NUMBER,
3562 ++};
3563 ++
3564 + static enum power_supply_property energy_battery_props[] = {
3565 + POWER_SUPPLY_PROP_STATUS,
3566 + POWER_SUPPLY_PROP_PRESENT,
3567 +@@ -794,20 +817,34 @@ static void __exit battery_hook_exit(void)
3568 + static int sysfs_add_battery(struct acpi_battery *battery)
3569 + {
3570 + struct power_supply_config psy_cfg = { .drv_data = battery, };
3571 ++ bool full_cap_broken = false;
3572 ++
3573 ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) &&
3574 ++ !ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity))
3575 ++ full_cap_broken = true;
3576 +
3577 + if (battery->power_unit == ACPI_BATTERY_POWER_UNIT_MA) {
3578 +- battery->bat_desc.properties = charge_battery_props;
3579 +- battery->bat_desc.num_properties =
3580 +- ARRAY_SIZE(charge_battery_props);
3581 +- } else if (battery->full_charge_capacity == 0) {
3582 +- battery->bat_desc.properties =
3583 +- energy_battery_full_cap_broken_props;
3584 +- battery->bat_desc.num_properties =
3585 +- ARRAY_SIZE(energy_battery_full_cap_broken_props);
3586 ++ if (full_cap_broken) {
3587 ++ battery->bat_desc.properties =
3588 ++ charge_battery_full_cap_broken_props;
3589 ++ battery->bat_desc.num_properties =
3590 ++ ARRAY_SIZE(charge_battery_full_cap_broken_props);
3591 ++ } else {
3592 ++ battery->bat_desc.properties = charge_battery_props;
3593 ++ battery->bat_desc.num_properties =
3594 ++ ARRAY_SIZE(charge_battery_props);
3595 ++ }
3596 + } else {
3597 +- battery->bat_desc.properties = energy_battery_props;
3598 +- battery->bat_desc.num_properties =
3599 +- ARRAY_SIZE(energy_battery_props);
3600 ++ if (full_cap_broken) {
3601 ++ battery->bat_desc.properties =
3602 ++ energy_battery_full_cap_broken_props;
3603 ++ battery->bat_desc.num_properties =
3604 ++ ARRAY_SIZE(energy_battery_full_cap_broken_props);
3605 ++ } else {
3606 ++ battery->bat_desc.properties = energy_battery_props;
3607 ++ battery->bat_desc.num_properties =
3608 ++ ARRAY_SIZE(energy_battery_props);
3609 ++ }
3610 + }
3611 +
3612 + battery->bat_desc.name = acpi_device_bid(battery->device);
3613 +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
3614 +index 31014c7d3793..e63fd7bfd3a5 100644
3615 +--- a/drivers/acpi/video_detect.c
3616 ++++ b/drivers/acpi/video_detect.c
3617 +@@ -336,6 +336,11 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
3618 + DMI_MATCH(DMI_PRODUCT_NAME, "Precision 7510"),
3619 + },
3620 + },
3621 ++
3622 ++ /*
3623 ++ * Desktops which falsely report a backlight and which our heuristics
3624 ++ * for this do not catch.
3625 ++ */
3626 + {
3627 + .callback = video_detect_force_none,
3628 + .ident = "Dell OptiPlex 9020M",
3629 +@@ -344,6 +349,14 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
3630 + DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 9020M"),
3631 + },
3632 + },
3633 ++ {
3634 ++ .callback = video_detect_force_none,
3635 ++ .ident = "MSI MS-7721",
3636 ++ .matches = {
3637 ++ DMI_MATCH(DMI_SYS_VENDOR, "MSI"),
3638 ++ DMI_MATCH(DMI_PRODUCT_NAME, "MS-7721"),
3639 ++ },
3640 ++ },
3641 + { },
3642 + };
3643 +
3644 +diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
3645 +index 134a8af51511..0e99a760aebd 100644
3646 +--- a/drivers/base/power/main.c
3647 ++++ b/drivers/base/power/main.c
3648 +@@ -273,10 +273,38 @@ static void dpm_wait_for_suppliers(struct device *dev, bool async)
3649 + device_links_read_unlock(idx);
3650 + }
3651 +
3652 +-static void dpm_wait_for_superior(struct device *dev, bool async)
3653 ++static bool dpm_wait_for_superior(struct device *dev, bool async)
3654 + {
3655 +- dpm_wait(dev->parent, async);
3656 ++ struct device *parent;
3657 ++
3658 ++ /*
3659 ++ * If the device is resumed asynchronously and the parent's callback
3660 ++ * deletes both the device and the parent itself, the parent object may
3661 ++ * be freed while this function is running, so avoid that by reference
3662 ++ * counting the parent once more unless the device has been deleted
3663 ++ * already (in which case return right away).
3664 ++ */
3665 ++ mutex_lock(&dpm_list_mtx);
3666 ++
3667 ++ if (!device_pm_initialized(dev)) {
3668 ++ mutex_unlock(&dpm_list_mtx);
3669 ++ return false;
3670 ++ }
3671 ++
3672 ++ parent = get_device(dev->parent);
3673 ++
3674 ++ mutex_unlock(&dpm_list_mtx);
3675 ++
3676 ++ dpm_wait(parent, async);
3677 ++ put_device(parent);
3678 ++
3679 + dpm_wait_for_suppliers(dev, async);
3680 ++
3681 ++ /*
3682 ++ * If the parent's callback has deleted the device, attempting to resume
3683 ++ * it would be invalid, so avoid doing that then.
3684 ++ */
3685 ++ return device_pm_initialized(dev);
3686 + }
3687 +
3688 + static void dpm_wait_for_consumers(struct device *dev, bool async)
3689 +@@ -621,7 +649,8 @@ static int device_resume_noirq(struct device *dev, pm_message_t state, bool asyn
3690 + if (!dev->power.is_noirq_suspended)
3691 + goto Out;
3692 +
3693 +- dpm_wait_for_superior(dev, async);
3694 ++ if (!dpm_wait_for_superior(dev, async))
3695 ++ goto Out;
3696 +
3697 + skip_resume = dev_pm_may_skip_resume(dev);
3698 +
3699 +@@ -829,7 +858,8 @@ static int device_resume_early(struct device *dev, pm_message_t state, bool asyn
3700 + if (!dev->power.is_late_suspended)
3701 + goto Out;
3702 +
3703 +- dpm_wait_for_superior(dev, async);
3704 ++ if (!dpm_wait_for_superior(dev, async))
3705 ++ goto Out;
3706 +
3707 + callback = dpm_subsys_resume_early_cb(dev, state, &info);
3708 +
3709 +@@ -944,7 +974,9 @@ static int device_resume(struct device *dev, pm_message_t state, bool async)
3710 + goto Complete;
3711 + }
3712 +
3713 +- dpm_wait_for_superior(dev, async);
3714 ++ if (!dpm_wait_for_superior(dev, async))
3715 ++ goto Complete;
3716 ++
3717 + dpm_watchdog_set(&wd, dev);
3718 + device_lock(dev);
3719 +
3720 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
3721 +index 4e7ef35f1c8f..9c3b063e1a1f 100644
3722 +--- a/drivers/bluetooth/btusb.c
3723 ++++ b/drivers/bluetooth/btusb.c
3724 +@@ -2850,7 +2850,7 @@ static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
3725 + err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
3726 + if (err < 0) {
3727 + bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
3728 +- return err;
3729 ++ goto err_release_fw;
3730 + }
3731 +
3732 + /* Wait a few moments for firmware activation done */
3733 +@@ -3819,6 +3819,10 @@ static int btusb_probe(struct usb_interface *intf,
3734 + * (DEVICE_REMOTE_WAKEUP)
3735 + */
3736 + set_bit(BTUSB_WAKEUP_DISABLE, &data->flags);
3737 ++
3738 ++ err = usb_autopm_get_interface(intf);
3739 ++ if (err < 0)
3740 ++ goto out_free_dev;
3741 + }
3742 +
3743 + if (id->driver_info & BTUSB_AMP) {
3744 +diff --git a/drivers/clk/tegra/clk-tegra-periph.c b/drivers/clk/tegra/clk-tegra-periph.c
3745 +index 1ed85f120a1b..49b9f2f85bad 100644
3746 +--- a/drivers/clk/tegra/clk-tegra-periph.c
3747 ++++ b/drivers/clk/tegra/clk-tegra-periph.c
3748 +@@ -785,7 +785,11 @@ static struct tegra_periph_init_data gate_clks[] = {
3749 + GATE("ahbdma", "hclk", 33, 0, tegra_clk_ahbdma, 0),
3750 + GATE("apbdma", "pclk", 34, 0, tegra_clk_apbdma, 0),
3751 + GATE("kbc", "clk_32k", 36, TEGRA_PERIPH_ON_APB | TEGRA_PERIPH_NO_RESET, tegra_clk_kbc, 0),
3752 +- GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, 0),
3753 ++ /*
3754 ++ * Critical for RAM re-repair operation, which must occur on resume
3755 ++ * from LP1 system suspend and as part of CCPLEX cluster switching.
3756 ++ */
3757 ++ GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, CLK_IS_CRITICAL),
3758 + GATE("fuse_burn", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse_burn, 0),
3759 + GATE("kfuse", "clk_m", 40, TEGRA_PERIPH_ON_APB, tegra_clk_kfuse, 0),
3760 + GATE("apbif", "clk_m", 107, TEGRA_PERIPH_ON_APB, tegra_clk_apbif, 0),
3761 +diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
3762 +index 8d8da763adc5..8910fd1ae3c6 100644
3763 +--- a/drivers/cpufreq/cppc_cpufreq.c
3764 ++++ b/drivers/cpufreq/cppc_cpufreq.c
3765 +@@ -217,7 +217,7 @@ static int cppc_cpufreq_set_target(struct cpufreq_policy *policy,
3766 + return ret;
3767 + }
3768 +
3769 +-static int cppc_verify_policy(struct cpufreq_policy *policy)
3770 ++static int cppc_verify_policy(struct cpufreq_policy_data *policy)
3771 + {
3772 + cpufreq_verify_within_cpu_limits(policy);
3773 + return 0;
3774 +diff --git a/drivers/cpufreq/cpufreq-nforce2.c b/drivers/cpufreq/cpufreq-nforce2.c
3775 +index cd53272e2fa2..f7a7bcf6f52e 100644
3776 +--- a/drivers/cpufreq/cpufreq-nforce2.c
3777 ++++ b/drivers/cpufreq/cpufreq-nforce2.c
3778 +@@ -291,7 +291,7 @@ static int nforce2_target(struct cpufreq_policy *policy,
3779 + * nforce2_verify - verifies a new CPUFreq policy
3780 + * @policy: new policy
3781 + */
3782 +-static int nforce2_verify(struct cpufreq_policy *policy)
3783 ++static int nforce2_verify(struct cpufreq_policy_data *policy)
3784 + {
3785 + unsigned int fsb_pol_max;
3786 +
3787 +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
3788 +index a7db4f22a077..7679f8a91745 100644
3789 +--- a/drivers/cpufreq/cpufreq.c
3790 ++++ b/drivers/cpufreq/cpufreq.c
3791 +@@ -74,6 +74,9 @@ static void cpufreq_exit_governor(struct cpufreq_policy *policy);
3792 + static int cpufreq_start_governor(struct cpufreq_policy *policy);
3793 + static void cpufreq_stop_governor(struct cpufreq_policy *policy);
3794 + static void cpufreq_governor_limits(struct cpufreq_policy *policy);
3795 ++static int cpufreq_set_policy(struct cpufreq_policy *policy,
3796 ++ struct cpufreq_governor *new_gov,
3797 ++ unsigned int new_pol);
3798 +
3799 + /**
3800 + * Two notifier lists: the "policy" list is involved in the
3801 +@@ -613,25 +616,22 @@ static struct cpufreq_governor *find_governor(const char *str_governor)
3802 + return NULL;
3803 + }
3804 +
3805 +-static int cpufreq_parse_policy(char *str_governor,
3806 +- struct cpufreq_policy *policy)
3807 ++static unsigned int cpufreq_parse_policy(char *str_governor)
3808 + {
3809 +- if (!strncasecmp(str_governor, "performance", CPUFREQ_NAME_LEN)) {
3810 +- policy->policy = CPUFREQ_POLICY_PERFORMANCE;
3811 +- return 0;
3812 +- }
3813 +- if (!strncasecmp(str_governor, "powersave", CPUFREQ_NAME_LEN)) {
3814 +- policy->policy = CPUFREQ_POLICY_POWERSAVE;
3815 +- return 0;
3816 +- }
3817 +- return -EINVAL;
3818 ++ if (!strncasecmp(str_governor, "performance", CPUFREQ_NAME_LEN))
3819 ++ return CPUFREQ_POLICY_PERFORMANCE;
3820 ++
3821 ++ if (!strncasecmp(str_governor, "powersave", CPUFREQ_NAME_LEN))
3822 ++ return CPUFREQ_POLICY_POWERSAVE;
3823 ++
3824 ++ return CPUFREQ_POLICY_UNKNOWN;
3825 + }
3826 +
3827 + /**
3828 + * cpufreq_parse_governor - parse a governor string only for has_target()
3829 ++ * @str_governor: Governor name.
3830 + */
3831 +-static int cpufreq_parse_governor(char *str_governor,
3832 +- struct cpufreq_policy *policy)
3833 ++static struct cpufreq_governor *cpufreq_parse_governor(char *str_governor)
3834 + {
3835 + struct cpufreq_governor *t;
3836 +
3837 +@@ -645,7 +645,7 @@ static int cpufreq_parse_governor(char *str_governor,
3838 +
3839 + ret = request_module("cpufreq_%s", str_governor);
3840 + if (ret)
3841 +- return -EINVAL;
3842 ++ return NULL;
3843 +
3844 + mutex_lock(&cpufreq_governor_mutex);
3845 +
3846 +@@ -656,12 +656,7 @@ static int cpufreq_parse_governor(char *str_governor,
3847 +
3848 + mutex_unlock(&cpufreq_governor_mutex);
3849 +
3850 +- if (t) {
3851 +- policy->governor = t;
3852 +- return 0;
3853 +- }
3854 +-
3855 +- return -EINVAL;
3856 ++ return t;
3857 + }
3858 +
3859 + /**
3860 +@@ -762,28 +757,33 @@ static ssize_t show_scaling_governor(struct cpufreq_policy *policy, char *buf)
3861 + static ssize_t store_scaling_governor(struct cpufreq_policy *policy,
3862 + const char *buf, size_t count)
3863 + {
3864 ++ char str_governor[16];
3865 + int ret;
3866 +- char str_governor[16];
3867 +- struct cpufreq_policy new_policy;
3868 +-
3869 +- memcpy(&new_policy, policy, sizeof(*policy));
3870 +
3871 + ret = sscanf(buf, "%15s", str_governor);
3872 + if (ret != 1)
3873 + return -EINVAL;
3874 +
3875 + if (cpufreq_driver->setpolicy) {
3876 +- if (cpufreq_parse_policy(str_governor, &new_policy))
3877 ++ unsigned int new_pol;
3878 ++
3879 ++ new_pol = cpufreq_parse_policy(str_governor);
3880 ++ if (!new_pol)
3881 + return -EINVAL;
3882 ++
3883 ++ ret = cpufreq_set_policy(policy, NULL, new_pol);
3884 + } else {
3885 +- if (cpufreq_parse_governor(str_governor, &new_policy))
3886 ++ struct cpufreq_governor *new_gov;
3887 ++
3888 ++ new_gov = cpufreq_parse_governor(str_governor);
3889 ++ if (!new_gov)
3890 + return -EINVAL;
3891 +- }
3892 +
3893 +- ret = cpufreq_set_policy(policy, &new_policy);
3894 ++ ret = cpufreq_set_policy(policy, new_gov,
3895 ++ CPUFREQ_POLICY_UNKNOWN);
3896 +
3897 +- if (new_policy.governor)
3898 +- module_put(new_policy.governor->owner);
3899 ++ module_put(new_gov->owner);
3900 ++ }
3901 +
3902 + return ret ? ret : count;
3903 + }
3904 +@@ -1050,40 +1050,33 @@ __weak struct cpufreq_governor *cpufreq_default_governor(void)
3905 +
3906 + static int cpufreq_init_policy(struct cpufreq_policy *policy)
3907 + {
3908 +- struct cpufreq_governor *gov = NULL, *def_gov = NULL;
3909 +- struct cpufreq_policy new_policy;
3910 +-
3911 +- memcpy(&new_policy, policy, sizeof(*policy));
3912 +-
3913 +- def_gov = cpufreq_default_governor();
3914 ++ struct cpufreq_governor *def_gov = cpufreq_default_governor();
3915 ++ struct cpufreq_governor *gov = NULL;
3916 ++ unsigned int pol = CPUFREQ_POLICY_UNKNOWN;
3917 +
3918 + if (has_target()) {
3919 +- /*
3920 +- * Update governor of new_policy to the governor used before
3921 +- * hotplug
3922 +- */
3923 ++ /* Update policy governor to the one used before hotplug. */
3924 + gov = find_governor(policy->last_governor);
3925 + if (gov) {
3926 + pr_debug("Restoring governor %s for cpu %d\n",
3927 +- policy->governor->name, policy->cpu);
3928 +- } else {
3929 +- if (!def_gov)
3930 +- return -ENODATA;
3931 ++ policy->governor->name, policy->cpu);
3932 ++ } else if (def_gov) {
3933 + gov = def_gov;
3934 ++ } else {
3935 ++ return -ENODATA;
3936 + }
3937 +- new_policy.governor = gov;
3938 + } else {
3939 + /* Use the default policy if there is no last_policy. */
3940 + if (policy->last_policy) {
3941 +- new_policy.policy = policy->last_policy;
3942 ++ pol = policy->last_policy;
3943 ++ } else if (def_gov) {
3944 ++ pol = cpufreq_parse_policy(def_gov->name);
3945 + } else {
3946 +- if (!def_gov)
3947 +- return -ENODATA;
3948 +- cpufreq_parse_policy(def_gov->name, &new_policy);
3949 ++ return -ENODATA;
3950 + }
3951 + }
3952 +
3953 +- return cpufreq_set_policy(policy, &new_policy);
3954 ++ return cpufreq_set_policy(policy, gov, pol);
3955 + }
3956 +
3957 + static int cpufreq_add_policy_cpu(struct cpufreq_policy *policy, unsigned int cpu)
3958 +@@ -1111,13 +1104,10 @@ static int cpufreq_add_policy_cpu(struct cpufreq_policy *policy, unsigned int cp
3959 +
3960 + void refresh_frequency_limits(struct cpufreq_policy *policy)
3961 + {
3962 +- struct cpufreq_policy new_policy;
3963 +-
3964 + if (!policy_is_inactive(policy)) {
3965 +- new_policy = *policy;
3966 + pr_debug("updating policy for CPU %u\n", policy->cpu);
3967 +
3968 +- cpufreq_set_policy(policy, &new_policy);
3969 ++ cpufreq_set_policy(policy, policy->governor, policy->policy);
3970 + }
3971 + }
3972 + EXPORT_SYMBOL(refresh_frequency_limits);
3973 +@@ -2361,43 +2351,46 @@ EXPORT_SYMBOL(cpufreq_get_policy);
3974 + /**
3975 + * cpufreq_set_policy - Modify cpufreq policy parameters.
3976 + * @policy: Policy object to modify.
3977 +- * @new_policy: New policy data.
3978 ++ * @new_gov: Policy governor pointer.
3979 ++ * @new_pol: Policy value (for drivers with built-in governors).
3980 + *
3981 +- * Pass @new_policy to the cpufreq driver's ->verify() callback. Next, copy the
3982 +- * min and max parameters of @new_policy to @policy and either invoke the
3983 +- * driver's ->setpolicy() callback (if present) or carry out a governor update
3984 +- * for @policy. That is, run the current governor's ->limits() callback (if the
3985 +- * governor field in @new_policy points to the same object as the one in
3986 +- * @policy) or replace the governor for @policy with the new one stored in
3987 +- * @new_policy.
3988 ++ * Invoke the cpufreq driver's ->verify() callback to sanity-check the frequency
3989 ++ * limits to be set for the policy, update @policy with the verified limits
3990 ++ * values and either invoke the driver's ->setpolicy() callback (if present) or
3991 ++ * carry out a governor update for @policy. That is, run the current governor's
3992 ++ * ->limits() callback (if @new_gov points to the same object as the one in
3993 ++ * @policy) or replace the governor for @policy with @new_gov.
3994 + *
3995 + * The cpuinfo part of @policy is not updated by this function.
3996 + */
3997 +-int cpufreq_set_policy(struct cpufreq_policy *policy,
3998 +- struct cpufreq_policy *new_policy)
3999 ++static int cpufreq_set_policy(struct cpufreq_policy *policy,
4000 ++ struct cpufreq_governor *new_gov,
4001 ++ unsigned int new_pol)
4002 + {
4003 ++ struct cpufreq_policy_data new_data;
4004 + struct cpufreq_governor *old_gov;
4005 + int ret;
4006 +
4007 +- pr_debug("setting new policy for CPU %u: %u - %u kHz\n",
4008 +- new_policy->cpu, new_policy->min, new_policy->max);
4009 +-
4010 +- memcpy(&new_policy->cpuinfo, &policy->cpuinfo, sizeof(policy->cpuinfo));
4011 +-
4012 ++ memcpy(&new_data.cpuinfo, &policy->cpuinfo, sizeof(policy->cpuinfo));
4013 ++ new_data.freq_table = policy->freq_table;
4014 ++ new_data.cpu = policy->cpu;
4015 + /*
4016 + * PM QoS framework collects all the requests from users and provide us
4017 + * the final aggregated value here.
4018 + */
4019 +- new_policy->min = freq_qos_read_value(&policy->constraints, FREQ_QOS_MIN);
4020 +- new_policy->max = freq_qos_read_value(&policy->constraints, FREQ_QOS_MAX);
4021 ++ new_data.min = freq_qos_read_value(&policy->constraints, FREQ_QOS_MIN);
4022 ++ new_data.max = freq_qos_read_value(&policy->constraints, FREQ_QOS_MAX);
4023 ++
4024 ++ pr_debug("setting new policy for CPU %u: %u - %u kHz\n",
4025 ++ new_data.cpu, new_data.min, new_data.max);
4026 +
4027 + /* verify the cpu speed can be set within this limit */
4028 +- ret = cpufreq_driver->verify(new_policy);
4029 ++ ret = cpufreq_driver->verify(&new_data);
4030 + if (ret)
4031 + return ret;
4032 +
4033 +- policy->min = new_policy->min;
4034 +- policy->max = new_policy->max;
4035 ++ policy->min = new_data.min;
4036 ++ policy->max = new_data.max;
4037 + trace_cpu_frequency_limits(policy);
4038 +
4039 + policy->cached_target_freq = UINT_MAX;
4040 +@@ -2406,12 +2399,12 @@ int cpufreq_set_policy(struct cpufreq_policy *policy,
4041 + policy->min, policy->max);
4042 +
4043 + if (cpufreq_driver->setpolicy) {
4044 +- policy->policy = new_policy->policy;
4045 ++ policy->policy = new_pol;
4046 + pr_debug("setting range\n");
4047 + return cpufreq_driver->setpolicy(policy);
4048 + }
4049 +
4050 +- if (new_policy->governor == policy->governor) {
4051 ++ if (new_gov == policy->governor) {
4052 + pr_debug("governor limits update\n");
4053 + cpufreq_governor_limits(policy);
4054 + return 0;
4055 +@@ -2428,7 +2421,7 @@ int cpufreq_set_policy(struct cpufreq_policy *policy,
4056 + }
4057 +
4058 + /* start new governor */
4059 +- policy->governor = new_policy->governor;
4060 ++ policy->governor = new_gov;
4061 + ret = cpufreq_init_governor(policy);
4062 + if (!ret) {
4063 + ret = cpufreq_start_governor(policy);
4064 +diff --git a/drivers/cpufreq/freq_table.c b/drivers/cpufreq/freq_table.c
4065 +index ded427e0a488..e117b0059123 100644
4066 +--- a/drivers/cpufreq/freq_table.c
4067 ++++ b/drivers/cpufreq/freq_table.c
4068 +@@ -60,7 +60,7 @@ int cpufreq_frequency_table_cpuinfo(struct cpufreq_policy *policy,
4069 + return 0;
4070 + }
4071 +
4072 +-int cpufreq_frequency_table_verify(struct cpufreq_policy *policy,
4073 ++int cpufreq_frequency_table_verify(struct cpufreq_policy_data *policy,
4074 + struct cpufreq_frequency_table *table)
4075 + {
4076 + struct cpufreq_frequency_table *pos;
4077 +@@ -100,7 +100,7 @@ EXPORT_SYMBOL_GPL(cpufreq_frequency_table_verify);
4078 + * Generic routine to verify policy & frequency table, requires driver to set
4079 + * policy->freq_table prior to it.
4080 + */
4081 +-int cpufreq_generic_frequency_table_verify(struct cpufreq_policy *policy)
4082 ++int cpufreq_generic_frequency_table_verify(struct cpufreq_policy_data *policy)
4083 + {
4084 + if (!policy->freq_table)
4085 + return -ENODEV;
4086 +diff --git a/drivers/cpufreq/gx-suspmod.c b/drivers/cpufreq/gx-suspmod.c
4087 +index e97b5733aa24..75b3ef7ec679 100644
4088 +--- a/drivers/cpufreq/gx-suspmod.c
4089 ++++ b/drivers/cpufreq/gx-suspmod.c
4090 +@@ -328,7 +328,7 @@ static void gx_set_cpuspeed(struct cpufreq_policy *policy, unsigned int khz)
4091 + * for the hardware supported by the driver.
4092 + */
4093 +
4094 +-static int cpufreq_gx_verify(struct cpufreq_policy *policy)
4095 ++static int cpufreq_gx_verify(struct cpufreq_policy_data *policy)
4096 + {
4097 + unsigned int tmp_freq = 0;
4098 + u8 tmp1, tmp2;
4099 +diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
4100 +index 8ab31702cf6a..45499e0b9f2f 100644
4101 +--- a/drivers/cpufreq/intel_pstate.c
4102 ++++ b/drivers/cpufreq/intel_pstate.c
4103 +@@ -2036,8 +2036,9 @@ static int intel_pstate_get_max_freq(struct cpudata *cpu)
4104 + cpu->pstate.max_freq : cpu->pstate.turbo_freq;
4105 + }
4106 +
4107 +-static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4108 +- struct cpudata *cpu)
4109 ++static void intel_pstate_update_perf_limits(struct cpudata *cpu,
4110 ++ unsigned int policy_min,
4111 ++ unsigned int policy_max)
4112 + {
4113 + int max_freq = intel_pstate_get_max_freq(cpu);
4114 + int32_t max_policy_perf, min_policy_perf;
4115 +@@ -2056,18 +2057,17 @@ static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4116 + turbo_max = cpu->pstate.turbo_pstate;
4117 + }
4118 +
4119 +- max_policy_perf = max_state * policy->max / max_freq;
4120 +- if (policy->max == policy->min) {
4121 ++ max_policy_perf = max_state * policy_max / max_freq;
4122 ++ if (policy_max == policy_min) {
4123 + min_policy_perf = max_policy_perf;
4124 + } else {
4125 +- min_policy_perf = max_state * policy->min / max_freq;
4126 ++ min_policy_perf = max_state * policy_min / max_freq;
4127 + min_policy_perf = clamp_t(int32_t, min_policy_perf,
4128 + 0, max_policy_perf);
4129 + }
4130 +
4131 + pr_debug("cpu:%d max_state %d min_policy_perf:%d max_policy_perf:%d\n",
4132 +- policy->cpu, max_state,
4133 +- min_policy_perf, max_policy_perf);
4134 ++ cpu->cpu, max_state, min_policy_perf, max_policy_perf);
4135 +
4136 + /* Normalize user input to [min_perf, max_perf] */
4137 + if (per_cpu_limits) {
4138 +@@ -2081,7 +2081,7 @@ static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4139 + global_min = DIV_ROUND_UP(turbo_max * global.min_perf_pct, 100);
4140 + global_min = clamp_t(int32_t, global_min, 0, global_max);
4141 +
4142 +- pr_debug("cpu:%d global_min:%d global_max:%d\n", policy->cpu,
4143 ++ pr_debug("cpu:%d global_min:%d global_max:%d\n", cpu->cpu,
4144 + global_min, global_max);
4145 +
4146 + cpu->min_perf_ratio = max(min_policy_perf, global_min);
4147 +@@ -2094,7 +2094,7 @@ static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4148 + cpu->max_perf_ratio);
4149 +
4150 + }
4151 +- pr_debug("cpu:%d max_perf_ratio:%d min_perf_ratio:%d\n", policy->cpu,
4152 ++ pr_debug("cpu:%d max_perf_ratio:%d min_perf_ratio:%d\n", cpu->cpu,
4153 + cpu->max_perf_ratio,
4154 + cpu->min_perf_ratio);
4155 + }
4156 +@@ -2114,7 +2114,7 @@ static int intel_pstate_set_policy(struct cpufreq_policy *policy)
4157 +
4158 + mutex_lock(&intel_pstate_limits_lock);
4159 +
4160 +- intel_pstate_update_perf_limits(policy, cpu);
4161 ++ intel_pstate_update_perf_limits(cpu, policy->min, policy->max);
4162 +
4163 + if (cpu->policy == CPUFREQ_POLICY_PERFORMANCE) {
4164 + /*
4165 +@@ -2143,8 +2143,8 @@ static int intel_pstate_set_policy(struct cpufreq_policy *policy)
4166 + return 0;
4167 + }
4168 +
4169 +-static void intel_pstate_adjust_policy_max(struct cpufreq_policy *policy,
4170 +- struct cpudata *cpu)
4171 ++static void intel_pstate_adjust_policy_max(struct cpudata *cpu,
4172 ++ struct cpufreq_policy_data *policy)
4173 + {
4174 + if (!hwp_active &&
4175 + cpu->pstate.max_pstate_physical > cpu->pstate.max_pstate &&
4176 +@@ -2155,7 +2155,7 @@ static void intel_pstate_adjust_policy_max(struct cpufreq_policy *policy,
4177 + }
4178 + }
4179 +
4180 +-static int intel_pstate_verify_policy(struct cpufreq_policy *policy)
4181 ++static int intel_pstate_verify_policy(struct cpufreq_policy_data *policy)
4182 + {
4183 + struct cpudata *cpu = all_cpu_data[policy->cpu];
4184 +
4185 +@@ -2163,11 +2163,7 @@ static int intel_pstate_verify_policy(struct cpufreq_policy *policy)
4186 + cpufreq_verify_within_limits(policy, policy->cpuinfo.min_freq,
4187 + intel_pstate_get_max_freq(cpu));
4188 +
4189 +- if (policy->policy != CPUFREQ_POLICY_POWERSAVE &&
4190 +- policy->policy != CPUFREQ_POLICY_PERFORMANCE)
4191 +- return -EINVAL;
4192 +-
4193 +- intel_pstate_adjust_policy_max(policy, cpu);
4194 ++ intel_pstate_adjust_policy_max(cpu, policy);
4195 +
4196 + return 0;
4197 + }
4198 +@@ -2268,7 +2264,7 @@ static struct cpufreq_driver intel_pstate = {
4199 + .name = "intel_pstate",
4200 + };
4201 +
4202 +-static int intel_cpufreq_verify_policy(struct cpufreq_policy *policy)
4203 ++static int intel_cpufreq_verify_policy(struct cpufreq_policy_data *policy)
4204 + {
4205 + struct cpudata *cpu = all_cpu_data[policy->cpu];
4206 +
4207 +@@ -2276,9 +2272,9 @@ static int intel_cpufreq_verify_policy(struct cpufreq_policy *policy)
4208 + cpufreq_verify_within_limits(policy, policy->cpuinfo.min_freq,
4209 + intel_pstate_get_max_freq(cpu));
4210 +
4211 +- intel_pstate_adjust_policy_max(policy, cpu);
4212 ++ intel_pstate_adjust_policy_max(cpu, policy);
4213 +
4214 +- intel_pstate_update_perf_limits(policy, cpu);
4215 ++ intel_pstate_update_perf_limits(cpu, policy->min, policy->max);
4216 +
4217 + return 0;
4218 + }
4219 +diff --git a/drivers/cpufreq/longrun.c b/drivers/cpufreq/longrun.c
4220 +index 64b8689f7a4a..0b08be8bff76 100644
4221 +--- a/drivers/cpufreq/longrun.c
4222 ++++ b/drivers/cpufreq/longrun.c
4223 +@@ -122,7 +122,7 @@ static int longrun_set_policy(struct cpufreq_policy *policy)
4224 + * Validates a new CPUFreq policy. This function has to be called with
4225 + * cpufreq_driver locked.
4226 + */
4227 +-static int longrun_verify_policy(struct cpufreq_policy *policy)
4228 ++static int longrun_verify_policy(struct cpufreq_policy_data *policy)
4229 + {
4230 + if (!policy)
4231 + return -EINVAL;
4232 +@@ -130,10 +130,6 @@ static int longrun_verify_policy(struct cpufreq_policy *policy)
4233 + policy->cpu = 0;
4234 + cpufreq_verify_within_cpu_limits(policy);
4235 +
4236 +- if ((policy->policy != CPUFREQ_POLICY_POWERSAVE) &&
4237 +- (policy->policy != CPUFREQ_POLICY_PERFORMANCE))
4238 +- return -EINVAL;
4239 +-
4240 + return 0;
4241 + }
4242 +
4243 +diff --git a/drivers/cpufreq/pcc-cpufreq.c b/drivers/cpufreq/pcc-cpufreq.c
4244 +index fdc767fdbe6a..f90273006553 100644
4245 +--- a/drivers/cpufreq/pcc-cpufreq.c
4246 ++++ b/drivers/cpufreq/pcc-cpufreq.c
4247 +@@ -109,7 +109,7 @@ struct pcc_cpu {
4248 +
4249 + static struct pcc_cpu __percpu *pcc_cpu_info;
4250 +
4251 +-static int pcc_cpufreq_verify(struct cpufreq_policy *policy)
4252 ++static int pcc_cpufreq_verify(struct cpufreq_policy_data *policy)
4253 + {
4254 + cpufreq_verify_within_cpu_limits(policy);
4255 + return 0;
4256 +diff --git a/drivers/cpufreq/sh-cpufreq.c b/drivers/cpufreq/sh-cpufreq.c
4257 +index 5096c0ab781b..0ac265d47ef0 100644
4258 +--- a/drivers/cpufreq/sh-cpufreq.c
4259 ++++ b/drivers/cpufreq/sh-cpufreq.c
4260 +@@ -87,7 +87,7 @@ static int sh_cpufreq_target(struct cpufreq_policy *policy,
4261 + return work_on_cpu(policy->cpu, __sh_cpufreq_target, &data);
4262 + }
4263 +
4264 +-static int sh_cpufreq_verify(struct cpufreq_policy *policy)
4265 ++static int sh_cpufreq_verify(struct cpufreq_policy_data *policy)
4266 + {
4267 + struct clk *cpuclk = &per_cpu(sh_cpuclk, policy->cpu);
4268 + struct cpufreq_frequency_table *freq_table;
4269 +diff --git a/drivers/cpufreq/unicore2-cpufreq.c b/drivers/cpufreq/unicore2-cpufreq.c
4270 +index 707dbc1b7ac8..98d392196df2 100644
4271 +--- a/drivers/cpufreq/unicore2-cpufreq.c
4272 ++++ b/drivers/cpufreq/unicore2-cpufreq.c
4273 +@@ -22,7 +22,7 @@ static struct cpufreq_driver ucv2_driver;
4274 + /* make sure that only the "userspace" governor is run
4275 + * -- anything else wouldn't make sense on this platform, anyway.
4276 + */
4277 +-static int ucv2_verify_speed(struct cpufreq_policy *policy)
4278 ++static int ucv2_verify_speed(struct cpufreq_policy_data *policy)
4279 + {
4280 + if (policy->cpu)
4281 + return -EINVAL;
4282 +diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
4283 +index db99cee1991c..89f79d763ab8 100644
4284 +--- a/drivers/crypto/atmel-aes.c
4285 ++++ b/drivers/crypto/atmel-aes.c
4286 +@@ -88,7 +88,6 @@
4287 + struct atmel_aes_caps {
4288 + bool has_dualbuff;
4289 + bool has_cfb64;
4290 +- bool has_ctr32;
4291 + bool has_gcm;
4292 + bool has_xts;
4293 + bool has_authenc;
4294 +@@ -1013,8 +1012,9 @@ static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
4295 + struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
4296 + struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
4297 + struct scatterlist *src, *dst;
4298 +- u32 ctr, blocks;
4299 + size_t datalen;
4300 ++ u32 ctr;
4301 ++ u16 blocks, start, end;
4302 + bool use_dma, fragmented = false;
4303 +
4304 + /* Check for transfer completion. */
4305 +@@ -1026,27 +1026,17 @@ static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
4306 + datalen = req->nbytes - ctx->offset;
4307 + blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
4308 + ctr = be32_to_cpu(ctx->iv[3]);
4309 +- if (dd->caps.has_ctr32) {
4310 +- /* Check 32bit counter overflow. */
4311 +- u32 start = ctr;
4312 +- u32 end = start + blocks - 1;
4313 +-
4314 +- if (end < start) {
4315 +- ctr |= 0xffffffff;
4316 +- datalen = AES_BLOCK_SIZE * -start;
4317 +- fragmented = true;
4318 +- }
4319 +- } else {
4320 +- /* Check 16bit counter overflow. */
4321 +- u16 start = ctr & 0xffff;
4322 +- u16 end = start + (u16)blocks - 1;
4323 +-
4324 +- if (blocks >> 16 || end < start) {
4325 +- ctr |= 0xffff;
4326 +- datalen = AES_BLOCK_SIZE * (0x10000-start);
4327 +- fragmented = true;
4328 +- }
4329 ++
4330 ++ /* Check 16bit counter overflow. */
4331 ++ start = ctr & 0xffff;
4332 ++ end = start + blocks - 1;
4333 ++
4334 ++ if (blocks >> 16 || end < start) {
4335 ++ ctr |= 0xffff;
4336 ++ datalen = AES_BLOCK_SIZE * (0x10000 - start);
4337 ++ fragmented = true;
4338 + }
4339 ++
4340 + use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD);
4341 +
4342 + /* Jump to offset. */
4343 +@@ -2550,7 +2540,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
4344 + {
4345 + dd->caps.has_dualbuff = 0;
4346 + dd->caps.has_cfb64 = 0;
4347 +- dd->caps.has_ctr32 = 0;
4348 + dd->caps.has_gcm = 0;
4349 + dd->caps.has_xts = 0;
4350 + dd->caps.has_authenc = 0;
4351 +@@ -2561,7 +2550,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
4352 + case 0x500:
4353 + dd->caps.has_dualbuff = 1;
4354 + dd->caps.has_cfb64 = 1;
4355 +- dd->caps.has_ctr32 = 1;
4356 + dd->caps.has_gcm = 1;
4357 + dd->caps.has_xts = 1;
4358 + dd->caps.has_authenc = 1;
4359 +@@ -2570,7 +2558,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
4360 + case 0x200:
4361 + dd->caps.has_dualbuff = 1;
4362 + dd->caps.has_cfb64 = 1;
4363 +- dd->caps.has_ctr32 = 1;
4364 + dd->caps.has_gcm = 1;
4365 + dd->caps.max_burst_size = 4;
4366 + break;
4367 +diff --git a/drivers/crypto/ccp/ccp-dev-v3.c b/drivers/crypto/ccp/ccp-dev-v3.c
4368 +index 0186b3df4c87..0d5576f6ad21 100644
4369 +--- a/drivers/crypto/ccp/ccp-dev-v3.c
4370 ++++ b/drivers/crypto/ccp/ccp-dev-v3.c
4371 +@@ -586,6 +586,7 @@ const struct ccp_vdata ccpv3_platform = {
4372 + .setup = NULL,
4373 + .perform = &ccp3_actions,
4374 + .offset = 0,
4375 ++ .rsamax = CCP_RSA_MAX_WIDTH,
4376 + };
4377 +
4378 + const struct ccp_vdata ccpv3 = {
4379 +diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
4380 +index d3e8faa03f15..3d7c8d9e54b9 100644
4381 +--- a/drivers/crypto/ccree/cc_aead.c
4382 ++++ b/drivers/crypto/ccree/cc_aead.c
4383 +@@ -237,7 +237,7 @@ static void cc_aead_complete(struct device *dev, void *cc_req, int err)
4384 + * revealed the decrypted message --> zero its memory.
4385 + */
4386 + sg_zero_buffer(areq->dst, sg_nents(areq->dst),
4387 +- areq->cryptlen, 0);
4388 ++ areq->cryptlen, areq->assoclen);
4389 + err = -EBADMSG;
4390 + }
4391 + /*ENCRYPT*/
4392 +diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
4393 +index 254b48797799..cd9c60268bf8 100644
4394 +--- a/drivers/crypto/ccree/cc_cipher.c
4395 ++++ b/drivers/crypto/ccree/cc_cipher.c
4396 +@@ -523,6 +523,7 @@ static void cc_setup_readiv_desc(struct crypto_tfm *tfm,
4397 + }
4398 + }
4399 +
4400 ++
4401 + static void cc_setup_state_desc(struct crypto_tfm *tfm,
4402 + struct cipher_req_ctx *req_ctx,
4403 + unsigned int ivsize, unsigned int nbytes,
4404 +@@ -534,8 +535,6 @@ static void cc_setup_state_desc(struct crypto_tfm *tfm,
4405 + int cipher_mode = ctx_p->cipher_mode;
4406 + int flow_mode = ctx_p->flow_mode;
4407 + int direction = req_ctx->gen_ctx.op_type;
4408 +- dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
4409 +- unsigned int key_len = ctx_p->keylen;
4410 + dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
4411 + unsigned int du_size = nbytes;
4412 +
4413 +@@ -570,6 +569,47 @@ static void cc_setup_state_desc(struct crypto_tfm *tfm,
4414 + break;
4415 + case DRV_CIPHER_XTS:
4416 + case DRV_CIPHER_ESSIV:
4417 ++ case DRV_CIPHER_BITLOCKER:
4418 ++ break;
4419 ++ default:
4420 ++ dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
4421 ++ }
4422 ++}
4423 ++
4424 ++
4425 ++static void cc_setup_xex_state_desc(struct crypto_tfm *tfm,
4426 ++ struct cipher_req_ctx *req_ctx,
4427 ++ unsigned int ivsize, unsigned int nbytes,
4428 ++ struct cc_hw_desc desc[],
4429 ++ unsigned int *seq_size)
4430 ++{
4431 ++ struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
4432 ++ struct device *dev = drvdata_to_dev(ctx_p->drvdata);
4433 ++ int cipher_mode = ctx_p->cipher_mode;
4434 ++ int flow_mode = ctx_p->flow_mode;
4435 ++ int direction = req_ctx->gen_ctx.op_type;
4436 ++ dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
4437 ++ unsigned int key_len = ctx_p->keylen;
4438 ++ dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
4439 ++ unsigned int du_size = nbytes;
4440 ++
4441 ++ struct cc_crypto_alg *cc_alg =
4442 ++ container_of(tfm->__crt_alg, struct cc_crypto_alg,
4443 ++ skcipher_alg.base);
4444 ++
4445 ++ if (cc_alg->data_unit)
4446 ++ du_size = cc_alg->data_unit;
4447 ++
4448 ++ switch (cipher_mode) {
4449 ++ case DRV_CIPHER_ECB:
4450 ++ break;
4451 ++ case DRV_CIPHER_CBC:
4452 ++ case DRV_CIPHER_CBC_CTS:
4453 ++ case DRV_CIPHER_CTR:
4454 ++ case DRV_CIPHER_OFB:
4455 ++ break;
4456 ++ case DRV_CIPHER_XTS:
4457 ++ case DRV_CIPHER_ESSIV:
4458 + case DRV_CIPHER_BITLOCKER:
4459 + /* load XEX key */
4460 + hw_desc_init(&desc[*seq_size]);
4461 +@@ -881,12 +921,14 @@ static int cc_cipher_process(struct skcipher_request *req,
4462 +
4463 + /* STAT_PHASE_2: Create sequence */
4464 +
4465 +- /* Setup IV and XEX key used */
4466 ++ /* Setup state (IV) */
4467 + cc_setup_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
4468 + /* Setup MLLI line, if needed */
4469 + cc_setup_mlli_desc(tfm, req_ctx, dst, src, nbytes, req, desc, &seq_len);
4470 + /* Setup key */
4471 + cc_setup_key_desc(tfm, req_ctx, nbytes, desc, &seq_len);
4472 ++ /* Setup state (IV and XEX key) */
4473 ++ cc_setup_xex_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
4474 + /* Data processing */
4475 + cc_setup_flow_desc(tfm, req_ctx, dst, src, nbytes, desc, &seq_len);
4476 + /* Read next IV */
4477 +diff --git a/drivers/crypto/ccree/cc_driver.h b/drivers/crypto/ccree/cc_driver.h
4478 +index ab31d4a68c80..7d2f7e2c0bb5 100644
4479 +--- a/drivers/crypto/ccree/cc_driver.h
4480 ++++ b/drivers/crypto/ccree/cc_driver.h
4481 +@@ -161,6 +161,7 @@ struct cc_drvdata {
4482 + int std_bodies;
4483 + bool sec_disabled;
4484 + u32 comp_mask;
4485 ++ bool pm_on;
4486 + };
4487 +
4488 + struct cc_crypto_alg {
4489 +diff --git a/drivers/crypto/ccree/cc_pm.c b/drivers/crypto/ccree/cc_pm.c
4490 +index dbc508fb719b..452bd77a9ba0 100644
4491 +--- a/drivers/crypto/ccree/cc_pm.c
4492 ++++ b/drivers/crypto/ccree/cc_pm.c
4493 +@@ -22,14 +22,8 @@ const struct dev_pm_ops ccree_pm = {
4494 + int cc_pm_suspend(struct device *dev)
4495 + {
4496 + struct cc_drvdata *drvdata = dev_get_drvdata(dev);
4497 +- int rc;
4498 +
4499 + dev_dbg(dev, "set HOST_POWER_DOWN_EN\n");
4500 +- rc = cc_suspend_req_queue(drvdata);
4501 +- if (rc) {
4502 +- dev_err(dev, "cc_suspend_req_queue (%x)\n", rc);
4503 +- return rc;
4504 +- }
4505 + fini_cc_regs(drvdata);
4506 + cc_iowrite(drvdata, CC_REG(HOST_POWER_DOWN_EN), POWER_DOWN_ENABLE);
4507 + cc_clk_off(drvdata);
4508 +@@ -63,13 +57,6 @@ int cc_pm_resume(struct device *dev)
4509 + /* check if tee fips error occurred during power down */
4510 + cc_tee_handle_fips_error(drvdata);
4511 +
4512 +- rc = cc_resume_req_queue(drvdata);
4513 +- if (rc) {
4514 +- dev_err(dev, "cc_resume_req_queue (%x)\n", rc);
4515 +- return rc;
4516 +- }
4517 +-
4518 +- /* must be after the queue resuming as it uses the HW queue*/
4519 + cc_init_hash_sram(drvdata);
4520 +
4521 + return 0;
4522 +@@ -80,12 +67,10 @@ int cc_pm_get(struct device *dev)
4523 + int rc = 0;
4524 + struct cc_drvdata *drvdata = dev_get_drvdata(dev);
4525 +
4526 +- if (cc_req_queue_suspended(drvdata))
4527 ++ if (drvdata->pm_on)
4528 + rc = pm_runtime_get_sync(dev);
4529 +- else
4530 +- pm_runtime_get_noresume(dev);
4531 +
4532 +- return rc;
4533 ++ return (rc == 1 ? 0 : rc);
4534 + }
4535 +
4536 + int cc_pm_put_suspend(struct device *dev)
4537 +@@ -93,14 +78,11 @@ int cc_pm_put_suspend(struct device *dev)
4538 + int rc = 0;
4539 + struct cc_drvdata *drvdata = dev_get_drvdata(dev);
4540 +
4541 +- if (!cc_req_queue_suspended(drvdata)) {
4542 ++ if (drvdata->pm_on) {
4543 + pm_runtime_mark_last_busy(dev);
4544 + rc = pm_runtime_put_autosuspend(dev);
4545 +- } else {
4546 +- /* Something wrong happens*/
4547 +- dev_err(dev, "request to suspend already suspended queue");
4548 +- rc = -EBUSY;
4549 + }
4550 ++
4551 + return rc;
4552 + }
4553 +
4554 +@@ -117,7 +99,7 @@ int cc_pm_init(struct cc_drvdata *drvdata)
4555 + /* must be before the enabling to avoid resdundent suspending */
4556 + pm_runtime_set_autosuspend_delay(dev, CC_SUSPEND_TIMEOUT);
4557 + pm_runtime_use_autosuspend(dev);
4558 +- /* activate the PM module */
4559 ++ /* set us as active - note we won't do PM ops until cc_pm_go()! */
4560 + return pm_runtime_set_active(dev);
4561 + }
4562 +
4563 +@@ -125,9 +107,11 @@ int cc_pm_init(struct cc_drvdata *drvdata)
4564 + void cc_pm_go(struct cc_drvdata *drvdata)
4565 + {
4566 + pm_runtime_enable(drvdata_to_dev(drvdata));
4567 ++ drvdata->pm_on = true;
4568 + }
4569 +
4570 + void cc_pm_fini(struct cc_drvdata *drvdata)
4571 + {
4572 + pm_runtime_disable(drvdata_to_dev(drvdata));
4573 ++ drvdata->pm_on = false;
4574 + }
4575 +diff --git a/drivers/crypto/ccree/cc_request_mgr.c b/drivers/crypto/ccree/cc_request_mgr.c
4576 +index a947d5a2cf35..37e6fee37b13 100644
4577 +--- a/drivers/crypto/ccree/cc_request_mgr.c
4578 ++++ b/drivers/crypto/ccree/cc_request_mgr.c
4579 +@@ -41,7 +41,6 @@ struct cc_req_mgr_handle {
4580 + #else
4581 + struct tasklet_struct comptask;
4582 + #endif
4583 +- bool is_runtime_suspended;
4584 + };
4585 +
4586 + struct cc_bl_item {
4587 +@@ -404,6 +403,7 @@ static void cc_proc_backlog(struct cc_drvdata *drvdata)
4588 + spin_lock(&mgr->bl_lock);
4589 + list_del(&bli->list);
4590 + --mgr->bl_len;
4591 ++ kfree(bli);
4592 + }
4593 +
4594 + spin_unlock(&mgr->bl_lock);
4595 +@@ -677,52 +677,3 @@ static void comp_handler(unsigned long devarg)
4596 + cc_proc_backlog(drvdata);
4597 + dev_dbg(dev, "Comp. handler done.\n");
4598 + }
4599 +-
4600 +-/*
4601 +- * resume the queue configuration - no need to take the lock as this happens
4602 +- * inside the spin lock protection
4603 +- */
4604 +-#if defined(CONFIG_PM)
4605 +-int cc_resume_req_queue(struct cc_drvdata *drvdata)
4606 +-{
4607 +- struct cc_req_mgr_handle *request_mgr_handle =
4608 +- drvdata->request_mgr_handle;
4609 +-
4610 +- spin_lock_bh(&request_mgr_handle->hw_lock);
4611 +- request_mgr_handle->is_runtime_suspended = false;
4612 +- spin_unlock_bh(&request_mgr_handle->hw_lock);
4613 +-
4614 +- return 0;
4615 +-}
4616 +-
4617 +-/*
4618 +- * suspend the queue configuration. Since it is used for the runtime suspend
4619 +- * only verify that the queue can be suspended.
4620 +- */
4621 +-int cc_suspend_req_queue(struct cc_drvdata *drvdata)
4622 +-{
4623 +- struct cc_req_mgr_handle *request_mgr_handle =
4624 +- drvdata->request_mgr_handle;
4625 +-
4626 +- /* lock the send_request */
4627 +- spin_lock_bh(&request_mgr_handle->hw_lock);
4628 +- if (request_mgr_handle->req_queue_head !=
4629 +- request_mgr_handle->req_queue_tail) {
4630 +- spin_unlock_bh(&request_mgr_handle->hw_lock);
4631 +- return -EBUSY;
4632 +- }
4633 +- request_mgr_handle->is_runtime_suspended = true;
4634 +- spin_unlock_bh(&request_mgr_handle->hw_lock);
4635 +-
4636 +- return 0;
4637 +-}
4638 +-
4639 +-bool cc_req_queue_suspended(struct cc_drvdata *drvdata)
4640 +-{
4641 +- struct cc_req_mgr_handle *request_mgr_handle =
4642 +- drvdata->request_mgr_handle;
4643 +-
4644 +- return request_mgr_handle->is_runtime_suspended;
4645 +-}
4646 +-
4647 +-#endif
4648 +diff --git a/drivers/crypto/ccree/cc_request_mgr.h b/drivers/crypto/ccree/cc_request_mgr.h
4649 +index f46cf766fe4d..ff7746aaaf35 100644
4650 +--- a/drivers/crypto/ccree/cc_request_mgr.h
4651 ++++ b/drivers/crypto/ccree/cc_request_mgr.h
4652 +@@ -40,12 +40,4 @@ void complete_request(struct cc_drvdata *drvdata);
4653 +
4654 + void cc_req_mgr_fini(struct cc_drvdata *drvdata);
4655 +
4656 +-#if defined(CONFIG_PM)
4657 +-int cc_resume_req_queue(struct cc_drvdata *drvdata);
4658 +-
4659 +-int cc_suspend_req_queue(struct cc_drvdata *drvdata);
4660 +-
4661 +-bool cc_req_queue_suspended(struct cc_drvdata *drvdata);
4662 +-#endif
4663 +-
4664 + #endif /*__REQUEST_MGR_H__*/
4665 +diff --git a/drivers/crypto/hisilicon/Kconfig b/drivers/crypto/hisilicon/Kconfig
4666 +index 504daff7687d..f7f0a1fb6895 100644
4667 +--- a/drivers/crypto/hisilicon/Kconfig
4668 ++++ b/drivers/crypto/hisilicon/Kconfig
4669 +@@ -35,6 +35,5 @@ config CRYPTO_DEV_HISI_ZIP
4670 + depends on ARM64 && PCI && PCI_MSI
4671 + select CRYPTO_DEV_HISI_QM
4672 + select CRYPTO_HISI_SGL
4673 +- select SG_SPLIT
4674 + help
4675 + Support for HiSilicon ZIP Driver
4676 +diff --git a/drivers/crypto/hisilicon/zip/zip.h b/drivers/crypto/hisilicon/zip/zip.h
4677 +index ffb00d987d02..99f21d848d4f 100644
4678 +--- a/drivers/crypto/hisilicon/zip/zip.h
4679 ++++ b/drivers/crypto/hisilicon/zip/zip.h
4680 +@@ -12,6 +12,10 @@
4681 +
4682 + /* hisi_zip_sqe dw3 */
4683 + #define HZIP_BD_STATUS_M GENMASK(7, 0)
4684 ++/* hisi_zip_sqe dw7 */
4685 ++#define HZIP_IN_SGE_DATA_OFFSET_M GENMASK(23, 0)
4686 ++/* hisi_zip_sqe dw8 */
4687 ++#define HZIP_OUT_SGE_DATA_OFFSET_M GENMASK(23, 0)
4688 + /* hisi_zip_sqe dw9 */
4689 + #define HZIP_REQ_TYPE_M GENMASK(7, 0)
4690 + #define HZIP_ALG_TYPE_ZLIB 0x02
4691 +diff --git a/drivers/crypto/hisilicon/zip/zip_crypto.c b/drivers/crypto/hisilicon/zip/zip_crypto.c
4692 +index 59023545a1c4..cf34bfdfb3e6 100644
4693 +--- a/drivers/crypto/hisilicon/zip/zip_crypto.c
4694 ++++ b/drivers/crypto/hisilicon/zip/zip_crypto.c
4695 +@@ -45,10 +45,8 @@ enum hisi_zip_alg_type {
4696 +
4697 + struct hisi_zip_req {
4698 + struct acomp_req *req;
4699 +- struct scatterlist *src;
4700 +- struct scatterlist *dst;
4701 +- size_t slen;
4702 +- size_t dlen;
4703 ++ int sskip;
4704 ++ int dskip;
4705 + struct hisi_acc_hw_sgl *hw_src;
4706 + struct hisi_acc_hw_sgl *hw_dst;
4707 + dma_addr_t dma_src;
4708 +@@ -94,13 +92,15 @@ static void hisi_zip_config_tag(struct hisi_zip_sqe *sqe, u32 tag)
4709 +
4710 + static void hisi_zip_fill_sqe(struct hisi_zip_sqe *sqe, u8 req_type,
4711 + dma_addr_t s_addr, dma_addr_t d_addr, u32 slen,
4712 +- u32 dlen)
4713 ++ u32 dlen, int sskip, int dskip)
4714 + {
4715 + memset(sqe, 0, sizeof(struct hisi_zip_sqe));
4716 +
4717 +- sqe->input_data_length = slen;
4718 ++ sqe->input_data_length = slen - sskip;
4719 ++ sqe->dw7 = FIELD_PREP(HZIP_IN_SGE_DATA_OFFSET_M, sskip);
4720 ++ sqe->dw8 = FIELD_PREP(HZIP_OUT_SGE_DATA_OFFSET_M, dskip);
4721 + sqe->dw9 = FIELD_PREP(HZIP_REQ_TYPE_M, req_type);
4722 +- sqe->dest_avail_out = dlen;
4723 ++ sqe->dest_avail_out = dlen - dskip;
4724 + sqe->source_addr_l = lower_32_bits(s_addr);
4725 + sqe->source_addr_h = upper_32_bits(s_addr);
4726 + sqe->dest_addr_l = lower_32_bits(d_addr);
4727 +@@ -301,11 +301,6 @@ static void hisi_zip_remove_req(struct hisi_zip_qp_ctx *qp_ctx,
4728 + {
4729 + struct hisi_zip_req_q *req_q = &qp_ctx->req_q;
4730 +
4731 +- if (qp_ctx->qp->alg_type == HZIP_ALG_TYPE_COMP)
4732 +- kfree(req->dst);
4733 +- else
4734 +- kfree(req->src);
4735 +-
4736 + write_lock(&req_q->req_lock);
4737 + clear_bit(req->req_id, req_q->req_bitmap);
4738 + memset(req, 0, sizeof(struct hisi_zip_req));
4739 +@@ -333,8 +328,8 @@ static void hisi_zip_acomp_cb(struct hisi_qp *qp, void *data)
4740 + }
4741 + dlen = sqe->produced;
4742 +
4743 +- hisi_acc_sg_buf_unmap(dev, req->src, req->hw_src);
4744 +- hisi_acc_sg_buf_unmap(dev, req->dst, req->hw_dst);
4745 ++ hisi_acc_sg_buf_unmap(dev, acomp_req->src, req->hw_src);
4746 ++ hisi_acc_sg_buf_unmap(dev, acomp_req->dst, req->hw_dst);
4747 +
4748 + head_size = (qp->alg_type == 0) ? TO_HEAD_SIZE(qp->req_type) : 0;
4749 + acomp_req->dlen = dlen + head_size;
4750 +@@ -428,20 +423,6 @@ static size_t get_comp_head_size(struct scatterlist *src, u8 req_type)
4751 + }
4752 + }
4753 +
4754 +-static int get_sg_skip_bytes(struct scatterlist *sgl, size_t bytes,
4755 +- size_t remains, struct scatterlist **out)
4756 +-{
4757 +-#define SPLIT_NUM 2
4758 +- size_t split_sizes[SPLIT_NUM];
4759 +- int out_mapped_nents[SPLIT_NUM];
4760 +-
4761 +- split_sizes[0] = bytes;
4762 +- split_sizes[1] = remains;
4763 +-
4764 +- return sg_split(sgl, 0, 0, SPLIT_NUM, split_sizes, out,
4765 +- out_mapped_nents, GFP_KERNEL);
4766 +-}
4767 +-
4768 + static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
4769 + struct hisi_zip_qp_ctx *qp_ctx,
4770 + size_t head_size, bool is_comp)
4771 +@@ -449,31 +430,7 @@ static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
4772 + struct hisi_zip_req_q *req_q = &qp_ctx->req_q;
4773 + struct hisi_zip_req *q = req_q->q;
4774 + struct hisi_zip_req *req_cache;
4775 +- struct scatterlist *out[2];
4776 +- struct scatterlist *sgl;
4777 +- size_t len;
4778 +- int ret, req_id;
4779 +-
4780 +- /*
4781 +- * remove/add zlib/gzip head, as hardware operations do not include
4782 +- * comp head. so split req->src to get sgl without heads in acomp, or
4783 +- * add comp head to req->dst ahead of that hardware output compressed
4784 +- * data in sgl splited from req->dst without comp head.
4785 +- */
4786 +- if (is_comp) {
4787 +- sgl = req->dst;
4788 +- len = req->dlen - head_size;
4789 +- } else {
4790 +- sgl = req->src;
4791 +- len = req->slen - head_size;
4792 +- }
4793 +-
4794 +- ret = get_sg_skip_bytes(sgl, head_size, len, out);
4795 +- if (ret)
4796 +- return ERR_PTR(ret);
4797 +-
4798 +- /* sgl for comp head is useless, so free it now */
4799 +- kfree(out[0]);
4800 ++ int req_id;
4801 +
4802 + write_lock(&req_q->req_lock);
4803 +
4804 +@@ -481,7 +438,6 @@ static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
4805 + if (req_id >= req_q->size) {
4806 + write_unlock(&req_q->req_lock);
4807 + dev_dbg(&qp_ctx->qp->qm->pdev->dev, "req cache is full!\n");
4808 +- kfree(out[1]);
4809 + return ERR_PTR(-EBUSY);
4810 + }
4811 + set_bit(req_id, req_q->req_bitmap);
4812 +@@ -489,16 +445,13 @@ static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
4813 + req_cache = q + req_id;
4814 + req_cache->req_id = req_id;
4815 + req_cache->req = req;
4816 ++
4817 + if (is_comp) {
4818 +- req_cache->src = req->src;
4819 +- req_cache->dst = out[1];
4820 +- req_cache->slen = req->slen;
4821 +- req_cache->dlen = req->dlen - head_size;
4822 ++ req_cache->sskip = 0;
4823 ++ req_cache->dskip = head_size;
4824 + } else {
4825 +- req_cache->src = out[1];
4826 +- req_cache->dst = req->dst;
4827 +- req_cache->slen = req->slen - head_size;
4828 +- req_cache->dlen = req->dlen;
4829 ++ req_cache->sskip = head_size;
4830 ++ req_cache->dskip = 0;
4831 + }
4832 +
4833 + write_unlock(&req_q->req_lock);
4834 +@@ -510,6 +463,7 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
4835 + struct hisi_zip_qp_ctx *qp_ctx)
4836 + {
4837 + struct hisi_zip_sqe *zip_sqe = &qp_ctx->zip_sqe;
4838 ++ struct acomp_req *a_req = req->req;
4839 + struct hisi_qp *qp = qp_ctx->qp;
4840 + struct device *dev = &qp->qm->pdev->dev;
4841 + struct hisi_acc_sgl_pool *pool = &qp_ctx->sgl_pool;
4842 +@@ -517,16 +471,16 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
4843 + dma_addr_t output;
4844 + int ret;
4845 +
4846 +- if (!req->src || !req->slen || !req->dst || !req->dlen)
4847 ++ if (!a_req->src || !a_req->slen || !a_req->dst || !a_req->dlen)
4848 + return -EINVAL;
4849 +
4850 +- req->hw_src = hisi_acc_sg_buf_map_to_hw_sgl(dev, req->src, pool,
4851 ++ req->hw_src = hisi_acc_sg_buf_map_to_hw_sgl(dev, a_req->src, pool,
4852 + req->req_id << 1, &input);
4853 + if (IS_ERR(req->hw_src))
4854 + return PTR_ERR(req->hw_src);
4855 + req->dma_src = input;
4856 +
4857 +- req->hw_dst = hisi_acc_sg_buf_map_to_hw_sgl(dev, req->dst, pool,
4858 ++ req->hw_dst = hisi_acc_sg_buf_map_to_hw_sgl(dev, a_req->dst, pool,
4859 + (req->req_id << 1) + 1,
4860 + &output);
4861 + if (IS_ERR(req->hw_dst)) {
4862 +@@ -535,8 +489,8 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
4863 + }
4864 + req->dma_dst = output;
4865 +
4866 +- hisi_zip_fill_sqe(zip_sqe, qp->req_type, input, output, req->slen,
4867 +- req->dlen);
4868 ++ hisi_zip_fill_sqe(zip_sqe, qp->req_type, input, output, a_req->slen,
4869 ++ a_req->dlen, req->sskip, req->dskip);
4870 + hisi_zip_config_buf_type(zip_sqe, HZIP_SGL);
4871 + hisi_zip_config_tag(zip_sqe, req->req_id);
4872 +
4873 +@@ -548,9 +502,9 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
4874 + return -EINPROGRESS;
4875 +
4876 + err_unmap_output:
4877 +- hisi_acc_sg_buf_unmap(dev, req->dst, req->hw_dst);
4878 ++ hisi_acc_sg_buf_unmap(dev, a_req->dst, req->hw_dst);
4879 + err_unmap_input:
4880 +- hisi_acc_sg_buf_unmap(dev, req->src, req->hw_src);
4881 ++ hisi_acc_sg_buf_unmap(dev, a_req->src, req->hw_src);
4882 + return ret;
4883 + }
4884 +
4885 +diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c
4886 +index 3cbefb41b099..2680e1525db5 100644
4887 +--- a/drivers/crypto/picoxcell_crypto.c
4888 ++++ b/drivers/crypto/picoxcell_crypto.c
4889 +@@ -1613,6 +1613,11 @@ static const struct of_device_id spacc_of_id_table[] = {
4890 + MODULE_DEVICE_TABLE(of, spacc_of_id_table);
4891 + #endif /* CONFIG_OF */
4892 +
4893 ++static void spacc_tasklet_kill(void *data)
4894 ++{
4895 ++ tasklet_kill(data);
4896 ++}
4897 ++
4898 + static int spacc_probe(struct platform_device *pdev)
4899 + {
4900 + int i, err, ret;
4901 +@@ -1655,6 +1660,14 @@ static int spacc_probe(struct platform_device *pdev)
4902 + return -ENXIO;
4903 + }
4904 +
4905 ++ tasklet_init(&engine->complete, spacc_spacc_complete,
4906 ++ (unsigned long)engine);
4907 ++
4908 ++ ret = devm_add_action(&pdev->dev, spacc_tasklet_kill,
4909 ++ &engine->complete);
4910 ++ if (ret)
4911 ++ return ret;
4912 ++
4913 + if (devm_request_irq(&pdev->dev, irq->start, spacc_spacc_irq, 0,
4914 + engine->name, engine)) {
4915 + dev_err(engine->dev, "failed to request IRQ\n");
4916 +@@ -1712,8 +1725,6 @@ static int spacc_probe(struct platform_device *pdev)
4917 + INIT_LIST_HEAD(&engine->completed);
4918 + INIT_LIST_HEAD(&engine->in_progress);
4919 + engine->in_flight = 0;
4920 +- tasklet_init(&engine->complete, spacc_spacc_complete,
4921 +- (unsigned long)engine);
4922 +
4923 + platform_set_drvdata(pdev, engine);
4924 +
4925 +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
4926 +index ee1dc75f5ddc..1d733b57e60f 100644
4927 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
4928 ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
4929 +@@ -247,7 +247,8 @@ bool dm_helpers_dp_mst_write_payload_allocation_table(
4930 + drm_dp_mst_reset_vcpi_slots(mst_mgr, mst_port);
4931 + }
4932 +
4933 +- ret = drm_dp_update_payload_part1(mst_mgr);
4934 ++ /* It's OK for this to fail */
4935 ++ drm_dp_update_payload_part1(mst_mgr);
4936 +
4937 + /* mst_mgr->->payloads are VC payload notify MST branch using DPCD or
4938 + * AUX message. The sequence is slot 1-63 allocated sequence for each
4939 +@@ -256,9 +257,6 @@ bool dm_helpers_dp_mst_write_payload_allocation_table(
4940 +
4941 + get_payload_table(aconnector, proposed_table);
4942 +
4943 +- if (ret)
4944 +- return false;
4945 +-
4946 + return true;
4947 + }
4948 +
4949 +@@ -316,7 +314,6 @@ bool dm_helpers_dp_mst_send_payload_allocation(
4950 + struct amdgpu_dm_connector *aconnector;
4951 + struct drm_dp_mst_topology_mgr *mst_mgr;
4952 + struct drm_dp_mst_port *mst_port;
4953 +- int ret;
4954 +
4955 + aconnector = (struct amdgpu_dm_connector *)stream->dm_stream_context;
4956 +
4957 +@@ -330,10 +327,8 @@ bool dm_helpers_dp_mst_send_payload_allocation(
4958 + if (!mst_mgr->mst_state)
4959 + return false;
4960 +
4961 +- ret = drm_dp_update_payload_part2(mst_mgr);
4962 +-
4963 +- if (ret)
4964 +- return false;
4965 ++ /* It's OK for this to fail */
4966 ++ drm_dp_update_payload_part2(mst_mgr);
4967 +
4968 + if (!enable)
4969 + drm_dp_mst_deallocate_vcpi(mst_mgr, mst_port);
4970 +diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
4971 +index f2e73e6d46b8..10985134ce0b 100644
4972 +--- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
4973 ++++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
4974 +@@ -73,7 +73,11 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
4975 + unsigned long prate;
4976 + unsigned int mask = ATMEL_HLCDC_CLKDIV_MASK | ATMEL_HLCDC_CLKPOL;
4977 + unsigned int cfg = 0;
4978 +- int div;
4979 ++ int div, ret;
4980 ++
4981 ++ ret = clk_prepare_enable(crtc->dc->hlcdc->sys_clk);
4982 ++ if (ret)
4983 ++ return;
4984 +
4985 + vm.vfront_porch = adj->crtc_vsync_start - adj->crtc_vdisplay;
4986 + vm.vback_porch = adj->crtc_vtotal - adj->crtc_vsync_end;
4987 +@@ -95,14 +99,14 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
4988 + (adj->crtc_hdisplay - 1) |
4989 + ((adj->crtc_vdisplay - 1) << 16));
4990 +
4991 ++ prate = clk_get_rate(crtc->dc->hlcdc->sys_clk);
4992 ++ mode_rate = adj->crtc_clock * 1000;
4993 + if (!crtc->dc->desc->fixed_clksrc) {
4994 ++ prate *= 2;
4995 + cfg |= ATMEL_HLCDC_CLKSEL;
4996 + mask |= ATMEL_HLCDC_CLKSEL;
4997 + }
4998 +
4999 +- prate = 2 * clk_get_rate(crtc->dc->hlcdc->sys_clk);
5000 +- mode_rate = adj->crtc_clock * 1000;
5001 +-
5002 + div = DIV_ROUND_UP(prate, mode_rate);
5003 + if (div < 2) {
5004 + div = 2;
5005 +@@ -117,8 +121,8 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
5006 + int div_low = prate / mode_rate;
5007 +
5008 + if (div_low >= 2 &&
5009 +- ((prate / div_low - mode_rate) <
5010 +- 10 * (mode_rate - prate / div)))
5011 ++ (10 * (prate / div_low - mode_rate) <
5012 ++ (mode_rate - prate / div)))
5013 + /*
5014 + * At least 10 times better when using a higher
5015 + * frequency than requested, instead of a lower.
5016 +@@ -147,6 +151,8 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
5017 + ATMEL_HLCDC_VSPSU | ATMEL_HLCDC_VSPHO |
5018 + ATMEL_HLCDC_GUARDTIME_MASK | ATMEL_HLCDC_MODE_MASK,
5019 + cfg);
5020 ++
5021 ++ clk_disable_unprepare(crtc->dc->hlcdc->sys_clk);
5022 + }
5023 +
5024 + static enum drm_mode_status
5025 +diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
5026 +index a48a4c21b1b3..c5e9e2305fff 100644
5027 +--- a/drivers/gpu/drm/drm_dp_mst_topology.c
5028 ++++ b/drivers/gpu/drm/drm_dp_mst_topology.c
5029 +@@ -2694,6 +2694,7 @@ static bool drm_dp_get_vc_payload_bw(int dp_link_bw,
5030 + int drm_dp_mst_topology_mgr_set_mst(struct drm_dp_mst_topology_mgr *mgr, bool mst_state)
5031 + {
5032 + int ret = 0;
5033 ++ int i = 0;
5034 + struct drm_dp_mst_branch *mstb = NULL;
5035 +
5036 + mutex_lock(&mgr->lock);
5037 +@@ -2754,10 +2755,21 @@ int drm_dp_mst_topology_mgr_set_mst(struct drm_dp_mst_topology_mgr *mgr, bool ms
5038 + /* this can fail if the device is gone */
5039 + drm_dp_dpcd_writeb(mgr->aux, DP_MSTM_CTRL, 0);
5040 + ret = 0;
5041 ++ mutex_lock(&mgr->payload_lock);
5042 + memset(mgr->payloads, 0, mgr->max_payloads * sizeof(struct drm_dp_payload));
5043 + mgr->payload_mask = 0;
5044 + set_bit(0, &mgr->payload_mask);
5045 ++ for (i = 0; i < mgr->max_payloads; i++) {
5046 ++ struct drm_dp_vcpi *vcpi = mgr->proposed_vcpis[i];
5047 ++
5048 ++ if (vcpi) {
5049 ++ vcpi->vcpi = 0;
5050 ++ vcpi->num_slots = 0;
5051 ++ }
5052 ++ mgr->proposed_vcpis[i] = NULL;
5053 ++ }
5054 + mgr->vcpi_mask = 0;
5055 ++ mutex_unlock(&mgr->payload_lock);
5056 + }
5057 +
5058 + out_unlock:
5059 +diff --git a/drivers/gpu/drm/drm_rect.c b/drivers/gpu/drm/drm_rect.c
5060 +index b8363aaa9032..818738e83d06 100644
5061 +--- a/drivers/gpu/drm/drm_rect.c
5062 ++++ b/drivers/gpu/drm/drm_rect.c
5063 +@@ -54,7 +54,12 @@ EXPORT_SYMBOL(drm_rect_intersect);
5064 +
5065 + static u32 clip_scaled(u32 src, u32 dst, u32 clip)
5066 + {
5067 +- u64 tmp = mul_u32_u32(src, dst - clip);
5068 ++ u64 tmp;
5069 ++
5070 ++ if (dst == 0)
5071 ++ return 0;
5072 ++
5073 ++ tmp = mul_u32_u32(src, dst - clip);
5074 +
5075 + /*
5076 + * Round toward 1.0 when clipping so that we don't accidentally
5077 +diff --git a/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c b/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c
5078 +index 772f0753ed38..aaf2f26f8505 100644
5079 +--- a/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c
5080 ++++ b/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c
5081 +@@ -121,7 +121,7 @@ static void mdp4_dsi_encoder_enable(struct drm_encoder *encoder)
5082 + if (mdp4_dsi_encoder->enabled)
5083 + return;
5084 +
5085 +- mdp4_crtc_set_config(encoder->crtc,
5086 ++ mdp4_crtc_set_config(encoder->crtc,
5087 + MDP4_DMA_CONFIG_PACK_ALIGN_MSB |
5088 + MDP4_DMA_CONFIG_DEFLKR_EN |
5089 + MDP4_DMA_CONFIG_DITHER_EN |
5090 +diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
5091 +index 34bd73526afd..930674117533 100644
5092 +--- a/drivers/hv/hv_balloon.c
5093 ++++ b/drivers/hv/hv_balloon.c
5094 +@@ -1213,10 +1213,7 @@ static unsigned int alloc_balloon_pages(struct hv_dynmem_device *dm,
5095 + unsigned int i, j;
5096 + struct page *pg;
5097 +
5098 +- if (num_pages < alloc_unit)
5099 +- return 0;
5100 +-
5101 +- for (i = 0; (i * alloc_unit) < num_pages; i++) {
5102 ++ for (i = 0; i < num_pages / alloc_unit; i++) {
5103 + if (bl_resp->hdr.size + sizeof(union dm_mem_page_range) >
5104 + PAGE_SIZE)
5105 + return i * alloc_unit;
5106 +@@ -1254,7 +1251,7 @@ static unsigned int alloc_balloon_pages(struct hv_dynmem_device *dm,
5107 +
5108 + }
5109 +
5110 +- return num_pages;
5111 ++ return i * alloc_unit;
5112 + }
5113 +
5114 + static void balloon_up(struct work_struct *dummy)
5115 +@@ -1269,9 +1266,6 @@ static void balloon_up(struct work_struct *dummy)
5116 + long avail_pages;
5117 + unsigned long floor;
5118 +
5119 +- /* The host balloons pages in 2M granularity. */
5120 +- WARN_ON_ONCE(num_pages % PAGES_IN_2M != 0);
5121 +-
5122 + /*
5123 + * We will attempt 2M allocations. However, if we fail to
5124 + * allocate 2M chunks, we will go back to 4k allocations.
5125 +@@ -1281,14 +1275,13 @@ static void balloon_up(struct work_struct *dummy)
5126 + avail_pages = si_mem_available();
5127 + floor = compute_balloon_floor();
5128 +
5129 +- /* Refuse to balloon below the floor, keep the 2M granularity. */
5130 ++ /* Refuse to balloon below the floor. */
5131 + if (avail_pages < num_pages || avail_pages - num_pages < floor) {
5132 + pr_warn("Balloon request will be partially fulfilled. %s\n",
5133 + avail_pages < num_pages ? "Not enough memory." :
5134 + "Balloon floor reached.");
5135 +
5136 + num_pages = avail_pages > floor ? (avail_pages - floor) : 0;
5137 +- num_pages -= num_pages % PAGES_IN_2M;
5138 + }
5139 +
5140 + while (!done) {
5141 +diff --git a/drivers/infiniband/core/umem_odp.c b/drivers/infiniband/core/umem_odp.c
5142 +index 163ff7ba92b7..fedf6829cdec 100644
5143 +--- a/drivers/infiniband/core/umem_odp.c
5144 ++++ b/drivers/infiniband/core/umem_odp.c
5145 +@@ -632,7 +632,7 @@ int ib_umem_odp_map_dma_pages(struct ib_umem_odp *umem_odp, u64 user_virt,
5146 +
5147 + while (bcnt > 0) {
5148 + const size_t gup_num_pages = min_t(size_t,
5149 +- (bcnt + BIT(page_shift) - 1) >> page_shift,
5150 ++ ALIGN(bcnt, PAGE_SIZE) / PAGE_SIZE,
5151 + PAGE_SIZE / sizeof(struct page *));
5152 +
5153 + down_read(&owning_mm->mmap_sem);
5154 +diff --git a/drivers/infiniband/hw/mlx5/gsi.c b/drivers/infiniband/hw/mlx5/gsi.c
5155 +index 4950df3f71b6..5c73c0a790fa 100644
5156 +--- a/drivers/infiniband/hw/mlx5/gsi.c
5157 ++++ b/drivers/infiniband/hw/mlx5/gsi.c
5158 +@@ -507,8 +507,7 @@ int mlx5_ib_gsi_post_send(struct ib_qp *qp, const struct ib_send_wr *wr,
5159 + ret = ib_post_send(tx_qp, &cur_wr.wr, bad_wr);
5160 + if (ret) {
5161 + /* Undo the effect of adding the outstanding wr */
5162 +- gsi->outstanding_pi = (gsi->outstanding_pi - 1) %
5163 +- gsi->cap.max_send_wr;
5164 ++ gsi->outstanding_pi--;
5165 + goto err;
5166 + }
5167 + spin_unlock_irqrestore(&gsi->lock, flags);
5168 +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
5169 +index deb924e1d790..3d2b63585da9 100644
5170 +--- a/drivers/md/bcache/bcache.h
5171 ++++ b/drivers/md/bcache/bcache.h
5172 +@@ -329,6 +329,9 @@ struct cached_dev {
5173 + */
5174 + atomic_t has_dirty;
5175 +
5176 ++#define BCH_CACHE_READA_ALL 0
5177 ++#define BCH_CACHE_READA_META_ONLY 1
5178 ++ unsigned int cache_readahead_policy;
5179 + struct bch_ratelimit writeback_rate;
5180 + struct delayed_work writeback_rate_update;
5181 +
5182 +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
5183 +index 41adcd1546f1..4045ae748f17 100644
5184 +--- a/drivers/md/bcache/request.c
5185 ++++ b/drivers/md/bcache/request.c
5186 +@@ -391,13 +391,20 @@ static bool check_should_bypass(struct cached_dev *dc, struct bio *bio)
5187 + goto skip;
5188 +
5189 + /*
5190 +- * Flag for bypass if the IO is for read-ahead or background,
5191 +- * unless the read-ahead request is for metadata
5192 ++ * If the bio is for read-ahead or background IO, bypass it or
5193 ++ * not depends on the following situations,
5194 ++ * - If the IO is for meta data, always cache it and no bypass
5195 ++ * - If the IO is not meta data, check dc->cache_reada_policy,
5196 ++ * BCH_CACHE_READA_ALL: cache it and not bypass
5197 ++ * BCH_CACHE_READA_META_ONLY: not cache it and bypass
5198 ++ * That is, read-ahead request for metadata always get cached
5199 + * (eg, for gfs2 or xfs).
5200 + */
5201 +- if (bio->bi_opf & (REQ_RAHEAD|REQ_BACKGROUND) &&
5202 +- !(bio->bi_opf & (REQ_META|REQ_PRIO)))
5203 +- goto skip;
5204 ++ if ((bio->bi_opf & (REQ_RAHEAD|REQ_BACKGROUND))) {
5205 ++ if (!(bio->bi_opf & (REQ_META|REQ_PRIO)) &&
5206 ++ (dc->cache_readahead_policy != BCH_CACHE_READA_ALL))
5207 ++ goto skip;
5208 ++ }
5209 +
5210 + if (bio->bi_iter.bi_sector & (c->sb.block_size - 1) ||
5211 + bio_sectors(bio) & (c->sb.block_size - 1)) {
5212 +diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
5213 +index 627dcea0f5b6..7f0fb4b5755a 100644
5214 +--- a/drivers/md/bcache/sysfs.c
5215 ++++ b/drivers/md/bcache/sysfs.c
5216 +@@ -27,6 +27,12 @@ static const char * const bch_cache_modes[] = {
5217 + NULL
5218 + };
5219 +
5220 ++static const char * const bch_reada_cache_policies[] = {
5221 ++ "all",
5222 ++ "meta-only",
5223 ++ NULL
5224 ++};
5225 ++
5226 + /* Default is 0 ("auto") */
5227 + static const char * const bch_stop_on_failure_modes[] = {
5228 + "auto",
5229 +@@ -100,6 +106,7 @@ rw_attribute(congested_write_threshold_us);
5230 + rw_attribute(sequential_cutoff);
5231 + rw_attribute(data_csum);
5232 + rw_attribute(cache_mode);
5233 ++rw_attribute(readahead_cache_policy);
5234 + rw_attribute(stop_when_cache_set_failed);
5235 + rw_attribute(writeback_metadata);
5236 + rw_attribute(writeback_running);
5237 +@@ -167,6 +174,11 @@ SHOW(__bch_cached_dev)
5238 + bch_cache_modes,
5239 + BDEV_CACHE_MODE(&dc->sb));
5240 +
5241 ++ if (attr == &sysfs_readahead_cache_policy)
5242 ++ return bch_snprint_string_list(buf, PAGE_SIZE,
5243 ++ bch_reada_cache_policies,
5244 ++ dc->cache_readahead_policy);
5245 ++
5246 + if (attr == &sysfs_stop_when_cache_set_failed)
5247 + return bch_snprint_string_list(buf, PAGE_SIZE,
5248 + bch_stop_on_failure_modes,
5249 +@@ -352,6 +364,15 @@ STORE(__cached_dev)
5250 + }
5251 + }
5252 +
5253 ++ if (attr == &sysfs_readahead_cache_policy) {
5254 ++ v = __sysfs_match_string(bch_reada_cache_policies, -1, buf);
5255 ++ if (v < 0)
5256 ++ return v;
5257 ++
5258 ++ if ((unsigned int) v != dc->cache_readahead_policy)
5259 ++ dc->cache_readahead_policy = v;
5260 ++ }
5261 ++
5262 + if (attr == &sysfs_stop_when_cache_set_failed) {
5263 + v = __sysfs_match_string(bch_stop_on_failure_modes, -1, buf);
5264 + if (v < 0)
5265 +@@ -466,6 +487,7 @@ static struct attribute *bch_cached_dev_files[] = {
5266 + &sysfs_data_csum,
5267 + #endif
5268 + &sysfs_cache_mode,
5269 ++ &sysfs_readahead_cache_policy,
5270 + &sysfs_stop_when_cache_set_failed,
5271 + &sysfs_writeback_metadata,
5272 + &sysfs_writeback_running,
5273 +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
5274 +index eb9782fc93fe..492bbe0584d9 100644
5275 +--- a/drivers/md/dm-crypt.c
5276 ++++ b/drivers/md/dm-crypt.c
5277 +@@ -331,8 +331,14 @@ static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv,
5278 + static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
5279 + const char *opts)
5280 + {
5281 +- unsigned bs = crypto_skcipher_blocksize(any_tfm(cc));
5282 +- int log = ilog2(bs);
5283 ++ unsigned bs;
5284 ++ int log;
5285 ++
5286 ++ if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags))
5287 ++ bs = crypto_aead_blocksize(any_tfm_aead(cc));
5288 ++ else
5289 ++ bs = crypto_skcipher_blocksize(any_tfm(cc));
5290 ++ log = ilog2(bs);
5291 +
5292 + /* we need to calculate how far we must shift the sector count
5293 + * to get the cipher block count, we use this shift in _gen */
5294 +@@ -717,7 +723,7 @@ static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv,
5295 + struct crypto_wait wait;
5296 + int err;
5297 +
5298 +- req = skcipher_request_alloc(any_tfm(cc), GFP_KERNEL | GFP_NOFS);
5299 ++ req = skcipher_request_alloc(any_tfm(cc), GFP_NOIO);
5300 + if (!req)
5301 + return -ENOMEM;
5302 +
5303 +diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
5304 +index b88d6d701f5b..8bb723f1a569 100644
5305 +--- a/drivers/md/dm-thin-metadata.c
5306 ++++ b/drivers/md/dm-thin-metadata.c
5307 +@@ -387,16 +387,15 @@ static int subtree_equal(void *context, const void *value1_le, const void *value
5308 + * Variant that is used for in-core only changes or code that
5309 + * shouldn't put the pool in service on its own (e.g. commit).
5310 + */
5311 +-static inline void __pmd_write_lock(struct dm_pool_metadata *pmd)
5312 ++static inline void pmd_write_lock_in_core(struct dm_pool_metadata *pmd)
5313 + __acquires(pmd->root_lock)
5314 + {
5315 + down_write(&pmd->root_lock);
5316 + }
5317 +-#define pmd_write_lock_in_core(pmd) __pmd_write_lock((pmd))
5318 +
5319 + static inline void pmd_write_lock(struct dm_pool_metadata *pmd)
5320 + {
5321 +- __pmd_write_lock(pmd);
5322 ++ pmd_write_lock_in_core(pmd);
5323 + if (unlikely(!pmd->in_service))
5324 + pmd->in_service = true;
5325 + }
5326 +@@ -831,6 +830,7 @@ static int __commit_transaction(struct dm_pool_metadata *pmd)
5327 + * We need to know if the thin_disk_superblock exceeds a 512-byte sector.
5328 + */
5329 + BUILD_BUG_ON(sizeof(struct thin_disk_superblock) > 512);
5330 ++ BUG_ON(!rwsem_is_locked(&pmd->root_lock));
5331 +
5332 + if (unlikely(!pmd->in_service))
5333 + return 0;
5334 +@@ -953,6 +953,7 @@ int dm_pool_metadata_close(struct dm_pool_metadata *pmd)
5335 + return -EBUSY;
5336 + }
5337 +
5338 ++ pmd_write_lock_in_core(pmd);
5339 + if (!dm_bm_is_read_only(pmd->bm) && !pmd->fail_io) {
5340 + r = __commit_transaction(pmd);
5341 + if (r < 0)
5342 +@@ -961,6 +962,7 @@ int dm_pool_metadata_close(struct dm_pool_metadata *pmd)
5343 + }
5344 + if (!pmd->fail_io)
5345 + __destroy_persistent_data_objects(pmd);
5346 ++ pmd_write_unlock(pmd);
5347 +
5348 + kfree(pmd);
5349 + return 0;
5350 +@@ -1841,7 +1843,7 @@ int dm_pool_commit_metadata(struct dm_pool_metadata *pmd)
5351 + * Care is taken to not have commit be what
5352 + * triggers putting the thin-pool in-service.
5353 + */
5354 +- __pmd_write_lock(pmd);
5355 ++ pmd_write_lock_in_core(pmd);
5356 + if (pmd->fail_io)
5357 + goto out;
5358 +
5359 +diff --git a/drivers/md/dm-writecache.c b/drivers/md/dm-writecache.c
5360 +index 43d1af1d8173..07c1b0334f57 100644
5361 +--- a/drivers/md/dm-writecache.c
5362 ++++ b/drivers/md/dm-writecache.c
5363 +@@ -442,7 +442,13 @@ static void writecache_notify_io(unsigned long error, void *context)
5364 + complete(&endio->c);
5365 + }
5366 +
5367 +-static void ssd_commit_flushed(struct dm_writecache *wc)
5368 ++static void writecache_wait_for_ios(struct dm_writecache *wc, int direction)
5369 ++{
5370 ++ wait_event(wc->bio_in_progress_wait[direction],
5371 ++ !atomic_read(&wc->bio_in_progress[direction]));
5372 ++}
5373 ++
5374 ++static void ssd_commit_flushed(struct dm_writecache *wc, bool wait_for_ios)
5375 + {
5376 + struct dm_io_region region;
5377 + struct dm_io_request req;
5378 +@@ -488,17 +494,20 @@ static void ssd_commit_flushed(struct dm_writecache *wc)
5379 + writecache_notify_io(0, &endio);
5380 + wait_for_completion_io(&endio.c);
5381 +
5382 ++ if (wait_for_ios)
5383 ++ writecache_wait_for_ios(wc, WRITE);
5384 ++
5385 + writecache_disk_flush(wc, wc->ssd_dev);
5386 +
5387 + memset(wc->dirty_bitmap, 0, wc->dirty_bitmap_size);
5388 + }
5389 +
5390 +-static void writecache_commit_flushed(struct dm_writecache *wc)
5391 ++static void writecache_commit_flushed(struct dm_writecache *wc, bool wait_for_ios)
5392 + {
5393 + if (WC_MODE_PMEM(wc))
5394 + wmb();
5395 + else
5396 +- ssd_commit_flushed(wc);
5397 ++ ssd_commit_flushed(wc, wait_for_ios);
5398 + }
5399 +
5400 + static void writecache_disk_flush(struct dm_writecache *wc, struct dm_dev *dev)
5401 +@@ -522,12 +531,6 @@ static void writecache_disk_flush(struct dm_writecache *wc, struct dm_dev *dev)
5402 + writecache_error(wc, r, "error flushing metadata: %d", r);
5403 + }
5404 +
5405 +-static void writecache_wait_for_ios(struct dm_writecache *wc, int direction)
5406 +-{
5407 +- wait_event(wc->bio_in_progress_wait[direction],
5408 +- !atomic_read(&wc->bio_in_progress[direction]));
5409 +-}
5410 +-
5411 + #define WFE_RETURN_FOLLOWING 1
5412 + #define WFE_LOWEST_SEQ 2
5413 +
5414 +@@ -724,15 +727,12 @@ static void writecache_flush(struct dm_writecache *wc)
5415 + e = e2;
5416 + cond_resched();
5417 + }
5418 +- writecache_commit_flushed(wc);
5419 +-
5420 +- if (!WC_MODE_PMEM(wc))
5421 +- writecache_wait_for_ios(wc, WRITE);
5422 ++ writecache_commit_flushed(wc, true);
5423 +
5424 + wc->seq_count++;
5425 + pmem_assign(sb(wc)->seq_count, cpu_to_le64(wc->seq_count));
5426 + writecache_flush_region(wc, &sb(wc)->seq_count, sizeof sb(wc)->seq_count);
5427 +- writecache_commit_flushed(wc);
5428 ++ writecache_commit_flushed(wc, false);
5429 +
5430 + wc->overwrote_committed = false;
5431 +
5432 +@@ -756,7 +756,7 @@ static void writecache_flush(struct dm_writecache *wc)
5433 + }
5434 +
5435 + if (need_flush_after_free)
5436 +- writecache_commit_flushed(wc);
5437 ++ writecache_commit_flushed(wc, false);
5438 + }
5439 +
5440 + static void writecache_flush_work(struct work_struct *work)
5441 +@@ -809,7 +809,7 @@ static void writecache_discard(struct dm_writecache *wc, sector_t start, sector_
5442 + }
5443 +
5444 + if (discarded_something)
5445 +- writecache_commit_flushed(wc);
5446 ++ writecache_commit_flushed(wc, false);
5447 + }
5448 +
5449 + static bool writecache_wait_for_writeback(struct dm_writecache *wc)
5450 +@@ -958,7 +958,7 @@ erase_this:
5451 +
5452 + if (need_flush) {
5453 + writecache_flush_all_metadata(wc);
5454 +- writecache_commit_flushed(wc);
5455 ++ writecache_commit_flushed(wc, false);
5456 + }
5457 +
5458 + wc_unlock(wc);
5459 +@@ -1342,7 +1342,7 @@ static void __writecache_endio_pmem(struct dm_writecache *wc, struct list_head *
5460 + wc->writeback_size--;
5461 + n_walked++;
5462 + if (unlikely(n_walked >= ENDIO_LATENCY)) {
5463 +- writecache_commit_flushed(wc);
5464 ++ writecache_commit_flushed(wc, false);
5465 + wc_unlock(wc);
5466 + wc_lock(wc);
5467 + n_walked = 0;
5468 +@@ -1423,7 +1423,7 @@ pop_from_list:
5469 + writecache_wait_for_ios(wc, READ);
5470 + }
5471 +
5472 +- writecache_commit_flushed(wc);
5473 ++ writecache_commit_flushed(wc, false);
5474 +
5475 + wc_unlock(wc);
5476 + }
5477 +@@ -1766,10 +1766,10 @@ static int init_memory(struct dm_writecache *wc)
5478 + write_original_sector_seq_count(wc, &wc->entries[b], -1, -1);
5479 +
5480 + writecache_flush_all_metadata(wc);
5481 +- writecache_commit_flushed(wc);
5482 ++ writecache_commit_flushed(wc, false);
5483 + pmem_assign(sb(wc)->magic, cpu_to_le32(MEMORY_SUPERBLOCK_MAGIC));
5484 + writecache_flush_region(wc, &sb(wc)->magic, sizeof sb(wc)->magic);
5485 +- writecache_commit_flushed(wc);
5486 ++ writecache_commit_flushed(wc, false);
5487 +
5488 + return 0;
5489 + }
5490 +diff --git a/drivers/md/dm-zoned-metadata.c b/drivers/md/dm-zoned-metadata.c
5491 +index ac1179ca80d9..5205cf9bbfd9 100644
5492 +--- a/drivers/md/dm-zoned-metadata.c
5493 ++++ b/drivers/md/dm-zoned-metadata.c
5494 +@@ -134,6 +134,7 @@ struct dmz_metadata {
5495 +
5496 + sector_t zone_bitmap_size;
5497 + unsigned int zone_nr_bitmap_blocks;
5498 ++ unsigned int zone_bits_per_mblk;
5499 +
5500 + unsigned int nr_bitmap_blocks;
5501 + unsigned int nr_map_blocks;
5502 +@@ -1167,7 +1168,10 @@ static int dmz_init_zones(struct dmz_metadata *zmd)
5503 +
5504 + /* Init */
5505 + zmd->zone_bitmap_size = dev->zone_nr_blocks >> 3;
5506 +- zmd->zone_nr_bitmap_blocks = zmd->zone_bitmap_size >> DMZ_BLOCK_SHIFT;
5507 ++ zmd->zone_nr_bitmap_blocks =
5508 ++ max_t(sector_t, 1, zmd->zone_bitmap_size >> DMZ_BLOCK_SHIFT);
5509 ++ zmd->zone_bits_per_mblk = min_t(sector_t, dev->zone_nr_blocks,
5510 ++ DMZ_BLOCK_SIZE_BITS);
5511 +
5512 + /* Allocate zone array */
5513 + zmd->zones = kcalloc(dev->nr_zones, sizeof(struct dm_zone), GFP_KERNEL);
5514 +@@ -1991,7 +1995,7 @@ int dmz_copy_valid_blocks(struct dmz_metadata *zmd, struct dm_zone *from_zone,
5515 + dmz_release_mblock(zmd, to_mblk);
5516 + dmz_release_mblock(zmd, from_mblk);
5517 +
5518 +- chunk_block += DMZ_BLOCK_SIZE_BITS;
5519 ++ chunk_block += zmd->zone_bits_per_mblk;
5520 + }
5521 +
5522 + to_zone->weight = from_zone->weight;
5523 +@@ -2052,7 +2056,7 @@ int dmz_validate_blocks(struct dmz_metadata *zmd, struct dm_zone *zone,
5524 +
5525 + /* Set bits */
5526 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
5527 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
5528 ++ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit);
5529 +
5530 + count = dmz_set_bits((unsigned long *)mblk->data, bit, nr_bits);
5531 + if (count) {
5532 +@@ -2131,7 +2135,7 @@ int dmz_invalidate_blocks(struct dmz_metadata *zmd, struct dm_zone *zone,
5533 +
5534 + /* Clear bits */
5535 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
5536 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
5537 ++ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit);
5538 +
5539 + count = dmz_clear_bits((unsigned long *)mblk->data,
5540 + bit, nr_bits);
5541 +@@ -2191,6 +2195,7 @@ static int dmz_to_next_set_block(struct dmz_metadata *zmd, struct dm_zone *zone,
5542 + {
5543 + struct dmz_mblock *mblk;
5544 + unsigned int bit, set_bit, nr_bits;
5545 ++ unsigned int zone_bits = zmd->zone_bits_per_mblk;
5546 + unsigned long *bitmap;
5547 + int n = 0;
5548 +
5549 +@@ -2205,15 +2210,15 @@ static int dmz_to_next_set_block(struct dmz_metadata *zmd, struct dm_zone *zone,
5550 + /* Get offset */
5551 + bitmap = (unsigned long *) mblk->data;
5552 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
5553 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
5554 ++ nr_bits = min(nr_blocks, zone_bits - bit);
5555 + if (set)
5556 +- set_bit = find_next_bit(bitmap, DMZ_BLOCK_SIZE_BITS, bit);
5557 ++ set_bit = find_next_bit(bitmap, zone_bits, bit);
5558 + else
5559 +- set_bit = find_next_zero_bit(bitmap, DMZ_BLOCK_SIZE_BITS, bit);
5560 ++ set_bit = find_next_zero_bit(bitmap, zone_bits, bit);
5561 + dmz_release_mblock(zmd, mblk);
5562 +
5563 + n += set_bit - bit;
5564 +- if (set_bit < DMZ_BLOCK_SIZE_BITS)
5565 ++ if (set_bit < zone_bits)
5566 + break;
5567 +
5568 + nr_blocks -= nr_bits;
5569 +@@ -2316,7 +2321,7 @@ static void dmz_get_zone_weight(struct dmz_metadata *zmd, struct dm_zone *zone)
5570 + /* Count bits in this block */
5571 + bitmap = mblk->data;
5572 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
5573 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
5574 ++ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit);
5575 + n += dmz_count_bits(bitmap, bit, nr_bits);
5576 +
5577 + dmz_release_mblock(zmd, mblk);
5578 +diff --git a/drivers/md/dm.c b/drivers/md/dm.c
5579 +index 1a5e328c443a..6d3cc235f842 100644
5580 +--- a/drivers/md/dm.c
5581 ++++ b/drivers/md/dm.c
5582 +@@ -1880,6 +1880,7 @@ static void dm_init_normal_md_queue(struct mapped_device *md)
5583 + /*
5584 + * Initialize aspects of queue that aren't relevant for blk-mq
5585 + */
5586 ++ md->queue->backing_dev_info->congested_data = md;
5587 + md->queue->backing_dev_info->congested_fn = dm_any_congested;
5588 + }
5589 +
5590 +@@ -1970,7 +1971,12 @@ static struct mapped_device *alloc_dev(int minor)
5591 + if (!md->queue)
5592 + goto bad;
5593 + md->queue->queuedata = md;
5594 +- md->queue->backing_dev_info->congested_data = md;
5595 ++ /*
5596 ++ * default to bio-based required ->make_request_fn until DM
5597 ++ * table is loaded and md->type established. If request-based
5598 ++ * table is loaded: blk-mq will override accordingly.
5599 ++ */
5600 ++ blk_queue_make_request(md->queue, dm_make_request);
5601 +
5602 + md->disk = alloc_disk_node(1, md->numa_node_id);
5603 + if (!md->disk)
5604 +@@ -2285,7 +2291,6 @@ int dm_setup_md_queue(struct mapped_device *md, struct dm_table *t)
5605 + case DM_TYPE_DAX_BIO_BASED:
5606 + case DM_TYPE_NVME_BIO_BASED:
5607 + dm_init_normal_md_queue(md);
5608 +- blk_queue_make_request(md->queue, dm_make_request);
5609 + break;
5610 + case DM_TYPE_NONE:
5611 + WARN_ON_ONCE(true);
5612 +diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c
5613 +index bd68f6fef694..d8b4125e338c 100644
5614 +--- a/drivers/md/persistent-data/dm-space-map-common.c
5615 ++++ b/drivers/md/persistent-data/dm-space-map-common.c
5616 +@@ -380,6 +380,33 @@ int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin,
5617 + return -ENOSPC;
5618 + }
5619 +
5620 ++int sm_ll_find_common_free_block(struct ll_disk *old_ll, struct ll_disk *new_ll,
5621 ++ dm_block_t begin, dm_block_t end, dm_block_t *b)
5622 ++{
5623 ++ int r;
5624 ++ uint32_t count;
5625 ++
5626 ++ do {
5627 ++ r = sm_ll_find_free_block(new_ll, begin, new_ll->nr_blocks, b);
5628 ++ if (r)
5629 ++ break;
5630 ++
5631 ++ /* double check this block wasn't used in the old transaction */
5632 ++ if (*b >= old_ll->nr_blocks)
5633 ++ count = 0;
5634 ++ else {
5635 ++ r = sm_ll_lookup(old_ll, *b, &count);
5636 ++ if (r)
5637 ++ break;
5638 ++
5639 ++ if (count)
5640 ++ begin = *b + 1;
5641 ++ }
5642 ++ } while (count);
5643 ++
5644 ++ return r;
5645 ++}
5646 ++
5647 + static int sm_ll_mutate(struct ll_disk *ll, dm_block_t b,
5648 + int (*mutator)(void *context, uint32_t old, uint32_t *new),
5649 + void *context, enum allocation_event *ev)
5650 +diff --git a/drivers/md/persistent-data/dm-space-map-common.h b/drivers/md/persistent-data/dm-space-map-common.h
5651 +index b3078d5eda0c..8de63ce39bdd 100644
5652 +--- a/drivers/md/persistent-data/dm-space-map-common.h
5653 ++++ b/drivers/md/persistent-data/dm-space-map-common.h
5654 +@@ -109,6 +109,8 @@ int sm_ll_lookup_bitmap(struct ll_disk *ll, dm_block_t b, uint32_t *result);
5655 + int sm_ll_lookup(struct ll_disk *ll, dm_block_t b, uint32_t *result);
5656 + int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin,
5657 + dm_block_t end, dm_block_t *result);
5658 ++int sm_ll_find_common_free_block(struct ll_disk *old_ll, struct ll_disk *new_ll,
5659 ++ dm_block_t begin, dm_block_t end, dm_block_t *result);
5660 + int sm_ll_insert(struct ll_disk *ll, dm_block_t b, uint32_t ref_count, enum allocation_event *ev);
5661 + int sm_ll_inc(struct ll_disk *ll, dm_block_t b, enum allocation_event *ev);
5662 + int sm_ll_dec(struct ll_disk *ll, dm_block_t b, enum allocation_event *ev);
5663 +diff --git a/drivers/md/persistent-data/dm-space-map-disk.c b/drivers/md/persistent-data/dm-space-map-disk.c
5664 +index 32adf6b4a9c7..bf4c5e2ccb6f 100644
5665 +--- a/drivers/md/persistent-data/dm-space-map-disk.c
5666 ++++ b/drivers/md/persistent-data/dm-space-map-disk.c
5667 +@@ -167,8 +167,10 @@ static int sm_disk_new_block(struct dm_space_map *sm, dm_block_t *b)
5668 + enum allocation_event ev;
5669 + struct sm_disk *smd = container_of(sm, struct sm_disk, sm);
5670 +
5671 +- /* FIXME: we should loop round a couple of times */
5672 +- r = sm_ll_find_free_block(&smd->old_ll, smd->begin, smd->old_ll.nr_blocks, b);
5673 ++ /*
5674 ++ * Any block we allocate has to be free in both the old and current ll.
5675 ++ */
5676 ++ r = sm_ll_find_common_free_block(&smd->old_ll, &smd->ll, smd->begin, smd->ll.nr_blocks, b);
5677 + if (r)
5678 + return r;
5679 +
5680 +diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c
5681 +index 25328582cc48..9e3c64ec2026 100644
5682 +--- a/drivers/md/persistent-data/dm-space-map-metadata.c
5683 ++++ b/drivers/md/persistent-data/dm-space-map-metadata.c
5684 +@@ -448,7 +448,10 @@ static int sm_metadata_new_block_(struct dm_space_map *sm, dm_block_t *b)
5685 + enum allocation_event ev;
5686 + struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm);
5687 +
5688 +- r = sm_ll_find_free_block(&smm->old_ll, smm->begin, smm->old_ll.nr_blocks, b);
5689 ++ /*
5690 ++ * Any block we allocate has to be free in both the old and current ll.
5691 ++ */
5692 ++ r = sm_ll_find_common_free_block(&smm->old_ll, &smm->ll, smm->begin, smm->ll.nr_blocks, b);
5693 + if (r)
5694 + return r;
5695 +
5696 +diff --git a/drivers/media/rc/iguanair.c b/drivers/media/rc/iguanair.c
5697 +index 872d6441e512..a7deca1fefb7 100644
5698 +--- a/drivers/media/rc/iguanair.c
5699 ++++ b/drivers/media/rc/iguanair.c
5700 +@@ -413,7 +413,7 @@ static int iguanair_probe(struct usb_interface *intf,
5701 + int ret, pipein, pipeout;
5702 + struct usb_host_interface *idesc;
5703 +
5704 +- idesc = intf->altsetting;
5705 ++ idesc = intf->cur_altsetting;
5706 + if (idesc->desc.bNumEndpoints < 2)
5707 + return -ENODEV;
5708 +
5709 +diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
5710 +index 7741151606ef..6f80c251f641 100644
5711 +--- a/drivers/media/rc/rc-main.c
5712 ++++ b/drivers/media/rc/rc-main.c
5713 +@@ -1891,23 +1891,28 @@ int rc_register_device(struct rc_dev *dev)
5714 +
5715 + dev->registered = true;
5716 +
5717 +- if (dev->driver_type != RC_DRIVER_IR_RAW_TX) {
5718 +- rc = rc_setup_rx_device(dev);
5719 +- if (rc)
5720 +- goto out_dev;
5721 +- }
5722 +-
5723 +- /* Ensure that the lirc kfifo is setup before we start the thread */
5724 ++ /*
5725 ++ * once the the input device is registered in rc_setup_rx_device,
5726 ++ * userspace can open the input device and rc_open() will be called
5727 ++ * as a result. This results in driver code being allowed to submit
5728 ++ * keycodes with rc_keydown, so lirc must be registered first.
5729 ++ */
5730 + if (dev->allowed_protocols != RC_PROTO_BIT_CEC) {
5731 + rc = ir_lirc_register(dev);
5732 + if (rc < 0)
5733 +- goto out_rx;
5734 ++ goto out_dev;
5735 ++ }
5736 ++
5737 ++ if (dev->driver_type != RC_DRIVER_IR_RAW_TX) {
5738 ++ rc = rc_setup_rx_device(dev);
5739 ++ if (rc)
5740 ++ goto out_lirc;
5741 + }
5742 +
5743 + if (dev->driver_type == RC_DRIVER_IR_RAW) {
5744 + rc = ir_raw_event_register(dev);
5745 + if (rc < 0)
5746 +- goto out_lirc;
5747 ++ goto out_rx;
5748 + }
5749 +
5750 + dev_dbg(&dev->dev, "Registered rc%u (driver: %s)\n", dev->minor,
5751 +@@ -1915,11 +1920,11 @@ int rc_register_device(struct rc_dev *dev)
5752 +
5753 + return 0;
5754 +
5755 ++out_rx:
5756 ++ rc_free_rx_device(dev);
5757 + out_lirc:
5758 + if (dev->allowed_protocols != RC_PROTO_BIT_CEC)
5759 + ir_lirc_unregister(dev);
5760 +-out_rx:
5761 +- rc_free_rx_device(dev);
5762 + out_dev:
5763 + device_del(&dev->dev);
5764 + out_rx_free:
5765 +diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
5766 +index 428235ca2635..2b688cc39bb8 100644
5767 +--- a/drivers/media/usb/uvc/uvc_driver.c
5768 ++++ b/drivers/media/usb/uvc/uvc_driver.c
5769 +@@ -1493,6 +1493,11 @@ static int uvc_scan_chain_forward(struct uvc_video_chain *chain,
5770 + break;
5771 + if (forward == prev)
5772 + continue;
5773 ++ if (forward->chain.next || forward->chain.prev) {
5774 ++ uvc_trace(UVC_TRACE_DESCR, "Found reference to "
5775 ++ "entity %d already in chain.\n", forward->id);
5776 ++ return -EINVAL;
5777 ++ }
5778 +
5779 + switch (UVC_ENTITY_TYPE(forward)) {
5780 + case UVC_VC_EXTENSION_UNIT:
5781 +@@ -1574,6 +1579,13 @@ static int uvc_scan_chain_backward(struct uvc_video_chain *chain,
5782 + return -1;
5783 + }
5784 +
5785 ++ if (term->chain.next || term->chain.prev) {
5786 ++ uvc_trace(UVC_TRACE_DESCR, "Found reference to "
5787 ++ "entity %d already in chain.\n",
5788 ++ term->id);
5789 ++ return -EINVAL;
5790 ++ }
5791 ++
5792 + if (uvc_trace_param & UVC_TRACE_PROBE)
5793 + printk(KERN_CONT " %d", term->id);
5794 +
5795 +diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
5796 +index e1eaf1135c7f..7ad6db8dd9f6 100644
5797 +--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
5798 ++++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
5799 +@@ -1183,36 +1183,38 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5800 + u32 aux_space;
5801 + int compatible_arg = 1;
5802 + long err = 0;
5803 ++ unsigned int ncmd;
5804 +
5805 + /*
5806 + * 1. When struct size is different, converts the command.
5807 + */
5808 + switch (cmd) {
5809 +- case VIDIOC_G_FMT32: cmd = VIDIOC_G_FMT; break;
5810 +- case VIDIOC_S_FMT32: cmd = VIDIOC_S_FMT; break;
5811 +- case VIDIOC_QUERYBUF32: cmd = VIDIOC_QUERYBUF; break;
5812 +- case VIDIOC_G_FBUF32: cmd = VIDIOC_G_FBUF; break;
5813 +- case VIDIOC_S_FBUF32: cmd = VIDIOC_S_FBUF; break;
5814 +- case VIDIOC_QBUF32: cmd = VIDIOC_QBUF; break;
5815 +- case VIDIOC_DQBUF32: cmd = VIDIOC_DQBUF; break;
5816 +- case VIDIOC_ENUMSTD32: cmd = VIDIOC_ENUMSTD; break;
5817 +- case VIDIOC_ENUMINPUT32: cmd = VIDIOC_ENUMINPUT; break;
5818 +- case VIDIOC_TRY_FMT32: cmd = VIDIOC_TRY_FMT; break;
5819 +- case VIDIOC_G_EXT_CTRLS32: cmd = VIDIOC_G_EXT_CTRLS; break;
5820 +- case VIDIOC_S_EXT_CTRLS32: cmd = VIDIOC_S_EXT_CTRLS; break;
5821 +- case VIDIOC_TRY_EXT_CTRLS32: cmd = VIDIOC_TRY_EXT_CTRLS; break;
5822 +- case VIDIOC_DQEVENT32: cmd = VIDIOC_DQEVENT; break;
5823 +- case VIDIOC_OVERLAY32: cmd = VIDIOC_OVERLAY; break;
5824 +- case VIDIOC_STREAMON32: cmd = VIDIOC_STREAMON; break;
5825 +- case VIDIOC_STREAMOFF32: cmd = VIDIOC_STREAMOFF; break;
5826 +- case VIDIOC_G_INPUT32: cmd = VIDIOC_G_INPUT; break;
5827 +- case VIDIOC_S_INPUT32: cmd = VIDIOC_S_INPUT; break;
5828 +- case VIDIOC_G_OUTPUT32: cmd = VIDIOC_G_OUTPUT; break;
5829 +- case VIDIOC_S_OUTPUT32: cmd = VIDIOC_S_OUTPUT; break;
5830 +- case VIDIOC_CREATE_BUFS32: cmd = VIDIOC_CREATE_BUFS; break;
5831 +- case VIDIOC_PREPARE_BUF32: cmd = VIDIOC_PREPARE_BUF; break;
5832 +- case VIDIOC_G_EDID32: cmd = VIDIOC_G_EDID; break;
5833 +- case VIDIOC_S_EDID32: cmd = VIDIOC_S_EDID; break;
5834 ++ case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break;
5835 ++ case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break;
5836 ++ case VIDIOC_QUERYBUF32: ncmd = VIDIOC_QUERYBUF; break;
5837 ++ case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break;
5838 ++ case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break;
5839 ++ case VIDIOC_QBUF32: ncmd = VIDIOC_QBUF; break;
5840 ++ case VIDIOC_DQBUF32: ncmd = VIDIOC_DQBUF; break;
5841 ++ case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break;
5842 ++ case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break;
5843 ++ case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break;
5844 ++ case VIDIOC_G_EXT_CTRLS32: ncmd = VIDIOC_G_EXT_CTRLS; break;
5845 ++ case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break;
5846 ++ case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break;
5847 ++ case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break;
5848 ++ case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break;
5849 ++ case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break;
5850 ++ case VIDIOC_STREAMOFF32: ncmd = VIDIOC_STREAMOFF; break;
5851 ++ case VIDIOC_G_INPUT32: ncmd = VIDIOC_G_INPUT; break;
5852 ++ case VIDIOC_S_INPUT32: ncmd = VIDIOC_S_INPUT; break;
5853 ++ case VIDIOC_G_OUTPUT32: ncmd = VIDIOC_G_OUTPUT; break;
5854 ++ case VIDIOC_S_OUTPUT32: ncmd = VIDIOC_S_OUTPUT; break;
5855 ++ case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break;
5856 ++ case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break;
5857 ++ case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break;
5858 ++ case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break;
5859 ++ default: ncmd = cmd; break;
5860 + }
5861 +
5862 + /*
5863 +@@ -1221,11 +1223,11 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5864 + * argument into it.
5865 + */
5866 + switch (cmd) {
5867 +- case VIDIOC_OVERLAY:
5868 +- case VIDIOC_STREAMON:
5869 +- case VIDIOC_STREAMOFF:
5870 +- case VIDIOC_S_INPUT:
5871 +- case VIDIOC_S_OUTPUT:
5872 ++ case VIDIOC_OVERLAY32:
5873 ++ case VIDIOC_STREAMON32:
5874 ++ case VIDIOC_STREAMOFF32:
5875 ++ case VIDIOC_S_INPUT32:
5876 ++ case VIDIOC_S_OUTPUT32:
5877 + err = alloc_userspace(sizeof(unsigned int), 0, &new_p64);
5878 + if (!err && assign_in_user((unsigned int __user *)new_p64,
5879 + (compat_uint_t __user *)p32))
5880 +@@ -1233,23 +1235,23 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5881 + compatible_arg = 0;
5882 + break;
5883 +
5884 +- case VIDIOC_G_INPUT:
5885 +- case VIDIOC_G_OUTPUT:
5886 ++ case VIDIOC_G_INPUT32:
5887 ++ case VIDIOC_G_OUTPUT32:
5888 + err = alloc_userspace(sizeof(unsigned int), 0, &new_p64);
5889 + compatible_arg = 0;
5890 + break;
5891 +
5892 +- case VIDIOC_G_EDID:
5893 +- case VIDIOC_S_EDID:
5894 ++ case VIDIOC_G_EDID32:
5895 ++ case VIDIOC_S_EDID32:
5896 + err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64);
5897 + if (!err)
5898 + err = get_v4l2_edid32(new_p64, p32);
5899 + compatible_arg = 0;
5900 + break;
5901 +
5902 +- case VIDIOC_G_FMT:
5903 +- case VIDIOC_S_FMT:
5904 +- case VIDIOC_TRY_FMT:
5905 ++ case VIDIOC_G_FMT32:
5906 ++ case VIDIOC_S_FMT32:
5907 ++ case VIDIOC_TRY_FMT32:
5908 + err = bufsize_v4l2_format(p32, &aux_space);
5909 + if (!err)
5910 + err = alloc_userspace(sizeof(struct v4l2_format),
5911 +@@ -1262,7 +1264,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5912 + compatible_arg = 0;
5913 + break;
5914 +
5915 +- case VIDIOC_CREATE_BUFS:
5916 ++ case VIDIOC_CREATE_BUFS32:
5917 + err = bufsize_v4l2_create(p32, &aux_space);
5918 + if (!err)
5919 + err = alloc_userspace(sizeof(struct v4l2_create_buffers),
5920 +@@ -1275,10 +1277,10 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5921 + compatible_arg = 0;
5922 + break;
5923 +
5924 +- case VIDIOC_PREPARE_BUF:
5925 +- case VIDIOC_QUERYBUF:
5926 +- case VIDIOC_QBUF:
5927 +- case VIDIOC_DQBUF:
5928 ++ case VIDIOC_PREPARE_BUF32:
5929 ++ case VIDIOC_QUERYBUF32:
5930 ++ case VIDIOC_QBUF32:
5931 ++ case VIDIOC_DQBUF32:
5932 + err = bufsize_v4l2_buffer(p32, &aux_space);
5933 + if (!err)
5934 + err = alloc_userspace(sizeof(struct v4l2_buffer),
5935 +@@ -1291,7 +1293,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5936 + compatible_arg = 0;
5937 + break;
5938 +
5939 +- case VIDIOC_S_FBUF:
5940 ++ case VIDIOC_S_FBUF32:
5941 + err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0,
5942 + &new_p64);
5943 + if (!err)
5944 +@@ -1299,13 +1301,13 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5945 + compatible_arg = 0;
5946 + break;
5947 +
5948 +- case VIDIOC_G_FBUF:
5949 ++ case VIDIOC_G_FBUF32:
5950 + err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0,
5951 + &new_p64);
5952 + compatible_arg = 0;
5953 + break;
5954 +
5955 +- case VIDIOC_ENUMSTD:
5956 ++ case VIDIOC_ENUMSTD32:
5957 + err = alloc_userspace(sizeof(struct v4l2_standard), 0,
5958 + &new_p64);
5959 + if (!err)
5960 +@@ -1313,16 +1315,16 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5961 + compatible_arg = 0;
5962 + break;
5963 +
5964 +- case VIDIOC_ENUMINPUT:
5965 ++ case VIDIOC_ENUMINPUT32:
5966 + err = alloc_userspace(sizeof(struct v4l2_input), 0, &new_p64);
5967 + if (!err)
5968 + err = get_v4l2_input32(new_p64, p32);
5969 + compatible_arg = 0;
5970 + break;
5971 +
5972 +- case VIDIOC_G_EXT_CTRLS:
5973 +- case VIDIOC_S_EXT_CTRLS:
5974 +- case VIDIOC_TRY_EXT_CTRLS:
5975 ++ case VIDIOC_G_EXT_CTRLS32:
5976 ++ case VIDIOC_S_EXT_CTRLS32:
5977 ++ case VIDIOC_TRY_EXT_CTRLS32:
5978 + err = bufsize_v4l2_ext_controls(p32, &aux_space);
5979 + if (!err)
5980 + err = alloc_userspace(sizeof(struct v4l2_ext_controls),
5981 +@@ -1334,7 +1336,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5982 + }
5983 + compatible_arg = 0;
5984 + break;
5985 +- case VIDIOC_DQEVENT:
5986 ++ case VIDIOC_DQEVENT32:
5987 + err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64);
5988 + compatible_arg = 0;
5989 + break;
5990 +@@ -1352,9 +1354,9 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
5991 + * Otherwise, it will pass the newly allocated @new_p64 argument.
5992 + */
5993 + if (compatible_arg)
5994 +- err = native_ioctl(file, cmd, (unsigned long)p32);
5995 ++ err = native_ioctl(file, ncmd, (unsigned long)p32);
5996 + else
5997 +- err = native_ioctl(file, cmd, (unsigned long)new_p64);
5998 ++ err = native_ioctl(file, ncmd, (unsigned long)new_p64);
5999 +
6000 + if (err == -ENOTTY)
6001 + return err;
6002 +@@ -1370,13 +1372,13 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
6003 + * the blocks to maximum allowed value.
6004 + */
6005 + switch (cmd) {
6006 +- case VIDIOC_G_EXT_CTRLS:
6007 +- case VIDIOC_S_EXT_CTRLS:
6008 +- case VIDIOC_TRY_EXT_CTRLS:
6009 ++ case VIDIOC_G_EXT_CTRLS32:
6010 ++ case VIDIOC_S_EXT_CTRLS32:
6011 ++ case VIDIOC_TRY_EXT_CTRLS32:
6012 + if (put_v4l2_ext_controls32(file, new_p64, p32))
6013 + err = -EFAULT;
6014 + break;
6015 +- case VIDIOC_S_EDID:
6016 ++ case VIDIOC_S_EDID32:
6017 + if (put_v4l2_edid32(new_p64, p32))
6018 + err = -EFAULT;
6019 + break;
6020 +@@ -1389,49 +1391,49 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
6021 + * the original 32 bits structure.
6022 + */
6023 + switch (cmd) {
6024 +- case VIDIOC_S_INPUT:
6025 +- case VIDIOC_S_OUTPUT:
6026 +- case VIDIOC_G_INPUT:
6027 +- case VIDIOC_G_OUTPUT:
6028 ++ case VIDIOC_S_INPUT32:
6029 ++ case VIDIOC_S_OUTPUT32:
6030 ++ case VIDIOC_G_INPUT32:
6031 ++ case VIDIOC_G_OUTPUT32:
6032 + if (assign_in_user((compat_uint_t __user *)p32,
6033 + ((unsigned int __user *)new_p64)))
6034 + err = -EFAULT;
6035 + break;
6036 +
6037 +- case VIDIOC_G_FBUF:
6038 ++ case VIDIOC_G_FBUF32:
6039 + err = put_v4l2_framebuffer32(new_p64, p32);
6040 + break;
6041 +
6042 +- case VIDIOC_DQEVENT:
6043 ++ case VIDIOC_DQEVENT32:
6044 + err = put_v4l2_event32(new_p64, p32);
6045 + break;
6046 +
6047 +- case VIDIOC_G_EDID:
6048 ++ case VIDIOC_G_EDID32:
6049 + err = put_v4l2_edid32(new_p64, p32);
6050 + break;
6051 +
6052 +- case VIDIOC_G_FMT:
6053 +- case VIDIOC_S_FMT:
6054 +- case VIDIOC_TRY_FMT:
6055 ++ case VIDIOC_G_FMT32:
6056 ++ case VIDIOC_S_FMT32:
6057 ++ case VIDIOC_TRY_FMT32:
6058 + err = put_v4l2_format32(new_p64, p32);
6059 + break;
6060 +
6061 +- case VIDIOC_CREATE_BUFS:
6062 ++ case VIDIOC_CREATE_BUFS32:
6063 + err = put_v4l2_create32(new_p64, p32);
6064 + break;
6065 +
6066 +- case VIDIOC_PREPARE_BUF:
6067 +- case VIDIOC_QUERYBUF:
6068 +- case VIDIOC_QBUF:
6069 +- case VIDIOC_DQBUF:
6070 ++ case VIDIOC_PREPARE_BUF32:
6071 ++ case VIDIOC_QUERYBUF32:
6072 ++ case VIDIOC_QBUF32:
6073 ++ case VIDIOC_DQBUF32:
6074 + err = put_v4l2_buffer32(new_p64, p32);
6075 + break;
6076 +
6077 +- case VIDIOC_ENUMSTD:
6078 ++ case VIDIOC_ENUMSTD32:
6079 + err = put_v4l2_standard32(new_p64, p32);
6080 + break;
6081 +
6082 +- case VIDIOC_ENUMINPUT:
6083 ++ case VIDIOC_ENUMINPUT32:
6084 + err = put_v4l2_input32(new_p64, p32);
6085 + break;
6086 + }
6087 +diff --git a/drivers/media/v4l2-core/videobuf-dma-sg.c b/drivers/media/v4l2-core/videobuf-dma-sg.c
6088 +index 66a6c6c236a7..28262190c3ab 100644
6089 +--- a/drivers/media/v4l2-core/videobuf-dma-sg.c
6090 ++++ b/drivers/media/v4l2-core/videobuf-dma-sg.c
6091 +@@ -349,8 +349,11 @@ int videobuf_dma_free(struct videobuf_dmabuf *dma)
6092 + BUG_ON(dma->sglen);
6093 +
6094 + if (dma->pages) {
6095 +- for (i = 0; i < dma->nr_pages; i++)
6096 ++ for (i = 0; i < dma->nr_pages; i++) {
6097 ++ if (dma->direction == DMA_FROM_DEVICE)
6098 ++ set_page_dirty_lock(dma->pages[i]);
6099 + put_page(dma->pages[i]);
6100 ++ }
6101 + kfree(dma->pages);
6102 + dma->pages = NULL;
6103 + }
6104 +diff --git a/drivers/mfd/axp20x.c b/drivers/mfd/axp20x.c
6105 +index a4aaadaa0cb0..aa59496e4376 100644
6106 +--- a/drivers/mfd/axp20x.c
6107 ++++ b/drivers/mfd/axp20x.c
6108 +@@ -126,7 +126,7 @@ static const struct regmap_range axp288_writeable_ranges[] = {
6109 + static const struct regmap_range axp288_volatile_ranges[] = {
6110 + regmap_reg_range(AXP20X_PWR_INPUT_STATUS, AXP288_POWER_REASON),
6111 + regmap_reg_range(AXP288_BC_GLOBAL, AXP288_BC_GLOBAL),
6112 +- regmap_reg_range(AXP288_BC_DET_STAT, AXP288_BC_DET_STAT),
6113 ++ regmap_reg_range(AXP288_BC_DET_STAT, AXP20X_VBUS_IPSOUT_MGMT),
6114 + regmap_reg_range(AXP20X_CHRG_BAK_CTRL, AXP20X_CHRG_BAK_CTRL),
6115 + regmap_reg_range(AXP20X_IRQ1_EN, AXP20X_IPSOUT_V_HIGH_L),
6116 + regmap_reg_range(AXP20X_TIMER_CTRL, AXP20X_TIMER_CTRL),
6117 +diff --git a/drivers/mfd/da9062-core.c b/drivers/mfd/da9062-core.c
6118 +index e69626867c26..9143de7b77b8 100644
6119 +--- a/drivers/mfd/da9062-core.c
6120 ++++ b/drivers/mfd/da9062-core.c
6121 +@@ -248,7 +248,7 @@ static const struct mfd_cell da9062_devs[] = {
6122 + .name = "da9062-watchdog",
6123 + .num_resources = ARRAY_SIZE(da9062_wdt_resources),
6124 + .resources = da9062_wdt_resources,
6125 +- .of_compatible = "dlg,da9062-wdt",
6126 ++ .of_compatible = "dlg,da9062-watchdog",
6127 + },
6128 + {
6129 + .name = "da9062-thermal",
6130 +diff --git a/drivers/mfd/dln2.c b/drivers/mfd/dln2.c
6131 +index 381593fbe50f..7841c11411d0 100644
6132 +--- a/drivers/mfd/dln2.c
6133 ++++ b/drivers/mfd/dln2.c
6134 +@@ -722,6 +722,8 @@ static int dln2_probe(struct usb_interface *interface,
6135 + const struct usb_device_id *usb_id)
6136 + {
6137 + struct usb_host_interface *hostif = interface->cur_altsetting;
6138 ++ struct usb_endpoint_descriptor *epin;
6139 ++ struct usb_endpoint_descriptor *epout;
6140 + struct device *dev = &interface->dev;
6141 + struct dln2_dev *dln2;
6142 + int ret;
6143 +@@ -731,12 +733,19 @@ static int dln2_probe(struct usb_interface *interface,
6144 + hostif->desc.bNumEndpoints < 2)
6145 + return -ENODEV;
6146 +
6147 ++ epin = &hostif->endpoint[0].desc;
6148 ++ epout = &hostif->endpoint[1].desc;
6149 ++ if (!usb_endpoint_is_bulk_out(epout))
6150 ++ return -ENODEV;
6151 ++ if (!usb_endpoint_is_bulk_in(epin))
6152 ++ return -ENODEV;
6153 ++
6154 + dln2 = kzalloc(sizeof(*dln2), GFP_KERNEL);
6155 + if (!dln2)
6156 + return -ENOMEM;
6157 +
6158 +- dln2->ep_out = hostif->endpoint[0].desc.bEndpointAddress;
6159 +- dln2->ep_in = hostif->endpoint[1].desc.bEndpointAddress;
6160 ++ dln2->ep_out = epout->bEndpointAddress;
6161 ++ dln2->ep_in = epin->bEndpointAddress;
6162 + dln2->usb_dev = usb_get_dev(interface_to_usbdev(interface));
6163 + dln2->interface = interface;
6164 + usb_set_intfdata(interface, dln2);
6165 +diff --git a/drivers/mfd/rn5t618.c b/drivers/mfd/rn5t618.c
6166 +index da5cd9c92a59..ead2e79036a9 100644
6167 +--- a/drivers/mfd/rn5t618.c
6168 ++++ b/drivers/mfd/rn5t618.c
6169 +@@ -26,6 +26,7 @@ static bool rn5t618_volatile_reg(struct device *dev, unsigned int reg)
6170 + case RN5T618_WATCHDOGCNT:
6171 + case RN5T618_DCIRQ:
6172 + case RN5T618_ILIMDATAH ... RN5T618_AIN0DATAL:
6173 ++ case RN5T618_ADCCNT3:
6174 + case RN5T618_IR_ADC1 ... RN5T618_IR_ADC3:
6175 + case RN5T618_IR_GPR:
6176 + case RN5T618_IR_GPF:
6177 +diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c
6178 +index 66e354d51ee9..7083d8ddd495 100644
6179 +--- a/drivers/mmc/host/mmc_spi.c
6180 ++++ b/drivers/mmc/host/mmc_spi.c
6181 +@@ -1134,17 +1134,22 @@ static void mmc_spi_initsequence(struct mmc_spi_host *host)
6182 + * SPI protocol. Another is that when chipselect is released while
6183 + * the card returns BUSY status, the clock must issue several cycles
6184 + * with chipselect high before the card will stop driving its output.
6185 ++ *
6186 ++ * SPI_CS_HIGH means "asserted" here. In some cases like when using
6187 ++ * GPIOs for chip select, SPI_CS_HIGH is set but this will be logically
6188 ++ * inverted by gpiolib, so if we want to ascertain to drive it high
6189 ++ * we should toggle the default with an XOR as we do here.
6190 + */
6191 +- host->spi->mode |= SPI_CS_HIGH;
6192 ++ host->spi->mode ^= SPI_CS_HIGH;
6193 + if (spi_setup(host->spi) != 0) {
6194 + /* Just warn; most cards work without it. */
6195 + dev_warn(&host->spi->dev,
6196 + "can't change chip-select polarity\n");
6197 +- host->spi->mode &= ~SPI_CS_HIGH;
6198 ++ host->spi->mode ^= SPI_CS_HIGH;
6199 + } else {
6200 + mmc_spi_readbytes(host, 18);
6201 +
6202 +- host->spi->mode &= ~SPI_CS_HIGH;
6203 ++ host->spi->mode ^= SPI_CS_HIGH;
6204 + if (spi_setup(host->spi) != 0) {
6205 + /* Wot, we can't get the same setup we had before? */
6206 + dev_err(&host->spi->dev,
6207 +diff --git a/drivers/mmc/host/sdhci-of-at91.c b/drivers/mmc/host/sdhci-of-at91.c
6208 +index 0ae986c42bc8..9378d5dc86c8 100644
6209 +--- a/drivers/mmc/host/sdhci-of-at91.c
6210 ++++ b/drivers/mmc/host/sdhci-of-at91.c
6211 +@@ -324,19 +324,22 @@ static int sdhci_at91_probe(struct platform_device *pdev)
6212 + priv->mainck = devm_clk_get(&pdev->dev, "baseclk");
6213 + if (IS_ERR(priv->mainck)) {
6214 + dev_err(&pdev->dev, "failed to get baseclk\n");
6215 +- return PTR_ERR(priv->mainck);
6216 ++ ret = PTR_ERR(priv->mainck);
6217 ++ goto sdhci_pltfm_free;
6218 + }
6219 +
6220 + priv->hclock = devm_clk_get(&pdev->dev, "hclock");
6221 + if (IS_ERR(priv->hclock)) {
6222 + dev_err(&pdev->dev, "failed to get hclock\n");
6223 +- return PTR_ERR(priv->hclock);
6224 ++ ret = PTR_ERR(priv->hclock);
6225 ++ goto sdhci_pltfm_free;
6226 + }
6227 +
6228 + priv->gck = devm_clk_get(&pdev->dev, "multclk");
6229 + if (IS_ERR(priv->gck)) {
6230 + dev_err(&pdev->dev, "failed to get multclk\n");
6231 +- return PTR_ERR(priv->gck);
6232 ++ ret = PTR_ERR(priv->gck);
6233 ++ goto sdhci_pltfm_free;
6234 + }
6235 +
6236 + ret = sdhci_at91_set_clks_presets(&pdev->dev);
6237 +diff --git a/drivers/mmc/host/sdhci-pci-core.c b/drivers/mmc/host/sdhci-pci-core.c
6238 +index c9ea365c248c..5091e2c1c0e5 100644
6239 +--- a/drivers/mmc/host/sdhci-pci-core.c
6240 ++++ b/drivers/mmc/host/sdhci-pci-core.c
6241 +@@ -1604,7 +1604,7 @@ static u32 sdhci_read_present_state(struct sdhci_host *host)
6242 + return sdhci_readl(host, SDHCI_PRESENT_STATE);
6243 + }
6244 +
6245 +-void amd_sdhci_reset(struct sdhci_host *host, u8 mask)
6246 ++static void amd_sdhci_reset(struct sdhci_host *host, u8 mask)
6247 + {
6248 + struct sdhci_pci_slot *slot = sdhci_priv(host);
6249 + struct pci_dev *pdev = slot->chip->pdev;
6250 +diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
6251 +index 309c808351ac..f417fb680cd8 100644
6252 +--- a/drivers/mtd/spi-nor/spi-nor.c
6253 ++++ b/drivers/mtd/spi-nor/spi-nor.c
6254 +@@ -2310,15 +2310,16 @@ static const struct flash_info spi_nor_ids[] = {
6255 + { "n25q256a", INFO(0x20ba19, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
6256 + { "n25q256ax1", INFO(0x20bb19, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_QUAD_READ) },
6257 + { "n25q512ax3", INFO(0x20ba20, 0, 64 * 1024, 1024, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ) },
6258 ++ { "mt25qu512a", INFO6(0x20bb20, 0x104400, 64 * 1024, 1024,
6259 ++ SECT_4K | USE_FSR | SPI_NOR_DUAL_READ |
6260 ++ SPI_NOR_QUAD_READ | SPI_NOR_4B_OPCODES) },
6261 ++ { "n25q512a", INFO(0x20bb20, 0, 64 * 1024, 1024, SECT_4K |
6262 ++ SPI_NOR_QUAD_READ) },
6263 + { "n25q00", INFO(0x20ba21, 0, 64 * 1024, 2048, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ | NO_CHIP_ERASE) },
6264 + { "n25q00a", INFO(0x20bb21, 0, 64 * 1024, 2048, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ | NO_CHIP_ERASE) },
6265 + { "mt25ql02g", INFO(0x20ba22, 0, 64 * 1024, 4096,
6266 + SECT_4K | USE_FSR | SPI_NOR_QUAD_READ |
6267 + NO_CHIP_ERASE) },
6268 +- { "mt25qu512a (n25q512a)", INFO(0x20bb20, 0, 64 * 1024, 1024,
6269 +- SECT_4K | USE_FSR | SPI_NOR_DUAL_READ |
6270 +- SPI_NOR_QUAD_READ |
6271 +- SPI_NOR_4B_OPCODES) },
6272 + { "mt25qu02g", INFO(0x20bb22, 0, 64 * 1024, 4096, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ | NO_CHIP_ERASE) },
6273 +
6274 + /* Micron */
6275 +diff --git a/drivers/mtd/ubi/fastmap.c b/drivers/mtd/ubi/fastmap.c
6276 +index 30621c67721a..604772fc4a96 100644
6277 +--- a/drivers/mtd/ubi/fastmap.c
6278 ++++ b/drivers/mtd/ubi/fastmap.c
6279 +@@ -64,7 +64,7 @@ static int self_check_seen(struct ubi_device *ubi, unsigned long *seen)
6280 + return 0;
6281 +
6282 + for (pnum = 0; pnum < ubi->peb_count; pnum++) {
6283 +- if (test_bit(pnum, seen) && ubi->lookuptbl[pnum]) {
6284 ++ if (!test_bit(pnum, seen) && ubi->lookuptbl[pnum]) {
6285 + ubi_err(ubi, "self-check failed for PEB %d, fastmap didn't see it", pnum);
6286 + ret = -EINVAL;
6287 + }
6288 +@@ -1137,7 +1137,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6289 + struct rb_node *tmp_rb;
6290 + int ret, i, j, free_peb_count, used_peb_count, vol_count;
6291 + int scrub_peb_count, erase_peb_count;
6292 +- unsigned long *seen_pebs = NULL;
6293 ++ unsigned long *seen_pebs;
6294 +
6295 + fm_raw = ubi->fm_buf;
6296 + memset(ubi->fm_buf, 0, ubi->fm_size);
6297 +@@ -1151,7 +1151,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6298 + dvbuf = new_fm_vbuf(ubi, UBI_FM_DATA_VOLUME_ID);
6299 + if (!dvbuf) {
6300 + ret = -ENOMEM;
6301 +- goto out_kfree;
6302 ++ goto out_free_avbuf;
6303 + }
6304 +
6305 + avhdr = ubi_get_vid_hdr(avbuf);
6306 +@@ -1160,7 +1160,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6307 + seen_pebs = init_seen(ubi);
6308 + if (IS_ERR(seen_pebs)) {
6309 + ret = PTR_ERR(seen_pebs);
6310 +- goto out_kfree;
6311 ++ goto out_free_dvbuf;
6312 + }
6313 +
6314 + spin_lock(&ubi->volumes_lock);
6315 +@@ -1328,7 +1328,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6316 + ret = ubi_io_write_vid_hdr(ubi, new_fm->e[0]->pnum, avbuf);
6317 + if (ret) {
6318 + ubi_err(ubi, "unable to write vid_hdr to fastmap SB!");
6319 +- goto out_kfree;
6320 ++ goto out_free_seen;
6321 + }
6322 +
6323 + for (i = 0; i < new_fm->used_blocks; i++) {
6324 +@@ -1350,7 +1350,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6325 + if (ret) {
6326 + ubi_err(ubi, "unable to write vid_hdr to PEB %i!",
6327 + new_fm->e[i]->pnum);
6328 +- goto out_kfree;
6329 ++ goto out_free_seen;
6330 + }
6331 + }
6332 +
6333 +@@ -1360,7 +1360,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6334 + if (ret) {
6335 + ubi_err(ubi, "unable to write fastmap to PEB %i!",
6336 + new_fm->e[i]->pnum);
6337 +- goto out_kfree;
6338 ++ goto out_free_seen;
6339 + }
6340 + }
6341 +
6342 +@@ -1370,10 +1370,13 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
6343 + ret = self_check_seen(ubi, seen_pebs);
6344 + dbg_bld("fastmap written!");
6345 +
6346 +-out_kfree:
6347 +- ubi_free_vid_buf(avbuf);
6348 +- ubi_free_vid_buf(dvbuf);
6349 ++out_free_seen:
6350 + free_seen(seen_pebs);
6351 ++out_free_dvbuf:
6352 ++ ubi_free_vid_buf(dvbuf);
6353 ++out_free_avbuf:
6354 ++ ubi_free_vid_buf(avbuf);
6355 ++
6356 + out:
6357 + return ret;
6358 + }
6359 +diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
6360 +index 4f2e6910c623..1cc2cd894f87 100644
6361 +--- a/drivers/net/bonding/bond_alb.c
6362 ++++ b/drivers/net/bonding/bond_alb.c
6363 +@@ -1383,26 +1383,31 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
6364 + bool do_tx_balance = true;
6365 + u32 hash_index = 0;
6366 + const u8 *hash_start = NULL;
6367 +- struct ipv6hdr *ip6hdr;
6368 +
6369 + skb_reset_mac_header(skb);
6370 + eth_data = eth_hdr(skb);
6371 +
6372 + switch (ntohs(skb->protocol)) {
6373 + case ETH_P_IP: {
6374 +- const struct iphdr *iph = ip_hdr(skb);
6375 ++ const struct iphdr *iph;
6376 +
6377 + if (is_broadcast_ether_addr(eth_data->h_dest) ||
6378 +- iph->daddr == ip_bcast ||
6379 +- iph->protocol == IPPROTO_IGMP) {
6380 ++ !pskb_network_may_pull(skb, sizeof(*iph))) {
6381 ++ do_tx_balance = false;
6382 ++ break;
6383 ++ }
6384 ++ iph = ip_hdr(skb);
6385 ++ if (iph->daddr == ip_bcast || iph->protocol == IPPROTO_IGMP) {
6386 + do_tx_balance = false;
6387 + break;
6388 + }
6389 + hash_start = (char *)&(iph->daddr);
6390 + hash_size = sizeof(iph->daddr);
6391 +- }
6392 + break;
6393 +- case ETH_P_IPV6:
6394 ++ }
6395 ++ case ETH_P_IPV6: {
6396 ++ const struct ipv6hdr *ip6hdr;
6397 ++
6398 + /* IPv6 doesn't really use broadcast mac address, but leave
6399 + * that here just in case.
6400 + */
6401 +@@ -1419,7 +1424,11 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
6402 + break;
6403 + }
6404 +
6405 +- /* Additianally, DAD probes should not be tx-balanced as that
6406 ++ if (!pskb_network_may_pull(skb, sizeof(*ip6hdr))) {
6407 ++ do_tx_balance = false;
6408 ++ break;
6409 ++ }
6410 ++ /* Additionally, DAD probes should not be tx-balanced as that
6411 + * will lead to false positives for duplicate addresses and
6412 + * prevent address configuration from working.
6413 + */
6414 +@@ -1429,17 +1438,26 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
6415 + break;
6416 + }
6417 +
6418 +- hash_start = (char *)&(ipv6_hdr(skb)->daddr);
6419 +- hash_size = sizeof(ipv6_hdr(skb)->daddr);
6420 ++ hash_start = (char *)&ip6hdr->daddr;
6421 ++ hash_size = sizeof(ip6hdr->daddr);
6422 + break;
6423 +- case ETH_P_IPX:
6424 +- if (ipx_hdr(skb)->ipx_checksum != IPX_NO_CHECKSUM) {
6425 ++ }
6426 ++ case ETH_P_IPX: {
6427 ++ const struct ipxhdr *ipxhdr;
6428 ++
6429 ++ if (pskb_network_may_pull(skb, sizeof(*ipxhdr))) {
6430 ++ do_tx_balance = false;
6431 ++ break;
6432 ++ }
6433 ++ ipxhdr = (struct ipxhdr *)skb_network_header(skb);
6434 ++
6435 ++ if (ipxhdr->ipx_checksum != IPX_NO_CHECKSUM) {
6436 + /* something is wrong with this packet */
6437 + do_tx_balance = false;
6438 + break;
6439 + }
6440 +
6441 +- if (ipx_hdr(skb)->ipx_type != IPX_TYPE_NCP) {
6442 ++ if (ipxhdr->ipx_type != IPX_TYPE_NCP) {
6443 + /* The only protocol worth balancing in
6444 + * this family since it has an "ARP" like
6445 + * mechanism
6446 +@@ -1448,9 +1466,11 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
6447 + break;
6448 + }
6449 +
6450 ++ eth_data = eth_hdr(skb);
6451 + hash_start = (char *)eth_data->h_dest;
6452 + hash_size = ETH_ALEN;
6453 + break;
6454 ++ }
6455 + case ETH_P_ARP:
6456 + do_tx_balance = false;
6457 + if (bond_info->rlb_enabled)
6458 +diff --git a/drivers/net/dsa/b53/b53_common.c b/drivers/net/dsa/b53/b53_common.c
6459 +index a7132c1593c3..7ed667b304d1 100644
6460 +--- a/drivers/net/dsa/b53/b53_common.c
6461 ++++ b/drivers/net/dsa/b53/b53_common.c
6462 +@@ -680,7 +680,7 @@ int b53_configure_vlan(struct dsa_switch *ds)
6463 + b53_do_vlan_op(dev, VTA_CMD_CLEAR);
6464 + }
6465 +
6466 +- b53_enable_vlan(dev, false, ds->vlan_filtering);
6467 ++ b53_enable_vlan(dev, dev->vlan_enabled, ds->vlan_filtering);
6468 +
6469 + b53_for_each_port(dev, i)
6470 + b53_write16(dev, B53_VLAN_PAGE,
6471 +diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
6472 +index 47b21096b577..fecd5e674e04 100644
6473 +--- a/drivers/net/dsa/bcm_sf2.c
6474 ++++ b/drivers/net/dsa/bcm_sf2.c
6475 +@@ -68,7 +68,9 @@ static void bcm_sf2_imp_setup(struct dsa_switch *ds, int port)
6476 +
6477 + /* Force link status for IMP port */
6478 + reg = core_readl(priv, offset);
6479 +- reg |= (MII_SW_OR | LINK_STS | GMII_SPEED_UP_2G);
6480 ++ reg |= (MII_SW_OR | LINK_STS);
6481 ++ if (priv->type == BCM7278_DEVICE_ID)
6482 ++ reg |= GMII_SPEED_UP_2G;
6483 + core_writel(priv, reg, offset);
6484 +
6485 + /* Enable Broadcast, Multicast, Unicast forwarding to IMP port */
6486 +diff --git a/drivers/net/dsa/microchip/ksz9477_spi.c b/drivers/net/dsa/microchip/ksz9477_spi.c
6487 +index c5f64959a184..1142768969c2 100644
6488 +--- a/drivers/net/dsa/microchip/ksz9477_spi.c
6489 ++++ b/drivers/net/dsa/microchip/ksz9477_spi.c
6490 +@@ -101,6 +101,12 @@ static struct spi_driver ksz9477_spi_driver = {
6491 +
6492 + module_spi_driver(ksz9477_spi_driver);
6493 +
6494 ++MODULE_ALIAS("spi:ksz9477");
6495 ++MODULE_ALIAS("spi:ksz9897");
6496 ++MODULE_ALIAS("spi:ksz9893");
6497 ++MODULE_ALIAS("spi:ksz9563");
6498 ++MODULE_ALIAS("spi:ksz8563");
6499 ++MODULE_ALIAS("spi:ksz9567");
6500 + MODULE_AUTHOR("Woojung Huh <Woojung.Huh@×××××××××.com>");
6501 + MODULE_DESCRIPTION("Microchip KSZ9477 Series Switch SPI access Driver");
6502 + MODULE_LICENSE("GPL");
6503 +diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c
6504 +index b4c664957266..4a27577e137b 100644
6505 +--- a/drivers/net/ethernet/broadcom/bcmsysport.c
6506 ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c
6507 +@@ -2728,6 +2728,9 @@ static int __maybe_unused bcm_sysport_resume(struct device *d)
6508 +
6509 + umac_reset(priv);
6510 +
6511 ++ /* Disable the UniMAC RX/TX */
6512 ++ umac_enable_set(priv, CMD_RX_EN | CMD_TX_EN, 0);
6513 ++
6514 + /* We may have been suspended and never received a WOL event that
6515 + * would turn off MPD detection, take care of that now
6516 + */
6517 +diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
6518 +index cf292f7c3d3c..41297533b4a8 100644
6519 +--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
6520 ++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
6521 +@@ -7873,7 +7873,7 @@ static void bnxt_setup_msix(struct bnxt *bp)
6522 + int tcs, i;
6523 +
6524 + tcs = netdev_get_num_tc(dev);
6525 +- if (tcs > 1) {
6526 ++ if (tcs) {
6527 + int i, off, count;
6528 +
6529 + for (i = 0; i < tcs; i++) {
6530 +@@ -9273,10 +9273,6 @@ static void __bnxt_close_nic(struct bnxt *bp, bool irq_re_init,
6531 + bnxt_debug_dev_exit(bp);
6532 + bnxt_disable_napi(bp);
6533 + del_timer_sync(&bp->timer);
6534 +- if (test_bit(BNXT_STATE_IN_FW_RESET, &bp->state) &&
6535 +- pci_is_enabled(bp->pdev))
6536 +- pci_disable_device(bp->pdev);
6537 +-
6538 + bnxt_free_skbs(bp);
6539 +
6540 + /* Save ring stats before shutdown */
6541 +@@ -10052,8 +10048,15 @@ static void bnxt_fw_reset_close(struct bnxt *bp)
6542 + {
6543 + __bnxt_close_nic(bp, true, false);
6544 + bnxt_ulp_irq_stop(bp);
6545 ++ /* When firmware is fatal state, disable PCI device to prevent
6546 ++ * any potential bad DMAs before freeing kernel memory.
6547 ++ */
6548 ++ if (test_bit(BNXT_STATE_FW_FATAL_COND, &bp->state))
6549 ++ pci_disable_device(bp->pdev);
6550 + bnxt_clear_int_mode(bp);
6551 + bnxt_hwrm_func_drv_unrgtr(bp);
6552 ++ if (pci_is_enabled(bp->pdev))
6553 ++ pci_disable_device(bp->pdev);
6554 + bnxt_free_ctx_mem(bp);
6555 + kfree(bp->ctx);
6556 + bp->ctx = NULL;
6557 +@@ -11359,9 +11362,9 @@ static void bnxt_remove_one(struct pci_dev *pdev)
6558 + bnxt_sriov_disable(bp);
6559 +
6560 + bnxt_dl_fw_reporters_destroy(bp, true);
6561 +- bnxt_dl_unregister(bp);
6562 + pci_disable_pcie_error_reporting(pdev);
6563 + unregister_netdev(dev);
6564 ++ bnxt_dl_unregister(bp);
6565 + bnxt_shutdown_tc(bp);
6566 + bnxt_cancel_sp_work(bp);
6567 + bp->sp_event = 0;
6568 +@@ -11850,11 +11853,14 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
6569 + bnxt_init_tc(bp);
6570 + }
6571 +
6572 ++ bnxt_dl_register(bp);
6573 ++
6574 + rc = register_netdev(dev);
6575 + if (rc)
6576 +- goto init_err_cleanup_tc;
6577 ++ goto init_err_cleanup;
6578 +
6579 +- bnxt_dl_register(bp);
6580 ++ if (BNXT_PF(bp))
6581 ++ devlink_port_type_eth_set(&bp->dl_port, bp->dev);
6582 + bnxt_dl_fw_reporters_create(bp);
6583 +
6584 + netdev_info(dev, "%s found at mem %lx, node addr %pM\n",
6585 +@@ -11864,7 +11870,8 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
6586 +
6587 + return 0;
6588 +
6589 +-init_err_cleanup_tc:
6590 ++init_err_cleanup:
6591 ++ bnxt_dl_unregister(bp);
6592 + bnxt_shutdown_tc(bp);
6593 + bnxt_clear_int_mode(bp);
6594 +
6595 +diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c
6596 +index 1e236e74ff2f..2d817ba0602c 100644
6597 +--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c
6598 ++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c
6599 +@@ -482,7 +482,6 @@ int bnxt_dl_register(struct bnxt *bp)
6600 + netdev_err(bp->dev, "devlink_port_register failed");
6601 + goto err_dl_param_unreg;
6602 + }
6603 +- devlink_port_type_eth_set(&bp->dl_port, bp->dev);
6604 +
6605 + rc = devlink_port_params_register(&bp->dl_port, bnxt_dl_port_params,
6606 + ARRAY_SIZE(bnxt_dl_port_params));
6607 +diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c
6608 +index f496b248bda3..95a94507cec1 100644
6609 +--- a/drivers/net/ethernet/cadence/macb_main.c
6610 ++++ b/drivers/net/ethernet/cadence/macb_main.c
6611 +@@ -73,7 +73,11 @@ struct sifive_fu540_macb_mgmt {
6612 + /* Max length of transmit frame must be a multiple of 8 bytes */
6613 + #define MACB_TX_LEN_ALIGN 8
6614 + #define MACB_MAX_TX_LEN ((unsigned int)((1 << MACB_TX_FRMLEN_SIZE) - 1) & ~((unsigned int)(MACB_TX_LEN_ALIGN - 1)))
6615 +-#define GEM_MAX_TX_LEN ((unsigned int)((1 << GEM_TX_FRMLEN_SIZE) - 1) & ~((unsigned int)(MACB_TX_LEN_ALIGN - 1)))
6616 ++/* Limit maximum TX length as per Cadence TSO errata. This is to avoid a
6617 ++ * false amba_error in TX path from the DMA assuming there is not enough
6618 ++ * space in the SRAM (16KB) even when there is.
6619 ++ */
6620 ++#define GEM_MAX_TX_LEN (unsigned int)(0x3FC0)
6621 +
6622 + #define GEM_MTU_MIN_SIZE ETH_MIN_MTU
6623 + #define MACB_NETIF_LSO NETIF_F_TSO
6624 +@@ -1664,16 +1668,14 @@ static netdev_features_t macb_features_check(struct sk_buff *skb,
6625 +
6626 + /* Validate LSO compatibility */
6627 +
6628 +- /* there is only one buffer */
6629 +- if (!skb_is_nonlinear(skb))
6630 ++ /* there is only one buffer or protocol is not UDP */
6631 ++ if (!skb_is_nonlinear(skb) || (ip_hdr(skb)->protocol != IPPROTO_UDP))
6632 + return features;
6633 +
6634 + /* length of header */
6635 + hdrlen = skb_transport_offset(skb);
6636 +- if (ip_hdr(skb)->protocol == IPPROTO_TCP)
6637 +- hdrlen += tcp_hdrlen(skb);
6638 +
6639 +- /* For LSO:
6640 ++ /* For UFO only:
6641 + * When software supplies two or more payload buffers all payload buffers
6642 + * apart from the last must be a multiple of 8 bytes in size.
6643 + */
6644 +diff --git a/drivers/net/ethernet/dec/tulip/dmfe.c b/drivers/net/ethernet/dec/tulip/dmfe.c
6645 +index 0efdbd1a4a6f..32d470d4122a 100644
6646 +--- a/drivers/net/ethernet/dec/tulip/dmfe.c
6647 ++++ b/drivers/net/ethernet/dec/tulip/dmfe.c
6648 +@@ -2214,15 +2214,16 @@ static int __init dmfe_init_module(void)
6649 + if (cr6set)
6650 + dmfe_cr6_user_set = cr6set;
6651 +
6652 +- switch(mode) {
6653 +- case DMFE_10MHF:
6654 ++ switch (mode) {
6655 ++ case DMFE_10MHF:
6656 + case DMFE_100MHF:
6657 + case DMFE_10MFD:
6658 + case DMFE_100MFD:
6659 + case DMFE_1M_HPNA:
6660 + dmfe_media_mode = mode;
6661 + break;
6662 +- default:dmfe_media_mode = DMFE_AUTO;
6663 ++ default:
6664 ++ dmfe_media_mode = DMFE_AUTO;
6665 + break;
6666 + }
6667 +
6668 +diff --git a/drivers/net/ethernet/dec/tulip/uli526x.c b/drivers/net/ethernet/dec/tulip/uli526x.c
6669 +index b1f30b194300..117ffe08800d 100644
6670 +--- a/drivers/net/ethernet/dec/tulip/uli526x.c
6671 ++++ b/drivers/net/ethernet/dec/tulip/uli526x.c
6672 +@@ -1809,8 +1809,8 @@ static int __init uli526x_init_module(void)
6673 + if (cr6set)
6674 + uli526x_cr6_user_set = cr6set;
6675 +
6676 +- switch (mode) {
6677 +- case ULI526X_10MHF:
6678 ++ switch (mode) {
6679 ++ case ULI526X_10MHF:
6680 + case ULI526X_100MHF:
6681 + case ULI526X_10MFD:
6682 + case ULI526X_100MFD:
6683 +diff --git a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
6684 +index fcbe01f61aa4..e130233b5085 100644
6685 +--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
6686 ++++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
6687 +@@ -2483,6 +2483,9 @@ static void dpaa_adjust_link(struct net_device *net_dev)
6688 + mac_dev->adjust_link(mac_dev);
6689 + }
6690 +
6691 ++/* The Aquantia PHYs are capable of performing rate adaptation */
6692 ++#define PHY_VEND_AQUANTIA 0x03a1b400
6693 ++
6694 + static int dpaa_phy_init(struct net_device *net_dev)
6695 + {
6696 + __ETHTOOL_DECLARE_LINK_MODE_MASK(mask) = { 0, };
6697 +@@ -2501,9 +2504,14 @@ static int dpaa_phy_init(struct net_device *net_dev)
6698 + return -ENODEV;
6699 + }
6700 +
6701 +- /* Remove any features not supported by the controller */
6702 +- ethtool_convert_legacy_u32_to_link_mode(mask, mac_dev->if_support);
6703 +- linkmode_and(phy_dev->supported, phy_dev->supported, mask);
6704 ++ /* Unless the PHY is capable of rate adaptation */
6705 ++ if (mac_dev->phy_if != PHY_INTERFACE_MODE_XGMII ||
6706 ++ ((phy_dev->drv->phy_id & GENMASK(31, 10)) != PHY_VEND_AQUANTIA)) {
6707 ++ /* remove any features not supported by the controller */
6708 ++ ethtool_convert_legacy_u32_to_link_mode(mask,
6709 ++ mac_dev->if_support);
6710 ++ linkmode_and(phy_dev->supported, phy_dev->supported, mask);
6711 ++ }
6712 +
6713 + phy_support_asym_pause(phy_dev);
6714 +
6715 +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
6716 +index e49820675c8c..6b1a81df1465 100644
6717 +--- a/drivers/net/ethernet/marvell/mvneta.c
6718 ++++ b/drivers/net/ethernet/marvell/mvneta.c
6719 +@@ -388,6 +388,8 @@ struct mvneta_pcpu_stats {
6720 + struct u64_stats_sync syncp;
6721 + u64 rx_packets;
6722 + u64 rx_bytes;
6723 ++ u64 rx_dropped;
6724 ++ u64 rx_errors;
6725 + u64 tx_packets;
6726 + u64 tx_bytes;
6727 + };
6728 +@@ -706,6 +708,8 @@ mvneta_get_stats64(struct net_device *dev,
6729 + struct mvneta_pcpu_stats *cpu_stats;
6730 + u64 rx_packets;
6731 + u64 rx_bytes;
6732 ++ u64 rx_dropped;
6733 ++ u64 rx_errors;
6734 + u64 tx_packets;
6735 + u64 tx_bytes;
6736 +
6737 +@@ -714,19 +718,20 @@ mvneta_get_stats64(struct net_device *dev,
6738 + start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
6739 + rx_packets = cpu_stats->rx_packets;
6740 + rx_bytes = cpu_stats->rx_bytes;
6741 ++ rx_dropped = cpu_stats->rx_dropped;
6742 ++ rx_errors = cpu_stats->rx_errors;
6743 + tx_packets = cpu_stats->tx_packets;
6744 + tx_bytes = cpu_stats->tx_bytes;
6745 + } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
6746 +
6747 + stats->rx_packets += rx_packets;
6748 + stats->rx_bytes += rx_bytes;
6749 ++ stats->rx_dropped += rx_dropped;
6750 ++ stats->rx_errors += rx_errors;
6751 + stats->tx_packets += tx_packets;
6752 + stats->tx_bytes += tx_bytes;
6753 + }
6754 +
6755 +- stats->rx_errors = dev->stats.rx_errors;
6756 +- stats->rx_dropped = dev->stats.rx_dropped;
6757 +-
6758 + stats->tx_dropped = dev->stats.tx_dropped;
6759 + }
6760 +
6761 +@@ -1703,8 +1708,14 @@ static u32 mvneta_txq_desc_csum(int l3_offs, int l3_proto,
6762 + static void mvneta_rx_error(struct mvneta_port *pp,
6763 + struct mvneta_rx_desc *rx_desc)
6764 + {
6765 ++ struct mvneta_pcpu_stats *stats = this_cpu_ptr(pp->stats);
6766 + u32 status = rx_desc->status;
6767 +
6768 ++ /* update per-cpu counter */
6769 ++ u64_stats_update_begin(&stats->syncp);
6770 ++ stats->rx_errors++;
6771 ++ u64_stats_update_end(&stats->syncp);
6772 ++
6773 + switch (status & MVNETA_RXD_ERR_CODE_MASK) {
6774 + case MVNETA_RXD_ERR_CRC:
6775 + netdev_err(pp->dev, "bad rx status %08x (crc error), size=%d\n",
6776 +@@ -1965,7 +1976,6 @@ static int mvneta_rx_swbm(struct napi_struct *napi,
6777 + /* Check errors only for FIRST descriptor */
6778 + if (rx_status & MVNETA_RXD_ERR_SUMMARY) {
6779 + mvneta_rx_error(pp, rx_desc);
6780 +- dev->stats.rx_errors++;
6781 + /* leave the descriptor untouched */
6782 + continue;
6783 + }
6784 +@@ -1976,11 +1986,17 @@ static int mvneta_rx_swbm(struct napi_struct *napi,
6785 + skb_size = max(rx_copybreak, rx_header_size);
6786 + rxq->skb = netdev_alloc_skb_ip_align(dev, skb_size);
6787 + if (unlikely(!rxq->skb)) {
6788 ++ struct mvneta_pcpu_stats *stats = this_cpu_ptr(pp->stats);
6789 ++
6790 + netdev_err(dev,
6791 + "Can't allocate skb on queue %d\n",
6792 + rxq->id);
6793 +- dev->stats.rx_dropped++;
6794 ++
6795 + rxq->skb_alloc_err++;
6796 ++
6797 ++ u64_stats_update_begin(&stats->syncp);
6798 ++ stats->rx_dropped++;
6799 ++ u64_stats_update_end(&stats->syncp);
6800 + continue;
6801 + }
6802 + copy_size = min(skb_size, rx_bytes);
6803 +@@ -2137,7 +2153,6 @@ err_drop_frame_ret_pool:
6804 + mvneta_bm_pool_put_bp(pp->bm_priv, bm_pool,
6805 + rx_desc->buf_phys_addr);
6806 + err_drop_frame:
6807 +- dev->stats.rx_errors++;
6808 + mvneta_rx_error(pp, rx_desc);
6809 + /* leave the descriptor untouched */
6810 + continue;
6811 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h b/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h
6812 +index d787bc0a4155..e09bc3858d57 100644
6813 +--- a/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h
6814 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h
6815 +@@ -45,7 +45,7 @@ void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id);
6816 +
6817 + static inline bool mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev)
6818 + {
6819 +- if (!MLX5_CAP_GEN(mdev, tls))
6820 ++ if (!MLX5_CAP_GEN(mdev, tls_tx))
6821 + return false;
6822 +
6823 + if (!MLX5_CAP_GEN(mdev, log_max_dek))
6824 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
6825 +index 71384ad1a443..ef1ed15a53b4 100644
6826 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
6827 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
6828 +@@ -269,7 +269,7 @@ struct sk_buff *mlx5e_tls_handle_tx_skb(struct net_device *netdev,
6829 + int datalen;
6830 + u32 skb_seq;
6831 +
6832 +- if (MLX5_CAP_GEN(sq->channel->mdev, tls)) {
6833 ++ if (MLX5_CAP_GEN(sq->channel->mdev, tls_tx)) {
6834 + skb = mlx5e_ktls_handle_tx_skb(netdev, sq, skb, wqe, pi);
6835 + goto out;
6836 + }
6837 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
6838 +index c76da309506b..72232e570af7 100644
6839 +--- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
6840 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
6841 +@@ -850,6 +850,7 @@ void mlx5_fpga_ipsec_delete_sa_ctx(void *context)
6842 + mutex_lock(&fpga_xfrm->lock);
6843 + if (!--fpga_xfrm->num_rules) {
6844 + mlx5_fpga_ipsec_release_sa_ctx(fpga_xfrm->sa_ctx);
6845 ++ kfree(fpga_xfrm->sa_ctx);
6846 + fpga_xfrm->sa_ctx = NULL;
6847 + }
6848 + mutex_unlock(&fpga_xfrm->lock);
6849 +@@ -1478,7 +1479,7 @@ int mlx5_fpga_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
6850 + if (!memcmp(&xfrm->attrs, attrs, sizeof(xfrm->attrs)))
6851 + return 0;
6852 +
6853 +- if (!mlx5_fpga_esp_validate_xfrm_attrs(mdev, attrs)) {
6854 ++ if (mlx5_fpga_esp_validate_xfrm_attrs(mdev, attrs)) {
6855 + mlx5_core_warn(mdev, "Tried to create an esp with unsupported attrs\n");
6856 + return -EOPNOTSUPP;
6857 + }
6858 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
6859 +index 791e14ac26f4..86e6bbb57482 100644
6860 +--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
6861 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
6862 +@@ -1555,16 +1555,16 @@ struct match_list_head {
6863 + struct match_list first;
6864 + };
6865 +
6866 +-static void free_match_list(struct match_list_head *head)
6867 ++static void free_match_list(struct match_list_head *head, bool ft_locked)
6868 + {
6869 + if (!list_empty(&head->list)) {
6870 + struct match_list *iter, *match_tmp;
6871 +
6872 + list_del(&head->first.list);
6873 +- tree_put_node(&head->first.g->node, false);
6874 ++ tree_put_node(&head->first.g->node, ft_locked);
6875 + list_for_each_entry_safe(iter, match_tmp, &head->list,
6876 + list) {
6877 +- tree_put_node(&iter->g->node, false);
6878 ++ tree_put_node(&iter->g->node, ft_locked);
6879 + list_del(&iter->list);
6880 + kfree(iter);
6881 + }
6882 +@@ -1573,7 +1573,8 @@ static void free_match_list(struct match_list_head *head)
6883 +
6884 + static int build_match_list(struct match_list_head *match_head,
6885 + struct mlx5_flow_table *ft,
6886 +- const struct mlx5_flow_spec *spec)
6887 ++ const struct mlx5_flow_spec *spec,
6888 ++ bool ft_locked)
6889 + {
6890 + struct rhlist_head *tmp, *list;
6891 + struct mlx5_flow_group *g;
6892 +@@ -1598,7 +1599,7 @@ static int build_match_list(struct match_list_head *match_head,
6893 +
6894 + curr_match = kmalloc(sizeof(*curr_match), GFP_ATOMIC);
6895 + if (!curr_match) {
6896 +- free_match_list(match_head);
6897 ++ free_match_list(match_head, ft_locked);
6898 + err = -ENOMEM;
6899 + goto out;
6900 + }
6901 +@@ -1778,7 +1779,7 @@ search_again_locked:
6902 + version = atomic_read(&ft->node.version);
6903 +
6904 + /* Collect all fgs which has a matching match_criteria */
6905 +- err = build_match_list(&match_head, ft, spec);
6906 ++ err = build_match_list(&match_head, ft, spec, take_write);
6907 + if (err) {
6908 + if (take_write)
6909 + up_write_ref_node(&ft->node, false);
6910 +@@ -1792,7 +1793,7 @@ search_again_locked:
6911 +
6912 + rule = try_add_to_existing_fg(ft, &match_head.list, spec, flow_act, dest,
6913 + dest_num, version);
6914 +- free_match_list(&match_head);
6915 ++ free_match_list(&match_head, take_write);
6916 + if (!IS_ERR(rule) ||
6917 + (PTR_ERR(rule) != -ENOENT && PTR_ERR(rule) != -EAGAIN)) {
6918 + if (take_write)
6919 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fw.c b/drivers/net/ethernet/mellanox/mlx5/core/fw.c
6920 +index a19790dee7b2..13e86f0b42f5 100644
6921 +--- a/drivers/net/ethernet/mellanox/mlx5/core/fw.c
6922 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fw.c
6923 +@@ -239,7 +239,7 @@ int mlx5_query_hca_caps(struct mlx5_core_dev *dev)
6924 + return err;
6925 + }
6926 +
6927 +- if (MLX5_CAP_GEN(dev, tls)) {
6928 ++ if (MLX5_CAP_GEN(dev, tls_tx)) {
6929 + err = mlx5_core_get_caps(dev, MLX5_CAP_TLS);
6930 + if (err)
6931 + return err;
6932 +diff --git a/drivers/net/ethernet/pensando/ionic/ionic_if.h b/drivers/net/ethernet/pensando/ionic/ionic_if.h
6933 +index 5bfdda19f64d..d8745f87f065 100644
6934 +--- a/drivers/net/ethernet/pensando/ionic/ionic_if.h
6935 ++++ b/drivers/net/ethernet/pensando/ionic/ionic_if.h
6936 +@@ -862,7 +862,7 @@ struct ionic_rxq_comp {
6937 + #define IONIC_RXQ_COMP_CSUM_F_VLAN 0x40
6938 + #define IONIC_RXQ_COMP_CSUM_F_CALC 0x80
6939 + u8 pkt_type_color;
6940 +-#define IONIC_RXQ_COMP_PKT_TYPE_MASK 0x0f
6941 ++#define IONIC_RXQ_COMP_PKT_TYPE_MASK 0x7f
6942 + };
6943 +
6944 + enum ionic_pkt_type {
6945 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_ptp.c b/drivers/net/ethernet/qlogic/qed/qed_ptp.c
6946 +index 0dacf2c18c09..3e613058e225 100644
6947 +--- a/drivers/net/ethernet/qlogic/qed/qed_ptp.c
6948 ++++ b/drivers/net/ethernet/qlogic/qed/qed_ptp.c
6949 +@@ -44,8 +44,8 @@
6950 + /* Add/subtract the Adjustment_Value when making a Drift adjustment */
6951 + #define QED_DRIFT_CNTR_DIRECTION_SHIFT 31
6952 + #define QED_TIMESTAMP_MASK BIT(16)
6953 +-/* Param mask for Hardware to detect/timestamp the unicast PTP packets */
6954 +-#define QED_PTP_UCAST_PARAM_MASK 0xF
6955 ++/* Param mask for Hardware to detect/timestamp the L2/L4 unicast PTP packets */
6956 ++#define QED_PTP_UCAST_PARAM_MASK 0x70F
6957 +
6958 + static enum qed_resc_lock qed_ptcdev_to_resc(struct qed_hwfn *p_hwfn)
6959 + {
6960 +diff --git a/drivers/net/ethernet/smsc/smc911x.c b/drivers/net/ethernet/smsc/smc911x.c
6961 +index 8d88e4083456..7b65e79d6ae9 100644
6962 +--- a/drivers/net/ethernet/smsc/smc911x.c
6963 ++++ b/drivers/net/ethernet/smsc/smc911x.c
6964 +@@ -936,7 +936,7 @@ static void smc911x_phy_configure(struct work_struct *work)
6965 + if (lp->ctl_rspeed != 100)
6966 + my_ad_caps &= ~(ADVERTISE_100BASE4|ADVERTISE_100FULL|ADVERTISE_100HALF);
6967 +
6968 +- if (!lp->ctl_rfduplx)
6969 ++ if (!lp->ctl_rfduplx)
6970 + my_ad_caps &= ~(ADVERTISE_100FULL|ADVERTISE_10FULL);
6971 +
6972 + /* Update our Auto-Neg Advertisement Register */
6973 +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
6974 +index 7ec895407d23..e0a5fe83d8e0 100644
6975 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
6976 ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
6977 +@@ -413,6 +413,7 @@ static int ethqos_configure(struct qcom_ethqos *ethqos)
6978 + dll_lock = rgmii_readl(ethqos, SDC4_STATUS);
6979 + if (dll_lock & SDC4_STATUS_DLL_LOCK)
6980 + break;
6981 ++ retry--;
6982 + } while (retry > 0);
6983 + if (!retry)
6984 + dev_err(&ethqos->pdev->dev,
6985 +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
6986 +index 06dd65c419c4..582176d869c3 100644
6987 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
6988 ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
6989 +@@ -4763,6 +4763,7 @@ int stmmac_suspend(struct device *dev)
6990 + {
6991 + struct net_device *ndev = dev_get_drvdata(dev);
6992 + struct stmmac_priv *priv = netdev_priv(ndev);
6993 ++ u32 chan;
6994 +
6995 + if (!ndev || !netif_running(ndev))
6996 + return 0;
6997 +@@ -4776,6 +4777,9 @@ int stmmac_suspend(struct device *dev)
6998 +
6999 + stmmac_disable_all_queues(priv);
7000 +
7001 ++ for (chan = 0; chan < priv->plat->tx_queues_to_use; chan++)
7002 ++ del_timer_sync(&priv->tx_queue[chan].txtimer);
7003 ++
7004 + /* Stop TX/RX DMA */
7005 + stmmac_stop_all_dma(priv);
7006 +
7007 +diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
7008 +index 9b3ba98726d7..3a53d222bfcc 100644
7009 +--- a/drivers/net/gtp.c
7010 ++++ b/drivers/net/gtp.c
7011 +@@ -767,12 +767,12 @@ static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize)
7012 + int i;
7013 +
7014 + gtp->addr_hash = kmalloc_array(hsize, sizeof(struct hlist_head),
7015 +- GFP_KERNEL);
7016 ++ GFP_KERNEL | __GFP_NOWARN);
7017 + if (gtp->addr_hash == NULL)
7018 + return -ENOMEM;
7019 +
7020 + gtp->tid_hash = kmalloc_array(hsize, sizeof(struct hlist_head),
7021 +- GFP_KERNEL);
7022 ++ GFP_KERNEL | __GFP_NOWARN);
7023 + if (gtp->tid_hash == NULL)
7024 + goto err1;
7025 +
7026 +diff --git a/drivers/net/netdevsim/dev.c b/drivers/net/netdevsim/dev.c
7027 +index 44c2d857a7fa..91b302f0192f 100644
7028 +--- a/drivers/net/netdevsim/dev.c
7029 ++++ b/drivers/net/netdevsim/dev.c
7030 +@@ -73,7 +73,7 @@ static const struct file_operations nsim_dev_take_snapshot_fops = {
7031 +
7032 + static int nsim_dev_debugfs_init(struct nsim_dev *nsim_dev)
7033 + {
7034 +- char dev_ddir_name[16];
7035 ++ char dev_ddir_name[sizeof(DRV_NAME) + 10];
7036 +
7037 + sprintf(dev_ddir_name, DRV_NAME "%u", nsim_dev->nsim_bus_dev->dev.id);
7038 + nsim_dev->ddir = debugfs_create_dir(dev_ddir_name, nsim_dev_ddir);
7039 +diff --git a/drivers/net/ppp/ppp_async.c b/drivers/net/ppp/ppp_async.c
7040 +index a7b9cf3269bf..29a0917a81e6 100644
7041 +--- a/drivers/net/ppp/ppp_async.c
7042 ++++ b/drivers/net/ppp/ppp_async.c
7043 +@@ -874,15 +874,15 @@ ppp_async_input(struct asyncppp *ap, const unsigned char *buf,
7044 + skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
7045 + if (!skb)
7046 + goto nomem;
7047 +- ap->rpkt = skb;
7048 +- }
7049 +- if (skb->len == 0) {
7050 +- /* Try to get the payload 4-byte aligned.
7051 +- * This should match the
7052 +- * PPP_ALLSTATIONS/PPP_UI/compressed tests in
7053 +- * process_input_packet, but we do not have
7054 +- * enough chars here to test buf[1] and buf[2].
7055 +- */
7056 ++ ap->rpkt = skb;
7057 ++ }
7058 ++ if (skb->len == 0) {
7059 ++ /* Try to get the payload 4-byte aligned.
7060 ++ * This should match the
7061 ++ * PPP_ALLSTATIONS/PPP_UI/compressed tests in
7062 ++ * process_input_packet, but we do not have
7063 ++ * enough chars here to test buf[1] and buf[2].
7064 ++ */
7065 + if (buf[0] != PPP_ALLSTATIONS)
7066 + skb_reserve(skb, 2 + (buf[0] & 1));
7067 + }
7068 +diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
7069 +index 7cdfde9b3dea..575ed19e9195 100644
7070 +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
7071 ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
7072 +@@ -430,6 +430,7 @@ fail:
7073 + usb_free_urb(req->urb);
7074 + list_del(q->next);
7075 + }
7076 ++ kfree(reqs);
7077 + return NULL;
7078 +
7079 + }
7080 +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
7081 +index b3768d5d852a..8ad2d889179c 100644
7082 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
7083 ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
7084 +@@ -3321,6 +3321,10 @@ static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm,
7085 + igtk_cmd.sta_id = cpu_to_le32(sta_id);
7086 +
7087 + if (remove_key) {
7088 ++ /* This is a valid situation for IGTK */
7089 ++ if (sta_id == IWL_MVM_INVALID_STA)
7090 ++ return 0;
7091 ++
7092 + igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_NOT_VALID);
7093 + } else {
7094 + struct ieee80211_key_seq seq;
7095 +@@ -3575,9 +3579,9 @@ int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
7096 + IWL_DEBUG_WEP(mvm, "mvm remove dynamic key: idx=%d sta=%d\n",
7097 + keyconf->keyidx, sta_id);
7098 +
7099 +- if (mvm_sta && (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
7100 +- keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
7101 +- keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256))
7102 ++ if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
7103 ++ keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
7104 ++ keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256)
7105 + return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true);
7106 +
7107 + if (!__test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table)) {
7108 +diff --git a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
7109 +index 6dd835f1efc2..fbfa0b15d0c8 100644
7110 +--- a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
7111 ++++ b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
7112 +@@ -232,6 +232,7 @@ static int mwifiex_process_country_ie(struct mwifiex_private *priv,
7113 +
7114 + if (country_ie_len >
7115 + (IEEE80211_COUNTRY_STRING_LEN + MWIFIEX_MAX_TRIPLET_802_11D)) {
7116 ++ rcu_read_unlock();
7117 + mwifiex_dbg(priv->adapter, ERROR,
7118 + "11D: country_ie_len overflow!, deauth AP\n");
7119 + return -EINVAL;
7120 +diff --git a/drivers/nfc/pn544/pn544.c b/drivers/nfc/pn544/pn544.c
7121 +index cda996f6954e..2b83156efe3f 100644
7122 +--- a/drivers/nfc/pn544/pn544.c
7123 ++++ b/drivers/nfc/pn544/pn544.c
7124 +@@ -693,7 +693,7 @@ static int pn544_hci_check_presence(struct nfc_hci_dev *hdev,
7125 + target->nfcid1_len != 10)
7126 + return -EOPNOTSUPP;
7127 +
7128 +- return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
7129 ++ return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
7130 + PN544_RF_READER_CMD_ACTIVATE_NEXT,
7131 + target->nfcid1, target->nfcid1_len, NULL);
7132 + } else if (target->supported_protocols & (NFC_PROTO_JEWEL_MASK |
7133 +diff --git a/drivers/nvme/target/fabrics-cmd.c b/drivers/nvme/target/fabrics-cmd.c
7134 +index d16b55ffe79f..4e9004fe5c6f 100644
7135 +--- a/drivers/nvme/target/fabrics-cmd.c
7136 ++++ b/drivers/nvme/target/fabrics-cmd.c
7137 +@@ -105,6 +105,7 @@ static u16 nvmet_install_queue(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
7138 + u16 qid = le16_to_cpu(c->qid);
7139 + u16 sqsize = le16_to_cpu(c->sqsize);
7140 + struct nvmet_ctrl *old;
7141 ++ u16 ret;
7142 +
7143 + old = cmpxchg(&req->sq->ctrl, NULL, ctrl);
7144 + if (old) {
7145 +@@ -115,7 +116,8 @@ static u16 nvmet_install_queue(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
7146 + if (!sqsize) {
7147 + pr_warn("queue size zero!\n");
7148 + req->error_loc = offsetof(struct nvmf_connect_command, sqsize);
7149 +- return NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
7150 ++ ret = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
7151 ++ goto err;
7152 + }
7153 +
7154 + /* note: convert queue size from 0's-based value to 1's-based value */
7155 +@@ -128,16 +130,19 @@ static u16 nvmet_install_queue(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
7156 + }
7157 +
7158 + if (ctrl->ops->install_queue) {
7159 +- u16 ret = ctrl->ops->install_queue(req->sq);
7160 +-
7161 ++ ret = ctrl->ops->install_queue(req->sq);
7162 + if (ret) {
7163 + pr_err("failed to install queue %d cntlid %d ret %x\n",
7164 +- qid, ret, ctrl->cntlid);
7165 +- return ret;
7166 ++ qid, ctrl->cntlid, ret);
7167 ++ goto err;
7168 + }
7169 + }
7170 +
7171 + return 0;
7172 ++
7173 ++err:
7174 ++ req->sq->ctrl = NULL;
7175 ++ return ret;
7176 + }
7177 +
7178 + static void nvmet_execute_admin_connect(struct nvmet_req *req)
7179 +diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
7180 +index 057d1ff87d5d..960542dea5ad 100644
7181 +--- a/drivers/nvmem/core.c
7182 ++++ b/drivers/nvmem/core.c
7183 +@@ -110,7 +110,7 @@ static void nvmem_cell_drop(struct nvmem_cell *cell)
7184 + list_del(&cell->node);
7185 + mutex_unlock(&nvmem_mutex);
7186 + of_node_put(cell->np);
7187 +- kfree(cell->name);
7188 ++ kfree_const(cell->name);
7189 + kfree(cell);
7190 + }
7191 +
7192 +@@ -137,7 +137,9 @@ static int nvmem_cell_info_to_nvmem_cell(struct nvmem_device *nvmem,
7193 + cell->nvmem = nvmem;
7194 + cell->offset = info->offset;
7195 + cell->bytes = info->bytes;
7196 +- cell->name = info->name;
7197 ++ cell->name = kstrdup_const(info->name, GFP_KERNEL);
7198 ++ if (!cell->name)
7199 ++ return -ENOMEM;
7200 +
7201 + cell->bit_offset = info->bit_offset;
7202 + cell->nbits = info->nbits;
7203 +@@ -327,7 +329,7 @@ static int nvmem_add_cells_from_of(struct nvmem_device *nvmem)
7204 + dev_err(dev, "cell %s unaligned to nvmem stride %d\n",
7205 + cell->name, nvmem->stride);
7206 + /* Cells already added will be freed later. */
7207 +- kfree(cell->name);
7208 ++ kfree_const(cell->name);
7209 + kfree(cell);
7210 + return -EINVAL;
7211 + }
7212 +diff --git a/drivers/of/Kconfig b/drivers/of/Kconfig
7213 +index 37c2ccbefecd..d91618641be6 100644
7214 +--- a/drivers/of/Kconfig
7215 ++++ b/drivers/of/Kconfig
7216 +@@ -103,4 +103,8 @@ config OF_OVERLAY
7217 + config OF_NUMA
7218 + bool
7219 +
7220 ++config OF_DMA_DEFAULT_COHERENT
7221 ++ # arches should select this if DMA is coherent by default for OF devices
7222 ++ bool
7223 ++
7224 + endif # OF
7225 +diff --git a/drivers/of/address.c b/drivers/of/address.c
7226 +index 978427a9d5e6..8f74c4626e0e 100644
7227 +--- a/drivers/of/address.c
7228 ++++ b/drivers/of/address.c
7229 +@@ -998,12 +998,16 @@ EXPORT_SYMBOL_GPL(of_dma_get_range);
7230 + * @np: device node
7231 + *
7232 + * It returns true if "dma-coherent" property was found
7233 +- * for this device in DT.
7234 ++ * for this device in the DT, or if DMA is coherent by
7235 ++ * default for OF devices on the current platform.
7236 + */
7237 + bool of_dma_is_coherent(struct device_node *np)
7238 + {
7239 + struct device_node *node = of_node_get(np);
7240 +
7241 ++ if (IS_ENABLED(CONFIG_OF_DMA_DEFAULT_COHERENT))
7242 ++ return true;
7243 ++
7244 + while (node) {
7245 + if (of_property_read_bool(node, "dma-coherent")) {
7246 + of_node_put(node);
7247 +diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c
7248 +index af677254a072..c8c702c494a2 100644
7249 +--- a/drivers/pci/controller/dwc/pci-keystone.c
7250 ++++ b/drivers/pci/controller/dwc/pci-keystone.c
7251 +@@ -422,7 +422,7 @@ static void ks_pcie_setup_rc_app_regs(struct keystone_pcie *ks_pcie)
7252 + lower_32_bits(start) | OB_ENABLEN);
7253 + ks_pcie_app_writel(ks_pcie, OB_OFFSET_HI(i),
7254 + upper_32_bits(start));
7255 +- start += OB_WIN_SIZE;
7256 ++ start += OB_WIN_SIZE * SZ_1M;
7257 + }
7258 +
7259 + val = ks_pcie_app_readl(ks_pcie, CMD_STATUS);
7260 +@@ -510,7 +510,7 @@ static void ks_pcie_stop_link(struct dw_pcie *pci)
7261 + /* Disable Link training */
7262 + val = ks_pcie_app_readl(ks_pcie, CMD_STATUS);
7263 + val &= ~LTSSM_EN_VAL;
7264 +- ks_pcie_app_writel(ks_pcie, CMD_STATUS, LTSSM_EN_VAL | val);
7265 ++ ks_pcie_app_writel(ks_pcie, CMD_STATUS, val);
7266 + }
7267 +
7268 + static int ks_pcie_start_link(struct dw_pcie *pci)
7269 +@@ -1354,7 +1354,7 @@ static int __init ks_pcie_probe(struct platform_device *pdev)
7270 + ret = of_property_read_u32(np, "num-viewport", &num_viewport);
7271 + if (ret < 0) {
7272 + dev_err(dev, "unable to read *num-viewport* property\n");
7273 +- return ret;
7274 ++ goto err_get_sync;
7275 + }
7276 +
7277 + /*
7278 +diff --git a/drivers/pci/controller/pci-tegra.c b/drivers/pci/controller/pci-tegra.c
7279 +index 673a1725ef38..090b632965e2 100644
7280 +--- a/drivers/pci/controller/pci-tegra.c
7281 ++++ b/drivers/pci/controller/pci-tegra.c
7282 +@@ -2798,7 +2798,7 @@ static int tegra_pcie_probe(struct platform_device *pdev)
7283 +
7284 + pm_runtime_enable(pcie->dev);
7285 + err = pm_runtime_get_sync(pcie->dev);
7286 +- if (err) {
7287 ++ if (err < 0) {
7288 + dev_err(dev, "fail to enable pcie controller: %d\n", err);
7289 + goto teardown_msi;
7290 + }
7291 +diff --git a/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c b/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c
7292 +index 42bc5150dd92..febe0aef68d4 100644
7293 +--- a/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c
7294 ++++ b/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c
7295 +@@ -80,7 +80,7 @@ static int read_poll_timeout(void __iomem *addr, u32 mask)
7296 + if (readl_relaxed(addr) & mask)
7297 + return 0;
7298 +
7299 +- usleep_range(DELAY_INTERVAL_US, DELAY_INTERVAL_US + 50);
7300 ++ usleep_range(DELAY_INTERVAL_US, DELAY_INTERVAL_US + 50);
7301 + } while (!time_after(jiffies, timeout));
7302 +
7303 + return (readl_relaxed(addr) & mask) ? 0 : -ETIMEDOUT;
7304 +diff --git a/drivers/platform/x86/intel_scu_ipc.c b/drivers/platform/x86/intel_scu_ipc.c
7305 +index cdab916fbf92..e330ec73c465 100644
7306 +--- a/drivers/platform/x86/intel_scu_ipc.c
7307 ++++ b/drivers/platform/x86/intel_scu_ipc.c
7308 +@@ -67,26 +67,22 @@
7309 + struct intel_scu_ipc_pdata_t {
7310 + u32 i2c_base;
7311 + u32 i2c_len;
7312 +- u8 irq_mode;
7313 + };
7314 +
7315 + static const struct intel_scu_ipc_pdata_t intel_scu_ipc_lincroft_pdata = {
7316 + .i2c_base = 0xff12b000,
7317 + .i2c_len = 0x10,
7318 +- .irq_mode = 0,
7319 + };
7320 +
7321 + /* Penwell and Cloverview */
7322 + static const struct intel_scu_ipc_pdata_t intel_scu_ipc_penwell_pdata = {
7323 + .i2c_base = 0xff12b000,
7324 + .i2c_len = 0x10,
7325 +- .irq_mode = 1,
7326 + };
7327 +
7328 + static const struct intel_scu_ipc_pdata_t intel_scu_ipc_tangier_pdata = {
7329 + .i2c_base = 0xff00d000,
7330 + .i2c_len = 0x10,
7331 +- .irq_mode = 0,
7332 + };
7333 +
7334 + struct intel_scu_ipc_dev {
7335 +@@ -99,6 +95,9 @@ struct intel_scu_ipc_dev {
7336 +
7337 + static struct intel_scu_ipc_dev ipcdev; /* Only one for now */
7338 +
7339 ++#define IPC_STATUS 0x04
7340 ++#define IPC_STATUS_IRQ BIT(2)
7341 ++
7342 + /*
7343 + * IPC Read Buffer (Read Only):
7344 + * 16 byte buffer for receiving data from SCU, if IPC command
7345 +@@ -120,11 +119,8 @@ static DEFINE_MUTEX(ipclock); /* lock used to prevent multiple call to SCU */
7346 + */
7347 + static inline void ipc_command(struct intel_scu_ipc_dev *scu, u32 cmd)
7348 + {
7349 +- if (scu->irq_mode) {
7350 +- reinit_completion(&scu->cmd_complete);
7351 +- writel(cmd | IPC_IOC, scu->ipc_base);
7352 +- }
7353 +- writel(cmd, scu->ipc_base);
7354 ++ reinit_completion(&scu->cmd_complete);
7355 ++ writel(cmd | IPC_IOC, scu->ipc_base);
7356 + }
7357 +
7358 + /*
7359 +@@ -610,9 +606,10 @@ EXPORT_SYMBOL(intel_scu_ipc_i2c_cntrl);
7360 + static irqreturn_t ioc(int irq, void *dev_id)
7361 + {
7362 + struct intel_scu_ipc_dev *scu = dev_id;
7363 ++ int status = ipc_read_status(scu);
7364 +
7365 +- if (scu->irq_mode)
7366 +- complete(&scu->cmd_complete);
7367 ++ writel(status | IPC_STATUS_IRQ, scu->ipc_base + IPC_STATUS);
7368 ++ complete(&scu->cmd_complete);
7369 +
7370 + return IRQ_HANDLED;
7371 + }
7372 +@@ -638,8 +635,6 @@ static int ipc_probe(struct pci_dev *pdev, const struct pci_device_id *id)
7373 + if (!pdata)
7374 + return -ENODEV;
7375 +
7376 +- scu->irq_mode = pdata->irq_mode;
7377 +-
7378 + err = pcim_enable_device(pdev);
7379 + if (err)
7380 + return err;
7381 +diff --git a/drivers/power/supply/axp20x_ac_power.c b/drivers/power/supply/axp20x_ac_power.c
7382 +index 0d34a932b6d5..f74b0556bb6b 100644
7383 +--- a/drivers/power/supply/axp20x_ac_power.c
7384 ++++ b/drivers/power/supply/axp20x_ac_power.c
7385 +@@ -23,6 +23,8 @@
7386 + #define AXP20X_PWR_STATUS_ACIN_PRESENT BIT(7)
7387 + #define AXP20X_PWR_STATUS_ACIN_AVAIL BIT(6)
7388 +
7389 ++#define AXP813_ACIN_PATH_SEL BIT(7)
7390 ++
7391 + #define AXP813_VHOLD_MASK GENMASK(5, 3)
7392 + #define AXP813_VHOLD_UV_TO_BIT(x) ((((x) / 100000) - 40) << 3)
7393 + #define AXP813_VHOLD_REG_TO_UV(x) \
7394 +@@ -40,6 +42,7 @@ struct axp20x_ac_power {
7395 + struct power_supply *supply;
7396 + struct iio_channel *acin_v;
7397 + struct iio_channel *acin_i;
7398 ++ bool has_acin_path_sel;
7399 + };
7400 +
7401 + static irqreturn_t axp20x_ac_power_irq(int irq, void *devid)
7402 +@@ -86,6 +89,17 @@ static int axp20x_ac_power_get_property(struct power_supply *psy,
7403 + return ret;
7404 +
7405 + val->intval = !!(reg & AXP20X_PWR_STATUS_ACIN_AVAIL);
7406 ++
7407 ++ /* ACIN_PATH_SEL disables ACIN even if ACIN_AVAIL is set. */
7408 ++ if (val->intval && power->has_acin_path_sel) {
7409 ++ ret = regmap_read(power->regmap, AXP813_ACIN_PATH_CTRL,
7410 ++ &reg);
7411 ++ if (ret)
7412 ++ return ret;
7413 ++
7414 ++ val->intval = !!(reg & AXP813_ACIN_PATH_SEL);
7415 ++ }
7416 ++
7417 + return 0;
7418 +
7419 + case POWER_SUPPLY_PROP_VOLTAGE_NOW:
7420 +@@ -224,21 +238,25 @@ static const struct power_supply_desc axp813_ac_power_desc = {
7421 + struct axp_data {
7422 + const struct power_supply_desc *power_desc;
7423 + bool acin_adc;
7424 ++ bool acin_path_sel;
7425 + };
7426 +
7427 + static const struct axp_data axp20x_data = {
7428 +- .power_desc = &axp20x_ac_power_desc,
7429 +- .acin_adc = true,
7430 ++ .power_desc = &axp20x_ac_power_desc,
7431 ++ .acin_adc = true,
7432 ++ .acin_path_sel = false,
7433 + };
7434 +
7435 + static const struct axp_data axp22x_data = {
7436 +- .power_desc = &axp22x_ac_power_desc,
7437 +- .acin_adc = false,
7438 ++ .power_desc = &axp22x_ac_power_desc,
7439 ++ .acin_adc = false,
7440 ++ .acin_path_sel = false,
7441 + };
7442 +
7443 + static const struct axp_data axp813_data = {
7444 +- .power_desc = &axp813_ac_power_desc,
7445 +- .acin_adc = false,
7446 ++ .power_desc = &axp813_ac_power_desc,
7447 ++ .acin_adc = false,
7448 ++ .acin_path_sel = true,
7449 + };
7450 +
7451 + static int axp20x_ac_power_probe(struct platform_device *pdev)
7452 +@@ -282,6 +300,7 @@ static int axp20x_ac_power_probe(struct platform_device *pdev)
7453 + }
7454 +
7455 + power->regmap = dev_get_regmap(pdev->dev.parent, NULL);
7456 ++ power->has_acin_path_sel = axp_data->acin_path_sel;
7457 +
7458 + platform_set_drvdata(pdev, power);
7459 +
7460 +diff --git a/drivers/power/supply/ltc2941-battery-gauge.c b/drivers/power/supply/ltc2941-battery-gauge.c
7461 +index da49436176cd..30a9014b2f95 100644
7462 +--- a/drivers/power/supply/ltc2941-battery-gauge.c
7463 ++++ b/drivers/power/supply/ltc2941-battery-gauge.c
7464 +@@ -449,7 +449,7 @@ static int ltc294x_i2c_remove(struct i2c_client *client)
7465 + {
7466 + struct ltc294x_info *info = i2c_get_clientdata(client);
7467 +
7468 +- cancel_delayed_work(&info->work);
7469 ++ cancel_delayed_work_sync(&info->work);
7470 + power_supply_unregister(info->supply);
7471 + return 0;
7472 + }
7473 +diff --git a/drivers/regulator/helpers.c b/drivers/regulator/helpers.c
7474 +index ca3dc3f3bb29..bb16c465426e 100644
7475 +--- a/drivers/regulator/helpers.c
7476 ++++ b/drivers/regulator/helpers.c
7477 +@@ -13,6 +13,8 @@
7478 + #include <linux/regulator/driver.h>
7479 + #include <linux/module.h>
7480 +
7481 ++#include "internal.h"
7482 ++
7483 + /**
7484 + * regulator_is_enabled_regmap - standard is_enabled() for regmap users
7485 + *
7486 +@@ -881,3 +883,15 @@ void regulator_bulk_set_supply_names(struct regulator_bulk_data *consumers,
7487 + consumers[i].supply = supply_names[i];
7488 + }
7489 + EXPORT_SYMBOL_GPL(regulator_bulk_set_supply_names);
7490 ++
7491 ++/**
7492 ++ * regulator_is_equal - test whether two regulators are the same
7493 ++ *
7494 ++ * @reg1: first regulator to operate on
7495 ++ * @reg2: second regulator to operate on
7496 ++ */
7497 ++bool regulator_is_equal(struct regulator *reg1, struct regulator *reg2)
7498 ++{
7499 ++ return reg1->rdev == reg2->rdev;
7500 ++}
7501 ++EXPORT_SYMBOL_GPL(regulator_is_equal);
7502 +diff --git a/drivers/scsi/csiostor/csio_scsi.c b/drivers/scsi/csiostor/csio_scsi.c
7503 +index 469d0bc9f5fe..00cf33573136 100644
7504 +--- a/drivers/scsi/csiostor/csio_scsi.c
7505 ++++ b/drivers/scsi/csiostor/csio_scsi.c
7506 +@@ -1383,7 +1383,7 @@ csio_device_reset(struct device *dev,
7507 + return -EINVAL;
7508 +
7509 + /* Delete NPIV lnodes */
7510 +- csio_lnodes_exit(hw, 1);
7511 ++ csio_lnodes_exit(hw, 1);
7512 +
7513 + /* Block upper IOs */
7514 + csio_lnodes_block_request(hw);
7515 +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
7516 +index 42cf38c1ea99..0cbe6740e0c9 100644
7517 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c
7518 ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c
7519 +@@ -4392,7 +4392,8 @@ dcmd_timeout_ocr_possible(struct megasas_instance *instance) {
7520 + if (instance->adapter_type == MFI_SERIES)
7521 + return KILL_ADAPTER;
7522 + else if (instance->unload ||
7523 +- test_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags))
7524 ++ test_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE,
7525 ++ &instance->reset_flags))
7526 + return IGNORE_TIMEOUT;
7527 + else
7528 + return INITIATE_OCR;
7529 +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
7530 +index e301458bcbae..46bc062d873e 100644
7531 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
7532 ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
7533 +@@ -4847,6 +4847,7 @@ int megasas_reset_fusion(struct Scsi_Host *shost, int reason)
7534 + if (instance->requestorId && !instance->skip_heartbeat_timer_del)
7535 + del_timer_sync(&instance->sriov_heartbeat_timer);
7536 + set_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags);
7537 ++ set_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, &instance->reset_flags);
7538 + atomic_set(&instance->adprecovery, MEGASAS_ADPRESET_SM_POLLING);
7539 + instance->instancet->disable_intr(instance);
7540 + megasas_sync_irqs((unsigned long)instance);
7541 +@@ -5046,7 +5047,7 @@ kill_hba:
7542 + instance->skip_heartbeat_timer_del = 1;
7543 + retval = FAILED;
7544 + out:
7545 +- clear_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags);
7546 ++ clear_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, &instance->reset_flags);
7547 + mutex_unlock(&instance->reset_mutex);
7548 + return retval;
7549 + }
7550 +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
7551 +index c013c80fe4e6..dd2e37e40d6b 100644
7552 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
7553 ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
7554 +@@ -89,6 +89,7 @@ enum MR_RAID_FLAGS_IO_SUB_TYPE {
7555 +
7556 + #define MEGASAS_FP_CMD_LEN 16
7557 + #define MEGASAS_FUSION_IN_RESET 0
7558 ++#define MEGASAS_FUSION_OCR_NOT_POSSIBLE 1
7559 + #define RAID_1_PEER_CMDS 2
7560 + #define JBOD_MAPS_COUNT 2
7561 + #define MEGASAS_REDUCE_QD_COUNT 64
7562 +diff --git a/drivers/scsi/qla2xxx/qla_dbg.c b/drivers/scsi/qla2xxx/qla_dbg.c
7563 +index 30afc59c1870..7bbff91f8883 100644
7564 +--- a/drivers/scsi/qla2xxx/qla_dbg.c
7565 ++++ b/drivers/scsi/qla2xxx/qla_dbg.c
7566 +@@ -2519,12 +2519,6 @@ qla83xx_fw_dump_failed:
7567 + /* Driver Debug Functions. */
7568 + /****************************************************************************/
7569 +
7570 +-static inline int
7571 +-ql_mask_match(uint level)
7572 +-{
7573 +- return (level & ql2xextended_error_logging) == level;
7574 +-}
7575 +-
7576 + /*
7577 + * This function is for formatting and logging debug information.
7578 + * It is to be used when vha is available. It formats the message
7579 +diff --git a/drivers/scsi/qla2xxx/qla_dbg.h b/drivers/scsi/qla2xxx/qla_dbg.h
7580 +index bb01b680ce9f..433e95502808 100644
7581 +--- a/drivers/scsi/qla2xxx/qla_dbg.h
7582 ++++ b/drivers/scsi/qla2xxx/qla_dbg.h
7583 +@@ -374,3 +374,9 @@ extern int qla24xx_dump_ram(struct qla_hw_data *, uint32_t, uint32_t *,
7584 + extern void qla24xx_pause_risc(struct device_reg_24xx __iomem *,
7585 + struct qla_hw_data *);
7586 + extern int qla24xx_soft_reset(struct qla_hw_data *);
7587 ++
7588 ++static inline int
7589 ++ql_mask_match(uint level)
7590 ++{
7591 ++ return (level & ql2xextended_error_logging) == level;
7592 ++}
7593 +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
7594 +index 1eb3fe281cc3..c57b95a20688 100644
7595 +--- a/drivers/scsi/qla2xxx/qla_def.h
7596 ++++ b/drivers/scsi/qla2xxx/qla_def.h
7597 +@@ -2402,6 +2402,7 @@ typedef struct fc_port {
7598 + unsigned int scan_needed:1;
7599 + unsigned int n2n_flag:1;
7600 + unsigned int explicit_logout:1;
7601 ++ unsigned int prli_pend_timer:1;
7602 +
7603 + struct completion nvme_del_done;
7604 + uint32_t nvme_prli_service_param;
7605 +@@ -2428,6 +2429,7 @@ typedef struct fc_port {
7606 + struct work_struct free_work;
7607 + struct work_struct reg_work;
7608 + uint64_t jiffies_at_registration;
7609 ++ unsigned long prli_expired;
7610 + struct qlt_plogi_ack_t *plogi_link[QLT_PLOGI_LINK_MAX];
7611 +
7612 + uint16_t tgt_id;
7613 +@@ -4821,6 +4823,9 @@ struct sff_8247_a0 {
7614 + ha->current_topology == ISP_CFG_N || \
7615 + !ha->current_topology)
7616 +
7617 ++#define PRLI_PHASE(_cls) \
7618 ++ ((_cls == DSC_LS_PRLI_PEND) || (_cls == DSC_LS_PRLI_COMP))
7619 ++
7620 + #include "qla_target.h"
7621 + #include "qla_gbl.h"
7622 + #include "qla_dbg.h"
7623 +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
7624 +index 9ffaa920fc8f..ac4c47fc5f4c 100644
7625 +--- a/drivers/scsi/qla2xxx/qla_init.c
7626 ++++ b/drivers/scsi/qla2xxx/qla_init.c
7627 +@@ -686,7 +686,7 @@ static void qla24xx_handle_gnl_done_event(scsi_qla_host_t *vha,
7628 + port_id_t id;
7629 + u64 wwn;
7630 + u16 data[2];
7631 +- u8 current_login_state;
7632 ++ u8 current_login_state, nvme_cls;
7633 +
7634 + fcport = ea->fcport;
7635 + ql_dbg(ql_dbg_disc, vha, 0xffff,
7636 +@@ -745,10 +745,17 @@ static void qla24xx_handle_gnl_done_event(scsi_qla_host_t *vha,
7637 +
7638 + loop_id = le16_to_cpu(e->nport_handle);
7639 + loop_id = (loop_id & 0x7fff);
7640 +- if (fcport->fc4f_nvme)
7641 +- current_login_state = e->current_login_state >> 4;
7642 +- else
7643 +- current_login_state = e->current_login_state & 0xf;
7644 ++ nvme_cls = e->current_login_state >> 4;
7645 ++ current_login_state = e->current_login_state & 0xf;
7646 ++
7647 ++ if (PRLI_PHASE(nvme_cls)) {
7648 ++ current_login_state = nvme_cls;
7649 ++ fcport->fc4_type &= ~FS_FC4TYPE_FCP;
7650 ++ fcport->fc4_type |= FS_FC4TYPE_NVME;
7651 ++ } else if (PRLI_PHASE(current_login_state)) {
7652 ++ fcport->fc4_type |= FS_FC4TYPE_FCP;
7653 ++ fcport->fc4_type &= ~FS_FC4TYPE_NVME;
7654 ++ }
7655 +
7656 +
7657 + ql_dbg(ql_dbg_disc, vha, 0x20e2,
7658 +@@ -1219,12 +1226,19 @@ qla24xx_async_prli(struct scsi_qla_host *vha, fc_port_t *fcport)
7659 + struct srb_iocb *lio;
7660 + int rval = QLA_FUNCTION_FAILED;
7661 +
7662 +- if (!vha->flags.online)
7663 ++ if (!vha->flags.online) {
7664 ++ ql_dbg(ql_dbg_disc, vha, 0xffff, "%s %d %8phC exit\n",
7665 ++ __func__, __LINE__, fcport->port_name);
7666 + return rval;
7667 ++ }
7668 +
7669 +- if (fcport->fw_login_state == DSC_LS_PLOGI_PEND ||
7670 +- fcport->fw_login_state == DSC_LS_PRLI_PEND)
7671 ++ if ((fcport->fw_login_state == DSC_LS_PLOGI_PEND ||
7672 ++ fcport->fw_login_state == DSC_LS_PRLI_PEND) &&
7673 ++ qla_dual_mode_enabled(vha)) {
7674 ++ ql_dbg(ql_dbg_disc, vha, 0xffff, "%s %d %8phC exit\n",
7675 ++ __func__, __LINE__, fcport->port_name);
7676 + return rval;
7677 ++ }
7678 +
7679 + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL);
7680 + if (!sp)
7681 +@@ -1602,6 +1616,10 @@ int qla24xx_fcport_handle_login(struct scsi_qla_host *vha, fc_port_t *fcport)
7682 + break;
7683 + default:
7684 + if (fcport->login_pause) {
7685 ++ ql_dbg(ql_dbg_disc, vha, 0x20d8,
7686 ++ "%s %d %8phC exit\n",
7687 ++ __func__, __LINE__,
7688 ++ fcport->port_name);
7689 + fcport->last_rscn_gen = fcport->rscn_gen;
7690 + fcport->last_login_gen = fcport->login_gen;
7691 + set_bit(RELOGIN_NEEDED, &vha->dpc_flags);
7692 +diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
7693 +index 7c5f2736ebee..3e9c5768815e 100644
7694 +--- a/drivers/scsi/qla2xxx/qla_isr.c
7695 ++++ b/drivers/scsi/qla2xxx/qla_isr.c
7696 +@@ -1897,6 +1897,18 @@ static void qla24xx_nvme_iocb_entry(scsi_qla_host_t *vha, struct req_que *req,
7697 + inbuf = (uint32_t *)&sts->nvme_ersp_data;
7698 + outbuf = (uint32_t *)fd->rspaddr;
7699 + iocb->u.nvme.rsp_pyld_len = le16_to_cpu(sts->nvme_rsp_pyld_len);
7700 ++ if (unlikely(iocb->u.nvme.rsp_pyld_len >
7701 ++ sizeof(struct nvme_fc_ersp_iu))) {
7702 ++ if (ql_mask_match(ql_dbg_io)) {
7703 ++ WARN_ONCE(1, "Unexpected response payload length %u.\n",
7704 ++ iocb->u.nvme.rsp_pyld_len);
7705 ++ ql_log(ql_log_warn, fcport->vha, 0x5100,
7706 ++ "Unexpected response payload length %u.\n",
7707 ++ iocb->u.nvme.rsp_pyld_len);
7708 ++ }
7709 ++ iocb->u.nvme.rsp_pyld_len =
7710 ++ sizeof(struct nvme_fc_ersp_iu);
7711 ++ }
7712 + iter = iocb->u.nvme.rsp_pyld_len >> 2;
7713 + for (; iter; iter--)
7714 + *outbuf++ = swab32(*inbuf++);
7715 +diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
7716 +index eac76e934cbe..1ef8907314e5 100644
7717 +--- a/drivers/scsi/qla2xxx/qla_mbx.c
7718 ++++ b/drivers/scsi/qla2xxx/qla_mbx.c
7719 +@@ -6151,9 +6151,8 @@ qla2x00_dump_mctp_data(scsi_qla_host_t *vha, dma_addr_t req_dma, uint32_t addr,
7720 + mcp->mb[7] = LSW(MSD(req_dma));
7721 + mcp->mb[8] = MSW(addr);
7722 + /* Setting RAM ID to valid */
7723 +- mcp->mb[10] |= BIT_7;
7724 + /* For MCTP RAM ID is 0x40 */
7725 +- mcp->mb[10] |= 0x40;
7726 ++ mcp->mb[10] = BIT_7 | 0x40;
7727 +
7728 + mcp->out_mb |= MBX_10|MBX_8|MBX_7|MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1|
7729 + MBX_0;
7730 +diff --git a/drivers/scsi/qla2xxx/qla_nx.c b/drivers/scsi/qla2xxx/qla_nx.c
7731 +index 2b2028f2383e..c855d013ba8a 100644
7732 +--- a/drivers/scsi/qla2xxx/qla_nx.c
7733 ++++ b/drivers/scsi/qla2xxx/qla_nx.c
7734 +@@ -1612,8 +1612,7 @@ qla82xx_get_bootld_offset(struct qla_hw_data *ha)
7735 + return (u8 *)&ha->hablob->fw->data[offset];
7736 + }
7737 +
7738 +-static __le32
7739 +-qla82xx_get_fw_size(struct qla_hw_data *ha)
7740 ++static u32 qla82xx_get_fw_size(struct qla_hw_data *ha)
7741 + {
7742 + struct qla82xx_uri_data_desc *uri_desc = NULL;
7743 +
7744 +@@ -1624,7 +1623,7 @@ qla82xx_get_fw_size(struct qla_hw_data *ha)
7745 + return cpu_to_le32(uri_desc->size);
7746 + }
7747 +
7748 +- return cpu_to_le32(*(u32 *)&ha->hablob->fw->data[FW_SIZE_OFFSET]);
7749 ++ return get_unaligned_le32(&ha->hablob->fw->data[FW_SIZE_OFFSET]);
7750 + }
7751 +
7752 + static u8 *
7753 +@@ -1816,7 +1815,7 @@ qla82xx_fw_load_from_blob(struct qla_hw_data *ha)
7754 + }
7755 +
7756 + flashaddr = FLASH_ADDR_START;
7757 +- size = (__force u32)qla82xx_get_fw_size(ha) / 8;
7758 ++ size = qla82xx_get_fw_size(ha) / 8;
7759 + ptr64 = (u64 *)qla82xx_get_fw_offs(ha);
7760 +
7761 + for (i = 0; i < size; i++) {
7762 +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
7763 +index 74a378a91b71..cb8a892e2d39 100644
7764 +--- a/drivers/scsi/qla2xxx/qla_target.c
7765 ++++ b/drivers/scsi/qla2xxx/qla_target.c
7766 +@@ -1257,6 +1257,7 @@ void qlt_schedule_sess_for_deletion(struct fc_port *sess)
7767 + sess->deleted = QLA_SESS_DELETION_IN_PROGRESS;
7768 + spin_unlock_irqrestore(&sess->vha->work_lock, flags);
7769 +
7770 ++ sess->prli_pend_timer = 0;
7771 + sess->disc_state = DSC_DELETE_PEND;
7772 +
7773 + qla24xx_chk_fcp_state(sess);
7774 +diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
7775 +index 2323432a0edb..5504ab11decc 100644
7776 +--- a/drivers/scsi/qla4xxx/ql4_os.c
7777 ++++ b/drivers/scsi/qla4xxx/ql4_os.c
7778 +@@ -4145,7 +4145,7 @@ static void qla4xxx_mem_free(struct scsi_qla_host *ha)
7779 + dma_free_coherent(&ha->pdev->dev, ha->queues_len, ha->queues,
7780 + ha->queues_dma);
7781 +
7782 +- if (ha->fw_dump)
7783 ++ if (ha->fw_dump)
7784 + vfree(ha->fw_dump);
7785 +
7786 + ha->queues_len = 0;
7787 +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
7788 +index 1e38bb967871..0d41a7dc1d6b 100644
7789 +--- a/drivers/scsi/ufs/ufshcd.c
7790 ++++ b/drivers/scsi/ufs/ufshcd.c
7791 +@@ -5023,6 +5023,7 @@ static int ufshcd_disable_auto_bkops(struct ufs_hba *hba)
7792 +
7793 + hba->auto_bkops_enabled = false;
7794 + trace_ufshcd_auto_bkops_state(dev_name(hba->dev), "Disabled");
7795 ++ hba->is_urgent_bkops_lvl_checked = false;
7796 + out:
7797 + return err;
7798 + }
7799 +@@ -5047,6 +5048,7 @@ static void ufshcd_force_reset_auto_bkops(struct ufs_hba *hba)
7800 + hba->ee_ctrl_mask &= ~MASK_EE_URGENT_BKOPS;
7801 + ufshcd_disable_auto_bkops(hba);
7802 + }
7803 ++ hba->is_urgent_bkops_lvl_checked = false;
7804 + }
7805 +
7806 + static inline int ufshcd_get_bkops_status(struct ufs_hba *hba, u32 *status)
7807 +@@ -5093,6 +5095,7 @@ static int ufshcd_bkops_ctrl(struct ufs_hba *hba,
7808 + err = ufshcd_enable_auto_bkops(hba);
7809 + else
7810 + err = ufshcd_disable_auto_bkops(hba);
7811 ++ hba->urgent_bkops_lvl = curr_status;
7812 + out:
7813 + return err;
7814 + }
7815 +diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
7816 +index 1c8b349379af..77c4a9abe365 100644
7817 +--- a/drivers/usb/dwc3/core.h
7818 ++++ b/drivers/usb/dwc3/core.h
7819 +@@ -688,7 +688,9 @@ struct dwc3_ep {
7820 + #define DWC3_EP_STALL BIT(1)
7821 + #define DWC3_EP_WEDGE BIT(2)
7822 + #define DWC3_EP_TRANSFER_STARTED BIT(3)
7823 ++#define DWC3_EP_END_TRANSFER_PENDING BIT(4)
7824 + #define DWC3_EP_PENDING_REQUEST BIT(5)
7825 ++#define DWC3_EP_DELAY_START BIT(6)
7826 +
7827 + /* This last one is specific to EP0 */
7828 + #define DWC3_EP0_DIR_IN BIT(31)
7829 +diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c
7830 +index fd1b100d2927..6dee4dabc0a4 100644
7831 +--- a/drivers/usb/dwc3/ep0.c
7832 ++++ b/drivers/usb/dwc3/ep0.c
7833 +@@ -1136,8 +1136,10 @@ void dwc3_ep0_interrupt(struct dwc3 *dwc,
7834 + case DWC3_DEPEVT_EPCMDCMPLT:
7835 + cmd = DEPEVT_PARAMETER_CMD(event->parameters);
7836 +
7837 +- if (cmd == DWC3_DEPCMD_ENDTRANSFER)
7838 ++ if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
7839 ++ dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
7840 + dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
7841 ++ }
7842 + break;
7843 + }
7844 + }
7845 +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
7846 +index 154f3f3e8cff..8b95be897078 100644
7847 +--- a/drivers/usb/dwc3/gadget.c
7848 ++++ b/drivers/usb/dwc3/gadget.c
7849 +@@ -1447,6 +1447,12 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req)
7850 + list_add_tail(&req->list, &dep->pending_list);
7851 + req->status = DWC3_REQUEST_STATUS_QUEUED;
7852 +
7853 ++ /* Start the transfer only after the END_TRANSFER is completed */
7854 ++ if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) {
7855 ++ dep->flags |= DWC3_EP_DELAY_START;
7856 ++ return 0;
7857 ++ }
7858 ++
7859 + /*
7860 + * NOTICE: Isochronous endpoints should NEVER be prestarted. We must
7861 + * wait for a XferNotReady event so we will know what's the current
7862 +@@ -2625,8 +2631,14 @@ static void dwc3_endpoint_interrupt(struct dwc3 *dwc,
7863 + cmd = DEPEVT_PARAMETER_CMD(event->parameters);
7864 +
7865 + if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
7866 ++ dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
7867 + dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
7868 + dwc3_gadget_ep_cleanup_cancelled_requests(dep);
7869 ++ if ((dep->flags & DWC3_EP_DELAY_START) &&
7870 ++ !usb_endpoint_xfer_isoc(dep->endpoint.desc))
7871 ++ __dwc3_gadget_kick_transfer(dep);
7872 ++
7873 ++ dep->flags &= ~DWC3_EP_DELAY_START;
7874 + }
7875 + break;
7876 + case DWC3_DEPEVT_STREAMEVT:
7877 +@@ -2683,7 +2695,8 @@ static void dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force,
7878 + u32 cmd;
7879 + int ret;
7880 +
7881 +- if (!(dep->flags & DWC3_EP_TRANSFER_STARTED))
7882 ++ if (!(dep->flags & DWC3_EP_TRANSFER_STARTED) ||
7883 ++ (dep->flags & DWC3_EP_END_TRANSFER_PENDING))
7884 + return;
7885 +
7886 + /*
7887 +@@ -2728,6 +2741,8 @@ static void dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force,
7888 +
7889 + if (!interrupt)
7890 + dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
7891 ++ else
7892 ++ dep->flags |= DWC3_EP_END_TRANSFER_PENDING;
7893 +
7894 + if (dwc3_is_usb31(dwc) || dwc->revision < DWC3_REVISION_310A)
7895 + udelay(100);
7896 +diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c
7897 +index 460d5d7c984f..7f5cf488b2b1 100644
7898 +--- a/drivers/usb/gadget/function/f_ecm.c
7899 ++++ b/drivers/usb/gadget/function/f_ecm.c
7900 +@@ -52,6 +52,7 @@ struct f_ecm {
7901 + struct usb_ep *notify;
7902 + struct usb_request *notify_req;
7903 + u8 notify_state;
7904 ++ atomic_t notify_count;
7905 + bool is_open;
7906 +
7907 + /* FIXME is_open needs some irq-ish locking
7908 +@@ -380,7 +381,7 @@ static void ecm_do_notify(struct f_ecm *ecm)
7909 + int status;
7910 +
7911 + /* notification already in flight? */
7912 +- if (!req)
7913 ++ if (atomic_read(&ecm->notify_count))
7914 + return;
7915 +
7916 + event = req->buf;
7917 +@@ -420,10 +421,10 @@ static void ecm_do_notify(struct f_ecm *ecm)
7918 + event->bmRequestType = 0xA1;
7919 + event->wIndex = cpu_to_le16(ecm->ctrl_id);
7920 +
7921 +- ecm->notify_req = NULL;
7922 ++ atomic_inc(&ecm->notify_count);
7923 + status = usb_ep_queue(ecm->notify, req, GFP_ATOMIC);
7924 + if (status < 0) {
7925 +- ecm->notify_req = req;
7926 ++ atomic_dec(&ecm->notify_count);
7927 + DBG(cdev, "notify --> %d\n", status);
7928 + }
7929 + }
7930 +@@ -448,17 +449,19 @@ static void ecm_notify_complete(struct usb_ep *ep, struct usb_request *req)
7931 + switch (req->status) {
7932 + case 0:
7933 + /* no fault */
7934 ++ atomic_dec(&ecm->notify_count);
7935 + break;
7936 + case -ECONNRESET:
7937 + case -ESHUTDOWN:
7938 ++ atomic_set(&ecm->notify_count, 0);
7939 + ecm->notify_state = ECM_NOTIFY_NONE;
7940 + break;
7941 + default:
7942 + DBG(cdev, "event %02x --> %d\n",
7943 + event->bNotificationType, req->status);
7944 ++ atomic_dec(&ecm->notify_count);
7945 + break;
7946 + }
7947 +- ecm->notify_req = req;
7948 + ecm_do_notify(ecm);
7949 + }
7950 +
7951 +@@ -907,6 +910,11 @@ static void ecm_unbind(struct usb_configuration *c, struct usb_function *f)
7952 +
7953 + usb_free_all_descriptors(f);
7954 +
7955 ++ if (atomic_read(&ecm->notify_count)) {
7956 ++ usb_ep_dequeue(ecm->notify, ecm->notify_req);
7957 ++ atomic_set(&ecm->notify_count, 0);
7958 ++ }
7959 ++
7960 + kfree(ecm->notify_req->buf);
7961 + usb_ep_free_request(ecm->notify, ecm->notify_req);
7962 + }
7963 +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
7964 +index 59d9d512dcda..ced2581cf99f 100644
7965 +--- a/drivers/usb/gadget/function/f_fs.c
7966 ++++ b/drivers/usb/gadget/function/f_fs.c
7967 +@@ -1062,6 +1062,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
7968 + req->num_sgs = io_data->sgt.nents;
7969 + } else {
7970 + req->buf = data;
7971 ++ req->num_sgs = 0;
7972 + }
7973 + req->length = data_len;
7974 +
7975 +@@ -1105,6 +1106,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
7976 + req->num_sgs = io_data->sgt.nents;
7977 + } else {
7978 + req->buf = data;
7979 ++ req->num_sgs = 0;
7980 + }
7981 + req->length = data_len;
7982 +
7983 +diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c
7984 +index 2d6e76e4cffa..1d900081b1f0 100644
7985 +--- a/drivers/usb/gadget/function/f_ncm.c
7986 ++++ b/drivers/usb/gadget/function/f_ncm.c
7987 +@@ -53,6 +53,7 @@ struct f_ncm {
7988 + struct usb_ep *notify;
7989 + struct usb_request *notify_req;
7990 + u8 notify_state;
7991 ++ atomic_t notify_count;
7992 + bool is_open;
7993 +
7994 + const struct ndp_parser_opts *parser_opts;
7995 +@@ -547,7 +548,7 @@ static void ncm_do_notify(struct f_ncm *ncm)
7996 + int status;
7997 +
7998 + /* notification already in flight? */
7999 +- if (!req)
8000 ++ if (atomic_read(&ncm->notify_count))
8001 + return;
8002 +
8003 + event = req->buf;
8004 +@@ -587,7 +588,8 @@ static void ncm_do_notify(struct f_ncm *ncm)
8005 + event->bmRequestType = 0xA1;
8006 + event->wIndex = cpu_to_le16(ncm->ctrl_id);
8007 +
8008 +- ncm->notify_req = NULL;
8009 ++ atomic_inc(&ncm->notify_count);
8010 ++
8011 + /*
8012 + * In double buffering if there is a space in FIFO,
8013 + * completion callback can be called right after the call,
8014 +@@ -597,7 +599,7 @@ static void ncm_do_notify(struct f_ncm *ncm)
8015 + status = usb_ep_queue(ncm->notify, req, GFP_ATOMIC);
8016 + spin_lock(&ncm->lock);
8017 + if (status < 0) {
8018 +- ncm->notify_req = req;
8019 ++ atomic_dec(&ncm->notify_count);
8020 + DBG(cdev, "notify --> %d\n", status);
8021 + }
8022 + }
8023 +@@ -632,17 +634,19 @@ static void ncm_notify_complete(struct usb_ep *ep, struct usb_request *req)
8024 + case 0:
8025 + VDBG(cdev, "Notification %02x sent\n",
8026 + event->bNotificationType);
8027 ++ atomic_dec(&ncm->notify_count);
8028 + break;
8029 + case -ECONNRESET:
8030 + case -ESHUTDOWN:
8031 ++ atomic_set(&ncm->notify_count, 0);
8032 + ncm->notify_state = NCM_NOTIFY_NONE;
8033 + break;
8034 + default:
8035 + DBG(cdev, "event %02x --> %d\n",
8036 + event->bNotificationType, req->status);
8037 ++ atomic_dec(&ncm->notify_count);
8038 + break;
8039 + }
8040 +- ncm->notify_req = req;
8041 + ncm_do_notify(ncm);
8042 + spin_unlock(&ncm->lock);
8043 + }
8044 +@@ -1649,6 +1653,11 @@ static void ncm_unbind(struct usb_configuration *c, struct usb_function *f)
8045 + ncm_string_defs[0].id = 0;
8046 + usb_free_all_descriptors(f);
8047 +
8048 ++ if (atomic_read(&ncm->notify_count)) {
8049 ++ usb_ep_dequeue(ncm->notify, ncm->notify_req);
8050 ++ atomic_set(&ncm->notify_count, 0);
8051 ++ }
8052 ++
8053 + kfree(ncm->notify_req->buf);
8054 + usb_ep_free_request(ncm->notify, ncm->notify_req);
8055 + }
8056 +diff --git a/drivers/usb/gadget/legacy/cdc2.c b/drivers/usb/gadget/legacy/cdc2.c
8057 +index da1c37933ca1..8d7a556ece30 100644
8058 +--- a/drivers/usb/gadget/legacy/cdc2.c
8059 ++++ b/drivers/usb/gadget/legacy/cdc2.c
8060 +@@ -225,7 +225,7 @@ static struct usb_composite_driver cdc_driver = {
8061 + .name = "g_cdc",
8062 + .dev = &device_desc,
8063 + .strings = dev_strings,
8064 +- .max_speed = USB_SPEED_HIGH,
8065 ++ .max_speed = USB_SPEED_SUPER,
8066 + .bind = cdc_bind,
8067 + .unbind = cdc_unbind,
8068 + };
8069 +diff --git a/drivers/usb/gadget/legacy/g_ffs.c b/drivers/usb/gadget/legacy/g_ffs.c
8070 +index b640ed3fcf70..ae6d8f7092b8 100644
8071 +--- a/drivers/usb/gadget/legacy/g_ffs.c
8072 ++++ b/drivers/usb/gadget/legacy/g_ffs.c
8073 +@@ -149,7 +149,7 @@ static struct usb_composite_driver gfs_driver = {
8074 + .name = DRIVER_NAME,
8075 + .dev = &gfs_dev_desc,
8076 + .strings = gfs_dev_strings,
8077 +- .max_speed = USB_SPEED_HIGH,
8078 ++ .max_speed = USB_SPEED_SUPER,
8079 + .bind = gfs_bind,
8080 + .unbind = gfs_unbind,
8081 + };
8082 +diff --git a/drivers/usb/gadget/legacy/multi.c b/drivers/usb/gadget/legacy/multi.c
8083 +index 50515f9e1022..ec9749845660 100644
8084 +--- a/drivers/usb/gadget/legacy/multi.c
8085 ++++ b/drivers/usb/gadget/legacy/multi.c
8086 +@@ -482,7 +482,7 @@ static struct usb_composite_driver multi_driver = {
8087 + .name = "g_multi",
8088 + .dev = &device_desc,
8089 + .strings = dev_strings,
8090 +- .max_speed = USB_SPEED_HIGH,
8091 ++ .max_speed = USB_SPEED_SUPER,
8092 + .bind = multi_bind,
8093 + .unbind = multi_unbind,
8094 + .needs_serial = 1,
8095 +diff --git a/drivers/usb/gadget/legacy/ncm.c b/drivers/usb/gadget/legacy/ncm.c
8096 +index 8465f081e921..c61e71ba7045 100644
8097 +--- a/drivers/usb/gadget/legacy/ncm.c
8098 ++++ b/drivers/usb/gadget/legacy/ncm.c
8099 +@@ -197,7 +197,7 @@ static struct usb_composite_driver ncm_driver = {
8100 + .name = "g_ncm",
8101 + .dev = &device_desc,
8102 + .strings = dev_strings,
8103 +- .max_speed = USB_SPEED_HIGH,
8104 ++ .max_speed = USB_SPEED_SUPER,
8105 + .bind = gncm_bind,
8106 + .unbind = gncm_unbind,
8107 + };
8108 +diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c
8109 +index 8b4ff9fff340..753645bb2527 100644
8110 +--- a/drivers/usb/typec/tcpm/tcpci.c
8111 ++++ b/drivers/usb/typec/tcpm/tcpci.c
8112 +@@ -591,6 +591,12 @@ static int tcpci_probe(struct i2c_client *client,
8113 + static int tcpci_remove(struct i2c_client *client)
8114 + {
8115 + struct tcpci_chip *chip = i2c_get_clientdata(client);
8116 ++ int err;
8117 ++
8118 ++ /* Disable chip interrupts before unregistering port */
8119 ++ err = tcpci_write16(chip->tcpci, TCPC_ALERT_MASK, 0);
8120 ++ if (err < 0)
8121 ++ return err;
8122 +
8123 + tcpci_unregister_port(chip->tcpci);
8124 +
8125 +diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
8126 +index 9f4117766bb1..c962d9b370c6 100644
8127 +--- a/drivers/virtio/virtio_balloon.c
8128 ++++ b/drivers/virtio/virtio_balloon.c
8129 +@@ -474,7 +474,9 @@ static int init_vqs(struct virtio_balloon *vb)
8130 + names[VIRTIO_BALLOON_VQ_INFLATE] = "inflate";
8131 + callbacks[VIRTIO_BALLOON_VQ_DEFLATE] = balloon_ack;
8132 + names[VIRTIO_BALLOON_VQ_DEFLATE] = "deflate";
8133 ++ callbacks[VIRTIO_BALLOON_VQ_STATS] = NULL;
8134 + names[VIRTIO_BALLOON_VQ_STATS] = NULL;
8135 ++ callbacks[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL;
8136 + names[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL;
8137 +
8138 + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
8139 +@@ -898,8 +900,7 @@ static int virtballoon_probe(struct virtio_device *vdev)
8140 + vb->vb_dev_info.inode = alloc_anon_inode(balloon_mnt->mnt_sb);
8141 + if (IS_ERR(vb->vb_dev_info.inode)) {
8142 + err = PTR_ERR(vb->vb_dev_info.inode);
8143 +- kern_unmount(balloon_mnt);
8144 +- goto out_del_vqs;
8145 ++ goto out_kern_unmount;
8146 + }
8147 + vb->vb_dev_info.inode->i_mapping->a_ops = &balloon_aops;
8148 + #endif
8149 +@@ -910,13 +911,13 @@ static int virtballoon_probe(struct virtio_device *vdev)
8150 + */
8151 + if (virtqueue_get_vring_size(vb->free_page_vq) < 2) {
8152 + err = -ENOSPC;
8153 +- goto out_del_vqs;
8154 ++ goto out_iput;
8155 + }
8156 + vb->balloon_wq = alloc_workqueue("balloon-wq",
8157 + WQ_FREEZABLE | WQ_CPU_INTENSIVE, 0);
8158 + if (!vb->balloon_wq) {
8159 + err = -ENOMEM;
8160 +- goto out_del_vqs;
8161 ++ goto out_iput;
8162 + }
8163 + INIT_WORK(&vb->report_free_page_work, report_free_page_func);
8164 + vb->cmd_id_received_cache = VIRTIO_BALLOON_CMD_ID_STOP;
8165 +@@ -950,6 +951,12 @@ static int virtballoon_probe(struct virtio_device *vdev)
8166 + out_del_balloon_wq:
8167 + if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
8168 + destroy_workqueue(vb->balloon_wq);
8169 ++out_iput:
8170 ++#ifdef CONFIG_BALLOON_COMPACTION
8171 ++ iput(vb->vb_dev_info.inode);
8172 ++out_kern_unmount:
8173 ++ kern_unmount(balloon_mnt);
8174 ++#endif
8175 + out_del_vqs:
8176 + vdev->config->del_vqs(vdev);
8177 + out_free_vb:
8178 +@@ -965,6 +972,10 @@ static void remove_common(struct virtio_balloon *vb)
8179 + leak_balloon(vb, vb->num_pages);
8180 + update_balloon_size(vb);
8181 +
8182 ++ /* There might be free pages that are being reported: release them. */
8183 ++ if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
8184 ++ return_free_pages_to_mm(vb, ULONG_MAX);
8185 ++
8186 + /* Now we reset the device so we can clean up the queues. */
8187 + vb->vdev->config->reset(vb->vdev);
8188 +
8189 +diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
8190 +index f2862f66c2ac..222d630c41fc 100644
8191 +--- a/drivers/virtio/virtio_pci_common.c
8192 ++++ b/drivers/virtio/virtio_pci_common.c
8193 +@@ -294,7 +294,7 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs,
8194 + /* Best option: one for change interrupt, one per vq. */
8195 + nvectors = 1;
8196 + for (i = 0; i < nvqs; ++i)
8197 +- if (callbacks[i])
8198 ++ if (names[i] && callbacks[i])
8199 + ++nvectors;
8200 + } else {
8201 + /* Second best: one for change, shared for all vqs. */
8202 +diff --git a/drivers/watchdog/watchdog_core.c b/drivers/watchdog/watchdog_core.c
8203 +index 21e8085b848b..861daf4f37b2 100644
8204 +--- a/drivers/watchdog/watchdog_core.c
8205 ++++ b/drivers/watchdog/watchdog_core.c
8206 +@@ -147,6 +147,25 @@ int watchdog_init_timeout(struct watchdog_device *wdd,
8207 + }
8208 + EXPORT_SYMBOL_GPL(watchdog_init_timeout);
8209 +
8210 ++static int watchdog_reboot_notifier(struct notifier_block *nb,
8211 ++ unsigned long code, void *data)
8212 ++{
8213 ++ struct watchdog_device *wdd;
8214 ++
8215 ++ wdd = container_of(nb, struct watchdog_device, reboot_nb);
8216 ++ if (code == SYS_DOWN || code == SYS_HALT) {
8217 ++ if (watchdog_active(wdd)) {
8218 ++ int ret;
8219 ++
8220 ++ ret = wdd->ops->stop(wdd);
8221 ++ if (ret)
8222 ++ return NOTIFY_BAD;
8223 ++ }
8224 ++ }
8225 ++
8226 ++ return NOTIFY_DONE;
8227 ++}
8228 ++
8229 + static int watchdog_restart_notifier(struct notifier_block *nb,
8230 + unsigned long action, void *data)
8231 + {
8232 +@@ -235,6 +254,19 @@ static int __watchdog_register_device(struct watchdog_device *wdd)
8233 + }
8234 + }
8235 +
8236 ++ if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) {
8237 ++ wdd->reboot_nb.notifier_call = watchdog_reboot_notifier;
8238 ++
8239 ++ ret = register_reboot_notifier(&wdd->reboot_nb);
8240 ++ if (ret) {
8241 ++ pr_err("watchdog%d: Cannot register reboot notifier (%d)\n",
8242 ++ wdd->id, ret);
8243 ++ watchdog_dev_unregister(wdd);
8244 ++ ida_simple_remove(&watchdog_ida, id);
8245 ++ return ret;
8246 ++ }
8247 ++ }
8248 ++
8249 + if (wdd->ops->restart) {
8250 + wdd->restart_nb.notifier_call = watchdog_restart_notifier;
8251 +
8252 +@@ -289,6 +321,9 @@ static void __watchdog_unregister_device(struct watchdog_device *wdd)
8253 + if (wdd->ops->restart)
8254 + unregister_restart_handler(&wdd->restart_nb);
8255 +
8256 ++ if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status))
8257 ++ unregister_reboot_notifier(&wdd->reboot_nb);
8258 ++
8259 + watchdog_dev_unregister(wdd);
8260 + ida_simple_remove(&watchdog_ida, wdd->id);
8261 + }
8262 +diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
8263 +index 62483a99105c..ce04edc69e5f 100644
8264 +--- a/drivers/watchdog/watchdog_dev.c
8265 ++++ b/drivers/watchdog/watchdog_dev.c
8266 +@@ -38,7 +38,6 @@
8267 + #include <linux/miscdevice.h> /* For handling misc devices */
8268 + #include <linux/module.h> /* For module stuff/... */
8269 + #include <linux/mutex.h> /* For mutexes */
8270 +-#include <linux/reboot.h> /* For reboot notifier */
8271 + #include <linux/slab.h> /* For memory functions */
8272 + #include <linux/types.h> /* For standard types (like size_t) */
8273 + #include <linux/watchdog.h> /* For watchdog specific items */
8274 +@@ -1077,25 +1076,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
8275 + put_device(&wd_data->dev);
8276 + }
8277 +
8278 +-static int watchdog_reboot_notifier(struct notifier_block *nb,
8279 +- unsigned long code, void *data)
8280 +-{
8281 +- struct watchdog_device *wdd;
8282 +-
8283 +- wdd = container_of(nb, struct watchdog_device, reboot_nb);
8284 +- if (code == SYS_DOWN || code == SYS_HALT) {
8285 +- if (watchdog_active(wdd)) {
8286 +- int ret;
8287 +-
8288 +- ret = wdd->ops->stop(wdd);
8289 +- if (ret)
8290 +- return NOTIFY_BAD;
8291 +- }
8292 +- }
8293 +-
8294 +- return NOTIFY_DONE;
8295 +-}
8296 +-
8297 + /*
8298 + * watchdog_dev_register: register a watchdog device
8299 + * @wdd: watchdog device
8300 +@@ -1114,22 +1094,8 @@ int watchdog_dev_register(struct watchdog_device *wdd)
8301 + return ret;
8302 +
8303 + ret = watchdog_register_pretimeout(wdd);
8304 +- if (ret) {
8305 ++ if (ret)
8306 + watchdog_cdev_unregister(wdd);
8307 +- return ret;
8308 +- }
8309 +-
8310 +- if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) {
8311 +- wdd->reboot_nb.notifier_call = watchdog_reboot_notifier;
8312 +-
8313 +- ret = devm_register_reboot_notifier(&wdd->wd_data->dev,
8314 +- &wdd->reboot_nb);
8315 +- if (ret) {
8316 +- pr_err("watchdog%d: Cannot register reboot notifier (%d)\n",
8317 +- wdd->id, ret);
8318 +- watchdog_dev_unregister(wdd);
8319 +- }
8320 +- }
8321 +
8322 + return ret;
8323 + }
8324 +diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c
8325 +index 6d12fc368210..a8d24433c8e9 100644
8326 +--- a/drivers/xen/xen-balloon.c
8327 ++++ b/drivers/xen/xen-balloon.c
8328 +@@ -94,7 +94,7 @@ static void watch_target(struct xenbus_watch *watch,
8329 + "%llu", &static_max) == 1))
8330 + static_max >>= PAGE_SHIFT - 10;
8331 + else
8332 +- static_max = new_target;
8333 ++ static_max = balloon_stats.current_pages;
8334 +
8335 + target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0
8336 + : static_max - balloon_stats.target_pages;
8337 +diff --git a/fs/aio.c b/fs/aio.c
8338 +index 0d9a559d488c..4115d5ad6b90 100644
8339 +--- a/fs/aio.c
8340 ++++ b/fs/aio.c
8341 +@@ -1610,6 +1610,14 @@ static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb,
8342 + return 0;
8343 + }
8344 +
8345 ++static void aio_poll_put_work(struct work_struct *work)
8346 ++{
8347 ++ struct poll_iocb *req = container_of(work, struct poll_iocb, work);
8348 ++ struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll);
8349 ++
8350 ++ iocb_put(iocb);
8351 ++}
8352 ++
8353 + static void aio_poll_complete_work(struct work_struct *work)
8354 + {
8355 + struct poll_iocb *req = container_of(work, struct poll_iocb, work);
8356 +@@ -1674,6 +1682,8 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
8357 + list_del_init(&req->wait.entry);
8358 +
8359 + if (mask && spin_trylock_irqsave(&iocb->ki_ctx->ctx_lock, flags)) {
8360 ++ struct kioctx *ctx = iocb->ki_ctx;
8361 ++
8362 + /*
8363 + * Try to complete the iocb inline if we can. Use
8364 + * irqsave/irqrestore because not all filesystems (e.g. fuse)
8365 +@@ -1683,8 +1693,14 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
8366 + list_del(&iocb->ki_list);
8367 + iocb->ki_res.res = mangle_poll(mask);
8368 + req->done = true;
8369 +- spin_unlock_irqrestore(&iocb->ki_ctx->ctx_lock, flags);
8370 +- iocb_put(iocb);
8371 ++ if (iocb->ki_eventfd && eventfd_signal_count()) {
8372 ++ iocb = NULL;
8373 ++ INIT_WORK(&req->work, aio_poll_put_work);
8374 ++ schedule_work(&req->work);
8375 ++ }
8376 ++ spin_unlock_irqrestore(&ctx->ctx_lock, flags);
8377 ++ if (iocb)
8378 ++ iocb_put(iocb);
8379 + } else {
8380 + schedule_work(&req->work);
8381 + }
8382 +diff --git a/fs/attr.c b/fs/attr.c
8383 +index df28035aa23e..b4bbdbd4c8ca 100644
8384 +--- a/fs/attr.c
8385 ++++ b/fs/attr.c
8386 +@@ -183,18 +183,12 @@ void setattr_copy(struct inode *inode, const struct iattr *attr)
8387 + inode->i_uid = attr->ia_uid;
8388 + if (ia_valid & ATTR_GID)
8389 + inode->i_gid = attr->ia_gid;
8390 +- if (ia_valid & ATTR_ATIME) {
8391 +- inode->i_atime = timestamp_truncate(attr->ia_atime,
8392 +- inode);
8393 +- }
8394 +- if (ia_valid & ATTR_MTIME) {
8395 +- inode->i_mtime = timestamp_truncate(attr->ia_mtime,
8396 +- inode);
8397 +- }
8398 +- if (ia_valid & ATTR_CTIME) {
8399 +- inode->i_ctime = timestamp_truncate(attr->ia_ctime,
8400 +- inode);
8401 +- }
8402 ++ if (ia_valid & ATTR_ATIME)
8403 ++ inode->i_atime = attr->ia_atime;
8404 ++ if (ia_valid & ATTR_MTIME)
8405 ++ inode->i_mtime = attr->ia_mtime;
8406 ++ if (ia_valid & ATTR_CTIME)
8407 ++ inode->i_ctime = attr->ia_ctime;
8408 + if (ia_valid & ATTR_MODE) {
8409 + umode_t mode = attr->ia_mode;
8410 +
8411 +@@ -268,8 +262,13 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de
8412 + attr->ia_ctime = now;
8413 + if (!(ia_valid & ATTR_ATIME_SET))
8414 + attr->ia_atime = now;
8415 ++ else
8416 ++ attr->ia_atime = timestamp_truncate(attr->ia_atime, inode);
8417 + if (!(ia_valid & ATTR_MTIME_SET))
8418 + attr->ia_mtime = now;
8419 ++ else
8420 ++ attr->ia_mtime = timestamp_truncate(attr->ia_mtime, inode);
8421 ++
8422 + if (ia_valid & ATTR_KILL_PRIV) {
8423 + error = security_inode_need_killpriv(dentry);
8424 + if (error < 0)
8425 +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
8426 +index da9b0f060a9d..a989105d39c8 100644
8427 +--- a/fs/btrfs/ctree.c
8428 ++++ b/fs/btrfs/ctree.c
8429 +@@ -330,12 +330,10 @@ u64 btrfs_get_tree_mod_seq(struct btrfs_fs_info *fs_info,
8430 + struct seq_list *elem)
8431 + {
8432 + write_lock(&fs_info->tree_mod_log_lock);
8433 +- spin_lock(&fs_info->tree_mod_seq_lock);
8434 + if (!elem->seq) {
8435 + elem->seq = btrfs_inc_tree_mod_seq(fs_info);
8436 + list_add_tail(&elem->list, &fs_info->tree_mod_seq_list);
8437 + }
8438 +- spin_unlock(&fs_info->tree_mod_seq_lock);
8439 + write_unlock(&fs_info->tree_mod_log_lock);
8440 +
8441 + return elem->seq;
8442 +@@ -355,7 +353,7 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info,
8443 + if (!seq_putting)
8444 + return;
8445 +
8446 +- spin_lock(&fs_info->tree_mod_seq_lock);
8447 ++ write_lock(&fs_info->tree_mod_log_lock);
8448 + list_del(&elem->list);
8449 + elem->seq = 0;
8450 +
8451 +@@ -366,19 +364,17 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info,
8452 + * blocker with lower sequence number exists, we
8453 + * cannot remove anything from the log
8454 + */
8455 +- spin_unlock(&fs_info->tree_mod_seq_lock);
8456 ++ write_unlock(&fs_info->tree_mod_log_lock);
8457 + return;
8458 + }
8459 + min_seq = cur_elem->seq;
8460 + }
8461 + }
8462 +- spin_unlock(&fs_info->tree_mod_seq_lock);
8463 +
8464 + /*
8465 + * anything that's lower than the lowest existing (read: blocked)
8466 + * sequence number can be removed from the tree.
8467 + */
8468 +- write_lock(&fs_info->tree_mod_log_lock);
8469 + tm_root = &fs_info->tree_mod_log;
8470 + for (node = rb_first(tm_root); node; node = next) {
8471 + next = rb_next(node);
8472 +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
8473 +index 5e9f80b28fcf..290ca193c6c0 100644
8474 +--- a/fs/btrfs/ctree.h
8475 ++++ b/fs/btrfs/ctree.h
8476 +@@ -671,14 +671,12 @@ struct btrfs_fs_info {
8477 + atomic_t nr_delayed_iputs;
8478 + wait_queue_head_t delayed_iputs_wait;
8479 +
8480 +- /* this protects tree_mod_seq_list */
8481 +- spinlock_t tree_mod_seq_lock;
8482 + atomic64_t tree_mod_seq;
8483 +- struct list_head tree_mod_seq_list;
8484 +
8485 +- /* this protects tree_mod_log */
8486 ++ /* this protects tree_mod_log and tree_mod_seq_list */
8487 + rwlock_t tree_mod_log_lock;
8488 + struct rb_root tree_mod_log;
8489 ++ struct list_head tree_mod_seq_list;
8490 +
8491 + atomic_t async_delalloc_pages;
8492 +
8493 +diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c
8494 +index df3bd880061d..dfdb7d4f8406 100644
8495 +--- a/fs/btrfs/delayed-ref.c
8496 ++++ b/fs/btrfs/delayed-ref.c
8497 +@@ -492,7 +492,7 @@ void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans,
8498 + if (head->is_data)
8499 + return;
8500 +
8501 +- spin_lock(&fs_info->tree_mod_seq_lock);
8502 ++ read_lock(&fs_info->tree_mod_log_lock);
8503 + if (!list_empty(&fs_info->tree_mod_seq_list)) {
8504 + struct seq_list *elem;
8505 +
8506 +@@ -500,7 +500,7 @@ void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans,
8507 + struct seq_list, list);
8508 + seq = elem->seq;
8509 + }
8510 +- spin_unlock(&fs_info->tree_mod_seq_lock);
8511 ++ read_unlock(&fs_info->tree_mod_log_lock);
8512 +
8513 + again:
8514 + for (node = rb_first_cached(&head->ref_tree); node;
8515 +@@ -518,7 +518,7 @@ int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, u64 seq)
8516 + struct seq_list *elem;
8517 + int ret = 0;
8518 +
8519 +- spin_lock(&fs_info->tree_mod_seq_lock);
8520 ++ read_lock(&fs_info->tree_mod_log_lock);
8521 + if (!list_empty(&fs_info->tree_mod_seq_list)) {
8522 + elem = list_first_entry(&fs_info->tree_mod_seq_list,
8523 + struct seq_list, list);
8524 +@@ -531,7 +531,7 @@ int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, u64 seq)
8525 + }
8526 + }
8527 +
8528 +- spin_unlock(&fs_info->tree_mod_seq_lock);
8529 ++ read_unlock(&fs_info->tree_mod_log_lock);
8530 + return ret;
8531 + }
8532 +
8533 +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
8534 +index bae334212ee2..7becc5e96f92 100644
8535 +--- a/fs/btrfs/disk-io.c
8536 ++++ b/fs/btrfs/disk-io.c
8537 +@@ -2016,7 +2016,7 @@ static void free_root_extent_buffers(struct btrfs_root *root)
8538 + }
8539 +
8540 + /* helper to cleanup tree roots */
8541 +-static void free_root_pointers(struct btrfs_fs_info *info, int chunk_root)
8542 ++static void free_root_pointers(struct btrfs_fs_info *info, bool free_chunk_root)
8543 + {
8544 + free_root_extent_buffers(info->tree_root);
8545 +
8546 +@@ -2025,7 +2025,7 @@ static void free_root_pointers(struct btrfs_fs_info *info, int chunk_root)
8547 + free_root_extent_buffers(info->csum_root);
8548 + free_root_extent_buffers(info->quota_root);
8549 + free_root_extent_buffers(info->uuid_root);
8550 +- if (chunk_root)
8551 ++ if (free_chunk_root)
8552 + free_root_extent_buffers(info->chunk_root);
8553 + free_root_extent_buffers(info->free_space_root);
8554 + }
8555 +@@ -2652,7 +2652,6 @@ int open_ctree(struct super_block *sb,
8556 + spin_lock_init(&fs_info->fs_roots_radix_lock);
8557 + spin_lock_init(&fs_info->delayed_iput_lock);
8558 + spin_lock_init(&fs_info->defrag_inodes_lock);
8559 +- spin_lock_init(&fs_info->tree_mod_seq_lock);
8560 + spin_lock_init(&fs_info->super_lock);
8561 + spin_lock_init(&fs_info->buffer_lock);
8562 + spin_lock_init(&fs_info->unused_bgs_lock);
8563 +@@ -3324,7 +3323,7 @@ fail_block_groups:
8564 + btrfs_put_block_group_cache(fs_info);
8565 +
8566 + fail_tree_roots:
8567 +- free_root_pointers(fs_info, 1);
8568 ++ free_root_pointers(fs_info, true);
8569 + invalidate_inode_pages2(fs_info->btree_inode->i_mapping);
8570 +
8571 + fail_sb_buffer:
8572 +@@ -3356,7 +3355,7 @@ recovery_tree_root:
8573 + if (!btrfs_test_opt(fs_info, USEBACKUPROOT))
8574 + goto fail_tree_roots;
8575 +
8576 +- free_root_pointers(fs_info, 0);
8577 ++ free_root_pointers(fs_info, false);
8578 +
8579 + /* don't use the log in recovery mode, it won't be valid */
8580 + btrfs_set_super_log_root(disk_super, 0);
8581 +@@ -4047,10 +4046,17 @@ void close_ctree(struct btrfs_fs_info *fs_info)
8582 + invalidate_inode_pages2(fs_info->btree_inode->i_mapping);
8583 + btrfs_stop_all_workers(fs_info);
8584 +
8585 +- btrfs_free_block_groups(fs_info);
8586 +-
8587 + clear_bit(BTRFS_FS_OPEN, &fs_info->flags);
8588 +- free_root_pointers(fs_info, 1);
8589 ++ free_root_pointers(fs_info, true);
8590 ++
8591 ++ /*
8592 ++ * We must free the block groups after dropping the fs_roots as we could
8593 ++ * have had an IO error and have left over tree log blocks that aren't
8594 ++ * cleaned up until the fs roots are freed. This makes the block group
8595 ++ * accounting appear to be wrong because there's pending reserved bytes,
8596 ++ * so make sure we do the block group cleanup afterwards.
8597 ++ */
8598 ++ btrfs_free_block_groups(fs_info);
8599 +
8600 + iput(fs_info->btree_inode);
8601 +
8602 +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
8603 +index 33c6b191ca59..284540cdbbd9 100644
8604 +--- a/fs/btrfs/extent_io.c
8605 ++++ b/fs/btrfs/extent_io.c
8606 +@@ -1583,21 +1583,25 @@ void find_first_clear_extent_bit(struct extent_io_tree *tree, u64 start,
8607 + /* Find first extent with bits cleared */
8608 + while (1) {
8609 + node = __etree_search(tree, start, &next, &prev, NULL, NULL);
8610 +- if (!node) {
8611 ++ if (!node && !next && !prev) {
8612 ++ /*
8613 ++ * Tree is completely empty, send full range and let
8614 ++ * caller deal with it
8615 ++ */
8616 ++ *start_ret = 0;
8617 ++ *end_ret = -1;
8618 ++ goto out;
8619 ++ } else if (!node && !next) {
8620 ++ /*
8621 ++ * We are past the last allocated chunk, set start at
8622 ++ * the end of the last extent.
8623 ++ */
8624 ++ state = rb_entry(prev, struct extent_state, rb_node);
8625 ++ *start_ret = state->end + 1;
8626 ++ *end_ret = -1;
8627 ++ goto out;
8628 ++ } else if (!node) {
8629 + node = next;
8630 +- if (!node) {
8631 +- /*
8632 +- * We are past the last allocated chunk,
8633 +- * set start at the end of the last extent. The
8634 +- * device alloc tree should never be empty so
8635 +- * prev is always set.
8636 +- */
8637 +- ASSERT(prev);
8638 +- state = rb_entry(prev, struct extent_state, rb_node);
8639 +- *start_ret = state->end + 1;
8640 +- *end_ret = -1;
8641 +- goto out;
8642 +- }
8643 + }
8644 + /*
8645 + * At this point 'node' either contains 'start' or start is
8646 +@@ -3938,6 +3942,11 @@ int btree_write_cache_pages(struct address_space *mapping,
8647 + if (wbc->range_cyclic) {
8648 + index = mapping->writeback_index; /* Start from prev offset */
8649 + end = -1;
8650 ++ /*
8651 ++ * Start from the beginning does not need to cycle over the
8652 ++ * range, mark it as scanned.
8653 ++ */
8654 ++ scanned = (index == 0);
8655 + } else {
8656 + index = wbc->range_start >> PAGE_SHIFT;
8657 + end = wbc->range_end >> PAGE_SHIFT;
8658 +@@ -3955,7 +3964,6 @@ retry:
8659 + tag))) {
8660 + unsigned i;
8661 +
8662 +- scanned = 1;
8663 + for (i = 0; i < nr_pages; i++) {
8664 + struct page *page = pvec.pages[i];
8665 +
8666 +@@ -4084,6 +4092,11 @@ static int extent_write_cache_pages(struct address_space *mapping,
8667 + if (wbc->range_cyclic) {
8668 + index = mapping->writeback_index; /* Start from prev offset */
8669 + end = -1;
8670 ++ /*
8671 ++ * Start from the beginning does not need to cycle over the
8672 ++ * range, mark it as scanned.
8673 ++ */
8674 ++ scanned = (index == 0);
8675 + } else {
8676 + index = wbc->range_start >> PAGE_SHIFT;
8677 + end = wbc->range_end >> PAGE_SHIFT;
8678 +@@ -4117,7 +4130,6 @@ retry:
8679 + &index, end, tag))) {
8680 + unsigned i;
8681 +
8682 +- scanned = 1;
8683 + for (i = 0; i < nr_pages; i++) {
8684 + struct page *page = pvec.pages[i];
8685 +
8686 +@@ -4177,7 +4189,16 @@ retry:
8687 + */
8688 + scanned = 1;
8689 + index = 0;
8690 +- goto retry;
8691 ++
8692 ++ /*
8693 ++ * If we're looping we could run into a page that is locked by a
8694 ++ * writer and that writer could be waiting on writeback for a
8695 ++ * page in our current bio, and thus deadlock, so flush the
8696 ++ * write bio here.
8697 ++ */
8698 ++ ret = flush_write_bio(epd);
8699 ++ if (!ret)
8700 ++ goto retry;
8701 + }
8702 +
8703 + if (wbc->range_cyclic || (wbc->nr_to_write > 0 && range_whole))
8704 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
8705 +index 8e86b2d700c4..d88b8d8897cc 100644
8706 +--- a/fs/btrfs/ioctl.c
8707 ++++ b/fs/btrfs/ioctl.c
8708 +@@ -3244,6 +3244,7 @@ static void btrfs_double_extent_lock(struct inode *inode1, u64 loff1,
8709 + static int btrfs_extent_same_range(struct inode *src, u64 loff, u64 len,
8710 + struct inode *dst, u64 dst_loff)
8711 + {
8712 ++ const u64 bs = BTRFS_I(src)->root->fs_info->sb->s_blocksize;
8713 + int ret;
8714 +
8715 + /*
8716 +@@ -3251,7 +3252,7 @@ static int btrfs_extent_same_range(struct inode *src, u64 loff, u64 len,
8717 + * source range to serialize with relocation.
8718 + */
8719 + btrfs_double_extent_lock(src, loff, dst, dst_loff, len);
8720 +- ret = btrfs_clone(src, dst, loff, len, len, dst_loff, 1);
8721 ++ ret = btrfs_clone(src, dst, loff, len, ALIGN(len, bs), dst_loff, 1);
8722 + btrfs_double_extent_unlock(src, loff, dst, dst_loff, len);
8723 +
8724 + return ret;
8725 +diff --git a/fs/btrfs/tests/btrfs-tests.c b/fs/btrfs/tests/btrfs-tests.c
8726 +index 99fe9bf3fdac..98f9684e7ffc 100644
8727 +--- a/fs/btrfs/tests/btrfs-tests.c
8728 ++++ b/fs/btrfs/tests/btrfs-tests.c
8729 +@@ -121,7 +121,6 @@ struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(u32 nodesize, u32 sectorsize)
8730 + spin_lock_init(&fs_info->qgroup_lock);
8731 + spin_lock_init(&fs_info->super_lock);
8732 + spin_lock_init(&fs_info->fs_roots_radix_lock);
8733 +- spin_lock_init(&fs_info->tree_mod_seq_lock);
8734 + mutex_init(&fs_info->qgroup_ioctl_lock);
8735 + mutex_init(&fs_info->qgroup_rescan_lock);
8736 + rwlock_init(&fs_info->tree_mod_log_lock);
8737 +diff --git a/fs/btrfs/tests/extent-io-tests.c b/fs/btrfs/tests/extent-io-tests.c
8738 +index 123d9a614357..df7ce874a74b 100644
8739 +--- a/fs/btrfs/tests/extent-io-tests.c
8740 ++++ b/fs/btrfs/tests/extent-io-tests.c
8741 +@@ -441,8 +441,17 @@ static int test_find_first_clear_extent_bit(void)
8742 + int ret = -EINVAL;
8743 +
8744 + test_msg("running find_first_clear_extent_bit test");
8745 ++
8746 + extent_io_tree_init(NULL, &tree, IO_TREE_SELFTEST, NULL);
8747 +
8748 ++ /* Test correct handling of empty tree */
8749 ++ find_first_clear_extent_bit(&tree, 0, &start, &end, CHUNK_TRIMMED);
8750 ++ if (start != 0 || end != -1) {
8751 ++ test_err(
8752 ++ "error getting a range from completely empty tree: start %llu end %llu",
8753 ++ start, end);
8754 ++ goto out;
8755 ++ }
8756 + /*
8757 + * Set 1M-4M alloc/discard and 32M-64M thus leaving a hole between
8758 + * 4M-32M
8759 +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
8760 +index 8624bdee8c5b..ceffec752234 100644
8761 +--- a/fs/btrfs/transaction.c
8762 ++++ b/fs/btrfs/transaction.c
8763 +@@ -77,13 +77,14 @@ void btrfs_put_transaction(struct btrfs_transaction *transaction)
8764 + }
8765 + }
8766 +
8767 +-static noinline void switch_commit_roots(struct btrfs_transaction *trans)
8768 ++static noinline void switch_commit_roots(struct btrfs_trans_handle *trans)
8769 + {
8770 ++ struct btrfs_transaction *cur_trans = trans->transaction;
8771 + struct btrfs_fs_info *fs_info = trans->fs_info;
8772 + struct btrfs_root *root, *tmp;
8773 +
8774 + down_write(&fs_info->commit_root_sem);
8775 +- list_for_each_entry_safe(root, tmp, &trans->switch_commits,
8776 ++ list_for_each_entry_safe(root, tmp, &cur_trans->switch_commits,
8777 + dirty_list) {
8778 + list_del_init(&root->dirty_list);
8779 + free_extent_buffer(root->commit_root);
8780 +@@ -95,16 +96,17 @@ static noinline void switch_commit_roots(struct btrfs_transaction *trans)
8781 + }
8782 +
8783 + /* We can free old roots now. */
8784 +- spin_lock(&trans->dropped_roots_lock);
8785 +- while (!list_empty(&trans->dropped_roots)) {
8786 +- root = list_first_entry(&trans->dropped_roots,
8787 ++ spin_lock(&cur_trans->dropped_roots_lock);
8788 ++ while (!list_empty(&cur_trans->dropped_roots)) {
8789 ++ root = list_first_entry(&cur_trans->dropped_roots,
8790 + struct btrfs_root, root_list);
8791 + list_del_init(&root->root_list);
8792 +- spin_unlock(&trans->dropped_roots_lock);
8793 ++ spin_unlock(&cur_trans->dropped_roots_lock);
8794 ++ btrfs_free_log(trans, root);
8795 + btrfs_drop_and_free_fs_root(fs_info, root);
8796 +- spin_lock(&trans->dropped_roots_lock);
8797 ++ spin_lock(&cur_trans->dropped_roots_lock);
8798 + }
8799 +- spin_unlock(&trans->dropped_roots_lock);
8800 ++ spin_unlock(&cur_trans->dropped_roots_lock);
8801 + up_write(&fs_info->commit_root_sem);
8802 + }
8803 +
8804 +@@ -1359,7 +1361,7 @@ static int qgroup_account_snapshot(struct btrfs_trans_handle *trans,
8805 + ret = commit_cowonly_roots(trans);
8806 + if (ret)
8807 + goto out;
8808 +- switch_commit_roots(trans->transaction);
8809 ++ switch_commit_roots(trans);
8810 + ret = btrfs_write_and_wait_transaction(trans);
8811 + if (ret)
8812 + btrfs_handle_fs_error(fs_info, ret,
8813 +@@ -1949,6 +1951,14 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
8814 + struct btrfs_transaction *prev_trans = NULL;
8815 + int ret;
8816 +
8817 ++ /*
8818 ++ * Some places just start a transaction to commit it. We need to make
8819 ++ * sure that if this commit fails that the abort code actually marks the
8820 ++ * transaction as failed, so set trans->dirty to make the abort code do
8821 ++ * the right thing.
8822 ++ */
8823 ++ trans->dirty = true;
8824 ++
8825 + /* Stop the commit early if ->aborted is set */
8826 + if (unlikely(READ_ONCE(cur_trans->aborted))) {
8827 + ret = cur_trans->aborted;
8828 +@@ -2237,7 +2247,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
8829 + list_add_tail(&fs_info->chunk_root->dirty_list,
8830 + &cur_trans->switch_commits);
8831 +
8832 +- switch_commit_roots(cur_trans);
8833 ++ switch_commit_roots(trans);
8834 +
8835 + ASSERT(list_empty(&cur_trans->dirty_bgs));
8836 + ASSERT(list_empty(&cur_trans->io_bgs));
8837 +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
8838 +index ab27e6cd9b3e..6f2178618c22 100644
8839 +--- a/fs/btrfs/tree-log.c
8840 ++++ b/fs/btrfs/tree-log.c
8841 +@@ -3953,7 +3953,7 @@ static int log_csums(struct btrfs_trans_handle *trans,
8842 + static noinline int copy_items(struct btrfs_trans_handle *trans,
8843 + struct btrfs_inode *inode,
8844 + struct btrfs_path *dst_path,
8845 +- struct btrfs_path *src_path, u64 *last_extent,
8846 ++ struct btrfs_path *src_path,
8847 + int start_slot, int nr, int inode_only,
8848 + u64 logged_isize)
8849 + {
8850 +@@ -3964,7 +3964,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
8851 + struct btrfs_file_extent_item *extent;
8852 + struct btrfs_inode_item *inode_item;
8853 + struct extent_buffer *src = src_path->nodes[0];
8854 +- struct btrfs_key first_key, last_key, key;
8855 + int ret;
8856 + struct btrfs_key *ins_keys;
8857 + u32 *ins_sizes;
8858 +@@ -3972,9 +3971,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
8859 + int i;
8860 + struct list_head ordered_sums;
8861 + int skip_csum = inode->flags & BTRFS_INODE_NODATASUM;
8862 +- bool has_extents = false;
8863 +- bool need_find_last_extent = true;
8864 +- bool done = false;
8865 +
8866 + INIT_LIST_HEAD(&ordered_sums);
8867 +
8868 +@@ -3983,8 +3979,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
8869 + if (!ins_data)
8870 + return -ENOMEM;
8871 +
8872 +- first_key.objectid = (u64)-1;
8873 +-
8874 + ins_sizes = (u32 *)ins_data;
8875 + ins_keys = (struct btrfs_key *)(ins_data + nr * sizeof(u32));
8876 +
8877 +@@ -4005,9 +3999,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
8878 +
8879 + src_offset = btrfs_item_ptr_offset(src, start_slot + i);
8880 +
8881 +- if (i == nr - 1)
8882 +- last_key = ins_keys[i];
8883 +-
8884 + if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) {
8885 + inode_item = btrfs_item_ptr(dst_path->nodes[0],
8886 + dst_path->slots[0],
8887 +@@ -4021,20 +4012,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
8888 + src_offset, ins_sizes[i]);
8889 + }
8890 +
8891 +- /*
8892 +- * We set need_find_last_extent here in case we know we were
8893 +- * processing other items and then walk into the first extent in
8894 +- * the inode. If we don't hit an extent then nothing changes,
8895 +- * we'll do the last search the next time around.
8896 +- */
8897 +- if (ins_keys[i].type == BTRFS_EXTENT_DATA_KEY) {
8898 +- has_extents = true;
8899 +- if (first_key.objectid == (u64)-1)
8900 +- first_key = ins_keys[i];
8901 +- } else {
8902 +- need_find_last_extent = false;
8903 +- }
8904 +-
8905 + /* take a reference on file data extents so that truncates
8906 + * or deletes of this inode don't have to relog the inode
8907 + * again
8908 +@@ -4100,167 +4077,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
8909 + kfree(sums);
8910 + }
8911 +
8912 +- if (!has_extents)
8913 +- return ret;
8914 +-
8915 +- if (need_find_last_extent && *last_extent == first_key.offset) {
8916 +- /*
8917 +- * We don't have any leafs between our current one and the one
8918 +- * we processed before that can have file extent items for our
8919 +- * inode (and have a generation number smaller than our current
8920 +- * transaction id).
8921 +- */
8922 +- need_find_last_extent = false;
8923 +- }
8924 +-
8925 +- /*
8926 +- * Because we use btrfs_search_forward we could skip leaves that were
8927 +- * not modified and then assume *last_extent is valid when it really
8928 +- * isn't. So back up to the previous leaf and read the end of the last
8929 +- * extent before we go and fill in holes.
8930 +- */
8931 +- if (need_find_last_extent) {
8932 +- u64 len;
8933 +-
8934 +- ret = btrfs_prev_leaf(inode->root, src_path);
8935 +- if (ret < 0)
8936 +- return ret;
8937 +- if (ret)
8938 +- goto fill_holes;
8939 +- if (src_path->slots[0])
8940 +- src_path->slots[0]--;
8941 +- src = src_path->nodes[0];
8942 +- btrfs_item_key_to_cpu(src, &key, src_path->slots[0]);
8943 +- if (key.objectid != btrfs_ino(inode) ||
8944 +- key.type != BTRFS_EXTENT_DATA_KEY)
8945 +- goto fill_holes;
8946 +- extent = btrfs_item_ptr(src, src_path->slots[0],
8947 +- struct btrfs_file_extent_item);
8948 +- if (btrfs_file_extent_type(src, extent) ==
8949 +- BTRFS_FILE_EXTENT_INLINE) {
8950 +- len = btrfs_file_extent_ram_bytes(src, extent);
8951 +- *last_extent = ALIGN(key.offset + len,
8952 +- fs_info->sectorsize);
8953 +- } else {
8954 +- len = btrfs_file_extent_num_bytes(src, extent);
8955 +- *last_extent = key.offset + len;
8956 +- }
8957 +- }
8958 +-fill_holes:
8959 +- /* So we did prev_leaf, now we need to move to the next leaf, but a few
8960 +- * things could have happened
8961 +- *
8962 +- * 1) A merge could have happened, so we could currently be on a leaf
8963 +- * that holds what we were copying in the first place.
8964 +- * 2) A split could have happened, and now not all of the items we want
8965 +- * are on the same leaf.
8966 +- *
8967 +- * So we need to adjust how we search for holes, we need to drop the
8968 +- * path and re-search for the first extent key we found, and then walk
8969 +- * forward until we hit the last one we copied.
8970 +- */
8971 +- if (need_find_last_extent) {
8972 +- /* btrfs_prev_leaf could return 1 without releasing the path */
8973 +- btrfs_release_path(src_path);
8974 +- ret = btrfs_search_slot(NULL, inode->root, &first_key,
8975 +- src_path, 0, 0);
8976 +- if (ret < 0)
8977 +- return ret;
8978 +- ASSERT(ret == 0);
8979 +- src = src_path->nodes[0];
8980 +- i = src_path->slots[0];
8981 +- } else {
8982 +- i = start_slot;
8983 +- }
8984 +-
8985 +- /*
8986 +- * Ok so here we need to go through and fill in any holes we may have
8987 +- * to make sure that holes are punched for those areas in case they had
8988 +- * extents previously.
8989 +- */
8990 +- while (!done) {
8991 +- u64 offset, len;
8992 +- u64 extent_end;
8993 +-
8994 +- if (i >= btrfs_header_nritems(src_path->nodes[0])) {
8995 +- ret = btrfs_next_leaf(inode->root, src_path);
8996 +- if (ret < 0)
8997 +- return ret;
8998 +- ASSERT(ret == 0);
8999 +- src = src_path->nodes[0];
9000 +- i = 0;
9001 +- need_find_last_extent = true;
9002 +- }
9003 +-
9004 +- btrfs_item_key_to_cpu(src, &key, i);
9005 +- if (!btrfs_comp_cpu_keys(&key, &last_key))
9006 +- done = true;
9007 +- if (key.objectid != btrfs_ino(inode) ||
9008 +- key.type != BTRFS_EXTENT_DATA_KEY) {
9009 +- i++;
9010 +- continue;
9011 +- }
9012 +- extent = btrfs_item_ptr(src, i, struct btrfs_file_extent_item);
9013 +- if (btrfs_file_extent_type(src, extent) ==
9014 +- BTRFS_FILE_EXTENT_INLINE) {
9015 +- len = btrfs_file_extent_ram_bytes(src, extent);
9016 +- extent_end = ALIGN(key.offset + len,
9017 +- fs_info->sectorsize);
9018 +- } else {
9019 +- len = btrfs_file_extent_num_bytes(src, extent);
9020 +- extent_end = key.offset + len;
9021 +- }
9022 +- i++;
9023 +-
9024 +- if (*last_extent == key.offset) {
9025 +- *last_extent = extent_end;
9026 +- continue;
9027 +- }
9028 +- offset = *last_extent;
9029 +- len = key.offset - *last_extent;
9030 +- ret = btrfs_insert_file_extent(trans, log, btrfs_ino(inode),
9031 +- offset, 0, 0, len, 0, len, 0, 0, 0);
9032 +- if (ret)
9033 +- break;
9034 +- *last_extent = extent_end;
9035 +- }
9036 +-
9037 +- /*
9038 +- * Check if there is a hole between the last extent found in our leaf
9039 +- * and the first extent in the next leaf. If there is one, we need to
9040 +- * log an explicit hole so that at replay time we can punch the hole.
9041 +- */
9042 +- if (ret == 0 &&
9043 +- key.objectid == btrfs_ino(inode) &&
9044 +- key.type == BTRFS_EXTENT_DATA_KEY &&
9045 +- i == btrfs_header_nritems(src_path->nodes[0])) {
9046 +- ret = btrfs_next_leaf(inode->root, src_path);
9047 +- need_find_last_extent = true;
9048 +- if (ret > 0) {
9049 +- ret = 0;
9050 +- } else if (ret == 0) {
9051 +- btrfs_item_key_to_cpu(src_path->nodes[0], &key,
9052 +- src_path->slots[0]);
9053 +- if (key.objectid == btrfs_ino(inode) &&
9054 +- key.type == BTRFS_EXTENT_DATA_KEY &&
9055 +- *last_extent < key.offset) {
9056 +- const u64 len = key.offset - *last_extent;
9057 +-
9058 +- ret = btrfs_insert_file_extent(trans, log,
9059 +- btrfs_ino(inode),
9060 +- *last_extent, 0,
9061 +- 0, len, 0, len,
9062 +- 0, 0, 0);
9063 +- *last_extent += len;
9064 +- }
9065 +- }
9066 +- }
9067 +- /*
9068 +- * Need to let the callers know we dropped the path so they should
9069 +- * re-search.
9070 +- */
9071 +- if (!ret && need_find_last_extent)
9072 +- ret = 1;
9073 + return ret;
9074 + }
9075 +
9076 +@@ -4425,7 +4241,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
9077 + const u64 i_size = i_size_read(&inode->vfs_inode);
9078 + const u64 ino = btrfs_ino(inode);
9079 + struct btrfs_path *dst_path = NULL;
9080 +- u64 last_extent = (u64)-1;
9081 ++ bool dropped_extents = false;
9082 + int ins_nr = 0;
9083 + int start_slot;
9084 + int ret;
9085 +@@ -4447,8 +4263,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
9086 + if (slot >= btrfs_header_nritems(leaf)) {
9087 + if (ins_nr > 0) {
9088 + ret = copy_items(trans, inode, dst_path, path,
9089 +- &last_extent, start_slot,
9090 +- ins_nr, 1, 0);
9091 ++ start_slot, ins_nr, 1, 0);
9092 + if (ret < 0)
9093 + goto out;
9094 + ins_nr = 0;
9095 +@@ -4472,8 +4287,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
9096 + path->slots[0]++;
9097 + continue;
9098 + }
9099 +- if (last_extent == (u64)-1) {
9100 +- last_extent = key.offset;
9101 ++ if (!dropped_extents) {
9102 + /*
9103 + * Avoid logging extent items logged in past fsync calls
9104 + * and leading to duplicate keys in the log tree.
9105 +@@ -4487,6 +4301,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
9106 + } while (ret == -EAGAIN);
9107 + if (ret)
9108 + goto out;
9109 ++ dropped_extents = true;
9110 + }
9111 + if (ins_nr == 0)
9112 + start_slot = slot;
9113 +@@ -4501,7 +4316,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
9114 + }
9115 + }
9116 + if (ins_nr > 0) {
9117 +- ret = copy_items(trans, inode, dst_path, path, &last_extent,
9118 ++ ret = copy_items(trans, inode, dst_path, path,
9119 + start_slot, ins_nr, 1, 0);
9120 + if (ret > 0)
9121 + ret = 0;
9122 +@@ -4688,13 +4503,8 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans,
9123 +
9124 + if (slot >= nritems) {
9125 + if (ins_nr > 0) {
9126 +- u64 last_extent = 0;
9127 +-
9128 + ret = copy_items(trans, inode, dst_path, path,
9129 +- &last_extent, start_slot,
9130 +- ins_nr, 1, 0);
9131 +- /* can't be 1, extent items aren't processed */
9132 +- ASSERT(ret <= 0);
9133 ++ start_slot, ins_nr, 1, 0);
9134 + if (ret < 0)
9135 + return ret;
9136 + ins_nr = 0;
9137 +@@ -4718,13 +4528,8 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans,
9138 + cond_resched();
9139 + }
9140 + if (ins_nr > 0) {
9141 +- u64 last_extent = 0;
9142 +-
9143 + ret = copy_items(trans, inode, dst_path, path,
9144 +- &last_extent, start_slot,
9145 +- ins_nr, 1, 0);
9146 +- /* can't be 1, extent items aren't processed */
9147 +- ASSERT(ret <= 0);
9148 ++ start_slot, ins_nr, 1, 0);
9149 + if (ret < 0)
9150 + return ret;
9151 + }
9152 +@@ -4733,100 +4538,119 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans,
9153 + }
9154 +
9155 + /*
9156 +- * If the no holes feature is enabled we need to make sure any hole between the
9157 +- * last extent and the i_size of our inode is explicitly marked in the log. This
9158 +- * is to make sure that doing something like:
9159 +- *
9160 +- * 1) create file with 128Kb of data
9161 +- * 2) truncate file to 64Kb
9162 +- * 3) truncate file to 256Kb
9163 +- * 4) fsync file
9164 +- * 5) <crash/power failure>
9165 +- * 6) mount fs and trigger log replay
9166 +- *
9167 +- * Will give us a file with a size of 256Kb, the first 64Kb of data match what
9168 +- * the file had in its first 64Kb of data at step 1 and the last 192Kb of the
9169 +- * file correspond to a hole. The presence of explicit holes in a log tree is
9170 +- * what guarantees that log replay will remove/adjust file extent items in the
9171 +- * fs/subvol tree.
9172 +- *
9173 +- * Here we do not need to care about holes between extents, that is already done
9174 +- * by copy_items(). We also only need to do this in the full sync path, where we
9175 +- * lookup for extents from the fs/subvol tree only. In the fast path case, we
9176 +- * lookup the list of modified extent maps and if any represents a hole, we
9177 +- * insert a corresponding extent representing a hole in the log tree.
9178 ++ * When using the NO_HOLES feature if we punched a hole that causes the
9179 ++ * deletion of entire leafs or all the extent items of the first leaf (the one
9180 ++ * that contains the inode item and references) we may end up not processing
9181 ++ * any extents, because there are no leafs with a generation matching the
9182 ++ * current transaction that have extent items for our inode. So we need to find
9183 ++ * if any holes exist and then log them. We also need to log holes after any
9184 ++ * truncate operation that changes the inode's size.
9185 + */
9186 +-static int btrfs_log_trailing_hole(struct btrfs_trans_handle *trans,
9187 +- struct btrfs_root *root,
9188 +- struct btrfs_inode *inode,
9189 +- struct btrfs_path *path)
9190 ++static int btrfs_log_holes(struct btrfs_trans_handle *trans,
9191 ++ struct btrfs_root *root,
9192 ++ struct btrfs_inode *inode,
9193 ++ struct btrfs_path *path)
9194 + {
9195 + struct btrfs_fs_info *fs_info = root->fs_info;
9196 +- int ret;
9197 + struct btrfs_key key;
9198 +- u64 hole_start;
9199 +- u64 hole_size;
9200 +- struct extent_buffer *leaf;
9201 +- struct btrfs_root *log = root->log_root;
9202 + const u64 ino = btrfs_ino(inode);
9203 + const u64 i_size = i_size_read(&inode->vfs_inode);
9204 ++ u64 prev_extent_end = 0;
9205 ++ int ret;
9206 +
9207 +- if (!btrfs_fs_incompat(fs_info, NO_HOLES))
9208 ++ if (!btrfs_fs_incompat(fs_info, NO_HOLES) || i_size == 0)
9209 + return 0;
9210 +
9211 + key.objectid = ino;
9212 + key.type = BTRFS_EXTENT_DATA_KEY;
9213 +- key.offset = (u64)-1;
9214 ++ key.offset = 0;
9215 +
9216 + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
9217 +- ASSERT(ret != 0);
9218 + if (ret < 0)
9219 + return ret;
9220 +
9221 +- ASSERT(path->slots[0] > 0);
9222 +- path->slots[0]--;
9223 +- leaf = path->nodes[0];
9224 +- btrfs_item_key_to_cpu(leaf, &key, path->slots[0]);
9225 +-
9226 +- if (key.objectid != ino || key.type != BTRFS_EXTENT_DATA_KEY) {
9227 +- /* inode does not have any extents */
9228 +- hole_start = 0;
9229 +- hole_size = i_size;
9230 +- } else {
9231 ++ while (true) {
9232 + struct btrfs_file_extent_item *extent;
9233 ++ struct extent_buffer *leaf = path->nodes[0];
9234 + u64 len;
9235 +
9236 +- /*
9237 +- * If there's an extent beyond i_size, an explicit hole was
9238 +- * already inserted by copy_items().
9239 +- */
9240 +- if (key.offset >= i_size)
9241 +- return 0;
9242 ++ if (path->slots[0] >= btrfs_header_nritems(path->nodes[0])) {
9243 ++ ret = btrfs_next_leaf(root, path);
9244 ++ if (ret < 0)
9245 ++ return ret;
9246 ++ if (ret > 0) {
9247 ++ ret = 0;
9248 ++ break;
9249 ++ }
9250 ++ leaf = path->nodes[0];
9251 ++ }
9252 ++
9253 ++ btrfs_item_key_to_cpu(leaf, &key, path->slots[0]);
9254 ++ if (key.objectid != ino || key.type != BTRFS_EXTENT_DATA_KEY)
9255 ++ break;
9256 ++
9257 ++ /* We have a hole, log it. */
9258 ++ if (prev_extent_end < key.offset) {
9259 ++ const u64 hole_len = key.offset - prev_extent_end;
9260 ++
9261 ++ /*
9262 ++ * Release the path to avoid deadlocks with other code
9263 ++ * paths that search the root while holding locks on
9264 ++ * leafs from the log root.
9265 ++ */
9266 ++ btrfs_release_path(path);
9267 ++ ret = btrfs_insert_file_extent(trans, root->log_root,
9268 ++ ino, prev_extent_end, 0,
9269 ++ 0, hole_len, 0, hole_len,
9270 ++ 0, 0, 0);
9271 ++ if (ret < 0)
9272 ++ return ret;
9273 ++
9274 ++ /*
9275 ++ * Search for the same key again in the root. Since it's
9276 ++ * an extent item and we are holding the inode lock, the
9277 ++ * key must still exist. If it doesn't just emit warning
9278 ++ * and return an error to fall back to a transaction
9279 ++ * commit.
9280 ++ */
9281 ++ ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
9282 ++ if (ret < 0)
9283 ++ return ret;
9284 ++ if (WARN_ON(ret > 0))
9285 ++ return -ENOENT;
9286 ++ leaf = path->nodes[0];
9287 ++ }
9288 +
9289 + extent = btrfs_item_ptr(leaf, path->slots[0],
9290 + struct btrfs_file_extent_item);
9291 +-
9292 + if (btrfs_file_extent_type(leaf, extent) ==
9293 +- BTRFS_FILE_EXTENT_INLINE)
9294 +- return 0;
9295 ++ BTRFS_FILE_EXTENT_INLINE) {
9296 ++ len = btrfs_file_extent_ram_bytes(leaf, extent);
9297 ++ prev_extent_end = ALIGN(key.offset + len,
9298 ++ fs_info->sectorsize);
9299 ++ } else {
9300 ++ len = btrfs_file_extent_num_bytes(leaf, extent);
9301 ++ prev_extent_end = key.offset + len;
9302 ++ }
9303 +
9304 +- len = btrfs_file_extent_num_bytes(leaf, extent);
9305 +- /* Last extent goes beyond i_size, no need to log a hole. */
9306 +- if (key.offset + len > i_size)
9307 +- return 0;
9308 +- hole_start = key.offset + len;
9309 +- hole_size = i_size - hole_start;
9310 ++ path->slots[0]++;
9311 ++ cond_resched();
9312 + }
9313 +- btrfs_release_path(path);
9314 +
9315 +- /* Last extent ends at i_size. */
9316 +- if (hole_size == 0)
9317 +- return 0;
9318 ++ if (prev_extent_end < i_size) {
9319 ++ u64 hole_len;
9320 +
9321 +- hole_size = ALIGN(hole_size, fs_info->sectorsize);
9322 +- ret = btrfs_insert_file_extent(trans, log, ino, hole_start, 0, 0,
9323 +- hole_size, 0, hole_size, 0, 0, 0);
9324 +- return ret;
9325 ++ btrfs_release_path(path);
9326 ++ hole_len = ALIGN(i_size - prev_extent_end, fs_info->sectorsize);
9327 ++ ret = btrfs_insert_file_extent(trans, root->log_root,
9328 ++ ino, prev_extent_end, 0, 0,
9329 ++ hole_len, 0, hole_len,
9330 ++ 0, 0, 0);
9331 ++ if (ret < 0)
9332 ++ return ret;
9333 ++ }
9334 ++
9335 ++ return 0;
9336 + }
9337 +
9338 + /*
9339 +@@ -5030,6 +4854,50 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans,
9340 + }
9341 + continue;
9342 + }
9343 ++ /*
9344 ++ * If the inode was already logged skip it - otherwise we can
9345 ++ * hit an infinite loop. Example:
9346 ++ *
9347 ++ * From the commit root (previous transaction) we have the
9348 ++ * following inodes:
9349 ++ *
9350 ++ * inode 257 a directory
9351 ++ * inode 258 with references "zz" and "zz_link" on inode 257
9352 ++ * inode 259 with reference "a" on inode 257
9353 ++ *
9354 ++ * And in the current (uncommitted) transaction we have:
9355 ++ *
9356 ++ * inode 257 a directory, unchanged
9357 ++ * inode 258 with references "a" and "a2" on inode 257
9358 ++ * inode 259 with reference "zz_link" on inode 257
9359 ++ * inode 261 with reference "zz" on inode 257
9360 ++ *
9361 ++ * When logging inode 261 the following infinite loop could
9362 ++ * happen if we don't skip already logged inodes:
9363 ++ *
9364 ++ * - we detect inode 258 as a conflicting inode, with inode 261
9365 ++ * on reference "zz", and log it;
9366 ++ *
9367 ++ * - we detect inode 259 as a conflicting inode, with inode 258
9368 ++ * on reference "a", and log it;
9369 ++ *
9370 ++ * - we detect inode 258 as a conflicting inode, with inode 259
9371 ++ * on reference "zz_link", and log it - again! After this we
9372 ++ * repeat the above steps forever.
9373 ++ */
9374 ++ spin_lock(&BTRFS_I(inode)->lock);
9375 ++ /*
9376 ++ * Check the inode's logged_trans only instead of
9377 ++ * btrfs_inode_in_log(). This is because the last_log_commit of
9378 ++ * the inode is not updated when we only log that it exists and
9379 ++ * and it has the full sync bit set (see btrfs_log_inode()).
9380 ++ */
9381 ++ if (BTRFS_I(inode)->logged_trans == trans->transid) {
9382 ++ spin_unlock(&BTRFS_I(inode)->lock);
9383 ++ btrfs_add_delayed_iput(inode);
9384 ++ continue;
9385 ++ }
9386 ++ spin_unlock(&BTRFS_I(inode)->lock);
9387 + /*
9388 + * We are safe logging the other inode without acquiring its
9389 + * lock as long as we log with the LOG_INODE_EXISTS mode. We
9390 +@@ -5129,7 +4997,6 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans,
9391 + struct btrfs_key min_key;
9392 + struct btrfs_key max_key;
9393 + struct btrfs_root *log = root->log_root;
9394 +- u64 last_extent = 0;
9395 + int err = 0;
9396 + int ret;
9397 + int nritems;
9398 +@@ -5307,7 +5174,7 @@ again:
9399 + ins_start_slot = path->slots[0];
9400 + }
9401 + ret = copy_items(trans, inode, dst_path, path,
9402 +- &last_extent, ins_start_slot,
9403 ++ ins_start_slot,
9404 + ins_nr, inode_only,
9405 + logged_isize);
9406 + if (ret < 0) {
9407 +@@ -5330,17 +5197,13 @@ again:
9408 + if (ins_nr == 0)
9409 + goto next_slot;
9410 + ret = copy_items(trans, inode, dst_path, path,
9411 +- &last_extent, ins_start_slot,
9412 ++ ins_start_slot,
9413 + ins_nr, inode_only, logged_isize);
9414 + if (ret < 0) {
9415 + err = ret;
9416 + goto out_unlock;
9417 + }
9418 + ins_nr = 0;
9419 +- if (ret) {
9420 +- btrfs_release_path(path);
9421 +- continue;
9422 +- }
9423 + goto next_slot;
9424 + }
9425 +
9426 +@@ -5353,18 +5216,13 @@ again:
9427 + goto next_slot;
9428 + }
9429 +
9430 +- ret = copy_items(trans, inode, dst_path, path, &last_extent,
9431 ++ ret = copy_items(trans, inode, dst_path, path,
9432 + ins_start_slot, ins_nr, inode_only,
9433 + logged_isize);
9434 + if (ret < 0) {
9435 + err = ret;
9436 + goto out_unlock;
9437 + }
9438 +- if (ret) {
9439 +- ins_nr = 0;
9440 +- btrfs_release_path(path);
9441 +- continue;
9442 +- }
9443 + ins_nr = 1;
9444 + ins_start_slot = path->slots[0];
9445 + next_slot:
9446 +@@ -5378,13 +5236,12 @@ next_slot:
9447 + }
9448 + if (ins_nr) {
9449 + ret = copy_items(trans, inode, dst_path, path,
9450 +- &last_extent, ins_start_slot,
9451 ++ ins_start_slot,
9452 + ins_nr, inode_only, logged_isize);
9453 + if (ret < 0) {
9454 + err = ret;
9455 + goto out_unlock;
9456 + }
9457 +- ret = 0;
9458 + ins_nr = 0;
9459 + }
9460 + btrfs_release_path(path);
9461 +@@ -5399,14 +5256,13 @@ next_key:
9462 + }
9463 + }
9464 + if (ins_nr) {
9465 +- ret = copy_items(trans, inode, dst_path, path, &last_extent,
9466 ++ ret = copy_items(trans, inode, dst_path, path,
9467 + ins_start_slot, ins_nr, inode_only,
9468 + logged_isize);
9469 + if (ret < 0) {
9470 + err = ret;
9471 + goto out_unlock;
9472 + }
9473 +- ret = 0;
9474 + ins_nr = 0;
9475 + }
9476 +
9477 +@@ -5419,7 +5275,7 @@ next_key:
9478 + if (max_key.type >= BTRFS_EXTENT_DATA_KEY && !fast_search) {
9479 + btrfs_release_path(path);
9480 + btrfs_release_path(dst_path);
9481 +- err = btrfs_log_trailing_hole(trans, root, inode, path);
9482 ++ err = btrfs_log_holes(trans, root, inode, path);
9483 + if (err)
9484 + goto out_unlock;
9485 + }
9486 +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
9487 +index 97f1ba7c18b2..f7d9fc1a6fc2 100644
9488 +--- a/fs/btrfs/volumes.c
9489 ++++ b/fs/btrfs/volumes.c
9490 +@@ -881,17 +881,28 @@ static struct btrfs_fs_devices *find_fsid_changed(
9491 + /*
9492 + * Handles the case where scanned device is part of an fs that had
9493 + * multiple successful changes of FSID but curently device didn't
9494 +- * observe it. Meaning our fsid will be different than theirs.
9495 ++ * observe it. Meaning our fsid will be different than theirs. We need
9496 ++ * to handle two subcases :
9497 ++ * 1 - The fs still continues to have different METADATA/FSID uuids.
9498 ++ * 2 - The fs is switched back to its original FSID (METADATA/FSID
9499 ++ * are equal).
9500 + */
9501 + list_for_each_entry(fs_devices, &fs_uuids, fs_list) {
9502 ++ /* Changed UUIDs */
9503 + if (memcmp(fs_devices->metadata_uuid, fs_devices->fsid,
9504 + BTRFS_FSID_SIZE) != 0 &&
9505 + memcmp(fs_devices->metadata_uuid, disk_super->metadata_uuid,
9506 + BTRFS_FSID_SIZE) == 0 &&
9507 + memcmp(fs_devices->fsid, disk_super->fsid,
9508 +- BTRFS_FSID_SIZE) != 0) {
9509 ++ BTRFS_FSID_SIZE) != 0)
9510 ++ return fs_devices;
9511 ++
9512 ++ /* Unchanged UUIDs */
9513 ++ if (memcmp(fs_devices->metadata_uuid, fs_devices->fsid,
9514 ++ BTRFS_FSID_SIZE) == 0 &&
9515 ++ memcmp(fs_devices->fsid, disk_super->metadata_uuid,
9516 ++ BTRFS_FSID_SIZE) == 0)
9517 + return fs_devices;
9518 +- }
9519 + }
9520 +
9521 + return NULL;
9522 +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
9523 +index e1cac715d19e..06d932ed097e 100644
9524 +--- a/fs/cifs/smb2pdu.c
9525 ++++ b/fs/cifs/smb2pdu.c
9526 +@@ -350,9 +350,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon)
9527 + }
9528 +
9529 + rc = cifs_negotiate_protocol(0, tcon->ses);
9530 +- if (!rc && tcon->ses->need_reconnect)
9531 ++ if (!rc && tcon->ses->need_reconnect) {
9532 + rc = cifs_setup_session(0, tcon->ses, nls_codepage);
9533 +-
9534 ++ if ((rc == -EACCES) && !tcon->retry) {
9535 ++ rc = -EHOSTDOWN;
9536 ++ mutex_unlock(&tcon->ses->session_mutex);
9537 ++ goto failed;
9538 ++ }
9539 ++ }
9540 + if (rc || !tcon->need_reconnect) {
9541 + mutex_unlock(&tcon->ses->session_mutex);
9542 + goto out;
9543 +@@ -397,6 +402,7 @@ out:
9544 + case SMB2_SET_INFO:
9545 + rc = -EAGAIN;
9546 + }
9547 ++failed:
9548 + unload_nls(nls_codepage);
9549 + return rc;
9550 + }
9551 +diff --git a/fs/configfs/inode.c b/fs/configfs/inode.c
9552 +index 680aba9c00d5..fd0b5dd68f9e 100644
9553 +--- a/fs/configfs/inode.c
9554 ++++ b/fs/configfs/inode.c
9555 +@@ -76,14 +76,11 @@ int configfs_setattr(struct dentry * dentry, struct iattr * iattr)
9556 + if (ia_valid & ATTR_GID)
9557 + sd_iattr->ia_gid = iattr->ia_gid;
9558 + if (ia_valid & ATTR_ATIME)
9559 +- sd_iattr->ia_atime = timestamp_truncate(iattr->ia_atime,
9560 +- inode);
9561 ++ sd_iattr->ia_atime = iattr->ia_atime;
9562 + if (ia_valid & ATTR_MTIME)
9563 +- sd_iattr->ia_mtime = timestamp_truncate(iattr->ia_mtime,
9564 +- inode);
9565 ++ sd_iattr->ia_mtime = iattr->ia_mtime;
9566 + if (ia_valid & ATTR_CTIME)
9567 +- sd_iattr->ia_ctime = timestamp_truncate(iattr->ia_ctime,
9568 +- inode);
9569 ++ sd_iattr->ia_ctime = iattr->ia_ctime;
9570 + if (ia_valid & ATTR_MODE) {
9571 + umode_t mode = iattr->ia_mode;
9572 +
9573 +diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
9574 +index c34fa7c61b43..4ee65b2b6247 100644
9575 +--- a/fs/crypto/keyring.c
9576 ++++ b/fs/crypto/keyring.c
9577 +@@ -664,9 +664,6 @@ static int check_for_busy_inodes(struct super_block *sb,
9578 + struct list_head *pos;
9579 + size_t busy_count = 0;
9580 + unsigned long ino;
9581 +- struct dentry *dentry;
9582 +- char _path[256];
9583 +- char *path = NULL;
9584 +
9585 + spin_lock(&mk->mk_decrypted_inodes_lock);
9586 +
9587 +@@ -685,22 +682,14 @@ static int check_for_busy_inodes(struct super_block *sb,
9588 + struct fscrypt_info,
9589 + ci_master_key_link)->ci_inode;
9590 + ino = inode->i_ino;
9591 +- dentry = d_find_alias(inode);
9592 + }
9593 + spin_unlock(&mk->mk_decrypted_inodes_lock);
9594 +
9595 +- if (dentry) {
9596 +- path = dentry_path(dentry, _path, sizeof(_path));
9597 +- dput(dentry);
9598 +- }
9599 +- if (IS_ERR_OR_NULL(path))
9600 +- path = "(unknown)";
9601 +-
9602 + fscrypt_warn(NULL,
9603 +- "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu (%s)",
9604 ++ "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu",
9605 + sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),
9606 + master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,
9607 +- ino, path);
9608 ++ ino);
9609 + return -EBUSY;
9610 + }
9611 +
9612 +diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c
9613 +index 19f89f9fb10c..23b74b8e8f96 100644
9614 +--- a/fs/erofs/decompressor.c
9615 ++++ b/fs/erofs/decompressor.c
9616 +@@ -306,24 +306,22 @@ static int z_erofs_shifted_transform(const struct z_erofs_decompress_req *rq,
9617 + }
9618 +
9619 + src = kmap_atomic(*rq->in);
9620 +- if (!rq->out[0]) {
9621 +- dst = NULL;
9622 +- } else {
9623 ++ if (rq->out[0]) {
9624 + dst = kmap_atomic(rq->out[0]);
9625 + memcpy(dst + rq->pageofs_out, src, righthalf);
9626 ++ kunmap_atomic(dst);
9627 + }
9628 +
9629 +- if (rq->out[1] == *rq->in) {
9630 +- memmove(src, src + righthalf, rq->pageofs_out);
9631 +- } else if (nrpages_out == 2) {
9632 +- if (dst)
9633 +- kunmap_atomic(dst);
9634 ++ if (nrpages_out == 2) {
9635 + DBG_BUGON(!rq->out[1]);
9636 +- dst = kmap_atomic(rq->out[1]);
9637 +- memcpy(dst, src + righthalf, rq->pageofs_out);
9638 ++ if (rq->out[1] == *rq->in) {
9639 ++ memmove(src, src + righthalf, rq->pageofs_out);
9640 ++ } else {
9641 ++ dst = kmap_atomic(rq->out[1]);
9642 ++ memcpy(dst, src + righthalf, rq->pageofs_out);
9643 ++ kunmap_atomic(dst);
9644 ++ }
9645 + }
9646 +- if (dst)
9647 +- kunmap_atomic(dst);
9648 + kunmap_atomic(src);
9649 + return 0;
9650 + }
9651 +diff --git a/fs/eventfd.c b/fs/eventfd.c
9652 +index 8aa0ea8c55e8..78e41c7c3d05 100644
9653 +--- a/fs/eventfd.c
9654 ++++ b/fs/eventfd.c
9655 +@@ -24,6 +24,8 @@
9656 + #include <linux/seq_file.h>
9657 + #include <linux/idr.h>
9658 +
9659 ++DEFINE_PER_CPU(int, eventfd_wake_count);
9660 ++
9661 + static DEFINE_IDA(eventfd_ida);
9662 +
9663 + struct eventfd_ctx {
9664 +@@ -60,12 +62,25 @@ __u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n)
9665 + {
9666 + unsigned long flags;
9667 +
9668 ++ /*
9669 ++ * Deadlock or stack overflow issues can happen if we recurse here
9670 ++ * through waitqueue wakeup handlers. If the caller users potentially
9671 ++ * nested waitqueues with custom wakeup handlers, then it should
9672 ++ * check eventfd_signal_count() before calling this function. If
9673 ++ * it returns true, the eventfd_signal() call should be deferred to a
9674 ++ * safe context.
9675 ++ */
9676 ++ if (WARN_ON_ONCE(this_cpu_read(eventfd_wake_count)))
9677 ++ return 0;
9678 ++
9679 + spin_lock_irqsave(&ctx->wqh.lock, flags);
9680 ++ this_cpu_inc(eventfd_wake_count);
9681 + if (ULLONG_MAX - ctx->count < n)
9682 + n = ULLONG_MAX - ctx->count;
9683 + ctx->count += n;
9684 + if (waitqueue_active(&ctx->wqh))
9685 + wake_up_locked_poll(&ctx->wqh, EPOLLIN);
9686 ++ this_cpu_dec(eventfd_wake_count);
9687 + spin_unlock_irqrestore(&ctx->wqh.lock, flags);
9688 +
9689 + return n;
9690 +diff --git a/fs/ext2/super.c b/fs/ext2/super.c
9691 +index 30c630d73f0f..065cd2d1bdc6 100644
9692 +--- a/fs/ext2/super.c
9693 ++++ b/fs/ext2/super.c
9694 +@@ -1082,9 +1082,9 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
9695 +
9696 + if (EXT2_BLOCKS_PER_GROUP(sb) == 0)
9697 + goto cantfind_ext2;
9698 +- sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) -
9699 +- le32_to_cpu(es->s_first_data_block) - 1)
9700 +- / EXT2_BLOCKS_PER_GROUP(sb)) + 1;
9701 ++ sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) -
9702 ++ le32_to_cpu(es->s_first_data_block) - 1)
9703 ++ / EXT2_BLOCKS_PER_GROUP(sb)) + 1;
9704 + db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) /
9705 + EXT2_DESC_PER_BLOCK(sb);
9706 + sbi->s_group_desc = kmalloc_array (db_count,
9707 +diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
9708 +index 6305d5ec25af..5ef8d7ae231b 100644
9709 +--- a/fs/ext4/dir.c
9710 ++++ b/fs/ext4/dir.c
9711 +@@ -673,9 +673,11 @@ static int ext4_d_compare(const struct dentry *dentry, unsigned int len,
9712 + const char *str, const struct qstr *name)
9713 + {
9714 + struct qstr qstr = {.name = str, .len = len };
9715 +- struct inode *inode = dentry->d_parent->d_inode;
9716 ++ const struct dentry *parent = READ_ONCE(dentry->d_parent);
9717 ++ const struct inode *inode = READ_ONCE(parent->d_inode);
9718 +
9719 +- if (!IS_CASEFOLDED(inode) || !EXT4_SB(inode->i_sb)->s_encoding) {
9720 ++ if (!inode || !IS_CASEFOLDED(inode) ||
9721 ++ !EXT4_SB(inode->i_sb)->s_encoding) {
9722 + if (len != name->len)
9723 + return -1;
9724 + return memcmp(str, name->name, len);
9725 +@@ -688,10 +690,11 @@ static int ext4_d_hash(const struct dentry *dentry, struct qstr *str)
9726 + {
9727 + const struct ext4_sb_info *sbi = EXT4_SB(dentry->d_sb);
9728 + const struct unicode_map *um = sbi->s_encoding;
9729 ++ const struct inode *inode = READ_ONCE(dentry->d_inode);
9730 + unsigned char *norm;
9731 + int len, ret = 0;
9732 +
9733 +- if (!IS_CASEFOLDED(dentry->d_inode) || !um)
9734 ++ if (!inode || !IS_CASEFOLDED(inode) || !um)
9735 + return 0;
9736 +
9737 + norm = kmalloc(PATH_MAX, GFP_ATOMIC);
9738 +diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
9739 +index 12ceadef32c5..2cc9f2168b9e 100644
9740 +--- a/fs/ext4/page-io.c
9741 ++++ b/fs/ext4/page-io.c
9742 +@@ -478,17 +478,26 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
9743 + gfp_t gfp_flags = GFP_NOFS;
9744 + unsigned int enc_bytes = round_up(len, i_blocksize(inode));
9745 +
9746 ++ /*
9747 ++ * Since bounce page allocation uses a mempool, we can only use
9748 ++ * a waiting mask (i.e. request guaranteed allocation) on the
9749 ++ * first page of the bio. Otherwise it can deadlock.
9750 ++ */
9751 ++ if (io->io_bio)
9752 ++ gfp_flags = GFP_NOWAIT | __GFP_NOWARN;
9753 + retry_encrypt:
9754 + bounce_page = fscrypt_encrypt_pagecache_blocks(page, enc_bytes,
9755 + 0, gfp_flags);
9756 + if (IS_ERR(bounce_page)) {
9757 + ret = PTR_ERR(bounce_page);
9758 +- if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
9759 +- if (io->io_bio) {
9760 ++ if (ret == -ENOMEM &&
9761 ++ (io->io_bio || wbc->sync_mode == WB_SYNC_ALL)) {
9762 ++ gfp_flags = GFP_NOFS;
9763 ++ if (io->io_bio)
9764 + ext4_io_submit(io);
9765 +- congestion_wait(BLK_RW_ASYNC, HZ/50);
9766 +- }
9767 +- gfp_flags |= __GFP_NOFAIL;
9768 ++ else
9769 ++ gfp_flags |= __GFP_NOFAIL;
9770 ++ congestion_wait(BLK_RW_ASYNC, HZ/50);
9771 + goto retry_encrypt;
9772 + }
9773 + bounce_page = NULL;
9774 +diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
9775 +index 4033778bcbbf..84280ad3786c 100644
9776 +--- a/fs/f2fs/dir.c
9777 ++++ b/fs/f2fs/dir.c
9778 +@@ -1068,24 +1068,27 @@ static int f2fs_d_compare(const struct dentry *dentry, unsigned int len,
9779 + const char *str, const struct qstr *name)
9780 + {
9781 + struct qstr qstr = {.name = str, .len = len };
9782 ++ const struct dentry *parent = READ_ONCE(dentry->d_parent);
9783 ++ const struct inode *inode = READ_ONCE(parent->d_inode);
9784 +
9785 +- if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) {
9786 ++ if (!inode || !IS_CASEFOLDED(inode)) {
9787 + if (len != name->len)
9788 + return -1;
9789 +- return memcmp(str, name, len);
9790 ++ return memcmp(str, name->name, len);
9791 + }
9792 +
9793 +- return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false);
9794 ++ return f2fs_ci_compare(inode, name, &qstr, false);
9795 + }
9796 +
9797 + static int f2fs_d_hash(const struct dentry *dentry, struct qstr *str)
9798 + {
9799 + struct f2fs_sb_info *sbi = F2FS_SB(dentry->d_sb);
9800 + const struct unicode_map *um = sbi->s_encoding;
9801 ++ const struct inode *inode = READ_ONCE(dentry->d_inode);
9802 + unsigned char *norm;
9803 + int len, ret = 0;
9804 +
9805 +- if (!IS_CASEFOLDED(dentry->d_inode))
9806 ++ if (!inode || !IS_CASEFOLDED(inode))
9807 + return 0;
9808 +
9809 + norm = f2fs_kmalloc(sbi, PATH_MAX, GFP_ATOMIC);
9810 +diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
9811 +index fae665691481..72f308790a8e 100644
9812 +--- a/fs/f2fs/file.c
9813 ++++ b/fs/f2fs/file.c
9814 +@@ -751,18 +751,12 @@ static void __setattr_copy(struct inode *inode, const struct iattr *attr)
9815 + inode->i_uid = attr->ia_uid;
9816 + if (ia_valid & ATTR_GID)
9817 + inode->i_gid = attr->ia_gid;
9818 +- if (ia_valid & ATTR_ATIME) {
9819 +- inode->i_atime = timestamp_truncate(attr->ia_atime,
9820 +- inode);
9821 +- }
9822 +- if (ia_valid & ATTR_MTIME) {
9823 +- inode->i_mtime = timestamp_truncate(attr->ia_mtime,
9824 +- inode);
9825 +- }
9826 +- if (ia_valid & ATTR_CTIME) {
9827 +- inode->i_ctime = timestamp_truncate(attr->ia_ctime,
9828 +- inode);
9829 +- }
9830 ++ if (ia_valid & ATTR_ATIME)
9831 ++ inode->i_atime = attr->ia_atime;
9832 ++ if (ia_valid & ATTR_MTIME)
9833 ++ inode->i_mtime = attr->ia_mtime;
9834 ++ if (ia_valid & ATTR_CTIME)
9835 ++ inode->i_ctime = attr->ia_ctime;
9836 + if (ia_valid & ATTR_MODE) {
9837 + umode_t mode = attr->ia_mode;
9838 +
9839 +diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
9840 +index 1443cee15863..ea8dbf1458c9 100644
9841 +--- a/fs/f2fs/super.c
9842 ++++ b/fs/f2fs/super.c
9843 +@@ -1213,9 +1213,11 @@ static int f2fs_statfs_project(struct super_block *sb,
9844 + return PTR_ERR(dquot);
9845 + spin_lock(&dquot->dq_dqb_lock);
9846 +
9847 +- limit = (dquot->dq_dqb.dqb_bsoftlimit ?
9848 +- dquot->dq_dqb.dqb_bsoftlimit :
9849 +- dquot->dq_dqb.dqb_bhardlimit) >> sb->s_blocksize_bits;
9850 ++ limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit,
9851 ++ dquot->dq_dqb.dqb_bhardlimit);
9852 ++ if (limit)
9853 ++ limit >>= sb->s_blocksize_bits;
9854 ++
9855 + if (limit && buf->f_blocks > limit) {
9856 + curblock = dquot->dq_dqb.dqb_curspace >> sb->s_blocksize_bits;
9857 + buf->f_blocks = limit;
9858 +@@ -1224,9 +1226,9 @@ static int f2fs_statfs_project(struct super_block *sb,
9859 + (buf->f_blocks - curblock) : 0;
9860 + }
9861 +
9862 +- limit = dquot->dq_dqb.dqb_isoftlimit ?
9863 +- dquot->dq_dqb.dqb_isoftlimit :
9864 +- dquot->dq_dqb.dqb_ihardlimit;
9865 ++ limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit,
9866 ++ dquot->dq_dqb.dqb_ihardlimit);
9867 ++
9868 + if (limit && buf->f_files > limit) {
9869 + buf->f_files = limit;
9870 + buf->f_ffree =
9871 +diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
9872 +index 335607b8c5c0..76ac9c7d32ec 100644
9873 +--- a/fs/fs-writeback.c
9874 ++++ b/fs/fs-writeback.c
9875 +@@ -2063,7 +2063,7 @@ void wb_workfn(struct work_struct *work)
9876 + struct bdi_writeback, dwork);
9877 + long pages_written;
9878 +
9879 +- set_worker_desc("flush-%s", dev_name(wb->bdi->dev));
9880 ++ set_worker_desc("flush-%s", bdi_dev_name(wb->bdi));
9881 + current->flags |= PF_SWAPWRITE;
9882 +
9883 + if (likely(!current_is_workqueue_rescuer() ||
9884 +diff --git a/fs/fuse/file.c b/fs/fuse/file.c
9885 +index ce715380143c..695369f46f92 100644
9886 +--- a/fs/fuse/file.c
9887 ++++ b/fs/fuse/file.c
9888 +@@ -1465,6 +1465,7 @@ ssize_t fuse_direct_io(struct fuse_io_priv *io, struct iov_iter *iter,
9889 + }
9890 + ia = NULL;
9891 + if (nres < 0) {
9892 ++ iov_iter_revert(iter, nbytes);
9893 + err = nres;
9894 + break;
9895 + }
9896 +@@ -1473,8 +1474,10 @@ ssize_t fuse_direct_io(struct fuse_io_priv *io, struct iov_iter *iter,
9897 + count -= nres;
9898 + res += nres;
9899 + pos += nres;
9900 +- if (nres != nbytes)
9901 ++ if (nres != nbytes) {
9902 ++ iov_iter_revert(iter, nbytes - nres);
9903 + break;
9904 ++ }
9905 + if (count) {
9906 + max_pages = iov_iter_npages(iter, fc->max_pages);
9907 + ia = fuse_io_alloc(io, max_pages);
9908 +diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c
9909 +index 01ff37b76652..4a10b4e7092a 100644
9910 +--- a/fs/gfs2/file.c
9911 ++++ b/fs/gfs2/file.c
9912 +@@ -833,7 +833,7 @@ static ssize_t gfs2_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
9913 + struct file *file = iocb->ki_filp;
9914 + struct inode *inode = file_inode(file);
9915 + struct gfs2_inode *ip = GFS2_I(inode);
9916 +- ssize_t written = 0, ret;
9917 ++ ssize_t ret;
9918 +
9919 + ret = gfs2_rsqa_alloc(ip);
9920 + if (ret)
9921 +@@ -853,68 +853,58 @@ static ssize_t gfs2_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
9922 + inode_lock(inode);
9923 + ret = generic_write_checks(iocb, from);
9924 + if (ret <= 0)
9925 +- goto out;
9926 +-
9927 +- /* We can write back this queue in page reclaim */
9928 +- current->backing_dev_info = inode_to_bdi(inode);
9929 ++ goto out_unlock;
9930 +
9931 + ret = file_remove_privs(file);
9932 + if (ret)
9933 +- goto out2;
9934 ++ goto out_unlock;
9935 +
9936 + ret = file_update_time(file);
9937 + if (ret)
9938 +- goto out2;
9939 ++ goto out_unlock;
9940 +
9941 + if (iocb->ki_flags & IOCB_DIRECT) {
9942 + struct address_space *mapping = file->f_mapping;
9943 +- loff_t pos, endbyte;
9944 +- ssize_t buffered;
9945 ++ ssize_t buffered, ret2;
9946 +
9947 +- written = gfs2_file_direct_write(iocb, from);
9948 +- if (written < 0 || !iov_iter_count(from))
9949 +- goto out2;
9950 ++ ret = gfs2_file_direct_write(iocb, from);
9951 ++ if (ret < 0 || !iov_iter_count(from))
9952 ++ goto out_unlock;
9953 +
9954 +- ret = iomap_file_buffered_write(iocb, from, &gfs2_iomap_ops);
9955 +- if (unlikely(ret < 0))
9956 +- goto out2;
9957 +- buffered = ret;
9958 ++ iocb->ki_flags |= IOCB_DSYNC;
9959 ++ current->backing_dev_info = inode_to_bdi(inode);
9960 ++ buffered = iomap_file_buffered_write(iocb, from, &gfs2_iomap_ops);
9961 ++ current->backing_dev_info = NULL;
9962 ++ if (unlikely(buffered <= 0))
9963 ++ goto out_unlock;
9964 +
9965 + /*
9966 + * We need to ensure that the page cache pages are written to
9967 + * disk and invalidated to preserve the expected O_DIRECT
9968 +- * semantics.
9969 ++ * semantics. If the writeback or invalidate fails, only report
9970 ++ * the direct I/O range as we don't know if the buffered pages
9971 ++ * made it to disk.
9972 + */
9973 +- pos = iocb->ki_pos;
9974 +- endbyte = pos + buffered - 1;
9975 +- ret = filemap_write_and_wait_range(mapping, pos, endbyte);
9976 +- if (!ret) {
9977 +- iocb->ki_pos += buffered;
9978 +- written += buffered;
9979 +- invalidate_mapping_pages(mapping,
9980 +- pos >> PAGE_SHIFT,
9981 +- endbyte >> PAGE_SHIFT);
9982 +- } else {
9983 +- /*
9984 +- * We don't know how much we wrote, so just return
9985 +- * the number of bytes which were direct-written
9986 +- */
9987 +- }
9988 ++ iocb->ki_pos += buffered;
9989 ++ ret2 = generic_write_sync(iocb, buffered);
9990 ++ invalidate_mapping_pages(mapping,
9991 ++ (iocb->ki_pos - buffered) >> PAGE_SHIFT,
9992 ++ (iocb->ki_pos - 1) >> PAGE_SHIFT);
9993 ++ if (!ret || ret2 > 0)
9994 ++ ret += ret2;
9995 + } else {
9996 ++ current->backing_dev_info = inode_to_bdi(inode);
9997 + ret = iomap_file_buffered_write(iocb, from, &gfs2_iomap_ops);
9998 +- if (likely(ret > 0))
9999 ++ current->backing_dev_info = NULL;
10000 ++ if (likely(ret > 0)) {
10001 + iocb->ki_pos += ret;
10002 ++ ret = generic_write_sync(iocb, ret);
10003 ++ }
10004 + }
10005 +
10006 +-out2:
10007 +- current->backing_dev_info = NULL;
10008 +-out:
10009 ++out_unlock:
10010 + inode_unlock(inode);
10011 +- if (likely(ret > 0)) {
10012 +- /* Handle various SYNC-type writes */
10013 +- ret = generic_write_sync(iocb, ret);
10014 +- }
10015 +- return written ? written : ret;
10016 ++ return ret;
10017 + }
10018 +
10019 + static int fallocate_chunk(struct inode *inode, loff_t offset, loff_t len,
10020 +diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c
10021 +index e7b9d39955d4..7ca84be20cf6 100644
10022 +--- a/fs/gfs2/lops.c
10023 ++++ b/fs/gfs2/lops.c
10024 +@@ -421,7 +421,7 @@ static bool gfs2_jhead_pg_srch(struct gfs2_jdesc *jd,
10025 +
10026 + for (offset = 0; offset < PAGE_SIZE; offset += sdp->sd_sb.sb_bsize) {
10027 + if (!__get_log_header(sdp, kaddr + offset, 0, &lh)) {
10028 +- if (lh.lh_sequence > head->lh_sequence)
10029 ++ if (lh.lh_sequence >= head->lh_sequence)
10030 + *head = lh;
10031 + else {
10032 + ret = true;
10033 +diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
10034 +index 1c58859aa592..ef485f892d1b 100644
10035 +--- a/fs/jbd2/journal.c
10036 ++++ b/fs/jbd2/journal.c
10037 +@@ -981,6 +981,7 @@ static void *jbd2_seq_info_start(struct seq_file *seq, loff_t *pos)
10038 +
10039 + static void *jbd2_seq_info_next(struct seq_file *seq, void *v, loff_t *pos)
10040 + {
10041 ++ (*pos)++;
10042 + return NULL;
10043 + }
10044 +
10045 +diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
10046 +index e180033e35cf..05ed7be8a634 100644
10047 +--- a/fs/nfs/dir.c
10048 ++++ b/fs/nfs/dir.c
10049 +@@ -162,6 +162,17 @@ typedef struct {
10050 + bool eof;
10051 + } nfs_readdir_descriptor_t;
10052 +
10053 ++static
10054 ++void nfs_readdir_init_array(struct page *page)
10055 ++{
10056 ++ struct nfs_cache_array *array;
10057 ++
10058 ++ array = kmap_atomic(page);
10059 ++ memset(array, 0, sizeof(struct nfs_cache_array));
10060 ++ array->eof_index = -1;
10061 ++ kunmap_atomic(array);
10062 ++}
10063 ++
10064 + /*
10065 + * we are freeing strings created by nfs_add_to_readdir_array()
10066 + */
10067 +@@ -174,6 +185,7 @@ void nfs_readdir_clear_array(struct page *page)
10068 + array = kmap_atomic(page);
10069 + for (i = 0; i < array->size; i++)
10070 + kfree(array->array[i].string.name);
10071 ++ array->size = 0;
10072 + kunmap_atomic(array);
10073 + }
10074 +
10075 +@@ -610,6 +622,8 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
10076 + int status = -ENOMEM;
10077 + unsigned int array_size = ARRAY_SIZE(pages);
10078 +
10079 ++ nfs_readdir_init_array(page);
10080 ++
10081 + entry.prev_cookie = 0;
10082 + entry.cookie = desc->last_cookie;
10083 + entry.eof = 0;
10084 +@@ -626,8 +640,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
10085 + }
10086 +
10087 + array = kmap(page);
10088 +- memset(array, 0, sizeof(struct nfs_cache_array));
10089 +- array->eof_index = -1;
10090 +
10091 + status = nfs_readdir_alloc_pages(pages, array_size);
10092 + if (status < 0)
10093 +@@ -682,6 +694,7 @@ int nfs_readdir_filler(void *data, struct page* page)
10094 + unlock_page(page);
10095 + return 0;
10096 + error:
10097 ++ nfs_readdir_clear_array(page);
10098 + unlock_page(page);
10099 + return ret;
10100 + }
10101 +@@ -689,8 +702,6 @@ int nfs_readdir_filler(void *data, struct page* page)
10102 + static
10103 + void cache_page_release(nfs_readdir_descriptor_t *desc)
10104 + {
10105 +- if (!desc->page->mapping)
10106 +- nfs_readdir_clear_array(desc->page);
10107 + put_page(desc->page);
10108 + desc->page = NULL;
10109 + }
10110 +@@ -704,19 +715,28 @@ struct page *get_cache_page(nfs_readdir_descriptor_t *desc)
10111 +
10112 + /*
10113 + * Returns 0 if desc->dir_cookie was found on page desc->page_index
10114 ++ * and locks the page to prevent removal from the page cache.
10115 + */
10116 + static
10117 +-int find_cache_page(nfs_readdir_descriptor_t *desc)
10118 ++int find_and_lock_cache_page(nfs_readdir_descriptor_t *desc)
10119 + {
10120 + int res;
10121 +
10122 + desc->page = get_cache_page(desc);
10123 + if (IS_ERR(desc->page))
10124 + return PTR_ERR(desc->page);
10125 +-
10126 +- res = nfs_readdir_search_array(desc);
10127 ++ res = lock_page_killable(desc->page);
10128 + if (res != 0)
10129 +- cache_page_release(desc);
10130 ++ goto error;
10131 ++ res = -EAGAIN;
10132 ++ if (desc->page->mapping != NULL) {
10133 ++ res = nfs_readdir_search_array(desc);
10134 ++ if (res == 0)
10135 ++ return 0;
10136 ++ }
10137 ++ unlock_page(desc->page);
10138 ++error:
10139 ++ cache_page_release(desc);
10140 + return res;
10141 + }
10142 +
10143 +@@ -731,7 +751,7 @@ int readdir_search_pagecache(nfs_readdir_descriptor_t *desc)
10144 + desc->last_cookie = 0;
10145 + }
10146 + do {
10147 +- res = find_cache_page(desc);
10148 ++ res = find_and_lock_cache_page(desc);
10149 + } while (res == -EAGAIN);
10150 + return res;
10151 + }
10152 +@@ -770,7 +790,6 @@ int nfs_do_filldir(nfs_readdir_descriptor_t *desc)
10153 + desc->eof = true;
10154 +
10155 + kunmap(desc->page);
10156 +- cache_page_release(desc);
10157 + dfprintk(DIRCACHE, "NFS: nfs_do_filldir() filling ended @ cookie %Lu; returning = %d\n",
10158 + (unsigned long long)*desc->dir_cookie, res);
10159 + return res;
10160 +@@ -816,13 +835,13 @@ int uncached_readdir(nfs_readdir_descriptor_t *desc)
10161 +
10162 + status = nfs_do_filldir(desc);
10163 +
10164 ++ out_release:
10165 ++ nfs_readdir_clear_array(desc->page);
10166 ++ cache_page_release(desc);
10167 + out:
10168 + dfprintk(DIRCACHE, "NFS: %s: returns %d\n",
10169 + __func__, status);
10170 + return status;
10171 +- out_release:
10172 +- cache_page_release(desc);
10173 +- goto out;
10174 + }
10175 +
10176 + /* The file offset position represents the dirent entry number. A
10177 +@@ -887,6 +906,8 @@ static int nfs_readdir(struct file *file, struct dir_context *ctx)
10178 + break;
10179 +
10180 + res = nfs_do_filldir(desc);
10181 ++ unlock_page(desc->page);
10182 ++ cache_page_release(desc);
10183 + if (res < 0)
10184 + break;
10185 + } while (!desc->eof);
10186 +diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
10187 +index ef55e9b1cd4e..3007b8945d38 100644
10188 +--- a/fs/nfsd/filecache.c
10189 ++++ b/fs/nfsd/filecache.c
10190 +@@ -791,6 +791,7 @@ nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
10191 + struct nfsd_file *nf, *new;
10192 + struct inode *inode;
10193 + unsigned int hashval;
10194 ++ bool retry = true;
10195 +
10196 + /* FIXME: skip this if fh_dentry is already set? */
10197 + status = fh_verify(rqstp, fhp, S_IFREG,
10198 +@@ -826,6 +827,11 @@ wait_for_construction:
10199 +
10200 + /* Did construction of this file fail? */
10201 + if (!test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
10202 ++ if (!retry) {
10203 ++ status = nfserr_jukebox;
10204 ++ goto out;
10205 ++ }
10206 ++ retry = false;
10207 + nfsd_file_put_noref(nf);
10208 + goto retry;
10209 + }
10210 +diff --git a/fs/nfsd/nfs4layouts.c b/fs/nfsd/nfs4layouts.c
10211 +index 2681c70283ce..e12409eca7cc 100644
10212 +--- a/fs/nfsd/nfs4layouts.c
10213 ++++ b/fs/nfsd/nfs4layouts.c
10214 +@@ -675,7 +675,7 @@ nfsd4_cb_layout_done(struct nfsd4_callback *cb, struct rpc_task *task)
10215 +
10216 + /* Client gets 2 lease periods to return it */
10217 + cutoff = ktime_add_ns(task->tk_start,
10218 +- nn->nfsd4_lease * NSEC_PER_SEC * 2);
10219 ++ (u64)nn->nfsd4_lease * NSEC_PER_SEC * 2);
10220 +
10221 + if (ktime_before(now, cutoff)) {
10222 + rpc_delay(task, HZ/100); /* 10 mili-seconds */
10223 +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
10224 +index 08f6eb2b73f8..1c82d7dd54df 100644
10225 +--- a/fs/nfsd/nfs4state.c
10226 ++++ b/fs/nfsd/nfs4state.c
10227 +@@ -6550,7 +6550,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
10228 + }
10229 +
10230 + if (fl_flags & FL_SLEEP) {
10231 +- nbl->nbl_time = jiffies;
10232 ++ nbl->nbl_time = get_seconds();
10233 + spin_lock(&nn->blocked_locks_lock);
10234 + list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked);
10235 + list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
10236 +diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h
10237 +index 46f56afb6cb8..a080789b4d13 100644
10238 +--- a/fs/nfsd/state.h
10239 ++++ b/fs/nfsd/state.h
10240 +@@ -605,7 +605,7 @@ static inline bool nfsd4_stateid_generation_after(stateid_t *a, stateid_t *b)
10241 + struct nfsd4_blocked_lock {
10242 + struct list_head nbl_list;
10243 + struct list_head nbl_lru;
10244 +- unsigned long nbl_time;
10245 ++ time_t nbl_time;
10246 + struct file_lock nbl_lock;
10247 + struct knfsd_fh nbl_fh;
10248 + struct nfsd4_callback nbl_cb;
10249 +diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
10250 +index cf423fea0c6f..fc38b9fe4549 100644
10251 +--- a/fs/nfsd/vfs.c
10252 ++++ b/fs/nfsd/vfs.c
10253 +@@ -975,6 +975,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
10254 + host_err = vfs_iter_write(file, &iter, &pos, flags);
10255 + if (host_err < 0)
10256 + goto out_nfserr;
10257 ++ *cnt = host_err;
10258 + nfsdstats.io_write += *cnt;
10259 + fsnotify_modify(file);
10260 +
10261 +diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
10262 +index 6c7388430ad3..d4359a1df3d5 100644
10263 +--- a/fs/ntfs/inode.c
10264 ++++ b/fs/ntfs/inode.c
10265 +@@ -2899,18 +2899,12 @@ int ntfs_setattr(struct dentry *dentry, struct iattr *attr)
10266 + ia_valid |= ATTR_MTIME | ATTR_CTIME;
10267 + }
10268 + }
10269 +- if (ia_valid & ATTR_ATIME) {
10270 +- vi->i_atime = timestamp_truncate(attr->ia_atime,
10271 +- vi);
10272 +- }
10273 +- if (ia_valid & ATTR_MTIME) {
10274 +- vi->i_mtime = timestamp_truncate(attr->ia_mtime,
10275 +- vi);
10276 +- }
10277 +- if (ia_valid & ATTR_CTIME) {
10278 +- vi->i_ctime = timestamp_truncate(attr->ia_ctime,
10279 +- vi);
10280 +- }
10281 ++ if (ia_valid & ATTR_ATIME)
10282 ++ vi->i_atime = attr->ia_atime;
10283 ++ if (ia_valid & ATTR_MTIME)
10284 ++ vi->i_mtime = attr->ia_mtime;
10285 ++ if (ia_valid & ATTR_CTIME)
10286 ++ vi->i_ctime = attr->ia_ctime;
10287 + mark_inode_dirty(vi);
10288 + out:
10289 + return err;
10290 +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
10291 +index 9876db52913a..6cd5e4924e4d 100644
10292 +--- a/fs/ocfs2/file.c
10293 ++++ b/fs/ocfs2/file.c
10294 +@@ -2101,17 +2101,15 @@ static int ocfs2_is_io_unaligned(struct inode *inode, size_t count, loff_t pos)
10295 + static int ocfs2_inode_lock_for_extent_tree(struct inode *inode,
10296 + struct buffer_head **di_bh,
10297 + int meta_level,
10298 +- int overwrite_io,
10299 + int write_sem,
10300 + int wait)
10301 + {
10302 + int ret = 0;
10303 +
10304 + if (wait)
10305 +- ret = ocfs2_inode_lock(inode, NULL, meta_level);
10306 ++ ret = ocfs2_inode_lock(inode, di_bh, meta_level);
10307 + else
10308 +- ret = ocfs2_try_inode_lock(inode,
10309 +- overwrite_io ? NULL : di_bh, meta_level);
10310 ++ ret = ocfs2_try_inode_lock(inode, di_bh, meta_level);
10311 + if (ret < 0)
10312 + goto out;
10313 +
10314 +@@ -2136,6 +2134,7 @@ static int ocfs2_inode_lock_for_extent_tree(struct inode *inode,
10315 +
10316 + out_unlock:
10317 + brelse(*di_bh);
10318 ++ *di_bh = NULL;
10319 + ocfs2_inode_unlock(inode, meta_level);
10320 + out:
10321 + return ret;
10322 +@@ -2177,7 +2176,6 @@ static int ocfs2_prepare_inode_for_write(struct file *file,
10323 + ret = ocfs2_inode_lock_for_extent_tree(inode,
10324 + &di_bh,
10325 + meta_level,
10326 +- overwrite_io,
10327 + write_sem,
10328 + wait);
10329 + if (ret < 0) {
10330 +@@ -2233,13 +2231,13 @@ static int ocfs2_prepare_inode_for_write(struct file *file,
10331 + &di_bh,
10332 + meta_level,
10333 + write_sem);
10334 ++ meta_level = 1;
10335 ++ write_sem = 1;
10336 + ret = ocfs2_inode_lock_for_extent_tree(inode,
10337 + &di_bh,
10338 + meta_level,
10339 +- overwrite_io,
10340 +- 1,
10341 ++ write_sem,
10342 + wait);
10343 +- write_sem = 1;
10344 + if (ret < 0) {
10345 + if (ret != -EAGAIN)
10346 + mlog_errno(ret);
10347 +diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
10348 +index e235a635d9ec..15e4fa288475 100644
10349 +--- a/fs/overlayfs/file.c
10350 ++++ b/fs/overlayfs/file.c
10351 +@@ -146,7 +146,7 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence)
10352 + struct inode *inode = file_inode(file);
10353 + struct fd real;
10354 + const struct cred *old_cred;
10355 +- ssize_t ret;
10356 ++ loff_t ret;
10357 +
10358 + /*
10359 + * The two special cases below do not need to involve real fs,
10360 +diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c
10361 +index 47a91c9733a5..7255e6a5838f 100644
10362 +--- a/fs/overlayfs/readdir.c
10363 ++++ b/fs/overlayfs/readdir.c
10364 +@@ -504,7 +504,13 @@ get:
10365 + if (err)
10366 + goto fail;
10367 +
10368 +- WARN_ON_ONCE(dir->d_sb->s_dev != stat.dev);
10369 ++ /*
10370 ++ * Directory inode is always on overlay st_dev.
10371 ++ * Non-dir with ovl_same_dev() could be on pseudo st_dev in case
10372 ++ * of xino bits overflow.
10373 ++ */
10374 ++ WARN_ON_ONCE(S_ISDIR(stat.mode) &&
10375 ++ dir->d_sb->s_dev != stat.dev);
10376 + ino = stat.ino;
10377 + } else if (xinobits && !OVL_TYPE_UPPER(type)) {
10378 + ino = ovl_remap_lower_ino(ino, xinobits,
10379 +diff --git a/fs/read_write.c b/fs/read_write.c
10380 +index 5bbf587f5bc1..7458fccc59e1 100644
10381 +--- a/fs/read_write.c
10382 ++++ b/fs/read_write.c
10383 +@@ -1777,10 +1777,9 @@ static int remap_verify_area(struct file *file, loff_t pos, loff_t len,
10384 + * else. Assume that the offsets have already been checked for block
10385 + * alignment.
10386 + *
10387 +- * For deduplication we always scale down to the previous block because we
10388 +- * can't meaningfully compare post-EOF contents.
10389 +- *
10390 +- * For clone we only link a partial EOF block above the destination file's EOF.
10391 ++ * For clone we only link a partial EOF block above or at the destination file's
10392 ++ * EOF. For deduplication we accept a partial EOF block only if it ends at the
10393 ++ * destination file's EOF (can not link it into the middle of a file).
10394 + *
10395 + * Shorten the request if possible.
10396 + */
10397 +@@ -1796,8 +1795,7 @@ static int generic_remap_check_len(struct inode *inode_in,
10398 + if ((*len & blkmask) == 0)
10399 + return 0;
10400 +
10401 +- if ((remap_flags & REMAP_FILE_DEDUP) ||
10402 +- pos_out + *len < i_size_read(inode_out))
10403 ++ if (pos_out + *len < i_size_read(inode_out))
10404 + new_len &= ~blkmask;
10405 +
10406 + if (new_len == *len)
10407 +diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
10408 +index 0b98e3c8b461..6c0e19f7a21f 100644
10409 +--- a/fs/ubifs/dir.c
10410 ++++ b/fs/ubifs/dir.c
10411 +@@ -228,6 +228,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
10412 + if (nm.hash) {
10413 + ubifs_assert(c, fname_len(&nm) == 0);
10414 + ubifs_assert(c, fname_name(&nm) == NULL);
10415 ++ if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
10416 ++ goto done; /* ENOENT */
10417 + dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
10418 + err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
10419 + } else {
10420 +diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
10421 +index cd52585c8f4f..a771273fba7e 100644
10422 +--- a/fs/ubifs/file.c
10423 ++++ b/fs/ubifs/file.c
10424 +@@ -786,7 +786,9 @@ static int ubifs_do_bulk_read(struct ubifs_info *c, struct bu_info *bu,
10425 +
10426 + if (page_offset > end_index)
10427 + break;
10428 +- page = find_or_create_page(mapping, page_offset, ra_gfp_mask);
10429 ++ page = pagecache_get_page(mapping, page_offset,
10430 ++ FGP_LOCK|FGP_ACCESSED|FGP_CREAT|FGP_NOWAIT,
10431 ++ ra_gfp_mask);
10432 + if (!page)
10433 + break;
10434 + if (!PageUptodate(page))
10435 +@@ -1078,18 +1080,12 @@ static void do_attr_changes(struct inode *inode, const struct iattr *attr)
10436 + inode->i_uid = attr->ia_uid;
10437 + if (attr->ia_valid & ATTR_GID)
10438 + inode->i_gid = attr->ia_gid;
10439 +- if (attr->ia_valid & ATTR_ATIME) {
10440 +- inode->i_atime = timestamp_truncate(attr->ia_atime,
10441 +- inode);
10442 +- }
10443 +- if (attr->ia_valid & ATTR_MTIME) {
10444 +- inode->i_mtime = timestamp_truncate(attr->ia_mtime,
10445 +- inode);
10446 +- }
10447 +- if (attr->ia_valid & ATTR_CTIME) {
10448 +- inode->i_ctime = timestamp_truncate(attr->ia_ctime,
10449 +- inode);
10450 +- }
10451 ++ if (attr->ia_valid & ATTR_ATIME)
10452 ++ inode->i_atime = attr->ia_atime;
10453 ++ if (attr->ia_valid & ATTR_MTIME)
10454 ++ inode->i_mtime = attr->ia_mtime;
10455 ++ if (attr->ia_valid & ATTR_CTIME)
10456 ++ inode->i_ctime = attr->ia_ctime;
10457 + if (attr->ia_valid & ATTR_MODE) {
10458 + umode_t mode = attr->ia_mode;
10459 +
10460 +diff --git a/fs/ubifs/ioctl.c b/fs/ubifs/ioctl.c
10461 +index 5dc5abca11c7..eeb1be259888 100644
10462 +--- a/fs/ubifs/ioctl.c
10463 ++++ b/fs/ubifs/ioctl.c
10464 +@@ -113,7 +113,8 @@ static int setflags(struct inode *inode, int flags)
10465 + if (err)
10466 + goto out_unlock;
10467 +
10468 +- ui->flags = ioctl2ubifs(flags);
10469 ++ ui->flags &= ~ioctl2ubifs(UBIFS_SUPPORTED_IOCTL_FLAGS);
10470 ++ ui->flags |= ioctl2ubifs(flags);
10471 + ubifs_set_inode_flags(inode);
10472 + inode->i_ctime = current_time(inode);
10473 + release = ui->dirty;
10474 +diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c
10475 +index a551eb3e9b89..6681c18e52b8 100644
10476 +--- a/fs/ubifs/sb.c
10477 ++++ b/fs/ubifs/sb.c
10478 +@@ -161,7 +161,7 @@ static int create_default_filesystem(struct ubifs_info *c)
10479 + sup = kzalloc(ALIGN(UBIFS_SB_NODE_SZ, c->min_io_size), GFP_KERNEL);
10480 + mst = kzalloc(c->mst_node_alsz, GFP_KERNEL);
10481 + idx_node_size = ubifs_idx_node_sz(c, 1);
10482 +- idx = kzalloc(ALIGN(tmp, c->min_io_size), GFP_KERNEL);
10483 ++ idx = kzalloc(ALIGN(idx_node_size, c->min_io_size), GFP_KERNEL);
10484 + ino = kzalloc(ALIGN(UBIFS_INO_NODE_SZ, c->min_io_size), GFP_KERNEL);
10485 + cs = kzalloc(ALIGN(UBIFS_CS_NODE_SZ, c->min_io_size), GFP_KERNEL);
10486 +
10487 +diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
10488 +index 5e1e8ec0589e..7fc2f3f07c16 100644
10489 +--- a/fs/ubifs/super.c
10490 ++++ b/fs/ubifs/super.c
10491 +@@ -1599,6 +1599,7 @@ out_free:
10492 + vfree(c->ileb_buf);
10493 + vfree(c->sbuf);
10494 + kfree(c->bottom_up_buf);
10495 ++ kfree(c->sup_node);
10496 + ubifs_debugging_exit(c);
10497 + return err;
10498 + }
10499 +@@ -1641,6 +1642,7 @@ static void ubifs_umount(struct ubifs_info *c)
10500 + vfree(c->ileb_buf);
10501 + vfree(c->sbuf);
10502 + kfree(c->bottom_up_buf);
10503 ++ kfree(c->sup_node);
10504 + ubifs_debugging_exit(c);
10505 + }
10506 +
10507 +diff --git a/fs/utimes.c b/fs/utimes.c
10508 +index 1ba3f7883870..090739322463 100644
10509 +--- a/fs/utimes.c
10510 ++++ b/fs/utimes.c
10511 +@@ -36,14 +36,14 @@ static int utimes_common(const struct path *path, struct timespec64 *times)
10512 + if (times[0].tv_nsec == UTIME_OMIT)
10513 + newattrs.ia_valid &= ~ATTR_ATIME;
10514 + else if (times[0].tv_nsec != UTIME_NOW) {
10515 +- newattrs.ia_atime = timestamp_truncate(times[0], inode);
10516 ++ newattrs.ia_atime = times[0];
10517 + newattrs.ia_valid |= ATTR_ATIME_SET;
10518 + }
10519 +
10520 + if (times[1].tv_nsec == UTIME_OMIT)
10521 + newattrs.ia_valid &= ~ATTR_MTIME;
10522 + else if (times[1].tv_nsec != UTIME_NOW) {
10523 +- newattrs.ia_mtime = timestamp_truncate(times[1], inode);
10524 ++ newattrs.ia_mtime = times[1];
10525 + newattrs.ia_valid |= ATTR_MTIME_SET;
10526 + }
10527 + /*
10528 +diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
10529 +index 04c0644006fd..c716ea81e653 100644
10530 +--- a/include/asm-generic/tlb.h
10531 ++++ b/include/asm-generic/tlb.h
10532 +@@ -137,13 +137,6 @@
10533 + * When used, an architecture is expected to provide __tlb_remove_table()
10534 + * which does the actual freeing of these pages.
10535 + *
10536 +- * HAVE_RCU_TABLE_NO_INVALIDATE
10537 +- *
10538 +- * This makes HAVE_RCU_TABLE_FREE avoid calling tlb_flush_mmu_tlbonly() before
10539 +- * freeing the page-table pages. This can be avoided if you use
10540 +- * HAVE_RCU_TABLE_FREE and your architecture does _NOT_ use the Linux
10541 +- * page-tables natively.
10542 +- *
10543 + * MMU_GATHER_NO_RANGE
10544 + *
10545 + * Use this if your architecture lacks an efficient flush_tlb_range().
10546 +@@ -189,8 +182,23 @@ struct mmu_table_batch {
10547 +
10548 + extern void tlb_remove_table(struct mmu_gather *tlb, void *table);
10549 +
10550 ++/*
10551 ++ * This allows an architecture that does not use the linux page-tables for
10552 ++ * hardware to skip the TLBI when freeing page tables.
10553 ++ */
10554 ++#ifndef tlb_needs_table_invalidate
10555 ++#define tlb_needs_table_invalidate() (true)
10556 ++#endif
10557 ++
10558 ++#else
10559 ++
10560 ++#ifdef tlb_needs_table_invalidate
10561 ++#error tlb_needs_table_invalidate() requires HAVE_RCU_TABLE_FREE
10562 + #endif
10563 +
10564 ++#endif /* CONFIG_HAVE_RCU_TABLE_FREE */
10565 ++
10566 ++
10567 + #ifndef CONFIG_HAVE_MMU_GATHER_NO_GATHER
10568 + /*
10569 + * If we can't allocate a page to make a big batch of page pointers
10570 +diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
10571 +index 97967ce06de3..f88197c1ffc2 100644
10572 +--- a/include/linux/backing-dev.h
10573 ++++ b/include/linux/backing-dev.h
10574 +@@ -13,6 +13,7 @@
10575 + #include <linux/fs.h>
10576 + #include <linux/sched.h>
10577 + #include <linux/blkdev.h>
10578 ++#include <linux/device.h>
10579 + #include <linux/writeback.h>
10580 + #include <linux/blk-cgroup.h>
10581 + #include <linux/backing-dev-defs.h>
10582 +@@ -504,4 +505,13 @@ static inline int bdi_rw_congested(struct backing_dev_info *bdi)
10583 + (1 << WB_async_congested));
10584 + }
10585 +
10586 ++extern const char *bdi_unknown_name;
10587 ++
10588 ++static inline const char *bdi_dev_name(struct backing_dev_info *bdi)
10589 ++{
10590 ++ if (!bdi || !bdi->dev)
10591 ++ return bdi_unknown_name;
10592 ++ return dev_name(bdi->dev);
10593 ++}
10594 ++
10595 + #endif /* _LINUX_BACKING_DEV_H */
10596 +diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
10597 +index 31b1b0e03df8..018dce868de6 100644
10598 +--- a/include/linux/cpufreq.h
10599 ++++ b/include/linux/cpufreq.h
10600 +@@ -148,6 +148,20 @@ struct cpufreq_policy {
10601 + struct notifier_block nb_max;
10602 + };
10603 +
10604 ++/*
10605 ++ * Used for passing new cpufreq policy data to the cpufreq driver's ->verify()
10606 ++ * callback for sanitization. That callback is only expected to modify the min
10607 ++ * and max values, if necessary, and specifically it must not update the
10608 ++ * frequency table.
10609 ++ */
10610 ++struct cpufreq_policy_data {
10611 ++ struct cpufreq_cpuinfo cpuinfo;
10612 ++ struct cpufreq_frequency_table *freq_table;
10613 ++ unsigned int cpu;
10614 ++ unsigned int min; /* in kHz */
10615 ++ unsigned int max; /* in kHz */
10616 ++};
10617 ++
10618 + struct cpufreq_freqs {
10619 + struct cpufreq_policy *policy;
10620 + unsigned int old;
10621 +@@ -201,8 +215,6 @@ u64 get_cpu_idle_time(unsigned int cpu, u64 *wall, int io_busy);
10622 + struct cpufreq_policy *cpufreq_cpu_acquire(unsigned int cpu);
10623 + void cpufreq_cpu_release(struct cpufreq_policy *policy);
10624 + int cpufreq_get_policy(struct cpufreq_policy *policy, unsigned int cpu);
10625 +-int cpufreq_set_policy(struct cpufreq_policy *policy,
10626 +- struct cpufreq_policy *new_policy);
10627 + void refresh_frequency_limits(struct cpufreq_policy *policy);
10628 + void cpufreq_update_policy(unsigned int cpu);
10629 + void cpufreq_update_limits(unsigned int cpu);
10630 +@@ -284,7 +296,7 @@ struct cpufreq_driver {
10631 +
10632 + /* needed by all drivers */
10633 + int (*init)(struct cpufreq_policy *policy);
10634 +- int (*verify)(struct cpufreq_policy *policy);
10635 ++ int (*verify)(struct cpufreq_policy_data *policy);
10636 +
10637 + /* define one out of two */
10638 + int (*setpolicy)(struct cpufreq_policy *policy);
10639 +@@ -415,8 +427,9 @@ static inline int cpufreq_thermal_control_enabled(struct cpufreq_driver *drv)
10640 + (drv->flags & CPUFREQ_IS_COOLING_DEV);
10641 + }
10642 +
10643 +-static inline void cpufreq_verify_within_limits(struct cpufreq_policy *policy,
10644 +- unsigned int min, unsigned int max)
10645 ++static inline void cpufreq_verify_within_limits(struct cpufreq_policy_data *policy,
10646 ++ unsigned int min,
10647 ++ unsigned int max)
10648 + {
10649 + if (policy->min < min)
10650 + policy->min = min;
10651 +@@ -432,10 +445,10 @@ static inline void cpufreq_verify_within_limits(struct cpufreq_policy *policy,
10652 + }
10653 +
10654 + static inline void
10655 +-cpufreq_verify_within_cpu_limits(struct cpufreq_policy *policy)
10656 ++cpufreq_verify_within_cpu_limits(struct cpufreq_policy_data *policy)
10657 + {
10658 + cpufreq_verify_within_limits(policy, policy->cpuinfo.min_freq,
10659 +- policy->cpuinfo.max_freq);
10660 ++ policy->cpuinfo.max_freq);
10661 + }
10662 +
10663 + #ifdef CONFIG_CPU_FREQ
10664 +@@ -513,6 +526,7 @@ static inline unsigned long cpufreq_scale(unsigned long old, u_int div,
10665 + * CPUFREQ GOVERNORS *
10666 + *********************************************************************/
10667 +
10668 ++#define CPUFREQ_POLICY_UNKNOWN (0)
10669 + /*
10670 + * If (cpufreq_driver->target) exists, the ->governor decides what frequency
10671 + * within the limits is used. If (cpufreq_driver->setpolicy> exists, these
10672 +@@ -684,9 +698,9 @@ static inline void dev_pm_opp_free_cpufreq_table(struct device *dev,
10673 + int cpufreq_frequency_table_cpuinfo(struct cpufreq_policy *policy,
10674 + struct cpufreq_frequency_table *table);
10675 +
10676 +-int cpufreq_frequency_table_verify(struct cpufreq_policy *policy,
10677 ++int cpufreq_frequency_table_verify(struct cpufreq_policy_data *policy,
10678 + struct cpufreq_frequency_table *table);
10679 +-int cpufreq_generic_frequency_table_verify(struct cpufreq_policy *policy);
10680 ++int cpufreq_generic_frequency_table_verify(struct cpufreq_policy_data *policy);
10681 +
10682 + int cpufreq_table_index_unsorted(struct cpufreq_policy *policy,
10683 + unsigned int target_freq,
10684 +diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h
10685 +index ffcc7724ca21..dc4fd8a6644d 100644
10686 +--- a/include/linux/eventfd.h
10687 ++++ b/include/linux/eventfd.h
10688 +@@ -12,6 +12,8 @@
10689 + #include <linux/fcntl.h>
10690 + #include <linux/wait.h>
10691 + #include <linux/err.h>
10692 ++#include <linux/percpu-defs.h>
10693 ++#include <linux/percpu.h>
10694 +
10695 + /*
10696 + * CAREFUL: Check include/uapi/asm-generic/fcntl.h when defining
10697 +@@ -40,6 +42,13 @@ __u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n);
10698 + int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait,
10699 + __u64 *cnt);
10700 +
10701 ++DECLARE_PER_CPU(int, eventfd_wake_count);
10702 ++
10703 ++static inline bool eventfd_signal_count(void)
10704 ++{
10705 ++ return this_cpu_read(eventfd_wake_count);
10706 ++}
10707 ++
10708 + #else /* CONFIG_EVENTFD */
10709 +
10710 + /*
10711 +@@ -68,6 +77,11 @@ static inline int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx,
10712 + return -ENOSYS;
10713 + }
10714 +
10715 ++static inline bool eventfd_signal_count(void)
10716 ++{
10717 ++ return false;
10718 ++}
10719 ++
10720 + #endif
10721 +
10722 + #endif /* _LINUX_EVENTFD_H */
10723 +diff --git a/include/linux/irq.h b/include/linux/irq.h
10724 +index fb301cf29148..f8755e5fcd74 100644
10725 +--- a/include/linux/irq.h
10726 ++++ b/include/linux/irq.h
10727 +@@ -209,6 +209,8 @@ struct irq_data {
10728 + * IRQD_SINGLE_TARGET - IRQ allows only a single affinity target
10729 + * IRQD_DEFAULT_TRIGGER_SET - Expected trigger already been set
10730 + * IRQD_CAN_RESERVE - Can use reservation mode
10731 ++ * IRQD_MSI_NOMASK_QUIRK - Non-maskable MSI quirk for affinity change
10732 ++ * required
10733 + */
10734 + enum {
10735 + IRQD_TRIGGER_MASK = 0xf,
10736 +@@ -231,6 +233,7 @@ enum {
10737 + IRQD_SINGLE_TARGET = (1 << 24),
10738 + IRQD_DEFAULT_TRIGGER_SET = (1 << 25),
10739 + IRQD_CAN_RESERVE = (1 << 26),
10740 ++ IRQD_MSI_NOMASK_QUIRK = (1 << 27),
10741 + };
10742 +
10743 + #define __irqd_to_state(d) ACCESS_PRIVATE((d)->common, state_use_accessors)
10744 +@@ -390,6 +393,21 @@ static inline bool irqd_can_reserve(struct irq_data *d)
10745 + return __irqd_to_state(d) & IRQD_CAN_RESERVE;
10746 + }
10747 +
10748 ++static inline void irqd_set_msi_nomask_quirk(struct irq_data *d)
10749 ++{
10750 ++ __irqd_to_state(d) |= IRQD_MSI_NOMASK_QUIRK;
10751 ++}
10752 ++
10753 ++static inline void irqd_clr_msi_nomask_quirk(struct irq_data *d)
10754 ++{
10755 ++ __irqd_to_state(d) &= ~IRQD_MSI_NOMASK_QUIRK;
10756 ++}
10757 ++
10758 ++static inline bool irqd_msi_nomask_quirk(struct irq_data *d)
10759 ++{
10760 ++ return __irqd_to_state(d) & IRQD_MSI_NOMASK_QUIRK;
10761 ++}
10762 ++
10763 + #undef __irqd_to_state
10764 +
10765 + static inline irq_hw_number_t irqd_to_hwirq(struct irq_data *d)
10766 +diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
10767 +index 583e7abd07f9..aba5ada373d6 100644
10768 +--- a/include/linux/irqdomain.h
10769 ++++ b/include/linux/irqdomain.h
10770 +@@ -205,6 +205,13 @@ enum {
10771 + /* Irq domain implements MSI remapping */
10772 + IRQ_DOMAIN_FLAG_MSI_REMAP = (1 << 5),
10773 +
10774 ++ /*
10775 ++ * Quirk to handle MSI implementations which do not provide
10776 ++ * masking. Currently known to affect x86, but partially
10777 ++ * handled in core code.
10778 ++ */
10779 ++ IRQ_DOMAIN_MSI_NOMASK_QUIRK = (1 << 6),
10780 ++
10781 + /*
10782 + * Flags starting from IRQ_DOMAIN_FLAG_NONCORE are reserved
10783 + * for implementation specific purposes and ignored by the
10784 +diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
10785 +index d41c521a39da..b81f0f1ded5f 100644
10786 +--- a/include/linux/kvm_host.h
10787 ++++ b/include/linux/kvm_host.h
10788 +@@ -204,7 +204,7 @@ struct kvm_async_pf {
10789 + struct list_head queue;
10790 + struct kvm_vcpu *vcpu;
10791 + struct mm_struct *mm;
10792 +- gva_t gva;
10793 ++ gpa_t cr2_or_gpa;
10794 + unsigned long addr;
10795 + struct kvm_arch_async_pf arch;
10796 + bool wakeup_all;
10797 +@@ -212,8 +212,8 @@ struct kvm_async_pf {
10798 +
10799 + void kvm_clear_async_pf_completion_queue(struct kvm_vcpu *vcpu);
10800 + void kvm_check_async_pf_completion(struct kvm_vcpu *vcpu);
10801 +-int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, unsigned long hva,
10802 +- struct kvm_arch_async_pf *arch);
10803 ++int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
10804 ++ unsigned long hva, struct kvm_arch_async_pf *arch);
10805 + int kvm_async_pf_wakeup_all(struct kvm_vcpu *vcpu);
10806 + #endif
10807 +
10808 +@@ -728,6 +728,7 @@ void kvm_set_pfn_dirty(kvm_pfn_t pfn);
10809 + void kvm_set_pfn_accessed(kvm_pfn_t pfn);
10810 + void kvm_get_pfn(kvm_pfn_t pfn);
10811 +
10812 ++void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache);
10813 + int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
10814 + int len);
10815 + int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
10816 +@@ -750,7 +751,7 @@ int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
10817 + int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len);
10818 + struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
10819 + bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
10820 +-unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn);
10821 ++unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn);
10822 + void mark_page_dirty(struct kvm *kvm, gfn_t gfn);
10823 +
10824 + struct kvm_memslots *kvm_vcpu_memslots(struct kvm_vcpu *vcpu);
10825 +@@ -758,8 +759,12 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn
10826 + kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn);
10827 + kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn);
10828 + int kvm_vcpu_map(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map);
10829 ++int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map,
10830 ++ struct gfn_to_pfn_cache *cache, bool atomic);
10831 + struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn);
10832 + void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty);
10833 ++int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
10834 ++ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic);
10835 + unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn);
10836 + unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable);
10837 + int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, int offset,
10838 +diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h
10839 +index bde5374ae021..2382cb58969d 100644
10840 +--- a/include/linux/kvm_types.h
10841 ++++ b/include/linux/kvm_types.h
10842 +@@ -18,7 +18,7 @@ struct kvm_memslots;
10843 +
10844 + enum kvm_mr_change;
10845 +
10846 +-#include <asm/types.h>
10847 ++#include <linux/types.h>
10848 +
10849 + /*
10850 + * Address types:
10851 +@@ -49,4 +49,11 @@ struct gfn_to_hva_cache {
10852 + struct kvm_memory_slot *memslot;
10853 + };
10854 +
10855 ++struct gfn_to_pfn_cache {
10856 ++ u64 generation;
10857 ++ gfn_t gfn;
10858 ++ kvm_pfn_t pfn;
10859 ++ bool dirty;
10860 ++};
10861 ++
10862 + #endif /* __KVM_TYPES_H__ */
10863 +diff --git a/include/linux/mfd/rohm-bd70528.h b/include/linux/mfd/rohm-bd70528.h
10864 +index 1013e60c5b25..b0109ee6dae2 100644
10865 +--- a/include/linux/mfd/rohm-bd70528.h
10866 ++++ b/include/linux/mfd/rohm-bd70528.h
10867 +@@ -317,7 +317,7 @@ enum {
10868 + #define BD70528_MASK_RTC_MINUTE 0x7f
10869 + #define BD70528_MASK_RTC_HOUR_24H 0x80
10870 + #define BD70528_MASK_RTC_HOUR_PM 0x20
10871 +-#define BD70528_MASK_RTC_HOUR 0x1f
10872 ++#define BD70528_MASK_RTC_HOUR 0x3f
10873 + #define BD70528_MASK_RTC_DAY 0x3f
10874 + #define BD70528_MASK_RTC_WEEK 0x07
10875 + #define BD70528_MASK_RTC_MONTH 0x1f
10876 +diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h
10877 +index 0836fe232f97..0cdc8d12785a 100644
10878 +--- a/include/linux/mlx5/mlx5_ifc.h
10879 ++++ b/include/linux/mlx5/mlx5_ifc.h
10880 +@@ -1417,14 +1417,15 @@ struct mlx5_ifc_cmd_hca_cap_bits {
10881 +
10882 + u8 reserved_at_440[0x20];
10883 +
10884 +- u8 tls[0x1];
10885 +- u8 reserved_at_461[0x2];
10886 ++ u8 reserved_at_460[0x3];
10887 + u8 log_max_uctx[0x5];
10888 + u8 reserved_at_468[0x3];
10889 + u8 log_max_umem[0x5];
10890 + u8 max_num_eqs[0x10];
10891 +
10892 +- u8 reserved_at_480[0x3];
10893 ++ u8 reserved_at_480[0x1];
10894 ++ u8 tls_tx[0x1];
10895 ++ u8 reserved_at_482[0x1];
10896 + u8 log_max_l2_table[0x5];
10897 + u8 reserved_at_488[0x8];
10898 + u8 log_uar_page_sz[0x10];
10899 +diff --git a/include/linux/padata.h b/include/linux/padata.h
10900 +index 23717eeaad23..cccab7a59787 100644
10901 +--- a/include/linux/padata.h
10902 ++++ b/include/linux/padata.h
10903 +@@ -9,6 +9,7 @@
10904 + #ifndef PADATA_H
10905 + #define PADATA_H
10906 +
10907 ++#include <linux/compiler_types.h>
10908 + #include <linux/workqueue.h>
10909 + #include <linux/spinlock.h>
10910 + #include <linux/list.h>
10911 +@@ -98,7 +99,7 @@ struct padata_cpumask {
10912 + * struct parallel_data - Internal control structure, covers everything
10913 + * that depends on the cpumask in use.
10914 + *
10915 +- * @pinst: padata instance.
10916 ++ * @sh: padata_shell object.
10917 + * @pqueue: percpu padata queues used for parallelization.
10918 + * @squeue: percpu padata queues used for serialuzation.
10919 + * @reorder_objects: Number of objects waiting in the reorder queues.
10920 +@@ -111,7 +112,7 @@ struct padata_cpumask {
10921 + * @lock: Reorder lock.
10922 + */
10923 + struct parallel_data {
10924 +- struct padata_instance *pinst;
10925 ++ struct padata_shell *ps;
10926 + struct padata_parallel_queue __percpu *pqueue;
10927 + struct padata_serial_queue __percpu *squeue;
10928 + atomic_t reorder_objects;
10929 +@@ -124,14 +125,33 @@ struct parallel_data {
10930 + spinlock_t lock ____cacheline_aligned;
10931 + };
10932 +
10933 ++/**
10934 ++ * struct padata_shell - Wrapper around struct parallel_data, its
10935 ++ * purpose is to allow the underlying control structure to be replaced
10936 ++ * on the fly using RCU.
10937 ++ *
10938 ++ * @pinst: padat instance.
10939 ++ * @pd: Actual parallel_data structure which may be substituted on the fly.
10940 ++ * @opd: Pointer to old pd to be freed by padata_replace.
10941 ++ * @list: List entry in padata_instance list.
10942 ++ */
10943 ++struct padata_shell {
10944 ++ struct padata_instance *pinst;
10945 ++ struct parallel_data __rcu *pd;
10946 ++ struct parallel_data *opd;
10947 ++ struct list_head list;
10948 ++};
10949 ++
10950 + /**
10951 + * struct padata_instance - The overall control structure.
10952 + *
10953 + * @cpu_notifier: cpu hotplug notifier.
10954 + * @parallel_wq: The workqueue used for parallel work.
10955 + * @serial_wq: The workqueue used for serial work.
10956 +- * @pd: The internal control structure.
10957 ++ * @pslist: List of padata_shell objects attached to this instance.
10958 + * @cpumask: User supplied cpumasks for parallel and serial works.
10959 ++ * @rcpumask: Actual cpumasks based on user cpumask and cpu_online_mask.
10960 ++ * @omask: Temporary storage used to compute the notification mask.
10961 + * @cpumask_change_notifier: Notifiers chain for user-defined notify
10962 + * callbacks that will be called when either @pcpu or @cbcpu
10963 + * or both cpumasks change.
10964 +@@ -143,8 +163,10 @@ struct padata_instance {
10965 + struct hlist_node node;
10966 + struct workqueue_struct *parallel_wq;
10967 + struct workqueue_struct *serial_wq;
10968 +- struct parallel_data *pd;
10969 ++ struct list_head pslist;
10970 + struct padata_cpumask cpumask;
10971 ++ struct padata_cpumask rcpumask;
10972 ++ cpumask_var_t omask;
10973 + struct blocking_notifier_head cpumask_change_notifier;
10974 + struct kobject kobj;
10975 + struct mutex lock;
10976 +@@ -156,7 +178,9 @@ struct padata_instance {
10977 +
10978 + extern struct padata_instance *padata_alloc_possible(const char *name);
10979 + extern void padata_free(struct padata_instance *pinst);
10980 +-extern int padata_do_parallel(struct padata_instance *pinst,
10981 ++extern struct padata_shell *padata_alloc_shell(struct padata_instance *pinst);
10982 ++extern void padata_free_shell(struct padata_shell *ps);
10983 ++extern int padata_do_parallel(struct padata_shell *ps,
10984 + struct padata_priv *padata, int *cb_cpu);
10985 + extern void padata_do_serial(struct padata_priv *padata);
10986 + extern int padata_set_cpumask(struct padata_instance *pinst, int cpumask_type,
10987 +diff --git a/include/linux/percpu-defs.h b/include/linux/percpu-defs.h
10988 +index a6fabd865211..176bfbd52d97 100644
10989 +--- a/include/linux/percpu-defs.h
10990 ++++ b/include/linux/percpu-defs.h
10991 +@@ -175,8 +175,7 @@
10992 + * Declaration/definition used for per-CPU variables that should be accessed
10993 + * as decrypted when memory encryption is enabled in the guest.
10994 + */
10995 +-#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT)
10996 +-
10997 ++#ifdef CONFIG_AMD_MEM_ENCRYPT
10998 + #define DECLARE_PER_CPU_DECRYPTED(type, name) \
10999 + DECLARE_PER_CPU_SECTION(type, name, "..decrypted")
11000 +
11001 +diff --git a/include/linux/regulator/consumer.h b/include/linux/regulator/consumer.h
11002 +index 337a46391527..6a92fd3105a3 100644
11003 +--- a/include/linux/regulator/consumer.h
11004 ++++ b/include/linux/regulator/consumer.h
11005 +@@ -287,6 +287,8 @@ void regulator_bulk_set_supply_names(struct regulator_bulk_data *consumers,
11006 + const char *const *supply_names,
11007 + unsigned int num_supplies);
11008 +
11009 ++bool regulator_is_equal(struct regulator *reg1, struct regulator *reg2);
11010 ++
11011 + #else
11012 +
11013 + /*
11014 +@@ -593,6 +595,11 @@ regulator_bulk_set_supply_names(struct regulator_bulk_data *consumers,
11015 + {
11016 + }
11017 +
11018 ++static inline bool
11019 ++regulator_is_equal(struct regulator *reg1, struct regulator *reg2)
11020 ++{
11021 ++ return false;
11022 ++}
11023 + #endif
11024 +
11025 + static inline int regulator_set_voltage_triplet(struct regulator *regulator,
11026 +diff --git a/include/media/v4l2-rect.h b/include/media/v4l2-rect.h
11027 +index c86474dc7b55..8800a640c224 100644
11028 +--- a/include/media/v4l2-rect.h
11029 ++++ b/include/media/v4l2-rect.h
11030 +@@ -63,10 +63,10 @@ static inline void v4l2_rect_map_inside(struct v4l2_rect *r,
11031 + r->left = boundary->left;
11032 + if (r->top < boundary->top)
11033 + r->top = boundary->top;
11034 +- if (r->left + r->width > boundary->width)
11035 +- r->left = boundary->width - r->width;
11036 +- if (r->top + r->height > boundary->height)
11037 +- r->top = boundary->height - r->height;
11038 ++ if (r->left + r->width > boundary->left + boundary->width)
11039 ++ r->left = boundary->left + boundary->width - r->width;
11040 ++ if (r->top + r->height > boundary->top + boundary->height)
11041 ++ r->top = boundary->top + boundary->height - r->height;
11042 + }
11043 +
11044 + /**
11045 +diff --git a/include/net/ipx.h b/include/net/ipx.h
11046 +index baf090390998..9d1342807b59 100644
11047 +--- a/include/net/ipx.h
11048 ++++ b/include/net/ipx.h
11049 +@@ -47,11 +47,6 @@ struct ipxhdr {
11050 + /* From af_ipx.c */
11051 + extern int sysctl_ipx_pprop_broadcasting;
11052 +
11053 +-static __inline__ struct ipxhdr *ipx_hdr(struct sk_buff *skb)
11054 +-{
11055 +- return (struct ipxhdr *)skb_transport_header(skb);
11056 +-}
11057 +-
11058 + struct ipx_interface {
11059 + /* IPX address */
11060 + __be32 if_netnum;
11061 +diff --git a/include/sound/hdaudio.h b/include/sound/hdaudio.h
11062 +index e05b95e83d5a..fb9dce4c6928 100644
11063 +--- a/include/sound/hdaudio.h
11064 ++++ b/include/sound/hdaudio.h
11065 +@@ -8,6 +8,7 @@
11066 +
11067 + #include <linux/device.h>
11068 + #include <linux/interrupt.h>
11069 ++#include <linux/io.h>
11070 + #include <linux/pm_runtime.h>
11071 + #include <linux/timecounter.h>
11072 + #include <sound/core.h>
11073 +@@ -330,6 +331,7 @@ struct hdac_bus {
11074 + bool chip_init:1; /* h/w initialized */
11075 +
11076 + /* behavior flags */
11077 ++ bool aligned_mmio:1; /* aligned MMIO access */
11078 + bool sync_write:1; /* sync after verb write */
11079 + bool use_posbuf:1; /* use position buffer */
11080 + bool snoop:1; /* enable snooping */
11081 +@@ -405,34 +407,61 @@ void snd_hdac_bus_free_stream_pages(struct hdac_bus *bus);
11082 + unsigned int snd_hdac_aligned_read(void __iomem *addr, unsigned int mask);
11083 + void snd_hdac_aligned_write(unsigned int val, void __iomem *addr,
11084 + unsigned int mask);
11085 +-#define snd_hdac_reg_writeb(v, addr) snd_hdac_aligned_write(v, addr, 0xff)
11086 +-#define snd_hdac_reg_writew(v, addr) snd_hdac_aligned_write(v, addr, 0xffff)
11087 +-#define snd_hdac_reg_readb(addr) snd_hdac_aligned_read(addr, 0xff)
11088 +-#define snd_hdac_reg_readw(addr) snd_hdac_aligned_read(addr, 0xffff)
11089 +-#else /* CONFIG_SND_HDA_ALIGNED_MMIO */
11090 +-#define snd_hdac_reg_writeb(val, addr) writeb(val, addr)
11091 +-#define snd_hdac_reg_writew(val, addr) writew(val, addr)
11092 +-#define snd_hdac_reg_readb(addr) readb(addr)
11093 +-#define snd_hdac_reg_readw(addr) readw(addr)
11094 +-#endif /* CONFIG_SND_HDA_ALIGNED_MMIO */
11095 +-#define snd_hdac_reg_writel(val, addr) writel(val, addr)
11096 +-#define snd_hdac_reg_readl(addr) readl(addr)
11097 ++#define snd_hdac_aligned_mmio(bus) (bus)->aligned_mmio
11098 ++#else
11099 ++#define snd_hdac_aligned_mmio(bus) false
11100 ++#define snd_hdac_aligned_read(addr, mask) 0
11101 ++#define snd_hdac_aligned_write(val, addr, mask) do {} while (0)
11102 ++#endif
11103 ++
11104 ++static inline void snd_hdac_reg_writeb(struct hdac_bus *bus, void __iomem *addr,
11105 ++ u8 val)
11106 ++{
11107 ++ if (snd_hdac_aligned_mmio(bus))
11108 ++ snd_hdac_aligned_write(val, addr, 0xff);
11109 ++ else
11110 ++ writeb(val, addr);
11111 ++}
11112 ++
11113 ++static inline void snd_hdac_reg_writew(struct hdac_bus *bus, void __iomem *addr,
11114 ++ u16 val)
11115 ++{
11116 ++ if (snd_hdac_aligned_mmio(bus))
11117 ++ snd_hdac_aligned_write(val, addr, 0xffff);
11118 ++ else
11119 ++ writew(val, addr);
11120 ++}
11121 ++
11122 ++static inline u8 snd_hdac_reg_readb(struct hdac_bus *bus, void __iomem *addr)
11123 ++{
11124 ++ return snd_hdac_aligned_mmio(bus) ?
11125 ++ snd_hdac_aligned_read(addr, 0xff) : readb(addr);
11126 ++}
11127 ++
11128 ++static inline u16 snd_hdac_reg_readw(struct hdac_bus *bus, void __iomem *addr)
11129 ++{
11130 ++ return snd_hdac_aligned_mmio(bus) ?
11131 ++ snd_hdac_aligned_read(addr, 0xffff) : readw(addr);
11132 ++}
11133 ++
11134 ++#define snd_hdac_reg_writel(bus, addr, val) writel(val, addr)
11135 ++#define snd_hdac_reg_readl(bus, addr) readl(addr)
11136 +
11137 + /*
11138 + * macros for easy use
11139 + */
11140 + #define _snd_hdac_chip_writeb(chip, reg, value) \
11141 +- snd_hdac_reg_writeb(value, (chip)->remap_addr + (reg))
11142 ++ snd_hdac_reg_writeb(chip, (chip)->remap_addr + (reg), value)
11143 + #define _snd_hdac_chip_readb(chip, reg) \
11144 +- snd_hdac_reg_readb((chip)->remap_addr + (reg))
11145 ++ snd_hdac_reg_readb(chip, (chip)->remap_addr + (reg))
11146 + #define _snd_hdac_chip_writew(chip, reg, value) \
11147 +- snd_hdac_reg_writew(value, (chip)->remap_addr + (reg))
11148 ++ snd_hdac_reg_writew(chip, (chip)->remap_addr + (reg), value)
11149 + #define _snd_hdac_chip_readw(chip, reg) \
11150 +- snd_hdac_reg_readw((chip)->remap_addr + (reg))
11151 ++ snd_hdac_reg_readw(chip, (chip)->remap_addr + (reg))
11152 + #define _snd_hdac_chip_writel(chip, reg, value) \
11153 +- snd_hdac_reg_writel(value, (chip)->remap_addr + (reg))
11154 ++ snd_hdac_reg_writel(chip, (chip)->remap_addr + (reg), value)
11155 + #define _snd_hdac_chip_readl(chip, reg) \
11156 +- snd_hdac_reg_readl((chip)->remap_addr + (reg))
11157 ++ snd_hdac_reg_readl(chip, (chip)->remap_addr + (reg))
11158 +
11159 + /* read/write a register, pass without AZX_REG_ prefix */
11160 + #define snd_hdac_chip_writel(chip, reg, value) \
11161 +@@ -540,17 +569,17 @@ int snd_hdac_get_stream_stripe_ctl(struct hdac_bus *bus,
11162 + */
11163 + /* read/write a register, pass without AZX_REG_ prefix */
11164 + #define snd_hdac_stream_writel(dev, reg, value) \
11165 +- snd_hdac_reg_writel(value, (dev)->sd_addr + AZX_REG_ ## reg)
11166 ++ snd_hdac_reg_writel((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg, value)
11167 + #define snd_hdac_stream_writew(dev, reg, value) \
11168 +- snd_hdac_reg_writew(value, (dev)->sd_addr + AZX_REG_ ## reg)
11169 ++ snd_hdac_reg_writew((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg, value)
11170 + #define snd_hdac_stream_writeb(dev, reg, value) \
11171 +- snd_hdac_reg_writeb(value, (dev)->sd_addr + AZX_REG_ ## reg)
11172 ++ snd_hdac_reg_writeb((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg, value)
11173 + #define snd_hdac_stream_readl(dev, reg) \
11174 +- snd_hdac_reg_readl((dev)->sd_addr + AZX_REG_ ## reg)
11175 ++ snd_hdac_reg_readl((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg)
11176 + #define snd_hdac_stream_readw(dev, reg) \
11177 +- snd_hdac_reg_readw((dev)->sd_addr + AZX_REG_ ## reg)
11178 ++ snd_hdac_reg_readw((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg)
11179 + #define snd_hdac_stream_readb(dev, reg) \
11180 +- snd_hdac_reg_readb((dev)->sd_addr + AZX_REG_ ## reg)
11181 ++ snd_hdac_reg_readb((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg)
11182 +
11183 + /* update a register, pass without AZX_REG_ prefix */
11184 + #define snd_hdac_stream_updatel(dev, reg, mask, val) \
11185 +diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h
11186 +index c2ce6480b4b1..66282552db20 100644
11187 +--- a/include/trace/events/writeback.h
11188 ++++ b/include/trace/events/writeback.h
11189 +@@ -67,8 +67,8 @@ DECLARE_EVENT_CLASS(writeback_page_template,
11190 +
11191 + TP_fast_assign(
11192 + strscpy_pad(__entry->name,
11193 +- mapping ? dev_name(inode_to_bdi(mapping->host)->dev) : "(unknown)",
11194 +- 32);
11195 ++ bdi_dev_name(mapping ? inode_to_bdi(mapping->host) :
11196 ++ NULL), 32);
11197 + __entry->ino = mapping ? mapping->host->i_ino : 0;
11198 + __entry->index = page->index;
11199 + ),
11200 +@@ -111,8 +111,7 @@ DECLARE_EVENT_CLASS(writeback_dirty_inode_template,
11201 + struct backing_dev_info *bdi = inode_to_bdi(inode);
11202 +
11203 + /* may be called for files on pseudo FSes w/ unregistered bdi */
11204 +- strscpy_pad(__entry->name,
11205 +- bdi->dev ? dev_name(bdi->dev) : "(unknown)", 32);
11206 ++ strscpy_pad(__entry->name, bdi_dev_name(bdi), 32);
11207 + __entry->ino = inode->i_ino;
11208 + __entry->state = inode->i_state;
11209 + __entry->flags = flags;
11210 +@@ -193,7 +192,7 @@ TRACE_EVENT(inode_foreign_history,
11211 + ),
11212 +
11213 + TP_fast_assign(
11214 +- strncpy(__entry->name, dev_name(inode_to_bdi(inode)->dev), 32);
11215 ++ strncpy(__entry->name, bdi_dev_name(inode_to_bdi(inode)), 32);
11216 + __entry->ino = inode->i_ino;
11217 + __entry->cgroup_ino = __trace_wbc_assign_cgroup(wbc);
11218 + __entry->history = history;
11219 +@@ -222,7 +221,7 @@ TRACE_EVENT(inode_switch_wbs,
11220 + ),
11221 +
11222 + TP_fast_assign(
11223 +- strncpy(__entry->name, dev_name(old_wb->bdi->dev), 32);
11224 ++ strncpy(__entry->name, bdi_dev_name(old_wb->bdi), 32);
11225 + __entry->ino = inode->i_ino;
11226 + __entry->old_cgroup_ino = __trace_wb_assign_cgroup(old_wb);
11227 + __entry->new_cgroup_ino = __trace_wb_assign_cgroup(new_wb);
11228 +@@ -255,7 +254,7 @@ TRACE_EVENT(track_foreign_dirty,
11229 + struct address_space *mapping = page_mapping(page);
11230 + struct inode *inode = mapping ? mapping->host : NULL;
11231 +
11232 +- strncpy(__entry->name, dev_name(wb->bdi->dev), 32);
11233 ++ strncpy(__entry->name, bdi_dev_name(wb->bdi), 32);
11234 + __entry->bdi_id = wb->bdi->id;
11235 + __entry->ino = inode ? inode->i_ino : 0;
11236 + __entry->memcg_id = wb->memcg_css->id;
11237 +@@ -288,7 +287,7 @@ TRACE_EVENT(flush_foreign,
11238 + ),
11239 +
11240 + TP_fast_assign(
11241 +- strncpy(__entry->name, dev_name(wb->bdi->dev), 32);
11242 ++ strncpy(__entry->name, bdi_dev_name(wb->bdi), 32);
11243 + __entry->cgroup_ino = __trace_wb_assign_cgroup(wb);
11244 + __entry->frn_bdi_id = frn_bdi_id;
11245 + __entry->frn_memcg_id = frn_memcg_id;
11246 +@@ -318,7 +317,7 @@ DECLARE_EVENT_CLASS(writeback_write_inode_template,
11247 +
11248 + TP_fast_assign(
11249 + strscpy_pad(__entry->name,
11250 +- dev_name(inode_to_bdi(inode)->dev), 32);
11251 ++ bdi_dev_name(inode_to_bdi(inode)), 32);
11252 + __entry->ino = inode->i_ino;
11253 + __entry->sync_mode = wbc->sync_mode;
11254 + __entry->cgroup_ino = __trace_wbc_assign_cgroup(wbc);
11255 +@@ -361,9 +360,7 @@ DECLARE_EVENT_CLASS(writeback_work_class,
11256 + __field(unsigned int, cgroup_ino)
11257 + ),
11258 + TP_fast_assign(
11259 +- strscpy_pad(__entry->name,
11260 +- wb->bdi->dev ? dev_name(wb->bdi->dev) :
11261 +- "(unknown)", 32);
11262 ++ strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
11263 + __entry->nr_pages = work->nr_pages;
11264 + __entry->sb_dev = work->sb ? work->sb->s_dev : 0;
11265 + __entry->sync_mode = work->sync_mode;
11266 +@@ -416,7 +413,7 @@ DECLARE_EVENT_CLASS(writeback_class,
11267 + __field(unsigned int, cgroup_ino)
11268 + ),
11269 + TP_fast_assign(
11270 +- strscpy_pad(__entry->name, dev_name(wb->bdi->dev), 32);
11271 ++ strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
11272 + __entry->cgroup_ino = __trace_wb_assign_cgroup(wb);
11273 + ),
11274 + TP_printk("bdi %s: cgroup_ino=%u",
11275 +@@ -438,7 +435,7 @@ TRACE_EVENT(writeback_bdi_register,
11276 + __array(char, name, 32)
11277 + ),
11278 + TP_fast_assign(
11279 +- strscpy_pad(__entry->name, dev_name(bdi->dev), 32);
11280 ++ strscpy_pad(__entry->name, bdi_dev_name(bdi), 32);
11281 + ),
11282 + TP_printk("bdi %s",
11283 + __entry->name
11284 +@@ -463,7 +460,7 @@ DECLARE_EVENT_CLASS(wbc_class,
11285 + ),
11286 +
11287 + TP_fast_assign(
11288 +- strscpy_pad(__entry->name, dev_name(bdi->dev), 32);
11289 ++ strscpy_pad(__entry->name, bdi_dev_name(bdi), 32);
11290 + __entry->nr_to_write = wbc->nr_to_write;
11291 + __entry->pages_skipped = wbc->pages_skipped;
11292 + __entry->sync_mode = wbc->sync_mode;
11293 +@@ -514,7 +511,7 @@ TRACE_EVENT(writeback_queue_io,
11294 + ),
11295 + TP_fast_assign(
11296 + unsigned long *older_than_this = work->older_than_this;
11297 +- strscpy_pad(__entry->name, dev_name(wb->bdi->dev), 32);
11298 ++ strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
11299 + __entry->older = older_than_this ? *older_than_this : 0;
11300 + __entry->age = older_than_this ?
11301 + (jiffies - *older_than_this) * 1000 / HZ : -1;
11302 +@@ -600,7 +597,7 @@ TRACE_EVENT(bdi_dirty_ratelimit,
11303 + ),
11304 +
11305 + TP_fast_assign(
11306 +- strscpy_pad(__entry->bdi, dev_name(wb->bdi->dev), 32);
11307 ++ strscpy_pad(__entry->bdi, bdi_dev_name(wb->bdi), 32);
11308 + __entry->write_bw = KBps(wb->write_bandwidth);
11309 + __entry->avg_write_bw = KBps(wb->avg_write_bandwidth);
11310 + __entry->dirty_rate = KBps(dirty_rate);
11311 +@@ -665,7 +662,7 @@ TRACE_EVENT(balance_dirty_pages,
11312 +
11313 + TP_fast_assign(
11314 + unsigned long freerun = (thresh + bg_thresh) / 2;
11315 +- strscpy_pad(__entry->bdi, dev_name(wb->bdi->dev), 32);
11316 ++ strscpy_pad(__entry->bdi, bdi_dev_name(wb->bdi), 32);
11317 +
11318 + __entry->limit = global_wb_domain.dirty_limit;
11319 + __entry->setpoint = (global_wb_domain.dirty_limit +
11320 +@@ -726,7 +723,7 @@ TRACE_EVENT(writeback_sb_inodes_requeue,
11321 +
11322 + TP_fast_assign(
11323 + strscpy_pad(__entry->name,
11324 +- dev_name(inode_to_bdi(inode)->dev), 32);
11325 ++ bdi_dev_name(inode_to_bdi(inode)), 32);
11326 + __entry->ino = inode->i_ino;
11327 + __entry->state = inode->i_state;
11328 + __entry->dirtied_when = inode->dirtied_when;
11329 +@@ -800,7 +797,7 @@ DECLARE_EVENT_CLASS(writeback_single_inode_template,
11330 +
11331 + TP_fast_assign(
11332 + strscpy_pad(__entry->name,
11333 +- dev_name(inode_to_bdi(inode)->dev), 32);
11334 ++ bdi_dev_name(inode_to_bdi(inode)), 32);
11335 + __entry->ino = inode->i_ino;
11336 + __entry->state = inode->i_state;
11337 + __entry->dirtied_when = inode->dirtied_when;
11338 +diff --git a/ipc/msg.c b/ipc/msg.c
11339 +index 8dec945fa030..767587ab45a3 100644
11340 +--- a/ipc/msg.c
11341 ++++ b/ipc/msg.c
11342 +@@ -377,7 +377,7 @@ copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version)
11343 + * NOTE: no locks must be held, the rwsem is taken inside this function.
11344 + */
11345 + static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
11346 +- struct msqid64_ds *msqid64)
11347 ++ struct ipc64_perm *perm, int msg_qbytes)
11348 + {
11349 + struct kern_ipc_perm *ipcp;
11350 + struct msg_queue *msq;
11351 +@@ -387,7 +387,7 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
11352 + rcu_read_lock();
11353 +
11354 + ipcp = ipcctl_obtain_check(ns, &msg_ids(ns), msqid, cmd,
11355 +- &msqid64->msg_perm, msqid64->msg_qbytes);
11356 ++ perm, msg_qbytes);
11357 + if (IS_ERR(ipcp)) {
11358 + err = PTR_ERR(ipcp);
11359 + goto out_unlock1;
11360 +@@ -409,18 +409,18 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
11361 + {
11362 + DEFINE_WAKE_Q(wake_q);
11363 +
11364 +- if (msqid64->msg_qbytes > ns->msg_ctlmnb &&
11365 ++ if (msg_qbytes > ns->msg_ctlmnb &&
11366 + !capable(CAP_SYS_RESOURCE)) {
11367 + err = -EPERM;
11368 + goto out_unlock1;
11369 + }
11370 +
11371 + ipc_lock_object(&msq->q_perm);
11372 +- err = ipc_update_perm(&msqid64->msg_perm, ipcp);
11373 ++ err = ipc_update_perm(perm, ipcp);
11374 + if (err)
11375 + goto out_unlock0;
11376 +
11377 +- msq->q_qbytes = msqid64->msg_qbytes;
11378 ++ msq->q_qbytes = msg_qbytes;
11379 +
11380 + msq->q_ctime = ktime_get_real_seconds();
11381 + /*
11382 +@@ -601,9 +601,10 @@ static long ksys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf, int ver
11383 + case IPC_SET:
11384 + if (copy_msqid_from_user(&msqid64, buf, version))
11385 + return -EFAULT;
11386 +- /* fallthru */
11387 ++ return msgctl_down(ns, msqid, cmd, &msqid64.msg_perm,
11388 ++ msqid64.msg_qbytes);
11389 + case IPC_RMID:
11390 +- return msgctl_down(ns, msqid, cmd, &msqid64);
11391 ++ return msgctl_down(ns, msqid, cmd, NULL, 0);
11392 + default:
11393 + return -EINVAL;
11394 + }
11395 +@@ -735,9 +736,9 @@ static long compat_ksys_msgctl(int msqid, int cmd, void __user *uptr, int versio
11396 + case IPC_SET:
11397 + if (copy_compat_msqid_from_user(&msqid64, uptr, version))
11398 + return -EFAULT;
11399 +- /* fallthru */
11400 ++ return msgctl_down(ns, msqid, cmd, &msqid64.msg_perm, msqid64.msg_qbytes);
11401 + case IPC_RMID:
11402 +- return msgctl_down(ns, msqid, cmd, &msqid64);
11403 ++ return msgctl_down(ns, msqid, cmd, NULL, 0);
11404 + default:
11405 + return -EINVAL;
11406 + }
11407 +diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c
11408 +index 3d3d61b5985b..b4b6b77f309c 100644
11409 +--- a/kernel/bpf/devmap.c
11410 ++++ b/kernel/bpf/devmap.c
11411 +@@ -293,7 +293,8 @@ struct bpf_dtab_netdev *__dev_map_hash_lookup_elem(struct bpf_map *map, u32 key)
11412 + struct hlist_head *head = dev_map_index_hash(dtab, key);
11413 + struct bpf_dtab_netdev *dev;
11414 +
11415 +- hlist_for_each_entry_rcu(dev, head, index_hlist)
11416 ++ hlist_for_each_entry_rcu(dev, head, index_hlist,
11417 ++ lockdep_is_held(&dtab->index_lock))
11418 + if (dev->idx == key)
11419 + return dev;
11420 +
11421 +diff --git a/kernel/events/core.c b/kernel/events/core.c
11422 +index 6c829e22bad3..15b123bdcaf5 100644
11423 +--- a/kernel/events/core.c
11424 ++++ b/kernel/events/core.c
11425 +@@ -5823,7 +5823,15 @@ accounting:
11426 + */
11427 + user_lock_limit *= num_online_cpus();
11428 +
11429 +- user_locked = atomic_long_read(&user->locked_vm) + user_extra;
11430 ++ user_locked = atomic_long_read(&user->locked_vm);
11431 ++
11432 ++ /*
11433 ++ * sysctl_perf_event_mlock may have changed, so that
11434 ++ * user->locked_vm > user_lock_limit
11435 ++ */
11436 ++ if (user_locked > user_lock_limit)
11437 ++ user_locked = user_lock_limit;
11438 ++ user_locked += user_extra;
11439 +
11440 + if (user_locked <= user_lock_limit) {
11441 + /* charge all to locked_vm */
11442 +diff --git a/kernel/irq/debugfs.c b/kernel/irq/debugfs.c
11443 +index c1eccd4f6520..a949bd39e343 100644
11444 +--- a/kernel/irq/debugfs.c
11445 ++++ b/kernel/irq/debugfs.c
11446 +@@ -114,6 +114,7 @@ static const struct irq_bit_descr irqdata_states[] = {
11447 + BIT_MASK_DESCR(IRQD_AFFINITY_MANAGED),
11448 + BIT_MASK_DESCR(IRQD_MANAGED_SHUTDOWN),
11449 + BIT_MASK_DESCR(IRQD_CAN_RESERVE),
11450 ++ BIT_MASK_DESCR(IRQD_MSI_NOMASK_QUIRK),
11451 +
11452 + BIT_MASK_DESCR(IRQD_FORWARDED_TO_VCPU),
11453 +
11454 +diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
11455 +index dd822fd8a7d5..480df3659720 100644
11456 +--- a/kernel/irq/irqdomain.c
11457 ++++ b/kernel/irq/irqdomain.c
11458 +@@ -1459,6 +1459,7 @@ int irq_domain_push_irq(struct irq_domain *domain, int virq, void *arg)
11459 + if (rv) {
11460 + /* Restore the original irq_data. */
11461 + *root_irq_data = *child_irq_data;
11462 ++ kfree(child_irq_data);
11463 + goto error;
11464 + }
11465 +
11466 +diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
11467 +index ad26fbcfbfc8..eb95f6106a1e 100644
11468 +--- a/kernel/irq/msi.c
11469 ++++ b/kernel/irq/msi.c
11470 +@@ -453,8 +453,11 @@ int msi_domain_alloc_irqs(struct irq_domain *domain, struct device *dev,
11471 + continue;
11472 +
11473 + irq_data = irq_domain_get_irq_data(domain, desc->irq);
11474 +- if (!can_reserve)
11475 ++ if (!can_reserve) {
11476 + irqd_clr_can_reserve(irq_data);
11477 ++ if (domain->flags & IRQ_DOMAIN_MSI_NOMASK_QUIRK)
11478 ++ irqd_set_msi_nomask_quirk(irq_data);
11479 ++ }
11480 + ret = irq_domain_activate_irq(irq_data, can_reserve);
11481 + if (ret)
11482 + goto cleanup;
11483 +diff --git a/kernel/padata.c b/kernel/padata.c
11484 +index c3fec1413295..9c82ee4a9732 100644
11485 +--- a/kernel/padata.c
11486 ++++ b/kernel/padata.c
11487 +@@ -35,6 +35,8 @@
11488 +
11489 + #define MAX_OBJ_NUM 1000
11490 +
11491 ++static void padata_free_pd(struct parallel_data *pd);
11492 ++
11493 + static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index)
11494 + {
11495 + int cpu, target_cpu;
11496 +@@ -87,7 +89,7 @@ static void padata_parallel_worker(struct work_struct *parallel_work)
11497 + /**
11498 + * padata_do_parallel - padata parallelization function
11499 + *
11500 +- * @pinst: padata instance
11501 ++ * @ps: padatashell
11502 + * @padata: object to be parallelized
11503 + * @cb_cpu: pointer to the CPU that the serialization callback function should
11504 + * run on. If it's not in the serial cpumask of @pinst
11505 +@@ -98,16 +100,17 @@ static void padata_parallel_worker(struct work_struct *parallel_work)
11506 + * Note: Every object which is parallelized by padata_do_parallel
11507 + * must be seen by padata_do_serial.
11508 + */
11509 +-int padata_do_parallel(struct padata_instance *pinst,
11510 ++int padata_do_parallel(struct padata_shell *ps,
11511 + struct padata_priv *padata, int *cb_cpu)
11512 + {
11513 ++ struct padata_instance *pinst = ps->pinst;
11514 + int i, cpu, cpu_index, target_cpu, err;
11515 + struct padata_parallel_queue *queue;
11516 + struct parallel_data *pd;
11517 +
11518 + rcu_read_lock_bh();
11519 +
11520 +- pd = rcu_dereference_bh(pinst->pd);
11521 ++ pd = rcu_dereference_bh(ps->pd);
11522 +
11523 + err = -EINVAL;
11524 + if (!(pinst->flags & PADATA_INIT) || pinst->flags & PADATA_INVALID)
11525 +@@ -210,10 +213,10 @@ static struct padata_priv *padata_find_next(struct parallel_data *pd,
11526 +
11527 + static void padata_reorder(struct parallel_data *pd)
11528 + {
11529 ++ struct padata_instance *pinst = pd->ps->pinst;
11530 + int cb_cpu;
11531 + struct padata_priv *padata;
11532 + struct padata_serial_queue *squeue;
11533 +- struct padata_instance *pinst = pd->pinst;
11534 + struct padata_parallel_queue *next_queue;
11535 +
11536 + /*
11537 +@@ -283,6 +286,7 @@ static void padata_serial_worker(struct work_struct *serial_work)
11538 + struct padata_serial_queue *squeue;
11539 + struct parallel_data *pd;
11540 + LIST_HEAD(local_list);
11541 ++ int cnt;
11542 +
11543 + local_bh_disable();
11544 + squeue = container_of(serial_work, struct padata_serial_queue, work);
11545 +@@ -292,6 +296,8 @@ static void padata_serial_worker(struct work_struct *serial_work)
11546 + list_replace_init(&squeue->serial.list, &local_list);
11547 + spin_unlock(&squeue->serial.lock);
11548 +
11549 ++ cnt = 0;
11550 ++
11551 + while (!list_empty(&local_list)) {
11552 + struct padata_priv *padata;
11553 +
11554 +@@ -301,9 +307,12 @@ static void padata_serial_worker(struct work_struct *serial_work)
11555 + list_del_init(&padata->list);
11556 +
11557 + padata->serial(padata);
11558 +- atomic_dec(&pd->refcnt);
11559 ++ cnt++;
11560 + }
11561 + local_bh_enable();
11562 ++
11563 ++ if (atomic_sub_and_test(cnt, &pd->refcnt))
11564 ++ padata_free_pd(pd);
11565 + }
11566 +
11567 + /**
11568 +@@ -341,36 +350,39 @@ void padata_do_serial(struct padata_priv *padata)
11569 + }
11570 + EXPORT_SYMBOL(padata_do_serial);
11571 +
11572 +-static int padata_setup_cpumasks(struct parallel_data *pd,
11573 +- const struct cpumask *pcpumask,
11574 +- const struct cpumask *cbcpumask)
11575 ++static int padata_setup_cpumasks(struct padata_instance *pinst)
11576 + {
11577 + struct workqueue_attrs *attrs;
11578 ++ int err;
11579 ++
11580 ++ attrs = alloc_workqueue_attrs();
11581 ++ if (!attrs)
11582 ++ return -ENOMEM;
11583 ++
11584 ++ /* Restrict parallel_wq workers to pd->cpumask.pcpu. */
11585 ++ cpumask_copy(attrs->cpumask, pinst->cpumask.pcpu);
11586 ++ err = apply_workqueue_attrs(pinst->parallel_wq, attrs);
11587 ++ free_workqueue_attrs(attrs);
11588 ++
11589 ++ return err;
11590 ++}
11591 ++
11592 ++static int pd_setup_cpumasks(struct parallel_data *pd,
11593 ++ const struct cpumask *pcpumask,
11594 ++ const struct cpumask *cbcpumask)
11595 ++{
11596 + int err = -ENOMEM;
11597 +
11598 + if (!alloc_cpumask_var(&pd->cpumask.pcpu, GFP_KERNEL))
11599 + goto out;
11600 +- cpumask_and(pd->cpumask.pcpu, pcpumask, cpu_online_mask);
11601 +-
11602 + if (!alloc_cpumask_var(&pd->cpumask.cbcpu, GFP_KERNEL))
11603 + goto free_pcpu_mask;
11604 +- cpumask_and(pd->cpumask.cbcpu, cbcpumask, cpu_online_mask);
11605 +-
11606 +- attrs = alloc_workqueue_attrs();
11607 +- if (!attrs)
11608 +- goto free_cbcpu_mask;
11609 +
11610 +- /* Restrict parallel_wq workers to pd->cpumask.pcpu. */
11611 +- cpumask_copy(attrs->cpumask, pd->cpumask.pcpu);
11612 +- err = apply_workqueue_attrs(pd->pinst->parallel_wq, attrs);
11613 +- free_workqueue_attrs(attrs);
11614 +- if (err < 0)
11615 +- goto free_cbcpu_mask;
11616 ++ cpumask_copy(pd->cpumask.pcpu, pcpumask);
11617 ++ cpumask_copy(pd->cpumask.cbcpu, cbcpumask);
11618 +
11619 + return 0;
11620 +
11621 +-free_cbcpu_mask:
11622 +- free_cpumask_var(pd->cpumask.cbcpu);
11623 + free_pcpu_mask:
11624 + free_cpumask_var(pd->cpumask.pcpu);
11625 + out:
11626 +@@ -414,12 +426,16 @@ static void padata_init_pqueues(struct parallel_data *pd)
11627 + }
11628 +
11629 + /* Allocate and initialize the internal cpumask dependend resources. */
11630 +-static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
11631 +- const struct cpumask *pcpumask,
11632 +- const struct cpumask *cbcpumask)
11633 ++static struct parallel_data *padata_alloc_pd(struct padata_shell *ps)
11634 + {
11635 ++ struct padata_instance *pinst = ps->pinst;
11636 ++ const struct cpumask *cbcpumask;
11637 ++ const struct cpumask *pcpumask;
11638 + struct parallel_data *pd;
11639 +
11640 ++ cbcpumask = pinst->rcpumask.cbcpu;
11641 ++ pcpumask = pinst->rcpumask.pcpu;
11642 ++
11643 + pd = kzalloc(sizeof(struct parallel_data), GFP_KERNEL);
11644 + if (!pd)
11645 + goto err;
11646 +@@ -432,15 +448,15 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
11647 + if (!pd->squeue)
11648 + goto err_free_pqueue;
11649 +
11650 +- pd->pinst = pinst;
11651 +- if (padata_setup_cpumasks(pd, pcpumask, cbcpumask) < 0)
11652 ++ pd->ps = ps;
11653 ++ if (pd_setup_cpumasks(pd, pcpumask, cbcpumask))
11654 + goto err_free_squeue;
11655 +
11656 + padata_init_pqueues(pd);
11657 + padata_init_squeues(pd);
11658 + atomic_set(&pd->seq_nr, -1);
11659 + atomic_set(&pd->reorder_objects, 0);
11660 +- atomic_set(&pd->refcnt, 0);
11661 ++ atomic_set(&pd->refcnt, 1);
11662 + spin_lock_init(&pd->lock);
11663 + pd->cpu = cpumask_first(pd->cpumask.pcpu);
11664 + INIT_WORK(&pd->reorder_work, invoke_padata_reorder);
11665 +@@ -466,29 +482,6 @@ static void padata_free_pd(struct parallel_data *pd)
11666 + kfree(pd);
11667 + }
11668 +
11669 +-/* Flush all objects out of the padata queues. */
11670 +-static void padata_flush_queues(struct parallel_data *pd)
11671 +-{
11672 +- int cpu;
11673 +- struct padata_parallel_queue *pqueue;
11674 +- struct padata_serial_queue *squeue;
11675 +-
11676 +- for_each_cpu(cpu, pd->cpumask.pcpu) {
11677 +- pqueue = per_cpu_ptr(pd->pqueue, cpu);
11678 +- flush_work(&pqueue->work);
11679 +- }
11680 +-
11681 +- if (atomic_read(&pd->reorder_objects))
11682 +- padata_reorder(pd);
11683 +-
11684 +- for_each_cpu(cpu, pd->cpumask.cbcpu) {
11685 +- squeue = per_cpu_ptr(pd->squeue, cpu);
11686 +- flush_work(&squeue->work);
11687 +- }
11688 +-
11689 +- BUG_ON(atomic_read(&pd->refcnt) != 0);
11690 +-}
11691 +-
11692 + static void __padata_start(struct padata_instance *pinst)
11693 + {
11694 + pinst->flags |= PADATA_INIT;
11695 +@@ -502,39 +495,67 @@ static void __padata_stop(struct padata_instance *pinst)
11696 + pinst->flags &= ~PADATA_INIT;
11697 +
11698 + synchronize_rcu();
11699 +-
11700 +- get_online_cpus();
11701 +- padata_flush_queues(pinst->pd);
11702 +- put_online_cpus();
11703 + }
11704 +
11705 + /* Replace the internal control structure with a new one. */
11706 +-static void padata_replace(struct padata_instance *pinst,
11707 +- struct parallel_data *pd_new)
11708 ++static int padata_replace_one(struct padata_shell *ps)
11709 + {
11710 +- struct parallel_data *pd_old = pinst->pd;
11711 +- int notification_mask = 0;
11712 ++ struct parallel_data *pd_new;
11713 +
11714 +- pinst->flags |= PADATA_RESET;
11715 ++ pd_new = padata_alloc_pd(ps);
11716 ++ if (!pd_new)
11717 ++ return -ENOMEM;
11718 +
11719 +- rcu_assign_pointer(pinst->pd, pd_new);
11720 ++ ps->opd = rcu_dereference_protected(ps->pd, 1);
11721 ++ rcu_assign_pointer(ps->pd, pd_new);
11722 +
11723 +- synchronize_rcu();
11724 ++ return 0;
11725 ++}
11726 ++
11727 ++static int padata_replace(struct padata_instance *pinst, int cpu)
11728 ++{
11729 ++ int notification_mask = 0;
11730 ++ struct padata_shell *ps;
11731 ++ int err;
11732 ++
11733 ++ pinst->flags |= PADATA_RESET;
11734 +
11735 +- if (!cpumask_equal(pd_old->cpumask.pcpu, pd_new->cpumask.pcpu))
11736 ++ cpumask_copy(pinst->omask, pinst->rcpumask.pcpu);
11737 ++ cpumask_and(pinst->rcpumask.pcpu, pinst->cpumask.pcpu,
11738 ++ cpu_online_mask);
11739 ++ if (cpu >= 0)
11740 ++ cpumask_clear_cpu(cpu, pinst->rcpumask.pcpu);
11741 ++ if (!cpumask_equal(pinst->omask, pinst->rcpumask.pcpu))
11742 + notification_mask |= PADATA_CPU_PARALLEL;
11743 +- if (!cpumask_equal(pd_old->cpumask.cbcpu, pd_new->cpumask.cbcpu))
11744 ++
11745 ++ cpumask_copy(pinst->omask, pinst->rcpumask.cbcpu);
11746 ++ cpumask_and(pinst->rcpumask.cbcpu, pinst->cpumask.cbcpu,
11747 ++ cpu_online_mask);
11748 ++ if (cpu >= 0)
11749 ++ cpumask_clear_cpu(cpu, pinst->rcpumask.cbcpu);
11750 ++ if (!cpumask_equal(pinst->omask, pinst->rcpumask.cbcpu))
11751 + notification_mask |= PADATA_CPU_SERIAL;
11752 +
11753 +- padata_flush_queues(pd_old);
11754 +- padata_free_pd(pd_old);
11755 ++ list_for_each_entry(ps, &pinst->pslist, list) {
11756 ++ err = padata_replace_one(ps);
11757 ++ if (err)
11758 ++ break;
11759 ++ }
11760 ++
11761 ++ synchronize_rcu();
11762 ++
11763 ++ list_for_each_entry_continue_reverse(ps, &pinst->pslist, list)
11764 ++ if (atomic_dec_and_test(&ps->opd->refcnt))
11765 ++ padata_free_pd(ps->opd);
11766 +
11767 + if (notification_mask)
11768 + blocking_notifier_call_chain(&pinst->cpumask_change_notifier,
11769 + notification_mask,
11770 +- &pd_new->cpumask);
11771 ++ &pinst->cpumask);
11772 +
11773 + pinst->flags &= ~PADATA_RESET;
11774 ++
11775 ++ return err;
11776 + }
11777 +
11778 + /**
11779 +@@ -587,7 +608,7 @@ static int __padata_set_cpumasks(struct padata_instance *pinst,
11780 + cpumask_var_t cbcpumask)
11781 + {
11782 + int valid;
11783 +- struct parallel_data *pd;
11784 ++ int err;
11785 +
11786 + valid = padata_validate_cpumask(pinst, pcpumask);
11787 + if (!valid) {
11788 +@@ -600,19 +621,15 @@ static int __padata_set_cpumasks(struct padata_instance *pinst,
11789 + __padata_stop(pinst);
11790 +
11791 + out_replace:
11792 +- pd = padata_alloc_pd(pinst, pcpumask, cbcpumask);
11793 +- if (!pd)
11794 +- return -ENOMEM;
11795 +-
11796 + cpumask_copy(pinst->cpumask.pcpu, pcpumask);
11797 + cpumask_copy(pinst->cpumask.cbcpu, cbcpumask);
11798 +
11799 +- padata_replace(pinst, pd);
11800 ++ err = padata_setup_cpumasks(pinst) ?: padata_replace(pinst, -1);
11801 +
11802 + if (valid)
11803 + __padata_start(pinst);
11804 +
11805 +- return 0;
11806 ++ return err;
11807 + }
11808 +
11809 + /**
11810 +@@ -695,46 +712,32 @@ EXPORT_SYMBOL(padata_stop);
11811 +
11812 + static int __padata_add_cpu(struct padata_instance *pinst, int cpu)
11813 + {
11814 +- struct parallel_data *pd;
11815 ++ int err = 0;
11816 +
11817 + if (cpumask_test_cpu(cpu, cpu_online_mask)) {
11818 +- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,
11819 +- pinst->cpumask.cbcpu);
11820 +- if (!pd)
11821 +- return -ENOMEM;
11822 +-
11823 +- padata_replace(pinst, pd);
11824 ++ err = padata_replace(pinst, -1);
11825 +
11826 + if (padata_validate_cpumask(pinst, pinst->cpumask.pcpu) &&
11827 + padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))
11828 + __padata_start(pinst);
11829 + }
11830 +
11831 +- return 0;
11832 ++ return err;
11833 + }
11834 +
11835 + static int __padata_remove_cpu(struct padata_instance *pinst, int cpu)
11836 + {
11837 +- struct parallel_data *pd = NULL;
11838 ++ int err = 0;
11839 +
11840 + if (cpumask_test_cpu(cpu, cpu_online_mask)) {
11841 +-
11842 + if (!padata_validate_cpumask(pinst, pinst->cpumask.pcpu) ||
11843 + !padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))
11844 + __padata_stop(pinst);
11845 +
11846 +- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,
11847 +- pinst->cpumask.cbcpu);
11848 +- if (!pd)
11849 +- return -ENOMEM;
11850 +-
11851 +- padata_replace(pinst, pd);
11852 +-
11853 +- cpumask_clear_cpu(cpu, pd->cpumask.cbcpu);
11854 +- cpumask_clear_cpu(cpu, pd->cpumask.pcpu);
11855 ++ err = padata_replace(pinst, cpu);
11856 + }
11857 +
11858 +- return 0;
11859 ++ return err;
11860 + }
11861 +
11862 + /**
11863 +@@ -817,8 +820,12 @@ static void __padata_free(struct padata_instance *pinst)
11864 + cpuhp_state_remove_instance_nocalls(hp_online, &pinst->node);
11865 + #endif
11866 +
11867 ++ WARN_ON(!list_empty(&pinst->pslist));
11868 ++
11869 + padata_stop(pinst);
11870 +- padata_free_pd(pinst->pd);
11871 ++ free_cpumask_var(pinst->omask);
11872 ++ free_cpumask_var(pinst->rcpumask.cbcpu);
11873 ++ free_cpumask_var(pinst->rcpumask.pcpu);
11874 + free_cpumask_var(pinst->cpumask.pcpu);
11875 + free_cpumask_var(pinst->cpumask.cbcpu);
11876 + destroy_workqueue(pinst->serial_wq);
11877 +@@ -965,7 +972,6 @@ static struct padata_instance *padata_alloc(const char *name,
11878 + const struct cpumask *cbcpumask)
11879 + {
11880 + struct padata_instance *pinst;
11881 +- struct parallel_data *pd = NULL;
11882 +
11883 + pinst = kzalloc(sizeof(struct padata_instance), GFP_KERNEL);
11884 + if (!pinst)
11885 +@@ -993,14 +999,22 @@ static struct padata_instance *padata_alloc(const char *name,
11886 + !padata_validate_cpumask(pinst, cbcpumask))
11887 + goto err_free_masks;
11888 +
11889 +- pd = padata_alloc_pd(pinst, pcpumask, cbcpumask);
11890 +- if (!pd)
11891 ++ if (!alloc_cpumask_var(&pinst->rcpumask.pcpu, GFP_KERNEL))
11892 + goto err_free_masks;
11893 ++ if (!alloc_cpumask_var(&pinst->rcpumask.cbcpu, GFP_KERNEL))
11894 ++ goto err_free_rcpumask_pcpu;
11895 ++ if (!alloc_cpumask_var(&pinst->omask, GFP_KERNEL))
11896 ++ goto err_free_rcpumask_cbcpu;
11897 +
11898 +- rcu_assign_pointer(pinst->pd, pd);
11899 ++ INIT_LIST_HEAD(&pinst->pslist);
11900 +
11901 + cpumask_copy(pinst->cpumask.pcpu, pcpumask);
11902 + cpumask_copy(pinst->cpumask.cbcpu, cbcpumask);
11903 ++ cpumask_and(pinst->rcpumask.pcpu, pcpumask, cpu_online_mask);
11904 ++ cpumask_and(pinst->rcpumask.cbcpu, cbcpumask, cpu_online_mask);
11905 ++
11906 ++ if (padata_setup_cpumasks(pinst))
11907 ++ goto err_free_omask;
11908 +
11909 + pinst->flags = 0;
11910 +
11911 +@@ -1016,6 +1030,12 @@ static struct padata_instance *padata_alloc(const char *name,
11912 +
11913 + return pinst;
11914 +
11915 ++err_free_omask:
11916 ++ free_cpumask_var(pinst->omask);
11917 ++err_free_rcpumask_cbcpu:
11918 ++ free_cpumask_var(pinst->rcpumask.cbcpu);
11919 ++err_free_rcpumask_pcpu:
11920 ++ free_cpumask_var(pinst->rcpumask.pcpu);
11921 + err_free_masks:
11922 + free_cpumask_var(pinst->cpumask.pcpu);
11923 + free_cpumask_var(pinst->cpumask.cbcpu);
11924 +@@ -1054,6 +1074,61 @@ void padata_free(struct padata_instance *pinst)
11925 + }
11926 + EXPORT_SYMBOL(padata_free);
11927 +
11928 ++/**
11929 ++ * padata_alloc_shell - Allocate and initialize padata shell.
11930 ++ *
11931 ++ * @pinst: Parent padata_instance object.
11932 ++ */
11933 ++struct padata_shell *padata_alloc_shell(struct padata_instance *pinst)
11934 ++{
11935 ++ struct parallel_data *pd;
11936 ++ struct padata_shell *ps;
11937 ++
11938 ++ ps = kzalloc(sizeof(*ps), GFP_KERNEL);
11939 ++ if (!ps)
11940 ++ goto out;
11941 ++
11942 ++ ps->pinst = pinst;
11943 ++
11944 ++ get_online_cpus();
11945 ++ pd = padata_alloc_pd(ps);
11946 ++ put_online_cpus();
11947 ++
11948 ++ if (!pd)
11949 ++ goto out_free_ps;
11950 ++
11951 ++ mutex_lock(&pinst->lock);
11952 ++ RCU_INIT_POINTER(ps->pd, pd);
11953 ++ list_add(&ps->list, &pinst->pslist);
11954 ++ mutex_unlock(&pinst->lock);
11955 ++
11956 ++ return ps;
11957 ++
11958 ++out_free_ps:
11959 ++ kfree(ps);
11960 ++out:
11961 ++ return NULL;
11962 ++}
11963 ++EXPORT_SYMBOL(padata_alloc_shell);
11964 ++
11965 ++/**
11966 ++ * padata_free_shell - free a padata shell
11967 ++ *
11968 ++ * @ps: padata shell to free
11969 ++ */
11970 ++void padata_free_shell(struct padata_shell *ps)
11971 ++{
11972 ++ struct padata_instance *pinst = ps->pinst;
11973 ++
11974 ++ mutex_lock(&pinst->lock);
11975 ++ list_del(&ps->list);
11976 ++ padata_free_pd(rcu_dereference_protected(ps->pd, 1));
11977 ++ mutex_unlock(&pinst->lock);
11978 ++
11979 ++ kfree(ps);
11980 ++}
11981 ++EXPORT_SYMBOL(padata_free_shell);
11982 ++
11983 + #ifdef CONFIG_HOTPLUG_CPU
11984 +
11985 + static __init int padata_driver_init(void)
11986 +diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
11987 +index 5dffade2d7cd..21acdff3bd27 100644
11988 +--- a/kernel/rcu/srcutree.c
11989 ++++ b/kernel/rcu/srcutree.c
11990 +@@ -530,7 +530,7 @@ static void srcu_gp_end(struct srcu_struct *ssp)
11991 + idx = rcu_seq_state(ssp->srcu_gp_seq);
11992 + WARN_ON_ONCE(idx != SRCU_STATE_SCAN2);
11993 + cbdelay = srcu_get_delay(ssp);
11994 +- ssp->srcu_last_gp_end = ktime_get_mono_fast_ns();
11995 ++ WRITE_ONCE(ssp->srcu_last_gp_end, ktime_get_mono_fast_ns());
11996 + rcu_seq_end(&ssp->srcu_gp_seq);
11997 + gpseq = rcu_seq_current(&ssp->srcu_gp_seq);
11998 + if (ULONG_CMP_LT(ssp->srcu_gp_seq_needed_exp, gpseq))
11999 +@@ -762,6 +762,7 @@ static bool srcu_might_be_idle(struct srcu_struct *ssp)
12000 + unsigned long flags;
12001 + struct srcu_data *sdp;
12002 + unsigned long t;
12003 ++ unsigned long tlast;
12004 +
12005 + /* If the local srcu_data structure has callbacks, not idle. */
12006 + local_irq_save(flags);
12007 +@@ -780,9 +781,9 @@ static bool srcu_might_be_idle(struct srcu_struct *ssp)
12008 +
12009 + /* First, see if enough time has passed since the last GP. */
12010 + t = ktime_get_mono_fast_ns();
12011 ++ tlast = READ_ONCE(ssp->srcu_last_gp_end);
12012 + if (exp_holdoff == 0 ||
12013 +- time_in_range_open(t, ssp->srcu_last_gp_end,
12014 +- ssp->srcu_last_gp_end + exp_holdoff))
12015 ++ time_in_range_open(t, tlast, tlast + exp_holdoff))
12016 + return false; /* Too soon after last GP. */
12017 +
12018 + /* Next, check for probable idleness. */
12019 +diff --git a/kernel/rcu/tree_exp.h b/kernel/rcu/tree_exp.h
12020 +index d632cd019597..69c5aa64fcfd 100644
12021 +--- a/kernel/rcu/tree_exp.h
12022 ++++ b/kernel/rcu/tree_exp.h
12023 +@@ -134,7 +134,7 @@ static void __maybe_unused sync_exp_reset_tree(void)
12024 + rcu_for_each_node_breadth_first(rnp) {
12025 + raw_spin_lock_irqsave_rcu_node(rnp, flags);
12026 + WARN_ON_ONCE(rnp->expmask);
12027 +- rnp->expmask = rnp->expmaskinit;
12028 ++ WRITE_ONCE(rnp->expmask, rnp->expmaskinit);
12029 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
12030 + }
12031 + }
12032 +@@ -211,7 +211,7 @@ static void __rcu_report_exp_rnp(struct rcu_node *rnp,
12033 + rnp = rnp->parent;
12034 + raw_spin_lock_rcu_node(rnp); /* irqs already disabled */
12035 + WARN_ON_ONCE(!(rnp->expmask & mask));
12036 +- rnp->expmask &= ~mask;
12037 ++ WRITE_ONCE(rnp->expmask, rnp->expmask & ~mask);
12038 + }
12039 + }
12040 +
12041 +@@ -241,7 +241,7 @@ static void rcu_report_exp_cpu_mult(struct rcu_node *rnp,
12042 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
12043 + return;
12044 + }
12045 +- rnp->expmask &= ~mask;
12046 ++ WRITE_ONCE(rnp->expmask, rnp->expmask & ~mask);
12047 + __rcu_report_exp_rnp(rnp, wake, flags); /* Releases rnp->lock. */
12048 + }
12049 +
12050 +@@ -372,12 +372,10 @@ static void sync_rcu_exp_select_node_cpus(struct work_struct *wp)
12051 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
12052 +
12053 + /* IPI the remaining CPUs for expedited quiescent state. */
12054 +- for_each_leaf_node_cpu_mask(rnp, cpu, rnp->expmask) {
12055 ++ for_each_leaf_node_cpu_mask(rnp, cpu, mask_ofl_ipi) {
12056 + unsigned long mask = leaf_node_cpu_bit(rnp, cpu);
12057 + struct rcu_data *rdp = per_cpu_ptr(&rcu_data, cpu);
12058 +
12059 +- if (!(mask_ofl_ipi & mask))
12060 +- continue;
12061 + retry_ipi:
12062 + if (rcu_dynticks_in_eqs_since(rdp, rdp->exp_dynticks_snap)) {
12063 + mask_ofl_test |= mask;
12064 +@@ -491,7 +489,7 @@ static void synchronize_sched_expedited_wait(void)
12065 + struct rcu_data *rdp;
12066 +
12067 + mask = leaf_node_cpu_bit(rnp, cpu);
12068 +- if (!(rnp->expmask & mask))
12069 ++ if (!(READ_ONCE(rnp->expmask) & mask))
12070 + continue;
12071 + ndetected++;
12072 + rdp = per_cpu_ptr(&rcu_data, cpu);
12073 +@@ -503,7 +501,8 @@ static void synchronize_sched_expedited_wait(void)
12074 + }
12075 + pr_cont(" } %lu jiffies s: %lu root: %#lx/%c\n",
12076 + jiffies - jiffies_start, rcu_state.expedited_sequence,
12077 +- rnp_root->expmask, ".T"[!!rnp_root->exp_tasks]);
12078 ++ READ_ONCE(rnp_root->expmask),
12079 ++ ".T"[!!rnp_root->exp_tasks]);
12080 + if (ndetected) {
12081 + pr_err("blocking rcu_node structures:");
12082 + rcu_for_each_node_breadth_first(rnp) {
12083 +@@ -513,7 +512,7 @@ static void synchronize_sched_expedited_wait(void)
12084 + continue;
12085 + pr_cont(" l=%u:%d-%d:%#lx/%c",
12086 + rnp->level, rnp->grplo, rnp->grphi,
12087 +- rnp->expmask,
12088 ++ READ_ONCE(rnp->expmask),
12089 + ".T"[!!rnp->exp_tasks]);
12090 + }
12091 + pr_cont("\n");
12092 +@@ -521,7 +520,7 @@ static void synchronize_sched_expedited_wait(void)
12093 + rcu_for_each_leaf_node(rnp) {
12094 + for_each_leaf_node_possible_cpu(rnp, cpu) {
12095 + mask = leaf_node_cpu_bit(rnp, cpu);
12096 +- if (!(rnp->expmask & mask))
12097 ++ if (!(READ_ONCE(rnp->expmask) & mask))
12098 + continue;
12099 + dump_cpu_task(cpu);
12100 + }
12101 +diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
12102 +index fa08d55f7040..f849e7429816 100644
12103 +--- a/kernel/rcu/tree_plugin.h
12104 ++++ b/kernel/rcu/tree_plugin.h
12105 +@@ -220,7 +220,7 @@ static void rcu_preempt_ctxt_queue(struct rcu_node *rnp, struct rcu_data *rdp)
12106 + * blocked tasks.
12107 + */
12108 + if (!rnp->gp_tasks && (blkd_state & RCU_GP_BLKD)) {
12109 +- rnp->gp_tasks = &t->rcu_node_entry;
12110 ++ WRITE_ONCE(rnp->gp_tasks, &t->rcu_node_entry);
12111 + WARN_ON_ONCE(rnp->completedqs == rnp->gp_seq);
12112 + }
12113 + if (!rnp->exp_tasks && (blkd_state & RCU_EXP_BLKD))
12114 +@@ -340,7 +340,7 @@ EXPORT_SYMBOL_GPL(rcu_note_context_switch);
12115 + */
12116 + static int rcu_preempt_blocked_readers_cgp(struct rcu_node *rnp)
12117 + {
12118 +- return rnp->gp_tasks != NULL;
12119 ++ return READ_ONCE(rnp->gp_tasks) != NULL;
12120 + }
12121 +
12122 + /* Bias and limit values for ->rcu_read_lock_nesting. */
12123 +@@ -493,7 +493,7 @@ rcu_preempt_deferred_qs_irqrestore(struct task_struct *t, unsigned long flags)
12124 + trace_rcu_unlock_preempted_task(TPS("rcu_preempt"),
12125 + rnp->gp_seq, t->pid);
12126 + if (&t->rcu_node_entry == rnp->gp_tasks)
12127 +- rnp->gp_tasks = np;
12128 ++ WRITE_ONCE(rnp->gp_tasks, np);
12129 + if (&t->rcu_node_entry == rnp->exp_tasks)
12130 + rnp->exp_tasks = np;
12131 + if (IS_ENABLED(CONFIG_RCU_BOOST)) {
12132 +@@ -612,7 +612,7 @@ static void rcu_read_unlock_special(struct task_struct *t)
12133 +
12134 + t->rcu_read_unlock_special.b.exp_hint = false;
12135 + exp = (t->rcu_blocked_node && t->rcu_blocked_node->exp_tasks) ||
12136 +- (rdp->grpmask & rnp->expmask) ||
12137 ++ (rdp->grpmask & READ_ONCE(rnp->expmask)) ||
12138 + tick_nohz_full_cpu(rdp->cpu);
12139 + // Need to defer quiescent state until everything is enabled.
12140 + if (irqs_were_disabled && use_softirq &&
12141 +@@ -663,7 +663,7 @@ static void rcu_preempt_check_blocked_tasks(struct rcu_node *rnp)
12142 + dump_blkd_tasks(rnp, 10);
12143 + if (rcu_preempt_has_tasks(rnp) &&
12144 + (rnp->qsmaskinit || rnp->wait_blkd_tasks)) {
12145 +- rnp->gp_tasks = rnp->blkd_tasks.next;
12146 ++ WRITE_ONCE(rnp->gp_tasks, rnp->blkd_tasks.next);
12147 + t = container_of(rnp->gp_tasks, struct task_struct,
12148 + rcu_node_entry);
12149 + trace_rcu_unlock_preempted_task(TPS("rcu_preempt-GPS"),
12150 +@@ -757,7 +757,8 @@ dump_blkd_tasks(struct rcu_node *rnp, int ncheck)
12151 + pr_info("%s: %d:%d ->qsmask %#lx ->qsmaskinit %#lx ->qsmaskinitnext %#lx\n",
12152 + __func__, rnp1->grplo, rnp1->grphi, rnp1->qsmask, rnp1->qsmaskinit, rnp1->qsmaskinitnext);
12153 + pr_info("%s: ->gp_tasks %p ->boost_tasks %p ->exp_tasks %p\n",
12154 +- __func__, rnp->gp_tasks, rnp->boost_tasks, rnp->exp_tasks);
12155 ++ __func__, READ_ONCE(rnp->gp_tasks), rnp->boost_tasks,
12156 ++ rnp->exp_tasks);
12157 + pr_info("%s: ->blkd_tasks", __func__);
12158 + i = 0;
12159 + list_for_each(lhp, &rnp->blkd_tasks) {
12160 +diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
12161 +index 451f9d05ccfe..4b11f0309eee 100644
12162 +--- a/kernel/time/alarmtimer.c
12163 ++++ b/kernel/time/alarmtimer.c
12164 +@@ -88,6 +88,7 @@ static int alarmtimer_rtc_add_device(struct device *dev,
12165 + unsigned long flags;
12166 + struct rtc_device *rtc = to_rtc_device(dev);
12167 + struct wakeup_source *__ws;
12168 ++ int ret = 0;
12169 +
12170 + if (rtcdev)
12171 + return -EBUSY;
12172 +@@ -102,8 +103,8 @@ static int alarmtimer_rtc_add_device(struct device *dev,
12173 + spin_lock_irqsave(&rtcdev_lock, flags);
12174 + if (!rtcdev) {
12175 + if (!try_module_get(rtc->owner)) {
12176 +- spin_unlock_irqrestore(&rtcdev_lock, flags);
12177 +- return -1;
12178 ++ ret = -1;
12179 ++ goto unlock;
12180 + }
12181 +
12182 + rtcdev = rtc;
12183 +@@ -112,11 +113,12 @@ static int alarmtimer_rtc_add_device(struct device *dev,
12184 + ws = __ws;
12185 + __ws = NULL;
12186 + }
12187 ++unlock:
12188 + spin_unlock_irqrestore(&rtcdev_lock, flags);
12189 +
12190 + wakeup_source_unregister(__ws);
12191 +
12192 +- return 0;
12193 ++ return ret;
12194 + }
12195 +
12196 + static inline void alarmtimer_rtc_timer_init(void)
12197 +diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
12198 +index fff5f64981c6..428beb69426a 100644
12199 +--- a/kernel/time/clocksource.c
12200 ++++ b/kernel/time/clocksource.c
12201 +@@ -293,8 +293,15 @@ static void clocksource_watchdog(struct timer_list *unused)
12202 + next_cpu = cpumask_next(raw_smp_processor_id(), cpu_online_mask);
12203 + if (next_cpu >= nr_cpu_ids)
12204 + next_cpu = cpumask_first(cpu_online_mask);
12205 +- watchdog_timer.expires += WATCHDOG_INTERVAL;
12206 +- add_timer_on(&watchdog_timer, next_cpu);
12207 ++
12208 ++ /*
12209 ++ * Arm timer if not already pending: could race with concurrent
12210 ++ * pair clocksource_stop_watchdog() clocksource_start_watchdog().
12211 ++ */
12212 ++ if (!timer_pending(&watchdog_timer)) {
12213 ++ watchdog_timer.expires += WATCHDOG_INTERVAL;
12214 ++ add_timer_on(&watchdog_timer, next_cpu);
12215 ++ }
12216 + out:
12217 + spin_unlock(&watchdog_lock);
12218 + }
12219 +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
12220 +index 0708a41cfe2d..407d8bf4ed93 100644
12221 +--- a/kernel/trace/ftrace.c
12222 ++++ b/kernel/trace/ftrace.c
12223 +@@ -5102,8 +5102,8 @@ static const struct file_operations ftrace_notrace_fops = {
12224 +
12225 + static DEFINE_MUTEX(graph_lock);
12226 +
12227 +-struct ftrace_hash *ftrace_graph_hash = EMPTY_HASH;
12228 +-struct ftrace_hash *ftrace_graph_notrace_hash = EMPTY_HASH;
12229 ++struct ftrace_hash __rcu *ftrace_graph_hash = EMPTY_HASH;
12230 ++struct ftrace_hash __rcu *ftrace_graph_notrace_hash = EMPTY_HASH;
12231 +
12232 + enum graph_filter_type {
12233 + GRAPH_FILTER_NOTRACE = 0,
12234 +@@ -5378,8 +5378,15 @@ ftrace_graph_release(struct inode *inode, struct file *file)
12235 +
12236 + mutex_unlock(&graph_lock);
12237 +
12238 +- /* Wait till all users are no longer using the old hash */
12239 +- synchronize_rcu();
12240 ++ /*
12241 ++ * We need to do a hard force of sched synchronization.
12242 ++ * This is because we use preempt_disable() to do RCU, but
12243 ++ * the function tracers can be called where RCU is not watching
12244 ++ * (like before user_exit()). We can not rely on the RCU
12245 ++ * infrastructure to do the synchronization, thus we must do it
12246 ++ * ourselves.
12247 ++ */
12248 ++ schedule_on_each_cpu(ftrace_sync);
12249 +
12250 + free_ftrace_hash(old_hash);
12251 + }
12252 +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
12253 +index d685c61085c0..a3c29d5fcc61 100644
12254 +--- a/kernel/trace/trace.h
12255 ++++ b/kernel/trace/trace.h
12256 +@@ -932,22 +932,31 @@ extern void __trace_graph_return(struct trace_array *tr,
12257 + unsigned long flags, int pc);
12258 +
12259 + #ifdef CONFIG_DYNAMIC_FTRACE
12260 +-extern struct ftrace_hash *ftrace_graph_hash;
12261 +-extern struct ftrace_hash *ftrace_graph_notrace_hash;
12262 ++extern struct ftrace_hash __rcu *ftrace_graph_hash;
12263 ++extern struct ftrace_hash __rcu *ftrace_graph_notrace_hash;
12264 +
12265 + static inline int ftrace_graph_addr(struct ftrace_graph_ent *trace)
12266 + {
12267 + unsigned long addr = trace->func;
12268 + int ret = 0;
12269 ++ struct ftrace_hash *hash;
12270 +
12271 + preempt_disable_notrace();
12272 +
12273 +- if (ftrace_hash_empty(ftrace_graph_hash)) {
12274 ++ /*
12275 ++ * Have to open code "rcu_dereference_sched()" because the
12276 ++ * function graph tracer can be called when RCU is not
12277 ++ * "watching".
12278 ++ * Protected with schedule_on_each_cpu(ftrace_sync)
12279 ++ */
12280 ++ hash = rcu_dereference_protected(ftrace_graph_hash, !preemptible());
12281 ++
12282 ++ if (ftrace_hash_empty(hash)) {
12283 + ret = 1;
12284 + goto out;
12285 + }
12286 +
12287 +- if (ftrace_lookup_ip(ftrace_graph_hash, addr)) {
12288 ++ if (ftrace_lookup_ip(hash, addr)) {
12289 +
12290 + /*
12291 + * This needs to be cleared on the return functions
12292 +@@ -983,10 +992,20 @@ static inline void ftrace_graph_addr_finish(struct ftrace_graph_ret *trace)
12293 + static inline int ftrace_graph_notrace_addr(unsigned long addr)
12294 + {
12295 + int ret = 0;
12296 ++ struct ftrace_hash *notrace_hash;
12297 +
12298 + preempt_disable_notrace();
12299 +
12300 +- if (ftrace_lookup_ip(ftrace_graph_notrace_hash, addr))
12301 ++ /*
12302 ++ * Have to open code "rcu_dereference_sched()" because the
12303 ++ * function graph tracer can be called when RCU is not
12304 ++ * "watching".
12305 ++ * Protected with schedule_on_each_cpu(ftrace_sync)
12306 ++ */
12307 ++ notrace_hash = rcu_dereference_protected(ftrace_graph_notrace_hash,
12308 ++ !preemptible());
12309 ++
12310 ++ if (ftrace_lookup_ip(notrace_hash, addr))
12311 + ret = 1;
12312 +
12313 + preempt_enable_notrace();
12314 +diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
12315 +index 205692181e7b..4be7fc84d6b6 100644
12316 +--- a/kernel/trace/trace_events_hist.c
12317 ++++ b/kernel/trace/trace_events_hist.c
12318 +@@ -470,11 +470,12 @@ struct action_data {
12319 + * When a histogram trigger is hit, the values of any
12320 + * references to variables, including variables being passed
12321 + * as parameters to synthetic events, are collected into a
12322 +- * var_ref_vals array. This var_ref_idx is the index of the
12323 +- * first param in the array to be passed to the synthetic
12324 +- * event invocation.
12325 ++ * var_ref_vals array. This var_ref_idx array is an array of
12326 ++ * indices into the var_ref_vals array, one for each synthetic
12327 ++ * event param, and is passed to the synthetic event
12328 ++ * invocation.
12329 + */
12330 +- unsigned int var_ref_idx;
12331 ++ unsigned int var_ref_idx[TRACING_MAP_VARS_MAX];
12332 + struct synth_event *synth_event;
12333 + bool use_trace_keyword;
12334 + char *synth_event_name;
12335 +@@ -875,14 +876,14 @@ static struct trace_event_functions synth_event_funcs = {
12336 +
12337 + static notrace void trace_event_raw_event_synth(void *__data,
12338 + u64 *var_ref_vals,
12339 +- unsigned int var_ref_idx)
12340 ++ unsigned int *var_ref_idx)
12341 + {
12342 + struct trace_event_file *trace_file = __data;
12343 + struct synth_trace_event *entry;
12344 + struct trace_event_buffer fbuffer;
12345 + struct ring_buffer *buffer;
12346 + struct synth_event *event;
12347 +- unsigned int i, n_u64;
12348 ++ unsigned int i, n_u64, val_idx;
12349 + int fields_size = 0;
12350 +
12351 + event = trace_file->event_call->data;
12352 +@@ -905,15 +906,16 @@ static notrace void trace_event_raw_event_synth(void *__data,
12353 + goto out;
12354 +
12355 + for (i = 0, n_u64 = 0; i < event->n_fields; i++) {
12356 ++ val_idx = var_ref_idx[i];
12357 + if (event->fields[i]->is_string) {
12358 +- char *str_val = (char *)(long)var_ref_vals[var_ref_idx + i];
12359 ++ char *str_val = (char *)(long)var_ref_vals[val_idx];
12360 + char *str_field = (char *)&entry->fields[n_u64];
12361 +
12362 + strscpy(str_field, str_val, STR_VAR_LEN_MAX);
12363 + n_u64 += STR_VAR_LEN_MAX / sizeof(u64);
12364 + } else {
12365 + struct synth_field *field = event->fields[i];
12366 +- u64 val = var_ref_vals[var_ref_idx + i];
12367 ++ u64 val = var_ref_vals[val_idx];
12368 +
12369 + switch (field->size) {
12370 + case 1:
12371 +@@ -1113,10 +1115,10 @@ static struct tracepoint *alloc_synth_tracepoint(char *name)
12372 + }
12373 +
12374 + typedef void (*synth_probe_func_t) (void *__data, u64 *var_ref_vals,
12375 +- unsigned int var_ref_idx);
12376 ++ unsigned int *var_ref_idx);
12377 +
12378 + static inline void trace_synth(struct synth_event *event, u64 *var_ref_vals,
12379 +- unsigned int var_ref_idx)
12380 ++ unsigned int *var_ref_idx)
12381 + {
12382 + struct tracepoint *tp = event->tp;
12383 +
12384 +@@ -2655,6 +2657,22 @@ static int init_var_ref(struct hist_field *ref_field,
12385 + goto out;
12386 + }
12387 +
12388 ++static int find_var_ref_idx(struct hist_trigger_data *hist_data,
12389 ++ struct hist_field *var_field)
12390 ++{
12391 ++ struct hist_field *ref_field;
12392 ++ int i;
12393 ++
12394 ++ for (i = 0; i < hist_data->n_var_refs; i++) {
12395 ++ ref_field = hist_data->var_refs[i];
12396 ++ if (ref_field->var.idx == var_field->var.idx &&
12397 ++ ref_field->var.hist_data == var_field->hist_data)
12398 ++ return i;
12399 ++ }
12400 ++
12401 ++ return -ENOENT;
12402 ++}
12403 ++
12404 + /**
12405 + * create_var_ref - Create a variable reference and attach it to trigger
12406 + * @hist_data: The trigger that will be referencing the variable
12407 +@@ -4228,11 +4246,11 @@ static int trace_action_create(struct hist_trigger_data *hist_data,
12408 + struct trace_array *tr = hist_data->event_file->tr;
12409 + char *event_name, *param, *system = NULL;
12410 + struct hist_field *hist_field, *var_ref;
12411 +- unsigned int i, var_ref_idx;
12412 ++ unsigned int i;
12413 + unsigned int field_pos = 0;
12414 + struct synth_event *event;
12415 + char *synth_event_name;
12416 +- int ret = 0;
12417 ++ int var_ref_idx, ret = 0;
12418 +
12419 + lockdep_assert_held(&event_mutex);
12420 +
12421 +@@ -4249,8 +4267,6 @@ static int trace_action_create(struct hist_trigger_data *hist_data,
12422 +
12423 + event->ref++;
12424 +
12425 +- var_ref_idx = hist_data->n_var_refs;
12426 +-
12427 + for (i = 0; i < data->n_params; i++) {
12428 + char *p;
12429 +
12430 +@@ -4299,6 +4315,14 @@ static int trace_action_create(struct hist_trigger_data *hist_data,
12431 + goto err;
12432 + }
12433 +
12434 ++ var_ref_idx = find_var_ref_idx(hist_data, var_ref);
12435 ++ if (WARN_ON(var_ref_idx < 0)) {
12436 ++ ret = var_ref_idx;
12437 ++ goto err;
12438 ++ }
12439 ++
12440 ++ data->var_ref_idx[i] = var_ref_idx;
12441 ++
12442 + field_pos++;
12443 + kfree(p);
12444 + continue;
12445 +@@ -4317,7 +4341,6 @@ static int trace_action_create(struct hist_trigger_data *hist_data,
12446 + }
12447 +
12448 + data->synth_event = event;
12449 +- data->var_ref_idx = var_ref_idx;
12450 + out:
12451 + return ret;
12452 + err:
12453 +diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
12454 +index 9ae87be422f2..ab8b6436d53f 100644
12455 +--- a/kernel/trace/trace_probe.c
12456 ++++ b/kernel/trace/trace_probe.c
12457 +@@ -876,7 +876,8 @@ static int __set_print_fmt(struct trace_probe *tp, char *buf, int len,
12458 + for (i = 0; i < tp->nr_args; i++) {
12459 + parg = tp->args + i;
12460 + if (parg->count) {
12461 +- if (strcmp(parg->type->name, "string") == 0)
12462 ++ if ((strcmp(parg->type->name, "string") == 0) ||
12463 ++ (strcmp(parg->type->name, "ustring") == 0))
12464 + fmt = ", __get_str(%s[%d])";
12465 + else
12466 + fmt = ", REC->%s[%d]";
12467 +@@ -884,7 +885,8 @@ static int __set_print_fmt(struct trace_probe *tp, char *buf, int len,
12468 + pos += snprintf(buf + pos, LEN_OR_ZERO,
12469 + fmt, parg->name, j);
12470 + } else {
12471 +- if (strcmp(parg->type->name, "string") == 0)
12472 ++ if ((strcmp(parg->type->name, "string") == 0) ||
12473 ++ (strcmp(parg->type->name, "ustring") == 0))
12474 + fmt = ", __get_str(%s)";
12475 + else
12476 + fmt = ", REC->%s";
12477 +diff --git a/kernel/trace/trace_sched_switch.c b/kernel/trace/trace_sched_switch.c
12478 +index e288168661e1..e304196d7c28 100644
12479 +--- a/kernel/trace/trace_sched_switch.c
12480 ++++ b/kernel/trace/trace_sched_switch.c
12481 +@@ -89,8 +89,10 @@ static void tracing_sched_unregister(void)
12482 +
12483 + static void tracing_start_sched_switch(int ops)
12484 + {
12485 +- bool sched_register = (!sched_cmdline_ref && !sched_tgid_ref);
12486 ++ bool sched_register;
12487 ++
12488 + mutex_lock(&sched_register_mutex);
12489 ++ sched_register = (!sched_cmdline_ref && !sched_tgid_ref);
12490 +
12491 + switch (ops) {
12492 + case RECORD_CMDLINE:
12493 +diff --git a/lib/test_kasan.c b/lib/test_kasan.c
12494 +index 49cc4d570a40..bd3d9ef7d39e 100644
12495 +--- a/lib/test_kasan.c
12496 ++++ b/lib/test_kasan.c
12497 +@@ -157,6 +157,7 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
12498 + if (!ptr1 || !ptr2) {
12499 + pr_err("Allocation failed\n");
12500 + kfree(ptr1);
12501 ++ kfree(ptr2);
12502 + return;
12503 + }
12504 +
12505 +diff --git a/mm/backing-dev.c b/mm/backing-dev.c
12506 +index c360f6a6c844..62f05f605fb5 100644
12507 +--- a/mm/backing-dev.c
12508 ++++ b/mm/backing-dev.c
12509 +@@ -21,6 +21,7 @@ struct backing_dev_info noop_backing_dev_info = {
12510 + EXPORT_SYMBOL_GPL(noop_backing_dev_info);
12511 +
12512 + static struct class *bdi_class;
12513 ++const char *bdi_unknown_name = "(unknown)";
12514 +
12515 + /*
12516 + * bdi_lock protects bdi_tree and updates to bdi_list. bdi_list has RCU
12517 +diff --git a/mm/memcontrol.c b/mm/memcontrol.c
12518 +index ef4e9eb572a4..b5b4e310fe70 100644
12519 +--- a/mm/memcontrol.c
12520 ++++ b/mm/memcontrol.c
12521 +@@ -5465,14 +5465,6 @@ static int mem_cgroup_move_account(struct page *page,
12522 + __mod_lruvec_state(to_vec, NR_WRITEBACK, nr_pages);
12523 + }
12524 +
12525 +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
12526 +- if (compound && !list_empty(page_deferred_list(page))) {
12527 +- spin_lock(&from->deferred_split_queue.split_queue_lock);
12528 +- list_del_init(page_deferred_list(page));
12529 +- from->deferred_split_queue.split_queue_len--;
12530 +- spin_unlock(&from->deferred_split_queue.split_queue_lock);
12531 +- }
12532 +-#endif
12533 + /*
12534 + * It is safe to change page->mem_cgroup here because the page
12535 + * is referenced, charged, and isolated - we can't race with
12536 +@@ -5482,16 +5474,6 @@ static int mem_cgroup_move_account(struct page *page,
12537 + /* caller should have done css_get */
12538 + page->mem_cgroup = to;
12539 +
12540 +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
12541 +- if (compound && list_empty(page_deferred_list(page))) {
12542 +- spin_lock(&to->deferred_split_queue.split_queue_lock);
12543 +- list_add_tail(page_deferred_list(page),
12544 +- &to->deferred_split_queue.split_queue);
12545 +- to->deferred_split_queue.split_queue_len++;
12546 +- spin_unlock(&to->deferred_split_queue.split_queue_lock);
12547 +- }
12548 +-#endif
12549 +-
12550 + spin_unlock_irqrestore(&from->move_lock, flags);
12551 +
12552 + ret = 0;
12553 +diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
12554 +index fab540685279..0aa154be3a52 100644
12555 +--- a/mm/memory_hotplug.c
12556 ++++ b/mm/memory_hotplug.c
12557 +@@ -1738,8 +1738,6 @@ static int __ref try_remove_memory(int nid, u64 start, u64 size)
12558 +
12559 + BUG_ON(check_hotplug_memory_range(start, size));
12560 +
12561 +- mem_hotplug_begin();
12562 +-
12563 + /*
12564 + * All memory blocks must be offlined before removing memory. Check
12565 + * whether all memory blocks in question are offline and return error
12566 +@@ -1754,9 +1752,14 @@ static int __ref try_remove_memory(int nid, u64 start, u64 size)
12567 + memblock_free(start, size);
12568 + memblock_remove(start, size);
12569 +
12570 +- /* remove memory block devices before removing memory */
12571 ++ /*
12572 ++ * Memory block device removal under the device_hotplug_lock is
12573 ++ * a barrier against racing online attempts.
12574 ++ */
12575 + remove_memory_block_devices(start, size);
12576 +
12577 ++ mem_hotplug_begin();
12578 ++
12579 + arch_remove_memory(nid, start, size, NULL);
12580 + __release_memory_resource(start, size);
12581 +
12582 +diff --git a/mm/migrate.c b/mm/migrate.c
12583 +index 6956627ebf8b..c4c313e47f12 100644
12584 +--- a/mm/migrate.c
12585 ++++ b/mm/migrate.c
12586 +@@ -1631,8 +1631,19 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes,
12587 + start = i;
12588 + } else if (node != current_node) {
12589 + err = do_move_pages_to_node(mm, &pagelist, current_node);
12590 +- if (err)
12591 ++ if (err) {
12592 ++ /*
12593 ++ * Positive err means the number of failed
12594 ++ * pages to migrate. Since we are going to
12595 ++ * abort and return the number of non-migrated
12596 ++ * pages, so need to incude the rest of the
12597 ++ * nr_pages that have not been attempted as
12598 ++ * well.
12599 ++ */
12600 ++ if (err > 0)
12601 ++ err += nr_pages - i - 1;
12602 + goto out;
12603 ++ }
12604 + err = store_status(status, start, current_node, i - start);
12605 + if (err)
12606 + goto out;
12607 +@@ -1663,8 +1674,11 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes,
12608 + goto out_flush;
12609 +
12610 + err = do_move_pages_to_node(mm, &pagelist, current_node);
12611 +- if (err)
12612 ++ if (err) {
12613 ++ if (err > 0)
12614 ++ err += nr_pages - i - 1;
12615 + goto out;
12616 ++ }
12617 + if (i > start) {
12618 + err = store_status(status, start, current_node, i - start);
12619 + if (err)
12620 +@@ -1678,6 +1692,13 @@ out_flush:
12621 +
12622 + /* Make sure we do not overwrite the existing error */
12623 + err1 = do_move_pages_to_node(mm, &pagelist, current_node);
12624 ++ /*
12625 ++ * Don't have to report non-attempted pages here since:
12626 ++ * - If the above loop is done gracefully all pages have been
12627 ++ * attempted.
12628 ++ * - If the above loop is aborted it means a fatal error
12629 ++ * happened, should return ret.
12630 ++ */
12631 + if (!err1)
12632 + err1 = store_status(status, start, current_node, i - start);
12633 + if (err >= 0)
12634 +diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c
12635 +index 7d70e5c78f97..7c1b8f67af7b 100644
12636 +--- a/mm/mmu_gather.c
12637 ++++ b/mm/mmu_gather.c
12638 +@@ -102,14 +102,14 @@ bool __tlb_remove_page_size(struct mmu_gather *tlb, struct page *page, int page_
12639 + */
12640 + static inline void tlb_table_invalidate(struct mmu_gather *tlb)
12641 + {
12642 +-#ifndef CONFIG_HAVE_RCU_TABLE_NO_INVALIDATE
12643 +- /*
12644 +- * Invalidate page-table caches used by hardware walkers. Then we still
12645 +- * need to RCU-sched wait while freeing the pages because software
12646 +- * walkers can still be in-flight.
12647 +- */
12648 +- tlb_flush_mmu_tlbonly(tlb);
12649 +-#endif
12650 ++ if (tlb_needs_table_invalidate()) {
12651 ++ /*
12652 ++ * Invalidate page-table caches used by hardware walkers. Then
12653 ++ * we still need to RCU-sched wait while freeing the pages
12654 ++ * because software walkers can still be in-flight.
12655 ++ */
12656 ++ tlb_flush_mmu_tlbonly(tlb);
12657 ++ }
12658 + }
12659 +
12660 + static void tlb_remove_table_smp_sync(void *arg)
12661 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c
12662 +index 45e39131a716..d387ca74cb5a 100644
12663 +--- a/mm/page_alloc.c
12664 ++++ b/mm/page_alloc.c
12665 +@@ -6933,7 +6933,8 @@ static u64 zero_pfn_range(unsigned long spfn, unsigned long epfn)
12666 + * This function also addresses a similar issue where struct pages are left
12667 + * uninitialized because the physical address range is not covered by
12668 + * memblock.memory or memblock.reserved. That could happen when memblock
12669 +- * layout is manually configured via memmap=.
12670 ++ * layout is manually configured via memmap=, or when the highest physical
12671 ++ * address (max_pfn) does not end on a section boundary.
12672 + */
12673 + void __init zero_resv_unavail(void)
12674 + {
12675 +@@ -6951,7 +6952,16 @@ void __init zero_resv_unavail(void)
12676 + pgcnt += zero_pfn_range(PFN_DOWN(next), PFN_UP(start));
12677 + next = end;
12678 + }
12679 +- pgcnt += zero_pfn_range(PFN_DOWN(next), max_pfn);
12680 ++
12681 ++ /*
12682 ++ * Early sections always have a fully populated memmap for the whole
12683 ++ * section - see pfn_valid(). If the last section has holes at the
12684 ++ * end and that section is marked "online", the memmap will be
12685 ++ * considered initialized. Make sure that memmap has a well defined
12686 ++ * state.
12687 ++ */
12688 ++ pgcnt += zero_pfn_range(PFN_DOWN(next),
12689 ++ round_up(max_pfn, PAGES_PER_SECTION));
12690 +
12691 + /*
12692 + * Struct pages that do not have backing memory. This could be because
12693 +diff --git a/mm/sparse.c b/mm/sparse.c
12694 +index 1100fdb9649c..69b41b6046a5 100644
12695 +--- a/mm/sparse.c
12696 ++++ b/mm/sparse.c
12697 +@@ -787,7 +787,7 @@ static void section_deactivate(unsigned long pfn, unsigned long nr_pages,
12698 + ms->usage = NULL;
12699 + }
12700 + memmap = sparse_decode_mem_map(ms->section_mem_map, section_nr);
12701 +- ms->section_mem_map = sparse_encode_mem_map(NULL, section_nr);
12702 ++ ms->section_mem_map = (unsigned long)NULL;
12703 + }
12704 +
12705 + if (section_is_early && memmap)
12706 +diff --git a/net/core/devlink.c b/net/core/devlink.c
12707 +index ae614965c8c2..61bc67047f56 100644
12708 +--- a/net/core/devlink.c
12709 ++++ b/net/core/devlink.c
12710 +@@ -3863,6 +3863,12 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb,
12711 + goto out_unlock;
12712 + }
12713 +
12714 ++ /* return 0 if there is no further data to read */
12715 ++ if (start_offset >= region->size) {
12716 ++ err = 0;
12717 ++ goto out_unlock;
12718 ++ }
12719 ++
12720 + hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
12721 + &devlink_nl_family, NLM_F_ACK | NLM_F_MULTI,
12722 + DEVLINK_CMD_REGION_READ);
12723 +diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
12724 +index 536e032d95c8..246a258b1fac 100644
12725 +--- a/net/core/drop_monitor.c
12726 ++++ b/net/core/drop_monitor.c
12727 +@@ -1004,8 +1004,10 @@ static void net_dm_hw_monitor_stop(struct netlink_ext_ack *extack)
12728 + {
12729 + int cpu;
12730 +
12731 +- if (!monitor_hw)
12732 ++ if (!monitor_hw) {
12733 + NL_SET_ERR_MSG_MOD(extack, "Hardware monitoring already disabled");
12734 ++ return;
12735 ++ }
12736 +
12737 + monitor_hw = false;
12738 +
12739 +diff --git a/net/hsr/hsr_slave.c b/net/hsr/hsr_slave.c
12740 +index ee561297d8a7..fbfd0db182b7 100644
12741 +--- a/net/hsr/hsr_slave.c
12742 ++++ b/net/hsr/hsr_slave.c
12743 +@@ -27,6 +27,8 @@ static rx_handler_result_t hsr_handle_frame(struct sk_buff **pskb)
12744 +
12745 + rcu_read_lock(); /* hsr->node_db, hsr->ports */
12746 + port = hsr_port_get_rcu(skb->dev);
12747 ++ if (!port)
12748 ++ goto finish_pass;
12749 +
12750 + if (hsr_addr_is_self(port->hsr, eth_hdr(skb)->h_source)) {
12751 + /* Directly kill frames sent by ourselves */
12752 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
12753 +index 3640e8563a10..deb466fc3d1f 100644
12754 +--- a/net/ipv4/tcp.c
12755 ++++ b/net/ipv4/tcp.c
12756 +@@ -2618,10 +2618,12 @@ int tcp_disconnect(struct sock *sk, int flags)
12757 + tp->snd_cwnd = TCP_INIT_CWND;
12758 + tp->snd_cwnd_cnt = 0;
12759 + tp->window_clamp = 0;
12760 ++ tp->delivered = 0;
12761 + tp->delivered_ce = 0;
12762 + tcp_set_ca_state(sk, TCP_CA_Open);
12763 + tp->is_sack_reneg = 0;
12764 + tcp_clear_retrans(tp);
12765 ++ tp->total_retrans = 0;
12766 + inet_csk_delack_init(sk);
12767 + /* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0
12768 + * issue in __tcp_select_window()
12769 +@@ -2633,10 +2635,14 @@ int tcp_disconnect(struct sock *sk, int flags)
12770 + sk->sk_rx_dst = NULL;
12771 + tcp_saved_syn_free(tp);
12772 + tp->compressed_ack = 0;
12773 ++ tp->segs_in = 0;
12774 ++ tp->segs_out = 0;
12775 + tp->bytes_sent = 0;
12776 + tp->bytes_acked = 0;
12777 + tp->bytes_received = 0;
12778 + tp->bytes_retrans = 0;
12779 ++ tp->data_segs_in = 0;
12780 ++ tp->data_segs_out = 0;
12781 + tp->duplicate_sack[0].start_seq = 0;
12782 + tp->duplicate_sack[0].end_seq = 0;
12783 + tp->dsack_dups = 0;
12784 +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
12785 +index f9b5690e94fd..b11ccb53c7e0 100644
12786 +--- a/net/ipv6/addrconf.c
12787 ++++ b/net/ipv6/addrconf.c
12788 +@@ -5719,6 +5719,9 @@ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
12789 + struct nlattr *tb[IFLA_INET6_MAX + 1];
12790 + int err;
12791 +
12792 ++ if (!idev)
12793 ++ return -EAFNOSUPPORT;
12794 ++
12795 + if (nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0)
12796 + BUG();
12797 +
12798 +diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
12799 +index f82ea12bac37..425b95eb7e87 100644
12800 +--- a/net/l2tp/l2tp_core.c
12801 ++++ b/net/l2tp/l2tp_core.c
12802 +@@ -322,8 +322,13 @@ int l2tp_session_register(struct l2tp_session *session,
12803 +
12804 + spin_lock_bh(&pn->l2tp_session_hlist_lock);
12805 +
12806 ++ /* IP encap expects session IDs to be globally unique, while
12807 ++ * UDP encap doesn't.
12808 ++ */
12809 + hlist_for_each_entry(session_walk, g_head, global_hlist)
12810 +- if (session_walk->session_id == session->session_id) {
12811 ++ if (session_walk->session_id == session->session_id &&
12812 ++ (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP ||
12813 ++ tunnel->encap == L2TP_ENCAPTYPE_IP)) {
12814 + err = -EEXIST;
12815 + goto err_tlock_pnlock;
12816 + }
12817 +diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
12818 +index d8143a8c034d..a9df9dac57b2 100644
12819 +--- a/net/netfilter/ipset/ip_set_core.c
12820 ++++ b/net/netfilter/ipset/ip_set_core.c
12821 +@@ -1293,31 +1293,34 @@ ip_set_dump_policy[IPSET_ATTR_CMD_MAX + 1] = {
12822 + };
12823 +
12824 + static int
12825 +-dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
12826 ++ip_set_dump_start(struct netlink_callback *cb)
12827 + {
12828 + struct nlmsghdr *nlh = nlmsg_hdr(cb->skb);
12829 + int min_len = nlmsg_total_size(sizeof(struct nfgenmsg));
12830 + struct nlattr *cda[IPSET_ATTR_CMD_MAX + 1];
12831 + struct nlattr *attr = (void *)nlh + min_len;
12832 ++ struct sk_buff *skb = cb->skb;
12833 ++ struct ip_set_net *inst = ip_set_pernet(sock_net(skb->sk));
12834 + u32 dump_type;
12835 +- ip_set_id_t index;
12836 + int ret;
12837 +
12838 + ret = nla_parse(cda, IPSET_ATTR_CMD_MAX, attr,
12839 + nlh->nlmsg_len - min_len,
12840 + ip_set_dump_policy, NULL);
12841 + if (ret)
12842 +- return ret;
12843 ++ goto error;
12844 +
12845 + cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);
12846 + if (cda[IPSET_ATTR_SETNAME]) {
12847 ++ ip_set_id_t index;
12848 + struct ip_set *set;
12849 +
12850 + set = find_set_and_id(inst, nla_data(cda[IPSET_ATTR_SETNAME]),
12851 + &index);
12852 +- if (!set)
12853 +- return -ENOENT;
12854 +-
12855 ++ if (!set) {
12856 ++ ret = -ENOENT;
12857 ++ goto error;
12858 ++ }
12859 + dump_type = DUMP_ONE;
12860 + cb->args[IPSET_CB_INDEX] = index;
12861 + } else {
12862 +@@ -1333,10 +1336,17 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
12863 + cb->args[IPSET_CB_DUMP] = dump_type;
12864 +
12865 + return 0;
12866 ++
12867 ++error:
12868 ++ /* We have to create and send the error message manually :-( */
12869 ++ if (nlh->nlmsg_flags & NLM_F_ACK) {
12870 ++ netlink_ack(cb->skb, nlh, ret, NULL);
12871 ++ }
12872 ++ return ret;
12873 + }
12874 +
12875 + static int
12876 +-ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
12877 ++ip_set_dump_do(struct sk_buff *skb, struct netlink_callback *cb)
12878 + {
12879 + ip_set_id_t index = IPSET_INVALID_ID, max;
12880 + struct ip_set *set = NULL;
12881 +@@ -1347,18 +1357,8 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
12882 + bool is_destroyed;
12883 + int ret = 0;
12884 +
12885 +- if (!cb->args[IPSET_CB_DUMP]) {
12886 +- ret = dump_init(cb, inst);
12887 +- if (ret < 0) {
12888 +- nlh = nlmsg_hdr(cb->skb);
12889 +- /* We have to create and send the error message
12890 +- * manually :-(
12891 +- */
12892 +- if (nlh->nlmsg_flags & NLM_F_ACK)
12893 +- netlink_ack(cb->skb, nlh, ret, NULL);
12894 +- return ret;
12895 +- }
12896 +- }
12897 ++ if (!cb->args[IPSET_CB_DUMP])
12898 ++ return -EINVAL;
12899 +
12900 + if (cb->args[IPSET_CB_INDEX] >= inst->ip_set_max)
12901 + goto out;
12902 +@@ -1494,7 +1494,8 @@ static int ip_set_dump(struct net *net, struct sock *ctnl, struct sk_buff *skb,
12903 +
12904 + {
12905 + struct netlink_dump_control c = {
12906 +- .dump = ip_set_dump_start,
12907 ++ .start = ip_set_dump_start,
12908 ++ .dump = ip_set_dump_do,
12909 + .done = ip_set_dump_done,
12910 + };
12911 + return netlink_dump_start(ctnl, skb, nlh, &c);
12912 +diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
12913 +index d72ddb67bb74..4a6ca9723a12 100644
12914 +--- a/net/rxrpc/af_rxrpc.c
12915 ++++ b/net/rxrpc/af_rxrpc.c
12916 +@@ -194,6 +194,7 @@ static int rxrpc_bind(struct socket *sock, struct sockaddr *saddr, int len)
12917 + service_in_use:
12918 + write_unlock(&local->services_lock);
12919 + rxrpc_unuse_local(local);
12920 ++ rxrpc_put_local(local);
12921 + ret = -EADDRINUSE;
12922 + error_unlock:
12923 + release_sock(&rx->sk);
12924 +@@ -899,6 +900,7 @@ static int rxrpc_release_sock(struct sock *sk)
12925 + rxrpc_purge_queue(&sk->sk_receive_queue);
12926 +
12927 + rxrpc_unuse_local(rx->local);
12928 ++ rxrpc_put_local(rx->local);
12929 + rx->local = NULL;
12930 + key_put(rx->key);
12931 + rx->key = NULL;
12932 +diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
12933 +index 5e99df80e80a..7d730c438404 100644
12934 +--- a/net/rxrpc/ar-internal.h
12935 ++++ b/net/rxrpc/ar-internal.h
12936 +@@ -490,6 +490,7 @@ enum rxrpc_call_flag {
12937 + RXRPC_CALL_RX_HEARD, /* The peer responded at least once to this call */
12938 + RXRPC_CALL_RX_UNDERRUN, /* Got data underrun */
12939 + RXRPC_CALL_IS_INTR, /* The call is interruptible */
12940 ++ RXRPC_CALL_DISCONNECTED, /* The call has been disconnected */
12941 + };
12942 +
12943 + /*
12944 +@@ -1021,6 +1022,16 @@ void rxrpc_unuse_local(struct rxrpc_local *);
12945 + void rxrpc_queue_local(struct rxrpc_local *);
12946 + void rxrpc_destroy_all_locals(struct rxrpc_net *);
12947 +
12948 ++static inline bool __rxrpc_unuse_local(struct rxrpc_local *local)
12949 ++{
12950 ++ return atomic_dec_return(&local->active_users) == 0;
12951 ++}
12952 ++
12953 ++static inline bool __rxrpc_use_local(struct rxrpc_local *local)
12954 ++{
12955 ++ return atomic_fetch_add_unless(&local->active_users, 1, 0) != 0;
12956 ++}
12957 ++
12958 + /*
12959 + * misc.c
12960 + */
12961 +diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
12962 +index a31c18c09894..dbdbc4f18b5e 100644
12963 +--- a/net/rxrpc/call_object.c
12964 ++++ b/net/rxrpc/call_object.c
12965 +@@ -493,7 +493,7 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call)
12966 +
12967 + _debug("RELEASE CALL %p (%d CONN %p)", call, call->debug_id, conn);
12968 +
12969 +- if (conn)
12970 ++ if (conn && !test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
12971 + rxrpc_disconnect_call(call);
12972 + if (call->security)
12973 + call->security->free_call_crypto(call);
12974 +@@ -569,6 +569,7 @@ static void rxrpc_rcu_destroy_call(struct rcu_head *rcu)
12975 + struct rxrpc_call *call = container_of(rcu, struct rxrpc_call, rcu);
12976 + struct rxrpc_net *rxnet = call->rxnet;
12977 +
12978 ++ rxrpc_put_connection(call->conn);
12979 + rxrpc_put_peer(call->peer);
12980 + kfree(call->rxtx_buffer);
12981 + kfree(call->rxtx_annotations);
12982 +@@ -590,7 +591,6 @@ void rxrpc_cleanup_call(struct rxrpc_call *call)
12983 +
12984 + ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE);
12985 + ASSERT(test_bit(RXRPC_CALL_RELEASED, &call->flags));
12986 +- ASSERTCMP(call->conn, ==, NULL);
12987 +
12988 + rxrpc_cleanup_ring(call);
12989 + rxrpc_free_skb(call->tx_pending, rxrpc_skb_cleaned);
12990 +diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
12991 +index 376370cd9285..ea7d4c21f889 100644
12992 +--- a/net/rxrpc/conn_client.c
12993 ++++ b/net/rxrpc/conn_client.c
12994 +@@ -785,6 +785,7 @@ void rxrpc_disconnect_client_call(struct rxrpc_call *call)
12995 + u32 cid;
12996 +
12997 + spin_lock(&conn->channel_lock);
12998 ++ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
12999 +
13000 + cid = call->cid;
13001 + if (cid) {
13002 +@@ -792,7 +793,6 @@ void rxrpc_disconnect_client_call(struct rxrpc_call *call)
13003 + chan = &conn->channels[channel];
13004 + }
13005 + trace_rxrpc_client(conn, channel, rxrpc_client_chan_disconnect);
13006 +- call->conn = NULL;
13007 +
13008 + /* Calls that have never actually been assigned a channel can simply be
13009 + * discarded. If the conn didn't get used either, it will follow
13010 +@@ -908,7 +908,6 @@ out:
13011 + spin_unlock(&rxnet->client_conn_cache_lock);
13012 + out_2:
13013 + spin_unlock(&conn->channel_lock);
13014 +- rxrpc_put_connection(conn);
13015 + _leave("");
13016 + return;
13017 +
13018 +diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c
13019 +index 808a4723f868..06fcff2ebbba 100644
13020 +--- a/net/rxrpc/conn_event.c
13021 ++++ b/net/rxrpc/conn_event.c
13022 +@@ -438,16 +438,12 @@ again:
13023 + /*
13024 + * connection-level event processor
13025 + */
13026 +-void rxrpc_process_connection(struct work_struct *work)
13027 ++static void rxrpc_do_process_connection(struct rxrpc_connection *conn)
13028 + {
13029 +- struct rxrpc_connection *conn =
13030 +- container_of(work, struct rxrpc_connection, processor);
13031 + struct sk_buff *skb;
13032 + u32 abort_code = RX_PROTOCOL_ERROR;
13033 + int ret;
13034 +
13035 +- rxrpc_see_connection(conn);
13036 +-
13037 + if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
13038 + rxrpc_secure_connection(conn);
13039 +
13040 +@@ -475,18 +471,32 @@ void rxrpc_process_connection(struct work_struct *work)
13041 + }
13042 + }
13043 +
13044 +-out:
13045 +- rxrpc_put_connection(conn);
13046 +- _leave("");
13047 + return;
13048 +
13049 + requeue_and_leave:
13050 + skb_queue_head(&conn->rx_queue, skb);
13051 +- goto out;
13052 ++ return;
13053 +
13054 + protocol_error:
13055 + if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
13056 + goto requeue_and_leave;
13057 + rxrpc_free_skb(skb, rxrpc_skb_freed);
13058 +- goto out;
13059 ++ return;
13060 ++}
13061 ++
13062 ++void rxrpc_process_connection(struct work_struct *work)
13063 ++{
13064 ++ struct rxrpc_connection *conn =
13065 ++ container_of(work, struct rxrpc_connection, processor);
13066 ++
13067 ++ rxrpc_see_connection(conn);
13068 ++
13069 ++ if (__rxrpc_use_local(conn->params.local)) {
13070 ++ rxrpc_do_process_connection(conn);
13071 ++ rxrpc_unuse_local(conn->params.local);
13072 ++ }
13073 ++
13074 ++ rxrpc_put_connection(conn);
13075 ++ _leave("");
13076 ++ return;
13077 + }
13078 +diff --git a/net/rxrpc/conn_object.c b/net/rxrpc/conn_object.c
13079 +index 38d718e90dc6..19e141eeed17 100644
13080 +--- a/net/rxrpc/conn_object.c
13081 ++++ b/net/rxrpc/conn_object.c
13082 +@@ -223,9 +223,8 @@ void rxrpc_disconnect_call(struct rxrpc_call *call)
13083 + __rxrpc_disconnect_call(conn, call);
13084 + spin_unlock(&conn->channel_lock);
13085 +
13086 +- call->conn = NULL;
13087 ++ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
13088 + conn->idle_timestamp = jiffies;
13089 +- rxrpc_put_connection(conn);
13090 + }
13091 +
13092 + /*
13093 +diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
13094 +index 96d54e5bf7bc..ef10fbf71b15 100644
13095 +--- a/net/rxrpc/input.c
13096 ++++ b/net/rxrpc/input.c
13097 +@@ -599,10 +599,8 @@ ack:
13098 + false, true,
13099 + rxrpc_propose_ack_input_data);
13100 +
13101 +- if (seq0 == READ_ONCE(call->rx_hard_ack) + 1) {
13102 +- trace_rxrpc_notify_socket(call->debug_id, serial);
13103 +- rxrpc_notify_socket(call);
13104 +- }
13105 ++ trace_rxrpc_notify_socket(call->debug_id, serial);
13106 ++ rxrpc_notify_socket(call);
13107 +
13108 + unlock:
13109 + spin_unlock(&call->input_lock);
13110 +diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c
13111 +index 36587260cabd..a6c1349e965d 100644
13112 +--- a/net/rxrpc/local_object.c
13113 ++++ b/net/rxrpc/local_object.c
13114 +@@ -364,11 +364,14 @@ void rxrpc_queue_local(struct rxrpc_local *local)
13115 + void rxrpc_put_local(struct rxrpc_local *local)
13116 + {
13117 + const void *here = __builtin_return_address(0);
13118 ++ unsigned int debug_id;
13119 + int n;
13120 +
13121 + if (local) {
13122 ++ debug_id = local->debug_id;
13123 ++
13124 + n = atomic_dec_return(&local->usage);
13125 +- trace_rxrpc_local(local->debug_id, rxrpc_local_put, n, here);
13126 ++ trace_rxrpc_local(debug_id, rxrpc_local_put, n, here);
13127 +
13128 + if (n == 0)
13129 + call_rcu(&local->rcu, rxrpc_local_rcu);
13130 +@@ -380,14 +383,11 @@ void rxrpc_put_local(struct rxrpc_local *local)
13131 + */
13132 + struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local)
13133 + {
13134 +- unsigned int au;
13135 +-
13136 + local = rxrpc_get_local_maybe(local);
13137 + if (!local)
13138 + return NULL;
13139 +
13140 +- au = atomic_fetch_add_unless(&local->active_users, 1, 0);
13141 +- if (au == 0) {
13142 ++ if (!__rxrpc_use_local(local)) {
13143 + rxrpc_put_local(local);
13144 + return NULL;
13145 + }
13146 +@@ -401,14 +401,11 @@ struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local)
13147 + */
13148 + void rxrpc_unuse_local(struct rxrpc_local *local)
13149 + {
13150 +- unsigned int au;
13151 +-
13152 + if (local) {
13153 +- au = atomic_dec_return(&local->active_users);
13154 +- if (au == 0)
13155 ++ if (__rxrpc_unuse_local(local)) {
13156 ++ rxrpc_get_local(local);
13157 + rxrpc_queue_local(local);
13158 +- else
13159 +- rxrpc_put_local(local);
13160 ++ }
13161 + }
13162 + }
13163 +
13164 +@@ -465,7 +462,7 @@ static void rxrpc_local_processor(struct work_struct *work)
13165 +
13166 + do {
13167 + again = false;
13168 +- if (atomic_read(&local->active_users) == 0) {
13169 ++ if (!__rxrpc_use_local(local)) {
13170 + rxrpc_local_destroyer(local);
13171 + break;
13172 + }
13173 +@@ -479,6 +476,8 @@ static void rxrpc_local_processor(struct work_struct *work)
13174 + rxrpc_process_local_events(local);
13175 + again = true;
13176 + }
13177 ++
13178 ++ __rxrpc_unuse_local(local);
13179 + } while (again);
13180 +
13181 + rxrpc_put_local(local);
13182 +diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
13183 +index 935bb60fff56..bad3d2420344 100644
13184 +--- a/net/rxrpc/output.c
13185 ++++ b/net/rxrpc/output.c
13186 +@@ -129,7 +129,7 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_connection *conn,
13187 + int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
13188 + rxrpc_serial_t *_serial)
13189 + {
13190 +- struct rxrpc_connection *conn = NULL;
13191 ++ struct rxrpc_connection *conn;
13192 + struct rxrpc_ack_buffer *pkt;
13193 + struct msghdr msg;
13194 + struct kvec iov[2];
13195 +@@ -139,18 +139,14 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
13196 + int ret;
13197 + u8 reason;
13198 +
13199 +- spin_lock_bh(&call->lock);
13200 +- if (call->conn)
13201 +- conn = rxrpc_get_connection_maybe(call->conn);
13202 +- spin_unlock_bh(&call->lock);
13203 +- if (!conn)
13204 ++ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
13205 + return -ECONNRESET;
13206 +
13207 + pkt = kzalloc(sizeof(*pkt), GFP_KERNEL);
13208 +- if (!pkt) {
13209 +- rxrpc_put_connection(conn);
13210 ++ if (!pkt)
13211 + return -ENOMEM;
13212 +- }
13213 ++
13214 ++ conn = call->conn;
13215 +
13216 + msg.msg_name = &call->peer->srx.transport;
13217 + msg.msg_namelen = call->peer->srx.transport_len;
13218 +@@ -244,7 +240,6 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
13219 + }
13220 +
13221 + out:
13222 +- rxrpc_put_connection(conn);
13223 + kfree(pkt);
13224 + return ret;
13225 + }
13226 +@@ -254,7 +249,7 @@ out:
13227 + */
13228 + int rxrpc_send_abort_packet(struct rxrpc_call *call)
13229 + {
13230 +- struct rxrpc_connection *conn = NULL;
13231 ++ struct rxrpc_connection *conn;
13232 + struct rxrpc_abort_buffer pkt;
13233 + struct msghdr msg;
13234 + struct kvec iov[1];
13235 +@@ -271,13 +266,11 @@ int rxrpc_send_abort_packet(struct rxrpc_call *call)
13236 + test_bit(RXRPC_CALL_TX_LAST, &call->flags))
13237 + return 0;
13238 +
13239 +- spin_lock_bh(&call->lock);
13240 +- if (call->conn)
13241 +- conn = rxrpc_get_connection_maybe(call->conn);
13242 +- spin_unlock_bh(&call->lock);
13243 +- if (!conn)
13244 ++ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
13245 + return -ECONNRESET;
13246 +
13247 ++ conn = call->conn;
13248 ++
13249 + msg.msg_name = &call->peer->srx.transport;
13250 + msg.msg_namelen = call->peer->srx.transport_len;
13251 + msg.msg_control = NULL;
13252 +@@ -312,8 +305,6 @@ int rxrpc_send_abort_packet(struct rxrpc_call *call)
13253 + trace_rxrpc_tx_packet(call->debug_id, &pkt.whdr,
13254 + rxrpc_tx_point_call_abort);
13255 + rxrpc_tx_backoff(call, ret);
13256 +-
13257 +- rxrpc_put_connection(conn);
13258 + return ret;
13259 + }
13260 +
13261 +diff --git a/net/rxrpc/peer_event.c b/net/rxrpc/peer_event.c
13262 +index 48f67a9b1037..923b263c401b 100644
13263 +--- a/net/rxrpc/peer_event.c
13264 ++++ b/net/rxrpc/peer_event.c
13265 +@@ -364,27 +364,31 @@ static void rxrpc_peer_keepalive_dispatch(struct rxrpc_net *rxnet,
13266 + if (!rxrpc_get_peer_maybe(peer))
13267 + continue;
13268 +
13269 +- spin_unlock_bh(&rxnet->peer_hash_lock);
13270 +-
13271 +- keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
13272 +- slot = keepalive_at - base;
13273 +- _debug("%02x peer %u t=%d {%pISp}",
13274 +- cursor, peer->debug_id, slot, &peer->srx.transport);
13275 ++ if (__rxrpc_use_local(peer->local)) {
13276 ++ spin_unlock_bh(&rxnet->peer_hash_lock);
13277 ++
13278 ++ keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
13279 ++ slot = keepalive_at - base;
13280 ++ _debug("%02x peer %u t=%d {%pISp}",
13281 ++ cursor, peer->debug_id, slot, &peer->srx.transport);
13282 ++
13283 ++ if (keepalive_at <= base ||
13284 ++ keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
13285 ++ rxrpc_send_keepalive(peer);
13286 ++ slot = RXRPC_KEEPALIVE_TIME;
13287 ++ }
13288 +
13289 +- if (keepalive_at <= base ||
13290 +- keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
13291 +- rxrpc_send_keepalive(peer);
13292 +- slot = RXRPC_KEEPALIVE_TIME;
13293 ++ /* A transmission to this peer occurred since last we
13294 ++ * examined it so put it into the appropriate future
13295 ++ * bucket.
13296 ++ */
13297 ++ slot += cursor;
13298 ++ slot &= mask;
13299 ++ spin_lock_bh(&rxnet->peer_hash_lock);
13300 ++ list_add_tail(&peer->keepalive_link,
13301 ++ &rxnet->peer_keepalive[slot & mask]);
13302 ++ rxrpc_unuse_local(peer->local);
13303 + }
13304 +-
13305 +- /* A transmission to this peer occurred since last we examined
13306 +- * it so put it into the appropriate future bucket.
13307 +- */
13308 +- slot += cursor;
13309 +- slot &= mask;
13310 +- spin_lock_bh(&rxnet->peer_hash_lock);
13311 +- list_add_tail(&peer->keepalive_link,
13312 +- &rxnet->peer_keepalive[slot & mask]);
13313 + rxrpc_put_peer_locked(peer);
13314 + }
13315 +
13316 +diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
13317 +index c22624131949..d36949d9382c 100644
13318 +--- a/net/sched/cls_rsvp.h
13319 ++++ b/net/sched/cls_rsvp.h
13320 +@@ -463,10 +463,8 @@ static u32 gen_tunnel(struct rsvp_head *data)
13321 +
13322 + static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = {
13323 + [TCA_RSVP_CLASSID] = { .type = NLA_U32 },
13324 +- [TCA_RSVP_DST] = { .type = NLA_BINARY,
13325 +- .len = RSVP_DST_LEN * sizeof(u32) },
13326 +- [TCA_RSVP_SRC] = { .type = NLA_BINARY,
13327 +- .len = RSVP_DST_LEN * sizeof(u32) },
13328 ++ [TCA_RSVP_DST] = { .len = RSVP_DST_LEN * sizeof(u32) },
13329 ++ [TCA_RSVP_SRC] = { .len = RSVP_DST_LEN * sizeof(u32) },
13330 + [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) },
13331 + };
13332 +
13333 +diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c
13334 +index 3d4a1280352f..09b7dc5fe7e0 100644
13335 +--- a/net/sched/cls_tcindex.c
13336 ++++ b/net/sched/cls_tcindex.c
13337 +@@ -333,12 +333,31 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
13338 + cp->fall_through = p->fall_through;
13339 + cp->tp = tp;
13340 +
13341 ++ if (tb[TCA_TCINDEX_HASH])
13342 ++ cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
13343 ++
13344 ++ if (tb[TCA_TCINDEX_MASK])
13345 ++ cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]);
13346 ++
13347 ++ if (tb[TCA_TCINDEX_SHIFT])
13348 ++ cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]);
13349 ++
13350 ++ if (!cp->hash) {
13351 ++ /* Hash not specified, use perfect hash if the upper limit
13352 ++ * of the hashing index is below the threshold.
13353 ++ */
13354 ++ if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD)
13355 ++ cp->hash = (cp->mask >> cp->shift) + 1;
13356 ++ else
13357 ++ cp->hash = DEFAULT_HASH_SIZE;
13358 ++ }
13359 ++
13360 + if (p->perfect) {
13361 + int i;
13362 +
13363 + if (tcindex_alloc_perfect_hash(net, cp) < 0)
13364 + goto errout;
13365 +- for (i = 0; i < cp->hash; i++)
13366 ++ for (i = 0; i < min(cp->hash, p->hash); i++)
13367 + cp->perfect[i].res = p->perfect[i].res;
13368 + balloc = 1;
13369 + }
13370 +@@ -346,19 +365,10 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
13371 +
13372 + err = tcindex_filter_result_init(&new_filter_result, net);
13373 + if (err < 0)
13374 +- goto errout1;
13375 ++ goto errout_alloc;
13376 + if (old_r)
13377 + cr = r->res;
13378 +
13379 +- if (tb[TCA_TCINDEX_HASH])
13380 +- cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
13381 +-
13382 +- if (tb[TCA_TCINDEX_MASK])
13383 +- cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]);
13384 +-
13385 +- if (tb[TCA_TCINDEX_SHIFT])
13386 +- cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]);
13387 +-
13388 + err = -EBUSY;
13389 +
13390 + /* Hash already allocated, make sure that we still meet the
13391 +@@ -376,16 +386,6 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
13392 + if (tb[TCA_TCINDEX_FALL_THROUGH])
13393 + cp->fall_through = nla_get_u32(tb[TCA_TCINDEX_FALL_THROUGH]);
13394 +
13395 +- if (!cp->hash) {
13396 +- /* Hash not specified, use perfect hash if the upper limit
13397 +- * of the hashing index is below the threshold.
13398 +- */
13399 +- if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD)
13400 +- cp->hash = (cp->mask >> cp->shift) + 1;
13401 +- else
13402 +- cp->hash = DEFAULT_HASH_SIZE;
13403 +- }
13404 +-
13405 + if (!cp->perfect && !cp->h)
13406 + cp->alloc_hash = cp->hash;
13407 +
13408 +@@ -484,7 +484,6 @@ errout_alloc:
13409 + tcindex_free_perfect_hash(cp);
13410 + else if (balloc == 2)
13411 + kfree(cp->h);
13412 +-errout1:
13413 + tcf_exts_destroy(&new_filter_result.exts);
13414 + errout:
13415 + kfree(cp);
13416 +diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
13417 +index c609373c8661..660fc45ee40f 100644
13418 +--- a/net/sched/sch_taprio.c
13419 ++++ b/net/sched/sch_taprio.c
13420 +@@ -31,6 +31,7 @@ static DEFINE_SPINLOCK(taprio_list_lock);
13421 +
13422 + #define TXTIME_ASSIST_IS_ENABLED(flags) ((flags) & TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST)
13423 + #define FULL_OFFLOAD_IS_ENABLED(flags) ((flags) & TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD)
13424 ++#define TAPRIO_FLAGS_INVALID U32_MAX
13425 +
13426 + struct sched_entry {
13427 + struct list_head list;
13428 +@@ -766,6 +767,7 @@ static const struct nla_policy taprio_policy[TCA_TAPRIO_ATTR_MAX + 1] = {
13429 + [TCA_TAPRIO_ATTR_SCHED_CLOCKID] = { .type = NLA_S32 },
13430 + [TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME] = { .type = NLA_S64 },
13431 + [TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION] = { .type = NLA_S64 },
13432 ++ [TCA_TAPRIO_ATTR_FLAGS] = { .type = NLA_U32 },
13433 + };
13434 +
13435 + static int fill_sched_entry(struct nlattr **tb, struct sched_entry *entry,
13436 +@@ -1367,6 +1369,33 @@ static int taprio_mqprio_cmp(const struct net_device *dev,
13437 + return 0;
13438 + }
13439 +
13440 ++/* The semantics of the 'flags' argument in relation to 'change()'
13441 ++ * requests, are interpreted following two rules (which are applied in
13442 ++ * this order): (1) an omitted 'flags' argument is interpreted as
13443 ++ * zero; (2) the 'flags' of a "running" taprio instance cannot be
13444 ++ * changed.
13445 ++ */
13446 ++static int taprio_new_flags(const struct nlattr *attr, u32 old,
13447 ++ struct netlink_ext_ack *extack)
13448 ++{
13449 ++ u32 new = 0;
13450 ++
13451 ++ if (attr)
13452 ++ new = nla_get_u32(attr);
13453 ++
13454 ++ if (old != TAPRIO_FLAGS_INVALID && old != new) {
13455 ++ NL_SET_ERR_MSG_MOD(extack, "Changing 'flags' of a running schedule is not supported");
13456 ++ return -EOPNOTSUPP;
13457 ++ }
13458 ++
13459 ++ if (!taprio_flags_valid(new)) {
13460 ++ NL_SET_ERR_MSG_MOD(extack, "Specified 'flags' are not valid");
13461 ++ return -EINVAL;
13462 ++ }
13463 ++
13464 ++ return new;
13465 ++}
13466 ++
13467 + static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13468 + struct netlink_ext_ack *extack)
13469 + {
13470 +@@ -1375,7 +1404,6 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13471 + struct taprio_sched *q = qdisc_priv(sch);
13472 + struct net_device *dev = qdisc_dev(sch);
13473 + struct tc_mqprio_qopt *mqprio = NULL;
13474 +- u32 taprio_flags = 0;
13475 + unsigned long flags;
13476 + ktime_t start;
13477 + int i, err;
13478 +@@ -1388,21 +1416,14 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13479 + if (tb[TCA_TAPRIO_ATTR_PRIOMAP])
13480 + mqprio = nla_data(tb[TCA_TAPRIO_ATTR_PRIOMAP]);
13481 +
13482 +- if (tb[TCA_TAPRIO_ATTR_FLAGS]) {
13483 +- taprio_flags = nla_get_u32(tb[TCA_TAPRIO_ATTR_FLAGS]);
13484 +-
13485 +- if (q->flags != 0 && q->flags != taprio_flags) {
13486 +- NL_SET_ERR_MSG_MOD(extack, "Changing 'flags' of a running schedule is not supported");
13487 +- return -EOPNOTSUPP;
13488 +- } else if (!taprio_flags_valid(taprio_flags)) {
13489 +- NL_SET_ERR_MSG_MOD(extack, "Specified 'flags' are not valid");
13490 +- return -EINVAL;
13491 +- }
13492 ++ err = taprio_new_flags(tb[TCA_TAPRIO_ATTR_FLAGS],
13493 ++ q->flags, extack);
13494 ++ if (err < 0)
13495 ++ return err;
13496 +
13497 +- q->flags = taprio_flags;
13498 +- }
13499 ++ q->flags = err;
13500 +
13501 +- err = taprio_parse_mqprio_opt(dev, mqprio, extack, taprio_flags);
13502 ++ err = taprio_parse_mqprio_opt(dev, mqprio, extack, q->flags);
13503 + if (err < 0)
13504 + return err;
13505 +
13506 +@@ -1444,7 +1465,20 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13507 +
13508 + taprio_set_picos_per_byte(dev, q);
13509 +
13510 +- if (FULL_OFFLOAD_IS_ENABLED(taprio_flags))
13511 ++ if (mqprio) {
13512 ++ netdev_set_num_tc(dev, mqprio->num_tc);
13513 ++ for (i = 0; i < mqprio->num_tc; i++)
13514 ++ netdev_set_tc_queue(dev, i,
13515 ++ mqprio->count[i],
13516 ++ mqprio->offset[i]);
13517 ++
13518 ++ /* Always use supplied priority mappings */
13519 ++ for (i = 0; i <= TC_BITMASK; i++)
13520 ++ netdev_set_prio_tc_map(dev, i,
13521 ++ mqprio->prio_tc_map[i]);
13522 ++ }
13523 ++
13524 ++ if (FULL_OFFLOAD_IS_ENABLED(q->flags))
13525 + err = taprio_enable_offload(dev, mqprio, q, new_admin, extack);
13526 + else
13527 + err = taprio_disable_offload(dev, q, extack);
13528 +@@ -1464,27 +1498,14 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13529 + q->txtime_delay = nla_get_u32(tb[TCA_TAPRIO_ATTR_TXTIME_DELAY]);
13530 + }
13531 +
13532 +- if (!TXTIME_ASSIST_IS_ENABLED(taprio_flags) &&
13533 +- !FULL_OFFLOAD_IS_ENABLED(taprio_flags) &&
13534 ++ if (!TXTIME_ASSIST_IS_ENABLED(q->flags) &&
13535 ++ !FULL_OFFLOAD_IS_ENABLED(q->flags) &&
13536 + !hrtimer_active(&q->advance_timer)) {
13537 + hrtimer_init(&q->advance_timer, q->clockid, HRTIMER_MODE_ABS);
13538 + q->advance_timer.function = advance_sched;
13539 + }
13540 +
13541 +- if (mqprio) {
13542 +- netdev_set_num_tc(dev, mqprio->num_tc);
13543 +- for (i = 0; i < mqprio->num_tc; i++)
13544 +- netdev_set_tc_queue(dev, i,
13545 +- mqprio->count[i],
13546 +- mqprio->offset[i]);
13547 +-
13548 +- /* Always use supplied priority mappings */
13549 +- for (i = 0; i <= TC_BITMASK; i++)
13550 +- netdev_set_prio_tc_map(dev, i,
13551 +- mqprio->prio_tc_map[i]);
13552 +- }
13553 +-
13554 +- if (FULL_OFFLOAD_IS_ENABLED(taprio_flags)) {
13555 ++ if (FULL_OFFLOAD_IS_ENABLED(q->flags)) {
13556 + q->dequeue = taprio_dequeue_offload;
13557 + q->peek = taprio_peek_offload;
13558 + } else {
13559 +@@ -1501,9 +1522,9 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13560 + goto unlock;
13561 + }
13562 +
13563 +- if (TXTIME_ASSIST_IS_ENABLED(taprio_flags)) {
13564 +- setup_txtime(q, new_admin, start);
13565 ++ setup_txtime(q, new_admin, start);
13566 +
13567 ++ if (TXTIME_ASSIST_IS_ENABLED(q->flags)) {
13568 + if (!oper) {
13569 + rcu_assign_pointer(q->oper_sched, new_admin);
13570 + err = 0;
13571 +@@ -1528,7 +1549,7 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
13572 +
13573 + spin_unlock_irqrestore(&q->current_entry_lock, flags);
13574 +
13575 +- if (FULL_OFFLOAD_IS_ENABLED(taprio_flags))
13576 ++ if (FULL_OFFLOAD_IS_ENABLED(q->flags))
13577 + taprio_offload_config_changed(q);
13578 + }
13579 +
13580 +@@ -1567,7 +1588,7 @@ static void taprio_destroy(struct Qdisc *sch)
13581 + }
13582 + q->qdiscs = NULL;
13583 +
13584 +- netdev_set_num_tc(dev, 0);
13585 ++ netdev_reset_tc(dev);
13586 +
13587 + if (q->oper_sched)
13588 + call_rcu(&q->oper_sched->rcu, taprio_free_sched_cb);
13589 +@@ -1597,6 +1618,7 @@ static int taprio_init(struct Qdisc *sch, struct nlattr *opt,
13590 + * and get the valid one on taprio_change().
13591 + */
13592 + q->clockid = -1;
13593 ++ q->flags = TAPRIO_FLAGS_INVALID;
13594 +
13595 + spin_lock(&taprio_list_lock);
13596 + list_add(&q->taprio_list, &taprio_list);
13597 +diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
13598 +index 908b60a72d95..ed20fa8a6f70 100644
13599 +--- a/net/sunrpc/auth_gss/svcauth_gss.c
13600 ++++ b/net/sunrpc/auth_gss/svcauth_gss.c
13601 +@@ -1245,6 +1245,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
13602 + dprintk("RPC: No creds found!\n");
13603 + goto out;
13604 + } else {
13605 ++ struct timespec64 boot;
13606 +
13607 + /* steal creds */
13608 + rsci.cred = ud->creds;
13609 +@@ -1265,6 +1266,9 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
13610 + &expiry, GFP_KERNEL);
13611 + if (status)
13612 + goto out;
13613 ++
13614 ++ getboottime64(&boot);
13615 ++ expiry -= boot.tv_sec;
13616 + }
13617 +
13618 + rsci.h.expiry_time = expiry;
13619 +diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
13620 +index 42b571cde177..e7ad48c605e0 100644
13621 +--- a/samples/bpf/Makefile
13622 ++++ b/samples/bpf/Makefile
13623 +@@ -236,7 +236,7 @@ all:
13624 +
13625 + clean:
13626 + $(MAKE) -C ../../ M=$(CURDIR) clean
13627 +- @rm -f *~
13628 ++ @find $(CURDIR) -type f -name '*~' -delete
13629 +
13630 + $(LIBBPF): FORCE
13631 + # Fix up variables inherited from Kbuild that tools/ build system won't like
13632 +diff --git a/samples/bpf/xdp_redirect_cpu_user.c b/samples/bpf/xdp_redirect_cpu_user.c
13633 +index 0da6e9e7132e..8b862a7a6c6a 100644
13634 +--- a/samples/bpf/xdp_redirect_cpu_user.c
13635 ++++ b/samples/bpf/xdp_redirect_cpu_user.c
13636 +@@ -16,6 +16,10 @@ static const char *__doc__ =
13637 + #include <getopt.h>
13638 + #include <net/if.h>
13639 + #include <time.h>
13640 ++#include <linux/limits.h>
13641 ++
13642 ++#define __must_check
13643 ++#include <linux/err.h>
13644 +
13645 + #include <arpa/inet.h>
13646 + #include <linux/if_link.h>
13647 +@@ -46,6 +50,10 @@ static int cpus_count_map_fd;
13648 + static int cpus_iterator_map_fd;
13649 + static int exception_cnt_map_fd;
13650 +
13651 ++#define NUM_TP 5
13652 ++struct bpf_link *tp_links[NUM_TP] = { 0 };
13653 ++static int tp_cnt = 0;
13654 ++
13655 + /* Exit return codes */
13656 + #define EXIT_OK 0
13657 + #define EXIT_FAIL 1
13658 +@@ -88,6 +96,10 @@ static void int_exit(int sig)
13659 + printf("program on interface changed, not removing\n");
13660 + }
13661 + }
13662 ++ /* Detach tracepoints */
13663 ++ while (tp_cnt)
13664 ++ bpf_link__destroy(tp_links[--tp_cnt]);
13665 ++
13666 + exit(EXIT_OK);
13667 + }
13668 +
13669 +@@ -588,23 +600,61 @@ static void stats_poll(int interval, bool use_separators, char *prog_name,
13670 + free_stats_record(prev);
13671 + }
13672 +
13673 ++static struct bpf_link * attach_tp(struct bpf_object *obj,
13674 ++ const char *tp_category,
13675 ++ const char* tp_name)
13676 ++{
13677 ++ struct bpf_program *prog;
13678 ++ struct bpf_link *link;
13679 ++ char sec_name[PATH_MAX];
13680 ++ int len;
13681 ++
13682 ++ len = snprintf(sec_name, PATH_MAX, "tracepoint/%s/%s",
13683 ++ tp_category, tp_name);
13684 ++ if (len < 0)
13685 ++ exit(EXIT_FAIL);
13686 ++
13687 ++ prog = bpf_object__find_program_by_title(obj, sec_name);
13688 ++ if (!prog) {
13689 ++ fprintf(stderr, "ERR: finding progsec: %s\n", sec_name);
13690 ++ exit(EXIT_FAIL_BPF);
13691 ++ }
13692 ++
13693 ++ link = bpf_program__attach_tracepoint(prog, tp_category, tp_name);
13694 ++ if (IS_ERR(link))
13695 ++ exit(EXIT_FAIL_BPF);
13696 ++
13697 ++ return link;
13698 ++}
13699 ++
13700 ++static void init_tracepoints(struct bpf_object *obj) {
13701 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_redirect_err");
13702 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_redirect_map_err");
13703 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_exception");
13704 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_cpumap_enqueue");
13705 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_cpumap_kthread");
13706 ++}
13707 ++
13708 + static int init_map_fds(struct bpf_object *obj)
13709 + {
13710 +- cpu_map_fd = bpf_object__find_map_fd_by_name(obj, "cpu_map");
13711 +- rx_cnt_map_fd = bpf_object__find_map_fd_by_name(obj, "rx_cnt");
13712 ++ /* Maps updated by tracepoints */
13713 + redirect_err_cnt_map_fd =
13714 + bpf_object__find_map_fd_by_name(obj, "redirect_err_cnt");
13715 ++ exception_cnt_map_fd =
13716 ++ bpf_object__find_map_fd_by_name(obj, "exception_cnt");
13717 + cpumap_enqueue_cnt_map_fd =
13718 + bpf_object__find_map_fd_by_name(obj, "cpumap_enqueue_cnt");
13719 + cpumap_kthread_cnt_map_fd =
13720 + bpf_object__find_map_fd_by_name(obj, "cpumap_kthread_cnt");
13721 ++
13722 ++ /* Maps used by XDP */
13723 ++ rx_cnt_map_fd = bpf_object__find_map_fd_by_name(obj, "rx_cnt");
13724 ++ cpu_map_fd = bpf_object__find_map_fd_by_name(obj, "cpu_map");
13725 + cpus_available_map_fd =
13726 + bpf_object__find_map_fd_by_name(obj, "cpus_available");
13727 + cpus_count_map_fd = bpf_object__find_map_fd_by_name(obj, "cpus_count");
13728 + cpus_iterator_map_fd =
13729 + bpf_object__find_map_fd_by_name(obj, "cpus_iterator");
13730 +- exception_cnt_map_fd =
13731 +- bpf_object__find_map_fd_by_name(obj, "exception_cnt");
13732 +
13733 + if (cpu_map_fd < 0 || rx_cnt_map_fd < 0 ||
13734 + redirect_err_cnt_map_fd < 0 || cpumap_enqueue_cnt_map_fd < 0 ||
13735 +@@ -662,6 +712,7 @@ int main(int argc, char **argv)
13736 + strerror(errno));
13737 + return EXIT_FAIL;
13738 + }
13739 ++ init_tracepoints(obj);
13740 + if (init_map_fds(obj) < 0) {
13741 + fprintf(stderr, "bpf_object__find_map_fd_by_name failed\n");
13742 + return EXIT_FAIL;
13743 +diff --git a/scripts/find-unused-docs.sh b/scripts/find-unused-docs.sh
13744 +index 3f46f8977dc4..ee6a50e33aba 100755
13745 +--- a/scripts/find-unused-docs.sh
13746 ++++ b/scripts/find-unused-docs.sh
13747 +@@ -54,7 +54,7 @@ for file in `find $1 -name '*.c'`; do
13748 + if [[ ${FILES_INCLUDED[$file]+_} ]]; then
13749 + continue;
13750 + fi
13751 +- str=$(scripts/kernel-doc -text -export "$file" 2>/dev/null)
13752 ++ str=$(scripts/kernel-doc -export "$file" 2>/dev/null)
13753 + if [[ -n "$str" ]]; then
13754 + echo "$file"
13755 + fi
13756 +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
13757 +index abeb09c30633..ad22066eba04 100644
13758 +--- a/security/smack/smack_lsm.c
13759 ++++ b/security/smack/smack_lsm.c
13760 +@@ -2832,42 +2832,39 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
13761 + int addrlen)
13762 + {
13763 + int rc = 0;
13764 +-#if IS_ENABLED(CONFIG_IPV6)
13765 +- struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
13766 +-#endif
13767 +-#ifdef SMACK_IPV6_SECMARK_LABELING
13768 +- struct smack_known *rsp;
13769 +- struct socket_smack *ssp;
13770 +-#endif
13771 +
13772 + if (sock->sk == NULL)
13773 + return 0;
13774 +-
13775 ++ if (sock->sk->sk_family != PF_INET &&
13776 ++ (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
13777 ++ return 0;
13778 ++ if (addrlen < offsetofend(struct sockaddr, sa_family))
13779 ++ return 0;
13780 ++ if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
13781 ++ struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
13782 + #ifdef SMACK_IPV6_SECMARK_LABELING
13783 +- ssp = sock->sk->sk_security;
13784 ++ struct smack_known *rsp;
13785 + #endif
13786 +
13787 +- switch (sock->sk->sk_family) {
13788 +- case PF_INET:
13789 +- if (addrlen < sizeof(struct sockaddr_in) ||
13790 +- sap->sa_family != AF_INET)
13791 +- return -EINVAL;
13792 +- rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
13793 +- break;
13794 +- case PF_INET6:
13795 +- if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6)
13796 +- return -EINVAL;
13797 ++ if (addrlen < SIN6_LEN_RFC2133)
13798 ++ return 0;
13799 + #ifdef SMACK_IPV6_SECMARK_LABELING
13800 + rsp = smack_ipv6host_label(sip);
13801 +- if (rsp != NULL)
13802 ++ if (rsp != NULL) {
13803 ++ struct socket_smack *ssp = sock->sk->sk_security;
13804 ++
13805 + rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
13806 +- SMK_CONNECTING);
13807 ++ SMK_CONNECTING);
13808 ++ }
13809 + #endif
13810 + #ifdef SMACK_IPV6_PORT_LABELING
13811 + rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
13812 + #endif
13813 +- break;
13814 ++ return rc;
13815 + }
13816 ++ if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
13817 ++ return 0;
13818 ++ rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
13819 + return rc;
13820 + }
13821 +
13822 +diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c
13823 +index aee7c04d49e5..b61ba0321a72 100644
13824 +--- a/sound/drivers/dummy.c
13825 ++++ b/sound/drivers/dummy.c
13826 +@@ -915,7 +915,7 @@ static void print_formats(struct snd_dummy *dummy,
13827 + {
13828 + int i;
13829 +
13830 +- for (i = 0; i < SNDRV_PCM_FORMAT_LAST; i++) {
13831 ++ for (i = 0; i <= SNDRV_PCM_FORMAT_LAST; i++) {
13832 + if (dummy->pcm_hw.formats & (1ULL << i))
13833 + snd_iprintf(buffer, " %s", snd_pcm_format_name(i));
13834 + }
13835 +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
13836 +index f6cbb831b86a..85beb172d810 100644
13837 +--- a/sound/pci/hda/hda_intel.c
13838 ++++ b/sound/pci/hda/hda_intel.c
13839 +@@ -2156,6 +2156,8 @@ static struct snd_pci_quirk power_save_blacklist[] = {
13840 + /* https://bugzilla.redhat.com/show_bug.cgi?id=1581607 */
13841 + SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", 0),
13842 + /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
13843 ++ SND_PCI_QUIRK(0x1558, 0x6504, "Clevo W65_67SB", 0),
13844 ++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
13845 + SND_PCI_QUIRK(0x1028, 0x0497, "Dell Precision T3600", 0),
13846 + /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
13847 + /* Note the P55A-UD3 and Z87-D3HP share the subsys id for the HDA dev */
13848 +@@ -2415,6 +2417,8 @@ static const struct pci_device_id azx_ids[] = {
13849 + /* Jasperlake */
13850 + { PCI_DEVICE(0x8086, 0x38c8),
13851 + .driver_data = AZX_DRIVER_SKL | AZX_DCAPS_INTEL_SKYLAKE},
13852 ++ { PCI_DEVICE(0x8086, 0x4dc8),
13853 ++ .driver_data = AZX_DRIVER_SKL | AZX_DCAPS_INTEL_SKYLAKE},
13854 + /* Tigerlake */
13855 + { PCI_DEVICE(0x8086, 0xa0c8),
13856 + .driver_data = AZX_DRIVER_SKL | AZX_DCAPS_INTEL_SKYLAKE},
13857 +diff --git a/sound/pci/hda/hda_tegra.c b/sound/pci/hda/hda_tegra.c
13858 +index 8350954b7986..e5191584638a 100644
13859 +--- a/sound/pci/hda/hda_tegra.c
13860 ++++ b/sound/pci/hda/hda_tegra.c
13861 +@@ -398,6 +398,7 @@ static int hda_tegra_create(struct snd_card *card,
13862 + return err;
13863 +
13864 + chip->bus.needs_damn_long_delay = 1;
13865 ++ chip->bus.core.aligned_mmio = 1;
13866 +
13867 + err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops);
13868 + if (err < 0) {
13869 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
13870 +index 488c17c9f375..8ac805a634f4 100644
13871 +--- a/sound/pci/hda/patch_hdmi.c
13872 ++++ b/sound/pci/hda/patch_hdmi.c
13873 +@@ -4153,6 +4153,7 @@ HDA_CODEC_ENTRY(0x8086280c, "Cannonlake HDMI", patch_i915_glk_hdmi),
13874 + HDA_CODEC_ENTRY(0x8086280d, "Geminilake HDMI", patch_i915_glk_hdmi),
13875 + HDA_CODEC_ENTRY(0x8086280f, "Icelake HDMI", patch_i915_icl_hdmi),
13876 + HDA_CODEC_ENTRY(0x80862812, "Tigerlake HDMI", patch_i915_tgl_hdmi),
13877 ++HDA_CODEC_ENTRY(0x8086281a, "Jasperlake HDMI", patch_i915_icl_hdmi),
13878 + HDA_CODEC_ENTRY(0x80862880, "CedarTrail HDMI", patch_generic_hdmi),
13879 + HDA_CODEC_ENTRY(0x80862882, "Valleyview2 HDMI", patch_i915_byt_hdmi),
13880 + HDA_CODEC_ENTRY(0x80862883, "Braswell HDMI", patch_i915_byt_hdmi),
13881 +diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
13882 +index aa1f9637d895..e949b372cead 100644
13883 +--- a/sound/soc/codecs/sgtl5000.c
13884 ++++ b/sound/soc/codecs/sgtl5000.c
13885 +@@ -1344,7 +1344,8 @@ static int sgtl5000_set_power_regs(struct snd_soc_component *component)
13886 + * if vddio == vdda the source of charge pump should be
13887 + * assigned manually to VDDIO
13888 + */
13889 +- if (vddio == vdda) {
13890 ++ if (regulator_is_equal(sgtl5000->supplies[VDDA].consumer,
13891 ++ sgtl5000->supplies[VDDIO].consumer)) {
13892 + lreg_ctrl |= SGTL5000_VDDC_ASSN_OVRD;
13893 + lreg_ctrl |= SGTL5000_VDDC_MAN_ASSN_VDDIO <<
13894 + SGTL5000_VDDC_MAN_ASSN_SHIFT;
13895 +diff --git a/sound/soc/intel/boards/skl_hda_dsp_common.c b/sound/soc/intel/boards/skl_hda_dsp_common.c
13896 +index 58409b6e476e..e3d405e57c5f 100644
13897 +--- a/sound/soc/intel/boards/skl_hda_dsp_common.c
13898 ++++ b/sound/soc/intel/boards/skl_hda_dsp_common.c
13899 +@@ -38,16 +38,19 @@ int skl_hda_hdmi_add_pcm(struct snd_soc_card *card, int device)
13900 + return 0;
13901 + }
13902 +
13903 +-SND_SOC_DAILINK_DEFS(idisp1,
13904 +- DAILINK_COMP_ARRAY(COMP_CPU("iDisp1 Pin")),
13905 ++SND_SOC_DAILINK_DEF(idisp1_cpu,
13906 ++ DAILINK_COMP_ARRAY(COMP_CPU("iDisp1 Pin")));
13907 ++SND_SOC_DAILINK_DEF(idisp1_codec,
13908 + DAILINK_COMP_ARRAY(COMP_CODEC("ehdaudio0D2", "intel-hdmi-hifi1")));
13909 +
13910 +-SND_SOC_DAILINK_DEFS(idisp2,
13911 +- DAILINK_COMP_ARRAY(COMP_CPU("iDisp2 Pin")),
13912 ++SND_SOC_DAILINK_DEF(idisp2_cpu,
13913 ++ DAILINK_COMP_ARRAY(COMP_CPU("iDisp2 Pin")));
13914 ++SND_SOC_DAILINK_DEF(idisp2_codec,
13915 + DAILINK_COMP_ARRAY(COMP_CODEC("ehdaudio0D2", "intel-hdmi-hifi2")));
13916 +
13917 +-SND_SOC_DAILINK_DEFS(idisp3,
13918 +- DAILINK_COMP_ARRAY(COMP_CPU("iDisp3 Pin")),
13919 ++SND_SOC_DAILINK_DEF(idisp3_cpu,
13920 ++ DAILINK_COMP_ARRAY(COMP_CPU("iDisp3 Pin")));
13921 ++SND_SOC_DAILINK_DEF(idisp3_codec,
13922 + DAILINK_COMP_ARRAY(COMP_CODEC("ehdaudio0D2", "intel-hdmi-hifi3")));
13923 +
13924 + SND_SOC_DAILINK_DEF(analog_cpu,
13925 +@@ -80,21 +83,21 @@ struct snd_soc_dai_link skl_hda_be_dai_links[HDA_DSP_MAX_BE_DAI_LINKS] = {
13926 + .id = 1,
13927 + .dpcm_playback = 1,
13928 + .no_pcm = 1,
13929 +- SND_SOC_DAILINK_REG(idisp1),
13930 ++ SND_SOC_DAILINK_REG(idisp1_cpu, idisp1_codec, platform),
13931 + },
13932 + {
13933 + .name = "iDisp2",
13934 + .id = 2,
13935 + .dpcm_playback = 1,
13936 + .no_pcm = 1,
13937 +- SND_SOC_DAILINK_REG(idisp2),
13938 ++ SND_SOC_DAILINK_REG(idisp2_cpu, idisp2_codec, platform),
13939 + },
13940 + {
13941 + .name = "iDisp3",
13942 + .id = 3,
13943 + .dpcm_playback = 1,
13944 + .no_pcm = 1,
13945 +- SND_SOC_DAILINK_REG(idisp3),
13946 ++ SND_SOC_DAILINK_REG(idisp3_cpu, idisp3_codec, platform),
13947 + },
13948 + {
13949 + .name = "Analog Playback and Capture",
13950 +diff --git a/sound/soc/meson/axg-fifo.c b/sound/soc/meson/axg-fifo.c
13951 +index 5a3749938900..d286dff3171d 100644
13952 +--- a/sound/soc/meson/axg-fifo.c
13953 ++++ b/sound/soc/meson/axg-fifo.c
13954 +@@ -108,10 +108,12 @@ static int axg_fifo_pcm_hw_params(struct snd_pcm_substream *ss,
13955 + {
13956 + struct snd_pcm_runtime *runtime = ss->runtime;
13957 + struct axg_fifo *fifo = axg_fifo_data(ss);
13958 ++ unsigned int burst_num, period, threshold;
13959 + dma_addr_t end_ptr;
13960 +- unsigned int burst_num;
13961 + int ret;
13962 +
13963 ++ period = params_period_bytes(params);
13964 ++
13965 + ret = snd_pcm_lib_malloc_pages(ss, params_buffer_bytes(params));
13966 + if (ret < 0)
13967 + return ret;
13968 +@@ -122,9 +124,25 @@ static int axg_fifo_pcm_hw_params(struct snd_pcm_substream *ss,
13969 + regmap_write(fifo->map, FIFO_FINISH_ADDR, end_ptr);
13970 +
13971 + /* Setup interrupt periodicity */
13972 +- burst_num = params_period_bytes(params) / AXG_FIFO_BURST;
13973 ++ burst_num = period / AXG_FIFO_BURST;
13974 + regmap_write(fifo->map, FIFO_INT_ADDR, burst_num);
13975 +
13976 ++ /*
13977 ++ * Start the fifo request on the smallest of the following:
13978 ++ * - Half the fifo size
13979 ++ * - Half the period size
13980 ++ */
13981 ++ threshold = min(period / 2,
13982 ++ (unsigned int)AXG_FIFO_MIN_DEPTH / 2);
13983 ++
13984 ++ /*
13985 ++ * With the threshold in bytes, register value is:
13986 ++ * V = (threshold / burst) - 1
13987 ++ */
13988 ++ threshold /= AXG_FIFO_BURST;
13989 ++ regmap_field_write(fifo->field_threshold,
13990 ++ threshold ? threshold - 1 : 0);
13991 ++
13992 + /* Enable block count irq */
13993 + regmap_update_bits(fifo->map, FIFO_CTRL0,
13994 + CTRL0_INT_EN(FIFO_INT_COUNT_REPEAT),
13995 +@@ -360,6 +378,11 @@ int axg_fifo_probe(struct platform_device *pdev)
13996 + return fifo->irq;
13997 + }
13998 +
13999 ++ fifo->field_threshold =
14000 ++ devm_regmap_field_alloc(dev, fifo->map, data->field_threshold);
14001 ++ if (IS_ERR(fifo->field_threshold))
14002 ++ return PTR_ERR(fifo->field_threshold);
14003 ++
14004 + return devm_snd_soc_register_component(dev, data->component_drv,
14005 + data->dai_drv, 1);
14006 + }
14007 +diff --git a/sound/soc/meson/axg-fifo.h b/sound/soc/meson/axg-fifo.h
14008 +index bb1e2ce50256..ab546a3cf940 100644
14009 +--- a/sound/soc/meson/axg-fifo.h
14010 ++++ b/sound/soc/meson/axg-fifo.h
14011 +@@ -9,7 +9,9 @@
14012 +
14013 + struct clk;
14014 + struct platform_device;
14015 ++struct reg_field;
14016 + struct regmap;
14017 ++struct regmap_field;
14018 + struct reset_control;
14019 +
14020 + struct snd_soc_component_driver;
14021 +@@ -50,8 +52,6 @@ struct snd_soc_pcm_runtime;
14022 + #define CTRL1_STATUS2_SEL_MASK GENMASK(11, 8)
14023 + #define CTRL1_STATUS2_SEL(x) ((x) << 8)
14024 + #define STATUS2_SEL_DDR_READ 0
14025 +-#define CTRL1_THRESHOLD_MASK GENMASK(23, 16)
14026 +-#define CTRL1_THRESHOLD(x) ((x) << 16)
14027 + #define CTRL1_FRDDR_DEPTH_MASK GENMASK(31, 24)
14028 + #define CTRL1_FRDDR_DEPTH(x) ((x) << 24)
14029 + #define FIFO_START_ADDR 0x08
14030 +@@ -67,12 +67,14 @@ struct axg_fifo {
14031 + struct regmap *map;
14032 + struct clk *pclk;
14033 + struct reset_control *arb;
14034 ++ struct regmap_field *field_threshold;
14035 + int irq;
14036 + };
14037 +
14038 + struct axg_fifo_match_data {
14039 + const struct snd_soc_component_driver *component_drv;
14040 + struct snd_soc_dai_driver *dai_drv;
14041 ++ struct reg_field field_threshold;
14042 + };
14043 +
14044 + extern const struct snd_pcm_ops axg_fifo_pcm_ops;
14045 +diff --git a/sound/soc/meson/axg-frddr.c b/sound/soc/meson/axg-frddr.c
14046 +index 6ab111c31b28..09773a9ae964 100644
14047 +--- a/sound/soc/meson/axg-frddr.c
14048 ++++ b/sound/soc/meson/axg-frddr.c
14049 +@@ -50,7 +50,7 @@ static int axg_frddr_dai_startup(struct snd_pcm_substream *substream,
14050 + struct snd_soc_dai *dai)
14051 + {
14052 + struct axg_fifo *fifo = snd_soc_dai_get_drvdata(dai);
14053 +- unsigned int fifo_depth, fifo_threshold;
14054 ++ unsigned int fifo_depth;
14055 + int ret;
14056 +
14057 + /* Enable pclk to access registers and clock the fifo ip */
14058 +@@ -68,11 +68,8 @@ static int axg_frddr_dai_startup(struct snd_pcm_substream *substream,
14059 + * Depth and threshold are zero based.
14060 + */
14061 + fifo_depth = AXG_FIFO_MIN_CNT - 1;
14062 +- fifo_threshold = (AXG_FIFO_MIN_CNT / 2) - 1;
14063 +- regmap_update_bits(fifo->map, FIFO_CTRL1,
14064 +- CTRL1_FRDDR_DEPTH_MASK | CTRL1_THRESHOLD_MASK,
14065 +- CTRL1_FRDDR_DEPTH(fifo_depth) |
14066 +- CTRL1_THRESHOLD(fifo_threshold));
14067 ++ regmap_update_bits(fifo->map, FIFO_CTRL1, CTRL1_FRDDR_DEPTH_MASK,
14068 ++ CTRL1_FRDDR_DEPTH(fifo_depth));
14069 +
14070 + return 0;
14071 + }
14072 +@@ -153,8 +150,9 @@ static const struct snd_soc_component_driver axg_frddr_component_drv = {
14073 + };
14074 +
14075 + static const struct axg_fifo_match_data axg_frddr_match_data = {
14076 +- .component_drv = &axg_frddr_component_drv,
14077 +- .dai_drv = &axg_frddr_dai_drv
14078 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
14079 ++ .component_drv = &axg_frddr_component_drv,
14080 ++ .dai_drv = &axg_frddr_dai_drv
14081 + };
14082 +
14083 + static const struct snd_soc_dai_ops g12a_frddr_ops = {
14084 +@@ -271,8 +269,9 @@ static const struct snd_soc_component_driver g12a_frddr_component_drv = {
14085 + };
14086 +
14087 + static const struct axg_fifo_match_data g12a_frddr_match_data = {
14088 +- .component_drv = &g12a_frddr_component_drv,
14089 +- .dai_drv = &g12a_frddr_dai_drv
14090 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
14091 ++ .component_drv = &g12a_frddr_component_drv,
14092 ++ .dai_drv = &g12a_frddr_dai_drv
14093 + };
14094 +
14095 + /* On SM1, the output selection in on CTRL2 */
14096 +@@ -335,8 +334,9 @@ static const struct snd_soc_component_driver sm1_frddr_component_drv = {
14097 + };
14098 +
14099 + static const struct axg_fifo_match_data sm1_frddr_match_data = {
14100 +- .component_drv = &sm1_frddr_component_drv,
14101 +- .dai_drv = &g12a_frddr_dai_drv
14102 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
14103 ++ .component_drv = &sm1_frddr_component_drv,
14104 ++ .dai_drv = &g12a_frddr_dai_drv
14105 + };
14106 +
14107 + static const struct of_device_id axg_frddr_of_match[] = {
14108 +diff --git a/sound/soc/meson/axg-toddr.c b/sound/soc/meson/axg-toddr.c
14109 +index c8ea2145f576..ecf41c7549a6 100644
14110 +--- a/sound/soc/meson/axg-toddr.c
14111 ++++ b/sound/soc/meson/axg-toddr.c
14112 +@@ -89,7 +89,6 @@ static int axg_toddr_dai_startup(struct snd_pcm_substream *substream,
14113 + struct snd_soc_dai *dai)
14114 + {
14115 + struct axg_fifo *fifo = snd_soc_dai_get_drvdata(dai);
14116 +- unsigned int fifo_threshold;
14117 + int ret;
14118 +
14119 + /* Enable pclk to access registers and clock the fifo ip */
14120 +@@ -107,11 +106,6 @@ static int axg_toddr_dai_startup(struct snd_pcm_substream *substream,
14121 + /* Apply single buffer mode to the interface */
14122 + regmap_update_bits(fifo->map, FIFO_CTRL0, CTRL0_TODDR_PP_MODE, 0);
14123 +
14124 +- /* TODDR does not have a configurable fifo depth */
14125 +- fifo_threshold = AXG_FIFO_MIN_CNT - 1;
14126 +- regmap_update_bits(fifo->map, FIFO_CTRL1, CTRL1_THRESHOLD_MASK,
14127 +- CTRL1_THRESHOLD(fifo_threshold));
14128 +-
14129 + return 0;
14130 + }
14131 +
14132 +@@ -185,8 +179,9 @@ static const struct snd_soc_component_driver axg_toddr_component_drv = {
14133 + };
14134 +
14135 + static const struct axg_fifo_match_data axg_toddr_match_data = {
14136 +- .component_drv = &axg_toddr_component_drv,
14137 +- .dai_drv = &axg_toddr_dai_drv
14138 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
14139 ++ .component_drv = &axg_toddr_component_drv,
14140 ++ .dai_drv = &axg_toddr_dai_drv
14141 + };
14142 +
14143 + static const struct snd_soc_dai_ops g12a_toddr_ops = {
14144 +@@ -218,8 +213,9 @@ static const struct snd_soc_component_driver g12a_toddr_component_drv = {
14145 + };
14146 +
14147 + static const struct axg_fifo_match_data g12a_toddr_match_data = {
14148 +- .component_drv = &g12a_toddr_component_drv,
14149 +- .dai_drv = &g12a_toddr_dai_drv
14150 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
14151 ++ .component_drv = &g12a_toddr_component_drv,
14152 ++ .dai_drv = &g12a_toddr_dai_drv
14153 + };
14154 +
14155 + static const char * const sm1_toddr_sel_texts[] = {
14156 +@@ -282,8 +278,9 @@ static const struct snd_soc_component_driver sm1_toddr_component_drv = {
14157 + };
14158 +
14159 + static const struct axg_fifo_match_data sm1_toddr_match_data = {
14160 +- .component_drv = &sm1_toddr_component_drv,
14161 +- .dai_drv = &g12a_toddr_dai_drv
14162 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 12, 23),
14163 ++ .component_drv = &sm1_toddr_component_drv,
14164 ++ .dai_drv = &g12a_toddr_dai_drv
14165 + };
14166 +
14167 + static const struct of_device_id axg_toddr_of_match[] = {
14168 +diff --git a/sound/soc/sof/core.c b/sound/soc/sof/core.c
14169 +index 81f28f7ff1a0..12aec140819a 100644
14170 +--- a/sound/soc/sof/core.c
14171 ++++ b/sound/soc/sof/core.c
14172 +@@ -288,6 +288,46 @@ static int sof_machine_check(struct snd_sof_dev *sdev)
14173 + #endif
14174 + }
14175 +
14176 ++/*
14177 ++ * FW Boot State Transition Diagram
14178 ++ *
14179 ++ * +-----------------------------------------------------------------------+
14180 ++ * | |
14181 ++ * ------------------ ------------------ |
14182 ++ * | | | | |
14183 ++ * | BOOT_FAILED | | READY_FAILED |-------------------------+ |
14184 ++ * | | | | | |
14185 ++ * ------------------ ------------------ | |
14186 ++ * ^ ^ | |
14187 ++ * | | | |
14188 ++ * (FW Boot Timeout) (FW_READY FAIL) | |
14189 ++ * | | | |
14190 ++ * | | | |
14191 ++ * ------------------ | ------------------ | |
14192 ++ * | | | | | | |
14193 ++ * | IN_PROGRESS |---------------+------------->| COMPLETE | | |
14194 ++ * | | (FW Boot OK) (FW_READY OK) | | | |
14195 ++ * ------------------ ------------------ | |
14196 ++ * ^ | | |
14197 ++ * | | | |
14198 ++ * (FW Loading OK) (System Suspend/Runtime Suspend)
14199 ++ * | | | |
14200 ++ * | | | |
14201 ++ * ------------------ ------------------ | | |
14202 ++ * | | | |<-----+ | |
14203 ++ * | PREPARE | | NOT_STARTED |<---------------------+ |
14204 ++ * | | | |<---------------------------+
14205 ++ * ------------------ ------------------
14206 ++ * | ^ | ^
14207 ++ * | | | |
14208 ++ * | +-----------------------+ |
14209 ++ * | (DSP Probe OK) |
14210 ++ * | |
14211 ++ * | |
14212 ++ * +------------------------------------+
14213 ++ * (System Suspend/Runtime Suspend)
14214 ++ */
14215 ++
14216 + static int sof_probe_continue(struct snd_sof_dev *sdev)
14217 + {
14218 + struct snd_sof_pdata *plat_data = sdev->pdata;
14219 +@@ -303,6 +343,8 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
14220 + return ret;
14221 + }
14222 +
14223 ++ sdev->fw_state = SOF_FW_BOOT_PREPARE;
14224 ++
14225 + /* check machine info */
14226 + ret = sof_machine_check(sdev);
14227 + if (ret < 0) {
14228 +@@ -342,7 +384,12 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
14229 + goto fw_load_err;
14230 + }
14231 +
14232 +- /* boot the firmware */
14233 ++ sdev->fw_state = SOF_FW_BOOT_IN_PROGRESS;
14234 ++
14235 ++ /*
14236 ++ * Boot the firmware. The FW boot status will be modified
14237 ++ * in snd_sof_run_firmware() depending on the outcome.
14238 ++ */
14239 + ret = snd_sof_run_firmware(sdev);
14240 + if (ret < 0) {
14241 + dev_err(sdev->dev, "error: failed to boot DSP firmware %d\n",
14242 +@@ -368,7 +415,7 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
14243 + if (ret < 0) {
14244 + dev_err(sdev->dev,
14245 + "error: failed to register DSP DAI driver %d\n", ret);
14246 +- goto fw_run_err;
14247 ++ goto fw_trace_err;
14248 + }
14249 +
14250 + drv_name = plat_data->machine->drv_name;
14251 +@@ -382,7 +429,7 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
14252 +
14253 + if (IS_ERR(plat_data->pdev_mach)) {
14254 + ret = PTR_ERR(plat_data->pdev_mach);
14255 +- goto fw_run_err;
14256 ++ goto fw_trace_err;
14257 + }
14258 +
14259 + dev_dbg(sdev->dev, "created machine %s\n",
14260 +@@ -393,7 +440,8 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
14261 +
14262 + return 0;
14263 +
14264 +-#if !IS_ENABLED(CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE)
14265 ++fw_trace_err:
14266 ++ snd_sof_free_trace(sdev);
14267 + fw_run_err:
14268 + snd_sof_fw_unload(sdev);
14269 + fw_load_err:
14270 +@@ -402,21 +450,10 @@ ipc_err:
14271 + snd_sof_free_debug(sdev);
14272 + dbg_err:
14273 + snd_sof_remove(sdev);
14274 +-#else
14275 +-
14276 +- /*
14277 +- * when the probe_continue is handled in a work queue, the
14278 +- * probe does not fail so we don't release resources here.
14279 +- * They will be released with an explicit call to
14280 +- * snd_sof_device_remove() when the PCI/ACPI device is removed
14281 +- */
14282 +
14283 +-fw_run_err:
14284 +-fw_load_err:
14285 +-ipc_err:
14286 +-dbg_err:
14287 +-
14288 +-#endif
14289 ++ /* all resources freed, update state to match */
14290 ++ sdev->fw_state = SOF_FW_BOOT_NOT_STARTED;
14291 ++ sdev->first_boot = true;
14292 +
14293 + return ret;
14294 + }
14295 +@@ -447,6 +484,7 @@ int snd_sof_device_probe(struct device *dev, struct snd_sof_pdata *plat_data)
14296 +
14297 + sdev->pdata = plat_data;
14298 + sdev->first_boot = true;
14299 ++ sdev->fw_state = SOF_FW_BOOT_NOT_STARTED;
14300 + dev_set_drvdata(dev, sdev);
14301 +
14302 + /* check all mandatory ops */
14303 +@@ -494,10 +532,12 @@ int snd_sof_device_remove(struct device *dev)
14304 + if (IS_ENABLED(CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE))
14305 + cancel_work_sync(&sdev->probe_work);
14306 +
14307 +- snd_sof_fw_unload(sdev);
14308 +- snd_sof_ipc_free(sdev);
14309 +- snd_sof_free_debug(sdev);
14310 +- snd_sof_free_trace(sdev);
14311 ++ if (sdev->fw_state > SOF_FW_BOOT_NOT_STARTED) {
14312 ++ snd_sof_fw_unload(sdev);
14313 ++ snd_sof_ipc_free(sdev);
14314 ++ snd_sof_free_debug(sdev);
14315 ++ snd_sof_free_trace(sdev);
14316 ++ }
14317 +
14318 + /*
14319 + * Unregister machine driver. This will unbind the snd_card which
14320 +@@ -513,7 +553,8 @@ int snd_sof_device_remove(struct device *dev)
14321 + * scheduled on, when they are unloaded. Therefore, the DSP must be
14322 + * removed only after the topology has been unloaded.
14323 + */
14324 +- snd_sof_remove(sdev);
14325 ++ if (sdev->fw_state > SOF_FW_BOOT_NOT_STARTED)
14326 ++ snd_sof_remove(sdev);
14327 +
14328 + /* release firmware */
14329 + release_firmware(pdata->fw);
14330 +diff --git a/sound/soc/sof/intel/hda-loader.c b/sound/soc/sof/intel/hda-loader.c
14331 +index 65c2af3fcaab..356bb134ae93 100644
14332 +--- a/sound/soc/sof/intel/hda-loader.c
14333 ++++ b/sound/soc/sof/intel/hda-loader.c
14334 +@@ -278,7 +278,6 @@ int hda_dsp_cl_boot_firmware(struct snd_sof_dev *sdev)
14335 +
14336 + /* init for booting wait */
14337 + init_waitqueue_head(&sdev->boot_wait);
14338 +- sdev->boot_complete = false;
14339 +
14340 + /* prepare DMA for code loader stream */
14341 + tag = cl_stream_prepare(sdev, 0x40, stripped_firmware.size,
14342 +diff --git a/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
14343 +index 5a5163eef2ef..3c4b604412f0 100644
14344 +--- a/sound/soc/sof/intel/hda.c
14345 ++++ b/sound/soc/sof/intel/hda.c
14346 +@@ -166,7 +166,7 @@ void hda_dsp_dump_skl(struct snd_sof_dev *sdev, u32 flags)
14347 + panic = snd_sof_dsp_read(sdev, HDA_DSP_BAR,
14348 + HDA_ADSP_ERROR_CODE_SKL + 0x4);
14349 +
14350 +- if (sdev->boot_complete) {
14351 ++ if (sdev->fw_state == SOF_FW_BOOT_COMPLETE) {
14352 + hda_dsp_get_registers(sdev, &xoops, &panic_info, stack,
14353 + HDA_DSP_STACK_DUMP_SIZE);
14354 + snd_sof_get_status(sdev, status, panic, &xoops, &panic_info,
14355 +@@ -193,7 +193,7 @@ void hda_dsp_dump(struct snd_sof_dev *sdev, u32 flags)
14356 + HDA_DSP_SRAM_REG_FW_STATUS);
14357 + panic = snd_sof_dsp_read(sdev, HDA_DSP_BAR, HDA_DSP_SRAM_REG_FW_TRACEP);
14358 +
14359 +- if (sdev->boot_complete) {
14360 ++ if (sdev->fw_state == SOF_FW_BOOT_COMPLETE) {
14361 + hda_dsp_get_registers(sdev, &xoops, &panic_info, stack,
14362 + HDA_DSP_STACK_DUMP_SIZE);
14363 + snd_sof_get_status(sdev, status, panic, &xoops, &panic_info,
14364 +diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
14365 +index 7b6d69783e16..8984d965037d 100644
14366 +--- a/sound/soc/sof/ipc.c
14367 ++++ b/sound/soc/sof/ipc.c
14368 +@@ -348,19 +348,12 @@ void snd_sof_ipc_msgs_rx(struct snd_sof_dev *sdev)
14369 + break;
14370 + case SOF_IPC_FW_READY:
14371 + /* check for FW boot completion */
14372 +- if (!sdev->boot_complete) {
14373 ++ if (sdev->fw_state == SOF_FW_BOOT_IN_PROGRESS) {
14374 + err = sof_ops(sdev)->fw_ready(sdev, cmd);
14375 +- if (err < 0) {
14376 +- /*
14377 +- * this indicates a mismatch in ABI
14378 +- * between the driver and fw
14379 +- */
14380 +- dev_err(sdev->dev, "error: ABI mismatch %d\n",
14381 +- err);
14382 +- } else {
14383 +- /* firmware boot completed OK */
14384 +- sdev->boot_complete = true;
14385 +- }
14386 ++ if (err < 0)
14387 ++ sdev->fw_state = SOF_FW_BOOT_READY_FAILED;
14388 ++ else
14389 ++ sdev->fw_state = SOF_FW_BOOT_COMPLETE;
14390 +
14391 + /* wake up firmware loader */
14392 + wake_up(&sdev->boot_wait);
14393 +diff --git a/sound/soc/sof/loader.c b/sound/soc/sof/loader.c
14394 +index a041adf0669d..ce114df5e4fc 100644
14395 +--- a/sound/soc/sof/loader.c
14396 ++++ b/sound/soc/sof/loader.c
14397 +@@ -511,7 +511,6 @@ int snd_sof_run_firmware(struct snd_sof_dev *sdev)
14398 + int init_core_mask;
14399 +
14400 + init_waitqueue_head(&sdev->boot_wait);
14401 +- sdev->boot_complete = false;
14402 +
14403 + /* create read-only fw_version debugfs to store boot version info */
14404 + if (sdev->first_boot) {
14405 +@@ -543,19 +542,27 @@ int snd_sof_run_firmware(struct snd_sof_dev *sdev)
14406 +
14407 + init_core_mask = ret;
14408 +
14409 +- /* now wait for the DSP to boot */
14410 +- ret = wait_event_timeout(sdev->boot_wait, sdev->boot_complete,
14411 ++ /*
14412 ++ * now wait for the DSP to boot. There are 3 possible outcomes:
14413 ++ * 1. Boot wait times out indicating FW boot failure.
14414 ++ * 2. FW boots successfully and fw_ready op succeeds.
14415 ++ * 3. FW boots but fw_ready op fails.
14416 ++ */
14417 ++ ret = wait_event_timeout(sdev->boot_wait,
14418 ++ sdev->fw_state > SOF_FW_BOOT_IN_PROGRESS,
14419 + msecs_to_jiffies(sdev->boot_timeout));
14420 + if (ret == 0) {
14421 + dev_err(sdev->dev, "error: firmware boot failure\n");
14422 + snd_sof_dsp_dbg_dump(sdev, SOF_DBG_REGS | SOF_DBG_MBOX |
14423 + SOF_DBG_TEXT | SOF_DBG_PCI);
14424 +- /* after this point FW_READY msg should be ignored */
14425 +- sdev->boot_complete = true;
14426 ++ sdev->fw_state = SOF_FW_BOOT_FAILED;
14427 + return -EIO;
14428 + }
14429 +
14430 +- dev_info(sdev->dev, "firmware boot complete\n");
14431 ++ if (sdev->fw_state == SOF_FW_BOOT_COMPLETE)
14432 ++ dev_info(sdev->dev, "firmware boot complete\n");
14433 ++ else
14434 ++ return -EIO; /* FW boots but fw_ready op failed */
14435 +
14436 + /* perform post fw run operations */
14437 + ret = snd_sof_dsp_post_fw_run(sdev);
14438 +diff --git a/sound/soc/sof/pm.c b/sound/soc/sof/pm.c
14439 +index e23beaeefe00..195af259e78e 100644
14440 +--- a/sound/soc/sof/pm.c
14441 ++++ b/sound/soc/sof/pm.c
14442 +@@ -269,6 +269,10 @@ static int sof_resume(struct device *dev, bool runtime_resume)
14443 + if (!sof_ops(sdev)->resume || !sof_ops(sdev)->runtime_resume)
14444 + return 0;
14445 +
14446 ++ /* DSP was never successfully started, nothing to resume */
14447 ++ if (sdev->first_boot)
14448 ++ return 0;
14449 ++
14450 + /*
14451 + * if the runtime_resume flag is set, call the runtime_resume routine
14452 + * or else call the system resume routine
14453 +@@ -283,6 +287,8 @@ static int sof_resume(struct device *dev, bool runtime_resume)
14454 + return ret;
14455 + }
14456 +
14457 ++ sdev->fw_state = SOF_FW_BOOT_PREPARE;
14458 ++
14459 + /* load the firmware */
14460 + ret = snd_sof_load_firmware(sdev);
14461 + if (ret < 0) {
14462 +@@ -292,7 +298,12 @@ static int sof_resume(struct device *dev, bool runtime_resume)
14463 + return ret;
14464 + }
14465 +
14466 +- /* boot the firmware */
14467 ++ sdev->fw_state = SOF_FW_BOOT_IN_PROGRESS;
14468 ++
14469 ++ /*
14470 ++ * Boot the firmware. The FW boot status will be modified
14471 ++ * in snd_sof_run_firmware() depending on the outcome.
14472 ++ */
14473 + ret = snd_sof_run_firmware(sdev);
14474 + if (ret < 0) {
14475 + dev_err(sdev->dev,
14476 +@@ -338,6 +349,9 @@ static int sof_suspend(struct device *dev, bool runtime_suspend)
14477 + if (!sof_ops(sdev)->suspend)
14478 + return 0;
14479 +
14480 ++ if (sdev->fw_state != SOF_FW_BOOT_COMPLETE)
14481 ++ goto power_down;
14482 ++
14483 + /* release trace */
14484 + snd_sof_release_trace(sdev);
14485 +
14486 +@@ -375,6 +389,12 @@ static int sof_suspend(struct device *dev, bool runtime_suspend)
14487 + ret);
14488 + }
14489 +
14490 ++power_down:
14491 ++
14492 ++ /* return if the DSP was not probed successfully */
14493 ++ if (sdev->fw_state == SOF_FW_BOOT_NOT_STARTED)
14494 ++ return 0;
14495 ++
14496 + /* power down all DSP cores */
14497 + if (runtime_suspend)
14498 + ret = snd_sof_dsp_runtime_suspend(sdev);
14499 +@@ -385,6 +405,9 @@ static int sof_suspend(struct device *dev, bool runtime_suspend)
14500 + "error: failed to power down DSP during suspend %d\n",
14501 + ret);
14502 +
14503 ++ /* reset FW state */
14504 ++ sdev->fw_state = SOF_FW_BOOT_NOT_STARTED;
14505 ++
14506 + return ret;
14507 + }
14508 +
14509 +diff --git a/sound/soc/sof/sof-priv.h b/sound/soc/sof/sof-priv.h
14510 +index 730f3259dd02..7b329bd99674 100644
14511 +--- a/sound/soc/sof/sof-priv.h
14512 ++++ b/sound/soc/sof/sof-priv.h
14513 +@@ -356,6 +356,15 @@ struct snd_sof_dai {
14514 + struct list_head list; /* list in sdev dai list */
14515 + };
14516 +
14517 ++enum snd_sof_fw_state {
14518 ++ SOF_FW_BOOT_NOT_STARTED = 0,
14519 ++ SOF_FW_BOOT_PREPARE,
14520 ++ SOF_FW_BOOT_IN_PROGRESS,
14521 ++ SOF_FW_BOOT_FAILED,
14522 ++ SOF_FW_BOOT_READY_FAILED, /* firmware booted but fw_ready op failed */
14523 ++ SOF_FW_BOOT_COMPLETE,
14524 ++};
14525 ++
14526 + /*
14527 + * SOF Device Level.
14528 + */
14529 +@@ -372,7 +381,7 @@ struct snd_sof_dev {
14530 +
14531 + /* DSP firmware boot */
14532 + wait_queue_head_t boot_wait;
14533 +- u32 boot_complete;
14534 ++ enum snd_sof_fw_state fw_state;
14535 + u32 first_boot;
14536 +
14537 + /* work queue in case the probe is implemented in two steps */
14538 +diff --git a/sound/usb/mixer_scarlett_gen2.c b/sound/usb/mixer_scarlett_gen2.c
14539 +index 94b903d95afa..74c00c905d24 100644
14540 +--- a/sound/usb/mixer_scarlett_gen2.c
14541 ++++ b/sound/usb/mixer_scarlett_gen2.c
14542 +@@ -558,11 +558,11 @@ static const struct scarlett2_config
14543 +
14544 + /* proprietary request/response format */
14545 + struct scarlett2_usb_packet {
14546 +- u32 cmd;
14547 +- u16 size;
14548 +- u16 seq;
14549 +- u32 error;
14550 +- u32 pad;
14551 ++ __le32 cmd;
14552 ++ __le16 size;
14553 ++ __le16 seq;
14554 ++ __le32 error;
14555 ++ __le32 pad;
14556 + u8 data[];
14557 + };
14558 +
14559 +@@ -664,11 +664,11 @@ static int scarlett2_usb(
14560 + "Scarlett Gen 2 USB invalid response; "
14561 + "cmd tx/rx %d/%d seq %d/%d size %d/%d "
14562 + "error %d pad %d\n",
14563 +- le16_to_cpu(req->cmd), le16_to_cpu(resp->cmd),
14564 ++ le32_to_cpu(req->cmd), le32_to_cpu(resp->cmd),
14565 + le16_to_cpu(req->seq), le16_to_cpu(resp->seq),
14566 + resp_size, le16_to_cpu(resp->size),
14567 +- le16_to_cpu(resp->error),
14568 +- le16_to_cpu(resp->pad));
14569 ++ le32_to_cpu(resp->error),
14570 ++ le32_to_cpu(resp->pad));
14571 + err = -EINVAL;
14572 + goto unlock;
14573 + }
14574 +@@ -687,7 +687,7 @@ error:
14575 + /* Send SCARLETT2_USB_DATA_CMD SCARLETT2_USB_CONFIG_SAVE */
14576 + static void scarlett2_config_save(struct usb_mixer_interface *mixer)
14577 + {
14578 +- u32 req = cpu_to_le32(SCARLETT2_USB_CONFIG_SAVE);
14579 ++ __le32 req = cpu_to_le32(SCARLETT2_USB_CONFIG_SAVE);
14580 +
14581 + scarlett2_usb(mixer, SCARLETT2_USB_DATA_CMD,
14582 + &req, sizeof(u32),
14583 +@@ -713,11 +713,11 @@ static int scarlett2_usb_set_config(
14584 + const struct scarlett2_config config_item =
14585 + scarlett2_config_items[config_item_num];
14586 + struct {
14587 +- u32 offset;
14588 +- u32 bytes;
14589 +- s32 value;
14590 ++ __le32 offset;
14591 ++ __le32 bytes;
14592 ++ __le32 value;
14593 + } __packed req;
14594 +- u32 req2;
14595 ++ __le32 req2;
14596 + int err;
14597 + struct scarlett2_mixer_data *private = mixer->private_data;
14598 +
14599 +@@ -753,8 +753,8 @@ static int scarlett2_usb_get(
14600 + int offset, void *buf, int size)
14601 + {
14602 + struct {
14603 +- u32 offset;
14604 +- u32 size;
14605 ++ __le32 offset;
14606 ++ __le32 size;
14607 + } __packed req;
14608 +
14609 + req.offset = cpu_to_le32(offset);
14610 +@@ -794,8 +794,8 @@ static int scarlett2_usb_set_mix(struct usb_mixer_interface *mixer,
14611 + const struct scarlett2_device_info *info = private->info;
14612 +
14613 + struct {
14614 +- u16 mix_num;
14615 +- u16 data[SCARLETT2_INPUT_MIX_MAX];
14616 ++ __le16 mix_num;
14617 ++ __le16 data[SCARLETT2_INPUT_MIX_MAX];
14618 + } __packed req;
14619 +
14620 + int i, j;
14621 +@@ -850,9 +850,9 @@ static int scarlett2_usb_set_mux(struct usb_mixer_interface *mixer)
14622 + };
14623 +
14624 + struct {
14625 +- u16 pad;
14626 +- u16 num;
14627 +- u32 data[SCARLETT2_MUX_MAX];
14628 ++ __le16 pad;
14629 ++ __le16 num;
14630 ++ __le32 data[SCARLETT2_MUX_MAX];
14631 + } __packed req;
14632 +
14633 + req.pad = 0;
14634 +@@ -911,9 +911,9 @@ static int scarlett2_usb_get_meter_levels(struct usb_mixer_interface *mixer,
14635 + u16 *levels)
14636 + {
14637 + struct {
14638 +- u16 pad;
14639 +- u16 num_meters;
14640 +- u32 magic;
14641 ++ __le16 pad;
14642 ++ __le16 num_meters;
14643 ++ __le32 magic;
14644 + } __packed req;
14645 + u32 resp[SCARLETT2_NUM_METERS];
14646 + int i, err;
14647 +diff --git a/sound/usb/validate.c b/sound/usb/validate.c
14648 +index 389e8657434a..5a3c4f7882b0 100644
14649 +--- a/sound/usb/validate.c
14650 ++++ b/sound/usb/validate.c
14651 +@@ -110,7 +110,7 @@ static bool validate_processing_unit(const void *p,
14652 + default:
14653 + if (v->type == UAC1_EXTENSION_UNIT)
14654 + return true; /* OK */
14655 +- switch (d->wProcessType) {
14656 ++ switch (le16_to_cpu(d->wProcessType)) {
14657 + case UAC_PROCESS_UP_DOWNMIX:
14658 + case UAC_PROCESS_DOLBY_PROLOGIC:
14659 + if (d->bLength < len + 1) /* bNrModes */
14660 +@@ -125,7 +125,7 @@ static bool validate_processing_unit(const void *p,
14661 + case UAC_VERSION_2:
14662 + if (v->type == UAC2_EXTENSION_UNIT_V2)
14663 + return true; /* OK */
14664 +- switch (d->wProcessType) {
14665 ++ switch (le16_to_cpu(d->wProcessType)) {
14666 + case UAC2_PROCESS_UP_DOWNMIX:
14667 + case UAC2_PROCESS_DOLBY_PROLOCIC: /* SiC! */
14668 + if (d->bLength < len + 1) /* bNrModes */
14669 +@@ -142,7 +142,7 @@ static bool validate_processing_unit(const void *p,
14670 + len += 2; /* wClusterDescrID */
14671 + break;
14672 + }
14673 +- switch (d->wProcessType) {
14674 ++ switch (le16_to_cpu(d->wProcessType)) {
14675 + case UAC3_PROCESS_UP_DOWNMIX:
14676 + if (d->bLength < len + 1) /* bNrModes */
14677 + return false;
14678 +diff --git a/tools/kvm/kvm_stat/kvm_stat b/tools/kvm/kvm_stat/kvm_stat
14679 +index ad1b9e646c49..4cf93110c259 100755
14680 +--- a/tools/kvm/kvm_stat/kvm_stat
14681 ++++ b/tools/kvm/kvm_stat/kvm_stat
14682 +@@ -270,6 +270,7 @@ class ArchX86(Arch):
14683 + def __init__(self, exit_reasons):
14684 + self.sc_perf_evt_open = 298
14685 + self.ioctl_numbers = IOCTL_NUMBERS
14686 ++ self.exit_reason_field = 'exit_reason'
14687 + self.exit_reasons = exit_reasons
14688 +
14689 + def debugfs_is_child(self, field):
14690 +@@ -289,6 +290,7 @@ class ArchPPC(Arch):
14691 + # numbers depend on the wordsize.
14692 + char_ptr_size = ctypes.sizeof(ctypes.c_char_p)
14693 + self.ioctl_numbers['SET_FILTER'] = 0x80002406 | char_ptr_size << 16
14694 ++ self.exit_reason_field = 'exit_nr'
14695 + self.exit_reasons = {}
14696 +
14697 + def debugfs_is_child(self, field):
14698 +@@ -300,6 +302,7 @@ class ArchA64(Arch):
14699 + def __init__(self):
14700 + self.sc_perf_evt_open = 241
14701 + self.ioctl_numbers = IOCTL_NUMBERS
14702 ++ self.exit_reason_field = 'esr_ec'
14703 + self.exit_reasons = AARCH64_EXIT_REASONS
14704 +
14705 + def debugfs_is_child(self, field):
14706 +@@ -311,6 +314,7 @@ class ArchS390(Arch):
14707 + def __init__(self):
14708 + self.sc_perf_evt_open = 331
14709 + self.ioctl_numbers = IOCTL_NUMBERS
14710 ++ self.exit_reason_field = None
14711 + self.exit_reasons = None
14712 +
14713 + def debugfs_is_child(self, field):
14714 +@@ -541,8 +545,8 @@ class TracepointProvider(Provider):
14715 + """
14716 + filters = {}
14717 + filters['kvm_userspace_exit'] = ('reason', USERSPACE_EXIT_REASONS)
14718 +- if ARCH.exit_reasons:
14719 +- filters['kvm_exit'] = ('exit_reason', ARCH.exit_reasons)
14720 ++ if ARCH.exit_reason_field and ARCH.exit_reasons:
14721 ++ filters['kvm_exit'] = (ARCH.exit_reason_field, ARCH.exit_reasons)
14722 + return filters
14723 +
14724 + def _get_available_fields(self):
14725 +diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
14726 +index d98838c5820c..b6403712c2f4 100644
14727 +--- a/tools/lib/bpf/libbpf.c
14728 ++++ b/tools/lib/bpf/libbpf.c
14729 +@@ -2541,7 +2541,9 @@ static struct ids_vec *bpf_core_find_cands(const struct btf *local_btf,
14730 + if (strncmp(local_name, targ_name, local_essent_len) == 0) {
14731 + pr_debug("[%d] %s: found candidate [%d] %s\n",
14732 + local_type_id, local_name, i, targ_name);
14733 +- new_ids = realloc(cand_ids->data, cand_ids->len + 1);
14734 ++ new_ids = reallocarray(cand_ids->data,
14735 ++ cand_ids->len + 1,
14736 ++ sizeof(*cand_ids->data));
14737 + if (!new_ids) {
14738 + err = -ENOMEM;
14739 + goto err_out;
14740 +diff --git a/tools/objtool/sync-check.sh b/tools/objtool/sync-check.sh
14741 +index 0a832e265a50..c3ae1e8ae119 100755
14742 +--- a/tools/objtool/sync-check.sh
14743 ++++ b/tools/objtool/sync-check.sh
14744 +@@ -47,5 +47,3 @@ check arch/x86/include/asm/inat.h '-I "^#include [\"<]\(asm/\)*inat_types.h[
14745 + check arch/x86/include/asm/insn.h '-I "^#include [\"<]\(asm/\)*inat.h[\">]"'
14746 + check arch/x86/lib/inat.c '-I "^#include [\"<]\(../include/\)*asm/insn.h[\">]"'
14747 + check arch/x86/lib/insn.c '-I "^#include [\"<]\(../include/\)*asm/in\(at\|sn\).h[\">]"'
14748 +-
14749 +-cd -
14750 +diff --git a/tools/power/cpupower/lib/cpufreq.c b/tools/power/cpupower/lib/cpufreq.c
14751 +index 2f55d4d23446..6e04304560ca 100644
14752 +--- a/tools/power/cpupower/lib/cpufreq.c
14753 ++++ b/tools/power/cpupower/lib/cpufreq.c
14754 +@@ -332,21 +332,74 @@ void cpufreq_put_available_governors(struct cpufreq_available_governors *any)
14755 + }
14756 +
14757 +
14758 +-struct cpufreq_frequencies
14759 +-*cpufreq_get_frequencies(const char *type, unsigned int cpu)
14760 ++struct cpufreq_available_frequencies
14761 ++*cpufreq_get_available_frequencies(unsigned int cpu)
14762 + {
14763 +- struct cpufreq_frequencies *first = NULL;
14764 +- struct cpufreq_frequencies *current = NULL;
14765 ++ struct cpufreq_available_frequencies *first = NULL;
14766 ++ struct cpufreq_available_frequencies *current = NULL;
14767 + char one_value[SYSFS_PATH_MAX];
14768 + char linebuf[MAX_LINE_LEN];
14769 +- char fname[MAX_LINE_LEN];
14770 + unsigned int pos, i;
14771 + unsigned int len;
14772 +
14773 +- snprintf(fname, MAX_LINE_LEN, "scaling_%s_frequencies", type);
14774 ++ len = sysfs_cpufreq_read_file(cpu, "scaling_available_frequencies",
14775 ++ linebuf, sizeof(linebuf));
14776 ++ if (len == 0)
14777 ++ return NULL;
14778 +
14779 +- len = sysfs_cpufreq_read_file(cpu, fname,
14780 +- linebuf, sizeof(linebuf));
14781 ++ pos = 0;
14782 ++ for (i = 0; i < len; i++) {
14783 ++ if (linebuf[i] == ' ' || linebuf[i] == '\n') {
14784 ++ if (i - pos < 2)
14785 ++ continue;
14786 ++ if (i - pos >= SYSFS_PATH_MAX)
14787 ++ goto error_out;
14788 ++ if (current) {
14789 ++ current->next = malloc(sizeof(*current));
14790 ++ if (!current->next)
14791 ++ goto error_out;
14792 ++ current = current->next;
14793 ++ } else {
14794 ++ first = malloc(sizeof(*first));
14795 ++ if (!first)
14796 ++ goto error_out;
14797 ++ current = first;
14798 ++ }
14799 ++ current->first = first;
14800 ++ current->next = NULL;
14801 ++
14802 ++ memcpy(one_value, linebuf + pos, i - pos);
14803 ++ one_value[i - pos] = '\0';
14804 ++ if (sscanf(one_value, "%lu", &current->frequency) != 1)
14805 ++ goto error_out;
14806 ++
14807 ++ pos = i + 1;
14808 ++ }
14809 ++ }
14810 ++
14811 ++ return first;
14812 ++
14813 ++ error_out:
14814 ++ while (first) {
14815 ++ current = first->next;
14816 ++ free(first);
14817 ++ first = current;
14818 ++ }
14819 ++ return NULL;
14820 ++}
14821 ++
14822 ++struct cpufreq_available_frequencies
14823 ++*cpufreq_get_boost_frequencies(unsigned int cpu)
14824 ++{
14825 ++ struct cpufreq_available_frequencies *first = NULL;
14826 ++ struct cpufreq_available_frequencies *current = NULL;
14827 ++ char one_value[SYSFS_PATH_MAX];
14828 ++ char linebuf[MAX_LINE_LEN];
14829 ++ unsigned int pos, i;
14830 ++ unsigned int len;
14831 ++
14832 ++ len = sysfs_cpufreq_read_file(cpu, "scaling_boost_frequencies",
14833 ++ linebuf, sizeof(linebuf));
14834 + if (len == 0)
14835 + return NULL;
14836 +
14837 +@@ -391,9 +444,9 @@ struct cpufreq_frequencies
14838 + return NULL;
14839 + }
14840 +
14841 +-void cpufreq_put_frequencies(struct cpufreq_frequencies *any)
14842 ++void cpufreq_put_available_frequencies(struct cpufreq_available_frequencies *any)
14843 + {
14844 +- struct cpufreq_frequencies *tmp, *next;
14845 ++ struct cpufreq_available_frequencies *tmp, *next;
14846 +
14847 + if (!any)
14848 + return;
14849 +@@ -406,6 +459,11 @@ void cpufreq_put_frequencies(struct cpufreq_frequencies *any)
14850 + }
14851 + }
14852 +
14853 ++void cpufreq_put_boost_frequencies(struct cpufreq_available_frequencies *any)
14854 ++{
14855 ++ cpufreq_put_available_frequencies(any);
14856 ++}
14857 ++
14858 + static struct cpufreq_affected_cpus *sysfs_get_cpu_list(unsigned int cpu,
14859 + const char *file)
14860 + {
14861 +diff --git a/tools/power/cpupower/lib/cpufreq.h b/tools/power/cpupower/lib/cpufreq.h
14862 +index a55f0d19215b..95f4fd9e2656 100644
14863 +--- a/tools/power/cpupower/lib/cpufreq.h
14864 ++++ b/tools/power/cpupower/lib/cpufreq.h
14865 +@@ -20,10 +20,10 @@ struct cpufreq_available_governors {
14866 + struct cpufreq_available_governors *first;
14867 + };
14868 +
14869 +-struct cpufreq_frequencies {
14870 ++struct cpufreq_available_frequencies {
14871 + unsigned long frequency;
14872 +- struct cpufreq_frequencies *next;
14873 +- struct cpufreq_frequencies *first;
14874 ++ struct cpufreq_available_frequencies *next;
14875 ++ struct cpufreq_available_frequencies *first;
14876 + };
14877 +
14878 +
14879 +@@ -124,11 +124,17 @@ void cpufreq_put_available_governors(
14880 + * cpufreq_put_frequencies after use.
14881 + */
14882 +
14883 +-struct cpufreq_frequencies
14884 +-*cpufreq_get_frequencies(const char *type, unsigned int cpu);
14885 ++struct cpufreq_available_frequencies
14886 ++*cpufreq_get_available_frequencies(unsigned int cpu);
14887 +
14888 +-void cpufreq_put_frequencies(
14889 +- struct cpufreq_frequencies *first);
14890 ++void cpufreq_put_available_frequencies(
14891 ++ struct cpufreq_available_frequencies *first);
14892 ++
14893 ++struct cpufreq_available_frequencies
14894 ++*cpufreq_get_boost_frequencies(unsigned int cpu);
14895 ++
14896 ++void cpufreq_put_boost_frequencies(
14897 ++ struct cpufreq_available_frequencies *first);
14898 +
14899 +
14900 + /* determine affected CPUs
14901 +diff --git a/tools/power/cpupower/utils/cpufreq-info.c b/tools/power/cpupower/utils/cpufreq-info.c
14902 +index e63cf55f81cf..6efc0f6b1b11 100644
14903 +--- a/tools/power/cpupower/utils/cpufreq-info.c
14904 ++++ b/tools/power/cpupower/utils/cpufreq-info.c
14905 +@@ -244,14 +244,14 @@ static int get_boost_mode_x86(unsigned int cpu)
14906 +
14907 + static int get_boost_mode(unsigned int cpu)
14908 + {
14909 +- struct cpufreq_frequencies *freqs;
14910 ++ struct cpufreq_available_frequencies *freqs;
14911 +
14912 + if (cpupower_cpu_info.vendor == X86_VENDOR_AMD ||
14913 + cpupower_cpu_info.vendor == X86_VENDOR_HYGON ||
14914 + cpupower_cpu_info.vendor == X86_VENDOR_INTEL)
14915 + return get_boost_mode_x86(cpu);
14916 +
14917 +- freqs = cpufreq_get_frequencies("boost", cpu);
14918 ++ freqs = cpufreq_get_boost_frequencies(cpu);
14919 + if (freqs) {
14920 + printf(_(" boost frequency steps: "));
14921 + while (freqs->next) {
14922 +@@ -261,7 +261,7 @@ static int get_boost_mode(unsigned int cpu)
14923 + }
14924 + print_speed(freqs->frequency);
14925 + printf("\n");
14926 +- cpufreq_put_frequencies(freqs);
14927 ++ cpufreq_put_available_frequencies(freqs);
14928 + }
14929 +
14930 + return 0;
14931 +@@ -475,7 +475,7 @@ static int get_latency(unsigned int cpu, unsigned int human)
14932 +
14933 + static void debug_output_one(unsigned int cpu)
14934 + {
14935 +- struct cpufreq_frequencies *freqs;
14936 ++ struct cpufreq_available_frequencies *freqs;
14937 +
14938 + get_driver(cpu);
14939 + get_related_cpus(cpu);
14940 +@@ -483,7 +483,7 @@ static void debug_output_one(unsigned int cpu)
14941 + get_latency(cpu, 1);
14942 + get_hardware_limits(cpu, 1);
14943 +
14944 +- freqs = cpufreq_get_frequencies("available", cpu);
14945 ++ freqs = cpufreq_get_available_frequencies(cpu);
14946 + if (freqs) {
14947 + printf(_(" available frequency steps: "));
14948 + while (freqs->next) {
14949 +@@ -493,7 +493,7 @@ static void debug_output_one(unsigned int cpu)
14950 + }
14951 + print_speed(freqs->frequency);
14952 + printf("\n");
14953 +- cpufreq_put_frequencies(freqs);
14954 ++ cpufreq_put_available_frequencies(freqs);
14955 + }
14956 +
14957 + get_available_governors(cpu);
14958 +diff --git a/tools/testing/selftests/bpf/prog_tests/attach_probe.c b/tools/testing/selftests/bpf/prog_tests/attach_probe.c
14959 +index 5ecc267d98b0..fad615c22e4d 100644
14960 +--- a/tools/testing/selftests/bpf/prog_tests/attach_probe.c
14961 ++++ b/tools/testing/selftests/bpf/prog_tests/attach_probe.c
14962 +@@ -2,7 +2,7 @@
14963 + #include <test_progs.h>
14964 +
14965 + ssize_t get_base_addr() {
14966 +- size_t start;
14967 ++ size_t start, offset;
14968 + char buf[256];
14969 + FILE *f;
14970 +
14971 +@@ -10,10 +10,11 @@ ssize_t get_base_addr() {
14972 + if (!f)
14973 + return -errno;
14974 +
14975 +- while (fscanf(f, "%zx-%*x %s %*s\n", &start, buf) == 2) {
14976 ++ while (fscanf(f, "%zx-%*x %s %zx %*[^\n]\n",
14977 ++ &start, buf, &offset) == 3) {
14978 + if (strcmp(buf, "r-xp") == 0) {
14979 + fclose(f);
14980 +- return start;
14981 ++ return start - offset;
14982 + }
14983 + }
14984 +
14985 +diff --git a/tools/testing/selftests/bpf/prog_tests/perf_buffer.c b/tools/testing/selftests/bpf/prog_tests/perf_buffer.c
14986 +index 3003fddc0613..cf6c87936c69 100644
14987 +--- a/tools/testing/selftests/bpf/prog_tests/perf_buffer.c
14988 ++++ b/tools/testing/selftests/bpf/prog_tests/perf_buffer.c
14989 +@@ -4,6 +4,7 @@
14990 + #include <sched.h>
14991 + #include <sys/socket.h>
14992 + #include <test_progs.h>
14993 ++#include "libbpf_internal.h"
14994 +
14995 + static void on_sample(void *ctx, int cpu, void *data, __u32 size)
14996 + {
14997 +@@ -19,7 +20,7 @@ static void on_sample(void *ctx, int cpu, void *data, __u32 size)
14998 +
14999 + void test_perf_buffer(void)
15000 + {
15001 +- int err, prog_fd, nr_cpus, i, duration = 0;
15002 ++ int err, prog_fd, on_len, nr_on_cpus = 0, nr_cpus, i, duration = 0;
15003 + const char *prog_name = "kprobe/sys_nanosleep";
15004 + const char *file = "./test_perf_buffer.o";
15005 + struct perf_buffer_opts pb_opts = {};
15006 +@@ -29,15 +30,27 @@ void test_perf_buffer(void)
15007 + struct bpf_object *obj;
15008 + struct perf_buffer *pb;
15009 + struct bpf_link *link;
15010 ++ bool *online;
15011 +
15012 + nr_cpus = libbpf_num_possible_cpus();
15013 + if (CHECK(nr_cpus < 0, "nr_cpus", "err %d\n", nr_cpus))
15014 + return;
15015 +
15016 ++ err = parse_cpu_mask_file("/sys/devices/system/cpu/online",
15017 ++ &online, &on_len);
15018 ++ if (CHECK(err, "nr_on_cpus", "err %d\n", err))
15019 ++ return;
15020 ++
15021 ++ for (i = 0; i < on_len; i++)
15022 ++ if (online[i])
15023 ++ nr_on_cpus++;
15024 ++
15025 + /* load program */
15026 + err = bpf_prog_load(file, BPF_PROG_TYPE_KPROBE, &obj, &prog_fd);
15027 +- if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
15028 +- return;
15029 ++ if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno)) {
15030 ++ obj = NULL;
15031 ++ goto out_close;
15032 ++ }
15033 +
15034 + prog = bpf_object__find_program_by_title(obj, prog_name);
15035 + if (CHECK(!prog, "find_probe", "prog '%s' not found\n", prog_name))
15036 +@@ -64,6 +77,11 @@ void test_perf_buffer(void)
15037 + /* trigger kprobe on every CPU */
15038 + CPU_ZERO(&cpu_seen);
15039 + for (i = 0; i < nr_cpus; i++) {
15040 ++ if (i >= on_len || !online[i]) {
15041 ++ printf("skipping offline CPU #%d\n", i);
15042 ++ continue;
15043 ++ }
15044 ++
15045 + CPU_ZERO(&cpu_set);
15046 + CPU_SET(i, &cpu_set);
15047 +
15048 +@@ -81,8 +99,8 @@ void test_perf_buffer(void)
15049 + if (CHECK(err < 0, "perf_buffer__poll", "err %d\n", err))
15050 + goto out_free_pb;
15051 +
15052 +- if (CHECK(CPU_COUNT(&cpu_seen) != nr_cpus, "seen_cpu_cnt",
15053 +- "expect %d, seen %d\n", nr_cpus, CPU_COUNT(&cpu_seen)))
15054 ++ if (CHECK(CPU_COUNT(&cpu_seen) != nr_on_cpus, "seen_cpu_cnt",
15055 ++ "expect %d, seen %d\n", nr_on_cpus, CPU_COUNT(&cpu_seen)))
15056 + goto out_free_pb;
15057 +
15058 + out_free_pb:
15059 +@@ -91,4 +109,5 @@ out_detach:
15060 + bpf_link__destroy(link);
15061 + out_close:
15062 + bpf_object__close(obj);
15063 ++ free(online);
15064 + }
15065 +diff --git a/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c b/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c
15066 +index f62aa0eb959b..1735faf17536 100644
15067 +--- a/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c
15068 ++++ b/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c
15069 +@@ -49,8 +49,12 @@ retry:
15070 + pmu_fd = syscall(__NR_perf_event_open, &attr, -1 /* pid */,
15071 + 0 /* cpu 0 */, -1 /* group id */,
15072 + 0 /* flags */);
15073 +- if (CHECK(pmu_fd < 0, "perf_event_open",
15074 +- "err %d errno %d. Does the test host support PERF_COUNT_HW_CPU_CYCLES?\n",
15075 ++ if (pmu_fd < 0 && errno == ENOENT) {
15076 ++ printf("%s:SKIP:no PERF_COUNT_HW_CPU_CYCLES\n", __func__);
15077 ++ test__skip();
15078 ++ goto cleanup;
15079 ++ }
15080 ++ if (CHECK(pmu_fd < 0, "perf_event_open", "err %d errno %d\n",
15081 + pmu_fd, errno))
15082 + goto close_prog;
15083 +
15084 +diff --git a/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c b/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c
15085 +index ea7d84f01235..e6be383a003f 100644
15086 +--- a/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c
15087 ++++ b/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c
15088 +@@ -113,6 +113,12 @@ int _select_by_skb_data(struct sk_reuseport_md *reuse_md)
15089 + data_check.skb_ports[0] = th->source;
15090 + data_check.skb_ports[1] = th->dest;
15091 +
15092 ++ if (th->fin)
15093 ++ /* The connection is being torn down at the end of a
15094 ++ * test. It can't contain a cmd, so return early.
15095 ++ */
15096 ++ return SK_PASS;
15097 ++
15098 + if ((th->doff << 2) + sizeof(*cmd) > data_check.len)
15099 + GOTO_DONE(DROP_ERR_SKB_DATA);
15100 + if (bpf_skb_load_bytes(reuse_md, th->doff << 2, &cmd_copy,
15101 +diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
15102 +index 4a851513c842..779e11da979c 100644
15103 +--- a/tools/testing/selftests/bpf/test_sockmap.c
15104 ++++ b/tools/testing/selftests/bpf/test_sockmap.c
15105 +@@ -331,7 +331,7 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
15106 + FILE *file;
15107 + int i, fp;
15108 +
15109 +- file = fopen(".sendpage_tst.tmp", "w+");
15110 ++ file = tmpfile();
15111 + if (!file) {
15112 + perror("create file for sendpage");
15113 + return 1;
15114 +@@ -340,13 +340,8 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
15115 + fwrite(&k, sizeof(char), 1, file);
15116 + fflush(file);
15117 + fseek(file, 0, SEEK_SET);
15118 +- fclose(file);
15119 +
15120 +- fp = open(".sendpage_tst.tmp", O_RDONLY);
15121 +- if (fp < 0) {
15122 +- perror("reopen file for sendpage");
15123 +- return 1;
15124 +- }
15125 ++ fp = fileno(file);
15126 +
15127 + clock_gettime(CLOCK_MONOTONIC, &s->start);
15128 + for (i = 0; i < cnt; i++) {
15129 +@@ -354,11 +349,11 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
15130 +
15131 + if (!drop && sent < 0) {
15132 + perror("send loop error");
15133 +- close(fp);
15134 ++ fclose(file);
15135 + return sent;
15136 + } else if (drop && sent >= 0) {
15137 + printf("sendpage loop error expected: %i\n", sent);
15138 +- close(fp);
15139 ++ fclose(file);
15140 + return -EIO;
15141 + }
15142 +
15143 +@@ -366,7 +361,7 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
15144 + s->bytes_sent += sent;
15145 + }
15146 + clock_gettime(CLOCK_MONOTONIC, &s->end);
15147 +- close(fp);
15148 ++ fclose(file);
15149 + return 0;
15150 + }
15151 +
15152 +diff --git a/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py b/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py
15153 +index e98c36750fae..d34fe06268d2 100644
15154 +--- a/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py
15155 ++++ b/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py
15156 +@@ -54,7 +54,7 @@ class SubPlugin(TdcPlugin):
15157 + shell=True,
15158 + stdout=subprocess.PIPE,
15159 + stderr=subprocess.PIPE,
15160 +- env=ENVIR)
15161 ++ env=os.environ.copy())
15162 + (rawout, serr) = proc.communicate()
15163 +
15164 + if proc.returncode != 0 and len(serr) > 0:
15165 +diff --git a/virt/kvm/arm/aarch32.c b/virt/kvm/arm/aarch32.c
15166 +index c4c57ba99e90..631d397ac81b 100644
15167 +--- a/virt/kvm/arm/aarch32.c
15168 ++++ b/virt/kvm/arm/aarch32.c
15169 +@@ -10,6 +10,7 @@
15170 + * Author: Christoffer Dall <c.dall@××××××××××××××××××.com>
15171 + */
15172 +
15173 ++#include <linux/bits.h>
15174 + #include <linux/kvm_host.h>
15175 + #include <asm/kvm_emulate.h>
15176 + #include <asm/kvm_hyp.h>
15177 +@@ -28,25 +29,115 @@ static const u8 return_offsets[8][2] = {
15178 + [7] = { 4, 4 }, /* FIQ, unused */
15179 + };
15180 +
15181 ++/*
15182 ++ * When an exception is taken, most CPSR fields are left unchanged in the
15183 ++ * handler. However, some are explicitly overridden (e.g. M[4:0]).
15184 ++ *
15185 ++ * The SPSR/SPSR_ELx layouts differ, and the below is intended to work with
15186 ++ * either format. Note: SPSR.J bit doesn't exist in SPSR_ELx, but this bit was
15187 ++ * obsoleted by the ARMv7 virtualization extensions and is RES0.
15188 ++ *
15189 ++ * For the SPSR layout seen from AArch32, see:
15190 ++ * - ARM DDI 0406C.d, page B1-1148
15191 ++ * - ARM DDI 0487E.a, page G8-6264
15192 ++ *
15193 ++ * For the SPSR_ELx layout for AArch32 seen from AArch64, see:
15194 ++ * - ARM DDI 0487E.a, page C5-426
15195 ++ *
15196 ++ * Here we manipulate the fields in order of the AArch32 SPSR_ELx layout, from
15197 ++ * MSB to LSB.
15198 ++ */
15199 ++static unsigned long get_except32_cpsr(struct kvm_vcpu *vcpu, u32 mode)
15200 ++{
15201 ++ u32 sctlr = vcpu_cp15(vcpu, c1_SCTLR);
15202 ++ unsigned long old, new;
15203 ++
15204 ++ old = *vcpu_cpsr(vcpu);
15205 ++ new = 0;
15206 ++
15207 ++ new |= (old & PSR_AA32_N_BIT);
15208 ++ new |= (old & PSR_AA32_Z_BIT);
15209 ++ new |= (old & PSR_AA32_C_BIT);
15210 ++ new |= (old & PSR_AA32_V_BIT);
15211 ++ new |= (old & PSR_AA32_Q_BIT);
15212 ++
15213 ++ // CPSR.IT[7:0] are set to zero upon any exception
15214 ++ // See ARM DDI 0487E.a, section G1.12.3
15215 ++ // See ARM DDI 0406C.d, section B1.8.3
15216 ++
15217 ++ new |= (old & PSR_AA32_DIT_BIT);
15218 ++
15219 ++ // CPSR.SSBS is set to SCTLR.DSSBS upon any exception
15220 ++ // See ARM DDI 0487E.a, page G8-6244
15221 ++ if (sctlr & BIT(31))
15222 ++ new |= PSR_AA32_SSBS_BIT;
15223 ++
15224 ++ // CPSR.PAN is unchanged unless SCTLR.SPAN == 0b0
15225 ++ // SCTLR.SPAN is RES1 when ARMv8.1-PAN is not implemented
15226 ++ // See ARM DDI 0487E.a, page G8-6246
15227 ++ new |= (old & PSR_AA32_PAN_BIT);
15228 ++ if (!(sctlr & BIT(23)))
15229 ++ new |= PSR_AA32_PAN_BIT;
15230 ++
15231 ++ // SS does not exist in AArch32, so ignore
15232 ++
15233 ++ // CPSR.IL is set to zero upon any exception
15234 ++ // See ARM DDI 0487E.a, page G1-5527
15235 ++
15236 ++ new |= (old & PSR_AA32_GE_MASK);
15237 ++
15238 ++ // CPSR.IT[7:0] are set to zero upon any exception
15239 ++ // See prior comment above
15240 ++
15241 ++ // CPSR.E is set to SCTLR.EE upon any exception
15242 ++ // See ARM DDI 0487E.a, page G8-6245
15243 ++ // See ARM DDI 0406C.d, page B4-1701
15244 ++ if (sctlr & BIT(25))
15245 ++ new |= PSR_AA32_E_BIT;
15246 ++
15247 ++ // CPSR.A is unchanged upon an exception to Undefined, Supervisor
15248 ++ // CPSR.A is set upon an exception to other modes
15249 ++ // See ARM DDI 0487E.a, pages G1-5515 to G1-5516
15250 ++ // See ARM DDI 0406C.d, page B1-1182
15251 ++ new |= (old & PSR_AA32_A_BIT);
15252 ++ if (mode != PSR_AA32_MODE_UND && mode != PSR_AA32_MODE_SVC)
15253 ++ new |= PSR_AA32_A_BIT;
15254 ++
15255 ++ // CPSR.I is set upon any exception
15256 ++ // See ARM DDI 0487E.a, pages G1-5515 to G1-5516
15257 ++ // See ARM DDI 0406C.d, page B1-1182
15258 ++ new |= PSR_AA32_I_BIT;
15259 ++
15260 ++ // CPSR.F is set upon an exception to FIQ
15261 ++ // CPSR.F is unchanged upon an exception to other modes
15262 ++ // See ARM DDI 0487E.a, pages G1-5515 to G1-5516
15263 ++ // See ARM DDI 0406C.d, page B1-1182
15264 ++ new |= (old & PSR_AA32_F_BIT);
15265 ++ if (mode == PSR_AA32_MODE_FIQ)
15266 ++ new |= PSR_AA32_F_BIT;
15267 ++
15268 ++ // CPSR.T is set to SCTLR.TE upon any exception
15269 ++ // See ARM DDI 0487E.a, page G8-5514
15270 ++ // See ARM DDI 0406C.d, page B1-1181
15271 ++ if (sctlr & BIT(30))
15272 ++ new |= PSR_AA32_T_BIT;
15273 ++
15274 ++ new |= mode;
15275 ++
15276 ++ return new;
15277 ++}
15278 ++
15279 + static void prepare_fault32(struct kvm_vcpu *vcpu, u32 mode, u32 vect_offset)
15280 + {
15281 +- unsigned long cpsr;
15282 +- unsigned long new_spsr_value = *vcpu_cpsr(vcpu);
15283 +- bool is_thumb = (new_spsr_value & PSR_AA32_T_BIT);
15284 ++ unsigned long spsr = *vcpu_cpsr(vcpu);
15285 ++ bool is_thumb = (spsr & PSR_AA32_T_BIT);
15286 + u32 return_offset = return_offsets[vect_offset >> 2][is_thumb];
15287 + u32 sctlr = vcpu_cp15(vcpu, c1_SCTLR);
15288 +
15289 +- cpsr = mode | PSR_AA32_I_BIT;
15290 +-
15291 +- if (sctlr & (1 << 30))
15292 +- cpsr |= PSR_AA32_T_BIT;
15293 +- if (sctlr & (1 << 25))
15294 +- cpsr |= PSR_AA32_E_BIT;
15295 +-
15296 +- *vcpu_cpsr(vcpu) = cpsr;
15297 ++ *vcpu_cpsr(vcpu) = get_except32_cpsr(vcpu, mode);
15298 +
15299 + /* Note: These now point to the banked copies */
15300 +- vcpu_write_spsr(vcpu, new_spsr_value);
15301 ++ vcpu_write_spsr(vcpu, host_spsr_to_spsr32(spsr));
15302 + *vcpu_reg32(vcpu, 14) = *vcpu_pc(vcpu) + return_offset;
15303 +
15304 + /* Branch to exception vector */
15305 +@@ -84,7 +175,7 @@ static void inject_abt32(struct kvm_vcpu *vcpu, bool is_pabt,
15306 + fsr = &vcpu_cp15(vcpu, c5_DFSR);
15307 + }
15308 +
15309 +- prepare_fault32(vcpu, PSR_AA32_MODE_ABT | PSR_AA32_A_BIT, vect_offset);
15310 ++ prepare_fault32(vcpu, PSR_AA32_MODE_ABT, vect_offset);
15311 +
15312 + *far = addr;
15313 +
15314 +diff --git a/virt/kvm/arm/mmio.c b/virt/kvm/arm/mmio.c
15315 +index 6af5c91337f2..f274fabb4301 100644
15316 +--- a/virt/kvm/arm/mmio.c
15317 ++++ b/virt/kvm/arm/mmio.c
15318 +@@ -105,6 +105,9 @@ int kvm_handle_mmio_return(struct kvm_vcpu *vcpu, struct kvm_run *run)
15319 + data = (data ^ mask) - mask;
15320 + }
15321 +
15322 ++ if (!vcpu->arch.mmio_decode.sixty_four)
15323 ++ data = data & 0xffffffff;
15324 ++
15325 + trace_kvm_mmio(KVM_TRACE_MMIO_READ, len, run->mmio.phys_addr,
15326 + &data);
15327 + data = vcpu_data_host_to_guest(vcpu, data, len);
15328 +@@ -125,6 +128,7 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len)
15329 + unsigned long rt;
15330 + int access_size;
15331 + bool sign_extend;
15332 ++ bool sixty_four;
15333 +
15334 + if (kvm_vcpu_dabt_iss1tw(vcpu)) {
15335 + /* page table accesses IO mem: tell guest to fix its TTBR */
15336 +@@ -138,11 +142,13 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len)
15337 +
15338 + *is_write = kvm_vcpu_dabt_iswrite(vcpu);
15339 + sign_extend = kvm_vcpu_dabt_issext(vcpu);
15340 ++ sixty_four = kvm_vcpu_dabt_issf(vcpu);
15341 + rt = kvm_vcpu_dabt_get_rd(vcpu);
15342 +
15343 + *len = access_size;
15344 + vcpu->arch.mmio_decode.sign_extend = sign_extend;
15345 + vcpu->arch.mmio_decode.rt = rt;
15346 ++ vcpu->arch.mmio_decode.sixty_four = sixty_four;
15347 +
15348 + return 0;
15349 + }
15350 +diff --git a/virt/kvm/async_pf.c b/virt/kvm/async_pf.c
15351 +index 35305d6e68cc..d8ef708a2ef6 100644
15352 +--- a/virt/kvm/async_pf.c
15353 ++++ b/virt/kvm/async_pf.c
15354 +@@ -64,7 +64,7 @@ static void async_pf_execute(struct work_struct *work)
15355 + struct mm_struct *mm = apf->mm;
15356 + struct kvm_vcpu *vcpu = apf->vcpu;
15357 + unsigned long addr = apf->addr;
15358 +- gva_t gva = apf->gva;
15359 ++ gpa_t cr2_or_gpa = apf->cr2_or_gpa;
15360 + int locked = 1;
15361 +
15362 + might_sleep();
15363 +@@ -92,7 +92,7 @@ static void async_pf_execute(struct work_struct *work)
15364 + * this point
15365 + */
15366 +
15367 +- trace_kvm_async_pf_completed(addr, gva);
15368 ++ trace_kvm_async_pf_completed(addr, cr2_or_gpa);
15369 +
15370 + if (swq_has_sleeper(&vcpu->wq))
15371 + swake_up_one(&vcpu->wq);
15372 +@@ -165,8 +165,8 @@ void kvm_check_async_pf_completion(struct kvm_vcpu *vcpu)
15373 + }
15374 + }
15375 +
15376 +-int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, unsigned long hva,
15377 +- struct kvm_arch_async_pf *arch)
15378 ++int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
15379 ++ unsigned long hva, struct kvm_arch_async_pf *arch)
15380 + {
15381 + struct kvm_async_pf *work;
15382 +
15383 +@@ -185,7 +185,7 @@ int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, unsigned long hva,
15384 +
15385 + work->wakeup_all = false;
15386 + work->vcpu = vcpu;
15387 +- work->gva = gva;
15388 ++ work->cr2_or_gpa = cr2_or_gpa;
15389 + work->addr = hva;
15390 + work->arch = *arch;
15391 + work->mm = current->mm;
15392 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
15393 +index 13efc291b1c7..b5ea1bafe513 100644
15394 +--- a/virt/kvm/kvm_main.c
15395 ++++ b/virt/kvm/kvm_main.c
15396 +@@ -1394,14 +1394,14 @@ bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
15397 + }
15398 + EXPORT_SYMBOL_GPL(kvm_is_visible_gfn);
15399 +
15400 +-unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn)
15401 ++unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn)
15402 + {
15403 + struct vm_area_struct *vma;
15404 + unsigned long addr, size;
15405 +
15406 + size = PAGE_SIZE;
15407 +
15408 +- addr = gfn_to_hva(kvm, gfn);
15409 ++ addr = kvm_vcpu_gfn_to_hva_prot(vcpu, gfn, NULL);
15410 + if (kvm_is_error_hva(addr))
15411 + return PAGE_SIZE;
15412 +
15413 +@@ -1809,26 +1809,72 @@ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn)
15414 + }
15415 + EXPORT_SYMBOL_GPL(gfn_to_page);
15416 +
15417 +-static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn,
15418 +- struct kvm_host_map *map)
15419 ++void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache)
15420 ++{
15421 ++ if (pfn == 0)
15422 ++ return;
15423 ++
15424 ++ if (cache)
15425 ++ cache->pfn = cache->gfn = 0;
15426 ++
15427 ++ if (dirty)
15428 ++ kvm_release_pfn_dirty(pfn);
15429 ++ else
15430 ++ kvm_release_pfn_clean(pfn);
15431 ++}
15432 ++
15433 ++static void kvm_cache_gfn_to_pfn(struct kvm_memory_slot *slot, gfn_t gfn,
15434 ++ struct gfn_to_pfn_cache *cache, u64 gen)
15435 ++{
15436 ++ kvm_release_pfn(cache->pfn, cache->dirty, cache);
15437 ++
15438 ++ cache->pfn = gfn_to_pfn_memslot(slot, gfn);
15439 ++ cache->gfn = gfn;
15440 ++ cache->dirty = false;
15441 ++ cache->generation = gen;
15442 ++}
15443 ++
15444 ++static int __kvm_map_gfn(struct kvm_memslots *slots, gfn_t gfn,
15445 ++ struct kvm_host_map *map,
15446 ++ struct gfn_to_pfn_cache *cache,
15447 ++ bool atomic)
15448 + {
15449 + kvm_pfn_t pfn;
15450 + void *hva = NULL;
15451 + struct page *page = KVM_UNMAPPED_PAGE;
15452 ++ struct kvm_memory_slot *slot = __gfn_to_memslot(slots, gfn);
15453 ++ u64 gen = slots->generation;
15454 +
15455 + if (!map)
15456 + return -EINVAL;
15457 +
15458 +- pfn = gfn_to_pfn_memslot(slot, gfn);
15459 ++ if (cache) {
15460 ++ if (!cache->pfn || cache->gfn != gfn ||
15461 ++ cache->generation != gen) {
15462 ++ if (atomic)
15463 ++ return -EAGAIN;
15464 ++ kvm_cache_gfn_to_pfn(slot, gfn, cache, gen);
15465 ++ }
15466 ++ pfn = cache->pfn;
15467 ++ } else {
15468 ++ if (atomic)
15469 ++ return -EAGAIN;
15470 ++ pfn = gfn_to_pfn_memslot(slot, gfn);
15471 ++ }
15472 + if (is_error_noslot_pfn(pfn))
15473 + return -EINVAL;
15474 +
15475 + if (pfn_valid(pfn)) {
15476 + page = pfn_to_page(pfn);
15477 +- hva = kmap(page);
15478 ++ if (atomic)
15479 ++ hva = kmap_atomic(page);
15480 ++ else
15481 ++ hva = kmap(page);
15482 + #ifdef CONFIG_HAS_IOMEM
15483 +- } else {
15484 ++ } else if (!atomic) {
15485 + hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB);
15486 ++ } else {
15487 ++ return -EINVAL;
15488 + #endif
15489 + }
15490 +
15491 +@@ -1843,14 +1889,25 @@ static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn,
15492 + return 0;
15493 + }
15494 +
15495 ++int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map,
15496 ++ struct gfn_to_pfn_cache *cache, bool atomic)
15497 ++{
15498 ++ return __kvm_map_gfn(kvm_memslots(vcpu->kvm), gfn, map,
15499 ++ cache, atomic);
15500 ++}
15501 ++EXPORT_SYMBOL_GPL(kvm_map_gfn);
15502 ++
15503 + int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map)
15504 + {
15505 +- return __kvm_map_gfn(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn, map);
15506 ++ return __kvm_map_gfn(kvm_vcpu_memslots(vcpu), gfn, map,
15507 ++ NULL, false);
15508 + }
15509 + EXPORT_SYMBOL_GPL(kvm_vcpu_map);
15510 +
15511 +-void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
15512 +- bool dirty)
15513 ++static void __kvm_unmap_gfn(struct kvm_memory_slot *memslot,
15514 ++ struct kvm_host_map *map,
15515 ++ struct gfn_to_pfn_cache *cache,
15516 ++ bool dirty, bool atomic)
15517 + {
15518 + if (!map)
15519 + return;
15520 +@@ -1858,23 +1915,45 @@ void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
15521 + if (!map->hva)
15522 + return;
15523 +
15524 +- if (map->page != KVM_UNMAPPED_PAGE)
15525 +- kunmap(map->page);
15526 ++ if (map->page != KVM_UNMAPPED_PAGE) {
15527 ++ if (atomic)
15528 ++ kunmap_atomic(map->hva);
15529 ++ else
15530 ++ kunmap(map->page);
15531 ++ }
15532 + #ifdef CONFIG_HAS_IOMEM
15533 +- else
15534 ++ else if (!atomic)
15535 + memunmap(map->hva);
15536 ++ else
15537 ++ WARN_ONCE(1, "Unexpected unmapping in atomic context");
15538 + #endif
15539 +
15540 +- if (dirty) {
15541 +- kvm_vcpu_mark_page_dirty(vcpu, map->gfn);
15542 +- kvm_release_pfn_dirty(map->pfn);
15543 +- } else {
15544 +- kvm_release_pfn_clean(map->pfn);
15545 +- }
15546 ++ if (dirty)
15547 ++ mark_page_dirty_in_slot(memslot, map->gfn);
15548 ++
15549 ++ if (cache)
15550 ++ cache->dirty |= dirty;
15551 ++ else
15552 ++ kvm_release_pfn(map->pfn, dirty, NULL);
15553 +
15554 + map->hva = NULL;
15555 + map->page = NULL;
15556 + }
15557 ++
15558 ++int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
15559 ++ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic)
15560 ++{
15561 ++ __kvm_unmap_gfn(gfn_to_memslot(vcpu->kvm, map->gfn), map,
15562 ++ cache, dirty, atomic);
15563 ++ return 0;
15564 ++}
15565 ++EXPORT_SYMBOL_GPL(kvm_unmap_gfn);
15566 ++
15567 ++void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty)
15568 ++{
15569 ++ __kvm_unmap_gfn(kvm_vcpu_gfn_to_memslot(vcpu, map->gfn), map, NULL,
15570 ++ dirty, false);
15571 ++}
15572 + EXPORT_SYMBOL_GPL(kvm_vcpu_unmap);
15573 +
15574 + struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn)
Report Message
Find on MARC Find on Google Groups