Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:3.16 commit in: /
Date: Thu, 30 Oct 2014 19:29:12
Message-Id: 1414697340.5ca4fd40116dd22e8caab91c470be1860fe0141d.mpagano@gentoo
1 commit: 5ca4fd40116dd22e8caab91c470be1860fe0141d
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Thu Oct 30 19:29:00 2014 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Thu Oct 30 19:29:00 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/linux-patches.git;a=commit;h=5ca4fd40
7
8 Linux patch 3.16.7
9
10 ---
11 0000_README | 4 +
12 1006_linux-3.16.7.patch | 6873 +++++++++++++++++++++++++++++++++++++++++++++++
13 2 files changed, 6877 insertions(+)
14
15 diff --git a/0000_README b/0000_README
16 index a7526a7..9bf3b17 100644
17 --- a/0000_README
18 +++ b/0000_README
19 @@ -66,6 +66,10 @@ Patch: 1005_linux-3.16.6.patch
20 From: http://www.kernel.org
21 Desc: Linux 3.16.6
22
23 +Patch: 1006_linux-3.16.7.patch
24 +From: http://www.kernel.org
25 +Desc: Linux 3.16.7
26 +
27 Patch: 1500_XATTR_USER_PREFIX.patch
28 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
29 Desc: Support for namespace user.pax.* on tmpfs.
30
31 diff --git a/1006_linux-3.16.7.patch b/1006_linux-3.16.7.patch
32 new file mode 100644
33 index 0000000..9776e1b
34 --- /dev/null
35 +++ b/1006_linux-3.16.7.patch
36 @@ -0,0 +1,6873 @@
37 +diff --git a/Documentation/lzo.txt b/Documentation/lzo.txt
38 +new file mode 100644
39 +index 000000000000..ea45dd3901e3
40 +--- /dev/null
41 ++++ b/Documentation/lzo.txt
42 +@@ -0,0 +1,164 @@
43 ++
44 ++LZO stream format as understood by Linux's LZO decompressor
45 ++===========================================================
46 ++
47 ++Introduction
48 ++
49 ++ This is not a specification. No specification seems to be publicly available
50 ++ for the LZO stream format. This document describes what input format the LZO
51 ++ decompressor as implemented in the Linux kernel understands. The file subject
52 ++ of this analysis is lib/lzo/lzo1x_decompress_safe.c. No analysis was made on
53 ++ the compressor nor on any other implementations though it seems likely that
54 ++ the format matches the standard one. The purpose of this document is to
55 ++ better understand what the code does in order to propose more efficient fixes
56 ++ for future bug reports.
57 ++
58 ++Description
59 ++
60 ++ The stream is composed of a series of instructions, operands, and data. The
61 ++ instructions consist in a few bits representing an opcode, and bits forming
62 ++ the operands for the instruction, whose size and position depend on the
63 ++ opcode and on the number of literals copied by previous instruction. The
64 ++ operands are used to indicate :
65 ++
66 ++ - a distance when copying data from the dictionary (past output buffer)
67 ++ - a length (number of bytes to copy from dictionary)
68 ++ - the number of literals to copy, which is retained in variable "state"
69 ++ as a piece of information for next instructions.
70 ++
71 ++ Optionally depending on the opcode and operands, extra data may follow. These
72 ++ extra data can be a complement for the operand (eg: a length or a distance
73 ++ encoded on larger values), or a literal to be copied to the output buffer.
74 ++
75 ++ The first byte of the block follows a different encoding from other bytes, it
76 ++ seems to be optimized for literal use only, since there is no dictionary yet
77 ++ prior to that byte.
78 ++
79 ++ Lengths are always encoded on a variable size starting with a small number
80 ++ of bits in the operand. If the number of bits isn't enough to represent the
81 ++ length, up to 255 may be added in increments by consuming more bytes with a
82 ++ rate of at most 255 per extra byte (thus the compression ratio cannot exceed
83 ++ around 255:1). The variable length encoding using #bits is always the same :
84 ++
85 ++ length = byte & ((1 << #bits) - 1)
86 ++ if (!length) {
87 ++ length = ((1 << #bits) - 1)
88 ++ length += 255*(number of zero bytes)
89 ++ length += first-non-zero-byte
90 ++ }
91 ++ length += constant (generally 2 or 3)
92 ++
93 ++ For references to the dictionary, distances are relative to the output
94 ++ pointer. Distances are encoded using very few bits belonging to certain
95 ++ ranges, resulting in multiple copy instructions using different encodings.
96 ++ Certain encodings involve one extra byte, others involve two extra bytes
97 ++ forming a little-endian 16-bit quantity (marked LE16 below).
98 ++
99 ++ After any instruction except the large literal copy, 0, 1, 2 or 3 literals
100 ++ are copied before starting the next instruction. The number of literals that
101 ++ were copied may change the meaning and behaviour of the next instruction. In
102 ++ practice, only one instruction needs to know whether 0, less than 4, or more
103 ++ literals were copied. This is the information stored in the <state> variable
104 ++ in this implementation. This number of immediate literals to be copied is
105 ++ generally encoded in the last two bits of the instruction but may also be
106 ++ taken from the last two bits of an extra operand (eg: distance).
107 ++
108 ++ End of stream is declared when a block copy of distance 0 is seen. Only one
109 ++ instruction may encode this distance (0001HLLL), it takes one LE16 operand
110 ++ for the distance, thus requiring 3 bytes.
111 ++
112 ++ IMPORTANT NOTE : in the code some length checks are missing because certain
113 ++ instructions are called under the assumption that a certain number of bytes
114 ++ follow because it has already been garanteed before parsing the instructions.
115 ++ They just have to "refill" this credit if they consume extra bytes. This is
116 ++ an implementation design choice independant on the algorithm or encoding.
117 ++
118 ++Byte sequences
119 ++
120 ++ First byte encoding :
121 ++
122 ++ 0..17 : follow regular instruction encoding, see below. It is worth
123 ++ noting that codes 16 and 17 will represent a block copy from
124 ++ the dictionary which is empty, and that they will always be
125 ++ invalid at this place.
126 ++
127 ++ 18..21 : copy 0..3 literals
128 ++ state = (byte - 17) = 0..3 [ copy <state> literals ]
129 ++ skip byte
130 ++
131 ++ 22..255 : copy literal string
132 ++ length = (byte - 17) = 4..238
133 ++ state = 4 [ don't copy extra literals ]
134 ++ skip byte
135 ++
136 ++ Instruction encoding :
137 ++
138 ++ 0 0 0 0 X X X X (0..15)
139 ++ Depends on the number of literals copied by the last instruction.
140 ++ If last instruction did not copy any literal (state == 0), this
141 ++ encoding will be a copy of 4 or more literal, and must be interpreted
142 ++ like this :
143 ++
144 ++ 0 0 0 0 L L L L (0..15) : copy long literal string
145 ++ length = 3 + (L ?: 15 + (zero_bytes * 255) + non_zero_byte)
146 ++ state = 4 (no extra literals are copied)
147 ++
148 ++ If last instruction used to copy between 1 to 3 literals (encoded in
149 ++ the instruction's opcode or distance), the instruction is a copy of a
150 ++ 2-byte block from the dictionary within a 1kB distance. It is worth
151 ++ noting that this instruction provides little savings since it uses 2
152 ++ bytes to encode a copy of 2 other bytes but it encodes the number of
153 ++ following literals for free. It must be interpreted like this :
154 ++
155 ++ 0 0 0 0 D D S S (0..15) : copy 2 bytes from <= 1kB distance
156 ++ length = 2
157 ++ state = S (copy S literals after this block)
158 ++ Always followed by exactly one byte : H H H H H H H H
159 ++ distance = (H << 2) + D + 1
160 ++
161 ++ If last instruction used to copy 4 or more literals (as detected by
162 ++ state == 4), the instruction becomes a copy of a 3-byte block from the
163 ++ dictionary from a 2..3kB distance, and must be interpreted like this :
164 ++
165 ++ 0 0 0 0 D D S S (0..15) : copy 3 bytes from 2..3 kB distance
166 ++ length = 3
167 ++ state = S (copy S literals after this block)
168 ++ Always followed by exactly one byte : H H H H H H H H
169 ++ distance = (H << 2) + D + 2049
170 ++
171 ++ 0 0 0 1 H L L L (16..31)
172 ++ Copy of a block within 16..48kB distance (preferably less than 10B)
173 ++ length = 2 + (L ?: 7 + (zero_bytes * 255) + non_zero_byte)
174 ++ Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
175 ++ distance = 16384 + (H << 14) + D
176 ++ state = S (copy S literals after this block)
177 ++ End of stream is reached if distance == 16384
178 ++
179 ++ 0 0 1 L L L L L (32..63)
180 ++ Copy of small block within 16kB distance (preferably less than 34B)
181 ++ length = 2 + (L ?: 31 + (zero_bytes * 255) + non_zero_byte)
182 ++ Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
183 ++ distance = D + 1
184 ++ state = S (copy S literals after this block)
185 ++
186 ++ 0 1 L D D D S S (64..127)
187 ++ Copy 3-4 bytes from block within 2kB distance
188 ++ state = S (copy S literals after this block)
189 ++ length = 3 + L
190 ++ Always followed by exactly one byte : H H H H H H H H
191 ++ distance = (H << 3) + D + 1
192 ++
193 ++ 1 L L D D D S S (128..255)
194 ++ Copy 5-8 bytes from block within 2kB distance
195 ++ state = S (copy S literals after this block)
196 ++ length = 5 + L
197 ++ Always followed by exactly one byte : H H H H H H H H
198 ++ distance = (H << 3) + D + 1
199 ++
200 ++Authors
201 ++
202 ++ This document was written by Willy Tarreau <w@×××.eu> on 2014/07/19 during an
203 ++ analysis of the decompression code available in Linux 3.16-rc5. The code is
204 ++ tricky, it is possible that this document contains mistakes or that a few
205 ++ corner cases were overlooked. In any case, please report any doubt, fix, or
206 ++ proposed updates to the author(s) so that the document can be updated.
207 +diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
208 +index 290894176142..53838d9c6295 100644
209 +--- a/Documentation/virtual/kvm/mmu.txt
210 ++++ b/Documentation/virtual/kvm/mmu.txt
211 +@@ -425,6 +425,20 @@ fault through the slow path.
212 + Since only 19 bits are used to store generation-number on mmio spte, all
213 + pages are zapped when there is an overflow.
214 +
215 ++Unfortunately, a single memory access might access kvm_memslots(kvm) multiple
216 ++times, the last one happening when the generation number is retrieved and
217 ++stored into the MMIO spte. Thus, the MMIO spte might be created based on
218 ++out-of-date information, but with an up-to-date generation number.
219 ++
220 ++To avoid this, the generation number is incremented again after synchronize_srcu
221 ++returns; thus, the low bit of kvm_memslots(kvm)->generation is only 1 during a
222 ++memslot update, while some SRCU readers might be using the old copy. We do not
223 ++want to use an MMIO sptes created with an odd generation number, and we can do
224 ++this without losing a bit in the MMIO spte. The low bit of the generation
225 ++is not stored in MMIO spte, and presumed zero when it is extracted out of the
226 ++spte. If KVM is unlucky and creates an MMIO spte while the low bit is 1,
227 ++the next access to the spte will always be a cache miss.
228 ++
229 +
230 + Further reading
231 + ===============
232 +diff --git a/Makefile b/Makefile
233 +index 5c4bc3fc18c0..29ba21cde7c0 100644
234 +--- a/Makefile
235 ++++ b/Makefile
236 +@@ -1,6 +1,6 @@
237 + VERSION = 3
238 + PATCHLEVEL = 16
239 +-SUBLEVEL = 6
240 ++SUBLEVEL = 7
241 + EXTRAVERSION =
242 + NAME = Museum of Fishiegoodies
243 +
244 +diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
245 +index adb5ed9e269e..c04db0ae0895 100644
246 +--- a/arch/arm/boot/dts/Makefile
247 ++++ b/arch/arm/boot/dts/Makefile
248 +@@ -137,8 +137,8 @@ kirkwood := \
249 + kirkwood-openrd-client.dtb \
250 + kirkwood-openrd-ultimate.dtb \
251 + kirkwood-rd88f6192.dtb \
252 +- kirkwood-rd88f6281-a0.dtb \
253 +- kirkwood-rd88f6281-a1.dtb \
254 ++ kirkwood-rd88f6281-z0.dtb \
255 ++ kirkwood-rd88f6281-a.dtb \
256 + kirkwood-rs212.dtb \
257 + kirkwood-rs409.dtb \
258 + kirkwood-rs411.dtb \
259 +diff --git a/arch/arm/boot/dts/armada-370-netgear-rn102.dts b/arch/arm/boot/dts/armada-370-netgear-rn102.dts
260 +index d6d572e5af32..285524fb915e 100644
261 +--- a/arch/arm/boot/dts/armada-370-netgear-rn102.dts
262 ++++ b/arch/arm/boot/dts/armada-370-netgear-rn102.dts
263 +@@ -143,6 +143,10 @@
264 + marvell,nand-enable-arbiter;
265 + nand-on-flash-bbt;
266 +
267 ++ /* Use Hardware BCH ECC */
268 ++ nand-ecc-strength = <4>;
269 ++ nand-ecc-step-size = <512>;
270 ++
271 + partition@0 {
272 + label = "u-boot";
273 + reg = <0x0000000 0x180000>; /* 1.5MB */
274 +diff --git a/arch/arm/boot/dts/armada-370-netgear-rn104.dts b/arch/arm/boot/dts/armada-370-netgear-rn104.dts
275 +index c5fe8b5dcdc7..4ec1ce561d34 100644
276 +--- a/arch/arm/boot/dts/armada-370-netgear-rn104.dts
277 ++++ b/arch/arm/boot/dts/armada-370-netgear-rn104.dts
278 +@@ -145,6 +145,10 @@
279 + marvell,nand-enable-arbiter;
280 + nand-on-flash-bbt;
281 +
282 ++ /* Use Hardware BCH ECC */
283 ++ nand-ecc-strength = <4>;
284 ++ nand-ecc-step-size = <512>;
285 ++
286 + partition@0 {
287 + label = "u-boot";
288 + reg = <0x0000000 0x180000>; /* 1.5MB */
289 +diff --git a/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts b/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
290 +index 0cf999abc4ed..c5ed85a70ed9 100644
291 +--- a/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
292 ++++ b/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
293 +@@ -223,6 +223,10 @@
294 + marvell,nand-enable-arbiter;
295 + nand-on-flash-bbt;
296 +
297 ++ /* Use Hardware BCH ECC */
298 ++ nand-ecc-strength = <4>;
299 ++ nand-ecc-step-size = <512>;
300 ++
301 + partition@0 {
302 + label = "u-boot";
303 + reg = <0x0000000 0x180000>; /* 1.5MB */
304 +diff --git a/arch/arm/boot/dts/at91sam9263.dtsi b/arch/arm/boot/dts/at91sam9263.dtsi
305 +index fece8665fb63..b8f234bf7de8 100644
306 +--- a/arch/arm/boot/dts/at91sam9263.dtsi
307 ++++ b/arch/arm/boot/dts/at91sam9263.dtsi
308 +@@ -535,6 +535,7 @@
309 + compatible = "atmel,hsmci";
310 + reg = <0xfff80000 0x600>;
311 + interrupts = <10 IRQ_TYPE_LEVEL_HIGH 0>;
312 ++ pinctrl-names = "default";
313 + #address-cells = <1>;
314 + #size-cells = <0>;
315 + status = "disabled";
316 +@@ -544,6 +545,7 @@
317 + compatible = "atmel,hsmci";
318 + reg = <0xfff84000 0x600>;
319 + interrupts = <11 IRQ_TYPE_LEVEL_HIGH 0>;
320 ++ pinctrl-names = "default";
321 + #address-cells = <1>;
322 + #size-cells = <0>;
323 + status = "disabled";
324 +diff --git a/arch/arm/boot/dts/imx28-evk.dts b/arch/arm/boot/dts/imx28-evk.dts
325 +index e4cc44c98585..41a983405e7d 100644
326 +--- a/arch/arm/boot/dts/imx28-evk.dts
327 ++++ b/arch/arm/boot/dts/imx28-evk.dts
328 +@@ -193,7 +193,6 @@
329 + i2c0: i2c@80058000 {
330 + pinctrl-names = "default";
331 + pinctrl-0 = <&i2c0_pins_a>;
332 +- clock-frequency = <400000>;
333 + status = "okay";
334 +
335 + sgtl5000: codec@0a {
336 +diff --git a/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts b/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts
337 +index 8f76d28759a3..f82827d6fcff 100644
338 +--- a/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts
339 ++++ b/arch/arm/boot/dts/kirkwood-mv88f6281gtw-ge.dts
340 +@@ -123,11 +123,11 @@
341 +
342 + dsa@0 {
343 + compatible = "marvell,dsa";
344 +- #address-cells = <2>;
345 ++ #address-cells = <1>;
346 + #size-cells = <0>;
347 +
348 +- dsa,ethernet = <&eth0>;
349 +- dsa,mii-bus = <&ethphy0>;
350 ++ dsa,ethernet = <&eth0port>;
351 ++ dsa,mii-bus = <&mdio>;
352 +
353 + switch@0 {
354 + #address-cells = <1>;
355 +@@ -169,17 +169,13 @@
356 +
357 + &mdio {
358 + status = "okay";
359 +-
360 +- ethphy0: ethernet-phy@ff {
361 +- reg = <0xff>; /* No phy attached */
362 +- speed = <1000>;
363 +- duplex = <1>;
364 +- };
365 + };
366 +
367 + &eth0 {
368 + status = "okay";
369 ++
370 + ethernet0-port@0 {
371 +- phy-handle = <&ethphy0>;
372 ++ speed = <1000>;
373 ++ duplex = <1>;
374 + };
375 + };
376 +diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-a.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-a.dts
377 +new file mode 100644
378 +index 000000000000..f2e08b3b33ea
379 +--- /dev/null
380 ++++ b/arch/arm/boot/dts/kirkwood-rd88f6281-a.dts
381 +@@ -0,0 +1,43 @@
382 ++/*
383 ++ * Marvell RD88F6181 A Board descrition
384 ++ *
385 ++ * Andrew Lunn <andrew@××××.ch>
386 ++ *
387 ++ * This file is licensed under the terms of the GNU General Public
388 ++ * License version 2. This program is licensed "as is" without any
389 ++ * warranty of any kind, whether express or implied.
390 ++ *
391 ++ * This file contains the definitions for the board with the A0 or
392 ++ * higher stepping of the SoC. The ethernet switch does not have a
393 ++ * "wan" port.
394 ++ */
395 ++
396 ++/dts-v1/;
397 ++#include "kirkwood-rd88f6281.dtsi"
398 ++
399 ++/ {
400 ++ model = "Marvell RD88f6281 Reference design, with A0 or higher SoC";
401 ++ compatible = "marvell,rd88f6281-a", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
402 ++
403 ++ dsa@0 {
404 ++ switch@0 {
405 ++ reg = <10 0>; /* MDIO address 10, switch 0 in tree */
406 ++ };
407 ++ };
408 ++};
409 ++
410 ++&mdio {
411 ++ status = "okay";
412 ++
413 ++ ethphy1: ethernet-phy@11 {
414 ++ reg = <11>;
415 ++ };
416 ++};
417 ++
418 ++&eth1 {
419 ++ status = "okay";
420 ++
421 ++ ethernet1-port@0 {
422 ++ phy-handle = <&ethphy1>;
423 ++ };
424 ++};
425 +diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-a0.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-a0.dts
426 +deleted file mode 100644
427 +index a803bbb70bc8..000000000000
428 +--- a/arch/arm/boot/dts/kirkwood-rd88f6281-a0.dts
429 ++++ /dev/null
430 +@@ -1,26 +0,0 @@
431 +-/*
432 +- * Marvell RD88F6181 A0 Board descrition
433 +- *
434 +- * Andrew Lunn <andrew@××××.ch>
435 +- *
436 +- * This file is licensed under the terms of the GNU General Public
437 +- * License version 2. This program is licensed "as is" without any
438 +- * warranty of any kind, whether express or implied.
439 +- *
440 +- * This file contains the definitions for the board with the A0 variant of
441 +- * the SoC. The ethernet switch does not have a "wan" port.
442 +- */
443 +-
444 +-/dts-v1/;
445 +-#include "kirkwood-rd88f6281.dtsi"
446 +-
447 +-/ {
448 +- model = "Marvell RD88f6281 Reference design, with A0 SoC";
449 +- compatible = "marvell,rd88f6281-a0", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
450 +-
451 +- dsa@0 {
452 +- switch@0 {
453 +- reg = <10 0>; /* MDIO address 10, switch 0 in tree */
454 +- };
455 +- };
456 +-};
457 +\ No newline at end of file
458 +diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-a1.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-a1.dts
459 +deleted file mode 100644
460 +index baeebbf1d8c7..000000000000
461 +--- a/arch/arm/boot/dts/kirkwood-rd88f6281-a1.dts
462 ++++ /dev/null
463 +@@ -1,31 +0,0 @@
464 +-/*
465 +- * Marvell RD88F6181 A1 Board descrition
466 +- *
467 +- * Andrew Lunn <andrew@××××.ch>
468 +- *
469 +- * This file is licensed under the terms of the GNU General Public
470 +- * License version 2. This program is licensed "as is" without any
471 +- * warranty of any kind, whether express or implied.
472 +- *
473 +- * This file contains the definitions for the board with the A1 variant of
474 +- * the SoC. The ethernet switch has a "wan" port.
475 +- */
476 +-
477 +-/dts-v1/;
478 +-
479 +-#include "kirkwood-rd88f6281.dtsi"
480 +-
481 +-/ {
482 +- model = "Marvell RD88f6281 Reference design, with A1 SoC";
483 +- compatible = "marvell,rd88f6281-a1", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
484 +-
485 +- dsa@0 {
486 +- switch@0 {
487 +- reg = <0 0>; /* MDIO address 0, switch 0 in tree */
488 +- port@4 {
489 +- reg = <4>;
490 +- label = "wan";
491 +- };
492 +- };
493 +- };
494 +-};
495 +\ No newline at end of file
496 +diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281-z0.dts b/arch/arm/boot/dts/kirkwood-rd88f6281-z0.dts
497 +new file mode 100644
498 +index 000000000000..f4272b64ed7f
499 +--- /dev/null
500 ++++ b/arch/arm/boot/dts/kirkwood-rd88f6281-z0.dts
501 +@@ -0,0 +1,35 @@
502 ++/*
503 ++ * Marvell RD88F6181 Z0 stepping descrition
504 ++ *
505 ++ * Andrew Lunn <andrew@××××.ch>
506 ++ *
507 ++ * This file is licensed under the terms of the GNU General Public
508 ++ * License version 2. This program is licensed "as is" without any
509 ++ * warranty of any kind, whether express or implied.
510 ++ *
511 ++ * This file contains the definitions for the board using the Z0
512 ++ * stepping of the SoC. The ethernet switch has a "wan" port.
513 ++*/
514 ++
515 ++/dts-v1/;
516 ++
517 ++#include "kirkwood-rd88f6281.dtsi"
518 ++
519 ++/ {
520 ++ model = "Marvell RD88f6281 Reference design, with Z0 SoC";
521 ++ compatible = "marvell,rd88f6281-z0", "marvell,rd88f6281","marvell,kirkwood-88f6281", "marvell,kirkwood";
522 ++
523 ++ dsa@0 {
524 ++ switch@0 {
525 ++ reg = <0 0>; /* MDIO address 0, switch 0 in tree */
526 ++ port@4 {
527 ++ reg = <4>;
528 ++ label = "wan";
529 ++ };
530 ++ };
531 ++ };
532 ++};
533 ++
534 ++&eth1 {
535 ++ status = "disabled";
536 ++};
537 +diff --git a/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi b/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi
538 +index 26cf0e0ccefd..d195e884b3b5 100644
539 +--- a/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi
540 ++++ b/arch/arm/boot/dts/kirkwood-rd88f6281.dtsi
541 +@@ -37,7 +37,6 @@
542 +
543 + ocp@f1000000 {
544 + pinctrl: pin-controller@10000 {
545 +- pinctrl-0 = <&pmx_sdio_cd>;
546 + pinctrl-names = "default";
547 +
548 + pmx_sdio_cd: pmx-sdio-cd {
549 +@@ -69,8 +68,8 @@
550 + #address-cells = <2>;
551 + #size-cells = <0>;
552 +
553 +- dsa,ethernet = <&eth0>;
554 +- dsa,mii-bus = <&ethphy1>;
555 ++ dsa,ethernet = <&eth0port>;
556 ++ dsa,mii-bus = <&mdio>;
557 +
558 + switch@0 {
559 + #address-cells = <1>;
560 +@@ -119,35 +118,19 @@
561 + };
562 +
563 + partition@300000 {
564 +- label = "data";
565 ++ label = "rootfs";
566 + reg = <0x0300000 0x500000>;
567 + };
568 + };
569 +
570 + &mdio {
571 + status = "okay";
572 +-
573 +- ethphy0: ethernet-phy@0 {
574 +- reg = <0>;
575 +- };
576 +-
577 +- ethphy1: ethernet-phy@ff {
578 +- reg = <0xff>; /* No PHY attached */
579 +- speed = <1000>;
580 +- duple = <1>;
581 +- };
582 + };
583 +
584 + &eth0 {
585 + status = "okay";
586 + ethernet0-port@0 {
587 +- phy-handle = <&ethphy0>;
588 +- };
589 +-};
590 +-
591 +-&eth1 {
592 +- status = "okay";
593 +- ethernet1-port@0 {
594 +- phy-handle = <&ethphy1>;
595 ++ speed = <1000>;
596 ++ duplex = <1>;
597 + };
598 + };
599 +diff --git a/arch/arm/boot/dts/kirkwood.dtsi b/arch/arm/boot/dts/kirkwood.dtsi
600 +index afc640cd80c5..464f09a1a4a5 100644
601 +--- a/arch/arm/boot/dts/kirkwood.dtsi
602 ++++ b/arch/arm/boot/dts/kirkwood.dtsi
603 +@@ -309,7 +309,7 @@
604 + marvell,tx-checksum-limit = <1600>;
605 + status = "disabled";
606 +
607 +- ethernet0-port@0 {
608 ++ eth0port: ethernet0-port@0 {
609 + compatible = "marvell,kirkwood-eth-port";
610 + reg = <0>;
611 + interrupts = <11>;
612 +@@ -342,7 +342,7 @@
613 + pinctrl-names = "default";
614 + status = "disabled";
615 +
616 +- ethernet1-port@0 {
617 ++ eth1port: ethernet1-port@0 {
618 + compatible = "marvell,kirkwood-eth-port";
619 + reg = <0>;
620 + interrupts = <15>;
621 +diff --git a/arch/arm/boot/dts/sama5d3_can.dtsi b/arch/arm/boot/dts/sama5d3_can.dtsi
622 +index a0775851cce5..eaf41451ad0c 100644
623 +--- a/arch/arm/boot/dts/sama5d3_can.dtsi
624 ++++ b/arch/arm/boot/dts/sama5d3_can.dtsi
625 +@@ -40,7 +40,7 @@
626 + atmel,clk-output-range = <0 66000000>;
627 + };
628 +
629 +- can1_clk: can0_clk {
630 ++ can1_clk: can1_clk {
631 + #clock-cells = <0>;
632 + reg = <41>;
633 + atmel,clk-output-range = <0 66000000>;
634 +diff --git a/arch/arm/mach-at91/clock.c b/arch/arm/mach-at91/clock.c
635 +index 034529d801b2..d66f102c352a 100644
636 +--- a/arch/arm/mach-at91/clock.c
637 ++++ b/arch/arm/mach-at91/clock.c
638 +@@ -962,6 +962,7 @@ static int __init at91_clock_reset(void)
639 + }
640 +
641 + at91_pmc_write(AT91_PMC_SCDR, scdr);
642 ++ at91_pmc_write(AT91_PMC_PCDR, pcdr);
643 + if (cpu_is_sama5d3())
644 + at91_pmc_write(AT91_PMC_PCDR1, pcdr1);
645 +
646 +diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h
647 +index 253e33bc94fb..56de5aadede2 100644
648 +--- a/arch/arm64/include/asm/compat.h
649 ++++ b/arch/arm64/include/asm/compat.h
650 +@@ -37,8 +37,8 @@ typedef s32 compat_ssize_t;
651 + typedef s32 compat_time_t;
652 + typedef s32 compat_clock_t;
653 + typedef s32 compat_pid_t;
654 +-typedef u32 __compat_uid_t;
655 +-typedef u32 __compat_gid_t;
656 ++typedef u16 __compat_uid_t;
657 ++typedef u16 __compat_gid_t;
658 + typedef u16 __compat_uid16_t;
659 + typedef u16 __compat_gid16_t;
660 + typedef u32 __compat_uid32_t;
661 +diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
662 +index 9ce04ba6bcb0..8993a69099c7 100644
663 +--- a/arch/arm64/kernel/entry.S
664 ++++ b/arch/arm64/kernel/entry.S
665 +@@ -298,7 +298,6 @@ el1_dbg:
666 + mrs x0, far_el1
667 + mov x2, sp // struct pt_regs
668 + bl do_debug_exception
669 +- enable_dbg
670 + kernel_exit 1
671 + el1_inv:
672 + // TODO: add support for undefined instructions in kernel mode
673 +diff --git a/arch/m68k/mm/hwtest.c b/arch/m68k/mm/hwtest.c
674 +index 2c7dde3c6430..2a5259fd23eb 100644
675 +--- a/arch/m68k/mm/hwtest.c
676 ++++ b/arch/m68k/mm/hwtest.c
677 +@@ -28,9 +28,11 @@
678 + int hwreg_present( volatile void *regp )
679 + {
680 + int ret = 0;
681 ++ unsigned long flags;
682 + long save_sp, save_vbr;
683 + long tmp_vectors[3];
684 +
685 ++ local_irq_save(flags);
686 + __asm__ __volatile__
687 + ( "movec %/vbr,%2\n\t"
688 + "movel #Lberr1,%4@(8)\n\t"
689 +@@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
690 + : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
691 + : "a" (regp), "a" (tmp_vectors)
692 + );
693 ++ local_irq_restore(flags);
694 +
695 + return( ret );
696 + }
697 +@@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
698 + int hwreg_write( volatile void *regp, unsigned short val )
699 + {
700 + int ret;
701 ++ unsigned long flags;
702 + long save_sp, save_vbr;
703 + long tmp_vectors[3];
704 +
705 ++ local_irq_save(flags);
706 + __asm__ __volatile__
707 + ( "movec %/vbr,%2\n\t"
708 + "movel #Lberr2,%4@(8)\n\t"
709 +@@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, unsigned short val )
710 + : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
711 + : "a" (regp), "a" (tmp_vectors), "g" (val)
712 + );
713 ++ local_irq_restore(flags);
714 +
715 + return( ret );
716 + }
717 +diff --git a/arch/powerpc/kernel/eeh_pe.c b/arch/powerpc/kernel/eeh_pe.c
718 +index 94802d267022..b20f9d63a664 100644
719 +--- a/arch/powerpc/kernel/eeh_pe.c
720 ++++ b/arch/powerpc/kernel/eeh_pe.c
721 +@@ -570,6 +570,8 @@ static void *__eeh_pe_state_clear(void *data, void *flag)
722 + {
723 + struct eeh_pe *pe = (struct eeh_pe *)data;
724 + int state = *((int *)flag);
725 ++ struct eeh_dev *edev, *tmp;
726 ++ struct pci_dev *pdev;
727 +
728 + /* Keep the state of permanently removed PE intact */
729 + if ((pe->freeze_count > EEH_MAX_ALLOWED_FREEZES) &&
730 +@@ -578,9 +580,22 @@ static void *__eeh_pe_state_clear(void *data, void *flag)
731 +
732 + pe->state &= ~state;
733 +
734 +- /* Clear check count since last isolation */
735 +- if (state & EEH_PE_ISOLATED)
736 +- pe->check_count = 0;
737 ++ /*
738 ++ * Special treatment on clearing isolated state. Clear
739 ++ * check count since last isolation and put all affected
740 ++ * devices to normal state.
741 ++ */
742 ++ if (!(state & EEH_PE_ISOLATED))
743 ++ return NULL;
744 ++
745 ++ pe->check_count = 0;
746 ++ eeh_pe_for_each_dev(pe, edev, tmp) {
747 ++ pdev = eeh_dev_to_pci_dev(edev);
748 ++ if (!pdev)
749 ++ continue;
750 ++
751 ++ pdev->error_state = pci_channel_io_normal;
752 ++ }
753 +
754 + return NULL;
755 + }
756 +diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c
757 +index 4642d6a4d356..de1ec54a2a57 100644
758 +--- a/arch/powerpc/platforms/pseries/iommu.c
759 ++++ b/arch/powerpc/platforms/pseries/iommu.c
760 +@@ -329,16 +329,16 @@ struct direct_window {
761 +
762 + /* Dynamic DMA Window support */
763 + struct ddw_query_response {
764 +- __be32 windows_available;
765 +- __be32 largest_available_block;
766 +- __be32 page_size;
767 +- __be32 migration_capable;
768 ++ u32 windows_available;
769 ++ u32 largest_available_block;
770 ++ u32 page_size;
771 ++ u32 migration_capable;
772 + };
773 +
774 + struct ddw_create_response {
775 +- __be32 liobn;
776 +- __be32 addr_hi;
777 +- __be32 addr_lo;
778 ++ u32 liobn;
779 ++ u32 addr_hi;
780 ++ u32 addr_lo;
781 + };
782 +
783 + static LIST_HEAD(direct_window_list);
784 +@@ -725,16 +725,18 @@ static void remove_ddw(struct device_node *np, bool remove_prop)
785 + {
786 + struct dynamic_dma_window_prop *dwp;
787 + struct property *win64;
788 +- const u32 *ddw_avail;
789 ++ u32 ddw_avail[3];
790 + u64 liobn;
791 +- int len, ret = 0;
792 ++ int ret = 0;
793 ++
794 ++ ret = of_property_read_u32_array(np, "ibm,ddw-applicable",
795 ++ &ddw_avail[0], 3);
796 +
797 +- ddw_avail = of_get_property(np, "ibm,ddw-applicable", &len);
798 + win64 = of_find_property(np, DIRECT64_PROPNAME, NULL);
799 + if (!win64)
800 + return;
801 +
802 +- if (!ddw_avail || len < 3 * sizeof(u32) || win64->length < sizeof(*dwp))
803 ++ if (ret || win64->length < sizeof(*dwp))
804 + goto delprop;
805 +
806 + dwp = win64->value;
807 +@@ -872,8 +874,9 @@ static int create_ddw(struct pci_dev *dev, const u32 *ddw_avail,
808 +
809 + do {
810 + /* extra outputs are LIOBN and dma-addr (hi, lo) */
811 +- ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create, cfg_addr,
812 +- BUID_HI(buid), BUID_LO(buid), page_shift, window_shift);
813 ++ ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create,
814 ++ cfg_addr, BUID_HI(buid), BUID_LO(buid),
815 ++ page_shift, window_shift);
816 + } while (rtas_busy_delay(ret));
817 + dev_info(&dev->dev,
818 + "ibm,create-pe-dma-window(%x) %x %x %x %x %x returned %d "
819 +@@ -910,7 +913,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
820 + int page_shift;
821 + u64 dma_addr, max_addr;
822 + struct device_node *dn;
823 +- const u32 *uninitialized_var(ddw_avail);
824 ++ u32 ddw_avail[3];
825 + struct direct_window *window;
826 + struct property *win64;
827 + struct dynamic_dma_window_prop *ddwprop;
828 +@@ -942,8 +945,9 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
829 + * for the given node in that order.
830 + * the property is actually in the parent, not the PE
831 + */
832 +- ddw_avail = of_get_property(pdn, "ibm,ddw-applicable", &len);
833 +- if (!ddw_avail || len < 3 * sizeof(u32))
834 ++ ret = of_property_read_u32_array(pdn, "ibm,ddw-applicable",
835 ++ &ddw_avail[0], 3);
836 ++ if (ret)
837 + goto out_failed;
838 +
839 + /*
840 +@@ -966,11 +970,11 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
841 + dev_dbg(&dev->dev, "no free dynamic windows");
842 + goto out_failed;
843 + }
844 +- if (be32_to_cpu(query.page_size) & 4) {
845 ++ if (query.page_size & 4) {
846 + page_shift = 24; /* 16MB */
847 +- } else if (be32_to_cpu(query.page_size) & 2) {
848 ++ } else if (query.page_size & 2) {
849 + page_shift = 16; /* 64kB */
850 +- } else if (be32_to_cpu(query.page_size) & 1) {
851 ++ } else if (query.page_size & 1) {
852 + page_shift = 12; /* 4kB */
853 + } else {
854 + dev_dbg(&dev->dev, "no supported direct page size in mask %x",
855 +@@ -980,7 +984,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
856 + /* verify the window * number of ptes will map the partition */
857 + /* check largest block * page size > max memory hotplug addr */
858 + max_addr = memory_hotplug_max();
859 +- if (be32_to_cpu(query.largest_available_block) < (max_addr >> page_shift)) {
860 ++ if (query.largest_available_block < (max_addr >> page_shift)) {
861 + dev_dbg(&dev->dev, "can't map partiton max 0x%llx with %u "
862 + "%llu-sized pages\n", max_addr, query.largest_available_block,
863 + 1ULL << page_shift);
864 +@@ -1006,8 +1010,9 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
865 + if (ret != 0)
866 + goto out_free_prop;
867 +
868 +- ddwprop->liobn = create.liobn;
869 +- ddwprop->dma_base = cpu_to_be64(of_read_number(&create.addr_hi, 2));
870 ++ ddwprop->liobn = cpu_to_be32(create.liobn);
871 ++ ddwprop->dma_base = cpu_to_be64(((u64)create.addr_hi << 32) |
872 ++ create.addr_lo);
873 + ddwprop->tce_shift = cpu_to_be32(page_shift);
874 + ddwprop->window_shift = cpu_to_be32(len);
875 +
876 +@@ -1039,7 +1044,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
877 + list_add(&window->list, &direct_window_list);
878 + spin_unlock(&direct_window_list_lock);
879 +
880 +- dma_addr = of_read_number(&create.addr_hi, 2);
881 ++ dma_addr = be64_to_cpu(ddwprop->dma_base);
882 + goto out_unlock;
883 +
884 + out_free_window:
885 +diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
886 +index 90c8de22a2a0..5d5ebd400162 100644
887 +--- a/arch/s390/kvm/interrupt.c
888 ++++ b/arch/s390/kvm/interrupt.c
889 +@@ -85,6 +85,7 @@ static int __interrupt_is_deliverable(struct kvm_vcpu *vcpu,
890 + return 0;
891 + if (vcpu->arch.sie_block->gcr[0] & 0x2000ul)
892 + return 1;
893 ++ return 0;
894 + case KVM_S390_INT_EMERGENCY:
895 + if (psw_extint_disabled(vcpu))
896 + return 0;
897 +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
898 +index 407c87d9879a..db7d3bf4357e 100644
899 +--- a/arch/sparc/Kconfig
900 ++++ b/arch/sparc/Kconfig
901 +@@ -67,6 +67,7 @@ config SPARC64
902 + select HAVE_SYSCALL_TRACEPOINTS
903 + select HAVE_CONTEXT_TRACKING
904 + select HAVE_DEBUG_KMEMLEAK
905 ++ select SPARSE_IRQ
906 + select RTC_DRV_CMOS
907 + select RTC_DRV_BQ4802
908 + select RTC_DRV_SUN4V
909 +diff --git a/arch/sparc/include/asm/hypervisor.h b/arch/sparc/include/asm/hypervisor.h
910 +index 94b39caea3eb..4f6725ff4c33 100644
911 +--- a/arch/sparc/include/asm/hypervisor.h
912 ++++ b/arch/sparc/include/asm/hypervisor.h
913 +@@ -2947,6 +2947,16 @@ unsigned long sun4v_vt_set_perfreg(unsigned long reg_num,
914 + unsigned long reg_val);
915 + #endif
916 +
917 ++#define HV_FAST_T5_GET_PERFREG 0x1a8
918 ++#define HV_FAST_T5_SET_PERFREG 0x1a9
919 ++
920 ++#ifndef __ASSEMBLY__
921 ++unsigned long sun4v_t5_get_perfreg(unsigned long reg_num,
922 ++ unsigned long *reg_val);
923 ++unsigned long sun4v_t5_set_perfreg(unsigned long reg_num,
924 ++ unsigned long reg_val);
925 ++#endif
926 ++
927 + /* Function numbers for HV_CORE_TRAP. */
928 + #define HV_CORE_SET_VER 0x00
929 + #define HV_CORE_PUTCHAR 0x01
930 +@@ -2978,6 +2988,7 @@ unsigned long sun4v_vt_set_perfreg(unsigned long reg_num,
931 + #define HV_GRP_VF_CPU 0x0205
932 + #define HV_GRP_KT_CPU 0x0209
933 + #define HV_GRP_VT_CPU 0x020c
934 ++#define HV_GRP_T5_CPU 0x0211
935 + #define HV_GRP_DIAG 0x0300
936 +
937 + #ifndef __ASSEMBLY__
938 +diff --git a/arch/sparc/include/asm/irq_64.h b/arch/sparc/include/asm/irq_64.h
939 +index 91d219381306..3f70f900e834 100644
940 +--- a/arch/sparc/include/asm/irq_64.h
941 ++++ b/arch/sparc/include/asm/irq_64.h
942 +@@ -37,7 +37,7 @@
943 + *
944 + * ino_bucket->irq allocation is made during {sun4v_,}build_irq().
945 + */
946 +-#define NR_IRQS 255
947 ++#define NR_IRQS (2048)
948 +
949 + void irq_install_pre_handler(int irq,
950 + void (*func)(unsigned int, void *, void *),
951 +@@ -57,11 +57,8 @@ unsigned int sun4u_build_msi(u32 portid, unsigned int *irq_p,
952 + unsigned long iclr_base);
953 + void sun4u_destroy_msi(unsigned int irq);
954 +
955 +-unsigned char irq_alloc(unsigned int dev_handle,
956 +- unsigned int dev_ino);
957 +-#ifdef CONFIG_PCI_MSI
958 ++unsigned int irq_alloc(unsigned int dev_handle, unsigned int dev_ino);
959 + void irq_free(unsigned int irq);
960 +-#endif
961 +
962 + void __init init_IRQ(void);
963 + void fixup_irqs(void);
964 +diff --git a/arch/sparc/include/asm/ldc.h b/arch/sparc/include/asm/ldc.h
965 +index c8c67f621f4f..58ab64de25d2 100644
966 +--- a/arch/sparc/include/asm/ldc.h
967 ++++ b/arch/sparc/include/asm/ldc.h
968 +@@ -53,13 +53,14 @@ struct ldc_channel;
969 + /* Allocate state for a channel. */
970 + struct ldc_channel *ldc_alloc(unsigned long id,
971 + const struct ldc_channel_config *cfgp,
972 +- void *event_arg);
973 ++ void *event_arg,
974 ++ const char *name);
975 +
976 + /* Shut down and free state for a channel. */
977 + void ldc_free(struct ldc_channel *lp);
978 +
979 + /* Register TX and RX queues of the link with the hypervisor. */
980 +-int ldc_bind(struct ldc_channel *lp, const char *name);
981 ++int ldc_bind(struct ldc_channel *lp);
982 +
983 + /* For non-RAW protocols we need to complete a handshake before
984 + * communication can proceed. ldc_connect() does that, if the
985 +diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
986 +index f34682430fcf..2e3a4add8591 100644
987 +--- a/arch/sparc/include/asm/oplib_64.h
988 ++++ b/arch/sparc/include/asm/oplib_64.h
989 +@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
990 + /* You must call prom_init() before using any of the library services,
991 + * preferably as early as possible. Pass it the romvec pointer.
992 + */
993 +-void prom_init(void *cif_handler, void *cif_stack);
994 ++void prom_init(void *cif_handler);
995 ++void prom_init_report(void);
996 +
997 + /* Boot argument acquisition, returns the boot command line string. */
998 + char *prom_getbootargs(void);
999 +diff --git a/arch/sparc/include/asm/page_64.h b/arch/sparc/include/asm/page_64.h
1000 +index bf109984a032..8c2a8c937540 100644
1001 +--- a/arch/sparc/include/asm/page_64.h
1002 ++++ b/arch/sparc/include/asm/page_64.h
1003 +@@ -57,18 +57,21 @@ void copy_user_page(void *to, void *from, unsigned long vaddr, struct page *topa
1004 + typedef struct { unsigned long pte; } pte_t;
1005 + typedef struct { unsigned long iopte; } iopte_t;
1006 + typedef struct { unsigned long pmd; } pmd_t;
1007 ++typedef struct { unsigned long pud; } pud_t;
1008 + typedef struct { unsigned long pgd; } pgd_t;
1009 + typedef struct { unsigned long pgprot; } pgprot_t;
1010 +
1011 + #define pte_val(x) ((x).pte)
1012 + #define iopte_val(x) ((x).iopte)
1013 + #define pmd_val(x) ((x).pmd)
1014 ++#define pud_val(x) ((x).pud)
1015 + #define pgd_val(x) ((x).pgd)
1016 + #define pgprot_val(x) ((x).pgprot)
1017 +
1018 + #define __pte(x) ((pte_t) { (x) } )
1019 + #define __iopte(x) ((iopte_t) { (x) } )
1020 + #define __pmd(x) ((pmd_t) { (x) } )
1021 ++#define __pud(x) ((pud_t) { (x) } )
1022 + #define __pgd(x) ((pgd_t) { (x) } )
1023 + #define __pgprot(x) ((pgprot_t) { (x) } )
1024 +
1025 +@@ -77,18 +80,21 @@ typedef struct { unsigned long pgprot; } pgprot_t;
1026 + typedef unsigned long pte_t;
1027 + typedef unsigned long iopte_t;
1028 + typedef unsigned long pmd_t;
1029 ++typedef unsigned long pud_t;
1030 + typedef unsigned long pgd_t;
1031 + typedef unsigned long pgprot_t;
1032 +
1033 + #define pte_val(x) (x)
1034 + #define iopte_val(x) (x)
1035 + #define pmd_val(x) (x)
1036 ++#define pud_val(x) (x)
1037 + #define pgd_val(x) (x)
1038 + #define pgprot_val(x) (x)
1039 +
1040 + #define __pte(x) (x)
1041 + #define __iopte(x) (x)
1042 + #define __pmd(x) (x)
1043 ++#define __pud(x) (x)
1044 + #define __pgd(x) (x)
1045 + #define __pgprot(x) (x)
1046 +
1047 +@@ -96,21 +102,14 @@ typedef unsigned long pgprot_t;
1048 +
1049 + typedef pte_t *pgtable_t;
1050 +
1051 +-/* These two values define the virtual address space range in which we
1052 +- * must forbid 64-bit user processes from making mappings. It used to
1053 +- * represent precisely the virtual address space hole present in most
1054 +- * early sparc64 chips including UltraSPARC-I. But now it also is
1055 +- * further constrained by the limits of our page tables, which is
1056 +- * 43-bits of virtual address.
1057 +- */
1058 +-#define SPARC64_VA_HOLE_TOP _AC(0xfffffc0000000000,UL)
1059 +-#define SPARC64_VA_HOLE_BOTTOM _AC(0x0000040000000000,UL)
1060 ++extern unsigned long sparc64_va_hole_top;
1061 ++extern unsigned long sparc64_va_hole_bottom;
1062 +
1063 + /* The next two defines specify the actual exclusion region we
1064 + * enforce, wherein we use a 4GB red zone on each side of the VA hole.
1065 + */
1066 +-#define VA_EXCLUDE_START (SPARC64_VA_HOLE_BOTTOM - (1UL << 32UL))
1067 +-#define VA_EXCLUDE_END (SPARC64_VA_HOLE_TOP + (1UL << 32UL))
1068 ++#define VA_EXCLUDE_START (sparc64_va_hole_bottom - (1UL << 32UL))
1069 ++#define VA_EXCLUDE_END (sparc64_va_hole_top + (1UL << 32UL))
1070 +
1071 + #define TASK_UNMAPPED_BASE (test_thread_flag(TIF_32BIT) ? \
1072 + _AC(0x0000000070000000,UL) : \
1073 +@@ -118,20 +117,16 @@ typedef pte_t *pgtable_t;
1074 +
1075 + #include <asm-generic/memory_model.h>
1076 +
1077 +-#define PAGE_OFFSET_BY_BITS(X) (-(_AC(1,UL) << (X)))
1078 + extern unsigned long PAGE_OFFSET;
1079 +
1080 + #endif /* !(__ASSEMBLY__) */
1081 +
1082 +-/* The maximum number of physical memory address bits we support, this
1083 +- * is used to size various tables used to manage kernel TLB misses and
1084 +- * also the sparsemem code.
1085 ++/* The maximum number of physical memory address bits we support. The
1086 ++ * largest value we can support is whatever "KPGD_SHIFT + KPTE_BITS"
1087 ++ * evaluates to.
1088 + */
1089 +-#define MAX_PHYS_ADDRESS_BITS 47
1090 ++#define MAX_PHYS_ADDRESS_BITS 53
1091 +
1092 +-/* These two shift counts are used when indexing sparc64_valid_addr_bitmap
1093 +- * and kpte_linear_bitmap.
1094 +- */
1095 + #define ILOG2_4MB 22
1096 + #define ILOG2_256MB 28
1097 +
1098 +diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
1099 +index 39a7ac49b00c..5e3187185b4a 100644
1100 +--- a/arch/sparc/include/asm/pgalloc_64.h
1101 ++++ b/arch/sparc/include/asm/pgalloc_64.h
1102 +@@ -15,6 +15,13 @@
1103 +
1104 + extern struct kmem_cache *pgtable_cache;
1105 +
1106 ++static inline void __pgd_populate(pgd_t *pgd, pud_t *pud)
1107 ++{
1108 ++ pgd_set(pgd, pud);
1109 ++}
1110 ++
1111 ++#define pgd_populate(MM, PGD, PUD) __pgd_populate(PGD, PUD)
1112 ++
1113 + static inline pgd_t *pgd_alloc(struct mm_struct *mm)
1114 + {
1115 + return kmem_cache_alloc(pgtable_cache, GFP_KERNEL);
1116 +@@ -25,7 +32,23 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
1117 + kmem_cache_free(pgtable_cache, pgd);
1118 + }
1119 +
1120 +-#define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD)
1121 ++static inline void __pud_populate(pud_t *pud, pmd_t *pmd)
1122 ++{
1123 ++ pud_set(pud, pmd);
1124 ++}
1125 ++
1126 ++#define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD)
1127 ++
1128 ++static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
1129 ++{
1130 ++ return kmem_cache_alloc(pgtable_cache,
1131 ++ GFP_KERNEL|__GFP_REPEAT);
1132 ++}
1133 ++
1134 ++static inline void pud_free(struct mm_struct *mm, pud_t *pud)
1135 ++{
1136 ++ kmem_cache_free(pgtable_cache, pud);
1137 ++}
1138 +
1139 + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
1140 + {
1141 +@@ -91,4 +114,7 @@ static inline void __pte_free_tlb(struct mmu_gather *tlb, pte_t *pte,
1142 + #define __pmd_free_tlb(tlb, pmd, addr) \
1143 + pgtable_free_tlb(tlb, pmd, false)
1144 +
1145 ++#define __pud_free_tlb(tlb, pud, addr) \
1146 ++ pgtable_free_tlb(tlb, pud, false)
1147 ++
1148 + #endif /* _SPARC64_PGALLOC_H */
1149 +diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
1150 +index 3770bf5c6e1b..bfeb626085ac 100644
1151 +--- a/arch/sparc/include/asm/pgtable_64.h
1152 ++++ b/arch/sparc/include/asm/pgtable_64.h
1153 +@@ -20,8 +20,6 @@
1154 + #include <asm/page.h>
1155 + #include <asm/processor.h>
1156 +
1157 +-#include <asm-generic/pgtable-nopud.h>
1158 +-
1159 + /* The kernel image occupies 0x4000000 to 0x6000000 (4MB --> 96MB).
1160 + * The page copy blockops can use 0x6000000 to 0x8000000.
1161 + * The 8K TSB is mapped in the 0x8000000 to 0x8400000 range.
1162 +@@ -42,10 +40,7 @@
1163 + #define LOW_OBP_ADDRESS _AC(0x00000000f0000000,UL)
1164 + #define HI_OBP_ADDRESS _AC(0x0000000100000000,UL)
1165 + #define VMALLOC_START _AC(0x0000000100000000,UL)
1166 +-#define VMALLOC_END _AC(0x0000010000000000,UL)
1167 +-#define VMEMMAP_BASE _AC(0x0000010000000000,UL)
1168 +-
1169 +-#define vmemmap ((struct page *)VMEMMAP_BASE)
1170 ++#define VMEMMAP_BASE VMALLOC_END
1171 +
1172 + /* PMD_SHIFT determines the size of the area a second-level page
1173 + * table can map
1174 +@@ -55,13 +50,25 @@
1175 + #define PMD_MASK (~(PMD_SIZE-1))
1176 + #define PMD_BITS (PAGE_SHIFT - 3)
1177 +
1178 +-/* PGDIR_SHIFT determines what a third-level page table entry can map */
1179 +-#define PGDIR_SHIFT (PAGE_SHIFT + (PAGE_SHIFT-3) + PMD_BITS)
1180 ++/* PUD_SHIFT determines the size of the area a third-level page
1181 ++ * table can map
1182 ++ */
1183 ++#define PUD_SHIFT (PMD_SHIFT + PMD_BITS)
1184 ++#define PUD_SIZE (_AC(1,UL) << PUD_SHIFT)
1185 ++#define PUD_MASK (~(PUD_SIZE-1))
1186 ++#define PUD_BITS (PAGE_SHIFT - 3)
1187 ++
1188 ++/* PGDIR_SHIFT determines what a fourth-level page table entry can map */
1189 ++#define PGDIR_SHIFT (PUD_SHIFT + PUD_BITS)
1190 + #define PGDIR_SIZE (_AC(1,UL) << PGDIR_SHIFT)
1191 + #define PGDIR_MASK (~(PGDIR_SIZE-1))
1192 + #define PGDIR_BITS (PAGE_SHIFT - 3)
1193 +
1194 +-#if (PGDIR_SHIFT + PGDIR_BITS) != 43
1195 ++#if (MAX_PHYS_ADDRESS_BITS > PGDIR_SHIFT + PGDIR_BITS)
1196 ++#error MAX_PHYS_ADDRESS_BITS exceeds what kernel page tables can support
1197 ++#endif
1198 ++
1199 ++#if (PGDIR_SHIFT + PGDIR_BITS) != 53
1200 + #error Page table parameters do not cover virtual address space properly.
1201 + #endif
1202 +
1203 +@@ -71,28 +78,18 @@
1204 +
1205 + #ifndef __ASSEMBLY__
1206 +
1207 +-#include <linux/sched.h>
1208 +-
1209 +-extern unsigned long sparc64_valid_addr_bitmap[];
1210 ++extern unsigned long VMALLOC_END;
1211 +
1212 +-/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
1213 +-static inline bool __kern_addr_valid(unsigned long paddr)
1214 +-{
1215 +- if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
1216 +- return false;
1217 +- return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
1218 +-}
1219 ++#define vmemmap ((struct page *)VMEMMAP_BASE)
1220 +
1221 +-static inline bool kern_addr_valid(unsigned long addr)
1222 +-{
1223 +- unsigned long paddr = __pa(addr);
1224 ++#include <linux/sched.h>
1225 +
1226 +- return __kern_addr_valid(paddr);
1227 +-}
1228 ++bool kern_addr_valid(unsigned long addr);
1229 +
1230 + /* Entries per page directory level. */
1231 + #define PTRS_PER_PTE (1UL << (PAGE_SHIFT-3))
1232 + #define PTRS_PER_PMD (1UL << PMD_BITS)
1233 ++#define PTRS_PER_PUD (1UL << PUD_BITS)
1234 + #define PTRS_PER_PGD (1UL << PGDIR_BITS)
1235 +
1236 + /* Kernel has a separate 44bit address space. */
1237 +@@ -101,6 +98,9 @@ static inline bool kern_addr_valid(unsigned long addr)
1238 + #define pmd_ERROR(e) \
1239 + pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n", \
1240 + __FILE__, __LINE__, &(e), pmd_val(e), __builtin_return_address(0))
1241 ++#define pud_ERROR(e) \
1242 ++ pr_err("%s:%d: bad pud %p(%016lx) seen at (%pS)\n", \
1243 ++ __FILE__, __LINE__, &(e), pud_val(e), __builtin_return_address(0))
1244 + #define pgd_ERROR(e) \
1245 + pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n", \
1246 + __FILE__, __LINE__, &(e), pgd_val(e), __builtin_return_address(0))
1247 +@@ -112,6 +112,7 @@ static inline bool kern_addr_valid(unsigned long addr)
1248 + #define _PAGE_R _AC(0x8000000000000000,UL) /* Keep ref bit uptodate*/
1249 + #define _PAGE_SPECIAL _AC(0x0200000000000000,UL) /* Special page */
1250 + #define _PAGE_PMD_HUGE _AC(0x0100000000000000,UL) /* Huge page */
1251 ++#define _PAGE_PUD_HUGE _PAGE_PMD_HUGE
1252 +
1253 + /* Advertise support for _PAGE_SPECIAL */
1254 + #define __HAVE_ARCH_PTE_SPECIAL
1255 +@@ -658,26 +659,26 @@ static inline unsigned long pmd_large(pmd_t pmd)
1256 + return pte_val(pte) & _PAGE_PMD_HUGE;
1257 + }
1258 +
1259 +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
1260 +-static inline unsigned long pmd_young(pmd_t pmd)
1261 ++static inline unsigned long pmd_pfn(pmd_t pmd)
1262 + {
1263 + pte_t pte = __pte(pmd_val(pmd));
1264 +
1265 +- return pte_young(pte);
1266 ++ return pte_pfn(pte);
1267 + }
1268 +
1269 +-static inline unsigned long pmd_write(pmd_t pmd)
1270 ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE
1271 ++static inline unsigned long pmd_young(pmd_t pmd)
1272 + {
1273 + pte_t pte = __pte(pmd_val(pmd));
1274 +
1275 +- return pte_write(pte);
1276 ++ return pte_young(pte);
1277 + }
1278 +
1279 +-static inline unsigned long pmd_pfn(pmd_t pmd)
1280 ++static inline unsigned long pmd_write(pmd_t pmd)
1281 + {
1282 + pte_t pte = __pte(pmd_val(pmd));
1283 +
1284 +- return pte_pfn(pte);
1285 ++ return pte_write(pte);
1286 + }
1287 +
1288 + static inline unsigned long pmd_trans_huge(pmd_t pmd)
1289 +@@ -771,13 +772,15 @@ static inline int pmd_present(pmd_t pmd)
1290 + * the top bits outside of the range of any physical address size we
1291 + * support are clear as well. We also validate the physical itself.
1292 + */
1293 +-#define pmd_bad(pmd) ((pmd_val(pmd) & ~PAGE_MASK) || \
1294 +- !__kern_addr_valid(pmd_val(pmd)))
1295 ++#define pmd_bad(pmd) (pmd_val(pmd) & ~PAGE_MASK)
1296 +
1297 + #define pud_none(pud) (!pud_val(pud))
1298 +
1299 +-#define pud_bad(pud) ((pud_val(pud) & ~PAGE_MASK) || \
1300 +- !__kern_addr_valid(pud_val(pud)))
1301 ++#define pud_bad(pud) (pud_val(pud) & ~PAGE_MASK)
1302 ++
1303 ++#define pgd_none(pgd) (!pgd_val(pgd))
1304 ++
1305 ++#define pgd_bad(pgd) (pgd_val(pgd) & ~PAGE_MASK)
1306 +
1307 + #ifdef CONFIG_TRANSPARENT_HUGEPAGE
1308 + void set_pmd_at(struct mm_struct *mm, unsigned long addr,
1309 +@@ -815,10 +818,31 @@ static inline unsigned long __pmd_page(pmd_t pmd)
1310 + #define pmd_clear(pmdp) (pmd_val(*(pmdp)) = 0UL)
1311 + #define pud_present(pud) (pud_val(pud) != 0U)
1312 + #define pud_clear(pudp) (pud_val(*(pudp)) = 0UL)
1313 ++#define pgd_page_vaddr(pgd) \
1314 ++ ((unsigned long) __va(pgd_val(pgd)))
1315 ++#define pgd_present(pgd) (pgd_val(pgd) != 0U)
1316 ++#define pgd_clear(pgdp) (pgd_val(*(pgd)) = 0UL)
1317 ++
1318 ++static inline unsigned long pud_large(pud_t pud)
1319 ++{
1320 ++ pte_t pte = __pte(pud_val(pud));
1321 ++
1322 ++ return pte_val(pte) & _PAGE_PMD_HUGE;
1323 ++}
1324 ++
1325 ++static inline unsigned long pud_pfn(pud_t pud)
1326 ++{
1327 ++ pte_t pte = __pte(pud_val(pud));
1328 ++
1329 ++ return pte_pfn(pte);
1330 ++}
1331 +
1332 + /* Same in both SUN4V and SUN4U. */
1333 + #define pte_none(pte) (!pte_val(pte))
1334 +
1335 ++#define pgd_set(pgdp, pudp) \
1336 ++ (pgd_val(*(pgdp)) = (__pa((unsigned long) (pudp))))
1337 ++
1338 + /* to find an entry in a page-table-directory. */
1339 + #define pgd_index(address) (((address) >> PGDIR_SHIFT) & (PTRS_PER_PGD - 1))
1340 + #define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address))
1341 +@@ -826,6 +850,11 @@ static inline unsigned long __pmd_page(pmd_t pmd)
1342 + /* to find an entry in a kernel page-table-directory */
1343 + #define pgd_offset_k(address) pgd_offset(&init_mm, address)
1344 +
1345 ++/* Find an entry in the third-level page table.. */
1346 ++#define pud_index(address) (((address) >> PUD_SHIFT) & (PTRS_PER_PUD - 1))
1347 ++#define pud_offset(pgdp, address) \
1348 ++ ((pud_t *) pgd_page_vaddr(*(pgdp)) + pud_index(address))
1349 ++
1350 + /* Find an entry in the second-level page table.. */
1351 + #define pmd_offset(pudp, address) \
1352 + ((pmd_t *) pud_page_vaddr(*(pudp)) + \
1353 +@@ -898,7 +927,6 @@ static inline void __set_pte_at(struct mm_struct *mm, unsigned long addr,
1354 + #endif
1355 +
1356 + extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
1357 +-extern pmd_t swapper_low_pmd_dir[PTRS_PER_PMD];
1358 +
1359 + void paging_init(void);
1360 + unsigned long find_ecache_flush_span(unsigned long size);
1361 +diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
1362 +index f5fffd84d0dd..29d64b1758ed 100644
1363 +--- a/arch/sparc/include/asm/setup.h
1364 ++++ b/arch/sparc/include/asm/setup.h
1365 +@@ -48,6 +48,8 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int);
1366 + #endif
1367 +
1368 + #ifdef CONFIG_SPARC64
1369 ++void __init start_early_boot(void);
1370 ++
1371 + /* unaligned_64.c */
1372 + int handle_ldf_stq(u32 insn, struct pt_regs *regs);
1373 + void handle_ld_nf(u32 insn, struct pt_regs *regs);
1374 +diff --git a/arch/sparc/include/asm/spitfire.h b/arch/sparc/include/asm/spitfire.h
1375 +index 3fc58691dbd0..56f933816144 100644
1376 +--- a/arch/sparc/include/asm/spitfire.h
1377 ++++ b/arch/sparc/include/asm/spitfire.h
1378 +@@ -45,6 +45,8 @@
1379 + #define SUN4V_CHIP_NIAGARA3 0x03
1380 + #define SUN4V_CHIP_NIAGARA4 0x04
1381 + #define SUN4V_CHIP_NIAGARA5 0x05
1382 ++#define SUN4V_CHIP_SPARC_M6 0x06
1383 ++#define SUN4V_CHIP_SPARC_M7 0x07
1384 + #define SUN4V_CHIP_SPARC64X 0x8a
1385 + #define SUN4V_CHIP_UNKNOWN 0xff
1386 +
1387 +diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
1388 +index a5f01ac6d0f1..cc6275c931a5 100644
1389 +--- a/arch/sparc/include/asm/thread_info_64.h
1390 ++++ b/arch/sparc/include/asm/thread_info_64.h
1391 +@@ -63,7 +63,8 @@ struct thread_info {
1392 + struct pt_regs *kern_una_regs;
1393 + unsigned int kern_una_insn;
1394 +
1395 +- unsigned long fpregs[0] __attribute__ ((aligned(64)));
1396 ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
1397 ++ __attribute__ ((aligned(64)));
1398 + };
1399 +
1400 + #endif /* !(__ASSEMBLY__) */
1401 +@@ -102,6 +103,7 @@ struct thread_info {
1402 + #define FAULT_CODE_ITLB 0x04 /* Miss happened in I-TLB */
1403 + #define FAULT_CODE_WINFIXUP 0x08 /* Miss happened during spill/fill */
1404 + #define FAULT_CODE_BLKCOMMIT 0x10 /* Use blk-commit ASI in copy_page */
1405 ++#define FAULT_CODE_BAD_RA 0x20 /* Bad RA for sun4v */
1406 +
1407 + #if PAGE_SHIFT == 13
1408 + #define THREAD_SIZE (2*PAGE_SIZE)
1409 +diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h
1410 +index 90916f955cac..ecb49cfa3be9 100644
1411 +--- a/arch/sparc/include/asm/tsb.h
1412 ++++ b/arch/sparc/include/asm/tsb.h
1413 +@@ -133,9 +133,24 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1414 + sub TSB, 0x8, TSB; \
1415 + TSB_STORE(TSB, TAG);
1416 +
1417 +- /* Do a kernel page table walk. Leaves physical PTE pointer in
1418 +- * REG1. Jumps to FAIL_LABEL on early page table walk termination.
1419 +- * VADDR will not be clobbered, but REG2 will.
1420 ++ /* Do a kernel page table walk. Leaves valid PTE value in
1421 ++ * REG1. Jumps to FAIL_LABEL on early page table walk
1422 ++ * termination. VADDR will not be clobbered, but REG2 will.
1423 ++ *
1424 ++ * There are two masks we must apply to propagate bits from
1425 ++ * the virtual address into the PTE physical address field
1426 ++ * when dealing with huge pages. This is because the page
1427 ++ * table boundaries do not match the huge page size(s) the
1428 ++ * hardware supports.
1429 ++ *
1430 ++ * In these cases we propagate the bits that are below the
1431 ++ * page table level where we saw the huge page mapping, but
1432 ++ * are still within the relevant physical bits for the huge
1433 ++ * page size in question. So for PMD mappings (which fall on
1434 ++ * bit 23, for 8MB per PMD) we must propagate bit 22 for a
1435 ++ * 4MB huge page. For huge PUDs (which fall on bit 33, for
1436 ++ * 8GB per PUD), we have to accomodate 256MB and 2GB huge
1437 ++ * pages. So for those we propagate bits 32 to 28.
1438 + */
1439 + #define KERN_PGTABLE_WALK(VADDR, REG1, REG2, FAIL_LABEL) \
1440 + sethi %hi(swapper_pg_dir), REG1; \
1441 +@@ -145,15 +160,40 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1442 + andn REG2, 0x7, REG2; \
1443 + ldx [REG1 + REG2], REG1; \
1444 + brz,pn REG1, FAIL_LABEL; \
1445 +- sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1446 ++ sllx VADDR, 64 - (PUD_SHIFT + PUD_BITS), REG2; \
1447 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1448 + andn REG2, 0x7, REG2; \
1449 + ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1450 + brz,pn REG1, FAIL_LABEL; \
1451 +- sllx VADDR, 64 - PMD_SHIFT, REG2; \
1452 ++ sethi %uhi(_PAGE_PUD_HUGE), REG2; \
1453 ++ brz,pn REG1, FAIL_LABEL; \
1454 ++ sllx REG2, 32, REG2; \
1455 ++ andcc REG1, REG2, %g0; \
1456 ++ sethi %hi(0xf8000000), REG2; \
1457 ++ bne,pt %xcc, 697f; \
1458 ++ sllx REG2, 1, REG2; \
1459 ++ sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1460 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1461 + andn REG2, 0x7, REG2; \
1462 +- add REG1, REG2, REG1;
1463 ++ ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1464 ++ sethi %uhi(_PAGE_PMD_HUGE), REG2; \
1465 ++ brz,pn REG1, FAIL_LABEL; \
1466 ++ sllx REG2, 32, REG2; \
1467 ++ andcc REG1, REG2, %g0; \
1468 ++ be,pn %xcc, 698f; \
1469 ++ sethi %hi(0x400000), REG2; \
1470 ++697: brgez,pn REG1, FAIL_LABEL; \
1471 ++ andn REG1, REG2, REG1; \
1472 ++ and VADDR, REG2, REG2; \
1473 ++ ba,pt %xcc, 699f; \
1474 ++ or REG1, REG2, REG1; \
1475 ++698: sllx VADDR, 64 - PMD_SHIFT, REG2; \
1476 ++ srlx REG2, 64 - PAGE_SHIFT, REG2; \
1477 ++ andn REG2, 0x7, REG2; \
1478 ++ ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1479 ++ brgez,pn REG1, FAIL_LABEL; \
1480 ++ nop; \
1481 ++699:
1482 +
1483 + /* PMD has been loaded into REG1, interpret the value, seeing
1484 + * if it is a HUGE PMD or a normal one. If it is not valid
1485 +@@ -198,6 +238,11 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1486 + andn REG2, 0x7, REG2; \
1487 + ldxa [PHYS_PGD + REG2] ASI_PHYS_USE_EC, REG1; \
1488 + brz,pn REG1, FAIL_LABEL; \
1489 ++ sllx VADDR, 64 - (PUD_SHIFT + PUD_BITS), REG2; \
1490 ++ srlx REG2, 64 - PAGE_SHIFT, REG2; \
1491 ++ andn REG2, 0x7, REG2; \
1492 ++ ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1493 ++ brz,pn REG1, FAIL_LABEL; \
1494 + sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1495 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1496 + andn REG2, 0x7, REG2; \
1497 +@@ -246,8 +291,6 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1498 + (KERNEL_TSB_SIZE_BYTES / 16)
1499 + #define KERNEL_TSB4M_NENTRIES 4096
1500 +
1501 +-#define KTSB_PHYS_SHIFT 15
1502 +-
1503 + /* Do a kernel TSB lookup at tl>0 on VADDR+TAG, branch to OK_LABEL
1504 + * on TSB hit. REG1, REG2, REG3, and REG4 are used as temporaries
1505 + * and the found TTE will be left in REG1. REG3 and REG4 must
1506 +@@ -256,17 +299,15 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1507 + * VADDR and TAG will be preserved and not clobbered by this macro.
1508 + */
1509 + #define KERN_TSB_LOOKUP_TL1(VADDR, TAG, REG1, REG2, REG3, REG4, OK_LABEL) \
1510 +-661: sethi %hi(swapper_tsb), REG1; \
1511 +- or REG1, %lo(swapper_tsb), REG1; \
1512 ++661: sethi %uhi(swapper_tsb), REG1; \
1513 ++ sethi %hi(swapper_tsb), REG2; \
1514 ++ or REG1, %ulo(swapper_tsb), REG1; \
1515 ++ or REG2, %lo(swapper_tsb), REG2; \
1516 + .section .swapper_tsb_phys_patch, "ax"; \
1517 + .word 661b; \
1518 + .previous; \
1519 +-661: nop; \
1520 +- .section .tsb_ldquad_phys_patch, "ax"; \
1521 +- .word 661b; \
1522 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1523 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1524 +- .previous; \
1525 ++ sllx REG1, 32, REG1; \
1526 ++ or REG1, REG2, REG1; \
1527 + srlx VADDR, PAGE_SHIFT, REG2; \
1528 + and REG2, (KERNEL_TSB_NENTRIES - 1), REG2; \
1529 + sllx REG2, 4, REG2; \
1530 +@@ -281,17 +322,15 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1531 + * we can make use of that for the index computation.
1532 + */
1533 + #define KERN_TSB4M_LOOKUP_TL1(TAG, REG1, REG2, REG3, REG4, OK_LABEL) \
1534 +-661: sethi %hi(swapper_4m_tsb), REG1; \
1535 +- or REG1, %lo(swapper_4m_tsb), REG1; \
1536 ++661: sethi %uhi(swapper_4m_tsb), REG1; \
1537 ++ sethi %hi(swapper_4m_tsb), REG2; \
1538 ++ or REG1, %ulo(swapper_4m_tsb), REG1; \
1539 ++ or REG2, %lo(swapper_4m_tsb), REG2; \
1540 + .section .swapper_4m_tsb_phys_patch, "ax"; \
1541 + .word 661b; \
1542 + .previous; \
1543 +-661: nop; \
1544 +- .section .tsb_ldquad_phys_patch, "ax"; \
1545 +- .word 661b; \
1546 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1547 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1548 +- .previous; \
1549 ++ sllx REG1, 32, REG1; \
1550 ++ or REG1, REG2, REG1; \
1551 + and TAG, (KERNEL_TSB4M_NENTRIES - 1), REG2; \
1552 + sllx REG2, 4, REG2; \
1553 + add REG1, REG2, REG2; \
1554 +diff --git a/arch/sparc/include/asm/visasm.h b/arch/sparc/include/asm/visasm.h
1555 +index b26673759283..1f0aa2024e94 100644
1556 +--- a/arch/sparc/include/asm/visasm.h
1557 ++++ b/arch/sparc/include/asm/visasm.h
1558 +@@ -39,6 +39,14 @@
1559 + 297: wr %o5, FPRS_FEF, %fprs; \
1560 + 298:
1561 +
1562 ++#define VISEntryHalfFast(fail_label) \
1563 ++ rd %fprs, %o5; \
1564 ++ andcc %o5, FPRS_FEF, %g0; \
1565 ++ be,pt %icc, 297f; \
1566 ++ nop; \
1567 ++ ba,a,pt %xcc, fail_label; \
1568 ++297: wr %o5, FPRS_FEF, %fprs;
1569 ++
1570 + #define VISExitHalf \
1571 + wr %o5, 0, %fprs;
1572 +
1573 +diff --git a/arch/sparc/kernel/cpu.c b/arch/sparc/kernel/cpu.c
1574 +index 82a3a71c451e..dfad8b1aea9f 100644
1575 +--- a/arch/sparc/kernel/cpu.c
1576 ++++ b/arch/sparc/kernel/cpu.c
1577 +@@ -494,6 +494,18 @@ static void __init sun4v_cpu_probe(void)
1578 + sparc_pmu_type = "niagara5";
1579 + break;
1580 +
1581 ++ case SUN4V_CHIP_SPARC_M6:
1582 ++ sparc_cpu_type = "SPARC-M6";
1583 ++ sparc_fpu_type = "SPARC-M6 integrated FPU";
1584 ++ sparc_pmu_type = "sparc-m6";
1585 ++ break;
1586 ++
1587 ++ case SUN4V_CHIP_SPARC_M7:
1588 ++ sparc_cpu_type = "SPARC-M7";
1589 ++ sparc_fpu_type = "SPARC-M7 integrated FPU";
1590 ++ sparc_pmu_type = "sparc-m7";
1591 ++ break;
1592 ++
1593 + case SUN4V_CHIP_SPARC64X:
1594 + sparc_cpu_type = "SPARC64-X";
1595 + sparc_fpu_type = "SPARC64-X integrated FPU";
1596 +diff --git a/arch/sparc/kernel/cpumap.c b/arch/sparc/kernel/cpumap.c
1597 +index de1c844dfabc..e69ec0e3f155 100644
1598 +--- a/arch/sparc/kernel/cpumap.c
1599 ++++ b/arch/sparc/kernel/cpumap.c
1600 +@@ -326,6 +326,8 @@ static int iterate_cpu(struct cpuinfo_tree *t, unsigned int root_index)
1601 + case SUN4V_CHIP_NIAGARA3:
1602 + case SUN4V_CHIP_NIAGARA4:
1603 + case SUN4V_CHIP_NIAGARA5:
1604 ++ case SUN4V_CHIP_SPARC_M6:
1605 ++ case SUN4V_CHIP_SPARC_M7:
1606 + case SUN4V_CHIP_SPARC64X:
1607 + rover_inc_table = niagara_iterate_method;
1608 + break;
1609 +diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c
1610 +index dff60abbea01..f87a55d77094 100644
1611 +--- a/arch/sparc/kernel/ds.c
1612 ++++ b/arch/sparc/kernel/ds.c
1613 +@@ -1200,14 +1200,14 @@ static int ds_probe(struct vio_dev *vdev, const struct vio_device_id *id)
1614 + ds_cfg.tx_irq = vdev->tx_irq;
1615 + ds_cfg.rx_irq = vdev->rx_irq;
1616 +
1617 +- lp = ldc_alloc(vdev->channel_id, &ds_cfg, dp);
1618 ++ lp = ldc_alloc(vdev->channel_id, &ds_cfg, dp, "DS");
1619 + if (IS_ERR(lp)) {
1620 + err = PTR_ERR(lp);
1621 + goto out_free_ds_states;
1622 + }
1623 + dp->lp = lp;
1624 +
1625 +- err = ldc_bind(lp, "DS");
1626 ++ err = ldc_bind(lp);
1627 + if (err)
1628 + goto out_free_ldc;
1629 +
1630 +diff --git a/arch/sparc/kernel/dtlb_prot.S b/arch/sparc/kernel/dtlb_prot.S
1631 +index b2c2c5be281c..d668ca149e64 100644
1632 +--- a/arch/sparc/kernel/dtlb_prot.S
1633 ++++ b/arch/sparc/kernel/dtlb_prot.S
1634 +@@ -24,11 +24,11 @@
1635 + mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr
1636 +
1637 + /* PROT ** ICACHE line 2: More real fault processing */
1638 ++ ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
1639 + bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup
1640 +- ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
1641 +- ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
1642 + mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4
1643 +- nop
1644 ++ ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
1645 ++ nop
1646 + nop
1647 + nop
1648 + nop
1649 +diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
1650 +index ebaba6167dd4..88d322b67fac 100644
1651 +--- a/arch/sparc/kernel/entry.h
1652 ++++ b/arch/sparc/kernel/entry.h
1653 +@@ -65,13 +65,10 @@ struct pause_patch_entry {
1654 + extern struct pause_patch_entry __pause_3insn_patch,
1655 + __pause_3insn_patch_end;
1656 +
1657 +-void __init per_cpu_patch(void);
1658 + void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
1659 + struct sun4v_1insn_patch_entry *);
1660 + void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
1661 + struct sun4v_2insn_patch_entry *);
1662 +-void __init sun4v_patch(void);
1663 +-void __init boot_cpu_id_too_large(int cpu);
1664 + extern unsigned int dcache_parity_tl1_occurred;
1665 + extern unsigned int icache_parity_tl1_occurred;
1666 +
1667 +diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
1668 +index 452f04fe8da6..3d61fcae7ee3 100644
1669 +--- a/arch/sparc/kernel/head_64.S
1670 ++++ b/arch/sparc/kernel/head_64.S
1671 +@@ -427,6 +427,12 @@ sun4v_chip_type:
1672 + cmp %g2, '5'
1673 + be,pt %xcc, 5f
1674 + mov SUN4V_CHIP_NIAGARA5, %g4
1675 ++ cmp %g2, '6'
1676 ++ be,pt %xcc, 5f
1677 ++ mov SUN4V_CHIP_SPARC_M6, %g4
1678 ++ cmp %g2, '7'
1679 ++ be,pt %xcc, 5f
1680 ++ mov SUN4V_CHIP_SPARC_M7, %g4
1681 + ba,pt %xcc, 49f
1682 + nop
1683 +
1684 +@@ -585,6 +591,12 @@ niagara_tlb_fixup:
1685 + cmp %g1, SUN4V_CHIP_NIAGARA5
1686 + be,pt %xcc, niagara4_patch
1687 + nop
1688 ++ cmp %g1, SUN4V_CHIP_SPARC_M6
1689 ++ be,pt %xcc, niagara4_patch
1690 ++ nop
1691 ++ cmp %g1, SUN4V_CHIP_SPARC_M7
1692 ++ be,pt %xcc, niagara4_patch
1693 ++ nop
1694 +
1695 + call generic_patch_copyops
1696 + nop
1697 +@@ -660,14 +672,12 @@ tlb_fixup_done:
1698 + sethi %hi(init_thread_union), %g6
1699 + or %g6, %lo(init_thread_union), %g6
1700 + ldx [%g6 + TI_TASK], %g4
1701 +- mov %sp, %l6
1702 +
1703 + wr %g0, ASI_P, %asi
1704 + mov 1, %g1
1705 + sllx %g1, THREAD_SHIFT, %g1
1706 + sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
1707 + add %g6, %g1, %sp
1708 +- mov 0, %fp
1709 +
1710 + /* Set per-cpu pointer initially to zero, this makes
1711 + * the boot-cpu use the in-kernel-image per-cpu areas
1712 +@@ -694,44 +704,14 @@ tlb_fixup_done:
1713 + nop
1714 + #endif
1715 +
1716 +- mov %l6, %o1 ! OpenPROM stack
1717 + call prom_init
1718 + mov %l7, %o0 ! OpenPROM cif handler
1719 +
1720 +- /* Initialize current_thread_info()->cpu as early as possible.
1721 +- * In order to do that accurately we have to patch up the get_cpuid()
1722 +- * assembler sequences. And that, in turn, requires that we know
1723 +- * if we are on a Starfire box or not. While we're here, patch up
1724 +- * the sun4v sequences as well.
1725 ++ /* To create a one-register-window buffer between the kernel's
1726 ++ * initial stack and the last stack frame we use from the firmware,
1727 ++ * do the rest of the boot from a C helper function.
1728 + */
1729 +- call check_if_starfire
1730 +- nop
1731 +- call per_cpu_patch
1732 +- nop
1733 +- call sun4v_patch
1734 +- nop
1735 +-
1736 +-#ifdef CONFIG_SMP
1737 +- call hard_smp_processor_id
1738 +- nop
1739 +- cmp %o0, NR_CPUS
1740 +- blu,pt %xcc, 1f
1741 +- nop
1742 +- call boot_cpu_id_too_large
1743 +- nop
1744 +- /* Not reached... */
1745 +-
1746 +-1:
1747 +-#else
1748 +- mov 0, %o0
1749 +-#endif
1750 +- sth %o0, [%g6 + TI_CPU]
1751 +-
1752 +- call prom_init_report
1753 +- nop
1754 +-
1755 +- /* Off we go.... */
1756 +- call start_kernel
1757 ++ call start_early_boot
1758 + nop
1759 + /* Not reached... */
1760 +
1761 +diff --git a/arch/sparc/kernel/hvapi.c b/arch/sparc/kernel/hvapi.c
1762 +index c0a2de0fd624..5c55145bfbf0 100644
1763 +--- a/arch/sparc/kernel/hvapi.c
1764 ++++ b/arch/sparc/kernel/hvapi.c
1765 +@@ -46,6 +46,7 @@ static struct api_info api_table[] = {
1766 + { .group = HV_GRP_VF_CPU, },
1767 + { .group = HV_GRP_KT_CPU, },
1768 + { .group = HV_GRP_VT_CPU, },
1769 ++ { .group = HV_GRP_T5_CPU, },
1770 + { .group = HV_GRP_DIAG, .flags = FLAG_PRE_API },
1771 + };
1772 +
1773 +diff --git a/arch/sparc/kernel/hvcalls.S b/arch/sparc/kernel/hvcalls.S
1774 +index f3ab509b76a8..caedf8320416 100644
1775 +--- a/arch/sparc/kernel/hvcalls.S
1776 ++++ b/arch/sparc/kernel/hvcalls.S
1777 +@@ -821,3 +821,19 @@ ENTRY(sun4v_vt_set_perfreg)
1778 + retl
1779 + nop
1780 + ENDPROC(sun4v_vt_set_perfreg)
1781 ++
1782 ++ENTRY(sun4v_t5_get_perfreg)
1783 ++ mov %o1, %o4
1784 ++ mov HV_FAST_T5_GET_PERFREG, %o5
1785 ++ ta HV_FAST_TRAP
1786 ++ stx %o1, [%o4]
1787 ++ retl
1788 ++ nop
1789 ++ENDPROC(sun4v_t5_get_perfreg)
1790 ++
1791 ++ENTRY(sun4v_t5_set_perfreg)
1792 ++ mov HV_FAST_T5_SET_PERFREG, %o5
1793 ++ ta HV_FAST_TRAP
1794 ++ retl
1795 ++ nop
1796 ++ENDPROC(sun4v_t5_set_perfreg)
1797 +diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
1798 +index b7ddcdd1dea9..cdbfec299f2f 100644
1799 +--- a/arch/sparc/kernel/hvtramp.S
1800 ++++ b/arch/sparc/kernel/hvtramp.S
1801 +@@ -109,7 +109,6 @@ hv_cpu_startup:
1802 + sllx %g5, THREAD_SHIFT, %g5
1803 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
1804 + add %g6, %g5, %sp
1805 +- mov 0, %fp
1806 +
1807 + call init_irqwork_curcpu
1808 + nop
1809 +diff --git a/arch/sparc/kernel/ioport.c b/arch/sparc/kernel/ioport.c
1810 +index 7f08ec8a7c68..28fed53b13a0 100644
1811 +--- a/arch/sparc/kernel/ioport.c
1812 ++++ b/arch/sparc/kernel/ioport.c
1813 +@@ -278,7 +278,8 @@ static void *sbus_alloc_coherent(struct device *dev, size_t len,
1814 + }
1815 +
1816 + order = get_order(len_total);
1817 +- if ((va = __get_free_pages(GFP_KERNEL|__GFP_COMP, order)) == 0)
1818 ++ va = __get_free_pages(gfp, order);
1819 ++ if (va == 0)
1820 + goto err_nopages;
1821 +
1822 + if ((res = kzalloc(sizeof(struct resource), GFP_KERNEL)) == NULL)
1823 +@@ -443,7 +444,7 @@ static void *pci32_alloc_coherent(struct device *dev, size_t len,
1824 + }
1825 +
1826 + order = get_order(len_total);
1827 +- va = (void *) __get_free_pages(GFP_KERNEL, order);
1828 ++ va = (void *) __get_free_pages(gfp, order);
1829 + if (va == NULL) {
1830 + printk("pci_alloc_consistent: no %ld pages\n", len_total>>PAGE_SHIFT);
1831 + goto err_nopages;
1832 +diff --git a/arch/sparc/kernel/irq_64.c b/arch/sparc/kernel/irq_64.c
1833 +index 666193f4e8bb..4033c23bdfa6 100644
1834 +--- a/arch/sparc/kernel/irq_64.c
1835 ++++ b/arch/sparc/kernel/irq_64.c
1836 +@@ -47,8 +47,6 @@
1837 + #include "cpumap.h"
1838 + #include "kstack.h"
1839 +
1840 +-#define NUM_IVECS (IMAP_INR + 1)
1841 +-
1842 + struct ino_bucket *ivector_table;
1843 + unsigned long ivector_table_pa;
1844 +
1845 +@@ -107,55 +105,196 @@ static void bucket_set_irq(unsigned long bucket_pa, unsigned int irq)
1846 +
1847 + #define irq_work_pa(__cpu) &(trap_block[(__cpu)].irq_worklist_pa)
1848 +
1849 +-static struct {
1850 +- unsigned int dev_handle;
1851 +- unsigned int dev_ino;
1852 +- unsigned int in_use;
1853 +-} irq_table[NR_IRQS];
1854 +-static DEFINE_SPINLOCK(irq_alloc_lock);
1855 ++static unsigned long hvirq_major __initdata;
1856 ++static int __init early_hvirq_major(char *p)
1857 ++{
1858 ++ int rc = kstrtoul(p, 10, &hvirq_major);
1859 ++
1860 ++ return rc;
1861 ++}
1862 ++early_param("hvirq", early_hvirq_major);
1863 ++
1864 ++static int hv_irq_version;
1865 ++
1866 ++/* Major version 2.0 of HV_GRP_INTR added support for the VIRQ cookie
1867 ++ * based interfaces, but:
1868 ++ *
1869 ++ * 1) Several OSs, Solaris and Linux included, use them even when only
1870 ++ * negotiating version 1.0 (or failing to negotiate at all). So the
1871 ++ * hypervisor has a workaround that provides the VIRQ interfaces even
1872 ++ * when only verion 1.0 of the API is in use.
1873 ++ *
1874 ++ * 2) Second, and more importantly, with major version 2.0 these VIRQ
1875 ++ * interfaces only were actually hooked up for LDC interrupts, even
1876 ++ * though the Hypervisor specification clearly stated:
1877 ++ *
1878 ++ * The new interrupt API functions will be available to a guest
1879 ++ * when it negotiates version 2.0 in the interrupt API group 0x2. When
1880 ++ * a guest negotiates version 2.0, all interrupt sources will only
1881 ++ * support using the cookie interface, and any attempt to use the
1882 ++ * version 1.0 interrupt APIs numbered 0xa0 to 0xa6 will result in the
1883 ++ * ENOTSUPPORTED error being returned.
1884 ++ *
1885 ++ * with an emphasis on "all interrupt sources".
1886 ++ *
1887 ++ * To correct this, major version 3.0 was created which does actually
1888 ++ * support VIRQs for all interrupt sources (not just LDC devices). So
1889 ++ * if we want to move completely over the cookie based VIRQs we must
1890 ++ * negotiate major version 3.0 or later of HV_GRP_INTR.
1891 ++ */
1892 ++static bool sun4v_cookie_only_virqs(void)
1893 ++{
1894 ++ if (hv_irq_version >= 3)
1895 ++ return true;
1896 ++ return false;
1897 ++}
1898 +
1899 +-unsigned char irq_alloc(unsigned int dev_handle, unsigned int dev_ino)
1900 ++static void __init irq_init_hv(void)
1901 + {
1902 +- unsigned long flags;
1903 +- unsigned char ent;
1904 ++ unsigned long hv_error, major, minor = 0;
1905 ++
1906 ++ if (tlb_type != hypervisor)
1907 ++ return;
1908 +
1909 +- BUILD_BUG_ON(NR_IRQS >= 256);
1910 ++ if (hvirq_major)
1911 ++ major = hvirq_major;
1912 ++ else
1913 ++ major = 3;
1914 +
1915 +- spin_lock_irqsave(&irq_alloc_lock, flags);
1916 ++ hv_error = sun4v_hvapi_register(HV_GRP_INTR, major, &minor);
1917 ++ if (!hv_error)
1918 ++ hv_irq_version = major;
1919 ++ else
1920 ++ hv_irq_version = 1;
1921 +
1922 +- for (ent = 1; ent < NR_IRQS; ent++) {
1923 +- if (!irq_table[ent].in_use)
1924 ++ pr_info("SUN4V: Using IRQ API major %d, cookie only virqs %s\n",
1925 ++ hv_irq_version,
1926 ++ sun4v_cookie_only_virqs() ? "enabled" : "disabled");
1927 ++}
1928 ++
1929 ++/* This function is for the timer interrupt.*/
1930 ++int __init arch_probe_nr_irqs(void)
1931 ++{
1932 ++ return 1;
1933 ++}
1934 ++
1935 ++#define DEFAULT_NUM_IVECS (0xfffU)
1936 ++static unsigned int nr_ivec = DEFAULT_NUM_IVECS;
1937 ++#define NUM_IVECS (nr_ivec)
1938 ++
1939 ++static unsigned int __init size_nr_ivec(void)
1940 ++{
1941 ++ if (tlb_type == hypervisor) {
1942 ++ switch (sun4v_chip_type) {
1943 ++ /* Athena's devhandle|devino is large.*/
1944 ++ case SUN4V_CHIP_SPARC64X:
1945 ++ nr_ivec = 0xffff;
1946 + break;
1947 ++ }
1948 + }
1949 +- if (ent >= NR_IRQS) {
1950 +- printk(KERN_ERR "IRQ: Out of virtual IRQs.\n");
1951 +- ent = 0;
1952 +- } else {
1953 +- irq_table[ent].dev_handle = dev_handle;
1954 +- irq_table[ent].dev_ino = dev_ino;
1955 +- irq_table[ent].in_use = 1;
1956 +- }
1957 ++ return nr_ivec;
1958 ++}
1959 ++
1960 ++struct irq_handler_data {
1961 ++ union {
1962 ++ struct {
1963 ++ unsigned int dev_handle;
1964 ++ unsigned int dev_ino;
1965 ++ };
1966 ++ unsigned long sysino;
1967 ++ };
1968 ++ struct ino_bucket bucket;
1969 ++ unsigned long iclr;
1970 ++ unsigned long imap;
1971 ++};
1972 ++
1973 ++static inline unsigned int irq_data_to_handle(struct irq_data *data)
1974 ++{
1975 ++ struct irq_handler_data *ihd = data->handler_data;
1976 ++
1977 ++ return ihd->dev_handle;
1978 ++}
1979 ++
1980 ++static inline unsigned int irq_data_to_ino(struct irq_data *data)
1981 ++{
1982 ++ struct irq_handler_data *ihd = data->handler_data;
1983 +
1984 +- spin_unlock_irqrestore(&irq_alloc_lock, flags);
1985 ++ return ihd->dev_ino;
1986 ++}
1987 ++
1988 ++static inline unsigned long irq_data_to_sysino(struct irq_data *data)
1989 ++{
1990 ++ struct irq_handler_data *ihd = data->handler_data;
1991 +
1992 +- return ent;
1993 ++ return ihd->sysino;
1994 + }
1995 +
1996 +-#ifdef CONFIG_PCI_MSI
1997 + void irq_free(unsigned int irq)
1998 + {
1999 +- unsigned long flags;
2000 ++ void *data = irq_get_handler_data(irq);
2001 +
2002 +- if (irq >= NR_IRQS)
2003 +- return;
2004 ++ kfree(data);
2005 ++ irq_set_handler_data(irq, NULL);
2006 ++ irq_free_descs(irq, 1);
2007 ++}
2008 +
2009 +- spin_lock_irqsave(&irq_alloc_lock, flags);
2010 ++unsigned int irq_alloc(unsigned int dev_handle, unsigned int dev_ino)
2011 ++{
2012 ++ int irq;
2013 +
2014 +- irq_table[irq].in_use = 0;
2015 ++ irq = __irq_alloc_descs(-1, 1, 1, numa_node_id(), NULL);
2016 ++ if (irq <= 0)
2017 ++ goto out;
2018 +
2019 +- spin_unlock_irqrestore(&irq_alloc_lock, flags);
2020 ++ return irq;
2021 ++out:
2022 ++ return 0;
2023 ++}
2024 ++
2025 ++static unsigned int cookie_exists(u32 devhandle, unsigned int devino)
2026 ++{
2027 ++ unsigned long hv_err, cookie;
2028 ++ struct ino_bucket *bucket;
2029 ++ unsigned int irq = 0U;
2030 ++
2031 ++ hv_err = sun4v_vintr_get_cookie(devhandle, devino, &cookie);
2032 ++ if (hv_err) {
2033 ++ pr_err("HV get cookie failed hv_err = %ld\n", hv_err);
2034 ++ goto out;
2035 ++ }
2036 ++
2037 ++ if (cookie & ((1UL << 63UL))) {
2038 ++ cookie = ~cookie;
2039 ++ bucket = (struct ino_bucket *) __va(cookie);
2040 ++ irq = bucket->__irq;
2041 ++ }
2042 ++out:
2043 ++ return irq;
2044 ++}
2045 ++
2046 ++static unsigned int sysino_exists(u32 devhandle, unsigned int devino)
2047 ++{
2048 ++ unsigned long sysino = sun4v_devino_to_sysino(devhandle, devino);
2049 ++ struct ino_bucket *bucket;
2050 ++ unsigned int irq;
2051 ++
2052 ++ bucket = &ivector_table[sysino];
2053 ++ irq = bucket_get_irq(__pa(bucket));
2054 ++
2055 ++ return irq;
2056 ++}
2057 ++
2058 ++void ack_bad_irq(unsigned int irq)
2059 ++{
2060 ++ pr_crit("BAD IRQ ack %d\n", irq);
2061 ++}
2062 ++
2063 ++void irq_install_pre_handler(int irq,
2064 ++ void (*func)(unsigned int, void *, void *),
2065 ++ void *arg1, void *arg2)
2066 ++{
2067 ++ pr_warn("IRQ pre handler NOT supported.\n");
2068 + }
2069 +-#endif
2070 +
2071 + /*
2072 + * /proc/interrupts printing:
2073 +@@ -206,15 +345,6 @@ static unsigned int sun4u_compute_tid(unsigned long imap, unsigned long cpuid)
2074 + return tid;
2075 + }
2076 +
2077 +-struct irq_handler_data {
2078 +- unsigned long iclr;
2079 +- unsigned long imap;
2080 +-
2081 +- void (*pre_handler)(unsigned int, void *, void *);
2082 +- void *arg1;
2083 +- void *arg2;
2084 +-};
2085 +-
2086 + #ifdef CONFIG_SMP
2087 + static int irq_choose_cpu(unsigned int irq, const struct cpumask *affinity)
2088 + {
2089 +@@ -316,8 +446,8 @@ static void sun4u_irq_eoi(struct irq_data *data)
2090 +
2091 + static void sun4v_irq_enable(struct irq_data *data)
2092 + {
2093 +- unsigned int ino = irq_table[data->irq].dev_ino;
2094 + unsigned long cpuid = irq_choose_cpu(data->irq, data->affinity);
2095 ++ unsigned int ino = irq_data_to_sysino(data);
2096 + int err;
2097 +
2098 + err = sun4v_intr_settarget(ino, cpuid);
2099 +@@ -337,8 +467,8 @@ static void sun4v_irq_enable(struct irq_data *data)
2100 + static int sun4v_set_affinity(struct irq_data *data,
2101 + const struct cpumask *mask, bool force)
2102 + {
2103 +- unsigned int ino = irq_table[data->irq].dev_ino;
2104 + unsigned long cpuid = irq_choose_cpu(data->irq, mask);
2105 ++ unsigned int ino = irq_data_to_sysino(data);
2106 + int err;
2107 +
2108 + err = sun4v_intr_settarget(ino, cpuid);
2109 +@@ -351,7 +481,7 @@ static int sun4v_set_affinity(struct irq_data *data,
2110 +
2111 + static void sun4v_irq_disable(struct irq_data *data)
2112 + {
2113 +- unsigned int ino = irq_table[data->irq].dev_ino;
2114 ++ unsigned int ino = irq_data_to_sysino(data);
2115 + int err;
2116 +
2117 + err = sun4v_intr_setenabled(ino, HV_INTR_DISABLED);
2118 +@@ -362,7 +492,7 @@ static void sun4v_irq_disable(struct irq_data *data)
2119 +
2120 + static void sun4v_irq_eoi(struct irq_data *data)
2121 + {
2122 +- unsigned int ino = irq_table[data->irq].dev_ino;
2123 ++ unsigned int ino = irq_data_to_sysino(data);
2124 + int err;
2125 +
2126 + err = sun4v_intr_setstate(ino, HV_INTR_STATE_IDLE);
2127 +@@ -373,14 +503,13 @@ static void sun4v_irq_eoi(struct irq_data *data)
2128 +
2129 + static void sun4v_virq_enable(struct irq_data *data)
2130 + {
2131 +- unsigned long cpuid, dev_handle, dev_ino;
2132 ++ unsigned long dev_handle = irq_data_to_handle(data);
2133 ++ unsigned long dev_ino = irq_data_to_ino(data);
2134 ++ unsigned long cpuid;
2135 + int err;
2136 +
2137 + cpuid = irq_choose_cpu(data->irq, data->affinity);
2138 +
2139 +- dev_handle = irq_table[data->irq].dev_handle;
2140 +- dev_ino = irq_table[data->irq].dev_ino;
2141 +-
2142 + err = sun4v_vintr_set_target(dev_handle, dev_ino, cpuid);
2143 + if (err != HV_EOK)
2144 + printk(KERN_ERR "sun4v_vintr_set_target(%lx,%lx,%lu): "
2145 +@@ -403,14 +532,13 @@ static void sun4v_virq_enable(struct irq_data *data)
2146 + static int sun4v_virt_set_affinity(struct irq_data *data,
2147 + const struct cpumask *mask, bool force)
2148 + {
2149 +- unsigned long cpuid, dev_handle, dev_ino;
2150 ++ unsigned long dev_handle = irq_data_to_handle(data);
2151 ++ unsigned long dev_ino = irq_data_to_ino(data);
2152 ++ unsigned long cpuid;
2153 + int err;
2154 +
2155 + cpuid = irq_choose_cpu(data->irq, mask);
2156 +
2157 +- dev_handle = irq_table[data->irq].dev_handle;
2158 +- dev_ino = irq_table[data->irq].dev_ino;
2159 +-
2160 + err = sun4v_vintr_set_target(dev_handle, dev_ino, cpuid);
2161 + if (err != HV_EOK)
2162 + printk(KERN_ERR "sun4v_vintr_set_target(%lx,%lx,%lu): "
2163 +@@ -422,11 +550,10 @@ static int sun4v_virt_set_affinity(struct irq_data *data,
2164 +
2165 + static void sun4v_virq_disable(struct irq_data *data)
2166 + {
2167 +- unsigned long dev_handle, dev_ino;
2168 ++ unsigned long dev_handle = irq_data_to_handle(data);
2169 ++ unsigned long dev_ino = irq_data_to_ino(data);
2170 + int err;
2171 +
2172 +- dev_handle = irq_table[data->irq].dev_handle;
2173 +- dev_ino = irq_table[data->irq].dev_ino;
2174 +
2175 + err = sun4v_vintr_set_valid(dev_handle, dev_ino,
2176 + HV_INTR_DISABLED);
2177 +@@ -438,12 +565,10 @@ static void sun4v_virq_disable(struct irq_data *data)
2178 +
2179 + static void sun4v_virq_eoi(struct irq_data *data)
2180 + {
2181 +- unsigned long dev_handle, dev_ino;
2182 ++ unsigned long dev_handle = irq_data_to_handle(data);
2183 ++ unsigned long dev_ino = irq_data_to_ino(data);
2184 + int err;
2185 +
2186 +- dev_handle = irq_table[data->irq].dev_handle;
2187 +- dev_ino = irq_table[data->irq].dev_ino;
2188 +-
2189 + err = sun4v_vintr_set_state(dev_handle, dev_ino,
2190 + HV_INTR_STATE_IDLE);
2191 + if (err != HV_EOK)
2192 +@@ -479,31 +604,10 @@ static struct irq_chip sun4v_virq = {
2193 + .flags = IRQCHIP_EOI_IF_HANDLED,
2194 + };
2195 +
2196 +-static void pre_flow_handler(struct irq_data *d)
2197 +-{
2198 +- struct irq_handler_data *handler_data = irq_data_get_irq_handler_data(d);
2199 +- unsigned int ino = irq_table[d->irq].dev_ino;
2200 +-
2201 +- handler_data->pre_handler(ino, handler_data->arg1, handler_data->arg2);
2202 +-}
2203 +-
2204 +-void irq_install_pre_handler(int irq,
2205 +- void (*func)(unsigned int, void *, void *),
2206 +- void *arg1, void *arg2)
2207 +-{
2208 +- struct irq_handler_data *handler_data = irq_get_handler_data(irq);
2209 +-
2210 +- handler_data->pre_handler = func;
2211 +- handler_data->arg1 = arg1;
2212 +- handler_data->arg2 = arg2;
2213 +-
2214 +- __irq_set_preflow_handler(irq, pre_flow_handler);
2215 +-}
2216 +-
2217 + unsigned int build_irq(int inofixup, unsigned long iclr, unsigned long imap)
2218 + {
2219 +- struct ino_bucket *bucket;
2220 + struct irq_handler_data *handler_data;
2221 ++ struct ino_bucket *bucket;
2222 + unsigned int irq;
2223 + int ino;
2224 +
2225 +@@ -537,119 +641,166 @@ out:
2226 + return irq;
2227 + }
2228 +
2229 +-static unsigned int sun4v_build_common(unsigned long sysino,
2230 +- struct irq_chip *chip)
2231 ++static unsigned int sun4v_build_common(u32 devhandle, unsigned int devino,
2232 ++ void (*handler_data_init)(struct irq_handler_data *data,
2233 ++ u32 devhandle, unsigned int devino),
2234 ++ struct irq_chip *chip)
2235 + {
2236 +- struct ino_bucket *bucket;
2237 +- struct irq_handler_data *handler_data;
2238 ++ struct irq_handler_data *data;
2239 + unsigned int irq;
2240 +
2241 +- BUG_ON(tlb_type != hypervisor);
2242 ++ irq = irq_alloc(devhandle, devino);
2243 ++ if (!irq)
2244 ++ goto out;
2245 +
2246 +- bucket = &ivector_table[sysino];
2247 +- irq = bucket_get_irq(__pa(bucket));
2248 +- if (!irq) {
2249 +- irq = irq_alloc(0, sysino);
2250 +- bucket_set_irq(__pa(bucket), irq);
2251 +- irq_set_chip_and_handler_name(irq, chip, handle_fasteoi_irq,
2252 +- "IVEC");
2253 ++ data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2254 ++ if (unlikely(!data)) {
2255 ++ pr_err("IRQ handler data allocation failed.\n");
2256 ++ irq_free(irq);
2257 ++ irq = 0;
2258 ++ goto out;
2259 + }
2260 +
2261 +- handler_data = irq_get_handler_data(irq);
2262 +- if (unlikely(handler_data))
2263 +- goto out;
2264 ++ irq_set_handler_data(irq, data);
2265 ++ handler_data_init(data, devhandle, devino);
2266 ++ irq_set_chip_and_handler_name(irq, chip, handle_fasteoi_irq, "IVEC");
2267 ++ data->imap = ~0UL;
2268 ++ data->iclr = ~0UL;
2269 ++out:
2270 ++ return irq;
2271 ++}
2272 +
2273 +- handler_data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2274 +- if (unlikely(!handler_data)) {
2275 +- prom_printf("IRQ: kzalloc(irq_handler_data) failed.\n");
2276 +- prom_halt();
2277 +- }
2278 +- irq_set_handler_data(irq, handler_data);
2279 ++static unsigned long cookie_assign(unsigned int irq, u32 devhandle,
2280 ++ unsigned int devino)
2281 ++{
2282 ++ struct irq_handler_data *ihd = irq_get_handler_data(irq);
2283 ++ unsigned long hv_error, cookie;
2284 +
2285 +- /* Catch accidental accesses to these things. IMAP/ICLR handling
2286 +- * is done by hypervisor calls on sun4v platforms, not by direct
2287 +- * register accesses.
2288 ++ /* handler_irq needs to find the irq. cookie is seen signed in
2289 ++ * sun4v_dev_mondo and treated as a non ivector_table delivery.
2290 + */
2291 +- handler_data->imap = ~0UL;
2292 +- handler_data->iclr = ~0UL;
2293 ++ ihd->bucket.__irq = irq;
2294 ++ cookie = ~__pa(&ihd->bucket);
2295 +
2296 +-out:
2297 +- return irq;
2298 ++ hv_error = sun4v_vintr_set_cookie(devhandle, devino, cookie);
2299 ++ if (hv_error)
2300 ++ pr_err("HV vintr set cookie failed = %ld\n", hv_error);
2301 ++
2302 ++ return hv_error;
2303 + }
2304 +
2305 +-unsigned int sun4v_build_irq(u32 devhandle, unsigned int devino)
2306 ++static void cookie_handler_data(struct irq_handler_data *data,
2307 ++ u32 devhandle, unsigned int devino)
2308 + {
2309 +- unsigned long sysino = sun4v_devino_to_sysino(devhandle, devino);
2310 ++ data->dev_handle = devhandle;
2311 ++ data->dev_ino = devino;
2312 ++}
2313 +
2314 +- return sun4v_build_common(sysino, &sun4v_irq);
2315 ++static unsigned int cookie_build_irq(u32 devhandle, unsigned int devino,
2316 ++ struct irq_chip *chip)
2317 ++{
2318 ++ unsigned long hv_error;
2319 ++ unsigned int irq;
2320 ++
2321 ++ irq = sun4v_build_common(devhandle, devino, cookie_handler_data, chip);
2322 ++
2323 ++ hv_error = cookie_assign(irq, devhandle, devino);
2324 ++ if (hv_error) {
2325 ++ irq_free(irq);
2326 ++ irq = 0;
2327 ++ }
2328 ++
2329 ++ return irq;
2330 + }
2331 +
2332 +-unsigned int sun4v_build_virq(u32 devhandle, unsigned int devino)
2333 ++static unsigned int sun4v_build_cookie(u32 devhandle, unsigned int devino)
2334 + {
2335 +- struct irq_handler_data *handler_data;
2336 +- unsigned long hv_err, cookie;
2337 +- struct ino_bucket *bucket;
2338 + unsigned int irq;
2339 +
2340 +- bucket = kzalloc(sizeof(struct ino_bucket), GFP_ATOMIC);
2341 +- if (unlikely(!bucket))
2342 +- return 0;
2343 ++ irq = cookie_exists(devhandle, devino);
2344 ++ if (irq)
2345 ++ goto out;
2346 +
2347 +- /* The only reference we store to the IRQ bucket is
2348 +- * by physical address which kmemleak can't see, tell
2349 +- * it that this object explicitly is not a leak and
2350 +- * should be scanned.
2351 +- */
2352 +- kmemleak_not_leak(bucket);
2353 ++ irq = cookie_build_irq(devhandle, devino, &sun4v_virq);
2354 +
2355 +- __flush_dcache_range((unsigned long) bucket,
2356 +- ((unsigned long) bucket +
2357 +- sizeof(struct ino_bucket)));
2358 ++out:
2359 ++ return irq;
2360 ++}
2361 +
2362 +- irq = irq_alloc(devhandle, devino);
2363 ++static void sysino_set_bucket(unsigned int irq)
2364 ++{
2365 ++ struct irq_handler_data *ihd = irq_get_handler_data(irq);
2366 ++ struct ino_bucket *bucket;
2367 ++ unsigned long sysino;
2368 ++
2369 ++ sysino = sun4v_devino_to_sysino(ihd->dev_handle, ihd->dev_ino);
2370 ++ BUG_ON(sysino >= nr_ivec);
2371 ++ bucket = &ivector_table[sysino];
2372 + bucket_set_irq(__pa(bucket), irq);
2373 ++}
2374 +
2375 +- irq_set_chip_and_handler_name(irq, &sun4v_virq, handle_fasteoi_irq,
2376 +- "IVEC");
2377 ++static void sysino_handler_data(struct irq_handler_data *data,
2378 ++ u32 devhandle, unsigned int devino)
2379 ++{
2380 ++ unsigned long sysino;
2381 +
2382 +- handler_data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2383 +- if (unlikely(!handler_data))
2384 +- return 0;
2385 ++ sysino = sun4v_devino_to_sysino(devhandle, devino);
2386 ++ data->sysino = sysino;
2387 ++}
2388 +
2389 +- /* In order to make the LDC channel startup sequence easier,
2390 +- * especially wrt. locking, we do not let request_irq() enable
2391 +- * the interrupt.
2392 +- */
2393 +- irq_set_status_flags(irq, IRQ_NOAUTOEN);
2394 +- irq_set_handler_data(irq, handler_data);
2395 ++static unsigned int sysino_build_irq(u32 devhandle, unsigned int devino,
2396 ++ struct irq_chip *chip)
2397 ++{
2398 ++ unsigned int irq;
2399 +
2400 +- /* Catch accidental accesses to these things. IMAP/ICLR handling
2401 +- * is done by hypervisor calls on sun4v platforms, not by direct
2402 +- * register accesses.
2403 +- */
2404 +- handler_data->imap = ~0UL;
2405 +- handler_data->iclr = ~0UL;
2406 ++ irq = sun4v_build_common(devhandle, devino, sysino_handler_data, chip);
2407 ++ if (!irq)
2408 ++ goto out;
2409 +
2410 +- cookie = ~__pa(bucket);
2411 +- hv_err = sun4v_vintr_set_cookie(devhandle, devino, cookie);
2412 +- if (hv_err) {
2413 +- prom_printf("IRQ: Fatal, cannot set cookie for [%x:%x] "
2414 +- "err=%lu\n", devhandle, devino, hv_err);
2415 +- prom_halt();
2416 +- }
2417 ++ sysino_set_bucket(irq);
2418 ++out:
2419 ++ return irq;
2420 ++}
2421 +
2422 ++static int sun4v_build_sysino(u32 devhandle, unsigned int devino)
2423 ++{
2424 ++ int irq;
2425 ++
2426 ++ irq = sysino_exists(devhandle, devino);
2427 ++ if (irq)
2428 ++ goto out;
2429 ++
2430 ++ irq = sysino_build_irq(devhandle, devino, &sun4v_irq);
2431 ++out:
2432 + return irq;
2433 + }
2434 +
2435 +-void ack_bad_irq(unsigned int irq)
2436 ++unsigned int sun4v_build_irq(u32 devhandle, unsigned int devino)
2437 + {
2438 +- unsigned int ino = irq_table[irq].dev_ino;
2439 ++ unsigned int irq;
2440 +
2441 +- if (!ino)
2442 +- ino = 0xdeadbeef;
2443 ++ if (sun4v_cookie_only_virqs())
2444 ++ irq = sun4v_build_cookie(devhandle, devino);
2445 ++ else
2446 ++ irq = sun4v_build_sysino(devhandle, devino);
2447 +
2448 +- printk(KERN_CRIT "Unexpected IRQ from ino[%x] irq[%u]\n",
2449 +- ino, irq);
2450 ++ return irq;
2451 ++}
2452 ++
2453 ++unsigned int sun4v_build_virq(u32 devhandle, unsigned int devino)
2454 ++{
2455 ++ int irq;
2456 ++
2457 ++ irq = cookie_build_irq(devhandle, devino, &sun4v_virq);
2458 ++ if (!irq)
2459 ++ goto out;
2460 ++
2461 ++ /* This is borrowed from the original function.
2462 ++ */
2463 ++ irq_set_status_flags(irq, IRQ_NOAUTOEN);
2464 ++
2465 ++out:
2466 ++ return irq;
2467 + }
2468 +
2469 + void *hardirq_stack[NR_CPUS];
2470 +@@ -720,9 +871,12 @@ void fixup_irqs(void)
2471 +
2472 + for (irq = 0; irq < NR_IRQS; irq++) {
2473 + struct irq_desc *desc = irq_to_desc(irq);
2474 +- struct irq_data *data = irq_desc_get_irq_data(desc);
2475 ++ struct irq_data *data;
2476 + unsigned long flags;
2477 +
2478 ++ if (!desc)
2479 ++ continue;
2480 ++ data = irq_desc_get_irq_data(desc);
2481 + raw_spin_lock_irqsave(&desc->lock, flags);
2482 + if (desc->action && !irqd_is_per_cpu(data)) {
2483 + if (data->chip->irq_set_affinity)
2484 +@@ -922,16 +1076,22 @@ static struct irqaction timer_irq_action = {
2485 + .name = "timer",
2486 + };
2487 +
2488 +-/* Only invoked on boot processor. */
2489 +-void __init init_IRQ(void)
2490 ++static void __init irq_ivector_init(void)
2491 + {
2492 +- unsigned long size;
2493 ++ unsigned long size, order;
2494 ++ unsigned int ivecs;
2495 +
2496 +- map_prom_timers();
2497 +- kill_prom_timer();
2498 ++ /* If we are doing cookie only VIRQs then we do not need the ivector
2499 ++ * table to process interrupts.
2500 ++ */
2501 ++ if (sun4v_cookie_only_virqs())
2502 ++ return;
2503 +
2504 +- size = sizeof(struct ino_bucket) * NUM_IVECS;
2505 +- ivector_table = kzalloc(size, GFP_KERNEL);
2506 ++ ivecs = size_nr_ivec();
2507 ++ size = sizeof(struct ino_bucket) * ivecs;
2508 ++ order = get_order(size);
2509 ++ ivector_table = (struct ino_bucket *)
2510 ++ __get_free_pages(GFP_KERNEL | __GFP_ZERO, order);
2511 + if (!ivector_table) {
2512 + prom_printf("Fatal error, cannot allocate ivector_table\n");
2513 + prom_halt();
2514 +@@ -940,6 +1100,15 @@ void __init init_IRQ(void)
2515 + ((unsigned long) ivector_table) + size);
2516 +
2517 + ivector_table_pa = __pa(ivector_table);
2518 ++}
2519 ++
2520 ++/* Only invoked on boot processor.*/
2521 ++void __init init_IRQ(void)
2522 ++{
2523 ++ irq_init_hv();
2524 ++ irq_ivector_init();
2525 ++ map_prom_timers();
2526 ++ kill_prom_timer();
2527 +
2528 + if (tlb_type == hypervisor)
2529 + sun4v_init_mondo_queues();
2530 +diff --git a/arch/sparc/kernel/ktlb.S b/arch/sparc/kernel/ktlb.S
2531 +index 605d49204580..ef0d8e9e1210 100644
2532 +--- a/arch/sparc/kernel/ktlb.S
2533 ++++ b/arch/sparc/kernel/ktlb.S
2534 +@@ -47,14 +47,6 @@ kvmap_itlb_vmalloc_addr:
2535 + KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_itlb_longpath)
2536 +
2537 + TSB_LOCK_TAG(%g1, %g2, %g7)
2538 +-
2539 +- /* Load and check PTE. */
2540 +- ldxa [%g5] ASI_PHYS_USE_EC, %g5
2541 +- mov 1, %g7
2542 +- sllx %g7, TSB_TAG_INVALID_BIT, %g7
2543 +- brgez,a,pn %g5, kvmap_itlb_longpath
2544 +- TSB_STORE(%g1, %g7)
2545 +-
2546 + TSB_WRITE(%g1, %g5, %g6)
2547 +
2548 + /* fallthrough to TLB load */
2549 +@@ -118,6 +110,12 @@ kvmap_dtlb_obp:
2550 + ba,pt %xcc, kvmap_dtlb_load
2551 + nop
2552 +
2553 ++kvmap_linear_early:
2554 ++ sethi %hi(kern_linear_pte_xor), %g7
2555 ++ ldx [%g7 + %lo(kern_linear_pte_xor)], %g2
2556 ++ ba,pt %xcc, kvmap_dtlb_tsb4m_load
2557 ++ xor %g2, %g4, %g5
2558 ++
2559 + .align 32
2560 + kvmap_dtlb_tsb4m_load:
2561 + TSB_LOCK_TAG(%g1, %g2, %g7)
2562 +@@ -146,105 +144,17 @@ kvmap_dtlb_4v:
2563 + /* Correct TAG_TARGET is already in %g6, check 4mb TSB. */
2564 + KERN_TSB4M_LOOKUP_TL1(%g6, %g5, %g1, %g2, %g3, kvmap_dtlb_load)
2565 + #endif
2566 +- /* TSB entry address left in %g1, lookup linear PTE.
2567 +- * Must preserve %g1 and %g6 (TAG).
2568 +- */
2569 +-kvmap_dtlb_tsb4m_miss:
2570 +- /* Clear the PAGE_OFFSET top virtual bits, shift
2571 +- * down to get PFN, and make sure PFN is in range.
2572 +- */
2573 +-661: sllx %g4, 0, %g5
2574 +- .section .page_offset_shift_patch, "ax"
2575 +- .word 661b
2576 +- .previous
2577 +-
2578 +- /* Check to see if we know about valid memory at the 4MB
2579 +- * chunk this physical address will reside within.
2580 ++ /* Linear mapping TSB lookup failed. Fallthrough to kernel
2581 ++ * page table based lookup.
2582 + */
2583 +-661: srlx %g5, MAX_PHYS_ADDRESS_BITS, %g2
2584 +- .section .page_offset_shift_patch, "ax"
2585 +- .word 661b
2586 +- .previous
2587 +-
2588 +- brnz,pn %g2, kvmap_dtlb_longpath
2589 +- nop
2590 +-
2591 +- /* This unconditional branch and delay-slot nop gets patched
2592 +- * by the sethi sequence once the bitmap is properly setup.
2593 +- */
2594 +- .globl valid_addr_bitmap_insn
2595 +-valid_addr_bitmap_insn:
2596 +- ba,pt %xcc, 2f
2597 +- nop
2598 +- .subsection 2
2599 +- .globl valid_addr_bitmap_patch
2600 +-valid_addr_bitmap_patch:
2601 +- sethi %hi(sparc64_valid_addr_bitmap), %g7
2602 +- or %g7, %lo(sparc64_valid_addr_bitmap), %g7
2603 +- .previous
2604 +-
2605 +-661: srlx %g5, ILOG2_4MB, %g2
2606 +- .section .page_offset_shift_patch, "ax"
2607 +- .word 661b
2608 +- .previous
2609 +-
2610 +- srlx %g2, 6, %g5
2611 +- and %g2, 63, %g2
2612 +- sllx %g5, 3, %g5
2613 +- ldx [%g7 + %g5], %g5
2614 +- mov 1, %g7
2615 +- sllx %g7, %g2, %g7
2616 +- andcc %g5, %g7, %g0
2617 +- be,pn %xcc, kvmap_dtlb_longpath
2618 +-
2619 +-2: sethi %hi(kpte_linear_bitmap), %g2
2620 +-
2621 +- /* Get the 256MB physical address index. */
2622 +-661: sllx %g4, 0, %g5
2623 +- .section .page_offset_shift_patch, "ax"
2624 +- .word 661b
2625 +- .previous
2626 +-
2627 +- or %g2, %lo(kpte_linear_bitmap), %g2
2628 +-
2629 +-661: srlx %g5, ILOG2_256MB, %g5
2630 +- .section .page_offset_shift_patch, "ax"
2631 +- .word 661b
2632 +- .previous
2633 +-
2634 +- and %g5, (32 - 1), %g7
2635 +-
2636 +- /* Divide by 32 to get the offset into the bitmask. */
2637 +- srlx %g5, 5, %g5
2638 +- add %g7, %g7, %g7
2639 +- sllx %g5, 3, %g5
2640 +-
2641 +- /* kern_linear_pte_xor[(mask >> shift) & 3)] */
2642 +- ldx [%g2 + %g5], %g2
2643 +- srlx %g2, %g7, %g7
2644 +- sethi %hi(kern_linear_pte_xor), %g5
2645 +- and %g7, 3, %g7
2646 +- or %g5, %lo(kern_linear_pte_xor), %g5
2647 +- sllx %g7, 3, %g7
2648 +- ldx [%g5 + %g7], %g2
2649 +-
2650 + .globl kvmap_linear_patch
2651 + kvmap_linear_patch:
2652 +- ba,pt %xcc, kvmap_dtlb_tsb4m_load
2653 +- xor %g2, %g4, %g5
2654 ++ ba,a,pt %xcc, kvmap_linear_early
2655 +
2656 + kvmap_dtlb_vmalloc_addr:
2657 + KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_dtlb_longpath)
2658 +
2659 + TSB_LOCK_TAG(%g1, %g2, %g7)
2660 +-
2661 +- /* Load and check PTE. */
2662 +- ldxa [%g5] ASI_PHYS_USE_EC, %g5
2663 +- mov 1, %g7
2664 +- sllx %g7, TSB_TAG_INVALID_BIT, %g7
2665 +- brgez,a,pn %g5, kvmap_dtlb_longpath
2666 +- TSB_STORE(%g1, %g7)
2667 +-
2668 + TSB_WRITE(%g1, %g5, %g6)
2669 +
2670 + /* fallthrough to TLB load */
2671 +@@ -276,13 +186,8 @@ kvmap_dtlb_load:
2672 +
2673 + #ifdef CONFIG_SPARSEMEM_VMEMMAP
2674 + kvmap_vmemmap:
2675 +- sub %g4, %g5, %g5
2676 +- srlx %g5, ILOG2_4MB, %g5
2677 +- sethi %hi(vmemmap_table), %g1
2678 +- sllx %g5, 3, %g5
2679 +- or %g1, %lo(vmemmap_table), %g1
2680 +- ba,pt %xcc, kvmap_dtlb_load
2681 +- ldx [%g1 + %g5], %g5
2682 ++ KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_dtlb_longpath)
2683 ++ ba,a,pt %xcc, kvmap_dtlb_load
2684 + #endif
2685 +
2686 + kvmap_dtlb_nonlinear:
2687 +@@ -294,8 +199,8 @@ kvmap_dtlb_nonlinear:
2688 +
2689 + #ifdef CONFIG_SPARSEMEM_VMEMMAP
2690 + /* Do not use the TSB for vmemmap. */
2691 +- mov (VMEMMAP_BASE >> 40), %g5
2692 +- sllx %g5, 40, %g5
2693 ++ sethi %hi(VMEMMAP_BASE), %g5
2694 ++ ldx [%g5 + %lo(VMEMMAP_BASE)], %g5
2695 + cmp %g4,%g5
2696 + bgeu,pn %xcc, kvmap_vmemmap
2697 + nop
2698 +@@ -307,8 +212,8 @@ kvmap_dtlb_tsbmiss:
2699 + sethi %hi(MODULES_VADDR), %g5
2700 + cmp %g4, %g5
2701 + blu,pn %xcc, kvmap_dtlb_longpath
2702 +- mov (VMALLOC_END >> 40), %g5
2703 +- sllx %g5, 40, %g5
2704 ++ sethi %hi(VMALLOC_END), %g5
2705 ++ ldx [%g5 + %lo(VMALLOC_END)], %g5
2706 + cmp %g4, %g5
2707 + bgeu,pn %xcc, kvmap_dtlb_longpath
2708 + nop
2709 +diff --git a/arch/sparc/kernel/ldc.c b/arch/sparc/kernel/ldc.c
2710 +index 66dacd56bb10..27bb55485472 100644
2711 +--- a/arch/sparc/kernel/ldc.c
2712 ++++ b/arch/sparc/kernel/ldc.c
2713 +@@ -1078,7 +1078,8 @@ static void ldc_iommu_release(struct ldc_channel *lp)
2714 +
2715 + struct ldc_channel *ldc_alloc(unsigned long id,
2716 + const struct ldc_channel_config *cfgp,
2717 +- void *event_arg)
2718 ++ void *event_arg,
2719 ++ const char *name)
2720 + {
2721 + struct ldc_channel *lp;
2722 + const struct ldc_mode_ops *mops;
2723 +@@ -1093,6 +1094,8 @@ struct ldc_channel *ldc_alloc(unsigned long id,
2724 + err = -EINVAL;
2725 + if (!cfgp)
2726 + goto out_err;
2727 ++ if (!name)
2728 ++ goto out_err;
2729 +
2730 + switch (cfgp->mode) {
2731 + case LDC_MODE_RAW:
2732 +@@ -1185,6 +1188,21 @@ struct ldc_channel *ldc_alloc(unsigned long id,
2733 +
2734 + INIT_HLIST_HEAD(&lp->mh_list);
2735 +
2736 ++ snprintf(lp->rx_irq_name, LDC_IRQ_NAME_MAX, "%s RX", name);
2737 ++ snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name);
2738 ++
2739 ++ err = request_irq(lp->cfg.rx_irq, ldc_rx, 0,
2740 ++ lp->rx_irq_name, lp);
2741 ++ if (err)
2742 ++ goto out_free_txq;
2743 ++
2744 ++ err = request_irq(lp->cfg.tx_irq, ldc_tx, 0,
2745 ++ lp->tx_irq_name, lp);
2746 ++ if (err) {
2747 ++ free_irq(lp->cfg.rx_irq, lp);
2748 ++ goto out_free_txq;
2749 ++ }
2750 ++
2751 + return lp;
2752 +
2753 + out_free_txq:
2754 +@@ -1237,31 +1255,14 @@ EXPORT_SYMBOL(ldc_free);
2755 + * state. This does not initiate a handshake, ldc_connect() does
2756 + * that.
2757 + */
2758 +-int ldc_bind(struct ldc_channel *lp, const char *name)
2759 ++int ldc_bind(struct ldc_channel *lp)
2760 + {
2761 + unsigned long hv_err, flags;
2762 + int err = -EINVAL;
2763 +
2764 +- if (!name ||
2765 +- (lp->state != LDC_STATE_INIT))
2766 ++ if (lp->state != LDC_STATE_INIT)
2767 + return -EINVAL;
2768 +
2769 +- snprintf(lp->rx_irq_name, LDC_IRQ_NAME_MAX, "%s RX", name);
2770 +- snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name);
2771 +-
2772 +- err = request_irq(lp->cfg.rx_irq, ldc_rx, 0,
2773 +- lp->rx_irq_name, lp);
2774 +- if (err)
2775 +- return err;
2776 +-
2777 +- err = request_irq(lp->cfg.tx_irq, ldc_tx, 0,
2778 +- lp->tx_irq_name, lp);
2779 +- if (err) {
2780 +- free_irq(lp->cfg.rx_irq, lp);
2781 +- return err;
2782 +- }
2783 +-
2784 +-
2785 + spin_lock_irqsave(&lp->lock, flags);
2786 +
2787 + enable_irq(lp->cfg.rx_irq);
2788 +diff --git a/arch/sparc/kernel/nmi.c b/arch/sparc/kernel/nmi.c
2789 +index 337094556916..5b1151dcba13 100644
2790 +--- a/arch/sparc/kernel/nmi.c
2791 ++++ b/arch/sparc/kernel/nmi.c
2792 +@@ -130,7 +130,6 @@ static inline unsigned int get_nmi_count(int cpu)
2793 +
2794 + static __init void nmi_cpu_busy(void *data)
2795 + {
2796 +- local_irq_enable_in_hardirq();
2797 + while (endflag == 0)
2798 + mb();
2799 + }
2800 +diff --git a/arch/sparc/kernel/pcr.c b/arch/sparc/kernel/pcr.c
2801 +index 269af58497aa..7e967c8018c8 100644
2802 +--- a/arch/sparc/kernel/pcr.c
2803 ++++ b/arch/sparc/kernel/pcr.c
2804 +@@ -191,12 +191,41 @@ static const struct pcr_ops n4_pcr_ops = {
2805 + .pcr_nmi_disable = PCR_N4_PICNPT,
2806 + };
2807 +
2808 ++static u64 n5_pcr_read(unsigned long reg_num)
2809 ++{
2810 ++ unsigned long val;
2811 ++
2812 ++ (void) sun4v_t5_get_perfreg(reg_num, &val);
2813 ++
2814 ++ return val;
2815 ++}
2816 ++
2817 ++static void n5_pcr_write(unsigned long reg_num, u64 val)
2818 ++{
2819 ++ (void) sun4v_t5_set_perfreg(reg_num, val);
2820 ++}
2821 ++
2822 ++static const struct pcr_ops n5_pcr_ops = {
2823 ++ .read_pcr = n5_pcr_read,
2824 ++ .write_pcr = n5_pcr_write,
2825 ++ .read_pic = n4_pic_read,
2826 ++ .write_pic = n4_pic_write,
2827 ++ .nmi_picl_value = n4_picl_value,
2828 ++ .pcr_nmi_enable = (PCR_N4_PICNPT | PCR_N4_STRACE |
2829 ++ PCR_N4_UTRACE | PCR_N4_TOE |
2830 ++ (26 << PCR_N4_SL_SHIFT)),
2831 ++ .pcr_nmi_disable = PCR_N4_PICNPT,
2832 ++};
2833 ++
2834 ++
2835 + static unsigned long perf_hsvc_group;
2836 + static unsigned long perf_hsvc_major;
2837 + static unsigned long perf_hsvc_minor;
2838 +
2839 + static int __init register_perf_hsvc(void)
2840 + {
2841 ++ unsigned long hverror;
2842 ++
2843 + if (tlb_type == hypervisor) {
2844 + switch (sun4v_chip_type) {
2845 + case SUN4V_CHIP_NIAGARA1:
2846 +@@ -215,6 +244,10 @@ static int __init register_perf_hsvc(void)
2847 + perf_hsvc_group = HV_GRP_VT_CPU;
2848 + break;
2849 +
2850 ++ case SUN4V_CHIP_NIAGARA5:
2851 ++ perf_hsvc_group = HV_GRP_T5_CPU;
2852 ++ break;
2853 ++
2854 + default:
2855 + return -ENODEV;
2856 + }
2857 +@@ -222,10 +255,12 @@ static int __init register_perf_hsvc(void)
2858 +
2859 + perf_hsvc_major = 1;
2860 + perf_hsvc_minor = 0;
2861 +- if (sun4v_hvapi_register(perf_hsvc_group,
2862 +- perf_hsvc_major,
2863 +- &perf_hsvc_minor)) {
2864 +- printk("perfmon: Could not register hvapi.\n");
2865 ++ hverror = sun4v_hvapi_register(perf_hsvc_group,
2866 ++ perf_hsvc_major,
2867 ++ &perf_hsvc_minor);
2868 ++ if (hverror) {
2869 ++ pr_err("perfmon: Could not register hvapi(0x%lx).\n",
2870 ++ hverror);
2871 + return -ENODEV;
2872 + }
2873 + }
2874 +@@ -254,6 +289,10 @@ static int __init setup_sun4v_pcr_ops(void)
2875 + pcr_ops = &n4_pcr_ops;
2876 + break;
2877 +
2878 ++ case SUN4V_CHIP_NIAGARA5:
2879 ++ pcr_ops = &n5_pcr_ops;
2880 ++ break;
2881 ++
2882 + default:
2883 + ret = -ENODEV;
2884 + break;
2885 +diff --git a/arch/sparc/kernel/perf_event.c b/arch/sparc/kernel/perf_event.c
2886 +index 8efd33753ad3..c9759ad3f34a 100644
2887 +--- a/arch/sparc/kernel/perf_event.c
2888 ++++ b/arch/sparc/kernel/perf_event.c
2889 +@@ -1662,7 +1662,8 @@ static bool __init supported_pmu(void)
2890 + sparc_pmu = &niagara2_pmu;
2891 + return true;
2892 + }
2893 +- if (!strcmp(sparc_pmu_type, "niagara4")) {
2894 ++ if (!strcmp(sparc_pmu_type, "niagara4") ||
2895 ++ !strcmp(sparc_pmu_type, "niagara5")) {
2896 + sparc_pmu = &niagara4_pmu;
2897 + return true;
2898 + }
2899 +@@ -1671,9 +1672,12 @@ static bool __init supported_pmu(void)
2900 +
2901 + static int __init init_hw_perf_events(void)
2902 + {
2903 ++ int err;
2904 ++
2905 + pr_info("Performance events: ");
2906 +
2907 +- if (!supported_pmu()) {
2908 ++ err = pcr_arch_init();
2909 ++ if (err || !supported_pmu()) {
2910 + pr_cont("No support for PMU type '%s'\n", sparc_pmu_type);
2911 + return 0;
2912 + }
2913 +@@ -1685,7 +1689,7 @@ static int __init init_hw_perf_events(void)
2914 +
2915 + return 0;
2916 + }
2917 +-early_initcall(init_hw_perf_events);
2918 ++pure_initcall(init_hw_perf_events);
2919 +
2920 + void perf_callchain_kernel(struct perf_callchain_entry *entry,
2921 + struct pt_regs *regs)
2922 +diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
2923 +index 027e09986194..0be7bf978cb1 100644
2924 +--- a/arch/sparc/kernel/process_64.c
2925 ++++ b/arch/sparc/kernel/process_64.c
2926 +@@ -312,6 +312,9 @@ static void __global_pmu_self(int this_cpu)
2927 + struct global_pmu_snapshot *pp;
2928 + int i, num;
2929 +
2930 ++ if (!pcr_ops)
2931 ++ return;
2932 ++
2933 + pp = &global_cpu_snapshot[this_cpu].pmu;
2934 +
2935 + num = 1;
2936 +diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
2937 +index 3fdb455e3318..61a519808cb7 100644
2938 +--- a/arch/sparc/kernel/setup_64.c
2939 ++++ b/arch/sparc/kernel/setup_64.c
2940 +@@ -30,6 +30,7 @@
2941 + #include <linux/cpu.h>
2942 + #include <linux/initrd.h>
2943 + #include <linux/module.h>
2944 ++#include <linux/start_kernel.h>
2945 +
2946 + #include <asm/io.h>
2947 + #include <asm/processor.h>
2948 +@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
2949 +
2950 + static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
2951 +
2952 +-void __init per_cpu_patch(void)
2953 ++static void __init per_cpu_patch(void)
2954 + {
2955 + struct cpuid_patch_entry *p;
2956 + unsigned long ver;
2957 +@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
2958 + }
2959 + }
2960 +
2961 +-void __init sun4v_patch(void)
2962 ++static void __init sun4v_patch(void)
2963 + {
2964 + extern void sun4v_hvapi_init(void);
2965 +
2966 +@@ -335,14 +336,25 @@ static void __init pause_patch(void)
2967 + }
2968 + }
2969 +
2970 +-#ifdef CONFIG_SMP
2971 +-void __init boot_cpu_id_too_large(int cpu)
2972 ++void __init start_early_boot(void)
2973 + {
2974 +- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
2975 +- cpu, NR_CPUS);
2976 +- prom_halt();
2977 ++ int cpu;
2978 ++
2979 ++ check_if_starfire();
2980 ++ per_cpu_patch();
2981 ++ sun4v_patch();
2982 ++
2983 ++ cpu = hard_smp_processor_id();
2984 ++ if (cpu >= NR_CPUS) {
2985 ++ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
2986 ++ cpu, NR_CPUS);
2987 ++ prom_halt();
2988 ++ }
2989 ++ current_thread_info()->cpu = cpu;
2990 ++
2991 ++ prom_init_report();
2992 ++ start_kernel();
2993 + }
2994 +-#endif
2995 +
2996 + /* On Ultra, we support all of the v8 capabilities. */
2997 + unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
2998 +@@ -500,12 +512,16 @@ static void __init init_sparc64_elf_hwcap(void)
2999 + sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
3000 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
3001 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
3002 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
3003 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
3004 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
3005 + cap |= HWCAP_SPARC_BLKINIT;
3006 + if (sun4v_chip_type == SUN4V_CHIP_NIAGARA2 ||
3007 + sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
3008 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
3009 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
3010 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
3011 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
3012 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
3013 + cap |= HWCAP_SPARC_N2;
3014 + }
3015 +@@ -533,6 +549,8 @@ static void __init init_sparc64_elf_hwcap(void)
3016 + sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
3017 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
3018 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
3019 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
3020 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
3021 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
3022 + cap |= (AV_SPARC_VIS | AV_SPARC_VIS2 |
3023 + AV_SPARC_ASI_BLK_INIT |
3024 +@@ -540,6 +558,8 @@ static void __init init_sparc64_elf_hwcap(void)
3025 + if (sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
3026 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
3027 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
3028 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
3029 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
3030 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
3031 + cap |= (AV_SPARC_VIS3 | AV_SPARC_HPC |
3032 + AV_SPARC_FMAF);
3033 +diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
3034 +index 41aa2478f3ca..c9300bfaee5a 100644
3035 +--- a/arch/sparc/kernel/smp_64.c
3036 ++++ b/arch/sparc/kernel/smp_64.c
3037 +@@ -1383,7 +1383,6 @@ void __cpu_die(unsigned int cpu)
3038 +
3039 + void __init smp_cpus_done(unsigned int max_cpus)
3040 + {
3041 +- pcr_arch_init();
3042 + }
3043 +
3044 + void smp_send_reschedule(int cpu)
3045 +@@ -1468,6 +1467,13 @@ static void __init pcpu_populate_pte(unsigned long addr)
3046 + pud_t *pud;
3047 + pmd_t *pmd;
3048 +
3049 ++ if (pgd_none(*pgd)) {
3050 ++ pud_t *new;
3051 ++
3052 ++ new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3053 ++ pgd_populate(&init_mm, pgd, new);
3054 ++ }
3055 ++
3056 + pud = pud_offset(pgd, addr);
3057 + if (pud_none(*pud)) {
3058 + pmd_t *new;
3059 +diff --git a/arch/sparc/kernel/sun4v_tlb_miss.S b/arch/sparc/kernel/sun4v_tlb_miss.S
3060 +index e0c09bf85610..6179e19bc9b9 100644
3061 +--- a/arch/sparc/kernel/sun4v_tlb_miss.S
3062 ++++ b/arch/sparc/kernel/sun4v_tlb_miss.S
3063 +@@ -195,6 +195,11 @@ sun4v_tsb_miss_common:
3064 + ldx [%g2 + TRAP_PER_CPU_PGD_PADDR], %g7
3065 +
3066 + sun4v_itlb_error:
3067 ++ rdpr %tl, %g1
3068 ++ cmp %g1, 1
3069 ++ ble,pt %icc, sun4v_bad_ra
3070 ++ or %g0, FAULT_CODE_BAD_RA | FAULT_CODE_ITLB, %g1
3071 ++
3072 + sethi %hi(sun4v_err_itlb_vaddr), %g1
3073 + stx %g4, [%g1 + %lo(sun4v_err_itlb_vaddr)]
3074 + sethi %hi(sun4v_err_itlb_ctx), %g1
3075 +@@ -206,15 +211,10 @@ sun4v_itlb_error:
3076 + sethi %hi(sun4v_err_itlb_error), %g1
3077 + stx %o0, [%g1 + %lo(sun4v_err_itlb_error)]
3078 +
3079 ++ sethi %hi(1f), %g7
3080 + rdpr %tl, %g4
3081 +- cmp %g4, 1
3082 +- ble,pt %icc, 1f
3083 +- sethi %hi(2f), %g7
3084 + ba,pt %xcc, etraptl1
3085 +- or %g7, %lo(2f), %g7
3086 +-
3087 +-1: ba,pt %xcc, etrap
3088 +-2: or %g7, %lo(2b), %g7
3089 ++1: or %g7, %lo(1f), %g7
3090 + mov %l4, %o1
3091 + call sun4v_itlb_error_report
3092 + add %sp, PTREGS_OFF, %o0
3093 +@@ -222,6 +222,11 @@ sun4v_itlb_error:
3094 + /* NOTREACHED */
3095 +
3096 + sun4v_dtlb_error:
3097 ++ rdpr %tl, %g1
3098 ++ cmp %g1, 1
3099 ++ ble,pt %icc, sun4v_bad_ra
3100 ++ or %g0, FAULT_CODE_BAD_RA | FAULT_CODE_DTLB, %g1
3101 ++
3102 + sethi %hi(sun4v_err_dtlb_vaddr), %g1
3103 + stx %g4, [%g1 + %lo(sun4v_err_dtlb_vaddr)]
3104 + sethi %hi(sun4v_err_dtlb_ctx), %g1
3105 +@@ -233,21 +238,23 @@ sun4v_dtlb_error:
3106 + sethi %hi(sun4v_err_dtlb_error), %g1
3107 + stx %o0, [%g1 + %lo(sun4v_err_dtlb_error)]
3108 +
3109 ++ sethi %hi(1f), %g7
3110 + rdpr %tl, %g4
3111 +- cmp %g4, 1
3112 +- ble,pt %icc, 1f
3113 +- sethi %hi(2f), %g7
3114 + ba,pt %xcc, etraptl1
3115 +- or %g7, %lo(2f), %g7
3116 +-
3117 +-1: ba,pt %xcc, etrap
3118 +-2: or %g7, %lo(2b), %g7
3119 ++1: or %g7, %lo(1f), %g7
3120 + mov %l4, %o1
3121 + call sun4v_dtlb_error_report
3122 + add %sp, PTREGS_OFF, %o0
3123 +
3124 + /* NOTREACHED */
3125 +
3126 ++sun4v_bad_ra:
3127 ++ or %g0, %g4, %g5
3128 ++ ba,pt %xcc, sparc64_realfault_common
3129 ++ or %g1, %g0, %g4
3130 ++
3131 ++ /* NOTREACHED */
3132 ++
3133 + /* Instruction Access Exception, tl0. */
3134 + sun4v_iacc:
3135 + ldxa [%g0] ASI_SCRATCHPAD, %g2
3136 +diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
3137 +index 737f8cbc7d56..88ede1d53b4c 100644
3138 +--- a/arch/sparc/kernel/trampoline_64.S
3139 ++++ b/arch/sparc/kernel/trampoline_64.S
3140 +@@ -109,10 +109,13 @@ startup_continue:
3141 + brnz,pn %g1, 1b
3142 + nop
3143 +
3144 +- sethi %hi(p1275buf), %g2
3145 +- or %g2, %lo(p1275buf), %g2
3146 +- ldx [%g2 + 0x10], %l2
3147 +- add %l2, -(192 + 128), %sp
3148 ++ /* Get onto temporary stack which will be in the locked
3149 ++ * kernel image.
3150 ++ */
3151 ++ sethi %hi(tramp_stack), %g1
3152 ++ or %g1, %lo(tramp_stack), %g1
3153 ++ add %g1, TRAMP_STACK_SIZE, %g1
3154 ++ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
3155 + flushw
3156 +
3157 + /* Setup the loop variables:
3158 +@@ -394,7 +397,6 @@ after_lock_tlb:
3159 + sllx %g5, THREAD_SHIFT, %g5
3160 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
3161 + add %g6, %g5, %sp
3162 +- mov 0, %fp
3163 +
3164 + rdpr %pstate, %o1
3165 + or %o1, PSTATE_IE, %o1
3166 +diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
3167 +index fb6640ec8557..981a769b9558 100644
3168 +--- a/arch/sparc/kernel/traps_64.c
3169 ++++ b/arch/sparc/kernel/traps_64.c
3170 +@@ -2104,6 +2104,11 @@ void sun4v_nonresum_overflow(struct pt_regs *regs)
3171 + atomic_inc(&sun4v_nonresum_oflow_cnt);
3172 + }
3173 +
3174 ++static void sun4v_tlb_error(struct pt_regs *regs)
3175 ++{
3176 ++ die_if_kernel("TLB/TSB error", regs);
3177 ++}
3178 ++
3179 + unsigned long sun4v_err_itlb_vaddr;
3180 + unsigned long sun4v_err_itlb_ctx;
3181 + unsigned long sun4v_err_itlb_pte;
3182 +@@ -2111,8 +2116,7 @@ unsigned long sun4v_err_itlb_error;
3183 +
3184 + void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
3185 + {
3186 +- if (tl > 1)
3187 +- dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3188 ++ dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3189 +
3190 + printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
3191 + regs->tpc, tl);
3192 +@@ -2125,7 +2129,7 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
3193 + sun4v_err_itlb_vaddr, sun4v_err_itlb_ctx,
3194 + sun4v_err_itlb_pte, sun4v_err_itlb_error);
3195 +
3196 +- prom_halt();
3197 ++ sun4v_tlb_error(regs);
3198 + }
3199 +
3200 + unsigned long sun4v_err_dtlb_vaddr;
3201 +@@ -2135,8 +2139,7 @@ unsigned long sun4v_err_dtlb_error;
3202 +
3203 + void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
3204 + {
3205 +- if (tl > 1)
3206 +- dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3207 ++ dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
3208 +
3209 + printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
3210 + regs->tpc, tl);
3211 +@@ -2149,7 +2152,7 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
3212 + sun4v_err_dtlb_vaddr, sun4v_err_dtlb_ctx,
3213 + sun4v_err_dtlb_pte, sun4v_err_dtlb_error);
3214 +
3215 +- prom_halt();
3216 ++ sun4v_tlb_error(regs);
3217 + }
3218 +
3219 + void hypervisor_tlbop_error(unsigned long err, unsigned long op)
3220 +diff --git a/arch/sparc/kernel/tsb.S b/arch/sparc/kernel/tsb.S
3221 +index 14158d40ba76..be98685c14c6 100644
3222 +--- a/arch/sparc/kernel/tsb.S
3223 ++++ b/arch/sparc/kernel/tsb.S
3224 +@@ -162,10 +162,10 @@ tsb_miss_page_table_walk_sun4v_fastpath:
3225 + nop
3226 + .previous
3227 +
3228 +- rdpr %tl, %g3
3229 +- cmp %g3, 1
3230 ++ rdpr %tl, %g7
3231 ++ cmp %g7, 1
3232 + bne,pn %xcc, winfix_trampoline
3233 +- nop
3234 ++ mov %g3, %g4
3235 + ba,pt %xcc, etrap
3236 + rd %pc, %g7
3237 + call hugetlb_setup
3238 +diff --git a/arch/sparc/kernel/viohs.c b/arch/sparc/kernel/viohs.c
3239 +index f8e7dd53e1c7..9c5fbd0b8a04 100644
3240 +--- a/arch/sparc/kernel/viohs.c
3241 ++++ b/arch/sparc/kernel/viohs.c
3242 +@@ -714,7 +714,7 @@ int vio_ldc_alloc(struct vio_driver_state *vio,
3243 + cfg.tx_irq = vio->vdev->tx_irq;
3244 + cfg.rx_irq = vio->vdev->rx_irq;
3245 +
3246 +- lp = ldc_alloc(vio->vdev->channel_id, &cfg, event_arg);
3247 ++ lp = ldc_alloc(vio->vdev->channel_id, &cfg, event_arg, vio->name);
3248 + if (IS_ERR(lp))
3249 + return PTR_ERR(lp);
3250 +
3251 +@@ -746,7 +746,7 @@ void vio_port_up(struct vio_driver_state *vio)
3252 +
3253 + err = 0;
3254 + if (state == LDC_STATE_INIT) {
3255 +- err = ldc_bind(vio->lp, vio->name);
3256 ++ err = ldc_bind(vio->lp);
3257 + if (err)
3258 + printk(KERN_WARNING "%s: Port %lu bind failed, "
3259 + "err=%d\n",
3260 +diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
3261 +index 932ff90fd760..09243057cb0b 100644
3262 +--- a/arch/sparc/kernel/vmlinux.lds.S
3263 ++++ b/arch/sparc/kernel/vmlinux.lds.S
3264 +@@ -35,8 +35,9 @@ jiffies = jiffies_64;
3265 +
3266 + SECTIONS
3267 + {
3268 +- /* swapper_low_pmd_dir is sparc64 only */
3269 +- swapper_low_pmd_dir = 0x0000000000402000;
3270 ++#ifdef CONFIG_SPARC64
3271 ++ swapper_pg_dir = 0x0000000000402000;
3272 ++#endif
3273 + . = INITIAL_ADDRESS;
3274 + .text TEXTSTART :
3275 + {
3276 +@@ -122,11 +123,6 @@ SECTIONS
3277 + *(.swapper_4m_tsb_phys_patch)
3278 + __swapper_4m_tsb_phys_patch_end = .;
3279 + }
3280 +- .page_offset_shift_patch : {
3281 +- __page_offset_shift_patch = .;
3282 +- *(.page_offset_shift_patch)
3283 +- __page_offset_shift_patch_end = .;
3284 +- }
3285 + .popc_3insn_patch : {
3286 + __popc_3insn_patch = .;
3287 + *(.popc_3insn_patch)
3288 +diff --git a/arch/sparc/lib/NG4memcpy.S b/arch/sparc/lib/NG4memcpy.S
3289 +index 9cf2ee01cee3..140527a20e7d 100644
3290 +--- a/arch/sparc/lib/NG4memcpy.S
3291 ++++ b/arch/sparc/lib/NG4memcpy.S
3292 +@@ -41,6 +41,10 @@
3293 + #endif
3294 + #endif
3295 +
3296 ++#if !defined(EX_LD) && !defined(EX_ST)
3297 ++#define NON_USER_COPY
3298 ++#endif
3299 ++
3300 + #ifndef EX_LD
3301 + #define EX_LD(x) x
3302 + #endif
3303 +@@ -197,9 +201,13 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
3304 + mov EX_RETVAL(%o3), %o0
3305 +
3306 + .Llarge_src_unaligned:
3307 ++#ifdef NON_USER_COPY
3308 ++ VISEntryHalfFast(.Lmedium_vis_entry_fail)
3309 ++#else
3310 ++ VISEntryHalf
3311 ++#endif
3312 + andn %o2, 0x3f, %o4
3313 + sub %o2, %o4, %o2
3314 +- VISEntryHalf
3315 + alignaddr %o1, %g0, %g1
3316 + add %o1, %o4, %o1
3317 + EX_LD(LOAD(ldd, %g1 + 0x00, %f0))
3318 +@@ -240,6 +248,10 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
3319 + nop
3320 + ba,a,pt %icc, .Lmedium_unaligned
3321 +
3322 ++#ifdef NON_USER_COPY
3323 ++.Lmedium_vis_entry_fail:
3324 ++ or %o0, %o1, %g2
3325 ++#endif
3326 + .Lmedium:
3327 + LOAD(prefetch, %o1 + 0x40, #n_reads_strong)
3328 + andcc %g2, 0x7, %g0
3329 +diff --git a/arch/sparc/lib/memset.S b/arch/sparc/lib/memset.S
3330 +index 99c017be8719..f75e6906df14 100644
3331 +--- a/arch/sparc/lib/memset.S
3332 ++++ b/arch/sparc/lib/memset.S
3333 +@@ -3,8 +3,9 @@
3334 + * Copyright (C) 1996,1997 Jakub Jelinek (jj@××××××××××××××××.cz)
3335 + * Copyright (C) 1996 David S. Miller (davem@××××××××××××.edu)
3336 + *
3337 +- * Returns 0, if ok, and number of bytes not yet set if exception
3338 +- * occurs and we were called as clear_user.
3339 ++ * Calls to memset returns initial %o0. Calls to bzero returns 0, if ok, and
3340 ++ * number of bytes not yet set if exception occurs and we were called as
3341 ++ * clear_user.
3342 + */
3343 +
3344 + #include <asm/ptrace.h>
3345 +@@ -65,6 +66,8 @@ __bzero_begin:
3346 + .globl __memset_start, __memset_end
3347 + __memset_start:
3348 + memset:
3349 ++ mov %o0, %g1
3350 ++ mov 1, %g4
3351 + and %o1, 0xff, %g3
3352 + sll %g3, 8, %g2
3353 + or %g3, %g2, %g3
3354 +@@ -89,6 +92,7 @@ memset:
3355 + sub %o0, %o2, %o0
3356 +
3357 + __bzero:
3358 ++ clr %g4
3359 + mov %g0, %g3
3360 + 1:
3361 + cmp %o1, 7
3362 +@@ -151,8 +155,8 @@ __bzero:
3363 + bne,a 8f
3364 + EX(stb %g3, [%o0], and %o1, 1)
3365 + 8:
3366 +- retl
3367 +- clr %o0
3368 ++ b 0f
3369 ++ nop
3370 + 7:
3371 + be 13b
3372 + orcc %o1, 0, %g0
3373 +@@ -164,6 +168,12 @@ __bzero:
3374 + bne 8b
3375 + EX(stb %g3, [%o0 - 1], add %o1, 1)
3376 + 0:
3377 ++ andcc %g4, 1, %g0
3378 ++ be 5f
3379 ++ nop
3380 ++ retl
3381 ++ mov %g1, %o0
3382 ++5:
3383 + retl
3384 + clr %o0
3385 + __memset_end:
3386 +diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
3387 +index 587cd0565128..18fcd7167095 100644
3388 +--- a/arch/sparc/mm/fault_64.c
3389 ++++ b/arch/sparc/mm/fault_64.c
3390 +@@ -346,6 +346,9 @@ retry:
3391 + down_read(&mm->mmap_sem);
3392 + }
3393 +
3394 ++ if (fault_code & FAULT_CODE_BAD_RA)
3395 ++ goto do_sigbus;
3396 ++
3397 + vma = find_vma(mm, address);
3398 + if (!vma)
3399 + goto bad_area;
3400 +diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
3401 +index 1aed0432c64b..ae6ce383d4df 100644
3402 +--- a/arch/sparc/mm/gup.c
3403 ++++ b/arch/sparc/mm/gup.c
3404 +@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
3405 + return 1;
3406 + }
3407 +
3408 ++int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
3409 ++ struct page **pages)
3410 ++{
3411 ++ struct mm_struct *mm = current->mm;
3412 ++ unsigned long addr, len, end;
3413 ++ unsigned long next, flags;
3414 ++ pgd_t *pgdp;
3415 ++ int nr = 0;
3416 ++
3417 ++ start &= PAGE_MASK;
3418 ++ addr = start;
3419 ++ len = (unsigned long) nr_pages << PAGE_SHIFT;
3420 ++ end = start + len;
3421 ++
3422 ++ local_irq_save(flags);
3423 ++ pgdp = pgd_offset(mm, addr);
3424 ++ do {
3425 ++ pgd_t pgd = *pgdp;
3426 ++
3427 ++ next = pgd_addr_end(addr, end);
3428 ++ if (pgd_none(pgd))
3429 ++ break;
3430 ++ if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
3431 ++ break;
3432 ++ } while (pgdp++, addr = next, addr != end);
3433 ++ local_irq_restore(flags);
3434 ++
3435 ++ return nr;
3436 ++}
3437 ++
3438 + int get_user_pages_fast(unsigned long start, int nr_pages, int write,
3439 + struct page **pages)
3440 + {
3441 +diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
3442 +index 2cfb0f25e0ed..bbb9371f519b 100644
3443 +--- a/arch/sparc/mm/init_64.c
3444 ++++ b/arch/sparc/mm/init_64.c
3445 +@@ -74,7 +74,6 @@ unsigned long kern_linear_pte_xor[4] __read_mostly;
3446 + * 'cpu' properties, but we need to have this table setup before the
3447 + * MDESC is initialized.
3448 + */
3449 +-unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3450 +
3451 + #ifndef CONFIG_DEBUG_PAGEALLOC
3452 + /* A special kernel TSB for 4MB, 256MB, 2GB and 16GB linear mappings.
3453 +@@ -83,10 +82,11 @@ unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3454 + */
3455 + extern struct tsb swapper_4m_tsb[KERNEL_TSB4M_NENTRIES];
3456 + #endif
3457 ++extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
3458 +
3459 + static unsigned long cpu_pgsz_mask;
3460 +
3461 +-#define MAX_BANKS 32
3462 ++#define MAX_BANKS 1024
3463 +
3464 + static struct linux_prom64_registers pavail[MAX_BANKS];
3465 + static int pavail_ents;
3466 +@@ -164,10 +164,6 @@ static void __init read_obp_memory(const char *property,
3467 + cmp_p64, NULL);
3468 + }
3469 +
3470 +-unsigned long sparc64_valid_addr_bitmap[VALID_ADDR_BITMAP_BYTES /
3471 +- sizeof(unsigned long)];
3472 +-EXPORT_SYMBOL(sparc64_valid_addr_bitmap);
3473 +-
3474 + /* Kernel physical address base and size in bytes. */
3475 + unsigned long kern_base __read_mostly;
3476 + unsigned long kern_size __read_mostly;
3477 +@@ -839,7 +835,10 @@ static int find_node(unsigned long addr)
3478 + if ((addr & p->mask) == p->val)
3479 + return i;
3480 + }
3481 +- return -1;
3482 ++ /* The following condition has been observed on LDOM guests.*/
3483 ++ WARN_ONCE(1, "find_node: A physical address doesn't match a NUMA node"
3484 ++ " rule. Some physical memory will be owned by node 0.");
3485 ++ return 0;
3486 + }
3487 +
3488 + static u64 memblock_nid_range(u64 start, u64 end, int *nid)
3489 +@@ -1365,9 +1364,144 @@ static unsigned long __init bootmem_init(unsigned long phys_base)
3490 + static struct linux_prom64_registers pall[MAX_BANKS] __initdata;
3491 + static int pall_ents __initdata;
3492 +
3493 +-#ifdef CONFIG_DEBUG_PAGEALLOC
3494 ++static unsigned long max_phys_bits = 40;
3495 ++
3496 ++bool kern_addr_valid(unsigned long addr)
3497 ++{
3498 ++ pgd_t *pgd;
3499 ++ pud_t *pud;
3500 ++ pmd_t *pmd;
3501 ++ pte_t *pte;
3502 ++
3503 ++ if ((long)addr < 0L) {
3504 ++ unsigned long pa = __pa(addr);
3505 ++
3506 ++ if ((addr >> max_phys_bits) != 0UL)
3507 ++ return false;
3508 ++
3509 ++ return pfn_valid(pa >> PAGE_SHIFT);
3510 ++ }
3511 ++
3512 ++ if (addr >= (unsigned long) KERNBASE &&
3513 ++ addr < (unsigned long)&_end)
3514 ++ return true;
3515 ++
3516 ++ pgd = pgd_offset_k(addr);
3517 ++ if (pgd_none(*pgd))
3518 ++ return 0;
3519 ++
3520 ++ pud = pud_offset(pgd, addr);
3521 ++ if (pud_none(*pud))
3522 ++ return 0;
3523 ++
3524 ++ if (pud_large(*pud))
3525 ++ return pfn_valid(pud_pfn(*pud));
3526 ++
3527 ++ pmd = pmd_offset(pud, addr);
3528 ++ if (pmd_none(*pmd))
3529 ++ return 0;
3530 ++
3531 ++ if (pmd_large(*pmd))
3532 ++ return pfn_valid(pmd_pfn(*pmd));
3533 ++
3534 ++ pte = pte_offset_kernel(pmd, addr);
3535 ++ if (pte_none(*pte))
3536 ++ return 0;
3537 ++
3538 ++ return pfn_valid(pte_pfn(*pte));
3539 ++}
3540 ++EXPORT_SYMBOL(kern_addr_valid);
3541 ++
3542 ++static unsigned long __ref kernel_map_hugepud(unsigned long vstart,
3543 ++ unsigned long vend,
3544 ++ pud_t *pud)
3545 ++{
3546 ++ const unsigned long mask16gb = (1UL << 34) - 1UL;
3547 ++ u64 pte_val = vstart;
3548 ++
3549 ++ /* Each PUD is 8GB */
3550 ++ if ((vstart & mask16gb) ||
3551 ++ (vend - vstart <= mask16gb)) {
3552 ++ pte_val ^= kern_linear_pte_xor[2];
3553 ++ pud_val(*pud) = pte_val | _PAGE_PUD_HUGE;
3554 ++
3555 ++ return vstart + PUD_SIZE;
3556 ++ }
3557 ++
3558 ++ pte_val ^= kern_linear_pte_xor[3];
3559 ++ pte_val |= _PAGE_PUD_HUGE;
3560 ++
3561 ++ vend = vstart + mask16gb + 1UL;
3562 ++ while (vstart < vend) {
3563 ++ pud_val(*pud) = pte_val;
3564 ++
3565 ++ pte_val += PUD_SIZE;
3566 ++ vstart += PUD_SIZE;
3567 ++ pud++;
3568 ++ }
3569 ++ return vstart;
3570 ++}
3571 ++
3572 ++static bool kernel_can_map_hugepud(unsigned long vstart, unsigned long vend,
3573 ++ bool guard)
3574 ++{
3575 ++ if (guard && !(vstart & ~PUD_MASK) && (vend - vstart) >= PUD_SIZE)
3576 ++ return true;
3577 ++
3578 ++ return false;
3579 ++}
3580 ++
3581 ++static unsigned long __ref kernel_map_hugepmd(unsigned long vstart,
3582 ++ unsigned long vend,
3583 ++ pmd_t *pmd)
3584 ++{
3585 ++ const unsigned long mask256mb = (1UL << 28) - 1UL;
3586 ++ const unsigned long mask2gb = (1UL << 31) - 1UL;
3587 ++ u64 pte_val = vstart;
3588 ++
3589 ++ /* Each PMD is 8MB */
3590 ++ if ((vstart & mask256mb) ||
3591 ++ (vend - vstart <= mask256mb)) {
3592 ++ pte_val ^= kern_linear_pte_xor[0];
3593 ++ pmd_val(*pmd) = pte_val | _PAGE_PMD_HUGE;
3594 ++
3595 ++ return vstart + PMD_SIZE;
3596 ++ }
3597 ++
3598 ++ if ((vstart & mask2gb) ||
3599 ++ (vend - vstart <= mask2gb)) {
3600 ++ pte_val ^= kern_linear_pte_xor[1];
3601 ++ pte_val |= _PAGE_PMD_HUGE;
3602 ++ vend = vstart + mask256mb + 1UL;
3603 ++ } else {
3604 ++ pte_val ^= kern_linear_pte_xor[2];
3605 ++ pte_val |= _PAGE_PMD_HUGE;
3606 ++ vend = vstart + mask2gb + 1UL;
3607 ++ }
3608 ++
3609 ++ while (vstart < vend) {
3610 ++ pmd_val(*pmd) = pte_val;
3611 ++
3612 ++ pte_val += PMD_SIZE;
3613 ++ vstart += PMD_SIZE;
3614 ++ pmd++;
3615 ++ }
3616 ++
3617 ++ return vstart;
3618 ++}
3619 ++
3620 ++static bool kernel_can_map_hugepmd(unsigned long vstart, unsigned long vend,
3621 ++ bool guard)
3622 ++{
3623 ++ if (guard && !(vstart & ~PMD_MASK) && (vend - vstart) >= PMD_SIZE)
3624 ++ return true;
3625 ++
3626 ++ return false;
3627 ++}
3628 ++
3629 + static unsigned long __ref kernel_map_range(unsigned long pstart,
3630 +- unsigned long pend, pgprot_t prot)
3631 ++ unsigned long pend, pgprot_t prot,
3632 ++ bool use_huge)
3633 + {
3634 + unsigned long vstart = PAGE_OFFSET + pstart;
3635 + unsigned long vend = PAGE_OFFSET + pend;
3636 +@@ -1386,19 +1520,34 @@ static unsigned long __ref kernel_map_range(unsigned long pstart,
3637 + pmd_t *pmd;
3638 + pte_t *pte;
3639 +
3640 ++ if (pgd_none(*pgd)) {
3641 ++ pud_t *new;
3642 ++
3643 ++ new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3644 ++ alloc_bytes += PAGE_SIZE;
3645 ++ pgd_populate(&init_mm, pgd, new);
3646 ++ }
3647 + pud = pud_offset(pgd, vstart);
3648 + if (pud_none(*pud)) {
3649 + pmd_t *new;
3650 +
3651 ++ if (kernel_can_map_hugepud(vstart, vend, use_huge)) {
3652 ++ vstart = kernel_map_hugepud(vstart, vend, pud);
3653 ++ continue;
3654 ++ }
3655 + new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3656 + alloc_bytes += PAGE_SIZE;
3657 + pud_populate(&init_mm, pud, new);
3658 + }
3659 +
3660 + pmd = pmd_offset(pud, vstart);
3661 +- if (!pmd_present(*pmd)) {
3662 ++ if (pmd_none(*pmd)) {
3663 + pte_t *new;
3664 +
3665 ++ if (kernel_can_map_hugepmd(vstart, vend, use_huge)) {
3666 ++ vstart = kernel_map_hugepmd(vstart, vend, pmd);
3667 ++ continue;
3668 ++ }
3669 + new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3670 + alloc_bytes += PAGE_SIZE;
3671 + pmd_populate_kernel(&init_mm, pmd, new);
3672 +@@ -1421,100 +1570,34 @@ static unsigned long __ref kernel_map_range(unsigned long pstart,
3673 + return alloc_bytes;
3674 + }
3675 +
3676 +-extern unsigned int kvmap_linear_patch[1];
3677 +-#endif /* CONFIG_DEBUG_PAGEALLOC */
3678 +-
3679 +-static void __init kpte_set_val(unsigned long index, unsigned long val)
3680 ++static void __init flush_all_kernel_tsbs(void)
3681 + {
3682 +- unsigned long *ptr = kpte_linear_bitmap;
3683 +-
3684 +- val <<= ((index % (BITS_PER_LONG / 2)) * 2);
3685 +- ptr += (index / (BITS_PER_LONG / 2));
3686 +-
3687 +- *ptr |= val;
3688 +-}
3689 +-
3690 +-static const unsigned long kpte_shift_min = 28; /* 256MB */
3691 +-static const unsigned long kpte_shift_max = 34; /* 16GB */
3692 +-static const unsigned long kpte_shift_incr = 3;
3693 +-
3694 +-static unsigned long kpte_mark_using_shift(unsigned long start, unsigned long end,
3695 +- unsigned long shift)
3696 +-{
3697 +- unsigned long size = (1UL << shift);
3698 +- unsigned long mask = (size - 1UL);
3699 +- unsigned long remains = end - start;
3700 +- unsigned long val;
3701 +-
3702 +- if (remains < size || (start & mask))
3703 +- return start;
3704 +-
3705 +- /* VAL maps:
3706 +- *
3707 +- * shift 28 --> kern_linear_pte_xor index 1
3708 +- * shift 31 --> kern_linear_pte_xor index 2
3709 +- * shift 34 --> kern_linear_pte_xor index 3
3710 +- */
3711 +- val = ((shift - kpte_shift_min) / kpte_shift_incr) + 1;
3712 +-
3713 +- remains &= ~mask;
3714 +- if (shift != kpte_shift_max)
3715 +- remains = size;
3716 +-
3717 +- while (remains) {
3718 +- unsigned long index = start >> kpte_shift_min;
3719 ++ int i;
3720 +
3721 +- kpte_set_val(index, val);
3722 ++ for (i = 0; i < KERNEL_TSB_NENTRIES; i++) {
3723 ++ struct tsb *ent = &swapper_tsb[i];
3724 +
3725 +- start += 1UL << kpte_shift_min;
3726 +- remains -= 1UL << kpte_shift_min;
3727 ++ ent->tag = (1UL << TSB_TAG_INVALID_BIT);
3728 + }
3729 ++#ifndef CONFIG_DEBUG_PAGEALLOC
3730 ++ for (i = 0; i < KERNEL_TSB4M_NENTRIES; i++) {
3731 ++ struct tsb *ent = &swapper_4m_tsb[i];
3732 +
3733 +- return start;
3734 +-}
3735 +-
3736 +-static void __init mark_kpte_bitmap(unsigned long start, unsigned long end)
3737 +-{
3738 +- unsigned long smallest_size, smallest_mask;
3739 +- unsigned long s;
3740 +-
3741 +- smallest_size = (1UL << kpte_shift_min);
3742 +- smallest_mask = (smallest_size - 1UL);
3743 +-
3744 +- while (start < end) {
3745 +- unsigned long orig_start = start;
3746 +-
3747 +- for (s = kpte_shift_max; s >= kpte_shift_min; s -= kpte_shift_incr) {
3748 +- start = kpte_mark_using_shift(start, end, s);
3749 +-
3750 +- if (start != orig_start)
3751 +- break;
3752 +- }
3753 +-
3754 +- if (start == orig_start)
3755 +- start = (start + smallest_size) & ~smallest_mask;
3756 ++ ent->tag = (1UL << TSB_TAG_INVALID_BIT);
3757 + }
3758 ++#endif
3759 + }
3760 +
3761 +-static void __init init_kpte_bitmap(void)
3762 +-{
3763 +- unsigned long i;
3764 +-
3765 +- for (i = 0; i < pall_ents; i++) {
3766 +- unsigned long phys_start, phys_end;
3767 +-
3768 +- phys_start = pall[i].phys_addr;
3769 +- phys_end = phys_start + pall[i].reg_size;
3770 +-
3771 +- mark_kpte_bitmap(phys_start, phys_end);
3772 +- }
3773 +-}
3774 ++extern unsigned int kvmap_linear_patch[1];
3775 +
3776 + static void __init kernel_physical_mapping_init(void)
3777 + {
3778 +-#ifdef CONFIG_DEBUG_PAGEALLOC
3779 + unsigned long i, mem_alloced = 0UL;
3780 ++ bool use_huge = true;
3781 +
3782 ++#ifdef CONFIG_DEBUG_PAGEALLOC
3783 ++ use_huge = false;
3784 ++#endif
3785 + for (i = 0; i < pall_ents; i++) {
3786 + unsigned long phys_start, phys_end;
3787 +
3788 +@@ -1522,7 +1605,7 @@ static void __init kernel_physical_mapping_init(void)
3789 + phys_end = phys_start + pall[i].reg_size;
3790 +
3791 + mem_alloced += kernel_map_range(phys_start, phys_end,
3792 +- PAGE_KERNEL);
3793 ++ PAGE_KERNEL, use_huge);
3794 + }
3795 +
3796 + printk("Allocated %ld bytes for kernel page tables.\n",
3797 +@@ -1531,8 +1614,9 @@ static void __init kernel_physical_mapping_init(void)
3798 + kvmap_linear_patch[0] = 0x01000000; /* nop */
3799 + flushi(&kvmap_linear_patch[0]);
3800 +
3801 ++ flush_all_kernel_tsbs();
3802 ++
3803 + __flush_tlb_all();
3804 +-#endif
3805 + }
3806 +
3807 + #ifdef CONFIG_DEBUG_PAGEALLOC
3808 +@@ -1542,7 +1626,7 @@ void kernel_map_pages(struct page *page, int numpages, int enable)
3809 + unsigned long phys_end = phys_start + (numpages * PAGE_SIZE);
3810 +
3811 + kernel_map_range(phys_start, phys_end,
3812 +- (enable ? PAGE_KERNEL : __pgprot(0)));
3813 ++ (enable ? PAGE_KERNEL : __pgprot(0)), false);
3814 +
3815 + flush_tsb_kernel_range(PAGE_OFFSET + phys_start,
3816 + PAGE_OFFSET + phys_end);
3817 +@@ -1570,76 +1654,56 @@ unsigned long __init find_ecache_flush_span(unsigned long size)
3818 + unsigned long PAGE_OFFSET;
3819 + EXPORT_SYMBOL(PAGE_OFFSET);
3820 +
3821 +-static void __init page_offset_shift_patch_one(unsigned int *insn, unsigned long phys_bits)
3822 +-{
3823 +- unsigned long final_shift;
3824 +- unsigned int val = *insn;
3825 +- unsigned int cnt;
3826 +-
3827 +- /* We are patching in ilog2(max_supported_phys_address), and
3828 +- * we are doing so in a manner similar to a relocation addend.
3829 +- * That is, we are adding the shift value to whatever value
3830 +- * is in the shift instruction count field already.
3831 +- */
3832 +- cnt = (val & 0x3f);
3833 +- val &= ~0x3f;
3834 +-
3835 +- /* If we are trying to shift >= 64 bits, clear the destination
3836 +- * register. This can happen when phys_bits ends up being equal
3837 +- * to MAX_PHYS_ADDRESS_BITS.
3838 +- */
3839 +- final_shift = (cnt + (64 - phys_bits));
3840 +- if (final_shift >= 64) {
3841 +- unsigned int rd = (val >> 25) & 0x1f;
3842 +-
3843 +- val = 0x80100000 | (rd << 25);
3844 +- } else {
3845 +- val |= final_shift;
3846 +- }
3847 +- *insn = val;
3848 +-
3849 +- __asm__ __volatile__("flush %0"
3850 +- : /* no outputs */
3851 +- : "r" (insn));
3852 +-}
3853 +-
3854 +-static void __init page_offset_shift_patch(unsigned long phys_bits)
3855 +-{
3856 +- extern unsigned int __page_offset_shift_patch;
3857 +- extern unsigned int __page_offset_shift_patch_end;
3858 +- unsigned int *p;
3859 +-
3860 +- p = &__page_offset_shift_patch;
3861 +- while (p < &__page_offset_shift_patch_end) {
3862 +- unsigned int *insn = (unsigned int *)(unsigned long)*p;
3863 ++unsigned long VMALLOC_END = 0x0000010000000000UL;
3864 ++EXPORT_SYMBOL(VMALLOC_END);
3865 +
3866 +- page_offset_shift_patch_one(insn, phys_bits);
3867 +-
3868 +- p++;
3869 +- }
3870 +-}
3871 ++unsigned long sparc64_va_hole_top = 0xfffff80000000000UL;
3872 ++unsigned long sparc64_va_hole_bottom = 0x0000080000000000UL;
3873 +
3874 + static void __init setup_page_offset(void)
3875 + {
3876 +- unsigned long max_phys_bits = 40;
3877 +-
3878 + if (tlb_type == cheetah || tlb_type == cheetah_plus) {
3879 ++ /* Cheetah/Panther support a full 64-bit virtual
3880 ++ * address, so we can use all that our page tables
3881 ++ * support.
3882 ++ */
3883 ++ sparc64_va_hole_top = 0xfff0000000000000UL;
3884 ++ sparc64_va_hole_bottom = 0x0010000000000000UL;
3885 ++
3886 + max_phys_bits = 42;
3887 + } else if (tlb_type == hypervisor) {
3888 + switch (sun4v_chip_type) {
3889 + case SUN4V_CHIP_NIAGARA1:
3890 + case SUN4V_CHIP_NIAGARA2:
3891 ++ /* T1 and T2 support 48-bit virtual addresses. */
3892 ++ sparc64_va_hole_top = 0xffff800000000000UL;
3893 ++ sparc64_va_hole_bottom = 0x0000800000000000UL;
3894 ++
3895 + max_phys_bits = 39;
3896 + break;
3897 + case SUN4V_CHIP_NIAGARA3:
3898 ++ /* T3 supports 48-bit virtual addresses. */
3899 ++ sparc64_va_hole_top = 0xffff800000000000UL;
3900 ++ sparc64_va_hole_bottom = 0x0000800000000000UL;
3901 ++
3902 + max_phys_bits = 43;
3903 + break;
3904 + case SUN4V_CHIP_NIAGARA4:
3905 + case SUN4V_CHIP_NIAGARA5:
3906 + case SUN4V_CHIP_SPARC64X:
3907 +- default:
3908 ++ case SUN4V_CHIP_SPARC_M6:
3909 ++ /* T4 and later support 52-bit virtual addresses. */
3910 ++ sparc64_va_hole_top = 0xfff8000000000000UL;
3911 ++ sparc64_va_hole_bottom = 0x0008000000000000UL;
3912 + max_phys_bits = 47;
3913 + break;
3914 ++ case SUN4V_CHIP_SPARC_M7:
3915 ++ default:
3916 ++ /* M7 and later support 52-bit virtual addresses. */
3917 ++ sparc64_va_hole_top = 0xfff8000000000000UL;
3918 ++ sparc64_va_hole_bottom = 0x0008000000000000UL;
3919 ++ max_phys_bits = 49;
3920 ++ break;
3921 + }
3922 + }
3923 +
3924 +@@ -1649,12 +1713,16 @@ static void __init setup_page_offset(void)
3925 + prom_halt();
3926 + }
3927 +
3928 +- PAGE_OFFSET = PAGE_OFFSET_BY_BITS(max_phys_bits);
3929 ++ PAGE_OFFSET = sparc64_va_hole_top;
3930 ++ VMALLOC_END = ((sparc64_va_hole_bottom >> 1) +
3931 ++ (sparc64_va_hole_bottom >> 2));
3932 +
3933 +- pr_info("PAGE_OFFSET is 0x%016lx (max_phys_bits == %lu)\n",
3934 ++ pr_info("MM: PAGE_OFFSET is 0x%016lx (max_phys_bits == %lu)\n",
3935 + PAGE_OFFSET, max_phys_bits);
3936 +-
3937 +- page_offset_shift_patch(max_phys_bits);
3938 ++ pr_info("MM: VMALLOC [0x%016lx --> 0x%016lx]\n",
3939 ++ VMALLOC_START, VMALLOC_END);
3940 ++ pr_info("MM: VMEMMAP [0x%016lx --> 0x%016lx]\n",
3941 ++ VMEMMAP_BASE, VMEMMAP_BASE << 1);
3942 + }
3943 +
3944 + static void __init tsb_phys_patch(void)
3945 +@@ -1699,21 +1767,42 @@ static void __init tsb_phys_patch(void)
3946 + #define NUM_KTSB_DESCR 1
3947 + #endif
3948 + static struct hv_tsb_descr ktsb_descr[NUM_KTSB_DESCR];
3949 +-extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
3950 ++
3951 ++/* The swapper TSBs are loaded with a base sequence of:
3952 ++ *
3953 ++ * sethi %uhi(SYMBOL), REG1
3954 ++ * sethi %hi(SYMBOL), REG2
3955 ++ * or REG1, %ulo(SYMBOL), REG1
3956 ++ * or REG2, %lo(SYMBOL), REG2
3957 ++ * sllx REG1, 32, REG1
3958 ++ * or REG1, REG2, REG1
3959 ++ *
3960 ++ * When we use physical addressing for the TSB accesses, we patch the
3961 ++ * first four instructions in the above sequence.
3962 ++ */
3963 +
3964 + static void patch_one_ktsb_phys(unsigned int *start, unsigned int *end, unsigned long pa)
3965 + {
3966 +- pa >>= KTSB_PHYS_SHIFT;
3967 ++ unsigned long high_bits, low_bits;
3968 ++
3969 ++ high_bits = (pa >> 32) & 0xffffffff;
3970 ++ low_bits = (pa >> 0) & 0xffffffff;
3971 +
3972 + while (start < end) {
3973 + unsigned int *ia = (unsigned int *)(unsigned long)*start;
3974 +
3975 +- ia[0] = (ia[0] & ~0x3fffff) | (pa >> 10);
3976 ++ ia[0] = (ia[0] & ~0x3fffff) | (high_bits >> 10);
3977 + __asm__ __volatile__("flush %0" : : "r" (ia));
3978 +
3979 +- ia[1] = (ia[1] & ~0x3ff) | (pa & 0x3ff);
3980 ++ ia[1] = (ia[1] & ~0x3fffff) | (low_bits >> 10);
3981 + __asm__ __volatile__("flush %0" : : "r" (ia + 1));
3982 +
3983 ++ ia[2] = (ia[2] & ~0x1fff) | (high_bits & 0x3ff);
3984 ++ __asm__ __volatile__("flush %0" : : "r" (ia + 2));
3985 ++
3986 ++ ia[3] = (ia[3] & ~0x1fff) | (low_bits & 0x3ff);
3987 ++ __asm__ __volatile__("flush %0" : : "r" (ia + 3));
3988 ++
3989 + start++;
3990 + }
3991 + }
3992 +@@ -1852,7 +1941,6 @@ static void __init sun4v_linear_pte_xor_finalize(void)
3993 + /* paging_init() sets up the page tables */
3994 +
3995 + static unsigned long last_valid_pfn;
3996 +-pgd_t swapper_pg_dir[PTRS_PER_PGD];
3997 +
3998 + static void sun4u_pgprot_init(void);
3999 + static void sun4v_pgprot_init(void);
4000 +@@ -1955,16 +2043,10 @@ void __init paging_init(void)
4001 + */
4002 + init_mm.pgd += ((shift) / (sizeof(pgd_t)));
4003 +
4004 +- memset(swapper_low_pmd_dir, 0, sizeof(swapper_low_pmd_dir));
4005 ++ memset(swapper_pg_dir, 0, sizeof(swapper_pg_dir));
4006 +
4007 +- /* Now can init the kernel/bad page tables. */
4008 +- pud_set(pud_offset(&swapper_pg_dir[0], 0),
4009 +- swapper_low_pmd_dir + (shift / sizeof(pgd_t)));
4010 +-
4011 + inherit_prom_mappings();
4012 +
4013 +- init_kpte_bitmap();
4014 +-
4015 + /* Ok, we can use our TLB miss and window trap handlers safely. */
4016 + setup_tba();
4017 +
4018 +@@ -2071,70 +2153,6 @@ int page_in_phys_avail(unsigned long paddr)
4019 + return 0;
4020 + }
4021 +
4022 +-static struct linux_prom64_registers pavail_rescan[MAX_BANKS] __initdata;
4023 +-static int pavail_rescan_ents __initdata;
4024 +-
4025 +-/* Certain OBP calls, such as fetching "available" properties, can
4026 +- * claim physical memory. So, along with initializing the valid
4027 +- * address bitmap, what we do here is refetch the physical available
4028 +- * memory list again, and make sure it provides at least as much
4029 +- * memory as 'pavail' does.
4030 +- */
4031 +-static void __init setup_valid_addr_bitmap_from_pavail(unsigned long *bitmap)
4032 +-{
4033 +- int i;
4034 +-
4035 +- read_obp_memory("available", &pavail_rescan[0], &pavail_rescan_ents);
4036 +-
4037 +- for (i = 0; i < pavail_ents; i++) {
4038 +- unsigned long old_start, old_end;
4039 +-
4040 +- old_start = pavail[i].phys_addr;
4041 +- old_end = old_start + pavail[i].reg_size;
4042 +- while (old_start < old_end) {
4043 +- int n;
4044 +-
4045 +- for (n = 0; n < pavail_rescan_ents; n++) {
4046 +- unsigned long new_start, new_end;
4047 +-
4048 +- new_start = pavail_rescan[n].phys_addr;
4049 +- new_end = new_start +
4050 +- pavail_rescan[n].reg_size;
4051 +-
4052 +- if (new_start <= old_start &&
4053 +- new_end >= (old_start + PAGE_SIZE)) {
4054 +- set_bit(old_start >> ILOG2_4MB, bitmap);
4055 +- goto do_next_page;
4056 +- }
4057 +- }
4058 +-
4059 +- prom_printf("mem_init: Lost memory in pavail\n");
4060 +- prom_printf("mem_init: OLD start[%lx] size[%lx]\n",
4061 +- pavail[i].phys_addr,
4062 +- pavail[i].reg_size);
4063 +- prom_printf("mem_init: NEW start[%lx] size[%lx]\n",
4064 +- pavail_rescan[i].phys_addr,
4065 +- pavail_rescan[i].reg_size);
4066 +- prom_printf("mem_init: Cannot continue, aborting.\n");
4067 +- prom_halt();
4068 +-
4069 +- do_next_page:
4070 +- old_start += PAGE_SIZE;
4071 +- }
4072 +- }
4073 +-}
4074 +-
4075 +-static void __init patch_tlb_miss_handler_bitmap(void)
4076 +-{
4077 +- extern unsigned int valid_addr_bitmap_insn[];
4078 +- extern unsigned int valid_addr_bitmap_patch[];
4079 +-
4080 +- valid_addr_bitmap_insn[1] = valid_addr_bitmap_patch[1];
4081 +- mb();
4082 +- valid_addr_bitmap_insn[0] = valid_addr_bitmap_patch[0];
4083 +- flushi(&valid_addr_bitmap_insn[0]);
4084 +-}
4085 +-
4086 + static void __init register_page_bootmem_info(void)
4087 + {
4088 + #ifdef CONFIG_NEED_MULTIPLE_NODES
4089 +@@ -2147,18 +2165,6 @@ static void __init register_page_bootmem_info(void)
4090 + }
4091 + void __init mem_init(void)
4092 + {
4093 +- unsigned long addr, last;
4094 +-
4095 +- addr = PAGE_OFFSET + kern_base;
4096 +- last = PAGE_ALIGN(kern_size) + addr;
4097 +- while (addr < last) {
4098 +- set_bit(__pa(addr) >> ILOG2_4MB, sparc64_valid_addr_bitmap);
4099 +- addr += PAGE_SIZE;
4100 +- }
4101 +-
4102 +- setup_valid_addr_bitmap_from_pavail(sparc64_valid_addr_bitmap);
4103 +- patch_tlb_miss_handler_bitmap();
4104 +-
4105 + high_memory = __va(last_valid_pfn << PAGE_SHIFT);
4106 +
4107 + register_page_bootmem_info();
4108 +@@ -2248,18 +2254,9 @@ unsigned long _PAGE_CACHE __read_mostly;
4109 + EXPORT_SYMBOL(_PAGE_CACHE);
4110 +
4111 + #ifdef CONFIG_SPARSEMEM_VMEMMAP
4112 +-unsigned long vmemmap_table[VMEMMAP_SIZE];
4113 +-
4114 +-static long __meminitdata addr_start, addr_end;
4115 +-static int __meminitdata node_start;
4116 +-
4117 + int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
4118 + int node)
4119 + {
4120 +- unsigned long phys_start = (vstart - VMEMMAP_BASE);
4121 +- unsigned long phys_end = (vend - VMEMMAP_BASE);
4122 +- unsigned long addr = phys_start & VMEMMAP_CHUNK_MASK;
4123 +- unsigned long end = VMEMMAP_ALIGN(phys_end);
4124 + unsigned long pte_base;
4125 +
4126 + pte_base = (_PAGE_VALID | _PAGE_SZ4MB_4U |
4127 +@@ -2270,47 +2267,52 @@ int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
4128 + _PAGE_CP_4V | _PAGE_CV_4V |
4129 + _PAGE_P_4V | _PAGE_W_4V);
4130 +
4131 +- for (; addr < end; addr += VMEMMAP_CHUNK) {
4132 +- unsigned long *vmem_pp =
4133 +- vmemmap_table + (addr >> VMEMMAP_CHUNK_SHIFT);
4134 +- void *block;
4135 ++ pte_base |= _PAGE_PMD_HUGE;
4136 +
4137 +- if (!(*vmem_pp & _PAGE_VALID)) {
4138 +- block = vmemmap_alloc_block(1UL << ILOG2_4MB, node);
4139 +- if (!block)
4140 ++ vstart = vstart & PMD_MASK;
4141 ++ vend = ALIGN(vend, PMD_SIZE);
4142 ++ for (; vstart < vend; vstart += PMD_SIZE) {
4143 ++ pgd_t *pgd = pgd_offset_k(vstart);
4144 ++ unsigned long pte;
4145 ++ pud_t *pud;
4146 ++ pmd_t *pmd;
4147 ++
4148 ++ if (pgd_none(*pgd)) {
4149 ++ pud_t *new = vmemmap_alloc_block(PAGE_SIZE, node);
4150 ++
4151 ++ if (!new)
4152 + return -ENOMEM;
4153 ++ pgd_populate(&init_mm, pgd, new);
4154 ++ }
4155 +
4156 +- *vmem_pp = pte_base | __pa(block);
4157 ++ pud = pud_offset(pgd, vstart);
4158 ++ if (pud_none(*pud)) {
4159 ++ pmd_t *new = vmemmap_alloc_block(PAGE_SIZE, node);
4160 +
4161 +- /* check to see if we have contiguous blocks */
4162 +- if (addr_end != addr || node_start != node) {
4163 +- if (addr_start)
4164 +- printk(KERN_DEBUG " [%lx-%lx] on node %d\n",
4165 +- addr_start, addr_end-1, node_start);
4166 +- addr_start = addr;
4167 +- node_start = node;
4168 +- }
4169 +- addr_end = addr + VMEMMAP_CHUNK;
4170 ++ if (!new)
4171 ++ return -ENOMEM;
4172 ++ pud_populate(&init_mm, pud, new);
4173 + }
4174 +- }
4175 +- return 0;
4176 +-}
4177 +
4178 +-void __meminit vmemmap_populate_print_last(void)
4179 +-{
4180 +- if (addr_start) {
4181 +- printk(KERN_DEBUG " [%lx-%lx] on node %d\n",
4182 +- addr_start, addr_end-1, node_start);
4183 +- addr_start = 0;
4184 +- addr_end = 0;
4185 +- node_start = 0;
4186 ++ pmd = pmd_offset(pud, vstart);
4187 ++
4188 ++ pte = pmd_val(*pmd);
4189 ++ if (!(pte & _PAGE_VALID)) {
4190 ++ void *block = vmemmap_alloc_block(PMD_SIZE, node);
4191 ++
4192 ++ if (!block)
4193 ++ return -ENOMEM;
4194 ++
4195 ++ pmd_val(*pmd) = pte_base | __pa(block);
4196 ++ }
4197 + }
4198 ++
4199 ++ return 0;
4200 + }
4201 +
4202 + void vmemmap_free(unsigned long start, unsigned long end)
4203 + {
4204 + }
4205 +-
4206 + #endif /* CONFIG_SPARSEMEM_VMEMMAP */
4207 +
4208 + static void prot_init_common(unsigned long page_none,
4209 +@@ -2722,8 +2724,8 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end)
4210 + do_flush_tlb_kernel_range(start, LOW_OBP_ADDRESS);
4211 + }
4212 + if (end > HI_OBP_ADDRESS) {
4213 +- flush_tsb_kernel_range(end, HI_OBP_ADDRESS);
4214 +- do_flush_tlb_kernel_range(end, HI_OBP_ADDRESS);
4215 ++ flush_tsb_kernel_range(HI_OBP_ADDRESS, end);
4216 ++ do_flush_tlb_kernel_range(HI_OBP_ADDRESS, end);
4217 + }
4218 + } else {
4219 + flush_tsb_kernel_range(start, end);
4220 +diff --git a/arch/sparc/mm/init_64.h b/arch/sparc/mm/init_64.h
4221 +index 0668b364f44d..a4c09603b05c 100644
4222 +--- a/arch/sparc/mm/init_64.h
4223 ++++ b/arch/sparc/mm/init_64.h
4224 +@@ -8,15 +8,8 @@
4225 + */
4226 +
4227 + #define MAX_PHYS_ADDRESS (1UL << MAX_PHYS_ADDRESS_BITS)
4228 +-#define KPTE_BITMAP_CHUNK_SZ (256UL * 1024UL * 1024UL)
4229 +-#define KPTE_BITMAP_BYTES \
4230 +- ((MAX_PHYS_ADDRESS / KPTE_BITMAP_CHUNK_SZ) / 4)
4231 +-#define VALID_ADDR_BITMAP_CHUNK_SZ (4UL * 1024UL * 1024UL)
4232 +-#define VALID_ADDR_BITMAP_BYTES \
4233 +- ((MAX_PHYS_ADDRESS / VALID_ADDR_BITMAP_CHUNK_SZ) / 8)
4234 +
4235 + extern unsigned long kern_linear_pte_xor[4];
4236 +-extern unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
4237 + extern unsigned int sparc64_highest_unlocked_tlb_ent;
4238 + extern unsigned long sparc64_kern_pri_context;
4239 + extern unsigned long sparc64_kern_pri_nuc_bits;
4240 +@@ -38,15 +31,4 @@ extern unsigned long kern_locked_tte_data;
4241 +
4242 + void prom_world(int enter);
4243 +
4244 +-#ifdef CONFIG_SPARSEMEM_VMEMMAP
4245 +-#define VMEMMAP_CHUNK_SHIFT 22
4246 +-#define VMEMMAP_CHUNK (1UL << VMEMMAP_CHUNK_SHIFT)
4247 +-#define VMEMMAP_CHUNK_MASK ~(VMEMMAP_CHUNK - 1UL)
4248 +-#define VMEMMAP_ALIGN(x) (((x)+VMEMMAP_CHUNK-1UL)&VMEMMAP_CHUNK_MASK)
4249 +-
4250 +-#define VMEMMAP_SIZE ((((1UL << MAX_PHYSADDR_BITS) >> PAGE_SHIFT) * \
4251 +- sizeof(struct page)) >> VMEMMAP_CHUNK_SHIFT)
4252 +-extern unsigned long vmemmap_table[VMEMMAP_SIZE];
4253 +-#endif
4254 +-
4255 + #endif /* _SPARC64_MM_INIT_H */
4256 +diff --git a/arch/sparc/net/bpf_jit_asm.S b/arch/sparc/net/bpf_jit_asm.S
4257 +index 9d016c7017f7..8c83f4b8eb15 100644
4258 +--- a/arch/sparc/net/bpf_jit_asm.S
4259 ++++ b/arch/sparc/net/bpf_jit_asm.S
4260 +@@ -6,10 +6,12 @@
4261 + #define SAVE_SZ 176
4262 + #define SCRATCH_OFF STACK_BIAS + 128
4263 + #define BE_PTR(label) be,pn %xcc, label
4264 ++#define SIGN_EXTEND(reg) sra reg, 0, reg
4265 + #else
4266 + #define SAVE_SZ 96
4267 + #define SCRATCH_OFF 72
4268 + #define BE_PTR(label) be label
4269 ++#define SIGN_EXTEND(reg)
4270 + #endif
4271 +
4272 + #define SKF_MAX_NEG_OFF (-0x200000) /* SKF_LL_OFF from filter.h */
4273 +@@ -135,6 +137,7 @@ bpf_slow_path_byte_msh:
4274 + save %sp, -SAVE_SZ, %sp; \
4275 + mov %i0, %o0; \
4276 + mov r_OFF, %o1; \
4277 ++ SIGN_EXTEND(%o1); \
4278 + call bpf_internal_load_pointer_neg_helper; \
4279 + mov (LEN), %o2; \
4280 + mov %o0, r_TMP; \
4281 +diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c
4282 +index 892a102671ad..8d4152f94c5a 100644
4283 +--- a/arch/sparc/net/bpf_jit_comp.c
4284 ++++ b/arch/sparc/net/bpf_jit_comp.c
4285 +@@ -184,7 +184,7 @@ do { \
4286 + */
4287 + #define emit_alu_K(OPCODE, K) \
4288 + do { \
4289 +- if (K) { \
4290 ++ if (K || OPCODE == AND || OPCODE == MUL) { \
4291 + unsigned int _insn = OPCODE; \
4292 + _insn |= RS1(r_A) | RD(r_A); \
4293 + if (is_simm13(K)) { \
4294 +@@ -234,12 +234,18 @@ do { BUILD_BUG_ON(FIELD_SIZEOF(STRUCT, FIELD) != sizeof(u8)); \
4295 + __emit_load8(BASE, STRUCT, FIELD, DEST); \
4296 + } while (0)
4297 +
4298 +-#define emit_ldmem(OFF, DEST) \
4299 +-do { *prog++ = LD32I | RS1(FP) | S13(-(OFF)) | RD(DEST); \
4300 ++#ifdef CONFIG_SPARC64
4301 ++#define BIAS (STACK_BIAS - 4)
4302 ++#else
4303 ++#define BIAS (-4)
4304 ++#endif
4305 ++
4306 ++#define emit_ldmem(OFF, DEST) \
4307 ++do { *prog++ = LD32I | RS1(SP) | S13(BIAS - (OFF)) | RD(DEST); \
4308 + } while (0)
4309 +
4310 +-#define emit_stmem(OFF, SRC) \
4311 +-do { *prog++ = LD32I | RS1(FP) | S13(-(OFF)) | RD(SRC); \
4312 ++#define emit_stmem(OFF, SRC) \
4313 ++do { *prog++ = ST32I | RS1(SP) | S13(BIAS - (OFF)) | RD(SRC); \
4314 + } while (0)
4315 +
4316 + #ifdef CONFIG_SMP
4317 +@@ -615,10 +621,11 @@ void bpf_jit_compile(struct sk_filter *fp)
4318 + case BPF_ANC | SKF_AD_VLAN_TAG:
4319 + case BPF_ANC | SKF_AD_VLAN_TAG_PRESENT:
4320 + emit_skb_load16(vlan_tci, r_A);
4321 +- if (code == (BPF_ANC | SKF_AD_VLAN_TAG)) {
4322 +- emit_andi(r_A, VLAN_VID_MASK, r_A);
4323 ++ if (code != (BPF_ANC | SKF_AD_VLAN_TAG)) {
4324 ++ emit_alu_K(SRL, 12);
4325 ++ emit_andi(r_A, 1, r_A);
4326 + } else {
4327 +- emit_loadimm(VLAN_TAG_PRESENT, r_TMP);
4328 ++ emit_loadimm(~VLAN_TAG_PRESENT, r_TMP);
4329 + emit_and(r_A, r_TMP, r_A);
4330 + }
4331 + break;
4332 +@@ -630,15 +637,19 @@ void bpf_jit_compile(struct sk_filter *fp)
4333 + emit_loadimm(K, r_X);
4334 + break;
4335 + case BPF_LD | BPF_MEM:
4336 ++ seen |= SEEN_MEM;
4337 + emit_ldmem(K * 4, r_A);
4338 + break;
4339 + case BPF_LDX | BPF_MEM:
4340 ++ seen |= SEEN_MEM | SEEN_XREG;
4341 + emit_ldmem(K * 4, r_X);
4342 + break;
4343 + case BPF_ST:
4344 ++ seen |= SEEN_MEM;
4345 + emit_stmem(K * 4, r_A);
4346 + break;
4347 + case BPF_STX:
4348 ++ seen |= SEEN_MEM | SEEN_XREG;
4349 + emit_stmem(K * 4, r_X);
4350 + break;
4351 +
4352 +diff --git a/arch/sparc/power/hibernate_asm.S b/arch/sparc/power/hibernate_asm.S
4353 +index 79942166df84..d7d9017dcb15 100644
4354 +--- a/arch/sparc/power/hibernate_asm.S
4355 ++++ b/arch/sparc/power/hibernate_asm.S
4356 +@@ -54,8 +54,8 @@ ENTRY(swsusp_arch_resume)
4357 + nop
4358 +
4359 + /* Write PAGE_OFFSET to %g7 */
4360 +- sethi %uhi(PAGE_OFFSET), %g7
4361 +- sllx %g7, 32, %g7
4362 ++ sethi %hi(PAGE_OFFSET), %g7
4363 ++ ldx [%g7 + %lo(PAGE_OFFSET)], %g7
4364 +
4365 + setuw (PAGE_SIZE-8), %g3
4366 +
4367 +diff --git a/arch/sparc/prom/bootstr_64.c b/arch/sparc/prom/bootstr_64.c
4368 +index ab9ccc63b388..7149e77714a4 100644
4369 +--- a/arch/sparc/prom/bootstr_64.c
4370 ++++ b/arch/sparc/prom/bootstr_64.c
4371 +@@ -14,7 +14,10 @@
4372 + * the .bss section or it will break things.
4373 + */
4374 +
4375 +-#define BARG_LEN 256
4376 ++/* We limit BARG_LEN to 1024 because this is the size of the
4377 ++ * 'barg_out' command line buffer in the SILO bootloader.
4378 ++ */
4379 ++#define BARG_LEN 1024
4380 + struct {
4381 + int bootstr_len;
4382 + int bootstr_valid;
4383 +diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
4384 +index 9c86b4b7d429..8050f381f518 100644
4385 +--- a/arch/sparc/prom/cif.S
4386 ++++ b/arch/sparc/prom/cif.S
4387 +@@ -11,11 +11,10 @@
4388 + .text
4389 + .globl prom_cif_direct
4390 + prom_cif_direct:
4391 ++ save %sp, -192, %sp
4392 + sethi %hi(p1275buf), %o1
4393 + or %o1, %lo(p1275buf), %o1
4394 +- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
4395 +- save %o2, -192, %sp
4396 +- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
4397 ++ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
4398 + mov %g4, %l0
4399 + mov %g5, %l1
4400 + mov %g6, %l3
4401 +diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
4402 +index d95db755828f..110b0d78b864 100644
4403 +--- a/arch/sparc/prom/init_64.c
4404 ++++ b/arch/sparc/prom/init_64.c
4405 +@@ -26,13 +26,13 @@ phandle prom_chosen_node;
4406 + * It gets passed the pointer to the PROM vector.
4407 + */
4408 +
4409 +-extern void prom_cif_init(void *, void *);
4410 ++extern void prom_cif_init(void *);
4411 +
4412 +-void __init prom_init(void *cif_handler, void *cif_stack)
4413 ++void __init prom_init(void *cif_handler)
4414 + {
4415 + phandle node;
4416 +
4417 +- prom_cif_init(cif_handler, cif_stack);
4418 ++ prom_cif_init(cif_handler);
4419 +
4420 + prom_chosen_node = prom_finddevice(prom_chosen_path);
4421 + if (!prom_chosen_node || (s32)prom_chosen_node == -1)
4422 +diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
4423 +index e58b81726319..545d8bb79b65 100644
4424 +--- a/arch/sparc/prom/p1275.c
4425 ++++ b/arch/sparc/prom/p1275.c
4426 +@@ -9,6 +9,7 @@
4427 + #include <linux/smp.h>
4428 + #include <linux/string.h>
4429 + #include <linux/spinlock.h>
4430 ++#include <linux/irqflags.h>
4431 +
4432 + #include <asm/openprom.h>
4433 + #include <asm/oplib.h>
4434 +@@ -19,7 +20,6 @@
4435 + struct {
4436 + long prom_callback; /* 0x00 */
4437 + void (*prom_cif_handler)(long *); /* 0x08 */
4438 +- unsigned long prom_cif_stack; /* 0x10 */
4439 + } p1275buf;
4440 +
4441 + extern void prom_world(int);
4442 +@@ -36,8 +36,8 @@ void p1275_cmd_direct(unsigned long *args)
4443 + {
4444 + unsigned long flags;
4445 +
4446 +- raw_local_save_flags(flags);
4447 +- raw_local_irq_restore((unsigned long)PIL_NMI);
4448 ++ local_save_flags(flags);
4449 ++ local_irq_restore((unsigned long)PIL_NMI);
4450 + raw_spin_lock(&prom_entry_lock);
4451 +
4452 + prom_world(1);
4453 +@@ -45,11 +45,10 @@ void p1275_cmd_direct(unsigned long *args)
4454 + prom_world(0);
4455 +
4456 + raw_spin_unlock(&prom_entry_lock);
4457 +- raw_local_irq_restore(flags);
4458 ++ local_irq_restore(flags);
4459 + }
4460 +
4461 + void prom_cif_init(void *cif_handler, void *cif_stack)
4462 + {
4463 + p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
4464 +- p1275buf.prom_cif_stack = (unsigned long)cif_stack;
4465 + }
4466 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
4467 +index 9f83c171ac18..db1ce1e90a5b 100644
4468 +--- a/arch/x86/include/asm/kvm_host.h
4469 ++++ b/arch/x86/include/asm/kvm_host.h
4470 +@@ -479,6 +479,7 @@ struct kvm_vcpu_arch {
4471 + u64 mmio_gva;
4472 + unsigned access;
4473 + gfn_t mmio_gfn;
4474 ++ u64 mmio_gen;
4475 +
4476 + struct kvm_pmu pmu;
4477 +
4478 +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
4479 +index f9e4fdd3b877..21337cd58b6b 100644
4480 +--- a/arch/x86/kernel/cpu/intel.c
4481 ++++ b/arch/x86/kernel/cpu/intel.c
4482 +@@ -144,6 +144,21 @@ static void early_init_intel(struct cpuinfo_x86 *c)
4483 + setup_clear_cpu_cap(X86_FEATURE_ERMS);
4484 + }
4485 + }
4486 ++
4487 ++ /*
4488 ++ * Intel Quark Core DevMan_001.pdf section 6.4.11
4489 ++ * "The operating system also is required to invalidate (i.e., flush)
4490 ++ * the TLB when any changes are made to any of the page table entries.
4491 ++ * The operating system must reload CR3 to cause the TLB to be flushed"
4492 ++ *
4493 ++ * As a result cpu_has_pge() in arch/x86/include/asm/tlbflush.h should
4494 ++ * be false so that __flush_tlb_all() causes CR3 insted of CR4.PGE
4495 ++ * to be modified
4496 ++ */
4497 ++ if (c->x86 == 5 && c->x86_model == 9) {
4498 ++ pr_info("Disabling PGE capability bit\n");
4499 ++ setup_clear_cpu_cap(X86_FEATURE_PGE);
4500 ++ }
4501 + }
4502 +
4503 + #ifdef CONFIG_X86_32
4504 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
4505 +index 931467881da7..1cd2a5fbde07 100644
4506 +--- a/arch/x86/kvm/mmu.c
4507 ++++ b/arch/x86/kvm/mmu.c
4508 +@@ -199,16 +199,20 @@ void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask)
4509 + EXPORT_SYMBOL_GPL(kvm_mmu_set_mmio_spte_mask);
4510 +
4511 + /*
4512 +- * spte bits of bit 3 ~ bit 11 are used as low 9 bits of generation number,
4513 +- * the bits of bits 52 ~ bit 61 are used as high 10 bits of generation
4514 +- * number.
4515 ++ * the low bit of the generation number is always presumed to be zero.
4516 ++ * This disables mmio caching during memslot updates. The concept is
4517 ++ * similar to a seqcount but instead of retrying the access we just punt
4518 ++ * and ignore the cache.
4519 ++ *
4520 ++ * spte bits 3-11 are used as bits 1-9 of the generation number,
4521 ++ * the bits 52-61 are used as bits 10-19 of the generation number.
4522 + */
4523 +-#define MMIO_SPTE_GEN_LOW_SHIFT 3
4524 ++#define MMIO_SPTE_GEN_LOW_SHIFT 2
4525 + #define MMIO_SPTE_GEN_HIGH_SHIFT 52
4526 +
4527 +-#define MMIO_GEN_SHIFT 19
4528 +-#define MMIO_GEN_LOW_SHIFT 9
4529 +-#define MMIO_GEN_LOW_MASK ((1 << MMIO_GEN_LOW_SHIFT) - 1)
4530 ++#define MMIO_GEN_SHIFT 20
4531 ++#define MMIO_GEN_LOW_SHIFT 10
4532 ++#define MMIO_GEN_LOW_MASK ((1 << MMIO_GEN_LOW_SHIFT) - 2)
4533 + #define MMIO_GEN_MASK ((1 << MMIO_GEN_SHIFT) - 1)
4534 + #define MMIO_MAX_GEN ((1 << MMIO_GEN_SHIFT) - 1)
4535 +
4536 +@@ -236,12 +240,7 @@ static unsigned int get_mmio_spte_generation(u64 spte)
4537 +
4538 + static unsigned int kvm_current_mmio_generation(struct kvm *kvm)
4539 + {
4540 +- /*
4541 +- * Init kvm generation close to MMIO_MAX_GEN to easily test the
4542 +- * code of handling generation number wrap-around.
4543 +- */
4544 +- return (kvm_memslots(kvm)->generation +
4545 +- MMIO_MAX_GEN - 150) & MMIO_GEN_MASK;
4546 ++ return kvm_memslots(kvm)->generation & MMIO_GEN_MASK;
4547 + }
4548 +
4549 + static void mark_mmio_spte(struct kvm *kvm, u64 *sptep, u64 gfn,
4550 +@@ -3163,7 +3162,7 @@ static void mmu_sync_roots(struct kvm_vcpu *vcpu)
4551 + if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
4552 + return;
4553 +
4554 +- vcpu_clear_mmio_info(vcpu, ~0ul);
4555 ++ vcpu_clear_mmio_info(vcpu, MMIO_GVA_ANY);
4556 + kvm_mmu_audit(vcpu, AUDIT_PRE_SYNC);
4557 + if (vcpu->arch.mmu.root_level == PT64_ROOT_LEVEL) {
4558 + hpa_t root = vcpu->arch.mmu.root_hpa;
4559 +@@ -4433,7 +4432,7 @@ void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm)
4560 + * The very rare case: if the generation-number is round,
4561 + * zap all shadow pages.
4562 + */
4563 +- if (unlikely(kvm_current_mmio_generation(kvm) >= MMIO_MAX_GEN)) {
4564 ++ if (unlikely(kvm_current_mmio_generation(kvm) == 0)) {
4565 + printk_ratelimited(KERN_INFO "kvm: zapping shadow pages for mmio generation wraparound\n");
4566 + kvm_mmu_invalidate_zap_all_pages(kvm);
4567 + }
4568 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
4569 +index 801332edefc3..6c437ed00dcf 100644
4570 +--- a/arch/x86/kvm/vmx.c
4571 ++++ b/arch/x86/kvm/vmx.c
4572 +@@ -450,6 +450,7 @@ struct vcpu_vmx {
4573 + int gs_ldt_reload_needed;
4574 + int fs_reload_needed;
4575 + u64 msr_host_bndcfgs;
4576 ++ unsigned long vmcs_host_cr4; /* May not match real cr4 */
4577 + } host_state;
4578 + struct {
4579 + int vm86_active;
4580 +@@ -4218,11 +4219,16 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
4581 + u32 low32, high32;
4582 + unsigned long tmpl;
4583 + struct desc_ptr dt;
4584 ++ unsigned long cr4;
4585 +
4586 + vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
4587 +- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
4588 + vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
4589 +
4590 ++ /* Save the most likely value for this task's CR4 in the VMCS. */
4591 ++ cr4 = read_cr4();
4592 ++ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */
4593 ++ vmx->host_state.vmcs_host_cr4 = cr4;
4594 ++
4595 + vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
4596 + #ifdef CONFIG_X86_64
4597 + /*
4598 +@@ -7336,7 +7342,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
4599 + static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
4600 + {
4601 + struct vcpu_vmx *vmx = to_vmx(vcpu);
4602 +- unsigned long debugctlmsr;
4603 ++ unsigned long debugctlmsr, cr4;
4604 +
4605 + /* Record the guest's net vcpu time for enforced NMI injections. */
4606 + if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
4607 +@@ -7357,6 +7363,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
4608 + if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
4609 + vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
4610 +
4611 ++ cr4 = read_cr4();
4612 ++ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) {
4613 ++ vmcs_writel(HOST_CR4, cr4);
4614 ++ vmx->host_state.vmcs_host_cr4 = cr4;
4615 ++ }
4616 ++
4617 + /* When single-stepping over STI and MOV SS, we must clear the
4618 + * corresponding interruptibility bits in the guest state. Otherwise
4619 + * vmentry fails as it then expects bit 14 (BS) in pending debug
4620 +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
4621 +index 8c97bac9a895..b0b17e6f0431 100644
4622 +--- a/arch/x86/kvm/x86.h
4623 ++++ b/arch/x86/kvm/x86.h
4624 +@@ -78,15 +78,23 @@ static inline void vcpu_cache_mmio_info(struct kvm_vcpu *vcpu,
4625 + vcpu->arch.mmio_gva = gva & PAGE_MASK;
4626 + vcpu->arch.access = access;
4627 + vcpu->arch.mmio_gfn = gfn;
4628 ++ vcpu->arch.mmio_gen = kvm_memslots(vcpu->kvm)->generation;
4629 ++}
4630 ++
4631 ++static inline bool vcpu_match_mmio_gen(struct kvm_vcpu *vcpu)
4632 ++{
4633 ++ return vcpu->arch.mmio_gen == kvm_memslots(vcpu->kvm)->generation;
4634 + }
4635 +
4636 + /*
4637 +- * Clear the mmio cache info for the given gva,
4638 +- * specially, if gva is ~0ul, we clear all mmio cache info.
4639 ++ * Clear the mmio cache info for the given gva. If gva is MMIO_GVA_ANY, we
4640 ++ * clear all mmio cache info.
4641 + */
4642 ++#define MMIO_GVA_ANY (~(gva_t)0)
4643 ++
4644 + static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
4645 + {
4646 +- if (gva != (~0ul) && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
4647 ++ if (gva != MMIO_GVA_ANY && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
4648 + return;
4649 +
4650 + vcpu->arch.mmio_gva = 0;
4651 +@@ -94,7 +102,8 @@ static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
4652 +
4653 + static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
4654 + {
4655 +- if (vcpu->arch.mmio_gva && vcpu->arch.mmio_gva == (gva & PAGE_MASK))
4656 ++ if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gva &&
4657 ++ vcpu->arch.mmio_gva == (gva & PAGE_MASK))
4658 + return true;
4659 +
4660 + return false;
4661 +@@ -102,7 +111,8 @@ static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
4662 +
4663 + static inline bool vcpu_match_mmio_gpa(struct kvm_vcpu *vcpu, gpa_t gpa)
4664 + {
4665 +- if (vcpu->arch.mmio_gfn && vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
4666 ++ if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gfn &&
4667 ++ vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
4668 + return true;
4669 +
4670 + return false;
4671 +diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
4672 +index 3c562f5a60bb..e1bce26cd4f9 100644
4673 +--- a/crypto/async_tx/async_xor.c
4674 ++++ b/crypto/async_tx/async_xor.c
4675 +@@ -78,8 +78,6 @@ do_async_xor(struct dma_chan *chan, struct dmaengine_unmap_data *unmap,
4676 + tx = dma->device_prep_dma_xor(chan, dma_dest, src_list,
4677 + xor_src_cnt, unmap->len,
4678 + dma_flags);
4679 +- src_list[0] = tmp;
4680 +-
4681 +
4682 + if (unlikely(!tx))
4683 + async_tx_quiesce(&submit->depend_tx);
4684 +@@ -92,6 +90,7 @@ do_async_xor(struct dma_chan *chan, struct dmaengine_unmap_data *unmap,
4685 + xor_src_cnt, unmap->len,
4686 + dma_flags);
4687 + }
4688 ++ src_list[0] = tmp;
4689 +
4690 + dma_set_unmap(tx, unmap);
4691 + async_tx_submit(chan, tx, submit);
4692 +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
4693 +index d276e33880be..2a1d1ae5c11d 100644
4694 +--- a/drivers/base/firmware_class.c
4695 ++++ b/drivers/base/firmware_class.c
4696 +@@ -1086,6 +1086,9 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
4697 + if (!firmware_p)
4698 + return -EINVAL;
4699 +
4700 ++ if (!name || name[0] == '\0')
4701 ++ return -EINVAL;
4702 ++
4703 + ret = _request_firmware_prepare(&fw, name, device);
4704 + if (ret <= 0) /* error or already assigned */
4705 + goto out;
4706 +diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
4707 +index 65ea7b256b3e..a3530dadb163 100644
4708 +--- a/drivers/base/regmap/regmap-debugfs.c
4709 ++++ b/drivers/base/regmap/regmap-debugfs.c
4710 +@@ -473,6 +473,7 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
4711 + {
4712 + struct rb_node *next;
4713 + struct regmap_range_node *range_node;
4714 ++ const char *devname = "dummy";
4715 +
4716 + /* If we don't have the debugfs root yet, postpone init */
4717 + if (!regmap_debugfs_root) {
4718 +@@ -491,12 +492,15 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
4719 + INIT_LIST_HEAD(&map->debugfs_off_cache);
4720 + mutex_init(&map->cache_lock);
4721 +
4722 ++ if (map->dev)
4723 ++ devname = dev_name(map->dev);
4724 ++
4725 + if (name) {
4726 + map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
4727 +- dev_name(map->dev), name);
4728 ++ devname, name);
4729 + name = map->debugfs_name;
4730 + } else {
4731 +- name = dev_name(map->dev);
4732 ++ name = devname;
4733 + }
4734 +
4735 + map->debugfs = debugfs_create_dir(name, regmap_debugfs_root);
4736 +diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
4737 +index 283644e5d31f..8cda01590ed2 100644
4738 +--- a/drivers/base/regmap/regmap.c
4739 ++++ b/drivers/base/regmap/regmap.c
4740 +@@ -1395,7 +1395,7 @@ int _regmap_write(struct regmap *map, unsigned int reg,
4741 + }
4742 +
4743 + #ifdef LOG_DEVICE
4744 +- if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4745 ++ if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4746 + dev_info(map->dev, "%x <= %x\n", reg, val);
4747 + #endif
4748 +
4749 +@@ -1646,6 +1646,9 @@ out:
4750 + } else {
4751 + void *wval;
4752 +
4753 ++ if (!val_count)
4754 ++ return -EINVAL;
4755 ++
4756 + wval = kmemdup(val, val_count * val_bytes, GFP_KERNEL);
4757 + if (!wval) {
4758 + dev_err(map->dev, "Error in memory allocation\n");
4759 +@@ -2045,7 +2048,7 @@ static int _regmap_read(struct regmap *map, unsigned int reg,
4760 + ret = map->reg_read(context, reg, val);
4761 + if (ret == 0) {
4762 + #ifdef LOG_DEVICE
4763 +- if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4764 ++ if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4765 + dev_info(map->dev, "%x => %x\n", reg, *val);
4766 + #endif
4767 +
4768 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
4769 +index 6250fc2fb93a..0489a946e68d 100644
4770 +--- a/drivers/bluetooth/btusb.c
4771 ++++ b/drivers/bluetooth/btusb.c
4772 +@@ -317,6 +317,9 @@ static void btusb_intr_complete(struct urb *urb)
4773 + BT_ERR("%s corrupted event packet", hdev->name);
4774 + hdev->stat.err_rx++;
4775 + }
4776 ++ } else if (urb->status == -ENOENT) {
4777 ++ /* Avoid suspend failed when usb_kill_urb */
4778 ++ return;
4779 + }
4780 +
4781 + if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
4782 +@@ -405,6 +408,9 @@ static void btusb_bulk_complete(struct urb *urb)
4783 + BT_ERR("%s corrupted ACL packet", hdev->name);
4784 + hdev->stat.err_rx++;
4785 + }
4786 ++ } else if (urb->status == -ENOENT) {
4787 ++ /* Avoid suspend failed when usb_kill_urb */
4788 ++ return;
4789 + }
4790 +
4791 + if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
4792 +@@ -499,6 +505,9 @@ static void btusb_isoc_complete(struct urb *urb)
4793 + hdev->stat.err_rx++;
4794 + }
4795 + }
4796 ++ } else if (urb->status == -ENOENT) {
4797 ++ /* Avoid suspend failed when usb_kill_urb */
4798 ++ return;
4799 + }
4800 +
4801 + if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
4802 +diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
4803 +index fede8ca7147c..5d9148f8a506 100644
4804 +--- a/drivers/bluetooth/hci_h5.c
4805 ++++ b/drivers/bluetooth/hci_h5.c
4806 +@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
4807 + break;
4808 +
4809 + to_remove--;
4810 +- seq = (seq - 1) % 8;
4811 ++ seq = (seq - 1) & 0x07;
4812 + }
4813 +
4814 + if (seq != h5->rx_ack)
4815 +diff --git a/drivers/edac/mpc85xx_edac.c b/drivers/edac/mpc85xx_edac.c
4816 +index f4aec2e6ef56..7d3742edbaa2 100644
4817 +--- a/drivers/edac/mpc85xx_edac.c
4818 ++++ b/drivers/edac/mpc85xx_edac.c
4819 +@@ -633,7 +633,7 @@ static int mpc85xx_l2_err_probe(struct platform_device *op)
4820 + if (edac_op_state == EDAC_OPSTATE_INT) {
4821 + pdata->irq = irq_of_parse_and_map(op->dev.of_node, 0);
4822 + res = devm_request_irq(&op->dev, pdata->irq,
4823 +- mpc85xx_l2_isr, 0,
4824 ++ mpc85xx_l2_isr, IRQF_SHARED,
4825 + "[EDAC] L2 err", edac_dev);
4826 + if (res < 0) {
4827 + printk(KERN_ERR
4828 +diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
4829 +index 578bbe65902b..54966ca9e503 100644
4830 +--- a/drivers/hid/hid-rmi.c
4831 ++++ b/drivers/hid/hid-rmi.c
4832 +@@ -320,10 +320,7 @@ static int rmi_f11_input_event(struct hid_device *hdev, u8 irq, u8 *data,
4833 + int offset;
4834 + int i;
4835 +
4836 +- if (size < hdata->f11.report_size)
4837 +- return 0;
4838 +-
4839 +- if (!(irq & hdata->f11.irq_mask))
4840 ++ if (!(irq & hdata->f11.irq_mask) || size <= 0)
4841 + return 0;
4842 +
4843 + offset = (hdata->max_fingers >> 2) + 1;
4844 +@@ -332,9 +329,19 @@ static int rmi_f11_input_event(struct hid_device *hdev, u8 irq, u8 *data,
4845 + int fs_bit_position = (i & 0x3) << 1;
4846 + int finger_state = (data[fs_byte_position] >> fs_bit_position) &
4847 + 0x03;
4848 ++ int position = offset + 5 * i;
4849 ++
4850 ++ if (position + 5 > size) {
4851 ++ /* partial report, go on with what we received */
4852 ++ printk_once(KERN_WARNING
4853 ++ "%s %s: Detected incomplete finger report. Finger reports may occasionally get dropped on this platform.\n",
4854 ++ dev_driver_string(&hdev->dev),
4855 ++ dev_name(&hdev->dev));
4856 ++ hid_dbg(hdev, "Incomplete finger report\n");
4857 ++ break;
4858 ++ }
4859 +
4860 +- rmi_f11_process_touch(hdata, i, finger_state,
4861 +- &data[offset + 5 * i]);
4862 ++ rmi_f11_process_touch(hdata, i, finger_state, &data[position]);
4863 + }
4864 + input_mt_sync_frame(hdata->input);
4865 + input_sync(hdata->input);
4866 +@@ -352,6 +359,11 @@ static int rmi_f30_input_event(struct hid_device *hdev, u8 irq, u8 *data,
4867 + if (!(irq & hdata->f30.irq_mask))
4868 + return 0;
4869 +
4870 ++ if (size < (int)hdata->f30.report_size) {
4871 ++ hid_warn(hdev, "Click Button pressed, but the click data is missing\n");
4872 ++ return 0;
4873 ++ }
4874 ++
4875 + for (i = 0; i < hdata->gpio_led_count; i++) {
4876 + if (test_bit(i, &hdata->button_mask)) {
4877 + value = (data[i / 8] >> (i & 0x07)) & BIT(0);
4878 +@@ -412,9 +424,29 @@ static int rmi_read_data_event(struct hid_device *hdev, u8 *data, int size)
4879 + return 1;
4880 + }
4881 +
4882 ++static int rmi_check_sanity(struct hid_device *hdev, u8 *data, int size)
4883 ++{
4884 ++ int valid_size = size;
4885 ++ /*
4886 ++ * On the Dell XPS 13 9333, the bus sometimes get confused and fills
4887 ++ * the report with a sentinel value "ff". Synaptics told us that such
4888 ++ * behavior does not comes from the touchpad itself, so we filter out
4889 ++ * such reports here.
4890 ++ */
4891 ++
4892 ++ while ((data[valid_size - 1] == 0xff) && valid_size > 0)
4893 ++ valid_size--;
4894 ++
4895 ++ return valid_size;
4896 ++}
4897 ++
4898 + static int rmi_raw_event(struct hid_device *hdev,
4899 + struct hid_report *report, u8 *data, int size)
4900 + {
4901 ++ size = rmi_check_sanity(hdev, data, size);
4902 ++ if (size < 2)
4903 ++ return 0;
4904 ++
4905 + switch (data[0]) {
4906 + case RMI_READ_DATA_REPORT_ID:
4907 + return rmi_read_data_event(hdev, data, size);
4908 +diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
4909 +index 284cf66489f4..bec55ed2917a 100644
4910 +--- a/drivers/hv/channel.c
4911 ++++ b/drivers/hv/channel.c
4912 +@@ -165,8 +165,10 @@ int vmbus_open(struct vmbus_channel *newchannel, u32 send_ringbuffer_size,
4913 + ret = vmbus_post_msg(open_msg,
4914 + sizeof(struct vmbus_channel_open_channel));
4915 +
4916 +- if (ret != 0)
4917 ++ if (ret != 0) {
4918 ++ err = ret;
4919 + goto error1;
4920 ++ }
4921 +
4922 + t = wait_for_completion_timeout(&open_info->waitevent, 5*HZ);
4923 + if (t == 0) {
4924 +@@ -363,7 +365,6 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
4925 + u32 next_gpadl_handle;
4926 + unsigned long flags;
4927 + int ret = 0;
4928 +- int t;
4929 +
4930 + next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
4931 + atomic_inc(&vmbus_connection.next_gpadl_handle);
4932 +@@ -410,9 +411,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
4933 +
4934 + }
4935 + }
4936 +- t = wait_for_completion_timeout(&msginfo->waitevent, 5*HZ);
4937 +- BUG_ON(t == 0);
4938 +-
4939 ++ wait_for_completion(&msginfo->waitevent);
4940 +
4941 + /* At this point, we received the gpadl created msg */
4942 + *gpadl_handle = gpadlmsg->gpadl;
4943 +@@ -435,7 +434,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4944 + struct vmbus_channel_gpadl_teardown *msg;
4945 + struct vmbus_channel_msginfo *info;
4946 + unsigned long flags;
4947 +- int ret, t;
4948 ++ int ret;
4949 +
4950 + info = kmalloc(sizeof(*info) +
4951 + sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL);
4952 +@@ -457,11 +456,12 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4953 + ret = vmbus_post_msg(msg,
4954 + sizeof(struct vmbus_channel_gpadl_teardown));
4955 +
4956 +- BUG_ON(ret != 0);
4957 +- t = wait_for_completion_timeout(&info->waitevent, 5*HZ);
4958 +- BUG_ON(t == 0);
4959 ++ if (ret)
4960 ++ goto post_msg_err;
4961 ++
4962 ++ wait_for_completion(&info->waitevent);
4963 +
4964 +- /* Received a torndown response */
4965 ++post_msg_err:
4966 + spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
4967 + list_del(&info->msglistentry);
4968 + spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
4969 +@@ -478,7 +478,7 @@ static void reset_channel_cb(void *arg)
4970 + channel->onchannel_callback = NULL;
4971 + }
4972 +
4973 +-static void vmbus_close_internal(struct vmbus_channel *channel)
4974 ++static int vmbus_close_internal(struct vmbus_channel *channel)
4975 + {
4976 + struct vmbus_channel_close_channel *msg;
4977 + int ret;
4978 +@@ -501,11 +501,28 @@ static void vmbus_close_internal(struct vmbus_channel *channel)
4979 +
4980 + ret = vmbus_post_msg(msg, sizeof(struct vmbus_channel_close_channel));
4981 +
4982 +- BUG_ON(ret != 0);
4983 ++ if (ret) {
4984 ++ pr_err("Close failed: close post msg return is %d\n", ret);
4985 ++ /*
4986 ++ * If we failed to post the close msg,
4987 ++ * it is perhaps better to leak memory.
4988 ++ */
4989 ++ return ret;
4990 ++ }
4991 ++
4992 + /* Tear down the gpadl for the channel's ring buffer */
4993 +- if (channel->ringbuffer_gpadlhandle)
4994 +- vmbus_teardown_gpadl(channel,
4995 +- channel->ringbuffer_gpadlhandle);
4996 ++ if (channel->ringbuffer_gpadlhandle) {
4997 ++ ret = vmbus_teardown_gpadl(channel,
4998 ++ channel->ringbuffer_gpadlhandle);
4999 ++ if (ret) {
5000 ++ pr_err("Close failed: teardown gpadl return %d\n", ret);
5001 ++ /*
5002 ++ * If we failed to teardown gpadl,
5003 ++ * it is perhaps better to leak memory.
5004 ++ */
5005 ++ return ret;
5006 ++ }
5007 ++ }
5008 +
5009 + /* Cleanup the ring buffers for this channel */
5010 + hv_ringbuffer_cleanup(&channel->outbound);
5011 +@@ -514,7 +531,7 @@ static void vmbus_close_internal(struct vmbus_channel *channel)
5012 + free_pages((unsigned long)channel->ringbuffer_pages,
5013 + get_order(channel->ringbuffer_pagecount * PAGE_SIZE));
5014 +
5015 +-
5016 ++ return ret;
5017 + }
5018 +
5019 + /*
5020 +diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
5021 +index ae22e3c1fc4c..e206619b946e 100644
5022 +--- a/drivers/hv/connection.c
5023 ++++ b/drivers/hv/connection.c
5024 +@@ -427,10 +427,21 @@ int vmbus_post_msg(void *buffer, size_t buflen)
5025 + * insufficient resources. Retry the operation a couple of
5026 + * times before giving up.
5027 + */
5028 +- while (retries < 3) {
5029 +- ret = hv_post_message(conn_id, 1, buffer, buflen);
5030 +- if (ret != HV_STATUS_INSUFFICIENT_BUFFERS)
5031 ++ while (retries < 10) {
5032 ++ ret = hv_post_message(conn_id, 1, buffer, buflen);
5033 ++
5034 ++ switch (ret) {
5035 ++ case HV_STATUS_INSUFFICIENT_BUFFERS:
5036 ++ ret = -ENOMEM;
5037 ++ case -ENOMEM:
5038 ++ break;
5039 ++ case HV_STATUS_SUCCESS:
5040 + return ret;
5041 ++ default:
5042 ++ pr_err("hv_post_msg() failed; error code:%d\n", ret);
5043 ++ return -EINVAL;
5044 ++ }
5045 ++
5046 + retries++;
5047 + msleep(100);
5048 + }
5049 +diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
5050 +index edfc8488cb03..3e4235c7a47f 100644
5051 +--- a/drivers/hv/hv.c
5052 ++++ b/drivers/hv/hv.c
5053 +@@ -138,6 +138,8 @@ int hv_init(void)
5054 + memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
5055 + memset(hv_context.synic_message_page, 0,
5056 + sizeof(void *) * NR_CPUS);
5057 ++ memset(hv_context.post_msg_page, 0,
5058 ++ sizeof(void *) * NR_CPUS);
5059 + memset(hv_context.vp_index, 0,
5060 + sizeof(int) * NR_CPUS);
5061 + memset(hv_context.event_dpc, 0,
5062 +@@ -217,26 +219,18 @@ int hv_post_message(union hv_connection_id connection_id,
5063 + enum hv_message_type message_type,
5064 + void *payload, size_t payload_size)
5065 + {
5066 +- struct aligned_input {
5067 +- u64 alignment8;
5068 +- struct hv_input_post_message msg;
5069 +- };
5070 +
5071 + struct hv_input_post_message *aligned_msg;
5072 + u16 status;
5073 +- unsigned long addr;
5074 +
5075 + if (payload_size > HV_MESSAGE_PAYLOAD_BYTE_COUNT)
5076 + return -EMSGSIZE;
5077 +
5078 +- addr = (unsigned long)kmalloc(sizeof(struct aligned_input), GFP_ATOMIC);
5079 +- if (!addr)
5080 +- return -ENOMEM;
5081 +-
5082 + aligned_msg = (struct hv_input_post_message *)
5083 +- (ALIGN(addr, HV_HYPERCALL_PARAM_ALIGN));
5084 ++ hv_context.post_msg_page[get_cpu()];
5085 +
5086 + aligned_msg->connectionid = connection_id;
5087 ++ aligned_msg->reserved = 0;
5088 + aligned_msg->message_type = message_type;
5089 + aligned_msg->payload_size = payload_size;
5090 + memcpy((void *)aligned_msg->payload, payload, payload_size);
5091 +@@ -244,8 +238,7 @@ int hv_post_message(union hv_connection_id connection_id,
5092 + status = do_hypercall(HVCALL_POST_MESSAGE, aligned_msg, NULL)
5093 + & 0xFFFF;
5094 +
5095 +- kfree((void *)addr);
5096 +-
5097 ++ put_cpu();
5098 + return status;
5099 + }
5100 +
5101 +@@ -294,6 +287,14 @@ int hv_synic_alloc(void)
5102 + pr_err("Unable to allocate SYNIC event page\n");
5103 + goto err;
5104 + }
5105 ++
5106 ++ hv_context.post_msg_page[cpu] =
5107 ++ (void *)get_zeroed_page(GFP_ATOMIC);
5108 ++
5109 ++ if (hv_context.post_msg_page[cpu] == NULL) {
5110 ++ pr_err("Unable to allocate post msg page\n");
5111 ++ goto err;
5112 ++ }
5113 + }
5114 +
5115 + return 0;
5116 +@@ -308,6 +309,8 @@ static void hv_synic_free_cpu(int cpu)
5117 + free_page((unsigned long)hv_context.synic_event_page[cpu]);
5118 + if (hv_context.synic_message_page[cpu])
5119 + free_page((unsigned long)hv_context.synic_message_page[cpu]);
5120 ++ if (hv_context.post_msg_page[cpu])
5121 ++ free_page((unsigned long)hv_context.post_msg_page[cpu]);
5122 + }
5123 +
5124 + void hv_synic_free(void)
5125 +diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
5126 +index 22b750749a39..c386d8dc7223 100644
5127 +--- a/drivers/hv/hyperv_vmbus.h
5128 ++++ b/drivers/hv/hyperv_vmbus.h
5129 +@@ -515,6 +515,10 @@ struct hv_context {
5130 + * per-cpu list of the channels based on their CPU affinity.
5131 + */
5132 + struct list_head percpu_list[NR_CPUS];
5133 ++ /*
5134 ++ * buffer to post messages to the host.
5135 ++ */
5136 ++ void *post_msg_page[NR_CPUS];
5137 + };
5138 +
5139 + extern struct hv_context hv_context;
5140 +diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c
5141 +index 49d11338294b..2fb90e2825c3 100644
5142 +--- a/drivers/message/fusion/mptspi.c
5143 ++++ b/drivers/message/fusion/mptspi.c
5144 +@@ -1420,6 +1420,11 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id)
5145 + goto out_mptspi_probe;
5146 + }
5147 +
5148 ++ /* VMWare emulation doesn't properly implement WRITE_SAME
5149 ++ */
5150 ++ if (pdev->subsystem_vendor == 0x15AD)
5151 ++ sh->no_write_same = 1;
5152 ++
5153 + spin_lock_irqsave(&ioc->FreeQlock, flags);
5154 +
5155 + /* Attach the SCSI Host to the IOC structure
5156 +diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
5157 +index 0e993ef28b94..8fd9466266b6 100644
5158 +--- a/drivers/misc/mei/bus.c
5159 ++++ b/drivers/misc/mei/bus.c
5160 +@@ -70,7 +70,7 @@ static int mei_cl_device_probe(struct device *dev)
5161 +
5162 + dev_dbg(dev, "Device probe\n");
5163 +
5164 +- strncpy(id.name, dev_name(dev), sizeof(id.name));
5165 ++ strlcpy(id.name, dev_name(dev), sizeof(id.name));
5166 +
5167 + return driver->probe(device, &id);
5168 + }
5169 +diff --git a/drivers/net/wireless/ath/ath9k/ar5008_phy.c b/drivers/net/wireless/ath/ath9k/ar5008_phy.c
5170 +index 00fb8badbacc..3b3e91057a4c 100644
5171 +--- a/drivers/net/wireless/ath/ath9k/ar5008_phy.c
5172 ++++ b/drivers/net/wireless/ath/ath9k/ar5008_phy.c
5173 +@@ -1004,9 +1004,11 @@ static bool ar5008_hw_ani_control_new(struct ath_hw *ah,
5174 + case ATH9K_ANI_FIRSTEP_LEVEL:{
5175 + u32 level = param;
5176 +
5177 +- value = level;
5178 ++ value = level * 2;
5179 + REG_RMW_FIELD(ah, AR_PHY_FIND_SIG,
5180 + AR_PHY_FIND_SIG_FIRSTEP, value);
5181 ++ REG_RMW_FIELD(ah, AR_PHY_FIND_SIG_LOW,
5182 ++ AR_PHY_FIND_SIG_FIRSTEP_LOW, value);
5183 +
5184 + if (level != aniState->firstepLevel) {
5185 + ath_dbg(common, ANI,
5186 +diff --git a/drivers/net/wireless/iwlwifi/mvm/constants.h b/drivers/net/wireless/iwlwifi/mvm/constants.h
5187 +index 51685693af2e..cb4c06cead2d 100644
5188 +--- a/drivers/net/wireless/iwlwifi/mvm/constants.h
5189 ++++ b/drivers/net/wireless/iwlwifi/mvm/constants.h
5190 +@@ -80,7 +80,7 @@
5191 + #define IWL_MVM_WOWLAN_PS_SNOOZE_WINDOW 25
5192 + #define IWL_MVM_LOWLAT_QUOTA_MIN_PERCENT 64
5193 + #define IWL_MVM_BT_COEX_SYNC2SCO 1
5194 +-#define IWL_MVM_BT_COEX_CORUNNING 1
5195 ++#define IWL_MVM_BT_COEX_CORUNNING 0
5196 + #define IWL_MVM_BT_COEX_MPLUT 1
5197 +
5198 + #endif /* __MVM_CONSTANTS_H */
5199 +diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
5200 +index 98950e45c7b0..78eaa4875bd7 100644
5201 +--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
5202 ++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
5203 +@@ -273,6 +273,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
5204 + {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)},
5205 + {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)},
5206 + {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)},
5207 ++ {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)},
5208 ++ {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)},
5209 + {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)},
5210 + {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)},
5211 + {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)},
5212 +@@ -316,6 +318,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
5213 + {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)},
5214 + {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)},
5215 + {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)},
5216 ++ {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)},
5217 ++ {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)},
5218 + {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)},
5219 + {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)},
5220 + {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)},
5221 +diff --git a/drivers/net/wireless/rt2x00/rt2800.h b/drivers/net/wireless/rt2x00/rt2800.h
5222 +index a394a9a95919..7cf6081a05a1 100644
5223 +--- a/drivers/net/wireless/rt2x00/rt2800.h
5224 ++++ b/drivers/net/wireless/rt2x00/rt2800.h
5225 +@@ -2039,7 +2039,7 @@ struct mac_iveiv_entry {
5226 + * 2 - drop tx power by 12dBm,
5227 + * 3 - increase tx power by 6dBm
5228 + */
5229 +-#define BBP1_TX_POWER_CTRL FIELD8(0x07)
5230 ++#define BBP1_TX_POWER_CTRL FIELD8(0x03)
5231 + #define BBP1_TX_ANTENNA FIELD8(0x18)
5232 +
5233 + /*
5234 +diff --git a/drivers/pci/host/pci-mvebu.c b/drivers/pci/host/pci-mvebu.c
5235 +index ce23e0f076b6..db5abef6cec0 100644
5236 +--- a/drivers/pci/host/pci-mvebu.c
5237 ++++ b/drivers/pci/host/pci-mvebu.c
5238 +@@ -873,7 +873,7 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
5239 + rangesz = pna + na + ns;
5240 + nranges = rlen / sizeof(__be32) / rangesz;
5241 +
5242 +- for (i = 0; i < nranges; i++) {
5243 ++ for (i = 0; i < nranges; i++, range += rangesz) {
5244 + u32 flags = of_read_number(range, 1);
5245 + u32 slot = of_read_number(range + 1, 1);
5246 + u64 cpuaddr = of_read_number(range + na, pna);
5247 +@@ -883,14 +883,14 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
5248 + rtype = IORESOURCE_IO;
5249 + else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
5250 + rtype = IORESOURCE_MEM;
5251 ++ else
5252 ++ continue;
5253 +
5254 + if (slot == PCI_SLOT(devfn) && type == rtype) {
5255 + *tgt = DT_CPUADDR_TO_TARGET(cpuaddr);
5256 + *attr = DT_CPUADDR_TO_ATTR(cpuaddr);
5257 + return 0;
5258 + }
5259 +-
5260 +- range += rangesz;
5261 + }
5262 +
5263 + return -ENOENT;
5264 +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
5265 +index 9ff0a901ecf7..76ef7914c9aa 100644
5266 +--- a/drivers/pci/pci-sysfs.c
5267 ++++ b/drivers/pci/pci-sysfs.c
5268 +@@ -177,7 +177,7 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
5269 + {
5270 + struct pci_dev *pci_dev = to_pci_dev(dev);
5271 +
5272 +- return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n",
5273 ++ return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n",
5274 + pci_dev->vendor, pci_dev->device,
5275 + pci_dev->subsystem_vendor, pci_dev->subsystem_device,
5276 + (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8),
5277 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
5278 +index d0f69269eb6c..cc09b14b8ac1 100644
5279 +--- a/drivers/pci/quirks.c
5280 ++++ b/drivers/pci/quirks.c
5281 +@@ -24,6 +24,7 @@
5282 + #include <linux/ioport.h>
5283 + #include <linux/sched.h>
5284 + #include <linux/ktime.h>
5285 ++#include <linux/mm.h>
5286 + #include <asm/dma.h> /* isa_dma_bridge_buggy */
5287 + #include "pci.h"
5288 +
5289 +@@ -287,6 +288,25 @@ static void quirk_citrine(struct pci_dev *dev)
5290 + }
5291 + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine);
5292 +
5293 ++/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */
5294 ++static void quirk_extend_bar_to_page(struct pci_dev *dev)
5295 ++{
5296 ++ int i;
5297 ++
5298 ++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) {
5299 ++ struct resource *r = &dev->resource[i];
5300 ++
5301 ++ if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) {
5302 ++ r->end = PAGE_SIZE - 1;
5303 ++ r->start = 0;
5304 ++ r->flags |= IORESOURCE_UNSET;
5305 ++ dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n",
5306 ++ i, r);
5307 ++ }
5308 ++ }
5309 ++}
5310 ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page);
5311 ++
5312 + /*
5313 + * S3 868 and 968 chips report region size equal to 32M, but they decode 64M.
5314 + * If it's needed, re-allocate the region.
5315 +diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
5316 +index a5a63ecfb628..a70b8715a315 100644
5317 +--- a/drivers/pci/setup-bus.c
5318 ++++ b/drivers/pci/setup-bus.c
5319 +@@ -1652,7 +1652,7 @@ void pci_assign_unassigned_bridge_resources(struct pci_dev *bridge)
5320 + struct pci_dev_resource *fail_res;
5321 + int retval;
5322 + unsigned long type_mask = IORESOURCE_IO | IORESOURCE_MEM |
5323 +- IORESOURCE_PREFETCH;
5324 ++ IORESOURCE_PREFETCH | IORESOURCE_MEM_64;
5325 +
5326 + again:
5327 + __pci_bus_size_bridges(parent, &add_list);
5328 +diff --git a/drivers/regulator/ltc3589.c b/drivers/regulator/ltc3589.c
5329 +index c8105182b8b8..bef5842d0777 100644
5330 +--- a/drivers/regulator/ltc3589.c
5331 ++++ b/drivers/regulator/ltc3589.c
5332 +@@ -372,6 +372,7 @@ static bool ltc3589_volatile_reg(struct device *dev, unsigned int reg)
5333 + switch (reg) {
5334 + case LTC3589_IRQSTAT:
5335 + case LTC3589_PGSTAT:
5336 ++ case LTC3589_VCCR:
5337 + return true;
5338 + }
5339 + return false;
5340 +diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
5341 +index b0e4a3eb33c7..5b2e76159b41 100644
5342 +--- a/drivers/rtc/rtc-cmos.c
5343 ++++ b/drivers/rtc/rtc-cmos.c
5344 +@@ -856,7 +856,7 @@ static void __exit cmos_do_remove(struct device *dev)
5345 + cmos->dev = NULL;
5346 + }
5347 +
5348 +-#ifdef CONFIG_PM_SLEEP
5349 ++#ifdef CONFIG_PM
5350 +
5351 + static int cmos_suspend(struct device *dev)
5352 + {
5353 +@@ -907,6 +907,8 @@ static inline int cmos_poweroff(struct device *dev)
5354 + return cmos_suspend(dev);
5355 + }
5356 +
5357 ++#ifdef CONFIG_PM_SLEEP
5358 ++
5359 + static int cmos_resume(struct device *dev)
5360 + {
5361 + struct cmos_rtc *cmos = dev_get_drvdata(dev);
5362 +@@ -954,6 +956,7 @@ static int cmos_resume(struct device *dev)
5363 + return 0;
5364 + }
5365 +
5366 ++#endif
5367 + #else
5368 +
5369 + static inline int cmos_poweroff(struct device *dev)
5370 +diff --git a/drivers/scsi/be2iscsi/be_mgmt.c b/drivers/scsi/be2iscsi/be_mgmt.c
5371 +index 07934b0b9ee1..accceb57ddbc 100644
5372 +--- a/drivers/scsi/be2iscsi/be_mgmt.c
5373 ++++ b/drivers/scsi/be2iscsi/be_mgmt.c
5374 +@@ -944,17 +944,20 @@ mgmt_static_ip_modify(struct beiscsi_hba *phba,
5375 +
5376 + if (ip_action == IP_ACTION_ADD) {
5377 + memcpy(req->ip_params.ip_record.ip_addr.addr, ip_param->value,
5378 +- ip_param->len);
5379 ++ sizeof(req->ip_params.ip_record.ip_addr.addr));
5380 +
5381 + if (subnet_param)
5382 + memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
5383 +- subnet_param->value, subnet_param->len);
5384 ++ subnet_param->value,
5385 ++ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
5386 + } else {
5387 + memcpy(req->ip_params.ip_record.ip_addr.addr,
5388 +- if_info->ip_addr.addr, ip_param->len);
5389 ++ if_info->ip_addr.addr,
5390 ++ sizeof(req->ip_params.ip_record.ip_addr.addr));
5391 +
5392 + memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
5393 +- if_info->ip_addr.subnet_mask, ip_param->len);
5394 ++ if_info->ip_addr.subnet_mask,
5395 ++ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
5396 + }
5397 +
5398 + rc = mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
5399 +@@ -982,7 +985,7 @@ static int mgmt_modify_gateway(struct beiscsi_hba *phba, uint8_t *gt_addr,
5400 + req->action = gtway_action;
5401 + req->ip_addr.ip_type = BE2_IPV4;
5402 +
5403 +- memcpy(req->ip_addr.addr, gt_addr, param_len);
5404 ++ memcpy(req->ip_addr.addr, gt_addr, sizeof(req->ip_addr.addr));
5405 +
5406 + return mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
5407 + }
5408 +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
5409 +index d96bfb55e57b..5072251cdb8b 100644
5410 +--- a/drivers/scsi/qla2xxx/qla_os.c
5411 ++++ b/drivers/scsi/qla2xxx/qla_os.c
5412 +@@ -3111,10 +3111,8 @@ qla2x00_unmap_iobases(struct qla_hw_data *ha)
5413 + }
5414 +
5415 + static void
5416 +-qla2x00_clear_drv_active(scsi_qla_host_t *vha)
5417 ++qla2x00_clear_drv_active(struct qla_hw_data *ha)
5418 + {
5419 +- struct qla_hw_data *ha = vha->hw;
5420 +-
5421 + if (IS_QLA8044(ha)) {
5422 + qla8044_idc_lock(ha);
5423 + qla8044_clear_drv_active(ha);
5424 +@@ -3185,7 +3183,7 @@ qla2x00_remove_one(struct pci_dev *pdev)
5425 +
5426 + scsi_host_put(base_vha->host);
5427 +
5428 +- qla2x00_clear_drv_active(base_vha);
5429 ++ qla2x00_clear_drv_active(ha);
5430 +
5431 + qla2x00_unmap_iobases(ha);
5432 +
5433 +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
5434 +index e632e14180cf..bcc449a0c3a7 100644
5435 +--- a/drivers/scsi/qla2xxx/qla_target.c
5436 ++++ b/drivers/scsi/qla2xxx/qla_target.c
5437 +@@ -1431,12 +1431,10 @@ static inline void qlt_unmap_sg(struct scsi_qla_host *vha,
5438 + static int qlt_check_reserve_free_req(struct scsi_qla_host *vha,
5439 + uint32_t req_cnt)
5440 + {
5441 +- struct qla_hw_data *ha = vha->hw;
5442 +- device_reg_t __iomem *reg = ha->iobase;
5443 + uint32_t cnt;
5444 +
5445 + if (vha->req->cnt < (req_cnt + 2)) {
5446 +- cnt = (uint16_t)RD_REG_DWORD(&reg->isp24.req_q_out);
5447 ++ cnt = (uint16_t)RD_REG_DWORD(vha->req->req_q_out);
5448 +
5449 + ql_dbg(ql_dbg_tgt, vha, 0xe00a,
5450 + "Request ring circled: cnt=%d, vha->->ring_index=%d, "
5451 +@@ -3277,6 +3275,7 @@ static int qlt_handle_cmd_for_atio(struct scsi_qla_host *vha,
5452 + return -ENOMEM;
5453 +
5454 + memcpy(&op->atio, atio, sizeof(*atio));
5455 ++ op->vha = vha;
5456 + INIT_WORK(&op->work, qlt_create_sess_from_atio);
5457 + queue_work(qla_tgt_wq, &op->work);
5458 + return 0;
5459 +diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
5460 +index 6d207afec8cb..a4c45ea8f688 100644
5461 +--- a/drivers/spi/spi-dw-mid.c
5462 ++++ b/drivers/spi/spi-dw-mid.c
5463 +@@ -89,7 +89,13 @@ err_exit:
5464 +
5465 + static void mid_spi_dma_exit(struct dw_spi *dws)
5466 + {
5467 ++ if (!dws->dma_inited)
5468 ++ return;
5469 ++
5470 ++ dmaengine_terminate_all(dws->txchan);
5471 + dma_release_channel(dws->txchan);
5472 ++
5473 ++ dmaengine_terminate_all(dws->rxchan);
5474 + dma_release_channel(dws->rxchan);
5475 + }
5476 +
5477 +@@ -136,7 +142,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
5478 + txconf.dst_addr = dws->dma_addr;
5479 + txconf.dst_maxburst = LNW_DMA_MSIZE_16;
5480 + txconf.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
5481 +- txconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
5482 ++ txconf.dst_addr_width = dws->dma_width;
5483 + txconf.device_fc = false;
5484 +
5485 + txchan->device->device_control(txchan, DMA_SLAVE_CONFIG,
5486 +@@ -159,7 +165,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
5487 + rxconf.src_addr = dws->dma_addr;
5488 + rxconf.src_maxburst = LNW_DMA_MSIZE_16;
5489 + rxconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
5490 +- rxconf.src_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
5491 ++ rxconf.src_addr_width = dws->dma_width;
5492 + rxconf.device_fc = false;
5493 +
5494 + rxchan->device->device_control(rxchan, DMA_SLAVE_CONFIG,
5495 +diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c
5496 +index d017cec8a34a..e454b7c2ecd9 100644
5497 +--- a/drivers/tty/serial/omap-serial.c
5498 ++++ b/drivers/tty/serial/omap-serial.c
5499 +@@ -254,8 +254,16 @@ serial_omap_baud_is_mode16(struct uart_port *port, unsigned int baud)
5500 + {
5501 + unsigned int n13 = port->uartclk / (13 * baud);
5502 + unsigned int n16 = port->uartclk / (16 * baud);
5503 +- int baudAbsDiff13 = baud - (port->uartclk / (13 * n13));
5504 +- int baudAbsDiff16 = baud - (port->uartclk / (16 * n16));
5505 ++ int baudAbsDiff13;
5506 ++ int baudAbsDiff16;
5507 ++
5508 ++ if (n13 == 0)
5509 ++ n13 = 1;
5510 ++ if (n16 == 0)
5511 ++ n16 = 1;
5512 ++
5513 ++ baudAbsDiff13 = baud - (port->uartclk / (13 * n13));
5514 ++ baudAbsDiff16 = baud - (port->uartclk / (16 * n16));
5515 + if (baudAbsDiff13 < 0)
5516 + baudAbsDiff13 = -baudAbsDiff13;
5517 + if (baudAbsDiff16 < 0)
5518 +diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig
5519 +index ba18e9c110cc..77ad6a944129 100644
5520 +--- a/drivers/usb/gadget/Kconfig
5521 ++++ b/drivers/usb/gadget/Kconfig
5522 +@@ -438,7 +438,7 @@ config USB_GOKU
5523 + gadget drivers to also be dynamically linked.
5524 +
5525 + config USB_EG20T
5526 +- tristate "Intel EG20T PCH/LAPIS Semiconductor IOH(ML7213/ML7831) UDC"
5527 ++ tristate "Intel QUARK X1000/EG20T PCH/LAPIS Semiconductor IOH(ML7213/ML7831) UDC"
5528 + depends on PCI
5529 + help
5530 + This is a USB device driver for EG20T PCH.
5531 +@@ -459,6 +459,7 @@ config USB_EG20T
5532 + ML7213/ML7831 is companion chip for Intel Atom E6xx series.
5533 + ML7213/ML7831 is completely compatible for Intel EG20T PCH.
5534 +
5535 ++ This driver can be used with Intel's Quark X1000 SOC platform
5536 + #
5537 + # LAST -- dummy/emulated controller
5538 + #
5539 +diff --git a/drivers/usb/gadget/pch_udc.c b/drivers/usb/gadget/pch_udc.c
5540 +index eb8c3bedb57a..460d953c91b6 100644
5541 +--- a/drivers/usb/gadget/pch_udc.c
5542 ++++ b/drivers/usb/gadget/pch_udc.c
5543 +@@ -343,6 +343,7 @@ struct pch_vbus_gpio_data {
5544 + * @setup_data: Received setup data
5545 + * @phys_addr: of device memory
5546 + * @base_addr: for mapped device memory
5547 ++ * @bar: Indicates which PCI BAR for USB regs
5548 + * @irq: IRQ line for the device
5549 + * @cfg_data: current cfg, intf, and alt in use
5550 + * @vbus_gpio: GPIO informaton for detecting VBUS
5551 +@@ -370,14 +371,17 @@ struct pch_udc_dev {
5552 + struct usb_ctrlrequest setup_data;
5553 + unsigned long phys_addr;
5554 + void __iomem *base_addr;
5555 ++ unsigned bar;
5556 + unsigned irq;
5557 + struct pch_udc_cfg_data cfg_data;
5558 + struct pch_vbus_gpio_data vbus_gpio;
5559 + };
5560 + #define to_pch_udc(g) (container_of((g), struct pch_udc_dev, gadget))
5561 +
5562 ++#define PCH_UDC_PCI_BAR_QUARK_X1000 0
5563 + #define PCH_UDC_PCI_BAR 1
5564 + #define PCI_DEVICE_ID_INTEL_EG20T_UDC 0x8808
5565 ++#define PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC 0x0939
5566 + #define PCI_VENDOR_ID_ROHM 0x10DB
5567 + #define PCI_DEVICE_ID_ML7213_IOH_UDC 0x801D
5568 + #define PCI_DEVICE_ID_ML7831_IOH_UDC 0x8808
5569 +@@ -3076,7 +3080,7 @@ static void pch_udc_remove(struct pci_dev *pdev)
5570 + iounmap(dev->base_addr);
5571 + if (dev->mem_region)
5572 + release_mem_region(dev->phys_addr,
5573 +- pci_resource_len(pdev, PCH_UDC_PCI_BAR));
5574 ++ pci_resource_len(pdev, dev->bar));
5575 + if (dev->active)
5576 + pci_disable_device(pdev);
5577 + kfree(dev);
5578 +@@ -3144,9 +3148,15 @@ static int pch_udc_probe(struct pci_dev *pdev,
5579 + dev->active = 1;
5580 + pci_set_drvdata(pdev, dev);
5581 +
5582 ++ /* Determine BAR based on PCI ID */
5583 ++ if (id->device == PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC)
5584 ++ dev->bar = PCH_UDC_PCI_BAR_QUARK_X1000;
5585 ++ else
5586 ++ dev->bar = PCH_UDC_PCI_BAR;
5587 ++
5588 + /* PCI resource allocation */
5589 +- resource = pci_resource_start(pdev, 1);
5590 +- len = pci_resource_len(pdev, 1);
5591 ++ resource = pci_resource_start(pdev, dev->bar);
5592 ++ len = pci_resource_len(pdev, dev->bar);
5593 +
5594 + if (!request_mem_region(resource, len, KBUILD_MODNAME)) {
5595 + dev_err(&pdev->dev, "%s: pci device used already\n", __func__);
5596 +@@ -3212,6 +3222,12 @@ finished:
5597 +
5598 + static const struct pci_device_id pch_udc_pcidev_id[] = {
5599 + {
5600 ++ PCI_DEVICE(PCI_VENDOR_ID_INTEL,
5601 ++ PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC),
5602 ++ .class = (PCI_CLASS_SERIAL_USB << 8) | 0xfe,
5603 ++ .class_mask = 0xffffffff,
5604 ++ },
5605 ++ {
5606 + PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_EG20T_UDC),
5607 + .class = (PCI_CLASS_SERIAL_USB << 8) | 0xfe,
5608 + .class_mask = 0xffffffff,
5609 +diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
5610 +index eea26e1b2fda..d738ff8ab81c 100644
5611 +--- a/fs/btrfs/dev-replace.c
5612 ++++ b/fs/btrfs/dev-replace.c
5613 +@@ -567,6 +567,8 @@ static int btrfs_dev_replace_finishing(struct btrfs_fs_info *fs_info,
5614 + btrfs_kobj_rm_device(fs_info, src_device);
5615 + btrfs_kobj_add_device(fs_info, tgt_device);
5616 +
5617 ++ btrfs_dev_replace_unlock(dev_replace);
5618 ++
5619 + btrfs_rm_dev_replace_blocked(fs_info);
5620 +
5621 + btrfs_rm_dev_replace_srcdev(fs_info, src_device);
5622 +@@ -580,7 +582,6 @@ static int btrfs_dev_replace_finishing(struct btrfs_fs_info *fs_info,
5623 + * superblock is scratched out so that it is no longer marked to
5624 + * belong to this filesystem.
5625 + */
5626 +- btrfs_dev_replace_unlock(dev_replace);
5627 + mutex_unlock(&root->fs_info->fs_devices->device_list_mutex);
5628 + mutex_unlock(&root->fs_info->chunk_mutex);
5629 +
5630 +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
5631 +index 8edb9fcc38d5..feff017a47d9 100644
5632 +--- a/fs/btrfs/extent-tree.c
5633 ++++ b/fs/btrfs/extent-tree.c
5634 +@@ -4508,7 +4508,13 @@ again:
5635 + space_info->flush = 1;
5636 + } else if (!ret && space_info->flags & BTRFS_BLOCK_GROUP_METADATA) {
5637 + used += orig_bytes;
5638 +- if (need_do_async_reclaim(space_info, root->fs_info, used) &&
5639 ++ /*
5640 ++ * We will do the space reservation dance during log replay,
5641 ++ * which means we won't have fs_info->fs_root set, so don't do
5642 ++ * the async reclaim as we will panic.
5643 ++ */
5644 ++ if (!root->fs_info->log_root_recovering &&
5645 ++ need_do_async_reclaim(space_info, root->fs_info, used) &&
5646 + !work_busy(&root->fs_info->async_reclaim_work))
5647 + queue_work(system_unbound_wq,
5648 + &root->fs_info->async_reclaim_work);
5649 +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
5650 +index ab1fd668020d..2a15294f1683 100644
5651 +--- a/fs/btrfs/file.c
5652 ++++ b/fs/btrfs/file.c
5653 +@@ -2622,23 +2622,28 @@ static int find_desired_extent(struct inode *inode, loff_t *offset, int whence)
5654 + struct btrfs_root *root = BTRFS_I(inode)->root;
5655 + struct extent_map *em = NULL;
5656 + struct extent_state *cached_state = NULL;
5657 +- u64 lockstart = *offset;
5658 +- u64 lockend = i_size_read(inode);
5659 +- u64 start = *offset;
5660 +- u64 len = i_size_read(inode);
5661 ++ u64 lockstart;
5662 ++ u64 lockend;
5663 ++ u64 start;
5664 ++ u64 len;
5665 + int ret = 0;
5666 +
5667 +- lockend = max_t(u64, root->sectorsize, lockend);
5668 ++ if (inode->i_size == 0)
5669 ++ return -ENXIO;
5670 ++
5671 ++ /*
5672 ++ * *offset can be negative, in this case we start finding DATA/HOLE from
5673 ++ * the very start of the file.
5674 ++ */
5675 ++ start = max_t(loff_t, 0, *offset);
5676 ++
5677 ++ lockstart = round_down(start, root->sectorsize);
5678 ++ lockend = round_up(i_size_read(inode), root->sectorsize);
5679 + if (lockend <= lockstart)
5680 + lockend = lockstart + root->sectorsize;
5681 +-
5682 + lockend--;
5683 + len = lockend - lockstart + 1;
5684 +
5685 +- len = max_t(u64, len, root->sectorsize);
5686 +- if (inode->i_size == 0)
5687 +- return -ENXIO;
5688 +-
5689 + lock_extent_bits(&BTRFS_I(inode)->io_tree, lockstart, lockend, 0,
5690 + &cached_state);
5691 +
5692 +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
5693 +index c6cd34e699d0..a3a8dee8030f 100644
5694 +--- a/fs/btrfs/inode.c
5695 ++++ b/fs/btrfs/inode.c
5696 +@@ -3656,7 +3656,8 @@ noinline int btrfs_update_inode(struct btrfs_trans_handle *trans,
5697 + * without delay
5698 + */
5699 + if (!btrfs_is_free_space_inode(inode)
5700 +- && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID) {
5701 ++ && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID
5702 ++ && !root->fs_info->log_root_recovering) {
5703 + btrfs_update_root_times(trans, root);
5704 +
5705 + ret = btrfs_delayed_update_inode(trans, root, inode);
5706 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
5707 +index 47aceb494d1d..4e395f3f251d 100644
5708 +--- a/fs/btrfs/ioctl.c
5709 ++++ b/fs/btrfs/ioctl.c
5710 +@@ -332,6 +332,9 @@ static int btrfs_ioctl_setflags(struct file *file, void __user *arg)
5711 + goto out_drop;
5712 +
5713 + } else {
5714 ++ ret = btrfs_set_prop(inode, "btrfs.compression", NULL, 0, 0);
5715 ++ if (ret && ret != -ENODATA)
5716 ++ goto out_drop;
5717 + ip->flags &= ~(BTRFS_INODE_COMPRESS | BTRFS_INODE_NOCOMPRESS);
5718 + }
5719 +
5720 +@@ -5309,6 +5312,12 @@ long btrfs_ioctl(struct file *file, unsigned int
5721 + if (ret)
5722 + return ret;
5723 + ret = btrfs_sync_fs(file->f_dentry->d_sb, 1);
5724 ++ /*
5725 ++ * The transaction thread may want to do more work,
5726 ++ * namely it pokes the cleaner ktread that will start
5727 ++ * processing uncleaned subvols.
5728 ++ */
5729 ++ wake_up_process(root->fs_info->transaction_kthread);
5730 + return ret;
5731 + }
5732 + case BTRFS_IOC_START_SYNC:
5733 +diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
5734 +index 65245a07275b..56fe6ec409ac 100644
5735 +--- a/fs/btrfs/relocation.c
5736 ++++ b/fs/btrfs/relocation.c
5737 +@@ -736,7 +736,8 @@ again:
5738 + err = ret;
5739 + goto out;
5740 + }
5741 +- BUG_ON(!ret || !path1->slots[0]);
5742 ++ ASSERT(ret);
5743 ++ ASSERT(path1->slots[0]);
5744 +
5745 + path1->slots[0]--;
5746 +
5747 +@@ -746,10 +747,10 @@ again:
5748 + * the backref was added previously when processing
5749 + * backref of type BTRFS_TREE_BLOCK_REF_KEY
5750 + */
5751 +- BUG_ON(!list_is_singular(&cur->upper));
5752 ++ ASSERT(list_is_singular(&cur->upper));
5753 + edge = list_entry(cur->upper.next, struct backref_edge,
5754 + list[LOWER]);
5755 +- BUG_ON(!list_empty(&edge->list[UPPER]));
5756 ++ ASSERT(list_empty(&edge->list[UPPER]));
5757 + exist = edge->node[UPPER];
5758 + /*
5759 + * add the upper level block to pending list if we need
5760 +@@ -831,7 +832,7 @@ again:
5761 + cur->cowonly = 1;
5762 + }
5763 + #else
5764 +- BUG_ON(key.type == BTRFS_EXTENT_REF_V0_KEY);
5765 ++ ASSERT(key.type != BTRFS_EXTENT_REF_V0_KEY);
5766 + if (key.type == BTRFS_SHARED_BLOCK_REF_KEY) {
5767 + #endif
5768 + if (key.objectid == key.offset) {
5769 +@@ -840,7 +841,7 @@ again:
5770 + * backref of this type.
5771 + */
5772 + root = find_reloc_root(rc, cur->bytenr);
5773 +- BUG_ON(!root);
5774 ++ ASSERT(root);
5775 + cur->root = root;
5776 + break;
5777 + }
5778 +@@ -868,7 +869,7 @@ again:
5779 + } else {
5780 + upper = rb_entry(rb_node, struct backref_node,
5781 + rb_node);
5782 +- BUG_ON(!upper->checked);
5783 ++ ASSERT(upper->checked);
5784 + INIT_LIST_HEAD(&edge->list[UPPER]);
5785 + }
5786 + list_add_tail(&edge->list[LOWER], &cur->upper);
5787 +@@ -892,7 +893,7 @@ again:
5788 +
5789 + if (btrfs_root_level(&root->root_item) == cur->level) {
5790 + /* tree root */
5791 +- BUG_ON(btrfs_root_bytenr(&root->root_item) !=
5792 ++ ASSERT(btrfs_root_bytenr(&root->root_item) ==
5793 + cur->bytenr);
5794 + if (should_ignore_root(root))
5795 + list_add(&cur->list, &useless);
5796 +@@ -927,7 +928,7 @@ again:
5797 + need_check = true;
5798 + for (; level < BTRFS_MAX_LEVEL; level++) {
5799 + if (!path2->nodes[level]) {
5800 +- BUG_ON(btrfs_root_bytenr(&root->root_item) !=
5801 ++ ASSERT(btrfs_root_bytenr(&root->root_item) ==
5802 + lower->bytenr);
5803 + if (should_ignore_root(root))
5804 + list_add(&lower->list, &useless);
5805 +@@ -977,12 +978,15 @@ again:
5806 + need_check = false;
5807 + list_add_tail(&edge->list[UPPER],
5808 + &list);
5809 +- } else
5810 ++ } else {
5811 ++ if (upper->checked)
5812 ++ need_check = true;
5813 + INIT_LIST_HEAD(&edge->list[UPPER]);
5814 ++ }
5815 + } else {
5816 + upper = rb_entry(rb_node, struct backref_node,
5817 + rb_node);
5818 +- BUG_ON(!upper->checked);
5819 ++ ASSERT(upper->checked);
5820 + INIT_LIST_HEAD(&edge->list[UPPER]);
5821 + if (!upper->owner)
5822 + upper->owner = btrfs_header_owner(eb);
5823 +@@ -1026,7 +1030,7 @@ next:
5824 + * everything goes well, connect backref nodes and insert backref nodes
5825 + * into the cache.
5826 + */
5827 +- BUG_ON(!node->checked);
5828 ++ ASSERT(node->checked);
5829 + cowonly = node->cowonly;
5830 + if (!cowonly) {
5831 + rb_node = tree_insert(&cache->rb_root, node->bytenr,
5832 +@@ -1062,8 +1066,21 @@ next:
5833 + continue;
5834 + }
5835 +
5836 +- BUG_ON(!upper->checked);
5837 +- BUG_ON(cowonly != upper->cowonly);
5838 ++ if (!upper->checked) {
5839 ++ /*
5840 ++ * Still want to blow up for developers since this is a
5841 ++ * logic bug.
5842 ++ */
5843 ++ ASSERT(0);
5844 ++ err = -EINVAL;
5845 ++ goto out;
5846 ++ }
5847 ++ if (cowonly != upper->cowonly) {
5848 ++ ASSERT(0);
5849 ++ err = -EINVAL;
5850 ++ goto out;
5851 ++ }
5852 ++
5853 + if (!cowonly) {
5854 + rb_node = tree_insert(&cache->rb_root, upper->bytenr,
5855 + &upper->rb_node);
5856 +@@ -1086,7 +1103,7 @@ next:
5857 + while (!list_empty(&useless)) {
5858 + upper = list_entry(useless.next, struct backref_node, list);
5859 + list_del_init(&upper->list);
5860 +- BUG_ON(!list_empty(&upper->upper));
5861 ++ ASSERT(list_empty(&upper->upper));
5862 + if (upper == node)
5863 + node = NULL;
5864 + if (upper->lowest) {
5865 +@@ -1119,29 +1136,45 @@ out:
5866 + if (err) {
5867 + while (!list_empty(&useless)) {
5868 + lower = list_entry(useless.next,
5869 +- struct backref_node, upper);
5870 +- list_del_init(&lower->upper);
5871 ++ struct backref_node, list);
5872 ++ list_del_init(&lower->list);
5873 + }
5874 +- upper = node;
5875 +- INIT_LIST_HEAD(&list);
5876 +- while (upper) {
5877 +- if (RB_EMPTY_NODE(&upper->rb_node)) {
5878 +- list_splice_tail(&upper->upper, &list);
5879 +- free_backref_node(cache, upper);
5880 +- }
5881 +-
5882 +- if (list_empty(&list))
5883 +- break;
5884 +-
5885 +- edge = list_entry(list.next, struct backref_edge,
5886 +- list[LOWER]);
5887 ++ while (!list_empty(&list)) {
5888 ++ edge = list_first_entry(&list, struct backref_edge,
5889 ++ list[UPPER]);
5890 ++ list_del(&edge->list[UPPER]);
5891 + list_del(&edge->list[LOWER]);
5892 ++ lower = edge->node[LOWER];
5893 + upper = edge->node[UPPER];
5894 + free_backref_edge(cache, edge);
5895 ++
5896 ++ /*
5897 ++ * Lower is no longer linked to any upper backref nodes
5898 ++ * and isn't in the cache, we can free it ourselves.
5899 ++ */
5900 ++ if (list_empty(&lower->upper) &&
5901 ++ RB_EMPTY_NODE(&lower->rb_node))
5902 ++ list_add(&lower->list, &useless);
5903 ++
5904 ++ if (!RB_EMPTY_NODE(&upper->rb_node))
5905 ++ continue;
5906 ++
5907 ++ /* Add this guy's upper edges to the list to proces */
5908 ++ list_for_each_entry(edge, &upper->upper, list[LOWER])
5909 ++ list_add_tail(&edge->list[UPPER], &list);
5910 ++ if (list_empty(&upper->upper))
5911 ++ list_add(&upper->list, &useless);
5912 ++ }
5913 ++
5914 ++ while (!list_empty(&useless)) {
5915 ++ lower = list_entry(useless.next,
5916 ++ struct backref_node, list);
5917 ++ list_del_init(&lower->list);
5918 ++ free_backref_node(cache, lower);
5919 + }
5920 + return ERR_PTR(err);
5921 + }
5922 +- BUG_ON(node && node->detached);
5923 ++ ASSERT(!node || !node->detached);
5924 + return node;
5925 + }
5926 +
5927 +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
5928 +index d89c6d3542ca..98a25df1c430 100644
5929 +--- a/fs/btrfs/transaction.c
5930 ++++ b/fs/btrfs/transaction.c
5931 +@@ -609,7 +609,6 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
5932 + if (transid <= root->fs_info->last_trans_committed)
5933 + goto out;
5934 +
5935 +- ret = -EINVAL;
5936 + /* find specified transaction */
5937 + spin_lock(&root->fs_info->trans_lock);
5938 + list_for_each_entry(t, &root->fs_info->trans_list, list) {
5939 +@@ -625,9 +624,16 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
5940 + }
5941 + }
5942 + spin_unlock(&root->fs_info->trans_lock);
5943 +- /* The specified transaction doesn't exist */
5944 +- if (!cur_trans)
5945 ++
5946 ++ /*
5947 ++ * The specified transaction doesn't exist, or we
5948 ++ * raced with btrfs_commit_transaction
5949 ++ */
5950 ++ if (!cur_trans) {
5951 ++ if (transid > root->fs_info->last_trans_committed)
5952 ++ ret = -EINVAL;
5953 + goto out;
5954 ++ }
5955 + } else {
5956 + /* find newest transaction that is committing | committed */
5957 + spin_lock(&root->fs_info->trans_lock);
5958 +diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
5959 +index d4a9431ec73c..57ee4c53b4f8 100644
5960 +--- a/fs/ecryptfs/inode.c
5961 ++++ b/fs/ecryptfs/inode.c
5962 +@@ -1039,7 +1039,7 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
5963 + }
5964 +
5965 + rc = vfs_setxattr(lower_dentry, name, value, size, flags);
5966 +- if (!rc)
5967 ++ if (!rc && dentry->d_inode)
5968 + fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode);
5969 + out:
5970 + return rc;
5971 +diff --git a/fs/namespace.c b/fs/namespace.c
5972 +index 140d17705683..e544a0680a7c 100644
5973 +--- a/fs/namespace.c
5974 ++++ b/fs/namespace.c
5975 +@@ -1374,6 +1374,8 @@ static int do_umount(struct mount *mnt, int flags)
5976 + * Special case for "unmounting" root ...
5977 + * we just try to remount it readonly.
5978 + */
5979 ++ if (!capable(CAP_SYS_ADMIN))
5980 ++ return -EPERM;
5981 + down_write(&sb->s_umount);
5982 + if (!(sb->s_flags & MS_RDONLY))
5983 + retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
5984 +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
5985 +index 3275e94538e7..43fd8c557fe9 100644
5986 +--- a/fs/nfs/nfs4proc.c
5987 ++++ b/fs/nfs/nfs4proc.c
5988 +@@ -7242,7 +7242,7 @@ static int nfs41_proc_async_sequence(struct nfs_client *clp, struct rpc_cred *cr
5989 + int ret = 0;
5990 +
5991 + if ((renew_flags & NFS4_RENEW_TIMEOUT) == 0)
5992 +- return 0;
5993 ++ return -EAGAIN;
5994 + task = _nfs41_proc_sequence(clp, cred, false);
5995 + if (IS_ERR(task))
5996 + ret = PTR_ERR(task);
5997 +diff --git a/fs/nfs/nfs4renewd.c b/fs/nfs/nfs4renewd.c
5998 +index 1720d32ffa54..e1ba58c3d1ad 100644
5999 +--- a/fs/nfs/nfs4renewd.c
6000 ++++ b/fs/nfs/nfs4renewd.c
6001 +@@ -88,10 +88,18 @@ nfs4_renew_state(struct work_struct *work)
6002 + }
6003 + nfs_expire_all_delegations(clp);
6004 + } else {
6005 ++ int ret;
6006 ++
6007 + /* Queue an asynchronous RENEW. */
6008 +- ops->sched_state_renewal(clp, cred, renew_flags);
6009 ++ ret = ops->sched_state_renewal(clp, cred, renew_flags);
6010 + put_rpccred(cred);
6011 +- goto out_exp;
6012 ++ switch (ret) {
6013 ++ default:
6014 ++ goto out_exp;
6015 ++ case -EAGAIN:
6016 ++ case -ENOMEM:
6017 ++ break;
6018 ++ }
6019 + }
6020 + } else {
6021 + dprintk("%s: failed to call renewd. Reason: lease not expired \n",
6022 +diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
6023 +index 848f6853c59e..db7792c30462 100644
6024 +--- a/fs/nfs/nfs4state.c
6025 ++++ b/fs/nfs/nfs4state.c
6026 +@@ -1732,7 +1732,8 @@ restart:
6027 + if (status < 0) {
6028 + set_bit(ops->owner_flag_bit, &sp->so_flags);
6029 + nfs4_put_state_owner(sp);
6030 +- return nfs4_recovery_handle_error(clp, status);
6031 ++ status = nfs4_recovery_handle_error(clp, status);
6032 ++ return (status != 0) ? status : -EAGAIN;
6033 + }
6034 +
6035 + nfs4_put_state_owner(sp);
6036 +@@ -1741,7 +1742,7 @@ restart:
6037 + spin_unlock(&clp->cl_lock);
6038 + }
6039 + rcu_read_unlock();
6040 +- return status;
6041 ++ return 0;
6042 + }
6043 +
6044 + static int nfs4_check_lease(struct nfs_client *clp)
6045 +@@ -1788,7 +1789,6 @@ static int nfs4_handle_reclaim_lease_error(struct nfs_client *clp, int status)
6046 + break;
6047 + case -NFS4ERR_STALE_CLIENTID:
6048 + clear_bit(NFS4CLNT_LEASE_CONFIRM, &clp->cl_state);
6049 +- nfs4_state_clear_reclaim_reboot(clp);
6050 + nfs4_state_start_reclaim_reboot(clp);
6051 + break;
6052 + case -NFS4ERR_CLID_INUSE:
6053 +@@ -2372,6 +2372,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
6054 + status = nfs4_check_lease(clp);
6055 + if (status < 0)
6056 + goto out_error;
6057 ++ continue;
6058 + }
6059 +
6060 + if (test_and_clear_bit(NFS4CLNT_MOVED, &clp->cl_state)) {
6061 +@@ -2393,14 +2394,11 @@ static void nfs4_state_manager(struct nfs_client *clp)
6062 + section = "reclaim reboot";
6063 + status = nfs4_do_reclaim(clp,
6064 + clp->cl_mvops->reboot_recovery_ops);
6065 +- if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
6066 +- test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state))
6067 +- continue;
6068 +- nfs4_state_end_reclaim_reboot(clp);
6069 +- if (test_bit(NFS4CLNT_RECLAIM_NOGRACE, &clp->cl_state))
6070 ++ if (status == -EAGAIN)
6071 + continue;
6072 + if (status < 0)
6073 + goto out_error;
6074 ++ nfs4_state_end_reclaim_reboot(clp);
6075 + }
6076 +
6077 + /* Now recover expired state... */
6078 +@@ -2408,9 +2406,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
6079 + section = "reclaim nograce";
6080 + status = nfs4_do_reclaim(clp,
6081 + clp->cl_mvops->nograce_recovery_ops);
6082 +- if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
6083 +- test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state) ||
6084 +- test_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state))
6085 ++ if (status == -EAGAIN)
6086 + continue;
6087 + if (status < 0)
6088 + goto out_error;
6089 +diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
6090 +index 34136ff5abf0..3a9c34a0f898 100644
6091 +--- a/fs/nfs/pagelist.c
6092 ++++ b/fs/nfs/pagelist.c
6093 +@@ -527,7 +527,8 @@ EXPORT_SYMBOL_GPL(nfs_pgio_header_free);
6094 + */
6095 + void nfs_pgio_data_destroy(struct nfs_pgio_header *hdr)
6096 + {
6097 +- put_nfs_open_context(hdr->args.context);
6098 ++ if (hdr->args.context)
6099 ++ put_nfs_open_context(hdr->args.context);
6100 + if (hdr->page_array.pagevec != hdr->page_array.page_array)
6101 + kfree(hdr->page_array.pagevec);
6102 + }
6103 +@@ -753,12 +754,11 @@ int nfs_generic_pgio(struct nfs_pageio_descriptor *desc,
6104 + nfs_list_remove_request(req);
6105 + nfs_list_add_request(req, &hdr->pages);
6106 +
6107 +- if (WARN_ON_ONCE(pageused >= pagecount))
6108 +- return nfs_pgio_error(desc, hdr);
6109 +-
6110 + if (!last_page || last_page != req->wb_page) {
6111 +- *pages++ = last_page = req->wb_page;
6112 + pageused++;
6113 ++ if (pageused > pagecount)
6114 ++ break;
6115 ++ *pages++ = last_page = req->wb_page;
6116 + }
6117 + }
6118 + if (WARN_ON_ONCE(pageused != pagecount))
6119 +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
6120 +index 1d5103dfc203..96338175a2fe 100644
6121 +--- a/fs/nfsd/nfs4xdr.c
6122 ++++ b/fs/nfsd/nfs4xdr.c
6123 +@@ -1675,6 +1675,14 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
6124 + readbytes += nfsd4_max_reply(argp->rqstp, op);
6125 + } else
6126 + max_reply += nfsd4_max_reply(argp->rqstp, op);
6127 ++ /*
6128 ++ * OP_LOCK may return a conflicting lock. (Special case
6129 ++ * because it will just skip encoding this if it runs
6130 ++ * out of xdr buffer space, and it is the only operation
6131 ++ * that behaves this way.)
6132 ++ */
6133 ++ if (op->opnum == OP_LOCK)
6134 ++ max_reply += NFS4_OPAQUE_LIMIT;
6135 +
6136 + if (op->status) {
6137 + argp->opcnt = i+1;
6138 +diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
6139 +index 2685bc9ea2c9..ec50a8385b13 100644
6140 +--- a/fs/notify/fanotify/fanotify_user.c
6141 ++++ b/fs/notify/fanotify/fanotify_user.c
6142 +@@ -78,7 +78,7 @@ static int create_fd(struct fsnotify_group *group,
6143 +
6144 + pr_debug("%s: group=%p event=%p\n", __func__, group, event);
6145 +
6146 +- client_fd = get_unused_fd();
6147 ++ client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
6148 + if (client_fd < 0)
6149 + return client_fd;
6150 +
6151 +diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
6152 +index 02614349690d..4ff074bc2a7d 100644
6153 +--- a/fs/xfs/xfs_aops.c
6154 ++++ b/fs/xfs/xfs_aops.c
6155 +@@ -434,10 +434,22 @@ xfs_start_page_writeback(
6156 + {
6157 + ASSERT(PageLocked(page));
6158 + ASSERT(!PageWriteback(page));
6159 +- if (clear_dirty)
6160 ++
6161 ++ /*
6162 ++ * if the page was not fully cleaned, we need to ensure that the higher
6163 ++ * layers come back to it correctly. That means we need to keep the page
6164 ++ * dirty, and for WB_SYNC_ALL writeback we need to ensure the
6165 ++ * PAGECACHE_TAG_TOWRITE index mark is not removed so another attempt to
6166 ++ * write this page in this writeback sweep will be made.
6167 ++ */
6168 ++ if (clear_dirty) {
6169 + clear_page_dirty_for_io(page);
6170 +- set_page_writeback(page);
6171 ++ set_page_writeback(page);
6172 ++ } else
6173 ++ set_page_writeback_keepwrite(page);
6174 ++
6175 + unlock_page(page);
6176 ++
6177 + /* If no buffers on the page are to be written, finish it here */
6178 + if (!buffers)
6179 + end_page_writeback(page);
6180 +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
6181 +new file mode 100644
6182 +index 000000000000..cdd1cc202d51
6183 +--- /dev/null
6184 ++++ b/include/linux/compiler-gcc5.h
6185 +@@ -0,0 +1,66 @@
6186 ++#ifndef __LINUX_COMPILER_H
6187 ++#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
6188 ++#endif
6189 ++
6190 ++#define __used __attribute__((__used__))
6191 ++#define __must_check __attribute__((warn_unused_result))
6192 ++#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
6193 ++
6194 ++/* Mark functions as cold. gcc will assume any path leading to a call
6195 ++ to them will be unlikely. This means a lot of manual unlikely()s
6196 ++ are unnecessary now for any paths leading to the usual suspects
6197 ++ like BUG(), printk(), panic() etc. [but let's keep them for now for
6198 ++ older compilers]
6199 ++
6200 ++ Early snapshots of gcc 4.3 don't support this and we can't detect this
6201 ++ in the preprocessor, but we can live with this because they're unreleased.
6202 ++ Maketime probing would be overkill here.
6203 ++
6204 ++ gcc also has a __attribute__((__hot__)) to move hot functions into
6205 ++ a special section, but I don't see any sense in this right now in
6206 ++ the kernel context */
6207 ++#define __cold __attribute__((__cold__))
6208 ++
6209 ++#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
6210 ++
6211 ++#ifndef __CHECKER__
6212 ++# define __compiletime_warning(message) __attribute__((warning(message)))
6213 ++# define __compiletime_error(message) __attribute__((error(message)))
6214 ++#endif /* __CHECKER__ */
6215 ++
6216 ++/*
6217 ++ * Mark a position in code as unreachable. This can be used to
6218 ++ * suppress control flow warnings after asm blocks that transfer
6219 ++ * control elsewhere.
6220 ++ *
6221 ++ * Early snapshots of gcc 4.5 don't support this and we can't detect
6222 ++ * this in the preprocessor, but we can live with this because they're
6223 ++ * unreleased. Really, we need to have autoconf for the kernel.
6224 ++ */
6225 ++#define unreachable() __builtin_unreachable()
6226 ++
6227 ++/* Mark a function definition as prohibited from being cloned. */
6228 ++#define __noclone __attribute__((__noclone__))
6229 ++
6230 ++/*
6231 ++ * Tell the optimizer that something else uses this function or variable.
6232 ++ */
6233 ++#define __visible __attribute__((externally_visible))
6234 ++
6235 ++/*
6236 ++ * GCC 'asm goto' miscompiles certain code sequences:
6237 ++ *
6238 ++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
6239 ++ *
6240 ++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
6241 ++ * Fixed in GCC 4.8.2 and later versions.
6242 ++ *
6243 ++ * (asm goto is automatically volatile - the naming reflects this.)
6244 ++ */
6245 ++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
6246 ++
6247 ++#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
6248 ++#define __HAVE_BUILTIN_BSWAP32__
6249 ++#define __HAVE_BUILTIN_BSWAP64__
6250 ++#define __HAVE_BUILTIN_BSWAP16__
6251 ++#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
6252 +diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
6253 +index 7fa31731c854..83a76633c03e 100644
6254 +--- a/include/linux/pci_ids.h
6255 ++++ b/include/linux/pci_ids.h
6256 +@@ -2555,6 +2555,7 @@
6257 + #define PCI_DEVICE_ID_INTEL_MFD_EMMC0 0x0823
6258 + #define PCI_DEVICE_ID_INTEL_MFD_EMMC1 0x0824
6259 + #define PCI_DEVICE_ID_INTEL_MRST_SD2 0x084F
6260 ++#define PCI_DEVICE_ID_INTEL_QUARK_X1000_ILB 0x095E
6261 + #define PCI_DEVICE_ID_INTEL_I960 0x0960
6262 + #define PCI_DEVICE_ID_INTEL_I960RM 0x0962
6263 + #define PCI_DEVICE_ID_INTEL_CENTERTON_ILB 0x0c60
6264 +diff --git a/include/linux/sched.h b/include/linux/sched.h
6265 +index 0376b054a0d0..c5cc872b351d 100644
6266 +--- a/include/linux/sched.h
6267 ++++ b/include/linux/sched.h
6268 +@@ -1947,11 +1947,13 @@ extern void thread_group_cputime_adjusted(struct task_struct *p, cputime_t *ut,
6269 + #define tsk_used_math(p) ((p)->flags & PF_USED_MATH)
6270 + #define used_math() tsk_used_math(current)
6271 +
6272 +-/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */
6273 ++/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags
6274 ++ * __GFP_FS is also cleared as it implies __GFP_IO.
6275 ++ */
6276 + static inline gfp_t memalloc_noio_flags(gfp_t flags)
6277 + {
6278 + if (unlikely(current->flags & PF_MEMALLOC_NOIO))
6279 +- flags &= ~__GFP_IO;
6280 ++ flags &= ~(__GFP_IO | __GFP_FS);
6281 + return flags;
6282 + }
6283 +
6284 +diff --git a/include/uapi/linux/hyperv.h b/include/uapi/linux/hyperv.h
6285 +index 78e4a86030dd..0a8e6badb29b 100644
6286 +--- a/include/uapi/linux/hyperv.h
6287 ++++ b/include/uapi/linux/hyperv.h
6288 +@@ -137,7 +137,7 @@ struct hv_do_fcopy {
6289 + __u64 offset;
6290 + __u32 size;
6291 + __u8 data[DATA_FRAGMENT];
6292 +-};
6293 ++} __attribute__((packed));
6294 +
6295 + /*
6296 + * An implementation of HyperV key value pair (KVP) functionality for Linux.
6297 +diff --git a/kernel/futex.c b/kernel/futex.c
6298 +index c20fb395a672..c5909b46af98 100644
6299 +--- a/kernel/futex.c
6300 ++++ b/kernel/futex.c
6301 +@@ -343,6 +343,8 @@ static void get_futex_key_refs(union futex_key *key)
6302 + case FUT_OFF_MMSHARED:
6303 + futex_get_mm(key); /* implies MB (B) */
6304 + break;
6305 ++ default:
6306 ++ smp_mb(); /* explicit MB (B) */
6307 + }
6308 + }
6309 +
6310 +diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
6311 +index 8563081e8da3..a1c387f6afba 100644
6312 +--- a/lib/lzo/lzo1x_decompress_safe.c
6313 ++++ b/lib/lzo/lzo1x_decompress_safe.c
6314 +@@ -19,31 +19,21 @@
6315 + #include <linux/lzo.h>
6316 + #include "lzodefs.h"
6317 +
6318 +-#define HAVE_IP(t, x) \
6319 +- (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
6320 +- (((t + x) >= t) && ((t + x) >= x)))
6321 ++#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
6322 ++#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
6323 ++#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
6324 ++#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
6325 ++#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
6326 +
6327 +-#define HAVE_OP(t, x) \
6328 +- (((size_t)(op_end - op) >= (size_t)(t + x)) && \
6329 +- (((t + x) >= t) && ((t + x) >= x)))
6330 +-
6331 +-#define NEED_IP(t, x) \
6332 +- do { \
6333 +- if (!HAVE_IP(t, x)) \
6334 +- goto input_overrun; \
6335 +- } while (0)
6336 +-
6337 +-#define NEED_OP(t, x) \
6338 +- do { \
6339 +- if (!HAVE_OP(t, x)) \
6340 +- goto output_overrun; \
6341 +- } while (0)
6342 +-
6343 +-#define TEST_LB(m_pos) \
6344 +- do { \
6345 +- if ((m_pos) < out) \
6346 +- goto lookbehind_overrun; \
6347 +- } while (0)
6348 ++/* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
6349 ++ * count without overflowing an integer. The multiply will overflow when
6350 ++ * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
6351 ++ * depending on the base count. Since the base count is taken from a u8
6352 ++ * and a few bits, it is safe to assume that it will always be lower than
6353 ++ * or equal to 2*255, thus we can always prevent any overflow by accepting
6354 ++ * two less 255 steps. See Documentation/lzo.txt for more information.
6355 ++ */
6356 ++#define MAX_255_COUNT ((((size_t)~0) / 255) - 2)
6357 +
6358 + int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
6359 + unsigned char *out, size_t *out_len)
6360 +@@ -75,17 +65,24 @@ int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
6361 + if (t < 16) {
6362 + if (likely(state == 0)) {
6363 + if (unlikely(t == 0)) {
6364 ++ size_t offset;
6365 ++ const unsigned char *ip_last = ip;
6366 ++
6367 + while (unlikely(*ip == 0)) {
6368 +- t += 255;
6369 + ip++;
6370 +- NEED_IP(1, 0);
6371 ++ NEED_IP(1);
6372 + }
6373 +- t += 15 + *ip++;
6374 ++ offset = ip - ip_last;
6375 ++ if (unlikely(offset > MAX_255_COUNT))
6376 ++ return LZO_E_ERROR;
6377 ++
6378 ++ offset = (offset << 8) - offset;
6379 ++ t += offset + 15 + *ip++;
6380 + }
6381 + t += 3;
6382 + copy_literal_run:
6383 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
6384 +- if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
6385 ++ if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
6386 + const unsigned char *ie = ip + t;
6387 + unsigned char *oe = op + t;
6388 + do {
6389 +@@ -101,8 +98,8 @@ copy_literal_run:
6390 + } else
6391 + #endif
6392 + {
6393 +- NEED_OP(t, 0);
6394 +- NEED_IP(t, 3);
6395 ++ NEED_OP(t);
6396 ++ NEED_IP(t + 3);
6397 + do {
6398 + *op++ = *ip++;
6399 + } while (--t > 0);
6400 +@@ -115,7 +112,7 @@ copy_literal_run:
6401 + m_pos -= t >> 2;
6402 + m_pos -= *ip++ << 2;
6403 + TEST_LB(m_pos);
6404 +- NEED_OP(2, 0);
6405 ++ NEED_OP(2);
6406 + op[0] = m_pos[0];
6407 + op[1] = m_pos[1];
6408 + op += 2;
6409 +@@ -136,13 +133,20 @@ copy_literal_run:
6410 + } else if (t >= 32) {
6411 + t = (t & 31) + (3 - 1);
6412 + if (unlikely(t == 2)) {
6413 ++ size_t offset;
6414 ++ const unsigned char *ip_last = ip;
6415 ++
6416 + while (unlikely(*ip == 0)) {
6417 +- t += 255;
6418 + ip++;
6419 +- NEED_IP(1, 0);
6420 ++ NEED_IP(1);
6421 + }
6422 +- t += 31 + *ip++;
6423 +- NEED_IP(2, 0);
6424 ++ offset = ip - ip_last;
6425 ++ if (unlikely(offset > MAX_255_COUNT))
6426 ++ return LZO_E_ERROR;
6427 ++
6428 ++ offset = (offset << 8) - offset;
6429 ++ t += offset + 31 + *ip++;
6430 ++ NEED_IP(2);
6431 + }
6432 + m_pos = op - 1;
6433 + next = get_unaligned_le16(ip);
6434 +@@ -154,13 +158,20 @@ copy_literal_run:
6435 + m_pos -= (t & 8) << 11;
6436 + t = (t & 7) + (3 - 1);
6437 + if (unlikely(t == 2)) {
6438 ++ size_t offset;
6439 ++ const unsigned char *ip_last = ip;
6440 ++
6441 + while (unlikely(*ip == 0)) {
6442 +- t += 255;
6443 + ip++;
6444 +- NEED_IP(1, 0);
6445 ++ NEED_IP(1);
6446 + }
6447 +- t += 7 + *ip++;
6448 +- NEED_IP(2, 0);
6449 ++ offset = ip - ip_last;
6450 ++ if (unlikely(offset > MAX_255_COUNT))
6451 ++ return LZO_E_ERROR;
6452 ++
6453 ++ offset = (offset << 8) - offset;
6454 ++ t += offset + 7 + *ip++;
6455 ++ NEED_IP(2);
6456 + }
6457 + next = get_unaligned_le16(ip);
6458 + ip += 2;
6459 +@@ -174,7 +185,7 @@ copy_literal_run:
6460 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
6461 + if (op - m_pos >= 8) {
6462 + unsigned char *oe = op + t;
6463 +- if (likely(HAVE_OP(t, 15))) {
6464 ++ if (likely(HAVE_OP(t + 15))) {
6465 + do {
6466 + COPY8(op, m_pos);
6467 + op += 8;
6468 +@@ -184,7 +195,7 @@ copy_literal_run:
6469 + m_pos += 8;
6470 + } while (op < oe);
6471 + op = oe;
6472 +- if (HAVE_IP(6, 0)) {
6473 ++ if (HAVE_IP(6)) {
6474 + state = next;
6475 + COPY4(op, ip);
6476 + op += next;
6477 +@@ -192,7 +203,7 @@ copy_literal_run:
6478 + continue;
6479 + }
6480 + } else {
6481 +- NEED_OP(t, 0);
6482 ++ NEED_OP(t);
6483 + do {
6484 + *op++ = *m_pos++;
6485 + } while (op < oe);
6486 +@@ -201,7 +212,7 @@ copy_literal_run:
6487 + #endif
6488 + {
6489 + unsigned char *oe = op + t;
6490 +- NEED_OP(t, 0);
6491 ++ NEED_OP(t);
6492 + op[0] = m_pos[0];
6493 + op[1] = m_pos[1];
6494 + op += 2;
6495 +@@ -214,15 +225,15 @@ match_next:
6496 + state = next;
6497 + t = next;
6498 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
6499 +- if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
6500 ++ if (likely(HAVE_IP(6) && HAVE_OP(4))) {
6501 + COPY4(op, ip);
6502 + op += t;
6503 + ip += t;
6504 + } else
6505 + #endif
6506 + {
6507 +- NEED_IP(t, 3);
6508 +- NEED_OP(t, 0);
6509 ++ NEED_IP(t + 3);
6510 ++ NEED_OP(t);
6511 + while (t > 0) {
6512 + *op++ = *ip++;
6513 + t--;
6514 +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
6515 +index 323f23cd2c37..84c0a21c1cda 100644
6516 +--- a/net/bluetooth/l2cap_core.c
6517 ++++ b/net/bluetooth/l2cap_core.c
6518 +@@ -2400,12 +2400,8 @@ static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
6519 +
6520 + BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
6521 +
6522 +- pdu_len = chan->conn->mtu - L2CAP_HDR_SIZE;
6523 +-
6524 +- pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
6525 +-
6526 + sdu_len = len;
6527 +- pdu_len -= L2CAP_SDULEN_SIZE;
6528 ++ pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
6529 +
6530 + while (len > 0) {
6531 + if (len <= pdu_len)
6532 +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
6533 +index e33a982161c1..7b7f3de79db9 100644
6534 +--- a/net/bluetooth/smp.c
6535 ++++ b/net/bluetooth/smp.c
6536 +@@ -432,8 +432,11 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
6537 + }
6538 +
6539 + /* Not Just Works/Confirm results in MITM Authentication */
6540 +- if (method != JUST_CFM)
6541 ++ if (method != JUST_CFM) {
6542 + set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
6543 ++ if (hcon->pending_sec_level < BT_SECURITY_HIGH)
6544 ++ hcon->pending_sec_level = BT_SECURITY_HIGH;
6545 ++ }
6546 +
6547 + /* If both devices have Keyoard-Display I/O, the master
6548 + * Confirms and the slave Enters the passkey.
6549 +diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
6550 +index d3113d4aaa3c..bd8cef5b67e4 100644
6551 +--- a/security/integrity/ima/ima_appraise.c
6552 ++++ b/security/integrity/ima/ima_appraise.c
6553 +@@ -194,8 +194,11 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
6554 + goto out;
6555 +
6556 + cause = "missing-hash";
6557 +- status =
6558 +- (inode->i_size == 0) ? INTEGRITY_PASS : INTEGRITY_NOLABEL;
6559 ++ status = INTEGRITY_NOLABEL;
6560 ++ if (inode->i_size == 0) {
6561 ++ iint->flags |= IMA_NEW_FILE;
6562 ++ status = INTEGRITY_PASS;
6563 ++ }
6564 + goto out;
6565 + }
6566 +
6567 +diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
6568 +index ccd0ac8fa9a0..b126a78d5763 100644
6569 +--- a/security/integrity/ima/ima_crypto.c
6570 ++++ b/security/integrity/ima/ima_crypto.c
6571 +@@ -40,19 +40,19 @@ static int ima_kernel_read(struct file *file, loff_t offset,
6572 + {
6573 + mm_segment_t old_fs;
6574 + char __user *buf = addr;
6575 +- ssize_t ret;
6576 ++ ssize_t ret = -EINVAL;
6577 +
6578 + if (!(file->f_mode & FMODE_READ))
6579 + return -EBADF;
6580 +- if (!file->f_op->read && !file->f_op->aio_read)
6581 +- return -EINVAL;
6582 +
6583 + old_fs = get_fs();
6584 + set_fs(get_ds());
6585 + if (file->f_op->read)
6586 + ret = file->f_op->read(file, buf, count, &offset);
6587 +- else
6588 ++ else if (file->f_op->aio_read)
6589 + ret = do_sync_read(file, buf, count, &offset);
6590 ++ else if (file->f_op->read_iter)
6591 ++ ret = new_sync_read(file, buf, count, &offset);
6592 + set_fs(old_fs);
6593 + return ret;
6594 + }
6595 +diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
6596 +index 09baa335ebc7..e7745a07146d 100644
6597 +--- a/security/integrity/ima/ima_main.c
6598 ++++ b/security/integrity/ima/ima_main.c
6599 +@@ -128,11 +128,13 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
6600 + return;
6601 +
6602 + mutex_lock(&inode->i_mutex);
6603 +- if (atomic_read(&inode->i_writecount) == 1 &&
6604 +- iint->version != inode->i_version) {
6605 +- iint->flags &= ~IMA_DONE_MASK;
6606 +- if (iint->flags & IMA_APPRAISE)
6607 +- ima_update_xattr(iint, file);
6608 ++ if (atomic_read(&inode->i_writecount) == 1) {
6609 ++ if ((iint->version != inode->i_version) ||
6610 ++ (iint->flags & IMA_NEW_FILE)) {
6611 ++ iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
6612 ++ if (iint->flags & IMA_APPRAISE)
6613 ++ ima_update_xattr(iint, file);
6614 ++ }
6615 + }
6616 + mutex_unlock(&inode->i_mutex);
6617 + }
6618 +diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
6619 +index 33c0a70f6b15..2f8715d77a5a 100644
6620 +--- a/security/integrity/integrity.h
6621 ++++ b/security/integrity/integrity.h
6622 +@@ -31,6 +31,7 @@
6623 + #define IMA_DIGSIG 0x01000000
6624 + #define IMA_DIGSIG_REQUIRED 0x02000000
6625 + #define IMA_PERMIT_DIRECTIO 0x04000000
6626 ++#define IMA_NEW_FILE 0x08000000
6627 +
6628 + #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
6629 + IMA_APPRAISE_SUBMASK)
6630 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
6631 +index b653ab001fba..39c572806d0d 100644
6632 +--- a/sound/core/pcm_native.c
6633 ++++ b/sound/core/pcm_native.c
6634 +@@ -3190,7 +3190,7 @@ static const struct vm_operations_struct snd_pcm_vm_ops_data_fault = {
6635 +
6636 + #ifndef ARCH_HAS_DMA_MMAP_COHERENT
6637 + /* This should be defined / handled globally! */
6638 +-#ifdef CONFIG_ARM
6639 ++#if defined(CONFIG_ARM) || defined(CONFIG_ARM64)
6640 + #define ARCH_HAS_DMA_MMAP_COHERENT
6641 + #endif
6642 + #endif
6643 +diff --git a/sound/firewire/bebob/bebob_terratec.c b/sound/firewire/bebob/bebob_terratec.c
6644 +index eef8ea7d9b97..0e4c0bfc463b 100644
6645 +--- a/sound/firewire/bebob/bebob_terratec.c
6646 ++++ b/sound/firewire/bebob/bebob_terratec.c
6647 +@@ -17,10 +17,10 @@ phase88_rack_clk_src_get(struct snd_bebob *bebob, unsigned int *id)
6648 + unsigned int enable_ext, enable_word;
6649 + int err;
6650 +
6651 +- err = avc_audio_get_selector(bebob->unit, 0, 0, &enable_ext);
6652 ++ err = avc_audio_get_selector(bebob->unit, 0, 9, &enable_ext);
6653 + if (err < 0)
6654 + goto end;
6655 +- err = avc_audio_get_selector(bebob->unit, 0, 0, &enable_word);
6656 ++ err = avc_audio_get_selector(bebob->unit, 0, 8, &enable_word);
6657 + if (err < 0)
6658 + goto end;
6659 +
6660 +diff --git a/sound/pci/emu10k1/emu10k1_callback.c b/sound/pci/emu10k1/emu10k1_callback.c
6661 +index 3f3ef38d9b6e..874cd76c7b7f 100644
6662 +--- a/sound/pci/emu10k1/emu10k1_callback.c
6663 ++++ b/sound/pci/emu10k1/emu10k1_callback.c
6664 +@@ -85,6 +85,8 @@ snd_emu10k1_ops_setup(struct snd_emux *emux)
6665 + * get more voice for pcm
6666 + *
6667 + * terminate most inactive voice and give it as a pcm voice.
6668 ++ *
6669 ++ * voice_lock is already held.
6670 + */
6671 + int
6672 + snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
6673 +@@ -92,12 +94,10 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
6674 + struct snd_emux *emu;
6675 + struct snd_emux_voice *vp;
6676 + struct best_voice best[V_END];
6677 +- unsigned long flags;
6678 + int i;
6679 +
6680 + emu = hw->synth;
6681 +
6682 +- spin_lock_irqsave(&emu->voice_lock, flags);
6683 + lookup_voices(emu, hw, best, 1); /* no OFF voices */
6684 + for (i = 0; i < V_END; i++) {
6685 + if (best[i].voice >= 0) {
6686 +@@ -113,11 +113,9 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
6687 + vp->emu->num_voices--;
6688 + vp->ch = -1;
6689 + vp->state = SNDRV_EMUX_ST_OFF;
6690 +- spin_unlock_irqrestore(&emu->voice_lock, flags);
6691 + return ch;
6692 + }
6693 + }
6694 +- spin_unlock_irqrestore(&emu->voice_lock, flags);
6695 +
6696 + /* not found */
6697 + return -ENOMEM;
6698 +diff --git a/sound/pci/hda/hda_local.h b/sound/pci/hda/hda_local.h
6699 +index 4e2d4863daa1..cb06a553b9d9 100644
6700 +--- a/sound/pci/hda/hda_local.h
6701 ++++ b/sound/pci/hda/hda_local.h
6702 +@@ -424,7 +424,7 @@ struct snd_hda_pin_quirk {
6703 + .subvendor = _subvendor,\
6704 + .name = _name,\
6705 + .value = _value,\
6706 +- .pins = (const struct hda_pintbl[]) { _pins } \
6707 ++ .pins = (const struct hda_pintbl[]) { _pins, {0, 0}} \
6708 + }
6709 + #else
6710 +
6711 +@@ -432,7 +432,7 @@ struct snd_hda_pin_quirk {
6712 + { .codec = _codec,\
6713 + .subvendor = _subvendor,\
6714 + .value = _value,\
6715 +- .pins = (const struct hda_pintbl[]) { _pins } \
6716 ++ .pins = (const struct hda_pintbl[]) { _pins, {0, 0}} \
6717 + }
6718 +
6719 + #endif
6720 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
6721 +index ba4ca52072ff..ddd825bce575 100644
6722 +--- a/sound/pci/hda/patch_hdmi.c
6723 ++++ b/sound/pci/hda/patch_hdmi.c
6724 +@@ -1574,19 +1574,22 @@ static bool hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll)
6725 + }
6726 + }
6727 +
6728 +- if (pin_eld->eld_valid && !eld->eld_valid) {
6729 +- update_eld = true;
6730 ++ if (pin_eld->eld_valid != eld->eld_valid)
6731 + eld_changed = true;
6732 +- }
6733 ++
6734 ++ if (pin_eld->eld_valid && !eld->eld_valid)
6735 ++ update_eld = true;
6736 ++
6737 + if (update_eld) {
6738 + bool old_eld_valid = pin_eld->eld_valid;
6739 + pin_eld->eld_valid = eld->eld_valid;
6740 +- eld_changed = pin_eld->eld_size != eld->eld_size ||
6741 ++ if (pin_eld->eld_size != eld->eld_size ||
6742 + memcmp(pin_eld->eld_buffer, eld->eld_buffer,
6743 +- eld->eld_size) != 0;
6744 +- if (eld_changed)
6745 ++ eld->eld_size) != 0) {
6746 + memcpy(pin_eld->eld_buffer, eld->eld_buffer,
6747 + eld->eld_size);
6748 ++ eld_changed = true;
6749 ++ }
6750 + pin_eld->eld_size = eld->eld_size;
6751 + pin_eld->info = eld->info;
6752 +
6753 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
6754 +index 88e4623d4f97..c8bf72832731 100644
6755 +--- a/sound/pci/hda/patch_realtek.c
6756 ++++ b/sound/pci/hda/patch_realtek.c
6757 +@@ -3103,6 +3103,9 @@ static void alc283_shutup(struct hda_codec *codec)
6758 +
6759 + alc_write_coef_idx(codec, 0x43, 0x9004);
6760 +
6761 ++ /*depop hp during suspend*/
6762 ++ alc_write_coef_idx(codec, 0x06, 0x2100);
6763 ++
6764 + snd_hda_codec_write(codec, hp_pin, 0,
6765 + AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
6766 +
6767 +@@ -5575,9 +5578,9 @@ static void alc662_led_gpio1_mute_hook(void *private_data, int enabled)
6768 + unsigned int oldval = spec->gpio_led;
6769 +
6770 + if (enabled)
6771 +- spec->gpio_led &= ~0x01;
6772 +- else
6773 + spec->gpio_led |= 0x01;
6774 ++ else
6775 ++ spec->gpio_led &= ~0x01;
6776 + if (spec->gpio_led != oldval)
6777 + snd_hda_codec_write(codec, 0x01, 0, AC_VERB_SET_GPIO_DATA,
6778 + spec->gpio_led);
6779 +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
6780 +index 223c47b33ba3..c657752a420c 100644
6781 +--- a/sound/usb/quirks-table.h
6782 ++++ b/sound/usb/quirks-table.h
6783 +@@ -385,6 +385,36 @@ YAMAHA_DEVICE(0x105d, NULL),
6784 + }
6785 + },
6786 + {
6787 ++ USB_DEVICE(0x0499, 0x1509),
6788 ++ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
6789 ++ /* .vendor_name = "Yamaha", */
6790 ++ /* .product_name = "Steinberg UR22", */
6791 ++ .ifnum = QUIRK_ANY_INTERFACE,
6792 ++ .type = QUIRK_COMPOSITE,
6793 ++ .data = (const struct snd_usb_audio_quirk[]) {
6794 ++ {
6795 ++ .ifnum = 1,
6796 ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE
6797 ++ },
6798 ++ {
6799 ++ .ifnum = 2,
6800 ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE
6801 ++ },
6802 ++ {
6803 ++ .ifnum = 3,
6804 ++ .type = QUIRK_MIDI_YAMAHA
6805 ++ },
6806 ++ {
6807 ++ .ifnum = 4,
6808 ++ .type = QUIRK_IGNORE_INTERFACE
6809 ++ },
6810 ++ {
6811 ++ .ifnum = -1
6812 ++ }
6813 ++ }
6814 ++ }
6815 ++},
6816 ++{
6817 + USB_DEVICE(0x0499, 0x150a),
6818 + .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
6819 + /* .vendor_name = "Yamaha", */
6820 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
6821 +index 4b6c01b477f9..438851c2a797 100644
6822 +--- a/virt/kvm/kvm_main.c
6823 ++++ b/virt/kvm/kvm_main.c
6824 +@@ -52,6 +52,7 @@
6825 +
6826 + #include <asm/processor.h>
6827 + #include <asm/io.h>
6828 ++#include <asm/ioctl.h>
6829 + #include <asm/uaccess.h>
6830 + #include <asm/pgtable.h>
6831 +
6832 +@@ -95,8 +96,6 @@ static int hardware_enable_all(void);
6833 + static void hardware_disable_all(void);
6834 +
6835 + static void kvm_io_bus_destroy(struct kvm_io_bus *bus);
6836 +-static void update_memslots(struct kvm_memslots *slots,
6837 +- struct kvm_memory_slot *new, u64 last_generation);
6838 +
6839 + static void kvm_release_pfn_dirty(pfn_t pfn);
6840 + static void mark_page_dirty_in_slot(struct kvm *kvm,
6841 +@@ -474,6 +473,13 @@ static struct kvm *kvm_create_vm(unsigned long type)
6842 + kvm->memslots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
6843 + if (!kvm->memslots)
6844 + goto out_err_no_srcu;
6845 ++
6846 ++ /*
6847 ++ * Init kvm generation close to the maximum to easily test the
6848 ++ * code of handling generation number wrap-around.
6849 ++ */
6850 ++ kvm->memslots->generation = -150;
6851 ++
6852 + kvm_init_memslots_id(kvm);
6853 + if (init_srcu_struct(&kvm->srcu))
6854 + goto out_err_no_srcu;
6855 +@@ -685,8 +691,7 @@ static void sort_memslots(struct kvm_memslots *slots)
6856 + }
6857 +
6858 + static void update_memslots(struct kvm_memslots *slots,
6859 +- struct kvm_memory_slot *new,
6860 +- u64 last_generation)
6861 ++ struct kvm_memory_slot *new)
6862 + {
6863 + if (new) {
6864 + int id = new->id;
6865 +@@ -697,8 +702,6 @@ static void update_memslots(struct kvm_memslots *slots,
6866 + if (new->npages != npages)
6867 + sort_memslots(slots);
6868 + }
6869 +-
6870 +- slots->generation = last_generation + 1;
6871 + }
6872 +
6873 + static int check_memory_region_flags(struct kvm_userspace_memory_region *mem)
6874 +@@ -720,10 +723,24 @@ static struct kvm_memslots *install_new_memslots(struct kvm *kvm,
6875 + {
6876 + struct kvm_memslots *old_memslots = kvm->memslots;
6877 +
6878 +- update_memslots(slots, new, kvm->memslots->generation);
6879 ++ /*
6880 ++ * Set the low bit in the generation, which disables SPTE caching
6881 ++ * until the end of synchronize_srcu_expedited.
6882 ++ */
6883 ++ WARN_ON(old_memslots->generation & 1);
6884 ++ slots->generation = old_memslots->generation + 1;
6885 ++
6886 ++ update_memslots(slots, new);
6887 + rcu_assign_pointer(kvm->memslots, slots);
6888 + synchronize_srcu_expedited(&kvm->srcu);
6889 +
6890 ++ /*
6891 ++ * Increment the new memslot generation a second time. This prevents
6892 ++ * vm exits that race with memslot updates from caching a memslot
6893 ++ * generation that will (potentially) be valid forever.
6894 ++ */
6895 ++ slots->generation++;
6896 ++
6897 + kvm_arch_memslots_updated(kvm);
6898 +
6899 + return old_memslots;
6900 +@@ -1973,6 +1990,9 @@ static long kvm_vcpu_ioctl(struct file *filp,
6901 + if (vcpu->kvm->mm != current->mm)
6902 + return -EIO;
6903 +
6904 ++ if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
6905 ++ return -EINVAL;
6906 ++
6907 + #if defined(CONFIG_S390) || defined(CONFIG_PPC) || defined(CONFIG_MIPS)
6908 + /*
6909 + * Special cases: vcpu ioctls that are asynchronous to vcpu execution,
Report Message
Find on MARC Find on Google Groups