Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.9.22/, 4.9.21/
Date: Fri, 14 Apr 2017 14:49:48
Message-Id: 1492181323.c0ac9f36b469dcdb20ee37316e77a21994bafc50.blueness@gentoo
1 commit: c0ac9f36b469dcdb20ee37316e77a21994bafc50
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Fri Apr 14 14:48:43 2017 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Fri Apr 14 14:48:43 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=c0ac9f36
7
8 grsecurity-3.1-4.9.22-201704120836
9
10 4.9.21/1020_linux-4.9.21.patch | 4658 --------------------
11 {4.9.21 => 4.9.22}/0000_README | 6 +-
12 .../4420_grsecurity-3.1-4.9.22-201704120836.patch | 146 +-
13 {4.9.21 => 4.9.22}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4426_default_XATTR_PAX_FLAGS.patch | 0
15 .../4427_force_XATTR_PAX_tmpfs.patch | 0
16 .../4430_grsec-remove-localversion-grsec.patch | 0
17 {4.9.21 => 4.9.22}/4435_grsec-mute-warnings.patch | 0
18 .../4440_grsec-remove-protected-paths.patch | 0
19 .../4450_grsec-kconfig-default-gids.patch | 0
20 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
21 {4.9.21 => 4.9.22}/4470_disable-compat_vdso.patch | 0
22 {4.9.21 => 4.9.22}/4475_emutramp_default_on.patch | 0
23 13 files changed, 74 insertions(+), 4736 deletions(-)
24
25 diff --git a/4.9.21/1020_linux-4.9.21.patch b/4.9.21/1020_linux-4.9.21.patch
26 deleted file mode 100644
27 index 42defb2..0000000
28 --- a/4.9.21/1020_linux-4.9.21.patch
29 +++ /dev/null
30 @@ -1,4658 +0,0 @@
31 -diff --git a/Makefile b/Makefile
32 -index 4496018..1523557 100644
33 ---- a/Makefile
34 -+++ b/Makefile
35 -@@ -1,6 +1,6 @@
36 - VERSION = 4
37 - PATCHLEVEL = 9
38 --SUBLEVEL = 20
39 -+SUBLEVEL = 21
40 - EXTRAVERSION =
41 - NAME = Roaring Lionus
42 -
43 -diff --git a/arch/arm/boot/dts/bcm5301x.dtsi b/arch/arm/boot/dts/bcm5301x.dtsi
44 -index ae4b388..4616452 100644
45 ---- a/arch/arm/boot/dts/bcm5301x.dtsi
46 -+++ b/arch/arm/boot/dts/bcm5301x.dtsi
47 -@@ -66,14 +66,14 @@
48 - timer@20200 {
49 - compatible = "arm,cortex-a9-global-timer";
50 - reg = <0x20200 0x100>;
51 -- interrupts = <GIC_PPI 11 IRQ_TYPE_LEVEL_HIGH>;
52 -+ interrupts = <GIC_PPI 11 IRQ_TYPE_EDGE_RISING>;
53 - clocks = <&periph_clk>;
54 - };
55 -
56 - local-timer@20600 {
57 - compatible = "arm,cortex-a9-twd-timer";
58 - reg = <0x20600 0x100>;
59 -- interrupts = <GIC_PPI 13 IRQ_TYPE_LEVEL_HIGH>;
60 -+ interrupts = <GIC_PPI 13 IRQ_TYPE_EDGE_RISING>;
61 - clocks = <&periph_clk>;
62 - };
63 -
64 -diff --git a/arch/arm/mach-bcm/bcm_5301x.c b/arch/arm/mach-bcm/bcm_5301x.c
65 -index c8830a2..fe067f6 100644
66 ---- a/arch/arm/mach-bcm/bcm_5301x.c
67 -+++ b/arch/arm/mach-bcm/bcm_5301x.c
68 -@@ -9,14 +9,42 @@
69 - #include <asm/hardware/cache-l2x0.h>
70 -
71 - #include <asm/mach/arch.h>
72 -+#include <asm/siginfo.h>
73 -+#include <asm/signal.h>
74 -+
75 -+#define FSR_EXTERNAL (1 << 12)
76 -+#define FSR_READ (0 << 10)
77 -+#define FSR_IMPRECISE 0x0406
78 -
79 - static const char *const bcm5301x_dt_compat[] __initconst = {
80 - "brcm,bcm4708",
81 - NULL,
82 - };
83 -
84 -+static int bcm5301x_abort_handler(unsigned long addr, unsigned int fsr,
85 -+ struct pt_regs *regs)
86 -+{
87 -+ /*
88 -+ * We want to ignore aborts forwarded from the PCIe bus that are
89 -+ * expected and shouldn't really be passed by the PCIe controller.
90 -+ * The biggest disadvantage is the same FSR code may be reported when
91 -+ * reading non-existing APB register and we shouldn't ignore that.
92 -+ */
93 -+ if (fsr == (FSR_EXTERNAL | FSR_READ | FSR_IMPRECISE))
94 -+ return 0;
95 -+
96 -+ return 1;
97 -+}
98 -+
99 -+static void __init bcm5301x_init_early(void)
100 -+{
101 -+ hook_fault_code(16 + 6, bcm5301x_abort_handler, SIGBUS, BUS_OBJERR,
102 -+ "imprecise external abort");
103 -+}
104 -+
105 - DT_MACHINE_START(BCM5301X, "BCM5301X")
106 - .l2c_aux_val = 0,
107 - .l2c_aux_mask = ~0,
108 - .dt_compat = bcm5301x_dt_compat,
109 -+ .init_early = bcm5301x_init_early,
110 - MACHINE_END
111 -diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c
112 -index 8ac0e59..0ddf369 100644
113 ---- a/arch/mips/lantiq/irq.c
114 -+++ b/arch/mips/lantiq/irq.c
115 -@@ -269,6 +269,11 @@ static void ltq_hw5_irqdispatch(void)
116 - DEFINE_HWx_IRQDISPATCH(5)
117 - #endif
118 -
119 -+static void ltq_hw_irq_handler(struct irq_desc *desc)
120 -+{
121 -+ ltq_hw_irqdispatch(irq_desc_get_irq(desc) - 2);
122 -+}
123 -+
124 - #ifdef CONFIG_MIPS_MT_SMP
125 - void __init arch_init_ipiirq(int irq, struct irqaction *action)
126 - {
127 -@@ -313,23 +318,19 @@ static struct irqaction irq_call = {
128 - asmlinkage void plat_irq_dispatch(void)
129 - {
130 - unsigned int pending = read_c0_status() & read_c0_cause() & ST0_IM;
131 -- unsigned int i;
132 --
133 -- if ((MIPS_CPU_TIMER_IRQ == 7) && (pending & CAUSEF_IP7)) {
134 -- do_IRQ(MIPS_CPU_TIMER_IRQ);
135 -- goto out;
136 -- } else {
137 -- for (i = 0; i < MAX_IM; i++) {
138 -- if (pending & (CAUSEF_IP2 << i)) {
139 -- ltq_hw_irqdispatch(i);
140 -- goto out;
141 -- }
142 -- }
143 -+ int irq;
144 -+
145 -+ if (!pending) {
146 -+ spurious_interrupt();
147 -+ return;
148 - }
149 -- pr_alert("Spurious IRQ: CAUSE=0x%08x\n", read_c0_status());
150 -
151 --out:
152 -- return;
153 -+ pending >>= CAUSEB_IP;
154 -+ while (pending) {
155 -+ irq = fls(pending) - 1;
156 -+ do_IRQ(MIPS_CPU_IRQ_BASE + irq);
157 -+ pending &= ~BIT(irq);
158 -+ }
159 - }
160 -
161 - static int icu_map(struct irq_domain *d, unsigned int irq, irq_hw_number_t hw)
162 -@@ -354,11 +355,6 @@ static const struct irq_domain_ops irq_domain_ops = {
163 - .map = icu_map,
164 - };
165 -
166 --static struct irqaction cascade = {
167 -- .handler = no_action,
168 -- .name = "cascade",
169 --};
170 --
171 - int __init icu_of_init(struct device_node *node, struct device_node *parent)
172 - {
173 - struct device_node *eiu_node;
174 -@@ -390,7 +386,7 @@ int __init icu_of_init(struct device_node *node, struct device_node *parent)
175 - mips_cpu_irq_init();
176 -
177 - for (i = 0; i < MAX_IM; i++)
178 -- setup_irq(i + 2, &cascade);
179 -+ irq_set_chained_handler(i + 2, ltq_hw_irq_handler);
180 -
181 - if (cpu_has_vint) {
182 - pr_info("Setting up vectored interrupts\n");
183 -diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
184 -index 9a2aee1..7fcf512 100644
185 ---- a/arch/parisc/include/asm/uaccess.h
186 -+++ b/arch/parisc/include/asm/uaccess.h
187 -@@ -68,6 +68,15 @@ struct exception_table_entry {
188 - ".previous\n"
189 -
190 - /*
191 -+ * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry
192 -+ * (with lowest bit set) for which the fault handler in fixup_exception() will
193 -+ * load -EFAULT into %r8 for a read or write fault, and zeroes the target
194 -+ * register in case of a read fault in get_user().
195 -+ */
196 -+#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr )\
197 -+ ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1)
198 -+
199 -+/*
200 - * The page fault handler stores, in a per-cpu area, the following information
201 - * if a fixup routine is available.
202 - */
203 -@@ -94,7 +103,7 @@ struct exception_data {
204 - #define __get_user(x, ptr) \
205 - ({ \
206 - register long __gu_err __asm__ ("r8") = 0; \
207 -- register long __gu_val __asm__ ("r9") = 0; \
208 -+ register long __gu_val; \
209 - \
210 - load_sr2(); \
211 - switch (sizeof(*(ptr))) { \
212 -@@ -110,22 +119,23 @@ struct exception_data {
213 - })
214 -
215 - #define __get_user_asm(ldx, ptr) \
216 -- __asm__("\n1:\t" ldx "\t0(%%sr2,%2),%0\n\t" \
217 -- ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_1)\
218 -+ __asm__("1: " ldx " 0(%%sr2,%2),%0\n" \
219 -+ "9:\n" \
220 -+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
221 - : "=r"(__gu_val), "=r"(__gu_err) \
222 -- : "r"(ptr), "1"(__gu_err) \
223 -- : "r1");
224 -+ : "r"(ptr), "1"(__gu_err));
225 -
226 - #if !defined(CONFIG_64BIT)
227 -
228 - #define __get_user_asm64(ptr) \
229 -- __asm__("\n1:\tldw 0(%%sr2,%2),%0" \
230 -- "\n2:\tldw 4(%%sr2,%2),%R0\n\t" \
231 -- ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_2)\
232 -- ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_get_user_skip_1)\
233 -+ __asm__(" copy %%r0,%R0\n" \
234 -+ "1: ldw 0(%%sr2,%2),%0\n" \
235 -+ "2: ldw 4(%%sr2,%2),%R0\n" \
236 -+ "9:\n" \
237 -+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
238 -+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
239 - : "=r"(__gu_val), "=r"(__gu_err) \
240 -- : "r"(ptr), "1"(__gu_err) \
241 -- : "r1");
242 -+ : "r"(ptr), "1"(__gu_err));
243 -
244 - #endif /* !defined(CONFIG_64BIT) */
245 -
246 -@@ -151,32 +161,31 @@ struct exception_data {
247 - * The "__put_user/kernel_asm()" macros tell gcc they read from memory
248 - * instead of writing. This is because they do not write to any memory
249 - * gcc knows about, so there are no aliasing issues. These macros must
250 -- * also be aware that "fixup_put_user_skip_[12]" are executed in the
251 -- * context of the fault, and any registers used there must be listed
252 -- * as clobbers. In this case only "r1" is used by the current routines.
253 -- * r8/r9 are already listed as err/val.
254 -+ * also be aware that fixups are executed in the context of the fault,
255 -+ * and any registers used there must be listed as clobbers.
256 -+ * r8 is already listed as err.
257 - */
258 -
259 - #define __put_user_asm(stx, x, ptr) \
260 - __asm__ __volatile__ ( \
261 -- "\n1:\t" stx "\t%2,0(%%sr2,%1)\n\t" \
262 -- ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_1)\
263 -+ "1: " stx " %2,0(%%sr2,%1)\n" \
264 -+ "9:\n" \
265 -+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
266 - : "=r"(__pu_err) \
267 -- : "r"(ptr), "r"(x), "0"(__pu_err) \
268 -- : "r1")
269 -+ : "r"(ptr), "r"(x), "0"(__pu_err))
270 -
271 -
272 - #if !defined(CONFIG_64BIT)
273 -
274 - #define __put_user_asm64(__val, ptr) do { \
275 - __asm__ __volatile__ ( \
276 -- "\n1:\tstw %2,0(%%sr2,%1)" \
277 -- "\n2:\tstw %R2,4(%%sr2,%1)\n\t" \
278 -- ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_2)\
279 -- ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_put_user_skip_1)\
280 -+ "1: stw %2,0(%%sr2,%1)\n" \
281 -+ "2: stw %R2,4(%%sr2,%1)\n" \
282 -+ "9:\n" \
283 -+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
284 -+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
285 - : "=r"(__pu_err) \
286 -- : "r"(ptr), "r"(__val), "0"(__pu_err) \
287 -- : "r1"); \
288 -+ : "r"(ptr), "r"(__val), "0"(__pu_err)); \
289 - } while (0)
290 -
291 - #endif /* !defined(CONFIG_64BIT) */
292 -diff --git a/arch/parisc/kernel/parisc_ksyms.c b/arch/parisc/kernel/parisc_ksyms.c
293 -index 3cad8aa..4e6f0d9 100644
294 ---- a/arch/parisc/kernel/parisc_ksyms.c
295 -+++ b/arch/parisc/kernel/parisc_ksyms.c
296 -@@ -47,16 +47,6 @@ EXPORT_SYMBOL(__cmpxchg_u64);
297 - EXPORT_SYMBOL(lclear_user);
298 - EXPORT_SYMBOL(lstrnlen_user);
299 -
300 --/* Global fixups - defined as int to avoid creation of function pointers */
301 --extern int fixup_get_user_skip_1;
302 --extern int fixup_get_user_skip_2;
303 --extern int fixup_put_user_skip_1;
304 --extern int fixup_put_user_skip_2;
305 --EXPORT_SYMBOL(fixup_get_user_skip_1);
306 --EXPORT_SYMBOL(fixup_get_user_skip_2);
307 --EXPORT_SYMBOL(fixup_put_user_skip_1);
308 --EXPORT_SYMBOL(fixup_put_user_skip_2);
309 --
310 - #ifndef CONFIG_64BIT
311 - /* Needed so insmod can set dp value */
312 - extern int $global$;
313 -diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c
314 -index e81afc37..e7ffde2 100644
315 ---- a/arch/parisc/kernel/process.c
316 -+++ b/arch/parisc/kernel/process.c
317 -@@ -140,6 +140,8 @@ void machine_power_off(void)
318 - printk(KERN_EMERG "System shut down completed.\n"
319 - "Please power this system off now.");
320 -
321 -+ /* prevent soft lockup/stalled CPU messages for endless loop. */
322 -+ rcu_sysrq_start();
323 - for (;;);
324 - }
325 -
326 -diff --git a/arch/parisc/lib/Makefile b/arch/parisc/lib/Makefile
327 -index 8fa92b8..f2dac4d 100644
328 ---- a/arch/parisc/lib/Makefile
329 -+++ b/arch/parisc/lib/Makefile
330 -@@ -2,7 +2,7 @@
331 - # Makefile for parisc-specific library files
332 - #
333 -
334 --lib-y := lusercopy.o bitops.o checksum.o io.o memset.o fixup.o memcpy.o \
335 -+lib-y := lusercopy.o bitops.o checksum.o io.o memset.o memcpy.o \
336 - ucmpdi2.o delay.o
337 -
338 - obj-y := iomap.o
339 -diff --git a/arch/parisc/lib/fixup.S b/arch/parisc/lib/fixup.S
340 -deleted file mode 100644
341 -index a5b72f2..0000000
342 ---- a/arch/parisc/lib/fixup.S
343 -+++ /dev/null
344 -@@ -1,98 +0,0 @@
345 --/*
346 -- * Linux/PA-RISC Project (http://www.parisc-linux.org/)
347 -- *
348 -- * Copyright (C) 2004 Randolph Chung <tausq@××××××.org>
349 -- *
350 -- * This program is free software; you can redistribute it and/or modify
351 -- * it under the terms of the GNU General Public License as published by
352 -- * the Free Software Foundation; either version 2, or (at your option)
353 -- * any later version.
354 -- *
355 -- * This program is distributed in the hope that it will be useful,
356 -- * but WITHOUT ANY WARRANTY; without even the implied warranty of
357 -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
358 -- * GNU General Public License for more details.
359 -- *
360 -- * You should have received a copy of the GNU General Public License
361 -- * along with this program; if not, write to the Free Software
362 -- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
363 -- *
364 -- * Fixup routines for kernel exception handling.
365 -- */
366 --#include <asm/asm-offsets.h>
367 --#include <asm/assembly.h>
368 --#include <asm/errno.h>
369 --#include <linux/linkage.h>
370 --
371 --#ifdef CONFIG_SMP
372 -- .macro get_fault_ip t1 t2
373 -- loadgp
374 -- addil LT%__per_cpu_offset,%r27
375 -- LDREG RT%__per_cpu_offset(%r1),\t1
376 -- /* t2 = smp_processor_id() */
377 -- mfctl 30,\t2
378 -- ldw TI_CPU(\t2),\t2
379 --#ifdef CONFIG_64BIT
380 -- extrd,u \t2,63,32,\t2
381 --#endif
382 -- /* t2 = &__per_cpu_offset[smp_processor_id()]; */
383 -- LDREGX \t2(\t1),\t2
384 -- addil LT%exception_data,%r27
385 -- LDREG RT%exception_data(%r1),\t1
386 -- /* t1 = this_cpu_ptr(&exception_data) */
387 -- add,l \t1,\t2,\t1
388 -- /* %r27 = t1->fault_gp - restore gp */
389 -- LDREG EXCDATA_GP(\t1), %r27
390 -- /* t1 = t1->fault_ip */
391 -- LDREG EXCDATA_IP(\t1), \t1
392 -- .endm
393 --#else
394 -- .macro get_fault_ip t1 t2
395 -- loadgp
396 -- /* t1 = this_cpu_ptr(&exception_data) */
397 -- addil LT%exception_data,%r27
398 -- LDREG RT%exception_data(%r1),\t2
399 -- /* %r27 = t2->fault_gp - restore gp */
400 -- LDREG EXCDATA_GP(\t2), %r27
401 -- /* t1 = t2->fault_ip */
402 -- LDREG EXCDATA_IP(\t2), \t1
403 -- .endm
404 --#endif
405 --
406 -- .level LEVEL
407 --
408 -- .text
409 -- .section .fixup, "ax"
410 --
411 -- /* get_user() fixups, store -EFAULT in r8, and 0 in r9 */
412 --ENTRY_CFI(fixup_get_user_skip_1)
413 -- get_fault_ip %r1,%r8
414 -- ldo 4(%r1), %r1
415 -- ldi -EFAULT, %r8
416 -- bv %r0(%r1)
417 -- copy %r0, %r9
418 --ENDPROC_CFI(fixup_get_user_skip_1)
419 --
420 --ENTRY_CFI(fixup_get_user_skip_2)
421 -- get_fault_ip %r1,%r8
422 -- ldo 8(%r1), %r1
423 -- ldi -EFAULT, %r8
424 -- bv %r0(%r1)
425 -- copy %r0, %r9
426 --ENDPROC_CFI(fixup_get_user_skip_2)
427 --
428 -- /* put_user() fixups, store -EFAULT in r8 */
429 --ENTRY_CFI(fixup_put_user_skip_1)
430 -- get_fault_ip %r1,%r8
431 -- ldo 4(%r1), %r1
432 -- bv %r0(%r1)
433 -- ldi -EFAULT, %r8
434 --ENDPROC_CFI(fixup_put_user_skip_1)
435 --
436 --ENTRY_CFI(fixup_put_user_skip_2)
437 -- get_fault_ip %r1,%r8
438 -- ldo 8(%r1), %r1
439 -- bv %r0(%r1)
440 -- ldi -EFAULT, %r8
441 --ENDPROC_CFI(fixup_put_user_skip_2)
442 --
443 -diff --git a/arch/parisc/lib/lusercopy.S b/arch/parisc/lib/lusercopy.S
444 -index 56845de..f01188c 100644
445 ---- a/arch/parisc/lib/lusercopy.S
446 -+++ b/arch/parisc/lib/lusercopy.S
447 -@@ -5,6 +5,8 @@
448 - * Copyright (C) 2000 Richard Hirst <rhirst with parisc-linux.org>
449 - * Copyright (C) 2001 Matthieu Delahaye <delahaym at esiee.fr>
450 - * Copyright (C) 2003 Randolph Chung <tausq with parisc-linux.org>
451 -+ * Copyright (C) 2017 Helge Deller <deller@×××.de>
452 -+ * Copyright (C) 2017 John David Anglin <dave.anglin@××××.net>
453 - *
454 - *
455 - * This program is free software; you can redistribute it and/or modify
456 -@@ -132,4 +134,320 @@ ENDPROC_CFI(lstrnlen_user)
457 -
458 - .procend
459 -
460 -+
461 -+
462 -+/*
463 -+ * unsigned long pa_memcpy(void *dstp, const void *srcp, unsigned long len)
464 -+ *
465 -+ * Inputs:
466 -+ * - sr1 already contains space of source region
467 -+ * - sr2 already contains space of destination region
468 -+ *
469 -+ * Returns:
470 -+ * - number of bytes that could not be copied.
471 -+ * On success, this will be zero.
472 -+ *
473 -+ * This code is based on a C-implementation of a copy routine written by
474 -+ * Randolph Chung, which in turn was derived from the glibc.
475 -+ *
476 -+ * Several strategies are tried to try to get the best performance for various
477 -+ * conditions. In the optimal case, we copy by loops that copy 32- or 16-bytes
478 -+ * at a time using general registers. Unaligned copies are handled either by
479 -+ * aligning the destination and then using shift-and-write method, or in a few
480 -+ * cases by falling back to a byte-at-a-time copy.
481 -+ *
482 -+ * Testing with various alignments and buffer sizes shows that this code is
483 -+ * often >10x faster than a simple byte-at-a-time copy, even for strangely
484 -+ * aligned operands. It is interesting to note that the glibc version of memcpy
485 -+ * (written in C) is actually quite fast already. This routine is able to beat
486 -+ * it by 30-40% for aligned copies because of the loop unrolling, but in some
487 -+ * cases the glibc version is still slightly faster. This lends more
488 -+ * credibility that gcc can generate very good code as long as we are careful.
489 -+ *
490 -+ * Possible optimizations:
491 -+ * - add cache prefetching
492 -+ * - try not to use the post-increment address modifiers; they may create
493 -+ * additional interlocks. Assumption is that those were only efficient on old
494 -+ * machines (pre PA8000 processors)
495 -+ */
496 -+
497 -+ dst = arg0
498 -+ src = arg1
499 -+ len = arg2
500 -+ end = arg3
501 -+ t1 = r19
502 -+ t2 = r20
503 -+ t3 = r21
504 -+ t4 = r22
505 -+ srcspc = sr1
506 -+ dstspc = sr2
507 -+
508 -+ t0 = r1
509 -+ a1 = t1
510 -+ a2 = t2
511 -+ a3 = t3
512 -+ a0 = t4
513 -+
514 -+ save_src = ret0
515 -+ save_dst = ret1
516 -+ save_len = r31
517 -+
518 -+ENTRY_CFI(pa_memcpy)
519 -+ .proc
520 -+ .callinfo NO_CALLS
521 -+ .entry
522 -+
523 -+ /* Last destination address */
524 -+ add dst,len,end
525 -+
526 -+ /* short copy with less than 16 bytes? */
527 -+ cmpib,>>=,n 15,len,.Lbyte_loop
528 -+
529 -+ /* same alignment? */
530 -+ xor src,dst,t0
531 -+ extru t0,31,2,t1
532 -+ cmpib,<>,n 0,t1,.Lunaligned_copy
533 -+
534 -+#ifdef CONFIG_64BIT
535 -+ /* only do 64-bit copies if we can get aligned. */
536 -+ extru t0,31,3,t1
537 -+ cmpib,<>,n 0,t1,.Lalign_loop32
538 -+
539 -+ /* loop until we are 64-bit aligned */
540 -+.Lalign_loop64:
541 -+ extru dst,31,3,t1
542 -+ cmpib,=,n 0,t1,.Lcopy_loop_16
543 -+20: ldb,ma 1(srcspc,src),t1
544 -+21: stb,ma t1,1(dstspc,dst)
545 -+ b .Lalign_loop64
546 -+ ldo -1(len),len
547 -+
548 -+ ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done)
549 -+ ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
550 -+
551 -+ ldi 31,t0
552 -+.Lcopy_loop_16:
553 -+ cmpb,COND(>>=),n t0,len,.Lword_loop
554 -+
555 -+10: ldd 0(srcspc,src),t1
556 -+11: ldd 8(srcspc,src),t2
557 -+ ldo 16(src),src
558 -+12: std,ma t1,8(dstspc,dst)
559 -+13: std,ma t2,8(dstspc,dst)
560 -+14: ldd 0(srcspc,src),t1
561 -+15: ldd 8(srcspc,src),t2
562 -+ ldo 16(src),src
563 -+16: std,ma t1,8(dstspc,dst)
564 -+17: std,ma t2,8(dstspc,dst)
565 -+
566 -+ ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done)
567 -+ ASM_EXCEPTIONTABLE_ENTRY(11b,.Lcopy16_fault)
568 -+ ASM_EXCEPTIONTABLE_ENTRY(12b,.Lcopy_done)
569 -+ ASM_EXCEPTIONTABLE_ENTRY(13b,.Lcopy_done)
570 -+ ASM_EXCEPTIONTABLE_ENTRY(14b,.Lcopy_done)
571 -+ ASM_EXCEPTIONTABLE_ENTRY(15b,.Lcopy16_fault)
572 -+ ASM_EXCEPTIONTABLE_ENTRY(16b,.Lcopy_done)
573 -+ ASM_EXCEPTIONTABLE_ENTRY(17b,.Lcopy_done)
574 -+
575 -+ b .Lcopy_loop_16
576 -+ ldo -32(len),len
577 -+
578 -+.Lword_loop:
579 -+ cmpib,COND(>>=),n 3,len,.Lbyte_loop
580 -+20: ldw,ma 4(srcspc,src),t1
581 -+21: stw,ma t1,4(dstspc,dst)
582 -+ b .Lword_loop
583 -+ ldo -4(len),len
584 -+
585 -+ ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done)
586 -+ ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
587 -+
588 -+#endif /* CONFIG_64BIT */
589 -+
590 -+ /* loop until we are 32-bit aligned */
591 -+.Lalign_loop32:
592 -+ extru dst,31,2,t1
593 -+ cmpib,=,n 0,t1,.Lcopy_loop_4
594 -+20: ldb,ma 1(srcspc,src),t1
595 -+21: stb,ma t1,1(dstspc,dst)
596 -+ b .Lalign_loop32
597 -+ ldo -1(len),len
598 -+
599 -+ ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done)
600 -+ ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
601 -+
602 -+
603 -+.Lcopy_loop_4:
604 -+ cmpib,COND(>>=),n 15,len,.Lbyte_loop
605 -+
606 -+10: ldw 0(srcspc,src),t1
607 -+11: ldw 4(srcspc,src),t2
608 -+12: stw,ma t1,4(dstspc,dst)
609 -+13: stw,ma t2,4(dstspc,dst)
610 -+14: ldw 8(srcspc,src),t1
611 -+15: ldw 12(srcspc,src),t2
612 -+ ldo 16(src),src
613 -+16: stw,ma t1,4(dstspc,dst)
614 -+17: stw,ma t2,4(dstspc,dst)
615 -+
616 -+ ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done)
617 -+ ASM_EXCEPTIONTABLE_ENTRY(11b,.Lcopy8_fault)
618 -+ ASM_EXCEPTIONTABLE_ENTRY(12b,.Lcopy_done)
619 -+ ASM_EXCEPTIONTABLE_ENTRY(13b,.Lcopy_done)
620 -+ ASM_EXCEPTIONTABLE_ENTRY(14b,.Lcopy_done)
621 -+ ASM_EXCEPTIONTABLE_ENTRY(15b,.Lcopy8_fault)
622 -+ ASM_EXCEPTIONTABLE_ENTRY(16b,.Lcopy_done)
623 -+ ASM_EXCEPTIONTABLE_ENTRY(17b,.Lcopy_done)
624 -+
625 -+ b .Lcopy_loop_4
626 -+ ldo -16(len),len
627 -+
628 -+.Lbyte_loop:
629 -+ cmpclr,COND(<>) len,%r0,%r0
630 -+ b,n .Lcopy_done
631 -+20: ldb 0(srcspc,src),t1
632 -+ ldo 1(src),src
633 -+21: stb,ma t1,1(dstspc,dst)
634 -+ b .Lbyte_loop
635 -+ ldo -1(len),len
636 -+
637 -+ ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done)
638 -+ ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
639 -+
640 -+.Lcopy_done:
641 -+ bv %r0(%r2)
642 -+ sub end,dst,ret0
643 -+
644 -+
645 -+ /* src and dst are not aligned the same way. */
646 -+ /* need to go the hard way */
647 -+.Lunaligned_copy:
648 -+ /* align until dst is 32bit-word-aligned */
649 -+ extru dst,31,2,t1
650 -+ cmpib,COND(=),n 0,t1,.Lcopy_dstaligned
651 -+20: ldb 0(srcspc,src),t1
652 -+ ldo 1(src),src
653 -+21: stb,ma t1,1(dstspc,dst)
654 -+ b .Lunaligned_copy
655 -+ ldo -1(len),len
656 -+
657 -+ ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done)
658 -+ ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
659 -+
660 -+.Lcopy_dstaligned:
661 -+
662 -+ /* store src, dst and len in safe place */
663 -+ copy src,save_src
664 -+ copy dst,save_dst
665 -+ copy len,save_len
666 -+
667 -+ /* len now needs give number of words to copy */
668 -+ SHRREG len,2,len
669 -+
670 -+ /*
671 -+ * Copy from a not-aligned src to an aligned dst using shifts.
672 -+ * Handles 4 words per loop.
673 -+ */
674 -+
675 -+ depw,z src,28,2,t0
676 -+ subi 32,t0,t0
677 -+ mtsar t0
678 -+ extru len,31,2,t0
679 -+ cmpib,= 2,t0,.Lcase2
680 -+ /* Make src aligned by rounding it down. */
681 -+ depi 0,31,2,src
682 -+
683 -+ cmpiclr,<> 3,t0,%r0
684 -+ b,n .Lcase3
685 -+ cmpiclr,<> 1,t0,%r0
686 -+ b,n .Lcase1
687 -+.Lcase0:
688 -+ cmpb,= %r0,len,.Lcda_finish
689 -+ nop
690 -+
691 -+1: ldw,ma 4(srcspc,src), a3
692 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
693 -+1: ldw,ma 4(srcspc,src), a0
694 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
695 -+ b,n .Ldo3
696 -+.Lcase1:
697 -+1: ldw,ma 4(srcspc,src), a2
698 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
699 -+1: ldw,ma 4(srcspc,src), a3
700 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
701 -+ ldo -1(len),len
702 -+ cmpb,=,n %r0,len,.Ldo0
703 -+.Ldo4:
704 -+1: ldw,ma 4(srcspc,src), a0
705 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
706 -+ shrpw a2, a3, %sar, t0
707 -+1: stw,ma t0, 4(dstspc,dst)
708 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done)
709 -+.Ldo3:
710 -+1: ldw,ma 4(srcspc,src), a1
711 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
712 -+ shrpw a3, a0, %sar, t0
713 -+1: stw,ma t0, 4(dstspc,dst)
714 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done)
715 -+.Ldo2:
716 -+1: ldw,ma 4(srcspc,src), a2
717 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
718 -+ shrpw a0, a1, %sar, t0
719 -+1: stw,ma t0, 4(dstspc,dst)
720 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done)
721 -+.Ldo1:
722 -+1: ldw,ma 4(srcspc,src), a3
723 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
724 -+ shrpw a1, a2, %sar, t0
725 -+1: stw,ma t0, 4(dstspc,dst)
726 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done)
727 -+ ldo -4(len),len
728 -+ cmpb,<> %r0,len,.Ldo4
729 -+ nop
730 -+.Ldo0:
731 -+ shrpw a2, a3, %sar, t0
732 -+1: stw,ma t0, 4(dstspc,dst)
733 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done)
734 -+
735 -+.Lcda_rdfault:
736 -+.Lcda_finish:
737 -+ /* calculate new src, dst and len and jump to byte-copy loop */
738 -+ sub dst,save_dst,t0
739 -+ add save_src,t0,src
740 -+ b .Lbyte_loop
741 -+ sub save_len,t0,len
742 -+
743 -+.Lcase3:
744 -+1: ldw,ma 4(srcspc,src), a0
745 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
746 -+1: ldw,ma 4(srcspc,src), a1
747 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
748 -+ b .Ldo2
749 -+ ldo 1(len),len
750 -+.Lcase2:
751 -+1: ldw,ma 4(srcspc,src), a1
752 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
753 -+1: ldw,ma 4(srcspc,src), a2
754 -+ ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
755 -+ b .Ldo1
756 -+ ldo 2(len),len
757 -+
758 -+
759 -+ /* fault exception fixup handlers: */
760 -+#ifdef CONFIG_64BIT
761 -+.Lcopy16_fault:
762 -+10: b .Lcopy_done
763 -+ std,ma t1,8(dstspc,dst)
764 -+ ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done)
765 -+#endif
766 -+
767 -+.Lcopy8_fault:
768 -+10: b .Lcopy_done
769 -+ stw,ma t1,4(dstspc,dst)
770 -+ ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done)
771 -+
772 -+ .exit
773 -+ENDPROC_CFI(pa_memcpy)
774 -+ .procend
775 -+
776 - .end
777 -diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c
778 -index f82ff10..b3d47ec 100644
779 ---- a/arch/parisc/lib/memcpy.c
780 -+++ b/arch/parisc/lib/memcpy.c
781 -@@ -2,7 +2,7 @@
782 - * Optimized memory copy routines.
783 - *
784 - * Copyright (C) 2004 Randolph Chung <tausq@××××××.org>
785 -- * Copyright (C) 2013 Helge Deller <deller@×××.de>
786 -+ * Copyright (C) 2013-2017 Helge Deller <deller@×××.de>
787 - *
788 - * This program is free software; you can redistribute it and/or modify
789 - * it under the terms of the GNU General Public License as published by
790 -@@ -21,474 +21,21 @@
791 - * Portions derived from the GNU C Library
792 - * Copyright (C) 1991, 1997, 2003 Free Software Foundation, Inc.
793 - *
794 -- * Several strategies are tried to try to get the best performance for various
795 -- * conditions. In the optimal case, we copy 64-bytes in an unrolled loop using
796 -- * fp regs. This is followed by loops that copy 32- or 16-bytes at a time using
797 -- * general registers. Unaligned copies are handled either by aligning the
798 -- * destination and then using shift-and-write method, or in a few cases by
799 -- * falling back to a byte-at-a-time copy.
800 -- *
801 -- * I chose to implement this in C because it is easier to maintain and debug,
802 -- * and in my experiments it appears that the C code generated by gcc (3.3/3.4
803 -- * at the time of writing) is fairly optimal. Unfortunately some of the
804 -- * semantics of the copy routine (exception handling) is difficult to express
805 -- * in C, so we have to play some tricks to get it to work.
806 -- *
807 -- * All the loads and stores are done via explicit asm() code in order to use
808 -- * the right space registers.
809 -- *
810 -- * Testing with various alignments and buffer sizes shows that this code is
811 -- * often >10x faster than a simple byte-at-a-time copy, even for strangely
812 -- * aligned operands. It is interesting to note that the glibc version
813 -- * of memcpy (written in C) is actually quite fast already. This routine is
814 -- * able to beat it by 30-40% for aligned copies because of the loop unrolling,
815 -- * but in some cases the glibc version is still slightly faster. This lends
816 -- * more credibility that gcc can generate very good code as long as we are
817 -- * careful.
818 -- *
819 -- * TODO:
820 -- * - cache prefetching needs more experimentation to get optimal settings
821 -- * - try not to use the post-increment address modifiers; they create additional
822 -- * interlocks
823 -- * - replace byte-copy loops with stybs sequences
824 - */
825 -
826 --#ifdef __KERNEL__
827 - #include <linux/module.h>
828 - #include <linux/compiler.h>
829 - #include <linux/uaccess.h>
830 --#define s_space "%%sr1"
831 --#define d_space "%%sr2"
832 --#else
833 --#include "memcpy.h"
834 --#define s_space "%%sr0"
835 --#define d_space "%%sr0"
836 --#define pa_memcpy new2_copy
837 --#endif
838 -
839 - DECLARE_PER_CPU(struct exception_data, exception_data);
840 -
841 --#define preserve_branch(label) do { \
842 -- volatile int dummy = 0; \
843 -- /* The following branch is never taken, it's just here to */ \
844 -- /* prevent gcc from optimizing away our exception code. */ \
845 -- if (unlikely(dummy != dummy)) \
846 -- goto label; \
847 --} while (0)
848 --
849 - #define get_user_space() (segment_eq(get_fs(), KERNEL_DS) ? 0 : mfsp(3))
850 - #define get_kernel_space() (0)
851 -
852 --#define MERGE(w0, sh_1, w1, sh_2) ({ \
853 -- unsigned int _r; \
854 -- asm volatile ( \
855 -- "mtsar %3\n" \
856 -- "shrpw %1, %2, %%sar, %0\n" \
857 -- : "=r"(_r) \
858 -- : "r"(w0), "r"(w1), "r"(sh_2) \
859 -- ); \
860 -- _r; \
861 --})
862 --#define THRESHOLD 16
863 --
864 --#ifdef DEBUG_MEMCPY
865 --#define DPRINTF(fmt, args...) do { printk(KERN_DEBUG "%s:%d:%s ", __FILE__, __LINE__, __func__ ); printk(KERN_DEBUG fmt, ##args ); } while (0)
866 --#else
867 --#define DPRINTF(fmt, args...)
868 --#endif
869 --
870 --#define def_load_ai_insn(_insn,_sz,_tt,_s,_a,_t,_e) \
871 -- __asm__ __volatile__ ( \
872 -- "1:\t" #_insn ",ma " #_sz "(" _s ",%1), %0\n\t" \
873 -- ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \
874 -- : _tt(_t), "+r"(_a) \
875 -- : \
876 -- : "r8")
877 --
878 --#define def_store_ai_insn(_insn,_sz,_tt,_s,_a,_t,_e) \
879 -- __asm__ __volatile__ ( \
880 -- "1:\t" #_insn ",ma %1, " #_sz "(" _s ",%0)\n\t" \
881 -- ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \
882 -- : "+r"(_a) \
883 -- : _tt(_t) \
884 -- : "r8")
885 --
886 --#define ldbma(_s, _a, _t, _e) def_load_ai_insn(ldbs,1,"=r",_s,_a,_t,_e)
887 --#define stbma(_s, _t, _a, _e) def_store_ai_insn(stbs,1,"r",_s,_a,_t,_e)
888 --#define ldwma(_s, _a, _t, _e) def_load_ai_insn(ldw,4,"=r",_s,_a,_t,_e)
889 --#define stwma(_s, _t, _a, _e) def_store_ai_insn(stw,4,"r",_s,_a,_t,_e)
890 --#define flddma(_s, _a, _t, _e) def_load_ai_insn(fldd,8,"=f",_s,_a,_t,_e)
891 --#define fstdma(_s, _t, _a, _e) def_store_ai_insn(fstd,8,"f",_s,_a,_t,_e)
892 --
893 --#define def_load_insn(_insn,_tt,_s,_o,_a,_t,_e) \
894 -- __asm__ __volatile__ ( \
895 -- "1:\t" #_insn " " #_o "(" _s ",%1), %0\n\t" \
896 -- ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \
897 -- : _tt(_t) \
898 -- : "r"(_a) \
899 -- : "r8")
900 --
901 --#define def_store_insn(_insn,_tt,_s,_t,_o,_a,_e) \
902 -- __asm__ __volatile__ ( \
903 -- "1:\t" #_insn " %0, " #_o "(" _s ",%1)\n\t" \
904 -- ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \
905 -- : \
906 -- : _tt(_t), "r"(_a) \
907 -- : "r8")
908 --
909 --#define ldw(_s,_o,_a,_t,_e) def_load_insn(ldw,"=r",_s,_o,_a,_t,_e)
910 --#define stw(_s,_t,_o,_a,_e) def_store_insn(stw,"r",_s,_t,_o,_a,_e)
911 --
912 --#ifdef CONFIG_PREFETCH
913 --static inline void prefetch_src(const void *addr)
914 --{
915 -- __asm__("ldw 0(" s_space ",%0), %%r0" : : "r" (addr));
916 --}
917 --
918 --static inline void prefetch_dst(const void *addr)
919 --{
920 -- __asm__("ldd 0(" d_space ",%0), %%r0" : : "r" (addr));
921 --}
922 --#else
923 --#define prefetch_src(addr) do { } while(0)
924 --#define prefetch_dst(addr) do { } while(0)
925 --#endif
926 --
927 --#define PA_MEMCPY_OK 0
928 --#define PA_MEMCPY_LOAD_ERROR 1
929 --#define PA_MEMCPY_STORE_ERROR 2
930 --
931 --/* Copy from a not-aligned src to an aligned dst, using shifts. Handles 4 words
932 -- * per loop. This code is derived from glibc.
933 -- */
934 --static noinline unsigned long copy_dstaligned(unsigned long dst,
935 -- unsigned long src, unsigned long len)
936 --{
937 -- /* gcc complains that a2 and a3 may be uninitialized, but actually
938 -- * they cannot be. Initialize a2/a3 to shut gcc up.
939 -- */
940 -- register unsigned int a0, a1, a2 = 0, a3 = 0;
941 -- int sh_1, sh_2;
942 --
943 -- /* prefetch_src((const void *)src); */
944 --
945 -- /* Calculate how to shift a word read at the memory operation
946 -- aligned srcp to make it aligned for copy. */
947 -- sh_1 = 8 * (src % sizeof(unsigned int));
948 -- sh_2 = 8 * sizeof(unsigned int) - sh_1;
949 --
950 -- /* Make src aligned by rounding it down. */
951 -- src &= -sizeof(unsigned int);
952 --
953 -- switch (len % 4)
954 -- {
955 -- case 2:
956 -- /* a1 = ((unsigned int *) src)[0];
957 -- a2 = ((unsigned int *) src)[1]; */
958 -- ldw(s_space, 0, src, a1, cda_ldw_exc);
959 -- ldw(s_space, 4, src, a2, cda_ldw_exc);
960 -- src -= 1 * sizeof(unsigned int);
961 -- dst -= 3 * sizeof(unsigned int);
962 -- len += 2;
963 -- goto do1;
964 -- case 3:
965 -- /* a0 = ((unsigned int *) src)[0];
966 -- a1 = ((unsigned int *) src)[1]; */
967 -- ldw(s_space, 0, src, a0, cda_ldw_exc);
968 -- ldw(s_space, 4, src, a1, cda_ldw_exc);
969 -- src -= 0 * sizeof(unsigned int);
970 -- dst -= 2 * sizeof(unsigned int);
971 -- len += 1;
972 -- goto do2;
973 -- case 0:
974 -- if (len == 0)
975 -- return PA_MEMCPY_OK;
976 -- /* a3 = ((unsigned int *) src)[0];
977 -- a0 = ((unsigned int *) src)[1]; */
978 -- ldw(s_space, 0, src, a3, cda_ldw_exc);
979 -- ldw(s_space, 4, src, a0, cda_ldw_exc);
980 -- src -=-1 * sizeof(unsigned int);
981 -- dst -= 1 * sizeof(unsigned int);
982 -- len += 0;
983 -- goto do3;
984 -- case 1:
985 -- /* a2 = ((unsigned int *) src)[0];
986 -- a3 = ((unsigned int *) src)[1]; */
987 -- ldw(s_space, 0, src, a2, cda_ldw_exc);
988 -- ldw(s_space, 4, src, a3, cda_ldw_exc);
989 -- src -=-2 * sizeof(unsigned int);
990 -- dst -= 0 * sizeof(unsigned int);
991 -- len -= 1;
992 -- if (len == 0)
993 -- goto do0;
994 -- goto do4; /* No-op. */
995 -- }
996 --
997 -- do
998 -- {
999 -- /* prefetch_src((const void *)(src + 4 * sizeof(unsigned int))); */
1000 --do4:
1001 -- /* a0 = ((unsigned int *) src)[0]; */
1002 -- ldw(s_space, 0, src, a0, cda_ldw_exc);
1003 -- /* ((unsigned int *) dst)[0] = MERGE (a2, sh_1, a3, sh_2); */
1004 -- stw(d_space, MERGE (a2, sh_1, a3, sh_2), 0, dst, cda_stw_exc);
1005 --do3:
1006 -- /* a1 = ((unsigned int *) src)[1]; */
1007 -- ldw(s_space, 4, src, a1, cda_ldw_exc);
1008 -- /* ((unsigned int *) dst)[1] = MERGE (a3, sh_1, a0, sh_2); */
1009 -- stw(d_space, MERGE (a3, sh_1, a0, sh_2), 4, dst, cda_stw_exc);
1010 --do2:
1011 -- /* a2 = ((unsigned int *) src)[2]; */
1012 -- ldw(s_space, 8, src, a2, cda_ldw_exc);
1013 -- /* ((unsigned int *) dst)[2] = MERGE (a0, sh_1, a1, sh_2); */
1014 -- stw(d_space, MERGE (a0, sh_1, a1, sh_2), 8, dst, cda_stw_exc);
1015 --do1:
1016 -- /* a3 = ((unsigned int *) src)[3]; */
1017 -- ldw(s_space, 12, src, a3, cda_ldw_exc);
1018 -- /* ((unsigned int *) dst)[3] = MERGE (a1, sh_1, a2, sh_2); */
1019 -- stw(d_space, MERGE (a1, sh_1, a2, sh_2), 12, dst, cda_stw_exc);
1020 --
1021 -- src += 4 * sizeof(unsigned int);
1022 -- dst += 4 * sizeof(unsigned int);
1023 -- len -= 4;
1024 -- }
1025 -- while (len != 0);
1026 --
1027 --do0:
1028 -- /* ((unsigned int *) dst)[0] = MERGE (a2, sh_1, a3, sh_2); */
1029 -- stw(d_space, MERGE (a2, sh_1, a3, sh_2), 0, dst, cda_stw_exc);
1030 --
1031 -- preserve_branch(handle_load_error);
1032 -- preserve_branch(handle_store_error);
1033 --
1034 -- return PA_MEMCPY_OK;
1035 --
1036 --handle_load_error:
1037 -- __asm__ __volatile__ ("cda_ldw_exc:\n");
1038 -- return PA_MEMCPY_LOAD_ERROR;
1039 --
1040 --handle_store_error:
1041 -- __asm__ __volatile__ ("cda_stw_exc:\n");
1042 -- return PA_MEMCPY_STORE_ERROR;
1043 --}
1044 --
1045 --
1046 --/* Returns PA_MEMCPY_OK, PA_MEMCPY_LOAD_ERROR or PA_MEMCPY_STORE_ERROR.
1047 -- * In case of an access fault the faulty address can be read from the per_cpu
1048 -- * exception data struct. */
1049 --static noinline unsigned long pa_memcpy_internal(void *dstp, const void *srcp,
1050 -- unsigned long len)
1051 --{
1052 -- register unsigned long src, dst, t1, t2, t3;
1053 -- register unsigned char *pcs, *pcd;
1054 -- register unsigned int *pws, *pwd;
1055 -- register double *pds, *pdd;
1056 -- unsigned long ret;
1057 --
1058 -- src = (unsigned long)srcp;
1059 -- dst = (unsigned long)dstp;
1060 -- pcs = (unsigned char *)srcp;
1061 -- pcd = (unsigned char *)dstp;
1062 --
1063 -- /* prefetch_src((const void *)srcp); */
1064 --
1065 -- if (len < THRESHOLD)
1066 -- goto byte_copy;
1067 --
1068 -- /* Check alignment */
1069 -- t1 = (src ^ dst);
1070 -- if (unlikely(t1 & (sizeof(double)-1)))
1071 -- goto unaligned_copy;
1072 --
1073 -- /* src and dst have same alignment. */
1074 --
1075 -- /* Copy bytes till we are double-aligned. */
1076 -- t2 = src & (sizeof(double) - 1);
1077 -- if (unlikely(t2 != 0)) {
1078 -- t2 = sizeof(double) - t2;
1079 -- while (t2 && len) {
1080 -- /* *pcd++ = *pcs++; */
1081 -- ldbma(s_space, pcs, t3, pmc_load_exc);
1082 -- len--;
1083 -- stbma(d_space, t3, pcd, pmc_store_exc);
1084 -- t2--;
1085 -- }
1086 -- }
1087 --
1088 -- pds = (double *)pcs;
1089 -- pdd = (double *)pcd;
1090 --
1091 --#if 0
1092 -- /* Copy 8 doubles at a time */
1093 -- while (len >= 8*sizeof(double)) {
1094 -- register double r1, r2, r3, r4, r5, r6, r7, r8;
1095 -- /* prefetch_src((char *)pds + L1_CACHE_BYTES); */
1096 -- flddma(s_space, pds, r1, pmc_load_exc);
1097 -- flddma(s_space, pds, r2, pmc_load_exc);
1098 -- flddma(s_space, pds, r3, pmc_load_exc);
1099 -- flddma(s_space, pds, r4, pmc_load_exc);
1100 -- fstdma(d_space, r1, pdd, pmc_store_exc);
1101 -- fstdma(d_space, r2, pdd, pmc_store_exc);
1102 -- fstdma(d_space, r3, pdd, pmc_store_exc);
1103 -- fstdma(d_space, r4, pdd, pmc_store_exc);
1104 --
1105 --#if 0
1106 -- if (L1_CACHE_BYTES <= 32)
1107 -- prefetch_src((char *)pds + L1_CACHE_BYTES);
1108 --#endif
1109 -- flddma(s_space, pds, r5, pmc_load_exc);
1110 -- flddma(s_space, pds, r6, pmc_load_exc);
1111 -- flddma(s_space, pds, r7, pmc_load_exc);
1112 -- flddma(s_space, pds, r8, pmc_load_exc);
1113 -- fstdma(d_space, r5, pdd, pmc_store_exc);
1114 -- fstdma(d_space, r6, pdd, pmc_store_exc);
1115 -- fstdma(d_space, r7, pdd, pmc_store_exc);
1116 -- fstdma(d_space, r8, pdd, pmc_store_exc);
1117 -- len -= 8*sizeof(double);
1118 -- }
1119 --#endif
1120 --
1121 -- pws = (unsigned int *)pds;
1122 -- pwd = (unsigned int *)pdd;
1123 --
1124 --word_copy:
1125 -- while (len >= 8*sizeof(unsigned int)) {
1126 -- register unsigned int r1,r2,r3,r4,r5,r6,r7,r8;
1127 -- /* prefetch_src((char *)pws + L1_CACHE_BYTES); */
1128 -- ldwma(s_space, pws, r1, pmc_load_exc);
1129 -- ldwma(s_space, pws, r2, pmc_load_exc);
1130 -- ldwma(s_space, pws, r3, pmc_load_exc);
1131 -- ldwma(s_space, pws, r4, pmc_load_exc);
1132 -- stwma(d_space, r1, pwd, pmc_store_exc);
1133 -- stwma(d_space, r2, pwd, pmc_store_exc);
1134 -- stwma(d_space, r3, pwd, pmc_store_exc);
1135 -- stwma(d_space, r4, pwd, pmc_store_exc);
1136 --
1137 -- ldwma(s_space, pws, r5, pmc_load_exc);
1138 -- ldwma(s_space, pws, r6, pmc_load_exc);
1139 -- ldwma(s_space, pws, r7, pmc_load_exc);
1140 -- ldwma(s_space, pws, r8, pmc_load_exc);
1141 -- stwma(d_space, r5, pwd, pmc_store_exc);
1142 -- stwma(d_space, r6, pwd, pmc_store_exc);
1143 -- stwma(d_space, r7, pwd, pmc_store_exc);
1144 -- stwma(d_space, r8, pwd, pmc_store_exc);
1145 -- len -= 8*sizeof(unsigned int);
1146 -- }
1147 --
1148 -- while (len >= 4*sizeof(unsigned int)) {
1149 -- register unsigned int r1,r2,r3,r4;
1150 -- ldwma(s_space, pws, r1, pmc_load_exc);
1151 -- ldwma(s_space, pws, r2, pmc_load_exc);
1152 -- ldwma(s_space, pws, r3, pmc_load_exc);
1153 -- ldwma(s_space, pws, r4, pmc_load_exc);
1154 -- stwma(d_space, r1, pwd, pmc_store_exc);
1155 -- stwma(d_space, r2, pwd, pmc_store_exc);
1156 -- stwma(d_space, r3, pwd, pmc_store_exc);
1157 -- stwma(d_space, r4, pwd, pmc_store_exc);
1158 -- len -= 4*sizeof(unsigned int);
1159 -- }
1160 --
1161 -- pcs = (unsigned char *)pws;
1162 -- pcd = (unsigned char *)pwd;
1163 --
1164 --byte_copy:
1165 -- while (len) {
1166 -- /* *pcd++ = *pcs++; */
1167 -- ldbma(s_space, pcs, t3, pmc_load_exc);
1168 -- stbma(d_space, t3, pcd, pmc_store_exc);
1169 -- len--;
1170 -- }
1171 --
1172 -- return PA_MEMCPY_OK;
1173 --
1174 --unaligned_copy:
1175 -- /* possibly we are aligned on a word, but not on a double... */
1176 -- if (likely((t1 & (sizeof(unsigned int)-1)) == 0)) {
1177 -- t2 = src & (sizeof(unsigned int) - 1);
1178 --
1179 -- if (unlikely(t2 != 0)) {
1180 -- t2 = sizeof(unsigned int) - t2;
1181 -- while (t2) {
1182 -- /* *pcd++ = *pcs++; */
1183 -- ldbma(s_space, pcs, t3, pmc_load_exc);
1184 -- stbma(d_space, t3, pcd, pmc_store_exc);
1185 -- len--;
1186 -- t2--;
1187 -- }
1188 -- }
1189 --
1190 -- pws = (unsigned int *)pcs;
1191 -- pwd = (unsigned int *)pcd;
1192 -- goto word_copy;
1193 -- }
1194 --
1195 -- /* Align the destination. */
1196 -- if (unlikely((dst & (sizeof(unsigned int) - 1)) != 0)) {
1197 -- t2 = sizeof(unsigned int) - (dst & (sizeof(unsigned int) - 1));
1198 -- while (t2) {
1199 -- /* *pcd++ = *pcs++; */
1200 -- ldbma(s_space, pcs, t3, pmc_load_exc);
1201 -- stbma(d_space, t3, pcd, pmc_store_exc);
1202 -- len--;
1203 -- t2--;
1204 -- }
1205 -- dst = (unsigned long)pcd;
1206 -- src = (unsigned long)pcs;
1207 -- }
1208 --
1209 -- ret = copy_dstaligned(dst, src, len / sizeof(unsigned int));
1210 -- if (ret)
1211 -- return ret;
1212 --
1213 -- pcs += (len & -sizeof(unsigned int));
1214 -- pcd += (len & -sizeof(unsigned int));
1215 -- len %= sizeof(unsigned int);
1216 --
1217 -- preserve_branch(handle_load_error);
1218 -- preserve_branch(handle_store_error);
1219 --
1220 -- goto byte_copy;
1221 --
1222 --handle_load_error:
1223 -- __asm__ __volatile__ ("pmc_load_exc:\n");
1224 -- return PA_MEMCPY_LOAD_ERROR;
1225 --
1226 --handle_store_error:
1227 -- __asm__ __volatile__ ("pmc_store_exc:\n");
1228 -- return PA_MEMCPY_STORE_ERROR;
1229 --}
1230 --
1231 --
1232 - /* Returns 0 for success, otherwise, returns number of bytes not transferred. */
1233 --static unsigned long pa_memcpy(void *dstp, const void *srcp, unsigned long len)
1234 --{
1235 -- unsigned long ret, fault_addr, reference;
1236 -- struct exception_data *d;
1237 --
1238 -- ret = pa_memcpy_internal(dstp, srcp, len);
1239 -- if (likely(ret == PA_MEMCPY_OK))
1240 -- return 0;
1241 --
1242 -- /* if a load or store fault occured we can get the faulty addr */
1243 -- d = this_cpu_ptr(&exception_data);
1244 -- fault_addr = d->fault_addr;
1245 --
1246 -- /* error in load or store? */
1247 -- if (ret == PA_MEMCPY_LOAD_ERROR)
1248 -- reference = (unsigned long) srcp;
1249 -- else
1250 -- reference = (unsigned long) dstp;
1251 -+extern unsigned long pa_memcpy(void *dst, const void *src,
1252 -+ unsigned long len);
1253 -
1254 -- DPRINTF("pa_memcpy: fault type = %lu, len=%lu fault_addr=%lu ref=%lu\n",
1255 -- ret, len, fault_addr, reference);
1256 --
1257 -- if (fault_addr >= reference)
1258 -- return len - (fault_addr - reference);
1259 -- else
1260 -- return len;
1261 --}
1262 --
1263 --#ifdef __KERNEL__
1264 - unsigned long __copy_to_user(void __user *dst, const void *src,
1265 - unsigned long len)
1266 - {
1267 -@@ -537,5 +84,3 @@ long probe_kernel_read(void *dst, const void *src, size_t size)
1268 -
1269 - return __probe_kernel_read(dst, src, size);
1270 - }
1271 --
1272 --#endif
1273 -diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
1274 -index 1a0b4f6..040c48f 100644
1275 ---- a/arch/parisc/mm/fault.c
1276 -+++ b/arch/parisc/mm/fault.c
1277 -@@ -149,6 +149,23 @@ int fixup_exception(struct pt_regs *regs)
1278 - d->fault_space = regs->isr;
1279 - d->fault_addr = regs->ior;
1280 -
1281 -+ /*
1282 -+ * Fix up get_user() and put_user().
1283 -+ * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() sets the least-significant
1284 -+ * bit in the relative address of the fixup routine to indicate
1285 -+ * that %r8 should be loaded with -EFAULT to report a userspace
1286 -+ * access error.
1287 -+ */
1288 -+ if (fix->fixup & 1) {
1289 -+ regs->gr[8] = -EFAULT;
1290 -+
1291 -+ /* zero target register for get_user() */
1292 -+ if (parisc_acctyp(0, regs->iir) == VM_READ) {
1293 -+ int treg = regs->iir & 0x1f;
1294 -+ regs->gr[treg] = 0;
1295 -+ }
1296 -+ }
1297 -+
1298 - regs->iaoq[0] = (unsigned long)&fix->fixup + fix->fixup;
1299 - regs->iaoq[0] &= ~3;
1300 - /*
1301 -diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S
1302 -index 779782f..9a53a06 100644
1303 ---- a/arch/x86/lib/memcpy_64.S
1304 -+++ b/arch/x86/lib/memcpy_64.S
1305 -@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(memcpy_mcsafe_unrolled)
1306 - _ASM_EXTABLE_FAULT(.L_copy_leading_bytes, .L_memcpy_mcsafe_fail)
1307 - _ASM_EXTABLE_FAULT(.L_cache_w0, .L_memcpy_mcsafe_fail)
1308 - _ASM_EXTABLE_FAULT(.L_cache_w1, .L_memcpy_mcsafe_fail)
1309 -- _ASM_EXTABLE_FAULT(.L_cache_w3, .L_memcpy_mcsafe_fail)
1310 -+ _ASM_EXTABLE_FAULT(.L_cache_w2, .L_memcpy_mcsafe_fail)
1311 - _ASM_EXTABLE_FAULT(.L_cache_w3, .L_memcpy_mcsafe_fail)
1312 - _ASM_EXTABLE_FAULT(.L_cache_w4, .L_memcpy_mcsafe_fail)
1313 - _ASM_EXTABLE_FAULT(.L_cache_w5, .L_memcpy_mcsafe_fail)
1314 -diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
1315 -index 887e571..aed2064 100644
1316 ---- a/arch/x86/mm/kaslr.c
1317 -+++ b/arch/x86/mm/kaslr.c
1318 -@@ -48,7 +48,7 @@ static const unsigned long vaddr_start = __PAGE_OFFSET_BASE;
1319 - #if defined(CONFIG_X86_ESPFIX64)
1320 - static const unsigned long vaddr_end = ESPFIX_BASE_ADDR;
1321 - #elif defined(CONFIG_EFI)
1322 --static const unsigned long vaddr_end = EFI_VA_START;
1323 -+static const unsigned long vaddr_end = EFI_VA_END;
1324 - #else
1325 - static const unsigned long vaddr_end = __START_KERNEL_map;
1326 - #endif
1327 -@@ -105,7 +105,7 @@ void __init kernel_randomize_memory(void)
1328 - */
1329 - BUILD_BUG_ON(vaddr_start >= vaddr_end);
1330 - BUILD_BUG_ON(IS_ENABLED(CONFIG_X86_ESPFIX64) &&
1331 -- vaddr_end >= EFI_VA_START);
1332 -+ vaddr_end >= EFI_VA_END);
1333 - BUILD_BUG_ON((IS_ENABLED(CONFIG_X86_ESPFIX64) ||
1334 - IS_ENABLED(CONFIG_EFI)) &&
1335 - vaddr_end >= __START_KERNEL_map);
1336 -diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
1337 -index f8960fc..9f21b0c 100644
1338 ---- a/arch/x86/xen/setup.c
1339 -+++ b/arch/x86/xen/setup.c
1340 -@@ -713,10 +713,9 @@ static void __init xen_reserve_xen_mfnlist(void)
1341 - size = PFN_PHYS(xen_start_info->nr_p2m_frames);
1342 - }
1343 -
1344 -- if (!xen_is_e820_reserved(start, size)) {
1345 -- memblock_reserve(start, size);
1346 -+ memblock_reserve(start, size);
1347 -+ if (!xen_is_e820_reserved(start, size))
1348 - return;
1349 -- }
1350 -
1351 - #ifdef CONFIG_X86_32
1352 - /*
1353 -@@ -727,6 +726,7 @@ static void __init xen_reserve_xen_mfnlist(void)
1354 - BUG();
1355 - #else
1356 - xen_relocate_p2m();
1357 -+ memblock_free(start, size);
1358 - #endif
1359 - }
1360 -
1361 -diff --git a/block/bio.c b/block/bio.c
1362 -index db85c57..655c901 100644
1363 ---- a/block/bio.c
1364 -+++ b/block/bio.c
1365 -@@ -372,10 +372,14 @@ static void punt_bios_to_rescuer(struct bio_set *bs)
1366 - bio_list_init(&punt);
1367 - bio_list_init(&nopunt);
1368 -
1369 -- while ((bio = bio_list_pop(current->bio_list)))
1370 -+ while ((bio = bio_list_pop(&current->bio_list[0])))
1371 - bio_list_add(bio->bi_pool == bs ? &punt : &nopunt, bio);
1372 -+ current->bio_list[0] = nopunt;
1373 -
1374 -- *current->bio_list = nopunt;
1375 -+ bio_list_init(&nopunt);
1376 -+ while ((bio = bio_list_pop(&current->bio_list[1])))
1377 -+ bio_list_add(bio->bi_pool == bs ? &punt : &nopunt, bio);
1378 -+ current->bio_list[1] = nopunt;
1379 -
1380 - spin_lock(&bs->rescue_lock);
1381 - bio_list_merge(&bs->rescue_list, &punt);
1382 -@@ -462,7 +466,9 @@ struct bio *bio_alloc_bioset(gfp_t gfp_mask, int nr_iovecs, struct bio_set *bs)
1383 - * we retry with the original gfp_flags.
1384 - */
1385 -
1386 -- if (current->bio_list && !bio_list_empty(current->bio_list))
1387 -+ if (current->bio_list &&
1388 -+ (!bio_list_empty(&current->bio_list[0]) ||
1389 -+ !bio_list_empty(&current->bio_list[1])))
1390 - gfp_mask &= ~__GFP_DIRECT_RECLAIM;
1391 -
1392 - p = mempool_alloc(bs->bio_pool, gfp_mask);
1393 -diff --git a/block/blk-core.c b/block/blk-core.c
1394 -index 14d7c07..d1f2801 100644
1395 ---- a/block/blk-core.c
1396 -+++ b/block/blk-core.c
1397 -@@ -1994,7 +1994,14 @@ generic_make_request_checks(struct bio *bio)
1398 - */
1399 - blk_qc_t generic_make_request(struct bio *bio)
1400 - {
1401 -- struct bio_list bio_list_on_stack;
1402 -+ /*
1403 -+ * bio_list_on_stack[0] contains bios submitted by the current
1404 -+ * make_request_fn.
1405 -+ * bio_list_on_stack[1] contains bios that were submitted before
1406 -+ * the current make_request_fn, but that haven't been processed
1407 -+ * yet.
1408 -+ */
1409 -+ struct bio_list bio_list_on_stack[2];
1410 - blk_qc_t ret = BLK_QC_T_NONE;
1411 -
1412 - if (!generic_make_request_checks(bio))
1413 -@@ -2011,7 +2018,7 @@ blk_qc_t generic_make_request(struct bio *bio)
1414 - * should be added at the tail
1415 - */
1416 - if (current->bio_list) {
1417 -- bio_list_add(current->bio_list, bio);
1418 -+ bio_list_add(&current->bio_list[0], bio);
1419 - goto out;
1420 - }
1421 -
1422 -@@ -2030,23 +2037,39 @@ blk_qc_t generic_make_request(struct bio *bio)
1423 - * bio_list, and call into ->make_request() again.
1424 - */
1425 - BUG_ON(bio->bi_next);
1426 -- bio_list_init(&bio_list_on_stack);
1427 -- current->bio_list = &bio_list_on_stack;
1428 -+ bio_list_init(&bio_list_on_stack[0]);
1429 -+ current->bio_list = bio_list_on_stack;
1430 - do {
1431 - struct request_queue *q = bdev_get_queue(bio->bi_bdev);
1432 -
1433 - if (likely(blk_queue_enter(q, false) == 0)) {
1434 -+ struct bio_list lower, same;
1435 -+
1436 -+ /* Create a fresh bio_list for all subordinate requests */
1437 -+ bio_list_on_stack[1] = bio_list_on_stack[0];
1438 -+ bio_list_init(&bio_list_on_stack[0]);
1439 - ret = q->make_request_fn(q, bio);
1440 -
1441 - blk_queue_exit(q);
1442 -
1443 -- bio = bio_list_pop(current->bio_list);
1444 -+ /* sort new bios into those for a lower level
1445 -+ * and those for the same level
1446 -+ */
1447 -+ bio_list_init(&lower);
1448 -+ bio_list_init(&same);
1449 -+ while ((bio = bio_list_pop(&bio_list_on_stack[0])) != NULL)
1450 -+ if (q == bdev_get_queue(bio->bi_bdev))
1451 -+ bio_list_add(&same, bio);
1452 -+ else
1453 -+ bio_list_add(&lower, bio);
1454 -+ /* now assemble so we handle the lowest level first */
1455 -+ bio_list_merge(&bio_list_on_stack[0], &lower);
1456 -+ bio_list_merge(&bio_list_on_stack[0], &same);
1457 -+ bio_list_merge(&bio_list_on_stack[0], &bio_list_on_stack[1]);
1458 - } else {
1459 -- struct bio *bio_next = bio_list_pop(current->bio_list);
1460 --
1461 - bio_io_error(bio);
1462 -- bio = bio_next;
1463 - }
1464 -+ bio = bio_list_pop(&bio_list_on_stack[0]);
1465 - } while (bio);
1466 - current->bio_list = NULL; /* deactivate */
1467 -
1468 -diff --git a/drivers/acpi/Makefile b/drivers/acpi/Makefile
1469 -index 9ed0878..4c5678c 100644
1470 ---- a/drivers/acpi/Makefile
1471 -+++ b/drivers/acpi/Makefile
1472 -@@ -2,7 +2,6 @@
1473 - # Makefile for the Linux ACPI interpreter
1474 - #
1475 -
1476 --ccflags-y := -Os
1477 - ccflags-$(CONFIG_ACPI_DEBUG) += -DACPI_DEBUG_OUTPUT
1478 -
1479 - #
1480 -diff --git a/drivers/acpi/acpi_platform.c b/drivers/acpi/acpi_platform.c
1481 -index b4c1a6a..03250e1 100644
1482 ---- a/drivers/acpi/acpi_platform.c
1483 -+++ b/drivers/acpi/acpi_platform.c
1484 -@@ -25,9 +25,11 @@
1485 - ACPI_MODULE_NAME("platform");
1486 -
1487 - static const struct acpi_device_id forbidden_id_list[] = {
1488 -- {"PNP0000", 0}, /* PIC */
1489 -- {"PNP0100", 0}, /* Timer */
1490 -- {"PNP0200", 0}, /* AT DMA Controller */
1491 -+ {"PNP0000", 0}, /* PIC */
1492 -+ {"PNP0100", 0}, /* Timer */
1493 -+ {"PNP0200", 0}, /* AT DMA Controller */
1494 -+ {"ACPI0009", 0}, /* IOxAPIC */
1495 -+ {"ACPI000A", 0}, /* IOAPIC */
1496 - {"", 0},
1497 - };
1498 -
1499 -diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
1500 -index b1254f8..b87d278 100644
1501 ---- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
1502 -+++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
1503 -@@ -1299,6 +1299,8 @@ int etnaviv_gpu_submit(struct etnaviv_gpu *gpu,
1504 - goto out_pm_put;
1505 - }
1506 -
1507 -+ mutex_lock(&gpu->lock);
1508 -+
1509 - fence = etnaviv_gpu_fence_alloc(gpu);
1510 - if (!fence) {
1511 - event_free(gpu, event);
1512 -@@ -1306,8 +1308,6 @@ int etnaviv_gpu_submit(struct etnaviv_gpu *gpu,
1513 - goto out_pm_put;
1514 - }
1515 -
1516 -- mutex_lock(&gpu->lock);
1517 --
1518 - gpu->event[event].fence = fence;
1519 - submit->fence = fence->seqno;
1520 - gpu->active_fence = submit->fence;
1521 -diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
1522 -index 3de5e6e..4ce04e0 100644
1523 ---- a/drivers/gpu/drm/radeon/radeon_ttm.c
1524 -+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
1525 -@@ -213,8 +213,8 @@ static void radeon_evict_flags(struct ttm_buffer_object *bo,
1526 - rbo->placement.num_busy_placement = 0;
1527 - for (i = 0; i < rbo->placement.num_placement; i++) {
1528 - if (rbo->placements[i].flags & TTM_PL_FLAG_VRAM) {
1529 -- if (rbo->placements[0].fpfn < fpfn)
1530 -- rbo->placements[0].fpfn = fpfn;
1531 -+ if (rbo->placements[i].fpfn < fpfn)
1532 -+ rbo->placements[i].fpfn = fpfn;
1533 - } else {
1534 - rbo->placement.busy_placement =
1535 - &rbo->placements[i];
1536 -diff --git a/drivers/gpu/drm/vc4/vc4_crtc.c b/drivers/gpu/drm/vc4/vc4_crtc.c
1537 -index 7aadce1..c7e6c98 100644
1538 ---- a/drivers/gpu/drm/vc4/vc4_crtc.c
1539 -+++ b/drivers/gpu/drm/vc4/vc4_crtc.c
1540 -@@ -842,6 +842,17 @@ static void vc4_crtc_destroy_state(struct drm_crtc *crtc,
1541 - drm_atomic_helper_crtc_destroy_state(crtc, state);
1542 - }
1543 -
1544 -+static void
1545 -+vc4_crtc_reset(struct drm_crtc *crtc)
1546 -+{
1547 -+ if (crtc->state)
1548 -+ __drm_atomic_helper_crtc_destroy_state(crtc->state);
1549 -+
1550 -+ crtc->state = kzalloc(sizeof(struct vc4_crtc_state), GFP_KERNEL);
1551 -+ if (crtc->state)
1552 -+ crtc->state->crtc = crtc;
1553 -+}
1554 -+
1555 - static const struct drm_crtc_funcs vc4_crtc_funcs = {
1556 - .set_config = drm_atomic_helper_set_config,
1557 - .destroy = vc4_crtc_destroy,
1558 -@@ -849,7 +860,7 @@ static const struct drm_crtc_funcs vc4_crtc_funcs = {
1559 - .set_property = NULL,
1560 - .cursor_set = NULL, /* handled by drm_mode_cursor_universal */
1561 - .cursor_move = NULL, /* handled by drm_mode_cursor_universal */
1562 -- .reset = drm_atomic_helper_crtc_reset,
1563 -+ .reset = vc4_crtc_reset,
1564 - .atomic_duplicate_state = vc4_crtc_duplicate_state,
1565 - .atomic_destroy_state = vc4_crtc_destroy_state,
1566 - .gamma_set = vc4_crtc_gamma_set,
1567 -diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
1568 -index 5e7a564..0c535d0 100644
1569 ---- a/drivers/hid/wacom_sys.c
1570 -+++ b/drivers/hid/wacom_sys.c
1571 -@@ -2017,6 +2017,14 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless)
1572 -
1573 - wacom_update_name(wacom, wireless ? " (WL)" : "");
1574 -
1575 -+ /* pen only Bamboo neither support touch nor pad */
1576 -+ if ((features->type == BAMBOO_PEN) &&
1577 -+ ((features->device_type & WACOM_DEVICETYPE_TOUCH) ||
1578 -+ (features->device_type & WACOM_DEVICETYPE_PAD))) {
1579 -+ error = -ENODEV;
1580 -+ goto fail;
1581 -+ }
1582 -+
1583 - error = wacom_add_shared_data(hdev);
1584 - if (error)
1585 - goto fail;
1586 -@@ -2064,14 +2072,6 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless)
1587 - goto fail_quirks;
1588 - }
1589 -
1590 -- /* pen only Bamboo neither support touch nor pad */
1591 -- if ((features->type == BAMBOO_PEN) &&
1592 -- ((features->device_type & WACOM_DEVICETYPE_TOUCH) ||
1593 -- (features->device_type & WACOM_DEVICETYPE_PAD))) {
1594 -- error = -ENODEV;
1595 -- goto fail_quirks;
1596 -- }
1597 --
1598 - if (features->device_type & WACOM_DEVICETYPE_WL_MONITOR)
1599 - error = hid_hw_open(hdev);
1600 -
1601 -diff --git a/drivers/md/dm.c b/drivers/md/dm.c
1602 -index 628ba00..e66f404 100644
1603 ---- a/drivers/md/dm.c
1604 -+++ b/drivers/md/dm.c
1605 -@@ -986,26 +986,29 @@ static void flush_current_bio_list(struct blk_plug_cb *cb, bool from_schedule)
1606 - struct dm_offload *o = container_of(cb, struct dm_offload, cb);
1607 - struct bio_list list;
1608 - struct bio *bio;
1609 -+ int i;
1610 -
1611 - INIT_LIST_HEAD(&o->cb.list);
1612 -
1613 - if (unlikely(!current->bio_list))
1614 - return;
1615 -
1616 -- list = *current->bio_list;
1617 -- bio_list_init(current->bio_list);
1618 --
1619 -- while ((bio = bio_list_pop(&list))) {
1620 -- struct bio_set *bs = bio->bi_pool;
1621 -- if (unlikely(!bs) || bs == fs_bio_set) {
1622 -- bio_list_add(current->bio_list, bio);
1623 -- continue;
1624 -+ for (i = 0; i < 2; i++) {
1625 -+ list = current->bio_list[i];
1626 -+ bio_list_init(&current->bio_list[i]);
1627 -+
1628 -+ while ((bio = bio_list_pop(&list))) {
1629 -+ struct bio_set *bs = bio->bi_pool;
1630 -+ if (unlikely(!bs) || bs == fs_bio_set) {
1631 -+ bio_list_add(&current->bio_list[i], bio);
1632 -+ continue;
1633 -+ }
1634 -+
1635 -+ spin_lock(&bs->rescue_lock);
1636 -+ bio_list_add(&bs->rescue_list, bio);
1637 -+ queue_work(bs->rescue_workqueue, &bs->rescue_work);
1638 -+ spin_unlock(&bs->rescue_lock);
1639 - }
1640 --
1641 -- spin_lock(&bs->rescue_lock);
1642 -- bio_list_add(&bs->rescue_list, bio);
1643 -- queue_work(bs->rescue_workqueue, &bs->rescue_work);
1644 -- spin_unlock(&bs->rescue_lock);
1645 - }
1646 - }
1647 -
1648 -diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
1649 -index 55b5e0e..4c4aab0 100644
1650 ---- a/drivers/md/raid10.c
1651 -+++ b/drivers/md/raid10.c
1652 -@@ -941,7 +941,8 @@ static void wait_barrier(struct r10conf *conf)
1653 - !conf->barrier ||
1654 - (atomic_read(&conf->nr_pending) &&
1655 - current->bio_list &&
1656 -- !bio_list_empty(current->bio_list)),
1657 -+ (!bio_list_empty(&current->bio_list[0]) ||
1658 -+ !bio_list_empty(&current->bio_list[1]))),
1659 - conf->resync_lock);
1660 - conf->nr_waiting--;
1661 - if (!conf->nr_waiting)
1662 -diff --git a/drivers/mmc/host/sdhci-of-at91.c b/drivers/mmc/host/sdhci-of-at91.c
1663 -index 387ae1c..a8b430f 100644
1664 ---- a/drivers/mmc/host/sdhci-of-at91.c
1665 -+++ b/drivers/mmc/host/sdhci-of-at91.c
1666 -@@ -29,6 +29,8 @@
1667 -
1668 - #include "sdhci-pltfm.h"
1669 -
1670 -+#define SDMMC_MC1R 0x204
1671 -+#define SDMMC_MC1R_DDR BIT(3)
1672 - #define SDMMC_CACR 0x230
1673 - #define SDMMC_CACR_CAPWREN BIT(0)
1674 - #define SDMMC_CACR_KEY (0x46 << 8)
1675 -@@ -103,11 +105,18 @@ static void sdhci_at91_set_power(struct sdhci_host *host, unsigned char mode,
1676 - sdhci_set_power_noreg(host, mode, vdd);
1677 - }
1678 -
1679 -+void sdhci_at91_set_uhs_signaling(struct sdhci_host *host, unsigned int timing)
1680 -+{
1681 -+ if (timing == MMC_TIMING_MMC_DDR52)
1682 -+ sdhci_writeb(host, SDMMC_MC1R_DDR, SDMMC_MC1R);
1683 -+ sdhci_set_uhs_signaling(host, timing);
1684 -+}
1685 -+
1686 - static const struct sdhci_ops sdhci_at91_sama5d2_ops = {
1687 - .set_clock = sdhci_at91_set_clock,
1688 - .set_bus_width = sdhci_set_bus_width,
1689 - .reset = sdhci_reset,
1690 -- .set_uhs_signaling = sdhci_set_uhs_signaling,
1691 -+ .set_uhs_signaling = sdhci_at91_set_uhs_signaling,
1692 - .set_power = sdhci_at91_set_power,
1693 - };
1694 -
1695 -diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
1696 -index a983ba0..7d275e7 100644
1697 ---- a/drivers/mmc/host/sdhci.c
1698 -+++ b/drivers/mmc/host/sdhci.c
1699 -@@ -1823,6 +1823,9 @@ static void sdhci_enable_sdio_irq(struct mmc_host *mmc, int enable)
1700 - struct sdhci_host *host = mmc_priv(mmc);
1701 - unsigned long flags;
1702 -
1703 -+ if (enable)
1704 -+ pm_runtime_get_noresume(host->mmc->parent);
1705 -+
1706 - spin_lock_irqsave(&host->lock, flags);
1707 - if (enable)
1708 - host->flags |= SDHCI_SDIO_IRQ_ENABLED;
1709 -@@ -1831,6 +1834,9 @@ static void sdhci_enable_sdio_irq(struct mmc_host *mmc, int enable)
1710 -
1711 - sdhci_enable_sdio_irq_nolock(host, enable);
1712 - spin_unlock_irqrestore(&host->lock, flags);
1713 -+
1714 -+ if (!enable)
1715 -+ pm_runtime_put_noidle(host->mmc->parent);
1716 - }
1717 -
1718 - static int sdhci_start_signal_voltage_switch(struct mmc_host *mmc,
1719 -diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
1720 -index da10b48..bde769b 100644
1721 ---- a/drivers/nvme/host/core.c
1722 -+++ b/drivers/nvme/host/core.c
1723 -@@ -2057,9 +2057,9 @@ void nvme_kill_queues(struct nvme_ctrl *ctrl)
1724 - * Revalidating a dead namespace sets capacity to 0. This will
1725 - * end buffered writers dirtying pages that can't be synced.
1726 - */
1727 -- if (ns->disk && !test_and_set_bit(NVME_NS_DEAD, &ns->flags))
1728 -- revalidate_disk(ns->disk);
1729 --
1730 -+ if (!ns->disk || test_and_set_bit(NVME_NS_DEAD, &ns->flags))
1731 -+ continue;
1732 -+ revalidate_disk(ns->disk);
1733 - blk_set_queue_dying(ns->queue);
1734 - blk_mq_abort_requeue_list(ns->queue);
1735 - blk_mq_start_stopped_hw_queues(ns->queue, true);
1736 -diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
1737 -index 5e52034..8a9c186 100644
1738 ---- a/drivers/nvme/host/pci.c
1739 -+++ b/drivers/nvme/host/pci.c
1740 -@@ -1983,8 +1983,10 @@ static void nvme_remove(struct pci_dev *pdev)
1741 -
1742 - pci_set_drvdata(pdev, NULL);
1743 -
1744 -- if (!pci_device_is_present(pdev))
1745 -+ if (!pci_device_is_present(pdev)) {
1746 - nvme_change_ctrl_state(&dev->ctrl, NVME_CTRL_DEAD);
1747 -+ nvme_dev_disable(dev, false);
1748 -+ }
1749 -
1750 - flush_work(&dev->reset_work);
1751 - nvme_uninit_ctrl(&dev->ctrl);
1752 -diff --git a/drivers/pci/host/pcie-iproc-bcma.c b/drivers/pci/host/pcie-iproc-bcma.c
1753 -index 8ce0890..46ca8ed 100644
1754 ---- a/drivers/pci/host/pcie-iproc-bcma.c
1755 -+++ b/drivers/pci/host/pcie-iproc-bcma.c
1756 -@@ -44,8 +44,7 @@ static int iproc_pcie_bcma_probe(struct bcma_device *bdev)
1757 - {
1758 - struct device *dev = &bdev->dev;
1759 - struct iproc_pcie *pcie;
1760 -- LIST_HEAD(res);
1761 -- struct resource res_mem;
1762 -+ LIST_HEAD(resources);
1763 - int ret;
1764 -
1765 - pcie = devm_kzalloc(dev, sizeof(*pcie), GFP_KERNEL);
1766 -@@ -62,22 +61,23 @@ static int iproc_pcie_bcma_probe(struct bcma_device *bdev)
1767 -
1768 - pcie->base_addr = bdev->addr;
1769 -
1770 -- res_mem.start = bdev->addr_s[0];
1771 -- res_mem.end = bdev->addr_s[0] + SZ_128M - 1;
1772 -- res_mem.name = "PCIe MEM space";
1773 -- res_mem.flags = IORESOURCE_MEM;
1774 -- pci_add_resource(&res, &res_mem);
1775 -+ pcie->mem.start = bdev->addr_s[0];
1776 -+ pcie->mem.end = bdev->addr_s[0] + SZ_128M - 1;
1777 -+ pcie->mem.name = "PCIe MEM space";
1778 -+ pcie->mem.flags = IORESOURCE_MEM;
1779 -+ pci_add_resource(&resources, &pcie->mem);
1780 -
1781 - pcie->map_irq = iproc_pcie_bcma_map_irq;
1782 -
1783 -- ret = iproc_pcie_setup(pcie, &res);
1784 -- if (ret)
1785 -+ ret = iproc_pcie_setup(pcie, &resources);
1786 -+ if (ret) {
1787 - dev_err(dev, "PCIe controller setup failed\n");
1788 --
1789 -- pci_free_resource_list(&res);
1790 -+ pci_free_resource_list(&resources);
1791 -+ return ret;
1792 -+ }
1793 -
1794 - bcma_set_drvdata(bdev, pcie);
1795 -- return ret;
1796 -+ return 0;
1797 - }
1798 -
1799 - static void iproc_pcie_bcma_remove(struct bcma_device *bdev)
1800 -diff --git a/drivers/pci/host/pcie-iproc-platform.c b/drivers/pci/host/pcie-iproc-platform.c
1801 -index a3de087..7dcaddc 100644
1802 ---- a/drivers/pci/host/pcie-iproc-platform.c
1803 -+++ b/drivers/pci/host/pcie-iproc-platform.c
1804 -@@ -46,7 +46,7 @@ static int iproc_pcie_pltfm_probe(struct platform_device *pdev)
1805 - struct device_node *np = dev->of_node;
1806 - struct resource reg;
1807 - resource_size_t iobase = 0;
1808 -- LIST_HEAD(res);
1809 -+ LIST_HEAD(resources);
1810 - int ret;
1811 -
1812 - of_id = of_match_device(iproc_pcie_of_match_table, dev);
1813 -@@ -108,23 +108,24 @@ static int iproc_pcie_pltfm_probe(struct platform_device *pdev)
1814 - pcie->phy = NULL;
1815 - }
1816 -
1817 -- ret = of_pci_get_host_bridge_resources(np, 0, 0xff, &res, &iobase);
1818 -+ ret = of_pci_get_host_bridge_resources(np, 0, 0xff, &resources,
1819 -+ &iobase);
1820 - if (ret) {
1821 -- dev_err(dev,
1822 -- "unable to get PCI host bridge resources\n");
1823 -+ dev_err(dev, "unable to get PCI host bridge resources\n");
1824 - return ret;
1825 - }
1826 -
1827 - pcie->map_irq = of_irq_parse_and_map_pci;
1828 -
1829 -- ret = iproc_pcie_setup(pcie, &res);
1830 -- if (ret)
1831 -+ ret = iproc_pcie_setup(pcie, &resources);
1832 -+ if (ret) {
1833 - dev_err(dev, "PCIe controller setup failed\n");
1834 --
1835 -- pci_free_resource_list(&res);
1836 -+ pci_free_resource_list(&resources);
1837 -+ return ret;
1838 -+ }
1839 -
1840 - platform_set_drvdata(pdev, pcie);
1841 -- return ret;
1842 -+ return 0;
1843 - }
1844 -
1845 - static int iproc_pcie_pltfm_remove(struct platform_device *pdev)
1846 -diff --git a/drivers/pci/host/pcie-iproc.h b/drivers/pci/host/pcie-iproc.h
1847 -index e84d93c..fa42267 100644
1848 ---- a/drivers/pci/host/pcie-iproc.h
1849 -+++ b/drivers/pci/host/pcie-iproc.h
1850 -@@ -68,6 +68,7 @@ struct iproc_pcie {
1851 - #ifdef CONFIG_ARM
1852 - struct pci_sys_data sysdata;
1853 - #endif
1854 -+ struct resource mem;
1855 - struct pci_bus *root_bus;
1856 - struct phy *phy;
1857 - int (*map_irq)(const struct pci_dev *, u8, u8);
1858 -diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
1859 -index 7bb2068..d314579 100644
1860 ---- a/drivers/scsi/device_handler/scsi_dh_alua.c
1861 -+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
1862 -@@ -113,7 +113,7 @@ struct alua_queue_data {
1863 - #define ALUA_POLICY_SWITCH_ALL 1
1864 -
1865 - static void alua_rtpg_work(struct work_struct *work);
1866 --static void alua_rtpg_queue(struct alua_port_group *pg,
1867 -+static bool alua_rtpg_queue(struct alua_port_group *pg,
1868 - struct scsi_device *sdev,
1869 - struct alua_queue_data *qdata, bool force);
1870 - static void alua_check(struct scsi_device *sdev, bool force);
1871 -@@ -862,7 +862,13 @@ static void alua_rtpg_work(struct work_struct *work)
1872 - kref_put(&pg->kref, release_port_group);
1873 - }
1874 -
1875 --static void alua_rtpg_queue(struct alua_port_group *pg,
1876 -+/**
1877 -+ * alua_rtpg_queue() - cause RTPG to be submitted asynchronously
1878 -+ *
1879 -+ * Returns true if and only if alua_rtpg_work() will be called asynchronously.
1880 -+ * That function is responsible for calling @qdata->fn().
1881 -+ */
1882 -+static bool alua_rtpg_queue(struct alua_port_group *pg,
1883 - struct scsi_device *sdev,
1884 - struct alua_queue_data *qdata, bool force)
1885 - {
1886 -@@ -870,8 +876,8 @@ static void alua_rtpg_queue(struct alua_port_group *pg,
1887 - unsigned long flags;
1888 - struct workqueue_struct *alua_wq = kaluad_wq;
1889 -
1890 -- if (!pg)
1891 -- return;
1892 -+ if (!pg || scsi_device_get(sdev))
1893 -+ return false;
1894 -
1895 - spin_lock_irqsave(&pg->lock, flags);
1896 - if (qdata) {
1897 -@@ -884,14 +890,12 @@ static void alua_rtpg_queue(struct alua_port_group *pg,
1898 - pg->flags |= ALUA_PG_RUN_RTPG;
1899 - kref_get(&pg->kref);
1900 - pg->rtpg_sdev = sdev;
1901 -- scsi_device_get(sdev);
1902 - start_queue = 1;
1903 - } else if (!(pg->flags & ALUA_PG_RUN_RTPG) && force) {
1904 - pg->flags |= ALUA_PG_RUN_RTPG;
1905 - /* Do not queue if the worker is already running */
1906 - if (!(pg->flags & ALUA_PG_RUNNING)) {
1907 - kref_get(&pg->kref);
1908 -- sdev = NULL;
1909 - start_queue = 1;
1910 - }
1911 - }
1912 -@@ -900,13 +904,17 @@ static void alua_rtpg_queue(struct alua_port_group *pg,
1913 - alua_wq = kaluad_sync_wq;
1914 - spin_unlock_irqrestore(&pg->lock, flags);
1915 -
1916 -- if (start_queue &&
1917 -- !queue_delayed_work(alua_wq, &pg->rtpg_work,
1918 -- msecs_to_jiffies(ALUA_RTPG_DELAY_MSECS))) {
1919 -- if (sdev)
1920 -- scsi_device_put(sdev);
1921 -- kref_put(&pg->kref, release_port_group);
1922 -+ if (start_queue) {
1923 -+ if (queue_delayed_work(alua_wq, &pg->rtpg_work,
1924 -+ msecs_to_jiffies(ALUA_RTPG_DELAY_MSECS)))
1925 -+ sdev = NULL;
1926 -+ else
1927 -+ kref_put(&pg->kref, release_port_group);
1928 - }
1929 -+ if (sdev)
1930 -+ scsi_device_put(sdev);
1931 -+
1932 -+ return true;
1933 - }
1934 -
1935 - /*
1936 -@@ -1007,11 +1015,13 @@ static int alua_activate(struct scsi_device *sdev,
1937 - mutex_unlock(&h->init_mutex);
1938 - goto out;
1939 - }
1940 -- fn = NULL;
1941 - rcu_read_unlock();
1942 - mutex_unlock(&h->init_mutex);
1943 -
1944 -- alua_rtpg_queue(pg, sdev, qdata, true);
1945 -+ if (alua_rtpg_queue(pg, sdev, qdata, true))
1946 -+ fn = NULL;
1947 -+ else
1948 -+ err = SCSI_DH_DEV_OFFLINED;
1949 - kref_put(&pg->kref, release_port_group);
1950 - out:
1951 - if (fn)
1952 -diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
1953 -index 763f012..87f5e694 100644
1954 ---- a/drivers/scsi/libsas/sas_ata.c
1955 -+++ b/drivers/scsi/libsas/sas_ata.c
1956 -@@ -221,7 +221,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc)
1957 - task->num_scatter = qc->n_elem;
1958 - } else {
1959 - for_each_sg(qc->sg, sg, qc->n_elem, si)
1960 -- xfer += sg->length;
1961 -+ xfer += sg_dma_len(sg);
1962 -
1963 - task->total_xfer_len = xfer;
1964 - task->num_scatter = si;
1965 -diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
1966 -index fe7469c..ad33238 100644
1967 ---- a/drivers/scsi/qla2xxx/qla_attr.c
1968 -+++ b/drivers/scsi/qla2xxx/qla_attr.c
1969 -@@ -2153,8 +2153,6 @@ qla24xx_vport_delete(struct fc_vport *fc_vport)
1970 - "Timer for the VP[%d] has stopped\n", vha->vp_idx);
1971 - }
1972 -
1973 -- BUG_ON(atomic_read(&vha->vref_count));
1974 --
1975 - qla2x00_free_fcports(vha);
1976 -
1977 - mutex_lock(&ha->vport_lock);
1978 -diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
1979 -index 73b12e4..8e63a7b 100644
1980 ---- a/drivers/scsi/qla2xxx/qla_def.h
1981 -+++ b/drivers/scsi/qla2xxx/qla_def.h
1982 -@@ -3742,6 +3742,7 @@ typedef struct scsi_qla_host {
1983 - struct qla8044_reset_template reset_tmplt;
1984 - struct qla_tgt_counters tgt_counters;
1985 - uint16_t bbcr;
1986 -+ wait_queue_head_t vref_waitq;
1987 - } scsi_qla_host_t;
1988 -
1989 - struct qla27xx_image_status {
1990 -@@ -3780,6 +3781,7 @@ struct qla_tgt_vp_map {
1991 - mb(); \
1992 - if (__vha->flags.delete_progress) { \
1993 - atomic_dec(&__vha->vref_count); \
1994 -+ wake_up(&__vha->vref_waitq); \
1995 - __bail = 1; \
1996 - } else { \
1997 - __bail = 0; \
1998 -@@ -3788,6 +3790,7 @@ struct qla_tgt_vp_map {
1999 -
2000 - #define QLA_VHA_MARK_NOT_BUSY(__vha) do { \
2001 - atomic_dec(&__vha->vref_count); \
2002 -+ wake_up(&__vha->vref_waitq); \
2003 - } while (0)
2004 -
2005 - /*
2006 -diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
2007 -index 5b09296..8f12f6b 100644
2008 ---- a/drivers/scsi/qla2xxx/qla_init.c
2009 -+++ b/drivers/scsi/qla2xxx/qla_init.c
2010 -@@ -4356,6 +4356,7 @@ qla2x00_update_fcports(scsi_qla_host_t *base_vha)
2011 - }
2012 - }
2013 - atomic_dec(&vha->vref_count);
2014 -+ wake_up(&vha->vref_waitq);
2015 - }
2016 - spin_unlock_irqrestore(&ha->vport_slock, flags);
2017 - }
2018 -diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c
2019 -index cf7ba52..3dfb54a 100644
2020 ---- a/drivers/scsi/qla2xxx/qla_mid.c
2021 -+++ b/drivers/scsi/qla2xxx/qla_mid.c
2022 -@@ -74,13 +74,14 @@ qla24xx_deallocate_vp_id(scsi_qla_host_t *vha)
2023 - * ensures no active vp_list traversal while the vport is removed
2024 - * from the queue)
2025 - */
2026 -- spin_lock_irqsave(&ha->vport_slock, flags);
2027 -- while (atomic_read(&vha->vref_count)) {
2028 -- spin_unlock_irqrestore(&ha->vport_slock, flags);
2029 --
2030 -- msleep(500);
2031 -+ wait_event_timeout(vha->vref_waitq, atomic_read(&vha->vref_count),
2032 -+ 10*HZ);
2033 -
2034 -- spin_lock_irqsave(&ha->vport_slock, flags);
2035 -+ spin_lock_irqsave(&ha->vport_slock, flags);
2036 -+ if (atomic_read(&vha->vref_count)) {
2037 -+ ql_dbg(ql_dbg_vport, vha, 0xfffa,
2038 -+ "vha->vref_count=%u timeout\n", vha->vref_count.counter);
2039 -+ vha->vref_count = (atomic_t)ATOMIC_INIT(0);
2040 - }
2041 - list_del(&vha->list);
2042 - qlt_update_vp_map(vha, RESET_VP_IDX);
2043 -@@ -269,6 +270,7 @@ qla2x00_alert_all_vps(struct rsp_que *rsp, uint16_t *mb)
2044 -
2045 - spin_lock_irqsave(&ha->vport_slock, flags);
2046 - atomic_dec(&vha->vref_count);
2047 -+ wake_up(&vha->vref_waitq);
2048 - }
2049 - i++;
2050 - }
2051 -diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
2052 -index bea819e..4f361d8 100644
2053 ---- a/drivers/scsi/qla2xxx/qla_os.c
2054 -+++ b/drivers/scsi/qla2xxx/qla_os.c
2055 -@@ -4045,6 +4045,7 @@ struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *sht,
2056 -
2057 - spin_lock_init(&vha->work_lock);
2058 - spin_lock_init(&vha->cmd_list_lock);
2059 -+ init_waitqueue_head(&vha->vref_waitq);
2060 -
2061 - sprintf(vha->host_str, "%s_%ld", QLA2XXX_DRIVER_NAME, vha->host_no);
2062 - ql_dbg(ql_dbg_init, vha, 0x0041,
2063 -diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
2064 -index 121de0a..f753df2 100644
2065 ---- a/drivers/scsi/sg.c
2066 -+++ b/drivers/scsi/sg.c
2067 -@@ -998,6 +998,8 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
2068 - result = get_user(val, ip);
2069 - if (result)
2070 - return result;
2071 -+ if (val > SG_MAX_CDB_SIZE)
2072 -+ return -ENOMEM;
2073 - sfp->next_cmd_len = (val > 0) ? val : 0;
2074 - return 0;
2075 - case SG_GET_VERSION_NUM:
2076 -diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
2077 -index fabbe76..4d079cd 100644
2078 ---- a/drivers/tty/serial/atmel_serial.c
2079 -+++ b/drivers/tty/serial/atmel_serial.c
2080 -@@ -1938,6 +1938,11 @@ static void atmel_flush_buffer(struct uart_port *port)
2081 - atmel_uart_writel(port, ATMEL_PDC_TCR, 0);
2082 - atmel_port->pdc_tx.ofs = 0;
2083 - }
2084 -+ /*
2085 -+ * in uart_flush_buffer(), the xmit circular buffer has just
2086 -+ * been cleared, so we have to reset tx_len accordingly.
2087 -+ */
2088 -+ atmel_port->tx_len = 0;
2089 - }
2090 -
2091 - /*
2092 -@@ -2471,6 +2476,9 @@ static void atmel_console_write(struct console *co, const char *s, u_int count)
2093 - pdc_tx = atmel_uart_readl(port, ATMEL_PDC_PTSR) & ATMEL_PDC_TXTEN;
2094 - atmel_uart_writel(port, ATMEL_PDC_PTCR, ATMEL_PDC_TXTDIS);
2095 -
2096 -+ /* Make sure that tx path is actually able to send characters */
2097 -+ atmel_uart_writel(port, ATMEL_US_CR, ATMEL_US_TXEN);
2098 -+
2099 - uart_console_write(port, s, count, atmel_console_putchar);
2100 -
2101 - /*
2102 -diff --git a/drivers/tty/serial/mxs-auart.c b/drivers/tty/serial/mxs-auart.c
2103 -index 770454e..07390f8 100644
2104 ---- a/drivers/tty/serial/mxs-auart.c
2105 -+++ b/drivers/tty/serial/mxs-auart.c
2106 -@@ -1085,7 +1085,7 @@ static void mxs_auart_settermios(struct uart_port *u,
2107 - AUART_LINECTRL_BAUD_DIV_MAX);
2108 - baud_max = u->uartclk * 32 / AUART_LINECTRL_BAUD_DIV_MIN;
2109 - baud = uart_get_baud_rate(u, termios, old, baud_min, baud_max);
2110 -- div = u->uartclk * 32 / baud;
2111 -+ div = DIV_ROUND_CLOSEST(u->uartclk * 32, baud);
2112 - }
2113 -
2114 - ctrl |= AUART_LINECTRL_BAUD_DIVFRAC(div & 0x3F);
2115 -diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
2116 -index 479e223..f029aad 100644
2117 ---- a/drivers/usb/core/hcd.c
2118 -+++ b/drivers/usb/core/hcd.c
2119 -@@ -520,8 +520,10 @@ static int rh_call_control (struct usb_hcd *hcd, struct urb *urb)
2120 - */
2121 - tbuf_size = max_t(u16, sizeof(struct usb_hub_descriptor), wLength);
2122 - tbuf = kzalloc(tbuf_size, GFP_KERNEL);
2123 -- if (!tbuf)
2124 -- return -ENOMEM;
2125 -+ if (!tbuf) {
2126 -+ status = -ENOMEM;
2127 -+ goto err_alloc;
2128 -+ }
2129 -
2130 - bufp = tbuf;
2131 -
2132 -@@ -734,6 +736,7 @@ static int rh_call_control (struct usb_hcd *hcd, struct urb *urb)
2133 - }
2134 -
2135 - kfree(tbuf);
2136 -+ err_alloc:
2137 -
2138 - /* any errors get returned through the urb completion */
2139 - spin_lock_irq(&hcd_root_hub_lock);
2140 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
2141 -index 1536aeb..4e894d3 100644
2142 ---- a/fs/nfs/nfs4proc.c
2143 -+++ b/fs/nfs/nfs4proc.c
2144 -@@ -2532,17 +2532,14 @@ static void nfs41_check_delegation_stateid(struct nfs4_state *state)
2145 - }
2146 -
2147 - nfs4_stateid_copy(&stateid, &delegation->stateid);
2148 -- if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) {
2149 -+ if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) ||
2150 -+ !test_and_clear_bit(NFS_DELEGATION_TEST_EXPIRED,
2151 -+ &delegation->flags)) {
2152 - rcu_read_unlock();
2153 - nfs_finish_clear_delegation_stateid(state, &stateid);
2154 - return;
2155 - }
2156 -
2157 -- if (!test_and_clear_bit(NFS_DELEGATION_TEST_EXPIRED, &delegation->flags)) {
2158 -- rcu_read_unlock();
2159 -- return;
2160 -- }
2161 --
2162 - cred = get_rpccred(delegation->cred);
2163 - rcu_read_unlock();
2164 - status = nfs41_test_and_free_expired_stateid(server, &stateid, cred);
2165 -diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c
2166 -index 010aff5..536009e 100644
2167 ---- a/fs/nfsd/nfsproc.c
2168 -+++ b/fs/nfsd/nfsproc.c
2169 -@@ -790,6 +790,7 @@ nfserrno (int errno)
2170 - { nfserr_serverfault, -ESERVERFAULT },
2171 - { nfserr_serverfault, -ENFILE },
2172 - { nfserr_io, -EUCLEAN },
2173 -+ { nfserr_perm, -ENOKEY },
2174 - };
2175 - int i;
2176 -
2177 -diff --git a/fs/xfs/libxfs/xfs_ag_resv.c b/fs/xfs/libxfs/xfs_ag_resv.c
2178 -index d346d42..33db69b 100644
2179 ---- a/fs/xfs/libxfs/xfs_ag_resv.c
2180 -+++ b/fs/xfs/libxfs/xfs_ag_resv.c
2181 -@@ -39,6 +39,7 @@
2182 - #include "xfs_rmap_btree.h"
2183 - #include "xfs_btree.h"
2184 - #include "xfs_refcount_btree.h"
2185 -+#include "xfs_ialloc_btree.h"
2186 -
2187 - /*
2188 - * Per-AG Block Reservations
2189 -@@ -200,22 +201,30 @@ __xfs_ag_resv_init(
2190 - struct xfs_mount *mp = pag->pag_mount;
2191 - struct xfs_ag_resv *resv;
2192 - int error;
2193 -+ xfs_extlen_t reserved;
2194 -
2195 -- resv = xfs_perag_resv(pag, type);
2196 - if (used > ask)
2197 - ask = used;
2198 -- resv->ar_asked = ask;
2199 -- resv->ar_reserved = resv->ar_orig_reserved = ask - used;
2200 -- mp->m_ag_max_usable -= ask;
2201 -+ reserved = ask - used;
2202 -
2203 -- trace_xfs_ag_resv_init(pag, type, ask);
2204 --
2205 -- error = xfs_mod_fdblocks(mp, -(int64_t)resv->ar_reserved, true);
2206 -- if (error)
2207 -+ error = xfs_mod_fdblocks(mp, -(int64_t)reserved, true);
2208 -+ if (error) {
2209 - trace_xfs_ag_resv_init_error(pag->pag_mount, pag->pag_agno,
2210 - error, _RET_IP_);
2211 -+ xfs_warn(mp,
2212 -+"Per-AG reservation for AG %u failed. Filesystem may run out of space.",
2213 -+ pag->pag_agno);
2214 -+ return error;
2215 -+ }
2216 -
2217 -- return error;
2218 -+ mp->m_ag_max_usable -= ask;
2219 -+
2220 -+ resv = xfs_perag_resv(pag, type);
2221 -+ resv->ar_asked = ask;
2222 -+ resv->ar_reserved = resv->ar_orig_reserved = reserved;
2223 -+
2224 -+ trace_xfs_ag_resv_init(pag, type, ask);
2225 -+ return 0;
2226 - }
2227 -
2228 - /* Create a per-AG block reservation. */
2229 -@@ -223,6 +232,8 @@ int
2230 - xfs_ag_resv_init(
2231 - struct xfs_perag *pag)
2232 - {
2233 -+ struct xfs_mount *mp = pag->pag_mount;
2234 -+ xfs_agnumber_t agno = pag->pag_agno;
2235 - xfs_extlen_t ask;
2236 - xfs_extlen_t used;
2237 - int error = 0;
2238 -@@ -231,23 +242,45 @@ xfs_ag_resv_init(
2239 - if (pag->pag_meta_resv.ar_asked == 0) {
2240 - ask = used = 0;
2241 -
2242 -- error = xfs_refcountbt_calc_reserves(pag->pag_mount,
2243 -- pag->pag_agno, &ask, &used);
2244 -+ error = xfs_refcountbt_calc_reserves(mp, agno, &ask, &used);
2245 - if (error)
2246 - goto out;
2247 -
2248 -- error = __xfs_ag_resv_init(pag, XFS_AG_RESV_METADATA,
2249 -- ask, used);
2250 -+ error = xfs_finobt_calc_reserves(mp, agno, &ask, &used);
2251 - if (error)
2252 - goto out;
2253 -+
2254 -+ error = __xfs_ag_resv_init(pag, XFS_AG_RESV_METADATA,
2255 -+ ask, used);
2256 -+ if (error) {
2257 -+ /*
2258 -+ * Because we didn't have per-AG reservations when the
2259 -+ * finobt feature was added we might not be able to
2260 -+ * reserve all needed blocks. Warn and fall back to the
2261 -+ * old and potentially buggy code in that case, but
2262 -+ * ensure we do have the reservation for the refcountbt.
2263 -+ */
2264 -+ ask = used = 0;
2265 -+
2266 -+ mp->m_inotbt_nores = true;
2267 -+
2268 -+ error = xfs_refcountbt_calc_reserves(mp, agno, &ask,
2269 -+ &used);
2270 -+ if (error)
2271 -+ goto out;
2272 -+
2273 -+ error = __xfs_ag_resv_init(pag, XFS_AG_RESV_METADATA,
2274 -+ ask, used);
2275 -+ if (error)
2276 -+ goto out;
2277 -+ }
2278 - }
2279 -
2280 - /* Create the AGFL metadata reservation */
2281 - if (pag->pag_agfl_resv.ar_asked == 0) {
2282 - ask = used = 0;
2283 -
2284 -- error = xfs_rmapbt_calc_reserves(pag->pag_mount, pag->pag_agno,
2285 -- &ask, &used);
2286 -+ error = xfs_rmapbt_calc_reserves(mp, agno, &ask, &used);
2287 - if (error)
2288 - goto out;
2289 -
2290 -@@ -256,9 +289,16 @@ xfs_ag_resv_init(
2291 - goto out;
2292 - }
2293 -
2294 -+#ifdef DEBUG
2295 -+ /* need to read in the AGF for the ASSERT below to work */
2296 -+ error = xfs_alloc_pagf_init(pag->pag_mount, NULL, pag->pag_agno, 0);
2297 -+ if (error)
2298 -+ return error;
2299 -+
2300 - ASSERT(xfs_perag_resv(pag, XFS_AG_RESV_METADATA)->ar_reserved +
2301 - xfs_perag_resv(pag, XFS_AG_RESV_AGFL)->ar_reserved <=
2302 - pag->pagf_freeblks + pag->pagf_flcount);
2303 -+#endif
2304 - out:
2305 - return error;
2306 - }
2307 -diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
2308 -index f52fd63..5a508b0 100644
2309 ---- a/fs/xfs/libxfs/xfs_bmap.c
2310 -+++ b/fs/xfs/libxfs/xfs_bmap.c
2311 -@@ -769,8 +769,8 @@ xfs_bmap_extents_to_btree(
2312 - args.type = XFS_ALLOCTYPE_START_BNO;
2313 - args.fsbno = XFS_INO_TO_FSB(mp, ip->i_ino);
2314 - } else if (dfops->dop_low) {
2315 --try_another_ag:
2316 - args.type = XFS_ALLOCTYPE_START_BNO;
2317 -+try_another_ag:
2318 - args.fsbno = *firstblock;
2319 - } else {
2320 - args.type = XFS_ALLOCTYPE_NEAR_BNO;
2321 -@@ -796,17 +796,19 @@ xfs_bmap_extents_to_btree(
2322 - if (xfs_sb_version_hasreflink(&cur->bc_mp->m_sb) &&
2323 - args.fsbno == NULLFSBLOCK &&
2324 - args.type == XFS_ALLOCTYPE_NEAR_BNO) {
2325 -- dfops->dop_low = true;
2326 -+ args.type = XFS_ALLOCTYPE_FIRST_AG;
2327 - goto try_another_ag;
2328 - }
2329 -+ if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) {
2330 -+ xfs_iroot_realloc(ip, -1, whichfork);
2331 -+ xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
2332 -+ return -ENOSPC;
2333 -+ }
2334 - /*
2335 - * Allocation can't fail, the space was reserved.
2336 - */
2337 -- ASSERT(args.fsbno != NULLFSBLOCK);
2338 - ASSERT(*firstblock == NULLFSBLOCK ||
2339 -- args.agno == XFS_FSB_TO_AGNO(mp, *firstblock) ||
2340 -- (dfops->dop_low &&
2341 -- args.agno > XFS_FSB_TO_AGNO(mp, *firstblock)));
2342 -+ args.agno >= XFS_FSB_TO_AGNO(mp, *firstblock));
2343 - *firstblock = cur->bc_private.b.firstblock = args.fsbno;
2344 - cur->bc_private.b.allocated++;
2345 - ip->i_d.di_nblocks++;
2346 -@@ -1278,7 +1280,6 @@ xfs_bmap_read_extents(
2347 - /* REFERENCED */
2348 - xfs_extnum_t room; /* number of entries there's room for */
2349 -
2350 -- bno = NULLFSBLOCK;
2351 - mp = ip->i_mount;
2352 - ifp = XFS_IFORK_PTR(ip, whichfork);
2353 - exntf = (whichfork != XFS_DATA_FORK) ? XFS_EXTFMT_NOSTATE :
2354 -@@ -1291,9 +1292,7 @@ xfs_bmap_read_extents(
2355 - ASSERT(level > 0);
2356 - pp = XFS_BMAP_BROOT_PTR_ADDR(mp, block, 1, ifp->if_broot_bytes);
2357 - bno = be64_to_cpu(*pp);
2358 -- ASSERT(bno != NULLFSBLOCK);
2359 -- ASSERT(XFS_FSB_TO_AGNO(mp, bno) < mp->m_sb.sb_agcount);
2360 -- ASSERT(XFS_FSB_TO_AGBNO(mp, bno) < mp->m_sb.sb_agblocks);
2361 -+
2362 - /*
2363 - * Go down the tree until leaf level is reached, following the first
2364 - * pointer (leftmost) at each level.
2365 -@@ -1955,6 +1954,7 @@ xfs_bmap_add_extent_delay_real(
2366 - */
2367 - trace_xfs_bmap_pre_update(bma->ip, bma->idx, state, _THIS_IP_);
2368 - xfs_bmbt_set_startblock(ep, new->br_startblock);
2369 -+ xfs_bmbt_set_state(ep, new->br_state);
2370 - trace_xfs_bmap_post_update(bma->ip, bma->idx, state, _THIS_IP_);
2371 -
2372 - (*nextents)++;
2373 -@@ -2293,6 +2293,7 @@ STATIC int /* error */
2374 - xfs_bmap_add_extent_unwritten_real(
2375 - struct xfs_trans *tp,
2376 - xfs_inode_t *ip, /* incore inode pointer */
2377 -+ int whichfork,
2378 - xfs_extnum_t *idx, /* extent number to update/insert */
2379 - xfs_btree_cur_t **curp, /* if *curp is null, not a btree */
2380 - xfs_bmbt_irec_t *new, /* new data to add to file extents */
2381 -@@ -2312,12 +2313,14 @@ xfs_bmap_add_extent_unwritten_real(
2382 - /* left is 0, right is 1, prev is 2 */
2383 - int rval=0; /* return value (logging flags) */
2384 - int state = 0;/* state bits, accessed thru macros */
2385 -- struct xfs_mount *mp = tp->t_mountp;
2386 -+ struct xfs_mount *mp = ip->i_mount;
2387 -
2388 - *logflagsp = 0;
2389 -
2390 - cur = *curp;
2391 -- ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
2392 -+ ifp = XFS_IFORK_PTR(ip, whichfork);
2393 -+ if (whichfork == XFS_COW_FORK)
2394 -+ state |= BMAP_COWFORK;
2395 -
2396 - ASSERT(*idx >= 0);
2397 - ASSERT(*idx <= xfs_iext_count(ifp));
2398 -@@ -2376,7 +2379,7 @@ xfs_bmap_add_extent_unwritten_real(
2399 - * Don't set contiguous if the combined extent would be too large.
2400 - * Also check for all-three-contiguous being too large.
2401 - */
2402 -- if (*idx < xfs_iext_count(&ip->i_df) - 1) {
2403 -+ if (*idx < xfs_iext_count(ifp) - 1) {
2404 - state |= BMAP_RIGHT_VALID;
2405 - xfs_bmbt_get_all(xfs_iext_get_ext(ifp, *idx + 1), &RIGHT);
2406 - if (isnullstartblock(RIGHT.br_startblock))
2407 -@@ -2416,7 +2419,8 @@ xfs_bmap_add_extent_unwritten_real(
2408 - trace_xfs_bmap_post_update(ip, *idx, state, _THIS_IP_);
2409 -
2410 - xfs_iext_remove(ip, *idx + 1, 2, state);
2411 -- ip->i_d.di_nextents -= 2;
2412 -+ XFS_IFORK_NEXT_SET(ip, whichfork,
2413 -+ XFS_IFORK_NEXTENTS(ip, whichfork) - 2);
2414 - if (cur == NULL)
2415 - rval = XFS_ILOG_CORE | XFS_ILOG_DEXT;
2416 - else {
2417 -@@ -2459,7 +2463,8 @@ xfs_bmap_add_extent_unwritten_real(
2418 - trace_xfs_bmap_post_update(ip, *idx, state, _THIS_IP_);
2419 -
2420 - xfs_iext_remove(ip, *idx + 1, 1, state);
2421 -- ip->i_d.di_nextents--;
2422 -+ XFS_IFORK_NEXT_SET(ip, whichfork,
2423 -+ XFS_IFORK_NEXTENTS(ip, whichfork) - 1);
2424 - if (cur == NULL)
2425 - rval = XFS_ILOG_CORE | XFS_ILOG_DEXT;
2426 - else {
2427 -@@ -2494,7 +2499,8 @@ xfs_bmap_add_extent_unwritten_real(
2428 - xfs_bmbt_set_state(ep, newext);
2429 - trace_xfs_bmap_post_update(ip, *idx, state, _THIS_IP_);
2430 - xfs_iext_remove(ip, *idx + 1, 1, state);
2431 -- ip->i_d.di_nextents--;
2432 -+ XFS_IFORK_NEXT_SET(ip, whichfork,
2433 -+ XFS_IFORK_NEXTENTS(ip, whichfork) - 1);
2434 - if (cur == NULL)
2435 - rval = XFS_ILOG_CORE | XFS_ILOG_DEXT;
2436 - else {
2437 -@@ -2606,7 +2612,8 @@ xfs_bmap_add_extent_unwritten_real(
2438 - trace_xfs_bmap_post_update(ip, *idx, state, _THIS_IP_);
2439 -
2440 - xfs_iext_insert(ip, *idx, 1, new, state);
2441 -- ip->i_d.di_nextents++;
2442 -+ XFS_IFORK_NEXT_SET(ip, whichfork,
2443 -+ XFS_IFORK_NEXTENTS(ip, whichfork) + 1);
2444 - if (cur == NULL)
2445 - rval = XFS_ILOG_CORE | XFS_ILOG_DEXT;
2446 - else {
2447 -@@ -2684,7 +2691,8 @@ xfs_bmap_add_extent_unwritten_real(
2448 - ++*idx;
2449 - xfs_iext_insert(ip, *idx, 1, new, state);
2450 -
2451 -- ip->i_d.di_nextents++;
2452 -+ XFS_IFORK_NEXT_SET(ip, whichfork,
2453 -+ XFS_IFORK_NEXTENTS(ip, whichfork) + 1);
2454 - if (cur == NULL)
2455 - rval = XFS_ILOG_CORE | XFS_ILOG_DEXT;
2456 - else {
2457 -@@ -2732,7 +2740,8 @@ xfs_bmap_add_extent_unwritten_real(
2458 - ++*idx;
2459 - xfs_iext_insert(ip, *idx, 2, &r[0], state);
2460 -
2461 -- ip->i_d.di_nextents += 2;
2462 -+ XFS_IFORK_NEXT_SET(ip, whichfork,
2463 -+ XFS_IFORK_NEXTENTS(ip, whichfork) + 2);
2464 - if (cur == NULL)
2465 - rval = XFS_ILOG_CORE | XFS_ILOG_DEXT;
2466 - else {
2467 -@@ -2786,17 +2795,17 @@ xfs_bmap_add_extent_unwritten_real(
2468 - }
2469 -
2470 - /* update reverse mappings */
2471 -- error = xfs_rmap_convert_extent(mp, dfops, ip, XFS_DATA_FORK, new);
2472 -+ error = xfs_rmap_convert_extent(mp, dfops, ip, whichfork, new);
2473 - if (error)
2474 - goto done;
2475 -
2476 - /* convert to a btree if necessary */
2477 -- if (xfs_bmap_needs_btree(ip, XFS_DATA_FORK)) {
2478 -+ if (xfs_bmap_needs_btree(ip, whichfork)) {
2479 - int tmp_logflags; /* partial log flag return val */
2480 -
2481 - ASSERT(cur == NULL);
2482 - error = xfs_bmap_extents_to_btree(tp, ip, first, dfops, &cur,
2483 -- 0, &tmp_logflags, XFS_DATA_FORK);
2484 -+ 0, &tmp_logflags, whichfork);
2485 - *logflagsp |= tmp_logflags;
2486 - if (error)
2487 - goto done;
2488 -@@ -2808,7 +2817,7 @@ xfs_bmap_add_extent_unwritten_real(
2489 - *curp = cur;
2490 - }
2491 -
2492 -- xfs_bmap_check_leaf_extents(*curp, ip, XFS_DATA_FORK);
2493 -+ xfs_bmap_check_leaf_extents(*curp, ip, whichfork);
2494 - done:
2495 - *logflagsp |= rval;
2496 - return error;
2497 -@@ -2900,7 +2909,8 @@ xfs_bmap_add_extent_hole_delay(
2498 - oldlen = startblockval(left.br_startblock) +
2499 - startblockval(new->br_startblock) +
2500 - startblockval(right.br_startblock);
2501 -- newlen = xfs_bmap_worst_indlen(ip, temp);
2502 -+ newlen = XFS_FILBLKS_MIN(xfs_bmap_worst_indlen(ip, temp),
2503 -+ oldlen);
2504 - xfs_bmbt_set_startblock(xfs_iext_get_ext(ifp, *idx),
2505 - nullstartblock((int)newlen));
2506 - trace_xfs_bmap_post_update(ip, *idx, state, _THIS_IP_);
2507 -@@ -2921,7 +2931,8 @@ xfs_bmap_add_extent_hole_delay(
2508 - xfs_bmbt_set_blockcount(xfs_iext_get_ext(ifp, *idx), temp);
2509 - oldlen = startblockval(left.br_startblock) +
2510 - startblockval(new->br_startblock);
2511 -- newlen = xfs_bmap_worst_indlen(ip, temp);
2512 -+ newlen = XFS_FILBLKS_MIN(xfs_bmap_worst_indlen(ip, temp),
2513 -+ oldlen);
2514 - xfs_bmbt_set_startblock(xfs_iext_get_ext(ifp, *idx),
2515 - nullstartblock((int)newlen));
2516 - trace_xfs_bmap_post_update(ip, *idx, state, _THIS_IP_);
2517 -@@ -2937,7 +2948,8 @@ xfs_bmap_add_extent_hole_delay(
2518 - temp = new->br_blockcount + right.br_blockcount;
2519 - oldlen = startblockval(new->br_startblock) +
2520 - startblockval(right.br_startblock);
2521 -- newlen = xfs_bmap_worst_indlen(ip, temp);
2522 -+ newlen = XFS_FILBLKS_MIN(xfs_bmap_worst_indlen(ip, temp),
2523 -+ oldlen);
2524 - xfs_bmbt_set_allf(xfs_iext_get_ext(ifp, *idx),
2525 - new->br_startoff,
2526 - nullstartblock((int)newlen), temp, right.br_state);
2527 -@@ -3913,17 +3925,13 @@ xfs_bmap_btalloc(
2528 - * the first block that was allocated.
2529 - */
2530 - ASSERT(*ap->firstblock == NULLFSBLOCK ||
2531 -- XFS_FSB_TO_AGNO(mp, *ap->firstblock) ==
2532 -- XFS_FSB_TO_AGNO(mp, args.fsbno) ||
2533 -- (ap->dfops->dop_low &&
2534 -- XFS_FSB_TO_AGNO(mp, *ap->firstblock) <
2535 -- XFS_FSB_TO_AGNO(mp, args.fsbno)));
2536 -+ XFS_FSB_TO_AGNO(mp, *ap->firstblock) <=
2537 -+ XFS_FSB_TO_AGNO(mp, args.fsbno));
2538 -
2539 - ap->blkno = args.fsbno;
2540 - if (*ap->firstblock == NULLFSBLOCK)
2541 - *ap->firstblock = args.fsbno;
2542 -- ASSERT(nullfb || fb_agno == args.agno ||
2543 -- (ap->dfops->dop_low && fb_agno < args.agno));
2544 -+ ASSERT(nullfb || fb_agno <= args.agno);
2545 - ap->length = args.len;
2546 - if (!(ap->flags & XFS_BMAPI_COWFORK))
2547 - ap->ip->i_d.di_nblocks += args.len;
2548 -@@ -4249,6 +4257,19 @@ xfs_bmapi_read(
2549 - return 0;
2550 - }
2551 -
2552 -+/*
2553 -+ * Add a delayed allocation extent to an inode. Blocks are reserved from the
2554 -+ * global pool and the extent inserted into the inode in-core extent tree.
2555 -+ *
2556 -+ * On entry, got refers to the first extent beyond the offset of the extent to
2557 -+ * allocate or eof is specified if no such extent exists. On return, got refers
2558 -+ * to the extent record that was inserted to the inode fork.
2559 -+ *
2560 -+ * Note that the allocated extent may have been merged with contiguous extents
2561 -+ * during insertion into the inode fork. Thus, got does not reflect the current
2562 -+ * state of the inode fork on return. If necessary, the caller can use lastx to
2563 -+ * look up the updated record in the inode fork.
2564 -+ */
2565 - int
2566 - xfs_bmapi_reserve_delalloc(
2567 - struct xfs_inode *ip,
2568 -@@ -4335,13 +4356,8 @@ xfs_bmapi_reserve_delalloc(
2569 - got->br_startblock = nullstartblock(indlen);
2570 - got->br_blockcount = alen;
2571 - got->br_state = XFS_EXT_NORM;
2572 -- xfs_bmap_add_extent_hole_delay(ip, whichfork, lastx, got);
2573 -
2574 -- /*
2575 -- * Update our extent pointer, given that xfs_bmap_add_extent_hole_delay
2576 -- * might have merged it into one of the neighbouring ones.
2577 -- */
2578 -- xfs_bmbt_get_all(xfs_iext_get_ext(ifp, *lastx), got);
2579 -+ xfs_bmap_add_extent_hole_delay(ip, whichfork, lastx, got);
2580 -
2581 - /*
2582 - * Tag the inode if blocks were preallocated. Note that COW fork
2583 -@@ -4353,10 +4369,6 @@ xfs_bmapi_reserve_delalloc(
2584 - if (whichfork == XFS_COW_FORK && (prealloc || aoff < off || alen > len))
2585 - xfs_inode_set_cowblocks_tag(ip);
2586 -
2587 -- ASSERT(got->br_startoff <= aoff);
2588 -- ASSERT(got->br_startoff + got->br_blockcount >= aoff + alen);
2589 -- ASSERT(isnullstartblock(got->br_startblock));
2590 -- ASSERT(got->br_state == XFS_EXT_NORM);
2591 - return 0;
2592 -
2593 - out_unreserve_blocks:
2594 -@@ -4461,10 +4473,16 @@ xfs_bmapi_allocate(
2595 - bma->got.br_state = XFS_EXT_NORM;
2596 -
2597 - /*
2598 -- * A wasdelay extent has been initialized, so shouldn't be flagged
2599 -- * as unwritten.
2600 -+ * In the data fork, a wasdelay extent has been initialized, so
2601 -+ * shouldn't be flagged as unwritten.
2602 -+ *
2603 -+ * For the cow fork, however, we convert delalloc reservations
2604 -+ * (extents allocated for speculative preallocation) to
2605 -+ * allocated unwritten extents, and only convert the unwritten
2606 -+ * extents to real extents when we're about to write the data.
2607 - */
2608 -- if (!bma->wasdel && (bma->flags & XFS_BMAPI_PREALLOC) &&
2609 -+ if ((!bma->wasdel || (bma->flags & XFS_BMAPI_COWFORK)) &&
2610 -+ (bma->flags & XFS_BMAPI_PREALLOC) &&
2611 - xfs_sb_version_hasextflgbit(&mp->m_sb))
2612 - bma->got.br_state = XFS_EXT_UNWRITTEN;
2613 -
2614 -@@ -4515,8 +4533,6 @@ xfs_bmapi_convert_unwritten(
2615 - (XFS_BMAPI_PREALLOC | XFS_BMAPI_CONVERT))
2616 - return 0;
2617 -
2618 -- ASSERT(whichfork != XFS_COW_FORK);
2619 --
2620 - /*
2621 - * Modify (by adding) the state flag, if writing.
2622 - */
2623 -@@ -4541,8 +4557,8 @@ xfs_bmapi_convert_unwritten(
2624 - return error;
2625 - }
2626 -
2627 -- error = xfs_bmap_add_extent_unwritten_real(bma->tp, bma->ip, &bma->idx,
2628 -- &bma->cur, mval, bma->firstblock, bma->dfops,
2629 -+ error = xfs_bmap_add_extent_unwritten_real(bma->tp, bma->ip, whichfork,
2630 -+ &bma->idx, &bma->cur, mval, bma->firstblock, bma->dfops,
2631 - &tmp_logflags);
2632 - /*
2633 - * Log the inode core unconditionally in the unwritten extent conversion
2634 -@@ -4551,8 +4567,12 @@ xfs_bmapi_convert_unwritten(
2635 - * in the transaction for the sake of fsync(), even if nothing has
2636 - * changed, because fsync() will not force the log for this transaction
2637 - * unless it sees the inode pinned.
2638 -+ *
2639 -+ * Note: If we're only converting cow fork extents, there aren't
2640 -+ * any on-disk updates to make, so we don't need to log anything.
2641 - */
2642 -- bma->logflags |= tmp_logflags | XFS_ILOG_CORE;
2643 -+ if (whichfork != XFS_COW_FORK)
2644 -+ bma->logflags |= tmp_logflags | XFS_ILOG_CORE;
2645 - if (error)
2646 - return error;
2647 -
2648 -@@ -4626,15 +4646,15 @@ xfs_bmapi_write(
2649 - ASSERT(*nmap >= 1);
2650 - ASSERT(*nmap <= XFS_BMAP_MAX_NMAP);
2651 - ASSERT(!(flags & XFS_BMAPI_IGSTATE));
2652 -- ASSERT(tp != NULL);
2653 -+ ASSERT(tp != NULL ||
2654 -+ (flags & (XFS_BMAPI_CONVERT | XFS_BMAPI_COWFORK)) ==
2655 -+ (XFS_BMAPI_CONVERT | XFS_BMAPI_COWFORK));
2656 - ASSERT(len > 0);
2657 - ASSERT(XFS_IFORK_FORMAT(ip, whichfork) != XFS_DINODE_FMT_LOCAL);
2658 - ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
2659 - ASSERT(!(flags & XFS_BMAPI_REMAP) || whichfork == XFS_DATA_FORK);
2660 - ASSERT(!(flags & XFS_BMAPI_PREALLOC) || !(flags & XFS_BMAPI_REMAP));
2661 - ASSERT(!(flags & XFS_BMAPI_CONVERT) || !(flags & XFS_BMAPI_REMAP));
2662 -- ASSERT(!(flags & XFS_BMAPI_PREALLOC) || whichfork != XFS_COW_FORK);
2663 -- ASSERT(!(flags & XFS_BMAPI_CONVERT) || whichfork != XFS_COW_FORK);
2664 -
2665 - /* zeroing is for currently only for data extents, not metadata */
2666 - ASSERT((flags & (XFS_BMAPI_METADATA | XFS_BMAPI_ZERO)) !=
2667 -@@ -4840,13 +4860,9 @@ xfs_bmapi_write(
2668 - if (bma.cur) {
2669 - if (!error) {
2670 - ASSERT(*firstblock == NULLFSBLOCK ||
2671 -- XFS_FSB_TO_AGNO(mp, *firstblock) ==
2672 -+ XFS_FSB_TO_AGNO(mp, *firstblock) <=
2673 - XFS_FSB_TO_AGNO(mp,
2674 -- bma.cur->bc_private.b.firstblock) ||
2675 -- (dfops->dop_low &&
2676 -- XFS_FSB_TO_AGNO(mp, *firstblock) <
2677 -- XFS_FSB_TO_AGNO(mp,
2678 -- bma.cur->bc_private.b.firstblock)));
2679 -+ bma.cur->bc_private.b.firstblock));
2680 - *firstblock = bma.cur->bc_private.b.firstblock;
2681 - }
2682 - xfs_btree_del_cursor(bma.cur,
2683 -@@ -4881,34 +4897,59 @@ xfs_bmap_split_indlen(
2684 - xfs_filblks_t len2 = *indlen2;
2685 - xfs_filblks_t nres = len1 + len2; /* new total res. */
2686 - xfs_filblks_t stolen = 0;
2687 -+ xfs_filblks_t resfactor;
2688 -
2689 - /*
2690 - * Steal as many blocks as we can to try and satisfy the worst case
2691 - * indlen for both new extents.
2692 - */
2693 -- while (nres > ores && avail) {
2694 -- nres--;
2695 -- avail--;
2696 -- stolen++;
2697 -- }
2698 -+ if (ores < nres && avail)
2699 -+ stolen = XFS_FILBLKS_MIN(nres - ores, avail);
2700 -+ ores += stolen;
2701 -+
2702 -+ /* nothing else to do if we've satisfied the new reservation */
2703 -+ if (ores >= nres)
2704 -+ return stolen;
2705 -+
2706 -+ /*
2707 -+ * We can't meet the total required reservation for the two extents.
2708 -+ * Calculate the percent of the overall shortage between both extents
2709 -+ * and apply this percentage to each of the requested indlen values.
2710 -+ * This distributes the shortage fairly and reduces the chances that one
2711 -+ * of the two extents is left with nothing when extents are repeatedly
2712 -+ * split.
2713 -+ */
2714 -+ resfactor = (ores * 100);
2715 -+ do_div(resfactor, nres);
2716 -+ len1 *= resfactor;
2717 -+ do_div(len1, 100);
2718 -+ len2 *= resfactor;
2719 -+ do_div(len2, 100);
2720 -+ ASSERT(len1 + len2 <= ores);
2721 -+ ASSERT(len1 < *indlen1 && len2 < *indlen2);
2722 -
2723 - /*
2724 -- * The only blocks available are those reserved for the original
2725 -- * extent and what we can steal from the extent being removed.
2726 -- * If this still isn't enough to satisfy the combined
2727 -- * requirements for the two new extents, skim blocks off of each
2728 -- * of the new reservations until they match what is available.
2729 -+ * Hand out the remainder to each extent. If one of the two reservations
2730 -+ * is zero, we want to make sure that one gets a block first. The loop
2731 -+ * below starts with len1, so hand len2 a block right off the bat if it
2732 -+ * is zero.
2733 - */
2734 -- while (nres > ores) {
2735 -- if (len1) {
2736 -- len1--;
2737 -- nres--;
2738 -+ ores -= (len1 + len2);
2739 -+ ASSERT((*indlen1 - len1) + (*indlen2 - len2) >= ores);
2740 -+ if (ores && !len2 && *indlen2) {
2741 -+ len2++;
2742 -+ ores--;
2743 -+ }
2744 -+ while (ores) {
2745 -+ if (len1 < *indlen1) {
2746 -+ len1++;
2747 -+ ores--;
2748 - }
2749 -- if (nres == ores)
2750 -+ if (!ores)
2751 - break;
2752 -- if (len2) {
2753 -- len2--;
2754 -- nres--;
2755 -+ if (len2 < *indlen2) {
2756 -+ len2++;
2757 -+ ores--;
2758 - }
2759 - }
2760 -
2761 -@@ -5656,8 +5697,8 @@ __xfs_bunmapi(
2762 - }
2763 - del.br_state = XFS_EXT_UNWRITTEN;
2764 - error = xfs_bmap_add_extent_unwritten_real(tp, ip,
2765 -- &lastx, &cur, &del, firstblock, dfops,
2766 -- &logflags);
2767 -+ whichfork, &lastx, &cur, &del,
2768 -+ firstblock, dfops, &logflags);
2769 - if (error)
2770 - goto error0;
2771 - goto nodelete;
2772 -@@ -5714,8 +5755,9 @@ __xfs_bunmapi(
2773 - prev.br_state = XFS_EXT_UNWRITTEN;
2774 - lastx--;
2775 - error = xfs_bmap_add_extent_unwritten_real(tp,
2776 -- ip, &lastx, &cur, &prev,
2777 -- firstblock, dfops, &logflags);
2778 -+ ip, whichfork, &lastx, &cur,
2779 -+ &prev, firstblock, dfops,
2780 -+ &logflags);
2781 - if (error)
2782 - goto error0;
2783 - goto nodelete;
2784 -@@ -5723,8 +5765,9 @@ __xfs_bunmapi(
2785 - ASSERT(del.br_state == XFS_EXT_NORM);
2786 - del.br_state = XFS_EXT_UNWRITTEN;
2787 - error = xfs_bmap_add_extent_unwritten_real(tp,
2788 -- ip, &lastx, &cur, &del,
2789 -- firstblock, dfops, &logflags);
2790 -+ ip, whichfork, &lastx, &cur,
2791 -+ &del, firstblock, dfops,
2792 -+ &logflags);
2793 - if (error)
2794 - goto error0;
2795 - goto nodelete;
2796 -diff --git a/fs/xfs/libxfs/xfs_bmap_btree.c b/fs/xfs/libxfs/xfs_bmap_btree.c
2797 -index f76c169..5c39186 100644
2798 ---- a/fs/xfs/libxfs/xfs_bmap_btree.c
2799 -+++ b/fs/xfs/libxfs/xfs_bmap_btree.c
2800 -@@ -453,8 +453,8 @@ xfs_bmbt_alloc_block(
2801 -
2802 - if (args.fsbno == NULLFSBLOCK) {
2803 - args.fsbno = be64_to_cpu(start->l);
2804 --try_another_ag:
2805 - args.type = XFS_ALLOCTYPE_START_BNO;
2806 -+try_another_ag:
2807 - /*
2808 - * Make sure there is sufficient room left in the AG to
2809 - * complete a full tree split for an extent insert. If
2810 -@@ -494,8 +494,8 @@ xfs_bmbt_alloc_block(
2811 - if (xfs_sb_version_hasreflink(&cur->bc_mp->m_sb) &&
2812 - args.fsbno == NULLFSBLOCK &&
2813 - args.type == XFS_ALLOCTYPE_NEAR_BNO) {
2814 -- cur->bc_private.b.dfops->dop_low = true;
2815 - args.fsbno = cur->bc_private.b.firstblock;
2816 -+ args.type = XFS_ALLOCTYPE_FIRST_AG;
2817 - goto try_another_ag;
2818 - }
2819 -
2820 -@@ -512,7 +512,7 @@ xfs_bmbt_alloc_block(
2821 - goto error0;
2822 - cur->bc_private.b.dfops->dop_low = true;
2823 - }
2824 -- if (args.fsbno == NULLFSBLOCK) {
2825 -+ if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) {
2826 - XFS_BTREE_TRACE_CURSOR(cur, XBT_EXIT);
2827 - *stat = 0;
2828 - return 0;
2829 -diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
2830 -index 21e6a6a..2849d3f 100644
2831 ---- a/fs/xfs/libxfs/xfs_btree.c
2832 -+++ b/fs/xfs/libxfs/xfs_btree.c
2833 -@@ -810,7 +810,8 @@ xfs_btree_read_bufl(
2834 - xfs_daddr_t d; /* real disk block address */
2835 - int error;
2836 -
2837 -- ASSERT(fsbno != NULLFSBLOCK);
2838 -+ if (!XFS_FSB_SANITY_CHECK(mp, fsbno))
2839 -+ return -EFSCORRUPTED;
2840 - d = XFS_FSB_TO_DADDR(mp, fsbno);
2841 - error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, d,
2842 - mp->m_bsize, lock, &bp, ops);
2843 -diff --git a/fs/xfs/libxfs/xfs_btree.h b/fs/xfs/libxfs/xfs_btree.h
2844 -index c2b01d1..3b0fc1a 100644
2845 ---- a/fs/xfs/libxfs/xfs_btree.h
2846 -+++ b/fs/xfs/libxfs/xfs_btree.h
2847 -@@ -491,7 +491,7 @@ static inline int xfs_btree_get_level(struct xfs_btree_block *block)
2848 - #define XFS_FILBLKS_MAX(a,b) max_t(xfs_filblks_t, (a), (b))
2849 -
2850 - #define XFS_FSB_SANITY_CHECK(mp,fsb) \
2851 -- (XFS_FSB_TO_AGNO(mp, fsb) < mp->m_sb.sb_agcount && \
2852 -+ (fsb && XFS_FSB_TO_AGNO(mp, fsb) < mp->m_sb.sb_agcount && \
2853 - XFS_FSB_TO_AGBNO(mp, fsb) < mp->m_sb.sb_agblocks)
2854 -
2855 - /*
2856 -diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
2857 -index f2dc1a9..1bdf288 100644
2858 ---- a/fs/xfs/libxfs/xfs_da_btree.c
2859 -+++ b/fs/xfs/libxfs/xfs_da_btree.c
2860 -@@ -2633,7 +2633,7 @@ xfs_da_read_buf(
2861 - /*
2862 - * Readahead the dir/attr block.
2863 - */
2864 --xfs_daddr_t
2865 -+int
2866 - xfs_da_reada_buf(
2867 - struct xfs_inode *dp,
2868 - xfs_dablk_t bno,
2869 -@@ -2664,7 +2664,5 @@ xfs_da_reada_buf(
2870 - if (mapp != &map)
2871 - kmem_free(mapp);
2872 -
2873 -- if (error)
2874 -- return -1;
2875 -- return mappedbno;
2876 -+ return error;
2877 - }
2878 -diff --git a/fs/xfs/libxfs/xfs_da_btree.h b/fs/xfs/libxfs/xfs_da_btree.h
2879 -index 98c75cb..4e29cb6 100644
2880 ---- a/fs/xfs/libxfs/xfs_da_btree.h
2881 -+++ b/fs/xfs/libxfs/xfs_da_btree.h
2882 -@@ -201,7 +201,7 @@ int xfs_da_read_buf(struct xfs_trans *trans, struct xfs_inode *dp,
2883 - xfs_dablk_t bno, xfs_daddr_t mappedbno,
2884 - struct xfs_buf **bpp, int whichfork,
2885 - const struct xfs_buf_ops *ops);
2886 --xfs_daddr_t xfs_da_reada_buf(struct xfs_inode *dp, xfs_dablk_t bno,
2887 -+int xfs_da_reada_buf(struct xfs_inode *dp, xfs_dablk_t bno,
2888 - xfs_daddr_t mapped_bno, int whichfork,
2889 - const struct xfs_buf_ops *ops);
2890 - int xfs_da_shrink_inode(xfs_da_args_t *args, xfs_dablk_t dead_blkno,
2891 -diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c
2892 -index 75a5574..bbd1238 100644
2893 ---- a/fs/xfs/libxfs/xfs_dir2_node.c
2894 -+++ b/fs/xfs/libxfs/xfs_dir2_node.c
2895 -@@ -155,6 +155,42 @@ const struct xfs_buf_ops xfs_dir3_free_buf_ops = {
2896 - .verify_write = xfs_dir3_free_write_verify,
2897 - };
2898 -
2899 -+/* Everything ok in the free block header? */
2900 -+static bool
2901 -+xfs_dir3_free_header_check(
2902 -+ struct xfs_inode *dp,
2903 -+ xfs_dablk_t fbno,
2904 -+ struct xfs_buf *bp)
2905 -+{
2906 -+ struct xfs_mount *mp = dp->i_mount;
2907 -+ unsigned int firstdb;
2908 -+ int maxbests;
2909 -+
2910 -+ maxbests = dp->d_ops->free_max_bests(mp->m_dir_geo);
2911 -+ firstdb = (xfs_dir2_da_to_db(mp->m_dir_geo, fbno) -
2912 -+ xfs_dir2_byte_to_db(mp->m_dir_geo, XFS_DIR2_FREE_OFFSET)) *
2913 -+ maxbests;
2914 -+ if (xfs_sb_version_hascrc(&mp->m_sb)) {
2915 -+ struct xfs_dir3_free_hdr *hdr3 = bp->b_addr;
2916 -+
2917 -+ if (be32_to_cpu(hdr3->firstdb) != firstdb)
2918 -+ return false;
2919 -+ if (be32_to_cpu(hdr3->nvalid) > maxbests)
2920 -+ return false;
2921 -+ if (be32_to_cpu(hdr3->nvalid) < be32_to_cpu(hdr3->nused))
2922 -+ return false;
2923 -+ } else {
2924 -+ struct xfs_dir2_free_hdr *hdr = bp->b_addr;
2925 -+
2926 -+ if (be32_to_cpu(hdr->firstdb) != firstdb)
2927 -+ return false;
2928 -+ if (be32_to_cpu(hdr->nvalid) > maxbests)
2929 -+ return false;
2930 -+ if (be32_to_cpu(hdr->nvalid) < be32_to_cpu(hdr->nused))
2931 -+ return false;
2932 -+ }
2933 -+ return true;
2934 -+}
2935 -
2936 - static int
2937 - __xfs_dir3_free_read(
2938 -@@ -168,11 +204,22 @@ __xfs_dir3_free_read(
2939 -
2940 - err = xfs_da_read_buf(tp, dp, fbno, mappedbno, bpp,
2941 - XFS_DATA_FORK, &xfs_dir3_free_buf_ops);
2942 -+ if (err || !*bpp)
2943 -+ return err;
2944 -+
2945 -+ /* Check things that we can't do in the verifier. */
2946 -+ if (!xfs_dir3_free_header_check(dp, fbno, *bpp)) {
2947 -+ xfs_buf_ioerror(*bpp, -EFSCORRUPTED);
2948 -+ xfs_verifier_error(*bpp);
2949 -+ xfs_trans_brelse(tp, *bpp);
2950 -+ return -EFSCORRUPTED;
2951 -+ }
2952 -
2953 - /* try read returns without an error or *bpp if it lands in a hole */
2954 -- if (!err && tp && *bpp)
2955 -+ if (tp)
2956 - xfs_trans_buf_set_type(tp, *bpp, XFS_BLFT_DIR_FREE_BUF);
2957 -- return err;
2958 -+
2959 -+ return 0;
2960 - }
2961 -
2962 - int
2963 -diff --git a/fs/xfs/libxfs/xfs_ialloc.c b/fs/xfs/libxfs/xfs_ialloc.c
2964 -index d45c037..a2818f6 100644
2965 ---- a/fs/xfs/libxfs/xfs_ialloc.c
2966 -+++ b/fs/xfs/libxfs/xfs_ialloc.c
2967 -@@ -51,8 +51,7 @@ xfs_ialloc_cluster_alignment(
2968 - struct xfs_mount *mp)
2969 - {
2970 - if (xfs_sb_version_hasalign(&mp->m_sb) &&
2971 -- mp->m_sb.sb_inoalignmt >=
2972 -- XFS_B_TO_FSBT(mp, mp->m_inode_cluster_size))
2973 -+ mp->m_sb.sb_inoalignmt >= xfs_icluster_size_fsb(mp))
2974 - return mp->m_sb.sb_inoalignmt;
2975 - return 1;
2976 - }
2977 -diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c
2978 -index 6c6b959..b9c351f 100644
2979 ---- a/fs/xfs/libxfs/xfs_ialloc_btree.c
2980 -+++ b/fs/xfs/libxfs/xfs_ialloc_btree.c
2981 -@@ -82,11 +82,12 @@ xfs_finobt_set_root(
2982 - }
2983 -
2984 - STATIC int
2985 --xfs_inobt_alloc_block(
2986 -+__xfs_inobt_alloc_block(
2987 - struct xfs_btree_cur *cur,
2988 - union xfs_btree_ptr *start,
2989 - union xfs_btree_ptr *new,
2990 -- int *stat)
2991 -+ int *stat,
2992 -+ enum xfs_ag_resv_type resv)
2993 - {
2994 - xfs_alloc_arg_t args; /* block allocation args */
2995 - int error; /* error return value */
2996 -@@ -103,6 +104,7 @@ xfs_inobt_alloc_block(
2997 - args.maxlen = 1;
2998 - args.prod = 1;
2999 - args.type = XFS_ALLOCTYPE_NEAR_BNO;
3000 -+ args.resv = resv;
3001 -
3002 - error = xfs_alloc_vextent(&args);
3003 - if (error) {
3004 -@@ -123,6 +125,27 @@ xfs_inobt_alloc_block(
3005 - }
3006 -
3007 - STATIC int
3008 -+xfs_inobt_alloc_block(
3009 -+ struct xfs_btree_cur *cur,
3010 -+ union xfs_btree_ptr *start,
3011 -+ union xfs_btree_ptr *new,
3012 -+ int *stat)
3013 -+{
3014 -+ return __xfs_inobt_alloc_block(cur, start, new, stat, XFS_AG_RESV_NONE);
3015 -+}
3016 -+
3017 -+STATIC int
3018 -+xfs_finobt_alloc_block(
3019 -+ struct xfs_btree_cur *cur,
3020 -+ union xfs_btree_ptr *start,
3021 -+ union xfs_btree_ptr *new,
3022 -+ int *stat)
3023 -+{
3024 -+ return __xfs_inobt_alloc_block(cur, start, new, stat,
3025 -+ XFS_AG_RESV_METADATA);
3026 -+}
3027 -+
3028 -+STATIC int
3029 - xfs_inobt_free_block(
3030 - struct xfs_btree_cur *cur,
3031 - struct xfs_buf *bp)
3032 -@@ -328,7 +351,7 @@ static const struct xfs_btree_ops xfs_finobt_ops = {
3033 -
3034 - .dup_cursor = xfs_inobt_dup_cursor,
3035 - .set_root = xfs_finobt_set_root,
3036 -- .alloc_block = xfs_inobt_alloc_block,
3037 -+ .alloc_block = xfs_finobt_alloc_block,
3038 - .free_block = xfs_inobt_free_block,
3039 - .get_minrecs = xfs_inobt_get_minrecs,
3040 - .get_maxrecs = xfs_inobt_get_maxrecs,
3041 -@@ -478,3 +501,64 @@ xfs_inobt_rec_check_count(
3042 - return 0;
3043 - }
3044 - #endif /* DEBUG */
3045 -+
3046 -+static xfs_extlen_t
3047 -+xfs_inobt_max_size(
3048 -+ struct xfs_mount *mp)
3049 -+{
3050 -+ /* Bail out if we're uninitialized, which can happen in mkfs. */
3051 -+ if (mp->m_inobt_mxr[0] == 0)
3052 -+ return 0;
3053 -+
3054 -+ return xfs_btree_calc_size(mp, mp->m_inobt_mnr,
3055 -+ (uint64_t)mp->m_sb.sb_agblocks * mp->m_sb.sb_inopblock /
3056 -+ XFS_INODES_PER_CHUNK);
3057 -+}
3058 -+
3059 -+static int
3060 -+xfs_inobt_count_blocks(
3061 -+ struct xfs_mount *mp,
3062 -+ xfs_agnumber_t agno,
3063 -+ xfs_btnum_t btnum,
3064 -+ xfs_extlen_t *tree_blocks)
3065 -+{
3066 -+ struct xfs_buf *agbp;
3067 -+ struct xfs_btree_cur *cur;
3068 -+ int error;
3069 -+
3070 -+ error = xfs_ialloc_read_agi(mp, NULL, agno, &agbp);
3071 -+ if (error)
3072 -+ return error;
3073 -+
3074 -+ cur = xfs_inobt_init_cursor(mp, NULL, agbp, agno, btnum);
3075 -+ error = xfs_btree_count_blocks(cur, tree_blocks);
3076 -+ xfs_btree_del_cursor(cur, error ? XFS_BTREE_ERROR : XFS_BTREE_NOERROR);
3077 -+ xfs_buf_relse(agbp);
3078 -+
3079 -+ return error;
3080 -+}
3081 -+
3082 -+/*
3083 -+ * Figure out how many blocks to reserve and how many are used by this btree.
3084 -+ */
3085 -+int
3086 -+xfs_finobt_calc_reserves(
3087 -+ struct xfs_mount *mp,
3088 -+ xfs_agnumber_t agno,
3089 -+ xfs_extlen_t *ask,
3090 -+ xfs_extlen_t *used)
3091 -+{
3092 -+ xfs_extlen_t tree_len = 0;
3093 -+ int error;
3094 -+
3095 -+ if (!xfs_sb_version_hasfinobt(&mp->m_sb))
3096 -+ return 0;
3097 -+
3098 -+ error = xfs_inobt_count_blocks(mp, agno, XFS_BTNUM_FINO, &tree_len);
3099 -+ if (error)
3100 -+ return error;
3101 -+
3102 -+ *ask += xfs_inobt_max_size(mp);
3103 -+ *used += tree_len;
3104 -+ return 0;
3105 -+}
3106 -diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.h b/fs/xfs/libxfs/xfs_ialloc_btree.h
3107 -index bd88453..aa81e2e 100644
3108 ---- a/fs/xfs/libxfs/xfs_ialloc_btree.h
3109 -+++ b/fs/xfs/libxfs/xfs_ialloc_btree.h
3110 -@@ -72,4 +72,7 @@ int xfs_inobt_rec_check_count(struct xfs_mount *,
3111 - #define xfs_inobt_rec_check_count(mp, rec) 0
3112 - #endif /* DEBUG */
3113 -
3114 -+int xfs_finobt_calc_reserves(struct xfs_mount *mp, xfs_agnumber_t agno,
3115 -+ xfs_extlen_t *ask, xfs_extlen_t *used);
3116 -+
3117 - #endif /* __XFS_IALLOC_BTREE_H__ */
3118 -diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c
3119 -index 222e103..25c1e07 100644
3120 ---- a/fs/xfs/libxfs/xfs_inode_fork.c
3121 -+++ b/fs/xfs/libxfs/xfs_inode_fork.c
3122 -@@ -26,6 +26,7 @@
3123 - #include "xfs_inode.h"
3124 - #include "xfs_trans.h"
3125 - #include "xfs_inode_item.h"
3126 -+#include "xfs_btree.h"
3127 - #include "xfs_bmap_btree.h"
3128 - #include "xfs_bmap.h"
3129 - #include "xfs_error.h"
3130 -@@ -429,11 +430,13 @@ xfs_iformat_btree(
3131 - /* REFERENCED */
3132 - int nrecs;
3133 - int size;
3134 -+ int level;
3135 -
3136 - ifp = XFS_IFORK_PTR(ip, whichfork);
3137 - dfp = (xfs_bmdr_block_t *)XFS_DFORK_PTR(dip, whichfork);
3138 - size = XFS_BMAP_BROOT_SPACE(mp, dfp);
3139 - nrecs = be16_to_cpu(dfp->bb_numrecs);
3140 -+ level = be16_to_cpu(dfp->bb_level);
3141 -
3142 - /*
3143 - * blow out if -- fork has less extents than can fit in
3144 -@@ -446,7 +449,8 @@ xfs_iformat_btree(
3145 - XFS_IFORK_MAXEXT(ip, whichfork) ||
3146 - XFS_BMDR_SPACE_CALC(nrecs) >
3147 - XFS_DFORK_SIZE(dip, mp, whichfork) ||
3148 -- XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks)) {
3149 -+ XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks) ||
3150 -+ level == 0 || level > XFS_BTREE_MAXLEVELS) {
3151 - xfs_warn(mp, "corrupt inode %Lu (btree).",
3152 - (unsigned long long) ip->i_ino);
3153 - XFS_CORRUPTION_ERROR("xfs_iformat_btree", XFS_ERRLEVEL_LOW,
3154 -@@ -497,15 +501,14 @@ xfs_iread_extents(
3155 - * We know that the size is valid (it's checked in iformat_btree)
3156 - */
3157 - ifp->if_bytes = ifp->if_real_bytes = 0;
3158 -- ifp->if_flags |= XFS_IFEXTENTS;
3159 - xfs_iext_add(ifp, 0, nextents);
3160 - error = xfs_bmap_read_extents(tp, ip, whichfork);
3161 - if (error) {
3162 - xfs_iext_destroy(ifp);
3163 -- ifp->if_flags &= ~XFS_IFEXTENTS;
3164 - return error;
3165 - }
3166 - xfs_validate_extents(ifp, nextents, XFS_EXTFMT_INODE(ip));
3167 -+ ifp->if_flags |= XFS_IFEXTENTS;
3168 - return 0;
3169 - }
3170 - /*
3171 -diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
3172 -index 06763f5..0457abe 100644
3173 ---- a/fs/xfs/xfs_aops.c
3174 -+++ b/fs/xfs/xfs_aops.c
3175 -@@ -279,54 +279,49 @@ xfs_end_io(
3176 - struct xfs_ioend *ioend =
3177 - container_of(work, struct xfs_ioend, io_work);
3178 - struct xfs_inode *ip = XFS_I(ioend->io_inode);
3179 -+ xfs_off_t offset = ioend->io_offset;
3180 -+ size_t size = ioend->io_size;
3181 - int error = ioend->io_bio->bi_error;
3182 -
3183 - /*
3184 -- * Set an error if the mount has shut down and proceed with end I/O
3185 -- * processing so it can perform whatever cleanups are necessary.
3186 -+ * Just clean up the in-memory strutures if the fs has been shut down.
3187 - */
3188 -- if (XFS_FORCED_SHUTDOWN(ip->i_mount))
3189 -+ if (XFS_FORCED_SHUTDOWN(ip->i_mount)) {
3190 - error = -EIO;
3191 -+ goto done;
3192 -+ }
3193 -
3194 - /*
3195 -- * For a CoW extent, we need to move the mapping from the CoW fork
3196 -- * to the data fork. If instead an error happened, just dump the
3197 -- * new blocks.
3198 -+ * Clean up any COW blocks on an I/O error.
3199 - */
3200 -- if (ioend->io_type == XFS_IO_COW) {
3201 -- if (error)
3202 -- goto done;
3203 -- if (ioend->io_bio->bi_error) {
3204 -- error = xfs_reflink_cancel_cow_range(ip,
3205 -- ioend->io_offset, ioend->io_size);
3206 -- goto done;
3207 -+ if (unlikely(error)) {
3208 -+ switch (ioend->io_type) {
3209 -+ case XFS_IO_COW:
3210 -+ xfs_reflink_cancel_cow_range(ip, offset, size, true);
3211 -+ break;
3212 - }
3213 -- error = xfs_reflink_end_cow(ip, ioend->io_offset,
3214 -- ioend->io_size);
3215 -- if (error)
3216 -- goto done;
3217 -+
3218 -+ goto done;
3219 - }
3220 -
3221 - /*
3222 -- * For unwritten extents we need to issue transactions to convert a
3223 -- * range to normal written extens after the data I/O has finished.
3224 -- * Detecting and handling completion IO errors is done individually
3225 -- * for each case as different cleanup operations need to be performed
3226 -- * on error.
3227 -+ * Success: commit the COW or unwritten blocks if needed.
3228 - */
3229 -- if (ioend->io_type == XFS_IO_UNWRITTEN) {
3230 -- if (error)
3231 -- goto done;
3232 -- error = xfs_iomap_write_unwritten(ip, ioend->io_offset,
3233 -- ioend->io_size);
3234 -- } else if (ioend->io_append_trans) {
3235 -- error = xfs_setfilesize_ioend(ioend, error);
3236 -- } else {
3237 -- ASSERT(!xfs_ioend_is_append(ioend) ||
3238 -- ioend->io_type == XFS_IO_COW);
3239 -+ switch (ioend->io_type) {
3240 -+ case XFS_IO_COW:
3241 -+ error = xfs_reflink_end_cow(ip, offset, size);
3242 -+ break;
3243 -+ case XFS_IO_UNWRITTEN:
3244 -+ error = xfs_iomap_write_unwritten(ip, offset, size);
3245 -+ break;
3246 -+ default:
3247 -+ ASSERT(!xfs_ioend_is_append(ioend) || ioend->io_append_trans);
3248 -+ break;
3249 - }
3250 -
3251 - done:
3252 -+ if (ioend->io_append_trans)
3253 -+ error = xfs_setfilesize_ioend(ioend, error);
3254 - xfs_destroy_ioend(ioend, error);
3255 - }
3256 -
3257 -@@ -486,6 +481,12 @@ xfs_submit_ioend(
3258 - struct xfs_ioend *ioend,
3259 - int status)
3260 - {
3261 -+ /* Convert CoW extents to regular */
3262 -+ if (!status && ioend->io_type == XFS_IO_COW) {
3263 -+ status = xfs_reflink_convert_cow(XFS_I(ioend->io_inode),
3264 -+ ioend->io_offset, ioend->io_size);
3265 -+ }
3266 -+
3267 - /* Reserve log space if we might write beyond the on-disk inode size. */
3268 - if (!status &&
3269 - ioend->io_type != XFS_IO_UNWRITTEN &&
3270 -@@ -1257,44 +1258,6 @@ xfs_map_trim_size(
3271 - bh_result->b_size = mapping_size;
3272 - }
3273 -
3274 --/* Bounce unaligned directio writes to the page cache. */
3275 --static int
3276 --xfs_bounce_unaligned_dio_write(
3277 -- struct xfs_inode *ip,
3278 -- xfs_fileoff_t offset_fsb,
3279 -- struct xfs_bmbt_irec *imap)
3280 --{
3281 -- struct xfs_bmbt_irec irec;
3282 -- xfs_fileoff_t delta;
3283 -- bool shared;
3284 -- bool x;
3285 -- int error;
3286 --
3287 -- irec = *imap;
3288 -- if (offset_fsb > irec.br_startoff) {
3289 -- delta = offset_fsb - irec.br_startoff;
3290 -- irec.br_blockcount -= delta;
3291 -- irec.br_startblock += delta;
3292 -- irec.br_startoff = offset_fsb;
3293 -- }
3294 -- error = xfs_reflink_trim_around_shared(ip, &irec, &shared, &x);
3295 -- if (error)
3296 -- return error;
3297 --
3298 -- /*
3299 -- * We're here because we're trying to do a directio write to a
3300 -- * region that isn't aligned to a filesystem block. If any part
3301 -- * of the extent is shared, fall back to buffered mode to handle
3302 -- * the RMW. This is done by returning -EREMCHG ("remote addr
3303 -- * changed"), which is caught further up the call stack.
3304 -- */
3305 -- if (shared) {
3306 -- trace_xfs_reflink_bounce_dio_write(ip, imap);
3307 -- return -EREMCHG;
3308 -- }
3309 -- return 0;
3310 --}
3311 --
3312 - STATIC int
3313 - __xfs_get_blocks(
3314 - struct inode *inode,
3315 -@@ -1432,13 +1395,6 @@ __xfs_get_blocks(
3316 - if (imap.br_startblock != HOLESTARTBLOCK &&
3317 - imap.br_startblock != DELAYSTARTBLOCK &&
3318 - (create || !ISUNWRITTEN(&imap))) {
3319 -- if (create && direct && !is_cow) {
3320 -- error = xfs_bounce_unaligned_dio_write(ip, offset_fsb,
3321 -- &imap);
3322 -- if (error)
3323 -- return error;
3324 -- }
3325 --
3326 - xfs_map_buffer(inode, bh_result, &imap, offset);
3327 - if (ISUNWRITTEN(&imap))
3328 - set_buffer_unwritten(bh_result);
3329 -diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c
3330 -index efb8ccd..5c395e4 100644
3331 ---- a/fs/xfs/xfs_bmap_util.c
3332 -+++ b/fs/xfs/xfs_bmap_util.c
3333 -@@ -917,17 +917,18 @@ xfs_can_free_eofblocks(struct xfs_inode *ip, bool force)
3334 - */
3335 - int
3336 - xfs_free_eofblocks(
3337 -- xfs_mount_t *mp,
3338 -- xfs_inode_t *ip,
3339 -- bool need_iolock)
3340 -+ struct xfs_inode *ip)
3341 - {
3342 -- xfs_trans_t *tp;
3343 -- int error;
3344 -- xfs_fileoff_t end_fsb;
3345 -- xfs_fileoff_t last_fsb;
3346 -- xfs_filblks_t map_len;
3347 -- int nimaps;
3348 -- xfs_bmbt_irec_t imap;
3349 -+ struct xfs_trans *tp;
3350 -+ int error;
3351 -+ xfs_fileoff_t end_fsb;
3352 -+ xfs_fileoff_t last_fsb;
3353 -+ xfs_filblks_t map_len;
3354 -+ int nimaps;
3355 -+ struct xfs_bmbt_irec imap;
3356 -+ struct xfs_mount *mp = ip->i_mount;
3357 -+
3358 -+ ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
3359 -
3360 - /*
3361 - * Figure out if there are any blocks beyond the end
3362 -@@ -944,6 +945,10 @@ xfs_free_eofblocks(
3363 - error = xfs_bmapi_read(ip, end_fsb, map_len, &imap, &nimaps, 0);
3364 - xfs_iunlock(ip, XFS_ILOCK_SHARED);
3365 -
3366 -+ /*
3367 -+ * If there are blocks after the end of file, truncate the file to its
3368 -+ * current size to free them up.
3369 -+ */
3370 - if (!error && (nimaps != 0) &&
3371 - (imap.br_startblock != HOLESTARTBLOCK ||
3372 - ip->i_delayed_blks)) {
3373 -@@ -954,22 +959,13 @@ xfs_free_eofblocks(
3374 - if (error)
3375 - return error;
3376 -
3377 -- /*
3378 -- * There are blocks after the end of file.
3379 -- * Free them up now by truncating the file to
3380 -- * its current size.
3381 -- */
3382 -- if (need_iolock) {
3383 -- if (!xfs_ilock_nowait(ip, XFS_IOLOCK_EXCL))
3384 -- return -EAGAIN;
3385 -- }
3386 -+ /* wait on dio to ensure i_size has settled */
3387 -+ inode_dio_wait(VFS_I(ip));
3388 -
3389 - error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0,
3390 - &tp);
3391 - if (error) {
3392 - ASSERT(XFS_FORCED_SHUTDOWN(mp));
3393 -- if (need_iolock)
3394 -- xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3395 - return error;
3396 - }
3397 -
3398 -@@ -997,8 +993,6 @@ xfs_free_eofblocks(
3399 - }
3400 -
3401 - xfs_iunlock(ip, XFS_ILOCK_EXCL);
3402 -- if (need_iolock)
3403 -- xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3404 - }
3405 - return error;
3406 - }
3407 -@@ -1393,10 +1387,16 @@ xfs_shift_file_space(
3408 - xfs_fileoff_t stop_fsb;
3409 - xfs_fileoff_t next_fsb;
3410 - xfs_fileoff_t shift_fsb;
3411 -+ uint resblks;
3412 -
3413 - ASSERT(direction == SHIFT_LEFT || direction == SHIFT_RIGHT);
3414 -
3415 - if (direction == SHIFT_LEFT) {
3416 -+ /*
3417 -+ * Reserve blocks to cover potential extent merges after left
3418 -+ * shift operations.
3419 -+ */
3420 -+ resblks = XFS_DIOSTRAT_SPACE_RES(mp, 0);
3421 - next_fsb = XFS_B_TO_FSB(mp, offset + len);
3422 - stop_fsb = XFS_B_TO_FSB(mp, VFS_I(ip)->i_size);
3423 - } else {
3424 -@@ -1404,6 +1404,7 @@ xfs_shift_file_space(
3425 - * If right shift, delegate the work of initialization of
3426 - * next_fsb to xfs_bmap_shift_extent as it has ilock held.
3427 - */
3428 -+ resblks = 0;
3429 - next_fsb = NULLFSBLOCK;
3430 - stop_fsb = XFS_B_TO_FSB(mp, offset);
3431 - }
3432 -@@ -1415,7 +1416,7 @@ xfs_shift_file_space(
3433 - * into the accessible region of the file.
3434 - */
3435 - if (xfs_can_free_eofblocks(ip, true)) {
3436 -- error = xfs_free_eofblocks(mp, ip, false);
3437 -+ error = xfs_free_eofblocks(ip);
3438 - if (error)
3439 - return error;
3440 - }
3441 -@@ -1445,21 +1446,14 @@ xfs_shift_file_space(
3442 - }
3443 -
3444 - while (!error && !done) {
3445 -- /*
3446 -- * We would need to reserve permanent block for transaction.
3447 -- * This will come into picture when after shifting extent into
3448 -- * hole we found that adjacent extents can be merged which
3449 -- * may lead to freeing of a block during record update.
3450 -- */
3451 -- error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write,
3452 -- XFS_DIOSTRAT_SPACE_RES(mp, 0), 0, 0, &tp);
3453 -+ error = xfs_trans_alloc(mp, &M_RES(mp)->tr_write, resblks, 0, 0,
3454 -+ &tp);
3455 - if (error)
3456 - break;
3457 -
3458 - xfs_ilock(ip, XFS_ILOCK_EXCL);
3459 - error = xfs_trans_reserve_quota(tp, mp, ip->i_udquot,
3460 -- ip->i_gdquot, ip->i_pdquot,
3461 -- XFS_DIOSTRAT_SPACE_RES(mp, 0), 0,
3462 -+ ip->i_gdquot, ip->i_pdquot, resblks, 0,
3463 - XFS_QMOPT_RES_REGBLKS);
3464 - if (error)
3465 - goto out_trans_cancel;
3466 -diff --git a/fs/xfs/xfs_bmap_util.h b/fs/xfs/xfs_bmap_util.h
3467 -index 68a621a..f100539 100644
3468 ---- a/fs/xfs/xfs_bmap_util.h
3469 -+++ b/fs/xfs/xfs_bmap_util.h
3470 -@@ -63,8 +63,7 @@ int xfs_insert_file_space(struct xfs_inode *, xfs_off_t offset,
3471 -
3472 - /* EOF block manipulation functions */
3473 - bool xfs_can_free_eofblocks(struct xfs_inode *ip, bool force);
3474 --int xfs_free_eofblocks(struct xfs_mount *mp, struct xfs_inode *ip,
3475 -- bool need_iolock);
3476 -+int xfs_free_eofblocks(struct xfs_inode *ip);
3477 -
3478 - int xfs_swap_extents(struct xfs_inode *ip, struct xfs_inode *tip,
3479 - struct xfs_swapext *sx);
3480 -diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c
3481 -index 2975cb2..0306168 100644
3482 ---- a/fs/xfs/xfs_buf_item.c
3483 -+++ b/fs/xfs/xfs_buf_item.c
3484 -@@ -1162,6 +1162,7 @@ xfs_buf_iodone_callbacks(
3485 - */
3486 - bp->b_last_error = 0;
3487 - bp->b_retries = 0;
3488 -+ bp->b_first_retry_time = 0;
3489 -
3490 - xfs_buf_do_callbacks(bp);
3491 - bp->b_fspriv = NULL;
3492 -diff --git a/fs/xfs/xfs_extent_busy.c b/fs/xfs/xfs_extent_busy.c
3493 -index 162dc18..29c2f99 100644
3494 ---- a/fs/xfs/xfs_extent_busy.c
3495 -+++ b/fs/xfs/xfs_extent_busy.c
3496 -@@ -45,18 +45,7 @@ xfs_extent_busy_insert(
3497 - struct rb_node **rbp;
3498 - struct rb_node *parent = NULL;
3499 -
3500 -- new = kmem_zalloc(sizeof(struct xfs_extent_busy), KM_MAYFAIL);
3501 -- if (!new) {
3502 -- /*
3503 -- * No Memory! Since it is now not possible to track the free
3504 -- * block, make this a synchronous transaction to insure that
3505 -- * the block is not reused before this transaction commits.
3506 -- */
3507 -- trace_xfs_extent_busy_enomem(tp->t_mountp, agno, bno, len);
3508 -- xfs_trans_set_sync(tp);
3509 -- return;
3510 -- }
3511 --
3512 -+ new = kmem_zalloc(sizeof(struct xfs_extent_busy), KM_SLEEP);
3513 - new->agno = agno;
3514 - new->bno = bno;
3515 - new->length = len;
3516 -diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
3517 -index 9a5d64b..1209ad2 100644
3518 ---- a/fs/xfs/xfs_file.c
3519 -+++ b/fs/xfs/xfs_file.c
3520 -@@ -554,6 +554,15 @@ xfs_file_dio_aio_write(
3521 - if ((iocb->ki_pos & mp->m_blockmask) ||
3522 - ((iocb->ki_pos + count) & mp->m_blockmask)) {
3523 - unaligned_io = 1;
3524 -+
3525 -+ /*
3526 -+ * We can't properly handle unaligned direct I/O to reflink
3527 -+ * files yet, as we can't unshare a partial block.
3528 -+ */
3529 -+ if (xfs_is_reflink_inode(ip)) {
3530 -+ trace_xfs_reflink_bounce_dio_write(ip, iocb->ki_pos, count);
3531 -+ return -EREMCHG;
3532 -+ }
3533 - iolock = XFS_IOLOCK_EXCL;
3534 - } else {
3535 - iolock = XFS_IOLOCK_SHARED;
3536 -@@ -675,8 +684,10 @@ xfs_file_buffered_aio_write(
3537 - struct xfs_inode *ip = XFS_I(inode);
3538 - ssize_t ret;
3539 - int enospc = 0;
3540 -- int iolock = XFS_IOLOCK_EXCL;
3541 -+ int iolock;
3542 -
3543 -+write_retry:
3544 -+ iolock = XFS_IOLOCK_EXCL;
3545 - xfs_rw_ilock(ip, iolock);
3546 -
3547 - ret = xfs_file_aio_write_checks(iocb, from, &iolock);
3548 -@@ -686,7 +697,6 @@ xfs_file_buffered_aio_write(
3549 - /* We can write back this queue in page reclaim */
3550 - current->backing_dev_info = inode_to_bdi(inode);
3551 -
3552 --write_retry:
3553 - trace_xfs_file_buffered_write(ip, iov_iter_count(from), iocb->ki_pos);
3554 - ret = iomap_file_buffered_write(iocb, from, &xfs_iomap_ops);
3555 - if (likely(ret >= 0))
3556 -@@ -702,18 +712,21 @@ xfs_file_buffered_aio_write(
3557 - * running at the same time.
3558 - */
3559 - if (ret == -EDQUOT && !enospc) {
3560 -+ xfs_rw_iunlock(ip, iolock);
3561 - enospc = xfs_inode_free_quota_eofblocks(ip);
3562 - if (enospc)
3563 - goto write_retry;
3564 - enospc = xfs_inode_free_quota_cowblocks(ip);
3565 - if (enospc)
3566 - goto write_retry;
3567 -+ iolock = 0;
3568 - } else if (ret == -ENOSPC && !enospc) {
3569 - struct xfs_eofblocks eofb = {0};
3570 -
3571 - enospc = 1;
3572 - xfs_flush_inodes(ip->i_mount);
3573 -- eofb.eof_scan_owner = ip->i_ino; /* for locking */
3574 -+
3575 -+ xfs_rw_iunlock(ip, iolock);
3576 - eofb.eof_flags = XFS_EOF_FLAGS_SYNC;
3577 - xfs_icache_free_eofblocks(ip->i_mount, &eofb);
3578 - goto write_retry;
3579 -@@ -721,7 +734,8 @@ xfs_file_buffered_aio_write(
3580 -
3581 - current->backing_dev_info = NULL;
3582 - out:
3583 -- xfs_rw_iunlock(ip, iolock);
3584 -+ if (iolock)
3585 -+ xfs_rw_iunlock(ip, iolock);
3586 - return ret;
3587 - }
3588 -
3589 -@@ -987,9 +1001,9 @@ xfs_dir_open(
3590 - */
3591 - mode = xfs_ilock_data_map_shared(ip);
3592 - if (ip->i_d.di_nextents > 0)
3593 -- xfs_dir3_data_readahead(ip, 0, -1);
3594 -+ error = xfs_dir3_data_readahead(ip, 0, -1);
3595 - xfs_iunlock(ip, mode);
3596 -- return 0;
3597 -+ return error;
3598 - }
3599 -
3600 - STATIC int
3601 -diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
3602 -index 29cc988..3fb1f3f 100644
3603 ---- a/fs/xfs/xfs_icache.c
3604 -+++ b/fs/xfs/xfs_icache.c
3605 -@@ -1324,13 +1324,10 @@ xfs_inode_free_eofblocks(
3606 - int flags,
3607 - void *args)
3608 - {
3609 -- int ret;
3610 -+ int ret = 0;
3611 - struct xfs_eofblocks *eofb = args;
3612 -- bool need_iolock = true;
3613 - int match;
3614 -
3615 -- ASSERT(!eofb || (eofb && eofb->eof_scan_owner != 0));
3616 --
3617 - if (!xfs_can_free_eofblocks(ip, false)) {
3618 - /* inode could be preallocated or append-only */
3619 - trace_xfs_inode_free_eofblocks_invalid(ip);
3620 -@@ -1358,21 +1355,19 @@ xfs_inode_free_eofblocks(
3621 - if (eofb->eof_flags & XFS_EOF_FLAGS_MINFILESIZE &&
3622 - XFS_ISIZE(ip) < eofb->eof_min_file_size)
3623 - return 0;
3624 --
3625 -- /*
3626 -- * A scan owner implies we already hold the iolock. Skip it in
3627 -- * xfs_free_eofblocks() to avoid deadlock. This also eliminates
3628 -- * the possibility of EAGAIN being returned.
3629 -- */
3630 -- if (eofb->eof_scan_owner == ip->i_ino)
3631 -- need_iolock = false;
3632 - }
3633 -
3634 -- ret = xfs_free_eofblocks(ip->i_mount, ip, need_iolock);
3635 --
3636 -- /* don't revisit the inode if we're not waiting */
3637 -- if (ret == -EAGAIN && !(flags & SYNC_WAIT))
3638 -- ret = 0;
3639 -+ /*
3640 -+ * If the caller is waiting, return -EAGAIN to keep the background
3641 -+ * scanner moving and revisit the inode in a subsequent pass.
3642 -+ */
3643 -+ if (!xfs_ilock_nowait(ip, XFS_IOLOCK_EXCL)) {
3644 -+ if (flags & SYNC_WAIT)
3645 -+ ret = -EAGAIN;
3646 -+ return ret;
3647 -+ }
3648 -+ ret = xfs_free_eofblocks(ip);
3649 -+ xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3650 -
3651 - return ret;
3652 - }
3653 -@@ -1419,15 +1414,10 @@ __xfs_inode_free_quota_eofblocks(
3654 - struct xfs_eofblocks eofb = {0};
3655 - struct xfs_dquot *dq;
3656 -
3657 -- ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
3658 --
3659 - /*
3660 -- * Set the scan owner to avoid a potential livelock. Otherwise, the scan
3661 -- * can repeatedly trylock on the inode we're currently processing. We
3662 -- * run a sync scan to increase effectiveness and use the union filter to
3663 -+ * Run a sync scan to increase effectiveness and use the union filter to
3664 - * cover all applicable quotas in a single scan.
3665 - */
3666 -- eofb.eof_scan_owner = ip->i_ino;
3667 - eofb.eof_flags = XFS_EOF_FLAGS_UNION|XFS_EOF_FLAGS_SYNC;
3668 -
3669 - if (XFS_IS_UQUOTA_ENFORCED(ip->i_mount)) {
3670 -@@ -1579,12 +1569,9 @@ xfs_inode_free_cowblocks(
3671 - {
3672 - int ret;
3673 - struct xfs_eofblocks *eofb = args;
3674 -- bool need_iolock = true;
3675 - int match;
3676 - struct xfs_ifork *ifp = XFS_IFORK_PTR(ip, XFS_COW_FORK);
3677 -
3678 -- ASSERT(!eofb || (eofb && eofb->eof_scan_owner != 0));
3679 --
3680 - /*
3681 - * Just clear the tag if we have an empty cow fork or none at all. It's
3682 - * possible the inode was fully unshared since it was originally tagged.
3683 -@@ -1617,28 +1604,16 @@ xfs_inode_free_cowblocks(
3684 - if (eofb->eof_flags & XFS_EOF_FLAGS_MINFILESIZE &&
3685 - XFS_ISIZE(ip) < eofb->eof_min_file_size)
3686 - return 0;
3687 --
3688 -- /*
3689 -- * A scan owner implies we already hold the iolock. Skip it in
3690 -- * xfs_free_eofblocks() to avoid deadlock. This also eliminates
3691 -- * the possibility of EAGAIN being returned.
3692 -- */
3693 -- if (eofb->eof_scan_owner == ip->i_ino)
3694 -- need_iolock = false;
3695 - }
3696 -
3697 - /* Free the CoW blocks */
3698 -- if (need_iolock) {
3699 -- xfs_ilock(ip, XFS_IOLOCK_EXCL);
3700 -- xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
3701 -- }
3702 -+ xfs_ilock(ip, XFS_IOLOCK_EXCL);
3703 -+ xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
3704 -
3705 -- ret = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF);
3706 -+ ret = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, false);
3707 -
3708 -- if (need_iolock) {
3709 -- xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
3710 -- xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3711 -- }
3712 -+ xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
3713 -+ xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3714 -
3715 - return ret;
3716 - }
3717 -diff --git a/fs/xfs/xfs_icache.h b/fs/xfs/xfs_icache.h
3718 -index a1e02f4..8a7c849 100644
3719 ---- a/fs/xfs/xfs_icache.h
3720 -+++ b/fs/xfs/xfs_icache.h
3721 -@@ -27,7 +27,6 @@ struct xfs_eofblocks {
3722 - kgid_t eof_gid;
3723 - prid_t eof_prid;
3724 - __u64 eof_min_file_size;
3725 -- xfs_ino_t eof_scan_owner;
3726 - };
3727 -
3728 - #define SYNC_WAIT 0x0001 /* wait for i/o to complete */
3729 -@@ -102,7 +101,6 @@ xfs_fs_eofblocks_from_user(
3730 - dst->eof_flags = src->eof_flags;
3731 - dst->eof_prid = src->eof_prid;
3732 - dst->eof_min_file_size = src->eof_min_file_size;
3733 -- dst->eof_scan_owner = NULLFSINO;
3734 -
3735 - dst->eof_uid = INVALID_UID;
3736 - if (src->eof_flags & XFS_EOF_FLAGS_UID) {
3737 -diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
3738 -index 512ff13..e50636c 100644
3739 ---- a/fs/xfs/xfs_inode.c
3740 -+++ b/fs/xfs/xfs_inode.c
3741 -@@ -1624,7 +1624,7 @@ xfs_itruncate_extents(
3742 -
3743 - /* Remove all pending CoW reservations. */
3744 - error = xfs_reflink_cancel_cow_blocks(ip, &tp, first_unmap_block,
3745 -- last_block);
3746 -+ last_block, true);
3747 - if (error)
3748 - goto out;
3749 -
3750 -@@ -1701,32 +1701,34 @@ xfs_release(
3751 - if (xfs_can_free_eofblocks(ip, false)) {
3752 -
3753 - /*
3754 -+ * Check if the inode is being opened, written and closed
3755 -+ * frequently and we have delayed allocation blocks outstanding
3756 -+ * (e.g. streaming writes from the NFS server), truncating the
3757 -+ * blocks past EOF will cause fragmentation to occur.
3758 -+ *
3759 -+ * In this case don't do the truncation, but we have to be
3760 -+ * careful how we detect this case. Blocks beyond EOF show up as
3761 -+ * i_delayed_blks even when the inode is clean, so we need to
3762 -+ * truncate them away first before checking for a dirty release.
3763 -+ * Hence on the first dirty close we will still remove the
3764 -+ * speculative allocation, but after that we will leave it in
3765 -+ * place.
3766 -+ */
3767 -+ if (xfs_iflags_test(ip, XFS_IDIRTY_RELEASE))
3768 -+ return 0;
3769 -+ /*
3770 - * If we can't get the iolock just skip truncating the blocks
3771 - * past EOF because we could deadlock with the mmap_sem
3772 -- * otherwise. We'll get another chance to drop them once the
3773 -+ * otherwise. We'll get another chance to drop them once the
3774 - * last reference to the inode is dropped, so we'll never leak
3775 - * blocks permanently.
3776 -- *
3777 -- * Further, check if the inode is being opened, written and
3778 -- * closed frequently and we have delayed allocation blocks
3779 -- * outstanding (e.g. streaming writes from the NFS server),
3780 -- * truncating the blocks past EOF will cause fragmentation to
3781 -- * occur.
3782 -- *
3783 -- * In this case don't do the truncation, either, but we have to
3784 -- * be careful how we detect this case. Blocks beyond EOF show
3785 -- * up as i_delayed_blks even when the inode is clean, so we
3786 -- * need to truncate them away first before checking for a dirty
3787 -- * release. Hence on the first dirty close we will still remove
3788 -- * the speculative allocation, but after that we will leave it
3789 -- * in place.
3790 - */
3791 -- if (xfs_iflags_test(ip, XFS_IDIRTY_RELEASE))
3792 -- return 0;
3793 --
3794 -- error = xfs_free_eofblocks(mp, ip, true);
3795 -- if (error && error != -EAGAIN)
3796 -- return error;
3797 -+ if (xfs_ilock_nowait(ip, XFS_IOLOCK_EXCL)) {
3798 -+ error = xfs_free_eofblocks(ip);
3799 -+ xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3800 -+ if (error)
3801 -+ return error;
3802 -+ }
3803 -
3804 - /* delalloc blocks after truncation means it really is dirty */
3805 - if (ip->i_delayed_blks)
3806 -@@ -1801,22 +1803,23 @@ xfs_inactive_ifree(
3807 - int error;
3808 -
3809 - /*
3810 -- * The ifree transaction might need to allocate blocks for record
3811 -- * insertion to the finobt. We don't want to fail here at ENOSPC, so
3812 -- * allow ifree to dip into the reserved block pool if necessary.
3813 -- *
3814 -- * Freeing large sets of inodes generally means freeing inode chunks,
3815 -- * directory and file data blocks, so this should be relatively safe.
3816 -- * Only under severe circumstances should it be possible to free enough
3817 -- * inodes to exhaust the reserve block pool via finobt expansion while
3818 -- * at the same time not creating free space in the filesystem.
3819 -+ * We try to use a per-AG reservation for any block needed by the finobt
3820 -+ * tree, but as the finobt feature predates the per-AG reservation
3821 -+ * support a degraded file system might not have enough space for the
3822 -+ * reservation at mount time. In that case try to dip into the reserved
3823 -+ * pool and pray.
3824 - *
3825 - * Send a warning if the reservation does happen to fail, as the inode
3826 - * now remains allocated and sits on the unlinked list until the fs is
3827 - * repaired.
3828 - */
3829 -- error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ifree,
3830 -- XFS_IFREE_SPACE_RES(mp), 0, XFS_TRANS_RESERVE, &tp);
3831 -+ if (unlikely(mp->m_inotbt_nores)) {
3832 -+ error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ifree,
3833 -+ XFS_IFREE_SPACE_RES(mp), 0, XFS_TRANS_RESERVE,
3834 -+ &tp);
3835 -+ } else {
3836 -+ error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ifree, 0, 0, 0, &tp);
3837 -+ }
3838 - if (error) {
3839 - if (error == -ENOSPC) {
3840 - xfs_warn_ratelimited(mp,
3841 -@@ -1912,8 +1915,11 @@ xfs_inactive(
3842 - * cache. Post-eof blocks must be freed, lest we end up with
3843 - * broken free space accounting.
3844 - */
3845 -- if (xfs_can_free_eofblocks(ip, true))
3846 -- xfs_free_eofblocks(mp, ip, false);
3847 -+ if (xfs_can_free_eofblocks(ip, true)) {
3848 -+ xfs_ilock(ip, XFS_IOLOCK_EXCL);
3849 -+ xfs_free_eofblocks(ip);
3850 -+ xfs_iunlock(ip, XFS_IOLOCK_EXCL);
3851 -+ }
3852 -
3853 - return;
3854 - }
3855 -diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
3856 -index e888961..3605624 100644
3857 ---- a/fs/xfs/xfs_iomap.c
3858 -+++ b/fs/xfs/xfs_iomap.c
3859 -@@ -637,6 +637,11 @@ xfs_file_iomap_begin_delay(
3860 - goto out_unlock;
3861 - }
3862 -
3863 -+ /*
3864 -+ * Flag newly allocated delalloc blocks with IOMAP_F_NEW so we punch
3865 -+ * them out if the write happens to fail.
3866 -+ */
3867 -+ iomap->flags = IOMAP_F_NEW;
3868 - trace_xfs_iomap_alloc(ip, offset, count, 0, &got);
3869 - done:
3870 - if (isnullstartblock(got.br_startblock))
3871 -@@ -685,7 +690,7 @@ xfs_iomap_write_allocate(
3872 - int nres;
3873 -
3874 - if (whichfork == XFS_COW_FORK)
3875 -- flags |= XFS_BMAPI_COWFORK;
3876 -+ flags |= XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC;
3877 -
3878 - /*
3879 - * Make sure that the dquots are there.
3880 -@@ -1061,7 +1066,8 @@ xfs_file_iomap_end_delalloc(
3881 - struct xfs_inode *ip,
3882 - loff_t offset,
3883 - loff_t length,
3884 -- ssize_t written)
3885 -+ ssize_t written,
3886 -+ struct iomap *iomap)
3887 - {
3888 - struct xfs_mount *mp = ip->i_mount;
3889 - xfs_fileoff_t start_fsb;
3890 -@@ -1080,14 +1086,14 @@ xfs_file_iomap_end_delalloc(
3891 - end_fsb = XFS_B_TO_FSB(mp, offset + length);
3892 -
3893 - /*
3894 -- * Trim back delalloc blocks if we didn't manage to write the whole
3895 -- * range reserved.
3896 -+ * Trim delalloc blocks if they were allocated by this write and we
3897 -+ * didn't manage to write the whole range.
3898 - *
3899 - * We don't need to care about racing delalloc as we hold i_mutex
3900 - * across the reserve/allocate/unreserve calls. If there are delalloc
3901 - * blocks in the range, they are ours.
3902 - */
3903 -- if (start_fsb < end_fsb) {
3904 -+ if ((iomap->flags & IOMAP_F_NEW) && start_fsb < end_fsb) {
3905 - truncate_pagecache_range(VFS_I(ip), XFS_FSB_TO_B(mp, start_fsb),
3906 - XFS_FSB_TO_B(mp, end_fsb) - 1);
3907 -
3908 -@@ -1117,7 +1123,7 @@ xfs_file_iomap_end(
3909 - {
3910 - if ((flags & IOMAP_WRITE) && iomap->type == IOMAP_DELALLOC)
3911 - return xfs_file_iomap_end_delalloc(XFS_I(inode), offset,
3912 -- length, written);
3913 -+ length, written, iomap);
3914 - return 0;
3915 - }
3916 -
3917 -diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
3918 -index b341f10..13796f2 100644
3919 ---- a/fs/xfs/xfs_mount.c
3920 -+++ b/fs/xfs/xfs_mount.c
3921 -@@ -502,8 +502,7 @@ STATIC void
3922 - xfs_set_inoalignment(xfs_mount_t *mp)
3923 - {
3924 - if (xfs_sb_version_hasalign(&mp->m_sb) &&
3925 -- mp->m_sb.sb_inoalignmt >=
3926 -- XFS_B_TO_FSBT(mp, mp->m_inode_cluster_size))
3927 -+ mp->m_sb.sb_inoalignmt >= xfs_icluster_size_fsb(mp))
3928 - mp->m_inoalign_mask = mp->m_sb.sb_inoalignmt - 1;
3929 - else
3930 - mp->m_inoalign_mask = 0;
3931 -diff --git a/fs/xfs/xfs_mount.h b/fs/xfs/xfs_mount.h
3932 -index 819b80b..1bf878b 100644
3933 ---- a/fs/xfs/xfs_mount.h
3934 -+++ b/fs/xfs/xfs_mount.h
3935 -@@ -140,6 +140,7 @@ typedef struct xfs_mount {
3936 - int m_fixedfsid[2]; /* unchanged for life of FS */
3937 - uint m_dmevmask; /* DMI events for this FS */
3938 - __uint64_t m_flags; /* global mount flags */
3939 -+ bool m_inotbt_nores; /* no per-AG finobt resv. */
3940 - int m_ialloc_inos; /* inodes in inode allocation */
3941 - int m_ialloc_blks; /* blocks in inode allocation */
3942 - int m_ialloc_min_blks;/* min blocks in sparse inode
3943 -diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
3944 -index 4d3f74e..2252f16 100644
3945 ---- a/fs/xfs/xfs_reflink.c
3946 -+++ b/fs/xfs/xfs_reflink.c
3947 -@@ -82,11 +82,22 @@
3948 - * mappings are a reservation against the free space in the filesystem;
3949 - * adjacent mappings can also be combined into fewer larger mappings.
3950 - *
3951 -+ * As an optimization, the CoW extent size hint (cowextsz) creates
3952 -+ * outsized aligned delalloc reservations in the hope of landing out of
3953 -+ * order nearby CoW writes in a single extent on disk, thereby reducing
3954 -+ * fragmentation and improving future performance.
3955 -+ *
3956 -+ * D: --RRRRRRSSSRRRRRRRR--- (data fork)
3957 -+ * C: ------DDDDDDD--------- (CoW fork)
3958 -+ *
3959 - * When dirty pages are being written out (typically in writepage), the
3960 -- * delalloc reservations are converted into real mappings by allocating
3961 -- * blocks and replacing the delalloc mapping with real ones. A delalloc
3962 -- * mapping can be replaced by several real ones if the free space is
3963 -- * fragmented.
3964 -+ * delalloc reservations are converted into unwritten mappings by
3965 -+ * allocating blocks and replacing the delalloc mapping with real ones.
3966 -+ * A delalloc mapping can be replaced by several unwritten ones if the
3967 -+ * free space is fragmented.
3968 -+ *
3969 -+ * D: --RRRRRRSSSRRRRRRRR---
3970 -+ * C: ------UUUUUUU---------
3971 - *
3972 - * We want to adapt the delalloc mechanism for copy-on-write, since the
3973 - * write paths are similar. The first two steps (creating the reservation
3974 -@@ -101,13 +112,29 @@
3975 - * Block-aligned directio writes will use the same mechanism as buffered
3976 - * writes.
3977 - *
3978 -+ * Just prior to submitting the actual disk write requests, we convert
3979 -+ * the extents representing the range of the file actually being written
3980 -+ * (as opposed to extra pieces created for the cowextsize hint) to real
3981 -+ * extents. This will become important in the next step:
3982 -+ *
3983 -+ * D: --RRRRRRSSSRRRRRRRR---
3984 -+ * C: ------UUrrUUU---------
3985 -+ *
3986 - * CoW remapping must be done after the data block write completes,
3987 - * because we don't want to destroy the old data fork map until we're sure
3988 - * the new block has been written. Since the new mappings are kept in a
3989 - * separate fork, we can simply iterate these mappings to find the ones
3990 - * that cover the file blocks that we just CoW'd. For each extent, simply
3991 - * unmap the corresponding range in the data fork, map the new range into
3992 -- * the data fork, and remove the extent from the CoW fork.
3993 -+ * the data fork, and remove the extent from the CoW fork. Because of
3994 -+ * the presence of the cowextsize hint, however, we must be careful
3995 -+ * only to remap the blocks that we've actually written out -- we must
3996 -+ * never remap delalloc reservations nor CoW staging blocks that have
3997 -+ * yet to be written. This corresponds exactly to the real extents in
3998 -+ * the CoW fork:
3999 -+ *
4000 -+ * D: --RRRRRRrrSRRRRRRRR---
4001 -+ * C: ------UU--UUU---------
4002 - *
4003 - * Since the remapping operation can be applied to an arbitrary file
4004 - * range, we record the need for the remap step as a flag in the ioend
4005 -@@ -296,6 +323,65 @@ xfs_reflink_reserve_cow(
4006 - return 0;
4007 - }
4008 -
4009 -+/* Convert part of an unwritten CoW extent to a real one. */
4010 -+STATIC int
4011 -+xfs_reflink_convert_cow_extent(
4012 -+ struct xfs_inode *ip,
4013 -+ struct xfs_bmbt_irec *imap,
4014 -+ xfs_fileoff_t offset_fsb,
4015 -+ xfs_filblks_t count_fsb,
4016 -+ struct xfs_defer_ops *dfops)
4017 -+{
4018 -+ struct xfs_bmbt_irec irec = *imap;
4019 -+ xfs_fsblock_t first_block;
4020 -+ int nimaps = 1;
4021 -+
4022 -+ if (imap->br_state == XFS_EXT_NORM)
4023 -+ return 0;
4024 -+
4025 -+ xfs_trim_extent(&irec, offset_fsb, count_fsb);
4026 -+ trace_xfs_reflink_convert_cow(ip, &irec);
4027 -+ if (irec.br_blockcount == 0)
4028 -+ return 0;
4029 -+ return xfs_bmapi_write(NULL, ip, irec.br_startoff, irec.br_blockcount,
4030 -+ XFS_BMAPI_COWFORK | XFS_BMAPI_CONVERT, &first_block,
4031 -+ 0, &irec, &nimaps, dfops);
4032 -+}
4033 -+
4034 -+/* Convert all of the unwritten CoW extents in a file's range to real ones. */
4035 -+int
4036 -+xfs_reflink_convert_cow(
4037 -+ struct xfs_inode *ip,
4038 -+ xfs_off_t offset,
4039 -+ xfs_off_t count)
4040 -+{
4041 -+ struct xfs_bmbt_irec got;
4042 -+ struct xfs_defer_ops dfops;
4043 -+ struct xfs_mount *mp = ip->i_mount;
4044 -+ struct xfs_ifork *ifp = XFS_IFORK_PTR(ip, XFS_COW_FORK);
4045 -+ xfs_fileoff_t offset_fsb = XFS_B_TO_FSBT(mp, offset);
4046 -+ xfs_fileoff_t end_fsb = XFS_B_TO_FSB(mp, offset + count);
4047 -+ xfs_extnum_t idx;
4048 -+ bool found;
4049 -+ int error = 0;
4050 -+
4051 -+ xfs_ilock(ip, XFS_ILOCK_EXCL);
4052 -+
4053 -+ /* Convert all the extents to real from unwritten. */
4054 -+ for (found = xfs_iext_lookup_extent(ip, ifp, offset_fsb, &idx, &got);
4055 -+ found && got.br_startoff < end_fsb;
4056 -+ found = xfs_iext_get_extent(ifp, ++idx, &got)) {
4057 -+ error = xfs_reflink_convert_cow_extent(ip, &got, offset_fsb,
4058 -+ end_fsb - offset_fsb, &dfops);
4059 -+ if (error)
4060 -+ break;
4061 -+ }
4062 -+
4063 -+ /* Finish up. */
4064 -+ xfs_iunlock(ip, XFS_ILOCK_EXCL);
4065 -+ return error;
4066 -+}
4067 -+
4068 - /* Allocate all CoW reservations covering a range of blocks in a file. */
4069 - static int
4070 - __xfs_reflink_allocate_cow(
4071 -@@ -328,6 +414,7 @@ __xfs_reflink_allocate_cow(
4072 - goto out_unlock;
4073 - ASSERT(nimaps == 1);
4074 -
4075 -+ /* Make sure there's a CoW reservation for it. */
4076 - error = xfs_reflink_reserve_cow(ip, &imap, &shared);
4077 - if (error)
4078 - goto out_trans_cancel;
4079 -@@ -337,14 +424,16 @@ __xfs_reflink_allocate_cow(
4080 - goto out_trans_cancel;
4081 - }
4082 -
4083 -+ /* Allocate the entire reservation as unwritten blocks. */
4084 - xfs_trans_ijoin(tp, ip, 0);
4085 - error = xfs_bmapi_write(tp, ip, imap.br_startoff, imap.br_blockcount,
4086 -- XFS_BMAPI_COWFORK, &first_block,
4087 -+ XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC, &first_block,
4088 - XFS_EXTENTADD_SPACE_RES(mp, XFS_DATA_FORK),
4089 - &imap, &nimaps, &dfops);
4090 - if (error)
4091 - goto out_trans_cancel;
4092 -
4093 -+ /* Finish up. */
4094 - error = xfs_defer_finish(&tp, &dfops, NULL);
4095 - if (error)
4096 - goto out_trans_cancel;
4097 -@@ -389,11 +478,12 @@ xfs_reflink_allocate_cow_range(
4098 - if (error) {
4099 - trace_xfs_reflink_allocate_cow_range_error(ip, error,
4100 - _RET_IP_);
4101 -- break;
4102 -+ return error;
4103 - }
4104 - }
4105 -
4106 -- return error;
4107 -+ /* Convert the CoW extents to regular. */
4108 -+ return xfs_reflink_convert_cow(ip, offset, count);
4109 - }
4110 -
4111 - /*
4112 -@@ -481,14 +571,18 @@ xfs_reflink_trim_irec_to_next_cow(
4113 - }
4114 -
4115 - /*
4116 -- * Cancel all pending CoW reservations for some block range of an inode.
4117 -+ * Cancel CoW reservations for some block range of an inode.
4118 -+ *
4119 -+ * If cancel_real is true this function cancels all COW fork extents for the
4120 -+ * inode; if cancel_real is false, real extents are not cleared.
4121 - */
4122 - int
4123 - xfs_reflink_cancel_cow_blocks(
4124 - struct xfs_inode *ip,
4125 - struct xfs_trans **tpp,
4126 - xfs_fileoff_t offset_fsb,
4127 -- xfs_fileoff_t end_fsb)
4128 -+ xfs_fileoff_t end_fsb,
4129 -+ bool cancel_real)
4130 - {
4131 - struct xfs_ifork *ifp = XFS_IFORK_PTR(ip, XFS_COW_FORK);
4132 - struct xfs_bmbt_irec got, prev, del;
4133 -@@ -515,7 +609,7 @@ xfs_reflink_cancel_cow_blocks(
4134 - &idx, &got, &del);
4135 - if (error)
4136 - break;
4137 -- } else {
4138 -+ } else if (del.br_state == XFS_EXT_UNWRITTEN || cancel_real) {
4139 - xfs_trans_ijoin(*tpp, ip, 0);
4140 - xfs_defer_init(&dfops, &firstfsb);
4141 -
4142 -@@ -558,13 +652,17 @@ xfs_reflink_cancel_cow_blocks(
4143 - }
4144 -
4145 - /*
4146 -- * Cancel all pending CoW reservations for some byte range of an inode.
4147 -+ * Cancel CoW reservations for some byte range of an inode.
4148 -+ *
4149 -+ * If cancel_real is true this function cancels all COW fork extents for the
4150 -+ * inode; if cancel_real is false, real extents are not cleared.
4151 - */
4152 - int
4153 - xfs_reflink_cancel_cow_range(
4154 - struct xfs_inode *ip,
4155 - xfs_off_t offset,
4156 -- xfs_off_t count)
4157 -+ xfs_off_t count,
4158 -+ bool cancel_real)
4159 - {
4160 - struct xfs_trans *tp;
4161 - xfs_fileoff_t offset_fsb;
4162 -@@ -590,7 +688,8 @@ xfs_reflink_cancel_cow_range(
4163 - xfs_trans_ijoin(tp, ip, 0);
4164 -
4165 - /* Scrape out the old CoW reservations */
4166 -- error = xfs_reflink_cancel_cow_blocks(ip, &tp, offset_fsb, end_fsb);
4167 -+ error = xfs_reflink_cancel_cow_blocks(ip, &tp, offset_fsb, end_fsb,
4168 -+ cancel_real);
4169 - if (error)
4170 - goto out_cancel;
4171 -
4172 -@@ -669,6 +768,16 @@ xfs_reflink_end_cow(
4173 -
4174 - ASSERT(!isnullstartblock(got.br_startblock));
4175 -
4176 -+ /*
4177 -+ * Don't remap unwritten extents; these are
4178 -+ * speculatively preallocated CoW extents that have been
4179 -+ * allocated but have not yet been involved in a write.
4180 -+ */
4181 -+ if (got.br_state == XFS_EXT_UNWRITTEN) {
4182 -+ idx--;
4183 -+ goto next_extent;
4184 -+ }
4185 -+
4186 - /* Unmap the old blocks in the data fork. */
4187 - xfs_defer_init(&dfops, &firstfsb);
4188 - rlen = del.br_blockcount;
4189 -@@ -885,13 +994,14 @@ STATIC int
4190 - xfs_reflink_update_dest(
4191 - struct xfs_inode *dest,
4192 - xfs_off_t newlen,
4193 -- xfs_extlen_t cowextsize)
4194 -+ xfs_extlen_t cowextsize,
4195 -+ bool is_dedupe)
4196 - {
4197 - struct xfs_mount *mp = dest->i_mount;
4198 - struct xfs_trans *tp;
4199 - int error;
4200 -
4201 -- if (newlen <= i_size_read(VFS_I(dest)) && cowextsize == 0)
4202 -+ if (is_dedupe && newlen <= i_size_read(VFS_I(dest)) && cowextsize == 0)
4203 - return 0;
4204 -
4205 - error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp);
4206 -@@ -912,6 +1022,10 @@ xfs_reflink_update_dest(
4207 - dest->i_d.di_flags2 |= XFS_DIFLAG2_COWEXTSIZE;
4208 - }
4209 -
4210 -+ if (!is_dedupe) {
4211 -+ xfs_trans_ichgtime(tp, dest,
4212 -+ XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
4213 -+ }
4214 - xfs_trans_log_inode(tp, dest, XFS_ILOG_CORE);
4215 -
4216 - error = xfs_trans_commit(tp);
4217 -@@ -1428,7 +1542,8 @@ xfs_reflink_remap_range(
4218 - !(dest->i_d.di_flags2 & XFS_DIFLAG2_COWEXTSIZE))
4219 - cowextsize = src->i_d.di_cowextsize;
4220 -
4221 -- ret = xfs_reflink_update_dest(dest, pos_out + len, cowextsize);
4222 -+ ret = xfs_reflink_update_dest(dest, pos_out + len, cowextsize,
4223 -+ is_dedupe);
4224 -
4225 - out_unlock:
4226 - xfs_iunlock(src, XFS_MMAPLOCK_EXCL);
4227 -@@ -1580,7 +1695,7 @@ xfs_reflink_clear_inode_flag(
4228 - * We didn't find any shared blocks so turn off the reflink flag.
4229 - * First, get rid of any leftover CoW mappings.
4230 - */
4231 -- error = xfs_reflink_cancel_cow_blocks(ip, tpp, 0, NULLFILEOFF);
4232 -+ error = xfs_reflink_cancel_cow_blocks(ip, tpp, 0, NULLFILEOFF, true);
4233 - if (error)
4234 - return error;
4235 -
4236 -diff --git a/fs/xfs/xfs_reflink.h b/fs/xfs/xfs_reflink.h
4237 -index 97ea9b4..a57966f 100644
4238 ---- a/fs/xfs/xfs_reflink.h
4239 -+++ b/fs/xfs/xfs_reflink.h
4240 -@@ -30,6 +30,8 @@ extern int xfs_reflink_reserve_cow(struct xfs_inode *ip,
4241 - struct xfs_bmbt_irec *imap, bool *shared);
4242 - extern int xfs_reflink_allocate_cow_range(struct xfs_inode *ip,
4243 - xfs_off_t offset, xfs_off_t count);
4244 -+extern int xfs_reflink_convert_cow(struct xfs_inode *ip, xfs_off_t offset,
4245 -+ xfs_off_t count);
4246 - extern bool xfs_reflink_find_cow_mapping(struct xfs_inode *ip, xfs_off_t offset,
4247 - struct xfs_bmbt_irec *imap, bool *need_alloc);
4248 - extern int xfs_reflink_trim_irec_to_next_cow(struct xfs_inode *ip,
4249 -@@ -37,9 +39,9 @@ extern int xfs_reflink_trim_irec_to_next_cow(struct xfs_inode *ip,
4250 -
4251 - extern int xfs_reflink_cancel_cow_blocks(struct xfs_inode *ip,
4252 - struct xfs_trans **tpp, xfs_fileoff_t offset_fsb,
4253 -- xfs_fileoff_t end_fsb);
4254 -+ xfs_fileoff_t end_fsb, bool cancel_real);
4255 - extern int xfs_reflink_cancel_cow_range(struct xfs_inode *ip, xfs_off_t offset,
4256 -- xfs_off_t count);
4257 -+ xfs_off_t count, bool cancel_real);
4258 - extern int xfs_reflink_end_cow(struct xfs_inode *ip, xfs_off_t offset,
4259 - xfs_off_t count);
4260 - extern int xfs_reflink_recover_cow(struct xfs_mount *mp);
4261 -diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c
4262 -index ade4691..dbbd3f1 100644
4263 ---- a/fs/xfs/xfs_super.c
4264 -+++ b/fs/xfs/xfs_super.c
4265 -@@ -948,7 +948,7 @@ xfs_fs_destroy_inode(
4266 - XFS_STATS_INC(ip->i_mount, vn_remove);
4267 -
4268 - if (xfs_is_reflink_inode(ip)) {
4269 -- error = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF);
4270 -+ error = xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true);
4271 - if (error && !XFS_FORCED_SHUTDOWN(ip->i_mount))
4272 - xfs_warn(ip->i_mount,
4273 - "Error %d while evicting CoW blocks for inode %llu.",
4274 -diff --git a/fs/xfs/xfs_trace.h b/fs/xfs/xfs_trace.h
4275 -index 0907752..828f383 100644
4276 ---- a/fs/xfs/xfs_trace.h
4277 -+++ b/fs/xfs/xfs_trace.h
4278 -@@ -3183,6 +3183,7 @@ DECLARE_EVENT_CLASS(xfs_inode_irec_class,
4279 - __field(xfs_fileoff_t, lblk)
4280 - __field(xfs_extlen_t, len)
4281 - __field(xfs_fsblock_t, pblk)
4282 -+ __field(int, state)
4283 - ),
4284 - TP_fast_assign(
4285 - __entry->dev = VFS_I(ip)->i_sb->s_dev;
4286 -@@ -3190,13 +3191,15 @@ DECLARE_EVENT_CLASS(xfs_inode_irec_class,
4287 - __entry->lblk = irec->br_startoff;
4288 - __entry->len = irec->br_blockcount;
4289 - __entry->pblk = irec->br_startblock;
4290 -+ __entry->state = irec->br_state;
4291 - ),
4292 -- TP_printk("dev %d:%d ino 0x%llx lblk 0x%llx len 0x%x pblk %llu",
4293 -+ TP_printk("dev %d:%d ino 0x%llx lblk 0x%llx len 0x%x pblk %llu st %d",
4294 - MAJOR(__entry->dev), MINOR(__entry->dev),
4295 - __entry->ino,
4296 - __entry->lblk,
4297 - __entry->len,
4298 -- __entry->pblk)
4299 -+ __entry->pblk,
4300 -+ __entry->state)
4301 - );
4302 - #define DEFINE_INODE_IREC_EVENT(name) \
4303 - DEFINE_EVENT(xfs_inode_irec_class, name, \
4304 -@@ -3345,11 +3348,12 @@ DEFINE_INODE_IREC_EVENT(xfs_reflink_trim_around_shared);
4305 - DEFINE_INODE_IREC_EVENT(xfs_reflink_cow_alloc);
4306 - DEFINE_INODE_IREC_EVENT(xfs_reflink_cow_found);
4307 - DEFINE_INODE_IREC_EVENT(xfs_reflink_cow_enospc);
4308 -+DEFINE_INODE_IREC_EVENT(xfs_reflink_convert_cow);
4309 -
4310 - DEFINE_RW_EVENT(xfs_reflink_reserve_cow);
4311 - DEFINE_RW_EVENT(xfs_reflink_allocate_cow_range);
4312 -
4313 --DEFINE_INODE_IREC_EVENT(xfs_reflink_bounce_dio_write);
4314 -+DEFINE_SIMPLE_IO_EVENT(xfs_reflink_bounce_dio_write);
4315 - DEFINE_IOMAP_EVENT(xfs_reflink_find_cow_mapping);
4316 - DEFINE_INODE_IREC_EVENT(xfs_reflink_trim_irec);
4317 -
4318 -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
4319 -index 01c0b9c..8c58db2 100644
4320 ---- a/include/linux/kvm_host.h
4321 -+++ b/include/linux/kvm_host.h
4322 -@@ -162,8 +162,8 @@ int kvm_io_bus_read(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx, gpa_t addr,
4323 - int len, void *val);
4324 - int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
4325 - int len, struct kvm_io_device *dev);
4326 --int kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4327 -- struct kvm_io_device *dev);
4328 -+void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4329 -+ struct kvm_io_device *dev);
4330 - struct kvm_io_device *kvm_io_bus_get_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4331 - gpa_t addr);
4332 -
4333 -diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
4334 -index 2546988..8b35bdb 100644
4335 ---- a/include/linux/memcontrol.h
4336 -+++ b/include/linux/memcontrol.h
4337 -@@ -739,6 +739,12 @@ static inline bool mem_cgroup_oom_synchronize(bool wait)
4338 - return false;
4339 - }
4340 -
4341 -+static inline void mem_cgroup_update_page_stat(struct page *page,
4342 -+ enum mem_cgroup_stat_index idx,
4343 -+ int nr)
4344 -+{
4345 -+}
4346 -+
4347 - static inline void mem_cgroup_inc_page_stat(struct page *page,
4348 - enum mem_cgroup_stat_index idx)
4349 - {
4350 -diff --git a/kernel/padata.c b/kernel/padata.c
4351 -index 7848f05..b4a3c0a 100644
4352 ---- a/kernel/padata.c
4353 -+++ b/kernel/padata.c
4354 -@@ -190,19 +190,20 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd)
4355 -
4356 - reorder = &next_queue->reorder;
4357 -
4358 -+ spin_lock(&reorder->lock);
4359 - if (!list_empty(&reorder->list)) {
4360 - padata = list_entry(reorder->list.next,
4361 - struct padata_priv, list);
4362 -
4363 -- spin_lock(&reorder->lock);
4364 - list_del_init(&padata->list);
4365 - atomic_dec(&pd->reorder_objects);
4366 -- spin_unlock(&reorder->lock);
4367 -
4368 - pd->processed++;
4369 -
4370 -+ spin_unlock(&reorder->lock);
4371 - goto out;
4372 - }
4373 -+ spin_unlock(&reorder->lock);
4374 -
4375 - if (__this_cpu_read(pd->pqueue->cpu_index) == next_queue->cpu_index) {
4376 - padata = ERR_PTR(-ENODATA);
4377 -diff --git a/lib/syscall.c b/lib/syscall.c
4378 -index 63239e0..a72cd09 100644
4379 ---- a/lib/syscall.c
4380 -+++ b/lib/syscall.c
4381 -@@ -11,6 +11,7 @@ static int collect_syscall(struct task_struct *target, long *callno,
4382 -
4383 - if (!try_get_task_stack(target)) {
4384 - /* Task has no stack, so the task isn't in a syscall. */
4385 -+ *sp = *pc = 0;
4386 - *callno = -1;
4387 - return 0;
4388 - }
4389 -diff --git a/mm/hugetlb.c b/mm/hugetlb.c
4390 -index b6adedb..65c36ac 100644
4391 ---- a/mm/hugetlb.c
4392 -+++ b/mm/hugetlb.c
4393 -@@ -4471,6 +4471,7 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4394 - {
4395 - struct page *page = NULL;
4396 - spinlock_t *ptl;
4397 -+ pte_t pte;
4398 - retry:
4399 - ptl = pmd_lockptr(mm, pmd);
4400 - spin_lock(ptl);
4401 -@@ -4480,12 +4481,13 @@ follow_huge_pmd(struct mm_struct *mm, unsigned long address,
4402 - */
4403 - if (!pmd_huge(*pmd))
4404 - goto out;
4405 -- if (pmd_present(*pmd)) {
4406 -+ pte = huge_ptep_get((pte_t *)pmd);
4407 -+ if (pte_present(pte)) {
4408 - page = pmd_page(*pmd) + ((address & ~PMD_MASK) >> PAGE_SHIFT);
4409 - if (flags & FOLL_GET)
4410 - get_page(page);
4411 - } else {
4412 -- if (is_hugetlb_entry_migration(huge_ptep_get((pte_t *)pmd))) {
4413 -+ if (is_hugetlb_entry_migration(pte)) {
4414 - spin_unlock(ptl);
4415 - __migration_entry_wait(mm, (pte_t *)pmd, ptl);
4416 - goto retry;
4417 -diff --git a/mm/rmap.c b/mm/rmap.c
4418 -index 1ef3640..cd37c1c 100644
4419 ---- a/mm/rmap.c
4420 -+++ b/mm/rmap.c
4421 -@@ -1295,7 +1295,7 @@ void page_add_file_rmap(struct page *page, bool compound)
4422 - goto out;
4423 - }
4424 - __mod_node_page_state(page_pgdat(page), NR_FILE_MAPPED, nr);
4425 -- mem_cgroup_inc_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED);
4426 -+ mem_cgroup_update_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED, nr);
4427 - out:
4428 - unlock_page_memcg(page);
4429 - }
4430 -@@ -1335,7 +1335,7 @@ static void page_remove_file_rmap(struct page *page, bool compound)
4431 - * pte lock(a spinlock) is held, which implies preemption disabled.
4432 - */
4433 - __mod_node_page_state(page_pgdat(page), NR_FILE_MAPPED, -nr);
4434 -- mem_cgroup_dec_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED);
4435 -+ mem_cgroup_update_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED, -nr);
4436 -
4437 - if (unlikely(PageMlocked(page)))
4438 - clear_page_mlock(page);
4439 -diff --git a/mm/workingset.c b/mm/workingset.c
4440 -index 33f6f4d..4c4f056 100644
4441 ---- a/mm/workingset.c
4442 -+++ b/mm/workingset.c
4443 -@@ -492,7 +492,7 @@ static int __init workingset_init(void)
4444 - pr_info("workingset: timestamp_bits=%d max_order=%d bucket_order=%u\n",
4445 - timestamp_bits, max_order, bucket_order);
4446 -
4447 -- ret = list_lru_init_key(&workingset_shadow_nodes, &shadow_nodes_key);
4448 -+ ret = __list_lru_init(&workingset_shadow_nodes, true, &shadow_nodes_key);
4449 - if (ret)
4450 - goto err;
4451 - ret = register_shrinker(&workingset_shadow_shrinker);
4452 -diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
4453 -index 2efb335..25a30be 100644
4454 ---- a/net/ceph/messenger.c
4455 -+++ b/net/ceph/messenger.c
4456 -@@ -7,6 +7,7 @@
4457 - #include <linux/kthread.h>
4458 - #include <linux/net.h>
4459 - #include <linux/nsproxy.h>
4460 -+#include <linux/sched.h>
4461 - #include <linux/slab.h>
4462 - #include <linux/socket.h>
4463 - #include <linux/string.h>
4464 -@@ -469,11 +470,16 @@ static int ceph_tcp_connect(struct ceph_connection *con)
4465 - {
4466 - struct sockaddr_storage *paddr = &con->peer_addr.in_addr;
4467 - struct socket *sock;
4468 -+ unsigned int noio_flag;
4469 - int ret;
4470 -
4471 - BUG_ON(con->sock);
4472 -+
4473 -+ /* sock_create_kern() allocates with GFP_KERNEL */
4474 -+ noio_flag = memalloc_noio_save();
4475 - ret = sock_create_kern(read_pnet(&con->msgr->net), paddr->ss_family,
4476 - SOCK_STREAM, IPPROTO_TCP, &sock);
4477 -+ memalloc_noio_restore(noio_flag);
4478 - if (ret)
4479 - return ret;
4480 - sock->sk->sk_allocation = GFP_NOFS;
4481 -diff --git a/sound/core/seq/seq_fifo.c b/sound/core/seq/seq_fifo.c
4482 -index 3f4efcb..3490d21 100644
4483 ---- a/sound/core/seq/seq_fifo.c
4484 -+++ b/sound/core/seq/seq_fifo.c
4485 -@@ -265,6 +265,10 @@ int snd_seq_fifo_resize(struct snd_seq_fifo *f, int poolsize)
4486 - /* NOTE: overflow flag is not cleared */
4487 - spin_unlock_irqrestore(&f->lock, flags);
4488 -
4489 -+ /* close the old pool and wait until all users are gone */
4490 -+ snd_seq_pool_mark_closing(oldpool);
4491 -+ snd_use_lock_sync(&f->use_lock);
4492 -+
4493 - /* release cells in old pool */
4494 - for (cell = oldhead; cell; cell = next) {
4495 - next = cell->next;
4496 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
4497 -index 112caa2..bb1aad3 100644
4498 ---- a/sound/pci/hda/patch_realtek.c
4499 -+++ b/sound/pci/hda/patch_realtek.c
4500 -@@ -4846,6 +4846,7 @@ enum {
4501 - ALC292_FIXUP_DISABLE_AAMIX,
4502 - ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK,
4503 - ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
4504 -+ ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE,
4505 - ALC275_FIXUP_DELL_XPS,
4506 - ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE,
4507 - ALC293_FIXUP_LENOVO_SPK_NOISE,
4508 -@@ -5446,6 +5447,15 @@ static const struct hda_fixup alc269_fixups[] = {
4509 - .chained = true,
4510 - .chain_id = ALC269_FIXUP_HEADSET_MODE
4511 - },
4512 -+ [ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE] = {
4513 -+ .type = HDA_FIXUP_PINS,
4514 -+ .v.pins = (const struct hda_pintbl[]) {
4515 -+ { 0x18, 0x01a1913c }, /* use as headset mic, without its own jack detect */
4516 -+ { }
4517 -+ },
4518 -+ .chained = true,
4519 -+ .chain_id = ALC269_FIXUP_HEADSET_MODE
4520 -+ },
4521 - [ALC275_FIXUP_DELL_XPS] = {
4522 - .type = HDA_FIXUP_VERBS,
4523 - .v.verbs = (const struct hda_verb[]) {
4524 -@@ -5518,7 +5528,7 @@ static const struct hda_fixup alc269_fixups[] = {
4525 - .type = HDA_FIXUP_FUNC,
4526 - .v.func = alc298_fixup_speaker_volume,
4527 - .chained = true,
4528 -- .chain_id = ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
4529 -+ .chain_id = ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE,
4530 - },
4531 - [ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER] = {
4532 - .type = HDA_FIXUP_PINS,
4533 -diff --git a/sound/soc/atmel/atmel-classd.c b/sound/soc/atmel/atmel-classd.c
4534 -index 89ac5f5..7ae46c2 100644
4535 ---- a/sound/soc/atmel/atmel-classd.c
4536 -+++ b/sound/soc/atmel/atmel-classd.c
4537 -@@ -349,7 +349,7 @@ static int atmel_classd_codec_dai_digital_mute(struct snd_soc_dai *codec_dai,
4538 - }
4539 -
4540 - #define CLASSD_ACLK_RATE_11M2896_MPY_8 (112896 * 100 * 8)
4541 --#define CLASSD_ACLK_RATE_12M288_MPY_8 (12228 * 1000 * 8)
4542 -+#define CLASSD_ACLK_RATE_12M288_MPY_8 (12288 * 1000 * 8)
4543 -
4544 - static struct {
4545 - int rate;
4546 -diff --git a/sound/soc/intel/skylake/skl-topology.c b/sound/soc/intel/skylake/skl-topology.c
4547 -index b5b1934..bef8a45 100644
4548 ---- a/sound/soc/intel/skylake/skl-topology.c
4549 -+++ b/sound/soc/intel/skylake/skl-topology.c
4550 -@@ -448,7 +448,7 @@ static int skl_tplg_set_module_init_data(struct snd_soc_dapm_widget *w)
4551 - if (bc->set_params != SKL_PARAM_INIT)
4552 - continue;
4553 -
4554 -- mconfig->formats_config.caps = (u32 *)&bc->params;
4555 -+ mconfig->formats_config.caps = (u32 *)bc->params;
4556 - mconfig->formats_config.caps_size = bc->size;
4557 -
4558 - break;
4559 -diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
4560 -index a29786d..4d28a9d 100644
4561 ---- a/virt/kvm/eventfd.c
4562 -+++ b/virt/kvm/eventfd.c
4563 -@@ -870,7 +870,8 @@ kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx,
4564 - continue;
4565 -
4566 - kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
4567 -- kvm->buses[bus_idx]->ioeventfd_count--;
4568 -+ if (kvm->buses[bus_idx])
4569 -+ kvm->buses[bus_idx]->ioeventfd_count--;
4570 - ioeventfd_release(p);
4571 - ret = 0;
4572 - break;
4573 -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
4574 -index 7f9ee29..f4c6d4f 100644
4575 ---- a/virt/kvm/kvm_main.c
4576 -+++ b/virt/kvm/kvm_main.c
4577 -@@ -720,8 +720,11 @@ static void kvm_destroy_vm(struct kvm *kvm)
4578 - list_del(&kvm->vm_list);
4579 - spin_unlock(&kvm_lock);
4580 - kvm_free_irq_routing(kvm);
4581 -- for (i = 0; i < KVM_NR_BUSES; i++)
4582 -- kvm_io_bus_destroy(kvm->buses[i]);
4583 -+ for (i = 0; i < KVM_NR_BUSES; i++) {
4584 -+ if (kvm->buses[i])
4585 -+ kvm_io_bus_destroy(kvm->buses[i]);
4586 -+ kvm->buses[i] = NULL;
4587 -+ }
4588 - kvm_coalesced_mmio_free(kvm);
4589 - #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
4590 - mmu_notifier_unregister(&kvm->mmu_notifier, kvm->mm);
4591 -@@ -3463,6 +3466,8 @@ int kvm_io_bus_write(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx, gpa_t addr,
4592 - };
4593 -
4594 - bus = srcu_dereference(vcpu->kvm->buses[bus_idx], &vcpu->kvm->srcu);
4595 -+ if (!bus)
4596 -+ return -ENOMEM;
4597 - r = __kvm_io_bus_write(vcpu, bus, &range, val);
4598 - return r < 0 ? r : 0;
4599 - }
4600 -@@ -3480,6 +3485,8 @@ int kvm_io_bus_write_cookie(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx,
4601 - };
4602 -
4603 - bus = srcu_dereference(vcpu->kvm->buses[bus_idx], &vcpu->kvm->srcu);
4604 -+ if (!bus)
4605 -+ return -ENOMEM;
4606 -
4607 - /* First try the device referenced by cookie. */
4608 - if ((cookie >= 0) && (cookie < bus->dev_count) &&
4609 -@@ -3530,6 +3537,8 @@ int kvm_io_bus_read(struct kvm_vcpu *vcpu, enum kvm_bus bus_idx, gpa_t addr,
4610 - };
4611 -
4612 - bus = srcu_dereference(vcpu->kvm->buses[bus_idx], &vcpu->kvm->srcu);
4613 -+ if (!bus)
4614 -+ return -ENOMEM;
4615 - r = __kvm_io_bus_read(vcpu, bus, &range, val);
4616 - return r < 0 ? r : 0;
4617 - }
4618 -@@ -3542,6 +3551,9 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
4619 - struct kvm_io_bus *new_bus, *bus;
4620 -
4621 - bus = kvm->buses[bus_idx];
4622 -+ if (!bus)
4623 -+ return -ENOMEM;
4624 -+
4625 - /* exclude ioeventfd which is limited by maximum fd */
4626 - if (bus->dev_count - bus->ioeventfd_count > NR_IOBUS_DEVS - 1)
4627 - return -ENOSPC;
4628 -@@ -3561,37 +3573,41 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
4629 - }
4630 -
4631 - /* Caller must hold slots_lock. */
4632 --int kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4633 -- struct kvm_io_device *dev)
4634 -+void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4635 -+ struct kvm_io_device *dev)
4636 - {
4637 -- int i, r;
4638 -+ int i;
4639 - struct kvm_io_bus *new_bus, *bus;
4640 -
4641 - bus = kvm->buses[bus_idx];
4642 -- r = -ENOENT;
4643 -+ if (!bus)
4644 -+ return;
4645 -+
4646 - for (i = 0; i < bus->dev_count; i++)
4647 - if (bus->range[i].dev == dev) {
4648 -- r = 0;
4649 - break;
4650 - }
4651 -
4652 -- if (r)
4653 -- return r;
4654 -+ if (i == bus->dev_count)
4655 -+ return;
4656 -
4657 - new_bus = kmalloc(sizeof(*bus) + ((bus->dev_count - 1) *
4658 - sizeof(struct kvm_io_range)), GFP_KERNEL);
4659 -- if (!new_bus)
4660 -- return -ENOMEM;
4661 -+ if (!new_bus) {
4662 -+ pr_err("kvm: failed to shrink bus, removing it completely\n");
4663 -+ goto broken;
4664 -+ }
4665 -
4666 - memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range));
4667 - new_bus->dev_count--;
4668 - memcpy(new_bus->range + i, bus->range + i + 1,
4669 - (new_bus->dev_count - i) * sizeof(struct kvm_io_range));
4670 -
4671 -+broken:
4672 - rcu_assign_pointer(kvm->buses[bus_idx], new_bus);
4673 - synchronize_srcu_expedited(&kvm->srcu);
4674 - kfree(bus);
4675 -- return r;
4676 -+ return;
4677 - }
4678 -
4679 - struct kvm_io_device *kvm_io_bus_get_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4680 -@@ -3604,6 +3620,8 @@ struct kvm_io_device *kvm_io_bus_get_dev(struct kvm *kvm, enum kvm_bus bus_idx,
4681 - srcu_idx = srcu_read_lock(&kvm->srcu);
4682 -
4683 - bus = srcu_dereference(kvm->buses[bus_idx], &kvm->srcu);
4684 -+ if (!bus)
4685 -+ goto out_unlock;
4686 -
4687 - dev_idx = kvm_io_bus_get_first_dev(bus, addr, 1);
4688 - if (dev_idx < 0)
4689
4690 diff --git a/4.9.21/0000_README b/4.9.22/0000_README
4691 similarity index 93%
4692 rename from 4.9.21/0000_README
4693 rename to 4.9.22/0000_README
4694 index 40c05c0..0713033 100644
4695 --- a/4.9.21/0000_README
4696 +++ b/4.9.22/0000_README
4697 @@ -2,14 +2,10 @@ README
4698 -----------------------------------------------------------------------------
4699 Individual Patch Descriptions:
4700 -----------------------------------------------------------------------------
4701 -Patch: 4420_grsecurity-3.1-4.9.21-201704091948.patch
4702 +Patch: 4420_grsecurity-3.1-4.9.22-201704120836.patch
4703 From: http://www.grsecurity.net
4704 Desc: hardened-sources base patch from upstream grsecurity
4705
4706 -Patch: 1020_linux-4.9.21.patch
4707 -From: http://www.kernel.org
4708 -Desc: Linux 4.9.21
4709 -
4710 Patch: 4425_grsec_remove_EI_PAX.patch
4711 From: Anthony G. Basile <blueness@g.o>
4712 Desc: Remove EI_PAX option and force off
4713
4714 diff --git a/4.9.21/4420_grsecurity-3.1-4.9.21-201704091948.patch b/4.9.22/4420_grsecurity-3.1-4.9.22-201704120836.patch
4715 similarity index 99%
4716 rename from 4.9.21/4420_grsecurity-3.1-4.9.21-201704091948.patch
4717 rename to 4.9.22/4420_grsecurity-3.1-4.9.22-201704120836.patch
4718 index b1e5afd..17d7169 100644
4719 --- a/4.9.21/4420_grsecurity-3.1-4.9.21-201704091948.patch
4720 +++ b/4.9.22/4420_grsecurity-3.1-4.9.22-201704120836.patch
4721 @@ -310,10 +310,10 @@ index 9b9c479..5a635ff 100644
4722 A typical pattern in a Kbuild file looks like this:
4723
4724 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
4725 -index 65b05ba..725a42a 100644
4726 +index a6fadef..fdf6042 100644
4727 --- a/Documentation/kernel-parameters.txt
4728 +++ b/Documentation/kernel-parameters.txt
4729 -@@ -1426,6 +1426,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
4730 +@@ -1436,6 +1436,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
4731 [KNL] Should the hard-lockup detector generate
4732 backtraces on all cpus.
4733 Format: <integer>
4734 @@ -326,7 +326,7 @@ index 65b05ba..725a42a 100644
4735
4736 hashdist= [KNL,NUMA] Large hashes allocated during boot
4737 are distributed across NUMA nodes. Defaults on
4738 -@@ -2655,6 +2661,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
4739 +@@ -2665,6 +2671,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
4740 noexec=on: enable non-executable mappings (default)
4741 noexec=off: disable non-executable mappings
4742
4743 @@ -337,7 +337,7 @@ index 65b05ba..725a42a 100644
4744 nosmap [X86]
4745 Disable SMAP (Supervisor Mode Access Prevention)
4746 even if it is supported by processor.
4747 -@@ -2963,6 +2973,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
4748 +@@ -2973,6 +2983,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
4749 the specified number of seconds. This is to be used if
4750 your oopses keep scrolling off the screen.
4751
4752 @@ -419,7 +419,7 @@ index 3d0ae15..84e5412 100644
4753 cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) $(missing_syscalls_flags)
4754
4755 diff --git a/Makefile b/Makefile
4756 -index 1523557..8b62811 100644
4757 +index 4bf4648..77b4b78 100644
4758 --- a/Makefile
4759 +++ b/Makefile
4760 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
4761 @@ -2556,7 +2556,7 @@ index 5af0ed1..cea83883 100644
4762 #define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */
4763
4764 diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c
4765 -index 7e45f69..2c047db 100644
4766 +index 8e8d20c..fd4b52d 100644
4767 --- a/arch/arm/kernel/armksyms.c
4768 +++ b/arch/arm/kernel/armksyms.c
4769 @@ -59,7 +59,7 @@ EXPORT_SYMBOL(arm_delay_ops);
4770 @@ -6230,7 +6230,7 @@ index 5c3f688..f8cc1b3 100644
4771 # platform specific definitions
4772 include arch/mips/Kbuild.platforms
4773 diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
4774 -index b3c5bde..d6b5104 100644
4775 +index 9a6e11b6..cda6b13 100644
4776 --- a/arch/mips/Kconfig
4777 +++ b/arch/mips/Kconfig
4778 @@ -49,6 +49,7 @@ config MIPS
4779 @@ -7447,7 +7447,7 @@ index 4472a7f..c5905e6 100644
4780 }
4781 /* Arrange for an interrupt in a short while */
4782 diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
4783 -index 3905003..7c0cc88 100644
4784 +index ec87ef9..dac8bcd 100644
4785 --- a/arch/mips/kernel/traps.c
4786 +++ b/arch/mips/kernel/traps.c
4787 @@ -702,7 +702,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
4788 @@ -10213,7 +10213,7 @@ index c4a93d6..4d2a9b4 100644
4789
4790 #endif /* __ASM_EXEC_H */
4791 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
4792 -index 52d7c87..577d292 100644
4793 +index a7ef702..8c25ce4 100644
4794 --- a/arch/s390/include/asm/uaccess.h
4795 +++ b/arch/s390/include/asm/uaccess.h
4796 @@ -59,6 +59,7 @@ static inline int __range_ok(unsigned long addr, unsigned long size)
4797 @@ -34097,7 +34097,7 @@ index 5b2cc88..bdbf72f 100644
4798
4799 return ret;
4800 diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
4801 -index e244c19..2cf3a26 100644
4802 +index 067f981..5486a61 100644
4803 --- a/arch/x86/kernel/reboot.c
4804 +++ b/arch/x86/kernel/reboot.c
4805 @@ -83,6 +83,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d)
4806 @@ -34152,7 +34152,7 @@ index e244c19..2cf3a26 100644
4807
4808 /* Acer */
4809 { /* Handle reboot issue on Acer Aspire one */
4810 -@@ -540,7 +567,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
4811 +@@ -556,7 +583,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
4812 * This means that this function can never return, it can misbehave
4813 * by not rebooting properly and hanging.
4814 */
4815 @@ -34161,7 +34161,7 @@ index e244c19..2cf3a26 100644
4816 {
4817 int i;
4818 int attempt = 0;
4819 -@@ -669,13 +696,13 @@ void native_machine_shutdown(void)
4820 +@@ -685,13 +712,13 @@ void native_machine_shutdown(void)
4821 #endif
4822 }
4823
4824 @@ -34177,7 +34177,7 @@ index e244c19..2cf3a26 100644
4825 {
4826 pr_notice("machine restart\n");
4827
4828 -@@ -684,7 +711,7 @@ static void native_machine_restart(char *__unused)
4829 +@@ -700,7 +727,7 @@ static void native_machine_restart(char *__unused)
4830 __machine_emergency_restart(0);
4831 }
4832
4833 @@ -34186,7 +34186,7 @@ index e244c19..2cf3a26 100644
4834 {
4835 /* Stop other cpus and apics */
4836 machine_shutdown();
4837 -@@ -694,7 +721,7 @@ static void native_machine_halt(void)
4838 +@@ -710,7 +737,7 @@ static void native_machine_halt(void)
4839 stop_this_cpu(NULL);
4840 }
4841
4842 @@ -34195,7 +34195,7 @@ index e244c19..2cf3a26 100644
4843 {
4844 if (pm_power_off) {
4845 if (!reboot_force)
4846 -@@ -703,6 +730,7 @@ static void native_machine_power_off(void)
4847 +@@ -719,6 +746,7 @@ static void native_machine_power_off(void)
4848 }
4849 /* A fallback in case there is no PM info available */
4850 tboot_shutdown(TB_SHUTDOWN_HALT);
4851 @@ -46176,7 +46176,7 @@ index 56190d0..406f04c 100644
4852 };
4853 #endif
4854 diff --git a/drivers/acpi/button.c b/drivers/acpi/button.c
4855 -index e19f530..cc2d296 100644
4856 +index 6d5a8c1..c763e4a 100644
4857 --- a/drivers/acpi/button.c
4858 +++ b/drivers/acpi/button.c
4859 @@ -556,7 +556,7 @@ static int acpi_button_remove(struct acpi_device *device)
4860 @@ -46334,10 +46334,10 @@ index 7cfbda4..74f738c 100644
4861 set_no_mwait, "Extensa 5220", {
4862 DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies LTD"),
4863 diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
4864 -index 54abb26..6f7015f 100644
4865 +index a4327af..d0ebae1 100644
4866 --- a/drivers/acpi/sleep.c
4867 +++ b/drivers/acpi/sleep.c
4868 -@@ -154,7 +154,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
4869 +@@ -160,7 +160,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
4870 return 0;
4871 }
4872
4873 @@ -46347,7 +46347,7 @@ index 54abb26..6f7015f 100644
4874 .callback = init_old_suspend_ordering,
4875 .ident = "Abit KN9 (nForce4 variant)",
4876 diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
4877 -index 703c26e..47be990 100644
4878 +index cf05ae9..8a581b4 100644
4879 --- a/drivers/acpi/sysfs.c
4880 +++ b/drivers/acpi/sysfs.c
4881 @@ -227,7 +227,7 @@ module_param_cb(trace_method_name, &param_ops_trace_method, &trace_method_name,
4882 @@ -46391,7 +46391,7 @@ index 703c26e..47be990 100644
4883
4884 static void delete_gpe_attr_array(void)
4885 {
4886 -@@ -797,13 +797,13 @@ static void __exit interrupt_stats_exit(void)
4887 +@@ -853,13 +853,13 @@ static void __exit interrupt_stats_exit(void)
4888 }
4889
4890 static ssize_t
4891 @@ -49305,7 +49305,7 @@ index d28922d..3c343d6 100644
4892
4893 if (cmd != SIOCWANDEV)
4894 diff --git a/drivers/char/random.c b/drivers/char/random.c
4895 -index d6876d5..a326099 100644
4896 +index 08d1dd5..0b23b06 100644
4897 --- a/drivers/char/random.c
4898 +++ b/drivers/char/random.c
4899 @@ -292,9 +292,6 @@
4900 @@ -53169,10 +53169,10 @@ index 0e8c4d9..f9d98b7 100644
4901 {
4902 struct mtk_hdmi *hdmi = hdmi_ctx_from_conn(conn);
4903 diff --git a/drivers/gpu/drm/mga/mga_drv.c b/drivers/gpu/drm/mga/mga_drv.c
4904 -index 25b2a1a..58ae09b 100644
4905 +index 63ba0699..35e349f 100644
4906 --- a/drivers/gpu/drm/mga/mga_drv.c
4907 +++ b/drivers/gpu/drm/mga/mga_drv.c
4908 -@@ -92,7 +92,10 @@ static struct pci_driver mga_pci_driver = {
4909 +@@ -89,7 +89,10 @@ static struct pci_driver mga_pci_driver = {
4910
4911 static int __init mga_init(void)
4912 {
4913 @@ -55267,10 +55267,10 @@ index 5f962bf..b095fc5 100644
4914 /* copy over all the bus versions */
4915 if (dev->bus && dev->bus->pm) {
4916 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
4917 -index 2b89c70..cc99025 100644
4918 +index a5dd7e6..de73abd 100644
4919 --- a/drivers/hid/hid-core.c
4920 +++ b/drivers/hid/hid-core.c
4921 -@@ -2645,7 +2645,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
4922 +@@ -2643,7 +2643,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
4923
4924 int hid_add_device(struct hid_device *hdev)
4925 {
4926 @@ -55279,7 +55279,7 @@ index 2b89c70..cc99025 100644
4927 int ret;
4928
4929 if (WARN_ON(hdev->status & HID_STAT_ADDED))
4930 -@@ -2689,7 +2689,7 @@ int hid_add_device(struct hid_device *hdev)
4931 +@@ -2687,7 +2687,7 @@ int hid_add_device(struct hid_device *hdev)
4932 /* XXX hack, any other cleaner solution after the driver core
4933 * is converted to allow more than 20 bytes as the device name? */
4934 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
4935 @@ -55929,10 +55929,10 @@ index d127ace..6ee866f 100644
4936 int i, j = 1;
4937
4938 diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
4939 -index 4466a2f..6771887 100644
4940 +index 5ded9b2..8410378 100644
4941 --- a/drivers/idle/intel_idle.c
4942 +++ b/drivers/idle/intel_idle.c
4943 -@@ -1208,36 +1208,46 @@ static void bxt_idle_state_table_update(void)
4944 +@@ -1257,36 +1257,46 @@ static void bxt_idle_state_table_update(void)
4945 rdmsrl(MSR_PKGC6_IRTL, msr);
4946 usec = irtl_2_usec(msr);
4947 if (usec) {
4948 @@ -55989,7 +55989,7 @@ index 4466a2f..6771887 100644
4949 }
4950
4951 }
4952 -@@ -1280,8 +1290,10 @@ static void sklh_idle_state_table_update(void)
4953 +@@ -1329,8 +1339,10 @@ static void sklh_idle_state_table_update(void)
4954 return;
4955 }
4956
4957 @@ -61799,7 +61799,7 @@ index e477af8..a5b1fce 100644
4958 DMEMIT("%u ", test_bit(MPATHF_QUEUE_IF_NO_PATH, &m->flags) +
4959 (m->pg_init_retries > 0) * 2 +
4960 diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
4961 -index 15daa36..d19c604 100644
4962 +index ee75e35..7e87ea2 100644
4963 --- a/drivers/md/dm-raid.c
4964 +++ b/drivers/md/dm-raid.c
4965 @@ -3196,7 +3196,7 @@ static void raid_status(struct dm_target *ti, status_type_t type,
4966 @@ -68503,10 +68503,10 @@ index e2509bb..8357fef 100644
4967 if (ring->free_tx_desc == mlx4_en_recycle_tx_desc)
4968 return done < budget;
4969 diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
4970 -index 75d07fa..d766d8e 100644
4971 +index b2ca8a6..4f1c28e 100644
4972 --- a/drivers/net/ethernet/mellanox/mlx4/main.c
4973 +++ b/drivers/net/ethernet/mellanox/mlx4/main.c
4974 -@@ -4069,7 +4069,7 @@ static const struct pci_device_id mlx4_pci_table[] = {
4975 +@@ -4071,7 +4071,7 @@ static const struct pci_device_id mlx4_pci_table[] = {
4976 MODULE_DEVICE_TABLE(pci, mlx4_pci_table);
4977
4978 static pci_ers_result_t mlx4_pci_err_detected(struct pci_dev *pdev,
4979 @@ -75679,10 +75679,10 @@ index a66be13..124be13 100644
4980 /*
4981 * Early Macbook Pros with switchable graphics use nvidia
4982 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
4983 -index ce6ca31..3e69fbe 100644
4984 +index 8499d3a..5e2f9e4 100644
4985 --- a/drivers/platform/x86/asus-wmi.c
4986 +++ b/drivers/platform/x86/asus-wmi.c
4987 -@@ -1872,6 +1872,10 @@ static int show_dsts(struct seq_file *m, void *data)
4988 +@@ -1900,6 +1900,10 @@ static int show_dsts(struct seq_file *m, void *data)
4989 int err;
4990 u32 retval = -1;
4991
4992 @@ -75693,7 +75693,7 @@ index ce6ca31..3e69fbe 100644
4993 err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
4994
4995 if (err < 0)
4996 -@@ -1888,6 +1892,10 @@ static int show_devs(struct seq_file *m, void *data)
4997 +@@ -1916,6 +1920,10 @@ static int show_devs(struct seq_file *m, void *data)
4998 int err;
4999 u32 retval = -1;
5000
5001 @@ -75704,7 +75704,7 @@ index ce6ca31..3e69fbe 100644
5002 err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
5003 &retval);
5004
5005 -@@ -1912,6 +1920,10 @@ static int show_call(struct seq_file *m, void *data)
5006 +@@ -1940,6 +1948,10 @@ static int show_call(struct seq_file *m, void *data)
5007 union acpi_object *obj;
5008 acpi_status status;
5009
5010 @@ -105880,10 +105880,10 @@ index 5d456eb..6b33055 100644
5011 }
5012
5013 diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
5014 -index 8745722..407a2a7 100644
5015 +index bdd3292..eed47d8 100644
5016 --- a/fs/cifs/smb2pdu.c
5017 +++ b/fs/cifs/smb2pdu.c
5018 -@@ -2613,8 +2613,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
5019 +@@ -2617,8 +2617,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
5020 default:
5021 cifs_dbg(VFS, "info level %u isn't supported\n",
5022 srch_inf->info_level);
5023 @@ -120913,10 +120913,10 @@ index d3ed817..d6038021 100644
5024 }
5025 putname(tmp);
5026 diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c
5027 -index 67c2435..a1f43ba 100644
5028 +index cd261c8..7a1c069 100644
5029 --- a/fs/orangefs/super.c
5030 +++ b/fs/orangefs/super.c
5031 -@@ -573,10 +573,12 @@ void orangefs_kill_sb(struct super_block *sb)
5032 +@@ -578,10 +578,12 @@ void orangefs_kill_sb(struct super_block *sb)
5033
5034 int orangefs_inode_cache_initialize(void)
5035 {
5036 @@ -136875,7 +136875,7 @@ index 10e449c..f2a0d40 100644
5037 /**
5038 * drm_connector_helper_add - sets the helper vtable for a connector
5039 diff --git a/include/drm/i915_pciids.h b/include/drm/i915_pciids.h
5040 -index 0d5f426..ac3b055 100644
5041 +index 61766a4..2f88e2b 100644
5042 --- a/include/drm/i915_pciids.h
5043 +++ b/include/drm/i915_pciids.h
5044 @@ -37,7 +37,7 @@
5045 @@ -142589,10 +142589,10 @@ index 55107a8..eb06178 100644
5046 extern bool qid_valid(struct kqid qid);
5047
5048 diff --git a/include/linux/random.h b/include/linux/random.h
5049 -index 7bd2403..211378b 100644
5050 +index 16ab429..147be00 100644
5051 --- a/include/linux/random.h
5052 +++ b/include/linux/random.h
5053 -@@ -63,6 +63,11 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
5054 +@@ -62,6 +62,11 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
5055 #define prandom_init_once(pcpu_state) \
5056 DO_ONCE(prandom_seed_full_state, (pcpu_state))
5057
5058 @@ -142604,7 +142604,7 @@ index 7bd2403..211378b 100644
5059 /**
5060 * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
5061 * @ep_ro: right open interval endpoint
5062 -@@ -75,7 +80,7 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
5063 +@@ -74,7 +79,7 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
5064 *
5065 * Returns: pseudo-random number in interval [0, ep_ro)
5066 */
5067 @@ -147446,7 +147446,7 @@ index b32ad7d..05f6420 100644
5068 next_state = Reset;
5069 return 0;
5070 diff --git a/init/main.c b/init/main.c
5071 -index 2858be7..75fba2e 100644
5072 +index ae3996a..5a222fc 100644
5073 --- a/init/main.c
5074 +++ b/init/main.c
5075 @@ -11,6 +11,10 @@
5076 @@ -147548,7 +147548,7 @@ index 2858be7..75fba2e 100644
5077
5078 add_latent_entropy();
5079 return ret;
5080 -@@ -894,8 +940,8 @@ static int run_init_process(const char *init_filename)
5081 +@@ -893,8 +939,8 @@ static int run_init_process(const char *init_filename)
5082 {
5083 argv_init[0] = init_filename;
5084 return do_execve(getname_kernel(init_filename),
5085 @@ -147559,7 +147559,7 @@ index 2858be7..75fba2e 100644
5086 }
5087
5088 static int try_to_run_init_process(const char *init_filename)
5089 -@@ -912,6 +958,10 @@ static int try_to_run_init_process(const char *init_filename)
5090 +@@ -911,6 +957,10 @@ static int try_to_run_init_process(const char *init_filename)
5091 return ret;
5092 }
5093
5094 @@ -147570,7 +147570,7 @@ index 2858be7..75fba2e 100644
5095 static noinline void __init kernel_init_freeable(void);
5096
5097 #ifdef CONFIG_DEBUG_RODATA
5098 -@@ -960,6 +1010,11 @@ static int __ref kernel_init(void *unused)
5099 +@@ -959,6 +1009,11 @@ static int __ref kernel_init(void *unused)
5100 ramdisk_execute_command, ret);
5101 }
5102
5103 @@ -147582,7 +147582,7 @@ index 2858be7..75fba2e 100644
5104 /*
5105 * We try each of these until one succeeds.
5106 *
5107 -@@ -1017,7 +1072,7 @@ static noinline void __init kernel_init_freeable(void)
5108 +@@ -1016,7 +1071,7 @@ static noinline void __init kernel_init_freeable(void)
5109 do_basic_setup();
5110
5111 /* Open the /dev/console on the rootfs, this should never fail */
5112 @@ -147591,7 +147591,7 @@ index 2858be7..75fba2e 100644
5113 pr_err("Warning: unable to open an initial console.\n");
5114
5115 (void) sys_dup(0);
5116 -@@ -1030,11 +1085,13 @@ static noinline void __init kernel_init_freeable(void)
5117 +@@ -1029,11 +1084,13 @@ static noinline void __init kernel_init_freeable(void)
5118 if (!ramdisk_execute_command)
5119 ramdisk_execute_command = "/init";
5120
5121 @@ -151902,10 +151902,10 @@ index 2dbccf2..f98676c 100644
5122 }
5123
5124 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
5125 -index 49ba7c1..4936c74 100644
5126 +index a5caece..a072a59 100644
5127 --- a/kernel/ptrace.c
5128 +++ b/kernel/ptrace.c
5129 -@@ -244,7 +244,35 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
5130 +@@ -250,7 +250,35 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
5131 return ret;
5132 }
5133
5134 @@ -151942,7 +151942,7 @@ index 49ba7c1..4936c74 100644
5135 {
5136 if (mode & PTRACE_MODE_NOAUDIT)
5137 return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
5138 -@@ -259,6 +287,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
5139 +@@ -265,6 +293,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
5140 struct mm_struct *mm;
5141 kuid_t caller_uid;
5142 kgid_t caller_gid;
5143 @@ -151950,7 +151950,7 @@ index 49ba7c1..4936c74 100644
5144
5145 if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
5146 WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
5147 -@@ -301,16 +330,27 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
5148 +@@ -307,16 +336,27 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
5149 gid_eq(caller_gid, tcred->sgid) &&
5150 gid_eq(caller_gid, tcred->gid))
5151 goto ok;
5152 @@ -151981,7 +151981,7 @@ index 49ba7c1..4936c74 100644
5153 return -EPERM;
5154
5155 return security_ptrace_access_check(task, mode);
5156 -@@ -571,7 +611,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
5157 +@@ -577,7 +617,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
5158 break;
5159 return -EIO;
5160 }
5161 @@ -151990,7 +151990,7 @@ index 49ba7c1..4936c74 100644
5162 return -EFAULT;
5163 copied += retval;
5164 src += retval;
5165 -@@ -873,7 +913,7 @@ int ptrace_request(struct task_struct *child, long request,
5166 +@@ -879,7 +919,7 @@ int ptrace_request(struct task_struct *child, long request,
5167 bool seized = child->ptrace & PT_SEIZED;
5168 int ret = -EIO;
5169 siginfo_t siginfo, *si;
5170 @@ -151999,7 +151999,7 @@ index 49ba7c1..4936c74 100644
5171 unsigned long __user *datalp = datavp;
5172 unsigned long flags;
5173
5174 -@@ -1124,14 +1164,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
5175 +@@ -1130,14 +1170,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
5176 goto out;
5177 }
5178
5179 @@ -152022,7 +152022,7 @@ index 49ba7c1..4936c74 100644
5180 goto out_put_task_struct;
5181 }
5182
5183 -@@ -1159,7 +1206,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
5184 +@@ -1165,7 +1212,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
5185 copied = ptrace_access_vm(tsk, addr, &tmp, sizeof(tmp), FOLL_FORCE);
5186 if (copied != sizeof(tmp))
5187 return -EIO;
5188 @@ -152031,7 +152031,7 @@ index 49ba7c1..4936c74 100644
5189 }
5190
5191 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
5192 -@@ -1255,7 +1302,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
5193 +@@ -1261,7 +1308,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
5194 }
5195
5196 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
5197 @@ -152040,7 +152040,7 @@ index 49ba7c1..4936c74 100644
5198 {
5199 struct task_struct *child;
5200 long ret;
5201 -@@ -1271,14 +1318,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
5202 +@@ -1277,14 +1324,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
5203 goto out;
5204 }
5205
5206 @@ -154574,7 +154574,7 @@ index da87b3c..2f63cc9 100644
5207 /* make curr_ret_stack visible before we add the ret_stack */
5208 smp_wmb();
5209 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
5210 -index 9c14373..5ddd763 100644
5211 +index f30847a..9e62b08 100644
5212 --- a/kernel/trace/ring_buffer.c
5213 +++ b/kernel/trace/ring_buffer.c
5214 @@ -296,9 +296,9 @@ struct buffer_data_page {
5215 @@ -158157,7 +158157,7 @@ index cbb1e5e..e8b4bc4 100644
5216 +}
5217 +EXPORT_SYMBOL(__access_ok);
5218 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
5219 -index f757047..47a173d 100644
5220 +index 23471526..5cb985f 100644
5221 --- a/mm/mempolicy.c
5222 +++ b/mm/mempolicy.c
5223 @@ -732,6 +732,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
5224 @@ -160004,7 +160004,7 @@ index 439cc63..d342d3b 100644
5225 struct bdi_writeback *wb = dtc->wb;
5226 unsigned long write_bw = wb->avg_write_bandwidth;
5227 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
5228 -index 1460e6a..154adc1f 100644
5229 +index e5b159b..90fc606 100644
5230 --- a/mm/page_alloc.c
5231 +++ b/mm/page_alloc.c
5232 @@ -64,6 +64,7 @@
5233 @@ -168490,7 +168490,7 @@ index 34c2add..322c6a3 100644
5234 /* number of interfaces with corresponding FIF_ flags */
5235 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
5236 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
5237 -index 638ec07..706e042 100644
5238 +index 8d7747e..d12b9be 100644
5239 --- a/net/mac80211/iface.c
5240 +++ b/net/mac80211/iface.c
5241 @@ -560,7 +560,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
5242 @@ -168520,7 +168520,7 @@ index 638ec07..706e042 100644
5243
5244 if (hw_reconf_flags)
5245 ieee80211_hw_config(local, hw_reconf_flags);
5246 -@@ -756,7 +756,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
5247 +@@ -757,7 +757,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
5248 err_del_interface:
5249 drv_remove_interface(local, sdata);
5250 err_stop:
5251 @@ -168529,7 +168529,7 @@ index 638ec07..706e042 100644
5252 drv_stop(local);
5253 err_del_bss:
5254 sdata->bss = NULL;
5255 -@@ -925,7 +925,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5256 +@@ -926,7 +926,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5257 }
5258
5259 if (going_down)
5260 @@ -168538,7 +168538,7 @@ index 638ec07..706e042 100644
5261
5262 switch (sdata->vif.type) {
5263 case NL80211_IFTYPE_AP_VLAN:
5264 -@@ -1007,7 +1007,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5265 +@@ -1008,7 +1008,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5266 spin_unlock_bh(&fq->lock);
5267 }
5268
5269 @@ -168547,7 +168547,7 @@ index 638ec07..706e042 100644
5270 ieee80211_clear_tx_pending(local);
5271
5272 /*
5273 -@@ -1050,7 +1050,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5274 +@@ -1051,7 +1051,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5275 if (cancel_scan)
5276 flush_delayed_work(&local->scan_work);
5277
5278 @@ -168556,7 +168556,7 @@ index 638ec07..706e042 100644
5279 ieee80211_stop_device(local);
5280
5281 /* no reconfiguring after stop! */
5282 -@@ -1061,7 +1061,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5283 +@@ -1062,7 +1062,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
5284 ieee80211_configure_filter(local);
5285 ieee80211_hw_config(local, hw_reconf_flags);
5286
5287 @@ -168565,7 +168565,7 @@ index 638ec07..706e042 100644
5288 ieee80211_add_virtual_monitor(local);
5289 }
5290
5291 -@@ -1948,8 +1948,8 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
5292 +@@ -1949,8 +1949,8 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
5293 */
5294 cfg80211_shutdown_all_interfaces(local->hw.wiphy);
5295
5296 @@ -171088,7 +171088,7 @@ index 9d88c62..53396b6 100644
5297 #define gssx_dec_release_handle NULL
5298 #define gssx_enc_get_mic NULL
5299 diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
5300 -index 6fdffde..41a4b00 100644
5301 +index 1530825..1e2fe0d50 100644
5302 --- a/net/sunrpc/auth_gss/svcauth_gss.c
5303 +++ b/net/sunrpc/auth_gss/svcauth_gss.c
5304 @@ -1149,7 +1149,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
5305 @@ -171340,7 +171340,7 @@ index 2ecb994..5afb49f 100644
5306 return -ENOMEM;
5307
5308 diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
5309 -index 7c8070e..a3dd59d 100644
5310 +index 75f290b..6ca88e9 100644
5311 --- a/net/sunrpc/svc.c
5312 +++ b/net/sunrpc/svc.c
5313 @@ -50,7 +50,7 @@ EXPORT_SYMBOL_GPL(svc_pool_map);
5314 @@ -171361,7 +171361,7 @@ index 7c8070e..a3dd59d 100644
5315 {
5316 int *ip = (int *)kp->arg;
5317
5318 -@@ -1183,7 +1183,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
5319 +@@ -1182,7 +1182,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
5320 svc_putnl(resv, RPC_SUCCESS);
5321
5322 /* Bump per-procedure stats counter */
5323
5324 diff --git a/4.9.21/4425_grsec_remove_EI_PAX.patch b/4.9.22/4425_grsec_remove_EI_PAX.patch
5325 similarity index 100%
5326 rename from 4.9.21/4425_grsec_remove_EI_PAX.patch
5327 rename to 4.9.22/4425_grsec_remove_EI_PAX.patch
5328
5329 diff --git a/4.9.21/4426_default_XATTR_PAX_FLAGS.patch b/4.9.22/4426_default_XATTR_PAX_FLAGS.patch
5330 similarity index 100%
5331 rename from 4.9.21/4426_default_XATTR_PAX_FLAGS.patch
5332 rename to 4.9.22/4426_default_XATTR_PAX_FLAGS.patch
5333
5334 diff --git a/4.9.21/4427_force_XATTR_PAX_tmpfs.patch b/4.9.22/4427_force_XATTR_PAX_tmpfs.patch
5335 similarity index 100%
5336 rename from 4.9.21/4427_force_XATTR_PAX_tmpfs.patch
5337 rename to 4.9.22/4427_force_XATTR_PAX_tmpfs.patch
5338
5339 diff --git a/4.9.21/4430_grsec-remove-localversion-grsec.patch b/4.9.22/4430_grsec-remove-localversion-grsec.patch
5340 similarity index 100%
5341 rename from 4.9.21/4430_grsec-remove-localversion-grsec.patch
5342 rename to 4.9.22/4430_grsec-remove-localversion-grsec.patch
5343
5344 diff --git a/4.9.21/4435_grsec-mute-warnings.patch b/4.9.22/4435_grsec-mute-warnings.patch
5345 similarity index 100%
5346 rename from 4.9.21/4435_grsec-mute-warnings.patch
5347 rename to 4.9.22/4435_grsec-mute-warnings.patch
5348
5349 diff --git a/4.9.21/4440_grsec-remove-protected-paths.patch b/4.9.22/4440_grsec-remove-protected-paths.patch
5350 similarity index 100%
5351 rename from 4.9.21/4440_grsec-remove-protected-paths.patch
5352 rename to 4.9.22/4440_grsec-remove-protected-paths.patch
5353
5354 diff --git a/4.9.21/4450_grsec-kconfig-default-gids.patch b/4.9.22/4450_grsec-kconfig-default-gids.patch
5355 similarity index 100%
5356 rename from 4.9.21/4450_grsec-kconfig-default-gids.patch
5357 rename to 4.9.22/4450_grsec-kconfig-default-gids.patch
5358
5359 diff --git a/4.9.21/4465_selinux-avc_audit-log-curr_ip.patch b/4.9.22/4465_selinux-avc_audit-log-curr_ip.patch
5360 similarity index 100%
5361 rename from 4.9.21/4465_selinux-avc_audit-log-curr_ip.patch
5362 rename to 4.9.22/4465_selinux-avc_audit-log-curr_ip.patch
5363
5364 diff --git a/4.9.21/4470_disable-compat_vdso.patch b/4.9.22/4470_disable-compat_vdso.patch
5365 similarity index 100%
5366 rename from 4.9.21/4470_disable-compat_vdso.patch
5367 rename to 4.9.22/4470_disable-compat_vdso.patch
5368
5369 diff --git a/4.9.21/4475_emutramp_default_on.patch b/4.9.22/4475_emutramp_default_on.patch
5370 similarity index 100%
5371 rename from 4.9.21/4475_emutramp_default_on.patch
5372 rename to 4.9.22/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups