Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.7.5/, 4.7.4/
Date: Wed, 28 Sep 2016 08:51:47
Message-Id: 1475052665.e4d3fa8f47469ab0c22a1ce0f78725f0d482c550.blueness@gentoo
1 commit: e4d3fa8f47469ab0c22a1ce0f78725f0d482c550
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Sep 28 08:51:05 2016 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Sep 28 08:51:05 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=e4d3fa8f
7
8 grsecurity-3.1-4.7.5-201609261522
9
10 4.7.4/1000_linux-4.7.1.patch | 1141 ---
11 4.7.4/1001_linux-4.7.2.patch | 7668 --------------------
12 4.7.4/1002_linux-4.7.3.patch | 4418 -----------
13 4.7.4/1003_linux-4.7.4.patch | 2424 -------
14 {4.7.4 => 4.7.5}/0000_README | 18 +-
15 .../4420_grsecurity-3.1-4.7.5-201609261522.patch | 1100 ++-
16 {4.7.4 => 4.7.5}/4425_grsec_remove_EI_PAX.patch | 0
17 {4.7.4 => 4.7.5}/4427_force_XATTR_PAX_tmpfs.patch | 0
18 .../4430_grsec-remove-localversion-grsec.patch | 0
19 {4.7.4 => 4.7.5}/4435_grsec-mute-warnings.patch | 0
20 .../4440_grsec-remove-protected-paths.patch | 0
21 .../4450_grsec-kconfig-default-gids.patch | 0
22 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
23 {4.7.4 => 4.7.5}/4470_disable-compat_vdso.patch | 0
24 {4.7.4 => 4.7.5}/4475_emutramp_default_on.patch | 0
25 15 files changed, 731 insertions(+), 16038 deletions(-)
26
27 diff --git a/4.7.4/1000_linux-4.7.1.patch b/4.7.4/1000_linux-4.7.1.patch
28 deleted file mode 100644
29 index 79c652a..0000000
30 --- a/4.7.4/1000_linux-4.7.1.patch
31 +++ /dev/null
32 @@ -1,1141 +0,0 @@
33 -diff --git a/Documentation/cpu-freq/pcc-cpufreq.txt b/Documentation/cpu-freq/pcc-cpufreq.txt
34 -index 0a94224..9e3c3b3 100644
35 ---- a/Documentation/cpu-freq/pcc-cpufreq.txt
36 -+++ b/Documentation/cpu-freq/pcc-cpufreq.txt
37 -@@ -159,8 +159,8 @@ to be strictly associated with a P-state.
38 -
39 - 2.2 cpuinfo_transition_latency:
40 - -------------------------------
41 --The cpuinfo_transition_latency field is CPUFREQ_ETERNAL. The PCC specification
42 --does not include a field to expose this value currently.
43 -+The cpuinfo_transition_latency field is 0. The PCC specification does
44 -+not include a field to expose this value currently.
45 -
46 - 2.3 cpuinfo_cur_freq:
47 - ---------------------
48 -diff --git a/Makefile b/Makefile
49 -index 66da9a3..84335c0 100644
50 ---- a/Makefile
51 -+++ b/Makefile
52 -@@ -1,6 +1,6 @@
53 - VERSION = 4
54 - PATCHLEVEL = 7
55 --SUBLEVEL = 0
56 -+SUBLEVEL = 1
57 - EXTRAVERSION =
58 - NAME = Psychotic Stoned Sheep
59 -
60 -diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c
61 -index 087acb5..5f221ac 100644
62 ---- a/arch/arm/kernel/sys_oabi-compat.c
63 -+++ b/arch/arm/kernel/sys_oabi-compat.c
64 -@@ -279,8 +279,12 @@ asmlinkage long sys_oabi_epoll_wait(int epfd,
65 - mm_segment_t fs;
66 - long ret, err, i;
67 -
68 -- if (maxevents <= 0 || maxevents > (INT_MAX/sizeof(struct epoll_event)))
69 -+ if (maxevents <= 0 ||
70 -+ maxevents > (INT_MAX/sizeof(*kbuf)) ||
71 -+ maxevents > (INT_MAX/sizeof(*events)))
72 - return -EINVAL;
73 -+ if (!access_ok(VERIFY_WRITE, events, sizeof(*events) * maxevents))
74 -+ return -EFAULT;
75 - kbuf = kmalloc(sizeof(*kbuf) * maxevents, GFP_KERNEL);
76 - if (!kbuf)
77 - return -ENOMEM;
78 -@@ -317,6 +321,8 @@ asmlinkage long sys_oabi_semtimedop(int semid,
79 -
80 - if (nsops < 1 || nsops > SEMOPM)
81 - return -EINVAL;
82 -+ if (!access_ok(VERIFY_READ, tsops, sizeof(*tsops) * nsops))
83 -+ return -EFAULT;
84 - sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL);
85 - if (!sops)
86 - return -ENOMEM;
87 -diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
88 -index 9c0b387..51d3988 100644
89 ---- a/arch/mips/kernel/scall64-n32.S
90 -+++ b/arch/mips/kernel/scall64-n32.S
91 -@@ -348,7 +348,7 @@ EXPORT(sysn32_call_table)
92 - PTR sys_ni_syscall /* available, was setaltroot */
93 - PTR sys_add_key
94 - PTR sys_request_key
95 -- PTR sys_keyctl /* 6245 */
96 -+ PTR compat_sys_keyctl /* 6245 */
97 - PTR sys_set_thread_area
98 - PTR sys_inotify_init
99 - PTR sys_inotify_add_watch
100 -diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
101 -index f4f28b1..6efa713 100644
102 ---- a/arch/mips/kernel/scall64-o32.S
103 -+++ b/arch/mips/kernel/scall64-o32.S
104 -@@ -504,7 +504,7 @@ EXPORT(sys32_call_table)
105 - PTR sys_ni_syscall /* available, was setaltroot */
106 - PTR sys_add_key /* 4280 */
107 - PTR sys_request_key
108 -- PTR sys_keyctl
109 -+ PTR compat_sys_keyctl
110 - PTR sys_set_thread_area
111 - PTR sys_inotify_init
112 - PTR sys_inotify_add_watch /* 4285 */
113 -diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
114 -index 4cddd17..f848572 100644
115 ---- a/arch/x86/entry/syscalls/syscall_32.tbl
116 -+++ b/arch/x86/entry/syscalls/syscall_32.tbl
117 -@@ -294,7 +294,7 @@
118 - # 285 sys_setaltroot
119 - 286 i386 add_key sys_add_key
120 - 287 i386 request_key sys_request_key
121 --288 i386 keyctl sys_keyctl
122 -+288 i386 keyctl sys_keyctl compat_sys_keyctl
123 - 289 i386 ioprio_set sys_ioprio_set
124 - 290 i386 ioprio_get sys_ioprio_get
125 - 291 i386 inotify_init sys_inotify_init
126 -diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
127 -index 9d3a96c..01c2d14 100644
128 ---- a/arch/x86/include/asm/microcode.h
129 -+++ b/arch/x86/include/asm/microcode.h
130 -@@ -133,13 +133,11 @@ static inline unsigned int x86_cpuid_family(void)
131 - #ifdef CONFIG_MICROCODE
132 - extern void __init load_ucode_bsp(void);
133 - extern void load_ucode_ap(void);
134 --extern int __init save_microcode_in_initrd(void);
135 - void reload_early_microcode(void);
136 - extern bool get_builtin_firmware(struct cpio_data *cd, const char *name);
137 - #else
138 - static inline void __init load_ucode_bsp(void) { }
139 - static inline void load_ucode_ap(void) { }
140 --static inline int __init save_microcode_in_initrd(void) { return 0; }
141 - static inline void reload_early_microcode(void) { }
142 - static inline bool
143 - get_builtin_firmware(struct cpio_data *cd, const char *name) { return false; }
144 -diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
145 -index ac360bf..12823b6 100644
146 ---- a/arch/x86/kernel/cpu/microcode/core.c
147 -+++ b/arch/x86/kernel/cpu/microcode/core.c
148 -@@ -175,7 +175,7 @@ void load_ucode_ap(void)
149 - }
150 - }
151 -
152 --int __init save_microcode_in_initrd(void)
153 -+static int __init save_microcode_in_initrd(void)
154 - {
155 - struct cpuinfo_x86 *c = &boot_cpu_data;
156 -
157 -@@ -691,4 +691,5 @@ int __init microcode_init(void)
158 - return error;
159 -
160 - }
161 -+fs_initcall(save_microcode_in_initrd);
162 - late_initcall(microcode_init);
163 -diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
164 -index 372aad2..dffd162 100644
165 ---- a/arch/x86/mm/init.c
166 -+++ b/arch/x86/mm/init.c
167 -@@ -696,13 +696,6 @@ void free_initmem(void)
168 - void __init free_initrd_mem(unsigned long start, unsigned long end)
169 - {
170 - /*
171 -- * Remember, initrd memory may contain microcode or other useful things.
172 -- * Before we lose initrd mem, we need to find a place to hold them
173 -- * now that normal virtual memory is enabled.
174 -- */
175 -- save_microcode_in_initrd();
176 --
177 -- /*
178 - * end could be not aligned, and We can not align that,
179 - * decompresser could be confused by aligned initrd_end
180 - * We already reserve the end partial page before in
181 -diff --git a/arch/x86/power/hibernate_asm_64.S b/arch/x86/power/hibernate_asm_64.S
182 -index 3177c2b..8eee0e9 100644
183 ---- a/arch/x86/power/hibernate_asm_64.S
184 -+++ b/arch/x86/power/hibernate_asm_64.S
185 -@@ -24,7 +24,6 @@
186 - #include <asm/frame.h>
187 -
188 - ENTRY(swsusp_arch_suspend)
189 -- FRAME_BEGIN
190 - movq $saved_context, %rax
191 - movq %rsp, pt_regs_sp(%rax)
192 - movq %rbp, pt_regs_bp(%rax)
193 -@@ -48,6 +47,7 @@ ENTRY(swsusp_arch_suspend)
194 - movq %cr3, %rax
195 - movq %rax, restore_cr3(%rip)
196 -
197 -+ FRAME_BEGIN
198 - call swsusp_save
199 - FRAME_END
200 - ret
201 -@@ -104,7 +104,6 @@ ENTRY(core_restore_code)
202 - /* code below belongs to the image kernel */
203 - .align PAGE_SIZE
204 - ENTRY(restore_registers)
205 -- FRAME_BEGIN
206 - /* go back to the original page tables */
207 - movq %r9, %cr3
208 -
209 -@@ -145,6 +144,5 @@ ENTRY(restore_registers)
210 - /* tell the hibernation core that we've just restored the memory */
211 - movq %rax, in_suspend(%rip)
212 -
213 -- FRAME_END
214 - ret
215 - ENDPROC(restore_registers)
216 -diff --git a/block/genhd.c b/block/genhd.c
217 -index 9f42526..3eebd25 100644
218 ---- a/block/genhd.c
219 -+++ b/block/genhd.c
220 -@@ -856,6 +856,7 @@ static void disk_seqf_stop(struct seq_file *seqf, void *v)
221 - if (iter) {
222 - class_dev_iter_exit(iter);
223 - kfree(iter);
224 -+ seqf->private = NULL;
225 - }
226 - }
227 -
228 -diff --git a/crypto/gcm.c b/crypto/gcm.c
229 -index bec329b..d9ea5f9 100644
230 ---- a/crypto/gcm.c
231 -+++ b/crypto/gcm.c
232 -@@ -639,7 +639,9 @@ static int crypto_gcm_create_common(struct crypto_template *tmpl,
233 -
234 - ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type,
235 - CRYPTO_ALG_TYPE_HASH,
236 -- CRYPTO_ALG_TYPE_AHASH_MASK);
237 -+ CRYPTO_ALG_TYPE_AHASH_MASK |
238 -+ crypto_requires_sync(algt->type,
239 -+ algt->mask));
240 - if (IS_ERR(ghash_alg))
241 - return PTR_ERR(ghash_alg);
242 -
243 -diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
244 -index ea5815c..bc769c4 100644
245 ---- a/crypto/scatterwalk.c
246 -+++ b/crypto/scatterwalk.c
247 -@@ -72,7 +72,8 @@ static void scatterwalk_pagedone(struct scatter_walk *walk, int out,
248 -
249 - void scatterwalk_done(struct scatter_walk *walk, int out, int more)
250 - {
251 -- if (!(scatterwalk_pagelen(walk) & (PAGE_SIZE - 1)) || !more)
252 -+ if (!more || walk->offset >= walk->sg->offset + walk->sg->length ||
253 -+ !(walk->offset & (PAGE_SIZE - 1)))
254 - scatterwalk_pagedone(walk, out, more);
255 - }
256 - EXPORT_SYMBOL_GPL(scatterwalk_done);
257 -diff --git a/drivers/char/random.c b/drivers/char/random.c
258 -index 0158d3b..87ab9f6 100644
259 ---- a/drivers/char/random.c
260 -+++ b/drivers/char/random.c
261 -@@ -723,15 +723,18 @@ retry:
262 - }
263 - }
264 -
265 --static void credit_entropy_bits_safe(struct entropy_store *r, int nbits)
266 -+static int credit_entropy_bits_safe(struct entropy_store *r, int nbits)
267 - {
268 - const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1));
269 -
270 -+ if (nbits < 0)
271 -+ return -EINVAL;
272 -+
273 - /* Cap the value to avoid overflows */
274 - nbits = min(nbits, nbits_max);
275 -- nbits = max(nbits, -nbits_max);
276 -
277 - credit_entropy_bits(r, nbits);
278 -+ return 0;
279 - }
280 -
281 - /*********************************************************************
282 -@@ -1543,8 +1546,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
283 - return -EPERM;
284 - if (get_user(ent_count, p))
285 - return -EFAULT;
286 -- credit_entropy_bits_safe(&input_pool, ent_count);
287 -- return 0;
288 -+ return credit_entropy_bits_safe(&input_pool, ent_count);
289 - case RNDADDENTROPY:
290 - if (!capable(CAP_SYS_ADMIN))
291 - return -EPERM;
292 -@@ -1558,8 +1560,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
293 - size);
294 - if (retval < 0)
295 - return retval;
296 -- credit_entropy_bits_safe(&input_pool, ent_count);
297 -- return 0;
298 -+ return credit_entropy_bits_safe(&input_pool, ent_count);
299 - case RNDZAPENTCNT:
300 - case RNDCLEARPOOL:
301 - /*
302 -diff --git a/drivers/cpufreq/pcc-cpufreq.c b/drivers/cpufreq/pcc-cpufreq.c
303 -index a7ecb9a..3f0ce2a 100644
304 ---- a/drivers/cpufreq/pcc-cpufreq.c
305 -+++ b/drivers/cpufreq/pcc-cpufreq.c
306 -@@ -555,8 +555,6 @@ static int pcc_cpufreq_cpu_init(struct cpufreq_policy *policy)
307 - policy->min = policy->cpuinfo.min_freq =
308 - ioread32(&pcch_hdr->minimum_frequency) * 1000;
309 -
310 -- policy->cpuinfo.transition_latency = CPUFREQ_ETERNAL;
311 --
312 - pr_debug("init: policy->max is %d, policy->min is %d\n",
313 - policy->max, policy->min);
314 - out:
315 -diff --git a/drivers/infiniband/hw/hfi1/Kconfig b/drivers/infiniband/hw/hfi1/Kconfig
316 -index a925fb0..f846fd5 100644
317 ---- a/drivers/infiniband/hw/hfi1/Kconfig
318 -+++ b/drivers/infiniband/hw/hfi1/Kconfig
319 -@@ -3,7 +3,6 @@ config INFINIBAND_HFI1
320 - depends on X86_64 && INFINIBAND_RDMAVT
321 - select MMU_NOTIFIER
322 - select CRC32
323 -- default m
324 - ---help---
325 - This is a low-level driver for Intel OPA Gen1 adapter.
326 - config HFI1_DEBUG_SDMA_ORDER
327 -diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
328 -index a2afa3b..4d79819 100644
329 ---- a/drivers/net/bonding/bond_main.c
330 -+++ b/drivers/net/bonding/bond_main.c
331 -@@ -1422,7 +1422,16 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev)
332 - return -EINVAL;
333 - }
334 -
335 -- if (slave_ops->ndo_set_mac_address == NULL) {
336 -+ if (slave_dev->type == ARPHRD_INFINIBAND &&
337 -+ BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) {
338 -+ netdev_warn(bond_dev, "Type (%d) supports only active-backup mode\n",
339 -+ slave_dev->type);
340 -+ res = -EOPNOTSUPP;
341 -+ goto err_undo_flags;
342 -+ }
343 -+
344 -+ if (!slave_ops->ndo_set_mac_address ||
345 -+ slave_dev->type == ARPHRD_INFINIBAND) {
346 - netdev_warn(bond_dev, "The slave device specified does not support setting the MAC address\n");
347 - if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP &&
348 - bond->params.fail_over_mac != BOND_FOM_ACTIVE) {
349 -diff --git a/drivers/net/ethernet/qlogic/qed/qed_spq.c b/drivers/net/ethernet/qlogic/qed/qed_spq.c
350 -index b122f60..03601df 100644
351 ---- a/drivers/net/ethernet/qlogic/qed/qed_spq.c
352 -+++ b/drivers/net/ethernet/qlogic/qed/qed_spq.c
353 -@@ -809,13 +809,12 @@ int qed_spq_completion(struct qed_hwfn *p_hwfn,
354 - * in a bitmap and increasing the chain consumer only
355 - * for the first successive completed entries.
356 - */
357 -- bitmap_set(p_spq->p_comp_bitmap, pos, SPQ_RING_SIZE);
358 -+ __set_bit(pos, p_spq->p_comp_bitmap);
359 -
360 - while (test_bit(p_spq->comp_bitmap_idx,
361 - p_spq->p_comp_bitmap)) {
362 -- bitmap_clear(p_spq->p_comp_bitmap,
363 -- p_spq->comp_bitmap_idx,
364 -- SPQ_RING_SIZE);
365 -+ __clear_bit(p_spq->comp_bitmap_idx,
366 -+ p_spq->p_comp_bitmap);
367 - p_spq->comp_bitmap_idx++;
368 - qed_chain_return_produced(&p_spq->chain);
369 - }
370 -diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
371 -index 8bcd78f..a70b6c4 100644
372 ---- a/drivers/net/macsec.c
373 -+++ b/drivers/net/macsec.c
374 -@@ -942,7 +942,6 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
375 - }
376 -
377 - macsec_skb_cb(skb)->req = req;
378 -- macsec_skb_cb(skb)->rx_sa = rx_sa;
379 - skb->dev = dev;
380 - aead_request_set_callback(req, 0, macsec_decrypt_done, skb);
381 -
382 -@@ -1169,6 +1168,8 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
383 - }
384 - }
385 -
386 -+ macsec_skb_cb(skb)->rx_sa = rx_sa;
387 -+
388 - /* Disabled && !changed text => skip validation */
389 - if (hdr->tci_an & MACSEC_TCI_C ||
390 - secy->validate_frames != MACSEC_VALIDATE_DISABLED)
391 -diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c
392 -index ce362bd..45b57c2 100644
393 ---- a/drivers/tty/serial/mvebu-uart.c
394 -+++ b/drivers/tty/serial/mvebu-uart.c
395 -@@ -300,6 +300,8 @@ static int mvebu_uart_startup(struct uart_port *port)
396 - static void mvebu_uart_shutdown(struct uart_port *port)
397 - {
398 - writel(0, port->membase + UART_CTRL);
399 -+
400 -+ free_irq(port->irq, port);
401 - }
402 -
403 - static void mvebu_uart_set_termios(struct uart_port *port,
404 -diff --git a/fs/dcache.c b/fs/dcache.c
405 -index d6847d7..1ed81bb 100644
406 ---- a/fs/dcache.c
407 -+++ b/fs/dcache.c
408 -@@ -622,7 +622,6 @@ static struct dentry *dentry_kill(struct dentry *dentry)
409 -
410 - failed:
411 - spin_unlock(&dentry->d_lock);
412 -- cpu_relax();
413 - return dentry; /* try again with same dentry */
414 - }
415 -
416 -@@ -796,6 +795,8 @@ void dput(struct dentry *dentry)
417 - return;
418 -
419 - repeat:
420 -+ might_sleep();
421 -+
422 - rcu_read_lock();
423 - if (likely(fast_dput(dentry))) {
424 - rcu_read_unlock();
425 -@@ -829,8 +830,10 @@ repeat:
426 -
427 - kill_it:
428 - dentry = dentry_kill(dentry);
429 -- if (dentry)
430 -+ if (dentry) {
431 -+ cond_resched();
432 - goto repeat;
433 -+ }
434 - }
435 - EXPORT_SYMBOL(dput);
436 -
437 -diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
438 -index 3020fd7..1ea5054 100644
439 ---- a/fs/ext4/balloc.c
440 -+++ b/fs/ext4/balloc.c
441 -@@ -208,6 +208,9 @@ static int ext4_init_block_bitmap(struct super_block *sb,
442 - memset(bh->b_data, 0, sb->s_blocksize);
443 -
444 - bit_max = ext4_num_base_meta_clusters(sb, block_group);
445 -+ if ((bit_max >> 3) >= bh->b_size)
446 -+ return -EFSCORRUPTED;
447 -+
448 - for (bit = 0; bit < bit_max; bit++)
449 - ext4_set_bit(bit, bh->b_data);
450 -
451 -diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
452 -index 2a2eef9..d7ccb7f 100644
453 ---- a/fs/ext4/extents.c
454 -+++ b/fs/ext4/extents.c
455 -@@ -381,9 +381,13 @@ static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
456 - ext4_fsblk_t block = ext4_ext_pblock(ext);
457 - int len = ext4_ext_get_actual_len(ext);
458 - ext4_lblk_t lblock = le32_to_cpu(ext->ee_block);
459 -- ext4_lblk_t last = lblock + len - 1;
460 -
461 -- if (len == 0 || lblock > last)
462 -+ /*
463 -+ * We allow neither:
464 -+ * - zero length
465 -+ * - overflow/wrap-around
466 -+ */
467 -+ if (lblock + len <= lblock)
468 - return 0;
469 - return ext4_data_block_valid(EXT4_SB(inode->i_sb), block, len);
470 - }
471 -@@ -474,6 +478,10 @@ static int __ext4_ext_check(const char *function, unsigned int line,
472 - error_msg = "invalid extent entries";
473 - goto corrupted;
474 - }
475 -+ if (unlikely(depth > 32)) {
476 -+ error_msg = "too large eh_depth";
477 -+ goto corrupted;
478 -+ }
479 - /* Verify checksum on non-root extent tree nodes */
480 - if (ext_depth(inode) != depth &&
481 - !ext4_extent_block_csum_verify(inode, eh)) {
482 -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
483 -index f7140ca..b747ec0 100644
484 ---- a/fs/ext4/inode.c
485 -+++ b/fs/ext4/inode.c
486 -@@ -205,9 +205,9 @@ void ext4_evict_inode(struct inode *inode)
487 - * Note that directories do not have this problem because they
488 - * don't use page cache.
489 - */
490 -- if (ext4_should_journal_data(inode) &&
491 -- (S_ISLNK(inode->i_mode) || S_ISREG(inode->i_mode)) &&
492 -- inode->i_ino != EXT4_JOURNAL_INO) {
493 -+ if (inode->i_ino != EXT4_JOURNAL_INO &&
494 -+ ext4_should_journal_data(inode) &&
495 -+ (S_ISLNK(inode->i_mode) || S_ISREG(inode->i_mode))) {
496 - journal_t *journal = EXT4_SB(inode->i_sb)->s_journal;
497 - tid_t commit_tid = EXT4_I(inode)->i_datasync_tid;
498 -
499 -@@ -2748,13 +2748,36 @@ retry:
500 - done = true;
501 - }
502 - }
503 -- ext4_journal_stop(handle);
504 -+ /*
505 -+ * Caution: If the handle is synchronous,
506 -+ * ext4_journal_stop() can wait for transaction commit
507 -+ * to finish which may depend on writeback of pages to
508 -+ * complete or on page lock to be released. In that
509 -+ * case, we have to wait until after after we have
510 -+ * submitted all the IO, released page locks we hold,
511 -+ * and dropped io_end reference (for extent conversion
512 -+ * to be able to complete) before stopping the handle.
513 -+ */
514 -+ if (!ext4_handle_valid(handle) || handle->h_sync == 0) {
515 -+ ext4_journal_stop(handle);
516 -+ handle = NULL;
517 -+ }
518 - /* Submit prepared bio */
519 - ext4_io_submit(&mpd.io_submit);
520 - /* Unlock pages we didn't use */
521 - mpage_release_unused_pages(&mpd, give_up_on_write);
522 -- /* Drop our io_end reference we got from init */
523 -- ext4_put_io_end(mpd.io_submit.io_end);
524 -+ /*
525 -+ * Drop our io_end reference we got from init. We have
526 -+ * to be careful and use deferred io_end finishing if
527 -+ * we are still holding the transaction as we can
528 -+ * release the last reference to io_end which may end
529 -+ * up doing unwritten extent conversion.
530 -+ */
531 -+ if (handle) {
532 -+ ext4_put_io_end_defer(mpd.io_submit.io_end);
533 -+ ext4_journal_stop(handle);
534 -+ } else
535 -+ ext4_put_io_end(mpd.io_submit.io_end);
536 -
537 - if (ret == -ENOSPC && sbi->s_journal) {
538 - /*
539 -diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
540 -index c1ab3ec..7f42eda 100644
541 ---- a/fs/ext4/mballoc.c
542 -+++ b/fs/ext4/mballoc.c
543 -@@ -2939,7 +2939,7 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac,
544 - ext4_error(sb, "Allocating blocks %llu-%llu which overlap "
545 - "fs metadata", block, block+len);
546 - /* File system mounted not to panic on error
547 -- * Fix the bitmap and repeat the block allocation
548 -+ * Fix the bitmap and return EFSCORRUPTED
549 - * We leak some of the blocks here.
550 - */
551 - ext4_lock_group(sb, ac->ac_b_ex.fe_group);
552 -@@ -2948,7 +2948,7 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac,
553 - ext4_unlock_group(sb, ac->ac_b_ex.fe_group);
554 - err = ext4_handle_dirty_metadata(handle, NULL, bitmap_bh);
555 - if (!err)
556 -- err = -EAGAIN;
557 -+ err = -EFSCORRUPTED;
558 - goto out_err;
559 - }
560 -
561 -@@ -4513,18 +4513,7 @@ repeat:
562 - }
563 - if (likely(ac->ac_status == AC_STATUS_FOUND)) {
564 - *errp = ext4_mb_mark_diskspace_used(ac, handle, reserv_clstrs);
565 -- if (*errp == -EAGAIN) {
566 -- /*
567 -- * drop the reference that we took
568 -- * in ext4_mb_use_best_found
569 -- */
570 -- ext4_mb_release_context(ac);
571 -- ac->ac_b_ex.fe_group = 0;
572 -- ac->ac_b_ex.fe_start = 0;
573 -- ac->ac_b_ex.fe_len = 0;
574 -- ac->ac_status = AC_STATUS_CONTINUE;
575 -- goto repeat;
576 -- } else if (*errp) {
577 -+ if (*errp) {
578 - ext4_discard_allocated_blocks(ac);
579 - goto errout;
580 - } else {
581 -diff --git a/fs/ext4/super.c b/fs/ext4/super.c
582 -index 3822a5a..639bd756 100644
583 ---- a/fs/ext4/super.c
584 -+++ b/fs/ext4/super.c
585 -@@ -2278,6 +2278,16 @@ static void ext4_orphan_cleanup(struct super_block *sb,
586 - while (es->s_last_orphan) {
587 - struct inode *inode;
588 -
589 -+ /*
590 -+ * We may have encountered an error during cleanup; if
591 -+ * so, skip the rest.
592 -+ */
593 -+ if (EXT4_SB(sb)->s_mount_state & EXT4_ERROR_FS) {
594 -+ jbd_debug(1, "Skipping orphan recovery on fs with errors.\n");
595 -+ es->s_last_orphan = 0;
596 -+ break;
597 -+ }
598 -+
599 - inode = ext4_orphan_get(sb, le32_to_cpu(es->s_last_orphan));
600 - if (IS_ERR(inode)) {
601 - es->s_last_orphan = 0;
602 -@@ -3416,6 +3426,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
603 - goto failed_mount;
604 - }
605 -
606 -+ if (le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) > (blocksize / 4)) {
607 -+ ext4_msg(sb, KERN_ERR,
608 -+ "Number of reserved GDT blocks insanely large: %d",
609 -+ le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks));
610 -+ goto failed_mount;
611 -+ }
612 -+
613 - if (sbi->s_mount_opt & EXT4_MOUNT_DAX) {
614 - err = bdev_dax_supported(sb, blocksize);
615 - if (err)
616 -diff --git a/fs/fuse/file.c b/fs/fuse/file.c
617 -index 9154f86..6cac3dc 100644
618 ---- a/fs/fuse/file.c
619 -+++ b/fs/fuse/file.c
620 -@@ -417,6 +417,15 @@ static int fuse_flush(struct file *file, fl_owner_t id)
621 - fuse_sync_writes(inode);
622 - inode_unlock(inode);
623 -
624 -+ if (test_bit(AS_ENOSPC, &file->f_mapping->flags) &&
625 -+ test_and_clear_bit(AS_ENOSPC, &file->f_mapping->flags))
626 -+ err = -ENOSPC;
627 -+ if (test_bit(AS_EIO, &file->f_mapping->flags) &&
628 -+ test_and_clear_bit(AS_EIO, &file->f_mapping->flags))
629 -+ err = -EIO;
630 -+ if (err)
631 -+ return err;
632 -+
633 - req = fuse_get_req_nofail_nopages(fc, file);
634 - memset(&inarg, 0, sizeof(inarg));
635 - inarg.fh = ff->fh;
636 -@@ -462,6 +471,21 @@ int fuse_fsync_common(struct file *file, loff_t start, loff_t end,
637 - goto out;
638 -
639 - fuse_sync_writes(inode);
640 -+
641 -+ /*
642 -+ * Due to implementation of fuse writeback
643 -+ * filemap_write_and_wait_range() does not catch errors.
644 -+ * We have to do this directly after fuse_sync_writes()
645 -+ */
646 -+ if (test_bit(AS_ENOSPC, &file->f_mapping->flags) &&
647 -+ test_and_clear_bit(AS_ENOSPC, &file->f_mapping->flags))
648 -+ err = -ENOSPC;
649 -+ if (test_bit(AS_EIO, &file->f_mapping->flags) &&
650 -+ test_and_clear_bit(AS_EIO, &file->f_mapping->flags))
651 -+ err = -EIO;
652 -+ if (err)
653 -+ goto out;
654 -+
655 - err = sync_inode_metadata(inode, 1);
656 - if (err)
657 - goto out;
658 -diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
659 -index 9961d843..9b7cb37 100644
660 ---- a/fs/fuse/inode.c
661 -+++ b/fs/fuse/inode.c
662 -@@ -942,7 +942,7 @@ static void fuse_send_init(struct fuse_conn *fc, struct fuse_req *req)
663 - arg->flags |= FUSE_ASYNC_READ | FUSE_POSIX_LOCKS | FUSE_ATOMIC_O_TRUNC |
664 - FUSE_EXPORT_SUPPORT | FUSE_BIG_WRITES | FUSE_DONT_MASK |
665 - FUSE_SPLICE_WRITE | FUSE_SPLICE_MOVE | FUSE_SPLICE_READ |
666 -- FUSE_FLOCK_LOCKS | FUSE_IOCTL_DIR | FUSE_AUTO_INVAL_DATA |
667 -+ FUSE_FLOCK_LOCKS | FUSE_HAS_IOCTL_DIR | FUSE_AUTO_INVAL_DATA |
668 - FUSE_DO_READDIRPLUS | FUSE_READDIRPLUS_AUTO | FUSE_ASYNC_DIO |
669 - FUSE_WRITEBACK_CACHE | FUSE_NO_OPEN_SUPPORT |
670 - FUSE_PARALLEL_DIROPS;
671 -diff --git a/fs/inode.c b/fs/inode.c
672 -index 4ccbc21..9ea4219 100644
673 ---- a/fs/inode.c
674 -+++ b/fs/inode.c
675 -@@ -345,7 +345,7 @@ EXPORT_SYMBOL(inc_nlink);
676 - void address_space_init_once(struct address_space *mapping)
677 - {
678 - memset(mapping, 0, sizeof(*mapping));
679 -- INIT_RADIX_TREE(&mapping->page_tree, GFP_ATOMIC);
680 -+ INIT_RADIX_TREE(&mapping->page_tree, GFP_ATOMIC | __GFP_ACCOUNT);
681 - spin_lock_init(&mapping->tree_lock);
682 - init_rwsem(&mapping->i_mmap_rwsem);
683 - INIT_LIST_HEAD(&mapping->private_list);
684 -@@ -1740,8 +1740,8 @@ static int __remove_privs(struct dentry *dentry, int kill)
685 - */
686 - int file_remove_privs(struct file *file)
687 - {
688 -- struct dentry *dentry = file->f_path.dentry;
689 -- struct inode *inode = d_inode(dentry);
690 -+ struct dentry *dentry = file_dentry(file);
691 -+ struct inode *inode = file_inode(file);
692 - int kill;
693 - int error = 0;
694 -
695 -@@ -1749,7 +1749,7 @@ int file_remove_privs(struct file *file)
696 - if (IS_NOSEC(inode))
697 - return 0;
698 -
699 -- kill = file_needs_remove_privs(file);
700 -+ kill = dentry_needs_remove_privs(dentry);
701 - if (kill < 0)
702 - return kill;
703 - if (kill)
704 -diff --git a/fs/ioctl.c b/fs/ioctl.c
705 -index 116a333..0f56deb 100644
706 ---- a/fs/ioctl.c
707 -+++ b/fs/ioctl.c
708 -@@ -590,6 +590,7 @@ static long ioctl_file_dedupe_range(struct file *file, void __user *arg)
709 - goto out;
710 - }
711 -
712 -+ same->dest_count = count;
713 - ret = vfs_dedupe_file_range(file, same);
714 - if (ret)
715 - goto out;
716 -diff --git a/ipc/msg.c b/ipc/msg.c
717 -index 1471db9..c6521c2 100644
718 ---- a/ipc/msg.c
719 -+++ b/ipc/msg.c
720 -@@ -680,7 +680,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
721 - rcu_read_lock();
722 - ipc_lock_object(&msq->q_perm);
723 -
724 -- ipc_rcu_putref(msq, ipc_rcu_free);
725 -+ ipc_rcu_putref(msq, msg_rcu_free);
726 - /* raced with RMID? */
727 - if (!ipc_valid_object(&msq->q_perm)) {
728 - err = -EIDRM;
729 -diff --git a/ipc/sem.c b/ipc/sem.c
730 -index b3757ea..5d2f875 100644
731 ---- a/ipc/sem.c
732 -+++ b/ipc/sem.c
733 -@@ -449,7 +449,7 @@ static inline struct sem_array *sem_obtain_object_check(struct ipc_namespace *ns
734 - static inline void sem_lock_and_putref(struct sem_array *sma)
735 - {
736 - sem_lock(sma, NULL, -1);
737 -- ipc_rcu_putref(sma, ipc_rcu_free);
738 -+ ipc_rcu_putref(sma, sem_rcu_free);
739 - }
740 -
741 - static inline void sem_rmid(struct ipc_namespace *ns, struct sem_array *s)
742 -@@ -1392,7 +1392,7 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,
743 - rcu_read_unlock();
744 - sem_io = ipc_alloc(sizeof(ushort)*nsems);
745 - if (sem_io == NULL) {
746 -- ipc_rcu_putref(sma, ipc_rcu_free);
747 -+ ipc_rcu_putref(sma, sem_rcu_free);
748 - return -ENOMEM;
749 - }
750 -
751 -@@ -1426,20 +1426,20 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,
752 - if (nsems > SEMMSL_FAST) {
753 - sem_io = ipc_alloc(sizeof(ushort)*nsems);
754 - if (sem_io == NULL) {
755 -- ipc_rcu_putref(sma, ipc_rcu_free);
756 -+ ipc_rcu_putref(sma, sem_rcu_free);
757 - return -ENOMEM;
758 - }
759 - }
760 -
761 - if (copy_from_user(sem_io, p, nsems*sizeof(ushort))) {
762 -- ipc_rcu_putref(sma, ipc_rcu_free);
763 -+ ipc_rcu_putref(sma, sem_rcu_free);
764 - err = -EFAULT;
765 - goto out_free;
766 - }
767 -
768 - for (i = 0; i < nsems; i++) {
769 - if (sem_io[i] > SEMVMX) {
770 -- ipc_rcu_putref(sma, ipc_rcu_free);
771 -+ ipc_rcu_putref(sma, sem_rcu_free);
772 - err = -ERANGE;
773 - goto out_free;
774 - }
775 -@@ -1731,7 +1731,7 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)
776 - /* step 2: allocate new undo structure */
777 - new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL);
778 - if (!new) {
779 -- ipc_rcu_putref(sma, ipc_rcu_free);
780 -+ ipc_rcu_putref(sma, sem_rcu_free);
781 - return ERR_PTR(-ENOMEM);
782 - }
783 -
784 -diff --git a/lib/radix-tree.c b/lib/radix-tree.c
785 -index 8b7d845..bc7852f 100644
786 ---- a/lib/radix-tree.c
787 -+++ b/lib/radix-tree.c
788 -@@ -274,10 +274,11 @@ radix_tree_node_alloc(struct radix_tree_root *root)
789 -
790 - /*
791 - * Even if the caller has preloaded, try to allocate from the
792 -- * cache first for the new node to get accounted.
793 -+ * cache first for the new node to get accounted to the memory
794 -+ * cgroup.
795 - */
796 - ret = kmem_cache_alloc(radix_tree_node_cachep,
797 -- gfp_mask | __GFP_ACCOUNT | __GFP_NOWARN);
798 -+ gfp_mask | __GFP_NOWARN);
799 - if (ret)
800 - goto out;
801 -
802 -@@ -300,8 +301,7 @@ radix_tree_node_alloc(struct radix_tree_root *root)
803 - kmemleak_update_trace(ret);
804 - goto out;
805 - }
806 -- ret = kmem_cache_alloc(radix_tree_node_cachep,
807 -- gfp_mask | __GFP_ACCOUNT);
808 -+ ret = kmem_cache_alloc(radix_tree_node_cachep, gfp_mask);
809 - out:
810 - BUG_ON(radix_tree_is_internal_node(ret));
811 - return ret;
812 -@@ -348,6 +348,12 @@ static int __radix_tree_preload(gfp_t gfp_mask)
813 - struct radix_tree_node *node;
814 - int ret = -ENOMEM;
815 -
816 -+ /*
817 -+ * Nodes preloaded by one cgroup can be be used by another cgroup, so
818 -+ * they should never be accounted to any particular memory cgroup.
819 -+ */
820 -+ gfp_mask &= ~__GFP_ACCOUNT;
821 -+
822 - preempt_disable();
823 - rtp = this_cpu_ptr(&radix_tree_preloads);
824 - while (rtp->nr < RADIX_TREE_PRELOAD_SIZE) {
825 -diff --git a/mm/memcontrol.c b/mm/memcontrol.c
826 -index 5339c89..ca847d9 100644
827 ---- a/mm/memcontrol.c
828 -+++ b/mm/memcontrol.c
829 -@@ -4083,14 +4083,32 @@ static struct cftype mem_cgroup_legacy_files[] = {
830 -
831 - static DEFINE_IDR(mem_cgroup_idr);
832 -
833 --static void mem_cgroup_id_get(struct mem_cgroup *memcg)
834 -+static void mem_cgroup_id_get_many(struct mem_cgroup *memcg, unsigned int n)
835 - {
836 -- atomic_inc(&memcg->id.ref);
837 -+ atomic_add(n, &memcg->id.ref);
838 - }
839 -
840 --static void mem_cgroup_id_put(struct mem_cgroup *memcg)
841 -+static struct mem_cgroup *mem_cgroup_id_get_online(struct mem_cgroup *memcg)
842 - {
843 -- if (atomic_dec_and_test(&memcg->id.ref)) {
844 -+ while (!atomic_inc_not_zero(&memcg->id.ref)) {
845 -+ /*
846 -+ * The root cgroup cannot be destroyed, so it's refcount must
847 -+ * always be >= 1.
848 -+ */
849 -+ if (WARN_ON_ONCE(memcg == root_mem_cgroup)) {
850 -+ VM_BUG_ON(1);
851 -+ break;
852 -+ }
853 -+ memcg = parent_mem_cgroup(memcg);
854 -+ if (!memcg)
855 -+ memcg = root_mem_cgroup;
856 -+ }
857 -+ return memcg;
858 -+}
859 -+
860 -+static void mem_cgroup_id_put_many(struct mem_cgroup *memcg, unsigned int n)
861 -+{
862 -+ if (atomic_sub_and_test(n, &memcg->id.ref)) {
863 - idr_remove(&mem_cgroup_idr, memcg->id.id);
864 - memcg->id.id = 0;
865 -
866 -@@ -4099,6 +4117,16 @@ static void mem_cgroup_id_put(struct mem_cgroup *memcg)
867 - }
868 - }
869 -
870 -+static inline void mem_cgroup_id_get(struct mem_cgroup *memcg)
871 -+{
872 -+ mem_cgroup_id_get_many(memcg, 1);
873 -+}
874 -+
875 -+static inline void mem_cgroup_id_put(struct mem_cgroup *memcg)
876 -+{
877 -+ mem_cgroup_id_put_many(memcg, 1);
878 -+}
879 -+
880 - /**
881 - * mem_cgroup_from_id - look up a memcg from a memcg id
882 - * @id: the memcg id to look up
883 -@@ -4736,6 +4764,8 @@ static void __mem_cgroup_clear_mc(void)
884 - if (!mem_cgroup_is_root(mc.from))
885 - page_counter_uncharge(&mc.from->memsw, mc.moved_swap);
886 -
887 -+ mem_cgroup_id_put_many(mc.from, mc.moved_swap);
888 -+
889 - /*
890 - * we charged both to->memory and to->memsw, so we
891 - * should uncharge to->memory.
892 -@@ -4743,9 +4773,9 @@ static void __mem_cgroup_clear_mc(void)
893 - if (!mem_cgroup_is_root(mc.to))
894 - page_counter_uncharge(&mc.to->memory, mc.moved_swap);
895 -
896 -- css_put_many(&mc.from->css, mc.moved_swap);
897 -+ mem_cgroup_id_get_many(mc.to, mc.moved_swap);
898 -+ css_put_many(&mc.to->css, mc.moved_swap);
899 -
900 -- /* we've already done css_get(mc.to) */
901 - mc.moved_swap = 0;
902 - }
903 - memcg_oom_recover(from);
904 -@@ -5805,7 +5835,7 @@ subsys_initcall(mem_cgroup_init);
905 - */
906 - void mem_cgroup_swapout(struct page *page, swp_entry_t entry)
907 - {
908 -- struct mem_cgroup *memcg;
909 -+ struct mem_cgroup *memcg, *swap_memcg;
910 - unsigned short oldid;
911 -
912 - VM_BUG_ON_PAGE(PageLRU(page), page);
913 -@@ -5820,16 +5850,27 @@ void mem_cgroup_swapout(struct page *page, swp_entry_t entry)
914 - if (!memcg)
915 - return;
916 -
917 -- mem_cgroup_id_get(memcg);
918 -- oldid = swap_cgroup_record(entry, mem_cgroup_id(memcg));
919 -+ /*
920 -+ * In case the memcg owning these pages has been offlined and doesn't
921 -+ * have an ID allocated to it anymore, charge the closest online
922 -+ * ancestor for the swap instead and transfer the memory+swap charge.
923 -+ */
924 -+ swap_memcg = mem_cgroup_id_get_online(memcg);
925 -+ oldid = swap_cgroup_record(entry, mem_cgroup_id(swap_memcg));
926 - VM_BUG_ON_PAGE(oldid, page);
927 -- mem_cgroup_swap_statistics(memcg, true);
928 -+ mem_cgroup_swap_statistics(swap_memcg, true);
929 -
930 - page->mem_cgroup = NULL;
931 -
932 - if (!mem_cgroup_is_root(memcg))
933 - page_counter_uncharge(&memcg->memory, 1);
934 -
935 -+ if (memcg != swap_memcg) {
936 -+ if (!mem_cgroup_is_root(swap_memcg))
937 -+ page_counter_charge(&swap_memcg->memsw, 1);
938 -+ page_counter_uncharge(&memcg->memsw, 1);
939 -+ }
940 -+
941 - /*
942 - * Interrupts should be disabled here because the caller holds the
943 - * mapping->tree_lock lock which is taken with interrupts-off. It is
944 -@@ -5868,11 +5909,14 @@ int mem_cgroup_try_charge_swap(struct page *page, swp_entry_t entry)
945 - if (!memcg)
946 - return 0;
947 -
948 -+ memcg = mem_cgroup_id_get_online(memcg);
949 -+
950 - if (!mem_cgroup_is_root(memcg) &&
951 -- !page_counter_try_charge(&memcg->swap, 1, &counter))
952 -+ !page_counter_try_charge(&memcg->swap, 1, &counter)) {
953 -+ mem_cgroup_id_put(memcg);
954 - return -ENOMEM;
955 -+ }
956 -
957 -- mem_cgroup_id_get(memcg);
958 - oldid = swap_cgroup_record(entry, mem_cgroup_id(memcg));
959 - VM_BUG_ON_PAGE(oldid, page);
960 - mem_cgroup_swap_statistics(memcg, true);
961 -diff --git a/mm/mempool.c b/mm/mempool.c
962 -index 8f65464..47a659d 100644
963 ---- a/mm/mempool.c
964 -+++ b/mm/mempool.c
965 -@@ -306,7 +306,7 @@ EXPORT_SYMBOL(mempool_resize);
966 - * returns NULL. Note that due to preallocation, this function
967 - * *never* fails when called from process contexts. (it might
968 - * fail if called from an IRQ context.)
969 -- * Note: neither __GFP_NOMEMALLOC nor __GFP_ZERO are supported.
970 -+ * Note: using __GFP_ZERO is not supported.
971 - */
972 - void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask)
973 - {
974 -@@ -315,27 +315,16 @@ void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask)
975 - wait_queue_t wait;
976 - gfp_t gfp_temp;
977 -
978 -- /* If oom killed, memory reserves are essential to prevent livelock */
979 -- VM_WARN_ON_ONCE(gfp_mask & __GFP_NOMEMALLOC);
980 -- /* No element size to zero on allocation */
981 - VM_WARN_ON_ONCE(gfp_mask & __GFP_ZERO);
982 --
983 - might_sleep_if(gfp_mask & __GFP_DIRECT_RECLAIM);
984 -
985 -+ gfp_mask |= __GFP_NOMEMALLOC; /* don't allocate emergency reserves */
986 - gfp_mask |= __GFP_NORETRY; /* don't loop in __alloc_pages */
987 - gfp_mask |= __GFP_NOWARN; /* failures are OK */
988 -
989 - gfp_temp = gfp_mask & ~(__GFP_DIRECT_RECLAIM|__GFP_IO);
990 -
991 - repeat_alloc:
992 -- if (likely(pool->curr_nr)) {
993 -- /*
994 -- * Don't allocate from emergency reserves if there are
995 -- * elements available. This check is racy, but it will
996 -- * be rechecked each loop.
997 -- */
998 -- gfp_temp |= __GFP_NOMEMALLOC;
999 -- }
1000 -
1001 - element = pool->alloc(gfp_temp, pool->pool_data);
1002 - if (likely(element != NULL))
1003 -@@ -359,12 +348,11 @@ repeat_alloc:
1004 - * We use gfp mask w/o direct reclaim or IO for the first round. If
1005 - * alloc failed with that and @pool was empty, retry immediately.
1006 - */
1007 -- if ((gfp_temp & ~__GFP_NOMEMALLOC) != gfp_mask) {
1008 -+ if (gfp_temp != gfp_mask) {
1009 - spin_unlock_irqrestore(&pool->lock, flags);
1010 - gfp_temp = gfp_mask;
1011 - goto repeat_alloc;
1012 - }
1013 -- gfp_temp = gfp_mask;
1014 -
1015 - /* We must not sleep if !__GFP_DIRECT_RECLAIM */
1016 - if (!(gfp_mask & __GFP_DIRECT_RECLAIM)) {
1017 -diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
1018 -index 43d2cd8..28d5ec2 100644
1019 ---- a/net/bridge/br_input.c
1020 -+++ b/net/bridge/br_input.c
1021 -@@ -288,6 +288,14 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
1022 - case 0x01: /* IEEE MAC (Pause) */
1023 - goto drop;
1024 -
1025 -+ case 0x0E: /* 802.1AB LLDP */
1026 -+ fwd_mask |= p->br->group_fwd_mask;
1027 -+ if (fwd_mask & (1u << dest[5]))
1028 -+ goto forward;
1029 -+ *pskb = skb;
1030 -+ __br_handle_local_finish(skb);
1031 -+ return RX_HANDLER_PASS;
1032 -+
1033 - default:
1034 - /* Allow selective forwarding for most other protocols */
1035 - fwd_mask |= p->br->group_fwd_mask;
1036 -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
1037 -index e00e972..700b72c 100644
1038 ---- a/net/ipv4/tcp_output.c
1039 -+++ b/net/ipv4/tcp_output.c
1040 -@@ -236,7 +236,8 @@ void tcp_select_initial_window(int __space, __u32 mss,
1041 - /* Set window scaling on max possible window
1042 - * See RFC1323 for an explanation of the limit to 14
1043 - */
1044 -- space = max_t(u32, sysctl_tcp_rmem[2], sysctl_rmem_max);
1045 -+ space = max_t(u32, space, sysctl_tcp_rmem[2]);
1046 -+ space = max_t(u32, space, sysctl_rmem_max);
1047 - space = min_t(u32, space, *window_clamp);
1048 - while (space > 65535 && (*rcv_wscale) < 14) {
1049 - space >>= 1;
1050 -diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
1051 -index 4aed8fc..e61f7cd 100644
1052 ---- a/net/ipv4/udp.c
1053 -+++ b/net/ipv4/udp.c
1054 -@@ -1581,9 +1581,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
1055 - udp_lib_checksum_complete(skb))
1056 - goto csum_error;
1057 -
1058 -- if (sk_filter(sk, skb))
1059 -- goto drop;
1060 -- if (unlikely(skb->len < sizeof(struct udphdr)))
1061 -+ if (sk_filter_trim_cap(sk, skb, sizeof(struct udphdr)))
1062 - goto drop;
1063 -
1064 - udp_csum_pull_header(skb);
1065 -diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
1066 -index 47f837a..047c75a 100644
1067 ---- a/net/ipv6/addrconf.c
1068 -+++ b/net/ipv6/addrconf.c
1069 -@@ -3562,6 +3562,10 @@ restart:
1070 - if (state != INET6_IFADDR_STATE_DEAD) {
1071 - __ipv6_ifa_notify(RTM_DELADDR, ifa);
1072 - inet6addr_notifier_call_chain(NETDEV_DOWN, ifa);
1073 -+ } else {
1074 -+ if (idev->cnf.forwarding)
1075 -+ addrconf_leave_anycast(ifa);
1076 -+ addrconf_leave_solict(ifa->idev, &ifa->addr);
1077 - }
1078 -
1079 - write_lock_bh(&idev->lock);
1080 -diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
1081 -index acc09705..42a2edf 100644
1082 ---- a/net/ipv6/udp.c
1083 -+++ b/net/ipv6/udp.c
1084 -@@ -618,9 +618,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
1085 - udp_lib_checksum_complete(skb))
1086 - goto csum_error;
1087 -
1088 -- if (sk_filter(sk, skb))
1089 -- goto drop;
1090 -- if (unlikely(skb->len < sizeof(struct udphdr)))
1091 -+ if (sk_filter_trim_cap(sk, skb, sizeof(struct udphdr)))
1092 - goto drop;
1093 -
1094 - udp_csum_pull_header(skb);
1095 -diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
1096 -index 923abd6..8d2f7c9 100644
1097 ---- a/net/irda/af_irda.c
1098 -+++ b/net/irda/af_irda.c
1099 -@@ -1024,8 +1024,11 @@ static int irda_connect(struct socket *sock, struct sockaddr *uaddr,
1100 - }
1101 -
1102 - /* Check if we have opened a local TSAP */
1103 -- if (!self->tsap)
1104 -- irda_open_tsap(self, LSAP_ANY, addr->sir_name);
1105 -+ if (!self->tsap) {
1106 -+ err = irda_open_tsap(self, LSAP_ANY, addr->sir_name);
1107 -+ if (err)
1108 -+ goto out;
1109 -+ }
1110 -
1111 - /* Move to connecting socket, start sending Connect Requests */
1112 - sock->state = SS_CONNECTING;
1113 -diff --git a/net/sctp/input.c b/net/sctp/input.c
1114 -index 47cf460..f093322 100644
1115 ---- a/net/sctp/input.c
1116 -+++ b/net/sctp/input.c
1117 -@@ -328,6 +328,7 @@ int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
1118 - */
1119 -
1120 - sk = rcvr->sk;
1121 -+ local_bh_disable();
1122 - bh_lock_sock(sk);
1123 -
1124 - if (sock_owned_by_user(sk)) {
1125 -@@ -339,6 +340,7 @@ int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
1126 - sctp_inq_push(inqueue, chunk);
1127 -
1128 - bh_unlock_sock(sk);
1129 -+ local_bh_enable();
1130 -
1131 - /* If the chunk was backloged again, don't drop refs */
1132 - if (backloged)
1133 -diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
1134 -index 9d87bba..b335ffc 100644
1135 ---- a/net/sctp/inqueue.c
1136 -+++ b/net/sctp/inqueue.c
1137 -@@ -89,12 +89,10 @@ void sctp_inq_push(struct sctp_inq *q, struct sctp_chunk *chunk)
1138 - * Eventually, we should clean up inqueue to not rely
1139 - * on the BH related data structures.
1140 - */
1141 -- local_bh_disable();
1142 - list_add_tail(&chunk->list, &q->in_chunk_list);
1143 - if (chunk->asoc)
1144 - chunk->asoc->stats.ipackets++;
1145 - q->immediate.func(&q->immediate);
1146 -- local_bh_enable();
1147 - }
1148 -
1149 - /* Peek at the next chunk on the inqeue. */
1150 -diff --git a/net/sctp/socket.c b/net/sctp/socket.c
1151 -index 67154b8..7f5689a 100644
1152 ---- a/net/sctp/socket.c
1153 -+++ b/net/sctp/socket.c
1154 -@@ -4301,6 +4301,7 @@ int sctp_transport_walk_start(struct rhashtable_iter *iter)
1155 -
1156 - err = rhashtable_walk_start(iter);
1157 - if (err && err != -EAGAIN) {
1158 -+ rhashtable_walk_stop(iter);
1159 - rhashtable_walk_exit(iter);
1160 - return err;
1161 - }
1162 -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
1163 -index ad4fa49..9068369 100644
1164 ---- a/security/apparmor/apparmorfs.c
1165 -+++ b/security/apparmor/apparmorfs.c
1166 -@@ -331,6 +331,7 @@ static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
1167 - seq_printf(seq, "%.2x", profile->hash[i]);
1168 - seq_puts(seq, "\n");
1169 - }
1170 -+ aa_put_profile(profile);
1171 -
1172 - return 0;
1173 - }
1174
1175 diff --git a/4.7.4/1001_linux-4.7.2.patch b/4.7.4/1001_linux-4.7.2.patch
1176 deleted file mode 100644
1177 index d0ef798..0000000
1178 --- a/4.7.4/1001_linux-4.7.2.patch
1179 +++ /dev/null
1180 @@ -1,7668 +0,0 @@
1181 -diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
1182 -index 696d5ca..f0e3361 100644
1183 ---- a/Documentation/module-signing.txt
1184 -+++ b/Documentation/module-signing.txt
1185 -@@ -271,3 +271,9 @@ Since the private key is used to sign modules, viruses and malware could use
1186 - the private key to sign modules and compromise the operating system. The
1187 - private key must be either destroyed or moved to a secure location and not kept
1188 - in the root node of the kernel source tree.
1189 -+
1190 -+If you use the same private key to sign modules for multiple kernel
1191 -+configurations, you must ensure that the module version information is
1192 -+sufficient to prevent loading a module into a different kernel. Either
1193 -+set CONFIG_MODVERSIONS=y or ensure that each configuration has a different
1194 -+kernel release string by changing EXTRAVERSION or CONFIG_LOCALVERSION.
1195 -diff --git a/Makefile b/Makefile
1196 -index 84335c0..bb98f1c 100644
1197 ---- a/Makefile
1198 -+++ b/Makefile
1199 -@@ -1,6 +1,6 @@
1200 - VERSION = 4
1201 - PATCHLEVEL = 7
1202 --SUBLEVEL = 1
1203 -+SUBLEVEL = 2
1204 - EXTRAVERSION =
1205 - NAME = Psychotic Stoned Sheep
1206 -
1207 -diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h
1208 -index 858f98e..0f92d97 100644
1209 ---- a/arch/arc/include/asm/pgtable.h
1210 -+++ b/arch/arc/include/asm/pgtable.h
1211 -@@ -110,7 +110,7 @@
1212 - #define ___DEF (_PAGE_PRESENT | _PAGE_CACHEABLE)
1213 -
1214 - /* Set of bits not changed in pte_modify */
1215 --#define _PAGE_CHG_MASK (PAGE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY)
1216 -+#define _PAGE_CHG_MASK (PAGE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_SPECIAL)
1217 -
1218 - /* More Abbrevaited helpers */
1219 - #define PAGE_U_NONE __pgprot(___DEF)
1220 -diff --git a/arch/arc/mm/dma.c b/arch/arc/mm/dma.c
1221 -index 73d7e4c..ab74b5d 100644
1222 ---- a/arch/arc/mm/dma.c
1223 -+++ b/arch/arc/mm/dma.c
1224 -@@ -92,7 +92,8 @@ static void *arc_dma_alloc(struct device *dev, size_t size,
1225 - static void arc_dma_free(struct device *dev, size_t size, void *vaddr,
1226 - dma_addr_t dma_handle, struct dma_attrs *attrs)
1227 - {
1228 -- struct page *page = virt_to_page(dma_handle);
1229 -+ phys_addr_t paddr = plat_dma_to_phys(dev, dma_handle);
1230 -+ struct page *page = virt_to_page(paddr);
1231 - int is_non_coh = 1;
1232 -
1233 - is_non_coh = dma_get_attr(DMA_ATTR_NON_CONSISTENT, attrs) ||
1234 -diff --git a/arch/arm/boot/dts/arm-realview-pbx-a9.dts b/arch/arm/boot/dts/arm-realview-pbx-a9.dts
1235 -index db808f9..90d00b4 100644
1236 ---- a/arch/arm/boot/dts/arm-realview-pbx-a9.dts
1237 -+++ b/arch/arm/boot/dts/arm-realview-pbx-a9.dts
1238 -@@ -70,13 +70,12 @@
1239 - * associativity as these may be erroneously set
1240 - * up by boot loader(s).
1241 - */
1242 -- cache-size = <1048576>; // 1MB
1243 -- cache-sets = <4096>;
1244 -+ cache-size = <131072>; // 128KB
1245 -+ cache-sets = <512>;
1246 - cache-line-size = <32>;
1247 - arm,parity-disable;
1248 -- arm,tag-latency = <1>;
1249 -- arm,data-latency = <1 1>;
1250 -- arm,dirty-latency = <1>;
1251 -+ arm,tag-latency = <1 1 1>;
1252 -+ arm,data-latency = <1 1 1>;
1253 - };
1254 -
1255 - scu: scu@1f000000 {
1256 -diff --git a/arch/arm/boot/dts/sun4i-a10-a1000.dts b/arch/arm/boot/dts/sun4i-a10-a1000.dts
1257 -index c92a1ae..fa70b8f 100644
1258 ---- a/arch/arm/boot/dts/sun4i-a10-a1000.dts
1259 -+++ b/arch/arm/boot/dts/sun4i-a10-a1000.dts
1260 -@@ -84,6 +84,7 @@
1261 - regulator-name = "emac-3v3";
1262 - regulator-min-microvolt = <3300000>;
1263 - regulator-max-microvolt = <3300000>;
1264 -+ startup-delay-us = <20000>;
1265 - enable-active-high;
1266 - gpio = <&pio 7 15 GPIO_ACTIVE_HIGH>;
1267 - };
1268 -diff --git a/arch/arm/boot/dts/sun4i-a10-hackberry.dts b/arch/arm/boot/dts/sun4i-a10-hackberry.dts
1269 -index 2b17c51..6de83a6 100644
1270 ---- a/arch/arm/boot/dts/sun4i-a10-hackberry.dts
1271 -+++ b/arch/arm/boot/dts/sun4i-a10-hackberry.dts
1272 -@@ -66,6 +66,7 @@
1273 - regulator-name = "emac-3v3";
1274 - regulator-min-microvolt = <3300000>;
1275 - regulator-max-microvolt = <3300000>;
1276 -+ startup-delay-us = <20000>;
1277 - enable-active-high;
1278 - gpio = <&pio 7 19 GPIO_ACTIVE_HIGH>;
1279 - };
1280 -diff --git a/arch/arm/boot/dts/sun4i-a10-jesurun-q5.dts b/arch/arm/boot/dts/sun4i-a10-jesurun-q5.dts
1281 -index 7afc7a6..e28f080 100644
1282 ---- a/arch/arm/boot/dts/sun4i-a10-jesurun-q5.dts
1283 -+++ b/arch/arm/boot/dts/sun4i-a10-jesurun-q5.dts
1284 -@@ -80,6 +80,7 @@
1285 - regulator-name = "emac-3v3";
1286 - regulator-min-microvolt = <3300000>;
1287 - regulator-max-microvolt = <3300000>;
1288 -+ startup-delay-us = <20000>;
1289 - enable-active-high;
1290 - gpio = <&pio 7 19 GPIO_ACTIVE_HIGH>; /* PH19 */
1291 - };
1292 -diff --git a/arch/arm/boot/dts/sun5i-a10s-wobo-i5.dts b/arch/arm/boot/dts/sun5i-a10s-wobo-i5.dts
1293 -index 9fea918..39731a7 100644
1294 ---- a/arch/arm/boot/dts/sun5i-a10s-wobo-i5.dts
1295 -+++ b/arch/arm/boot/dts/sun5i-a10s-wobo-i5.dts
1296 -@@ -79,6 +79,7 @@
1297 - regulator-name = "emac-3v3";
1298 - regulator-min-microvolt = <3300000>;
1299 - regulator-max-microvolt = <3300000>;
1300 -+ startup-delay-us = <20000>;
1301 - enable-active-high;
1302 - gpio = <&pio 0 2 GPIO_ACTIVE_HIGH>;
1303 - };
1304 -diff --git a/arch/arm/boot/dts/tegra124-jetson-tk1.dts b/arch/arm/boot/dts/tegra124-jetson-tk1.dts
1305 -index 941f362..f4d8125 100644
1306 ---- a/arch/arm/boot/dts/tegra124-jetson-tk1.dts
1307 -+++ b/arch/arm/boot/dts/tegra124-jetson-tk1.dts
1308 -@@ -1386,7 +1386,7 @@
1309 - * Pin 41: BR_UART1_TXD
1310 - * Pin 44: BR_UART1_RXD
1311 - */
1312 -- serial@70006000 {
1313 -+ serial@0,70006000 {
1314 - compatible = "nvidia,tegra124-hsuart", "nvidia,tegra30-hsuart";
1315 - status = "okay";
1316 - };
1317 -@@ -1398,7 +1398,7 @@
1318 - * Pin 71: UART2_CTS_L
1319 - * Pin 74: UART2_RTS_L
1320 - */
1321 -- serial@70006040 {
1322 -+ serial@0,70006040 {
1323 - compatible = "nvidia,tegra124-hsuart", "nvidia,tegra30-hsuart";
1324 - status = "okay";
1325 - };
1326 -diff --git a/arch/arm/configs/aspeed_g4_defconfig b/arch/arm/configs/aspeed_g4_defconfig
1327 -index b6e54ee..ca39c04 100644
1328 ---- a/arch/arm/configs/aspeed_g4_defconfig
1329 -+++ b/arch/arm/configs/aspeed_g4_defconfig
1330 -@@ -58,7 +58,7 @@ CONFIG_SERIAL_OF_PLATFORM=y
1331 - # CONFIG_IOMMU_SUPPORT is not set
1332 - CONFIG_FIRMWARE_MEMMAP=y
1333 - CONFIG_FANOTIFY=y
1334 --CONFIG_PRINTK_TIME=1
1335 -+CONFIG_PRINTK_TIME=y
1336 - CONFIG_DYNAMIC_DEBUG=y
1337 - CONFIG_STRIP_ASM_SYMS=y
1338 - CONFIG_PAGE_POISONING=y
1339 -diff --git a/arch/arm/configs/aspeed_g5_defconfig b/arch/arm/configs/aspeed_g5_defconfig
1340 -index 8926051..4f366b0 100644
1341 ---- a/arch/arm/configs/aspeed_g5_defconfig
1342 -+++ b/arch/arm/configs/aspeed_g5_defconfig
1343 -@@ -59,7 +59,7 @@ CONFIG_SERIAL_OF_PLATFORM=y
1344 - # CONFIG_IOMMU_SUPPORT is not set
1345 - CONFIG_FIRMWARE_MEMMAP=y
1346 - CONFIG_FANOTIFY=y
1347 --CONFIG_PRINTK_TIME=1
1348 -+CONFIG_PRINTK_TIME=y
1349 - CONFIG_DYNAMIC_DEBUG=y
1350 - CONFIG_STRIP_ASM_SYMS=y
1351 - CONFIG_PAGE_POISONING=y
1352 -diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
1353 -index ff7ed56..d2485c7 100644
1354 ---- a/arch/arm/mm/dma-mapping.c
1355 -+++ b/arch/arm/mm/dma-mapping.c
1356 -@@ -49,6 +49,7 @@ struct arm_dma_alloc_args {
1357 - pgprot_t prot;
1358 - const void *caller;
1359 - bool want_vaddr;
1360 -+ int coherent_flag;
1361 - };
1362 -
1363 - struct arm_dma_free_args {
1364 -@@ -59,6 +60,9 @@ struct arm_dma_free_args {
1365 - bool want_vaddr;
1366 - };
1367 -
1368 -+#define NORMAL 0
1369 -+#define COHERENT 1
1370 -+
1371 - struct arm_dma_allocator {
1372 - void *(*alloc)(struct arm_dma_alloc_args *args,
1373 - struct page **ret_page);
1374 -@@ -272,7 +276,7 @@ static u64 get_coherent_dma_mask(struct device *dev)
1375 - return mask;
1376 - }
1377 -
1378 --static void __dma_clear_buffer(struct page *page, size_t size)
1379 -+static void __dma_clear_buffer(struct page *page, size_t size, int coherent_flag)
1380 - {
1381 - /*
1382 - * Ensure that the allocated pages are zeroed, and that any data
1383 -@@ -284,17 +288,21 @@ static void __dma_clear_buffer(struct page *page, size_t size)
1384 - while (size > 0) {
1385 - void *ptr = kmap_atomic(page);
1386 - memset(ptr, 0, PAGE_SIZE);
1387 -- dmac_flush_range(ptr, ptr + PAGE_SIZE);
1388 -+ if (coherent_flag != COHERENT)
1389 -+ dmac_flush_range(ptr, ptr + PAGE_SIZE);
1390 - kunmap_atomic(ptr);
1391 - page++;
1392 - size -= PAGE_SIZE;
1393 - }
1394 -- outer_flush_range(base, end);
1395 -+ if (coherent_flag != COHERENT)
1396 -+ outer_flush_range(base, end);
1397 - } else {
1398 - void *ptr = page_address(page);
1399 - memset(ptr, 0, size);
1400 -- dmac_flush_range(ptr, ptr + size);
1401 -- outer_flush_range(__pa(ptr), __pa(ptr) + size);
1402 -+ if (coherent_flag != COHERENT) {
1403 -+ dmac_flush_range(ptr, ptr + size);
1404 -+ outer_flush_range(__pa(ptr), __pa(ptr) + size);
1405 -+ }
1406 - }
1407 - }
1408 -
1409 -@@ -302,7 +310,8 @@ static void __dma_clear_buffer(struct page *page, size_t size)
1410 - * Allocate a DMA buffer for 'dev' of size 'size' using the
1411 - * specified gfp mask. Note that 'size' must be page aligned.
1412 - */
1413 --static struct page *__dma_alloc_buffer(struct device *dev, size_t size, gfp_t gfp)
1414 -+static struct page *__dma_alloc_buffer(struct device *dev, size_t size,
1415 -+ gfp_t gfp, int coherent_flag)
1416 - {
1417 - unsigned long order = get_order(size);
1418 - struct page *page, *p, *e;
1419 -@@ -318,7 +327,7 @@ static struct page *__dma_alloc_buffer(struct device *dev, size_t size, gfp_t gf
1420 - for (p = page + (size >> PAGE_SHIFT), e = page + (1 << order); p < e; p++)
1421 - __free_page(p);
1422 -
1423 -- __dma_clear_buffer(page, size);
1424 -+ __dma_clear_buffer(page, size, coherent_flag);
1425 -
1426 - return page;
1427 - }
1428 -@@ -340,7 +349,8 @@ static void __dma_free_buffer(struct page *page, size_t size)
1429 -
1430 - static void *__alloc_from_contiguous(struct device *dev, size_t size,
1431 - pgprot_t prot, struct page **ret_page,
1432 -- const void *caller, bool want_vaddr);
1433 -+ const void *caller, bool want_vaddr,
1434 -+ int coherent_flag);
1435 -
1436 - static void *__alloc_remap_buffer(struct device *dev, size_t size, gfp_t gfp,
1437 - pgprot_t prot, struct page **ret_page,
1438 -@@ -405,10 +415,13 @@ static int __init atomic_pool_init(void)
1439 - atomic_pool = gen_pool_create(PAGE_SHIFT, -1);
1440 - if (!atomic_pool)
1441 - goto out;
1442 --
1443 -+ /*
1444 -+ * The atomic pool is only used for non-coherent allocations
1445 -+ * so we must pass NORMAL for coherent_flag.
1446 -+ */
1447 - if (dev_get_cma_area(NULL))
1448 - ptr = __alloc_from_contiguous(NULL, atomic_pool_size, prot,
1449 -- &page, atomic_pool_init, true);
1450 -+ &page, atomic_pool_init, true, NORMAL);
1451 - else
1452 - ptr = __alloc_remap_buffer(NULL, atomic_pool_size, gfp, prot,
1453 - &page, atomic_pool_init, true);
1454 -@@ -522,7 +535,11 @@ static void *__alloc_remap_buffer(struct device *dev, size_t size, gfp_t gfp,
1455 - {
1456 - struct page *page;
1457 - void *ptr = NULL;
1458 -- page = __dma_alloc_buffer(dev, size, gfp);
1459 -+ /*
1460 -+ * __alloc_remap_buffer is only called when the device is
1461 -+ * non-coherent
1462 -+ */
1463 -+ page = __dma_alloc_buffer(dev, size, gfp, NORMAL);
1464 - if (!page)
1465 - return NULL;
1466 - if (!want_vaddr)
1467 -@@ -577,7 +594,8 @@ static int __free_from_pool(void *start, size_t size)
1468 -
1469 - static void *__alloc_from_contiguous(struct device *dev, size_t size,
1470 - pgprot_t prot, struct page **ret_page,
1471 -- const void *caller, bool want_vaddr)
1472 -+ const void *caller, bool want_vaddr,
1473 -+ int coherent_flag)
1474 - {
1475 - unsigned long order = get_order(size);
1476 - size_t count = size >> PAGE_SHIFT;
1477 -@@ -588,7 +606,7 @@ static void *__alloc_from_contiguous(struct device *dev, size_t size,
1478 - if (!page)
1479 - return NULL;
1480 -
1481 -- __dma_clear_buffer(page, size);
1482 -+ __dma_clear_buffer(page, size, coherent_flag);
1483 -
1484 - if (!want_vaddr)
1485 - goto out;
1486 -@@ -638,7 +656,7 @@ static inline pgprot_t __get_dma_pgprot(struct dma_attrs *attrs, pgprot_t prot)
1487 - #define __get_dma_pgprot(attrs, prot) __pgprot(0)
1488 - #define __alloc_remap_buffer(dev, size, gfp, prot, ret, c, wv) NULL
1489 - #define __alloc_from_pool(size, ret_page) NULL
1490 --#define __alloc_from_contiguous(dev, size, prot, ret, c, wv) NULL
1491 -+#define __alloc_from_contiguous(dev, size, prot, ret, c, wv, coherent_flag) NULL
1492 - #define __free_from_pool(cpu_addr, size) do { } while (0)
1493 - #define __free_from_contiguous(dev, page, cpu_addr, size, wv) do { } while (0)
1494 - #define __dma_free_remap(cpu_addr, size) do { } while (0)
1495 -@@ -649,7 +667,8 @@ static void *__alloc_simple_buffer(struct device *dev, size_t size, gfp_t gfp,
1496 - struct page **ret_page)
1497 - {
1498 - struct page *page;
1499 -- page = __dma_alloc_buffer(dev, size, gfp);
1500 -+ /* __alloc_simple_buffer is only called when the device is coherent */
1501 -+ page = __dma_alloc_buffer(dev, size, gfp, COHERENT);
1502 - if (!page)
1503 - return NULL;
1504 -
1505 -@@ -679,7 +698,7 @@ static void *cma_allocator_alloc(struct arm_dma_alloc_args *args,
1506 - {
1507 - return __alloc_from_contiguous(args->dev, args->size, args->prot,
1508 - ret_page, args->caller,
1509 -- args->want_vaddr);
1510 -+ args->want_vaddr, args->coherent_flag);
1511 - }
1512 -
1513 - static void cma_allocator_free(struct arm_dma_free_args *args)
1514 -@@ -746,6 +765,7 @@ static void *__dma_alloc(struct device *dev, size_t size, dma_addr_t *handle,
1515 - .prot = prot,
1516 - .caller = caller,
1517 - .want_vaddr = !dma_get_attr(DMA_ATTR_NO_KERNEL_MAPPING, attrs),
1518 -+ .coherent_flag = is_coherent ? COHERENT : NORMAL,
1519 - };
1520 -
1521 - #ifdef CONFIG_DMA_API_DEBUG
1522 -@@ -1253,7 +1273,8 @@ static inline void __free_iova(struct dma_iommu_mapping *mapping,
1523 - static const int iommu_order_array[] = { 9, 8, 4, 0 };
1524 -
1525 - static struct page **__iommu_alloc_buffer(struct device *dev, size_t size,
1526 -- gfp_t gfp, struct dma_attrs *attrs)
1527 -+ gfp_t gfp, struct dma_attrs *attrs,
1528 -+ int coherent_flag)
1529 - {
1530 - struct page **pages;
1531 - int count = size >> PAGE_SHIFT;
1532 -@@ -1277,7 +1298,7 @@ static struct page **__iommu_alloc_buffer(struct device *dev, size_t size,
1533 - if (!page)
1534 - goto error;
1535 -
1536 -- __dma_clear_buffer(page, size);
1537 -+ __dma_clear_buffer(page, size, coherent_flag);
1538 -
1539 - for (i = 0; i < count; i++)
1540 - pages[i] = page + i;
1541 -@@ -1327,7 +1348,7 @@ static struct page **__iommu_alloc_buffer(struct device *dev, size_t size,
1542 - pages[i + j] = pages[i] + j;
1543 - }
1544 -
1545 -- __dma_clear_buffer(pages[i], PAGE_SIZE << order);
1546 -+ __dma_clear_buffer(pages[i], PAGE_SIZE << order, coherent_flag);
1547 - i += 1 << order;
1548 - count -= 1 << order;
1549 - }
1550 -@@ -1505,7 +1526,8 @@ static void *arm_iommu_alloc_attrs(struct device *dev, size_t size,
1551 - */
1552 - gfp &= ~(__GFP_COMP);
1553 -
1554 -- pages = __iommu_alloc_buffer(dev, size, gfp, attrs);
1555 -+ /* For now always consider we are in a non-coherent case */
1556 -+ pages = __iommu_alloc_buffer(dev, size, gfp, attrs, NORMAL);
1557 - if (!pages)
1558 - return NULL;
1559 -
1560 -diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
1561 -index 5a0a691..2038492 100644
1562 ---- a/arch/arm64/Kconfig
1563 -+++ b/arch/arm64/Kconfig
1564 -@@ -872,7 +872,7 @@ config RELOCATABLE
1565 -
1566 - config RANDOMIZE_BASE
1567 - bool "Randomize the address of the kernel image"
1568 -- select ARM64_MODULE_PLTS
1569 -+ select ARM64_MODULE_PLTS if MODULES
1570 - select RELOCATABLE
1571 - help
1572 - Randomizes the virtual address at which the kernel image is
1573 -diff --git a/arch/arm64/boot/dts/rockchip/rk3368.dtsi b/arch/arm64/boot/dts/rockchip/rk3368.dtsi
1574 -index 8b4a7c9..080203e 100644
1575 ---- a/arch/arm64/boot/dts/rockchip/rk3368.dtsi
1576 -+++ b/arch/arm64/boot/dts/rockchip/rk3368.dtsi
1577 -@@ -670,7 +670,7 @@
1578 - #address-cells = <0>;
1579 -
1580 - reg = <0x0 0xffb71000 0x0 0x1000>,
1581 -- <0x0 0xffb72000 0x0 0x1000>,
1582 -+ <0x0 0xffb72000 0x0 0x2000>,
1583 - <0x0 0xffb74000 0x0 0x2000>,
1584 - <0x0 0xffb76000 0x0 0x2000>;
1585 - interrupts = <GIC_PPI 9
1586 -diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c
1587 -index 4fbf3c5..0800d23 100644
1588 ---- a/arch/arm64/kernel/debug-monitors.c
1589 -+++ b/arch/arm64/kernel/debug-monitors.c
1590 -@@ -151,7 +151,6 @@ static int debug_monitors_init(void)
1591 - /* Clear the OS lock. */
1592 - on_each_cpu(clear_os_lock, NULL, 1);
1593 - isb();
1594 -- local_dbg_enable();
1595 -
1596 - /* Register hotplug handler. */
1597 - __register_cpu_notifier(&os_lock_nb);
1598 -diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c
1599 -index 21ab5df..65d81f9 100644
1600 ---- a/arch/arm64/kernel/hibernate.c
1601 -+++ b/arch/arm64/kernel/hibernate.c
1602 -@@ -35,6 +35,7 @@
1603 - #include <asm/sections.h>
1604 - #include <asm/smp.h>
1605 - #include <asm/suspend.h>
1606 -+#include <asm/sysreg.h>
1607 - #include <asm/virt.h>
1608 -
1609 - /*
1610 -@@ -217,12 +218,22 @@ static int create_safe_exec_page(void *src_start, size_t length,
1611 - set_pte(pte, __pte(virt_to_phys((void *)dst) |
1612 - pgprot_val(PAGE_KERNEL_EXEC)));
1613 -
1614 -- /* Load our new page tables */
1615 -- asm volatile("msr ttbr0_el1, %0;"
1616 -- "isb;"
1617 -- "tlbi vmalle1is;"
1618 -- "dsb ish;"
1619 -- "isb" : : "r"(virt_to_phys(pgd)));
1620 -+ /*
1621 -+ * Load our new page tables. A strict BBM approach requires that we
1622 -+ * ensure that TLBs are free of any entries that may overlap with the
1623 -+ * global mappings we are about to install.
1624 -+ *
1625 -+ * For a real hibernate/resume cycle TTBR0 currently points to a zero
1626 -+ * page, but TLBs may contain stale ASID-tagged entries (e.g. for EFI
1627 -+ * runtime services), while for a userspace-driven test_resume cycle it
1628 -+ * points to userspace page tables (and we must point it at a zero page
1629 -+ * ourselves). Elsewhere we only (un)install the idmap with preemption
1630 -+ * disabled, so T0SZ should be as required regardless.
1631 -+ */
1632 -+ cpu_set_reserved_ttbr0();
1633 -+ local_flush_tlb_all();
1634 -+ write_sysreg(virt_to_phys(pgd), ttbr0_el1);
1635 -+ isb();
1636 -
1637 - *phys_dst_addr = virt_to_phys((void *)dst);
1638 -
1639 -@@ -394,6 +405,38 @@ int swsusp_arch_resume(void)
1640 - void *, phys_addr_t, phys_addr_t);
1641 -
1642 - /*
1643 -+ * Restoring the memory image will overwrite the ttbr1 page tables.
1644 -+ * Create a second copy of just the linear map, and use this when
1645 -+ * restoring.
1646 -+ */
1647 -+ tmp_pg_dir = (pgd_t *)get_safe_page(GFP_ATOMIC);
1648 -+ if (!tmp_pg_dir) {
1649 -+ pr_err("Failed to allocate memory for temporary page tables.");
1650 -+ rc = -ENOMEM;
1651 -+ goto out;
1652 -+ }
1653 -+ rc = copy_page_tables(tmp_pg_dir, PAGE_OFFSET, 0);
1654 -+ if (rc)
1655 -+ goto out;
1656 -+
1657 -+ /*
1658 -+ * Since we only copied the linear map, we need to find restore_pblist's
1659 -+ * linear map address.
1660 -+ */
1661 -+ lm_restore_pblist = LMADDR(restore_pblist);
1662 -+
1663 -+ /*
1664 -+ * We need a zero page that is zero before & after resume in order to
1665 -+ * to break before make on the ttbr1 page tables.
1666 -+ */
1667 -+ zero_page = (void *)get_safe_page(GFP_ATOMIC);
1668 -+ if (!zero_page) {
1669 -+ pr_err("Failed to allocate zero page.");
1670 -+ rc = -ENOMEM;
1671 -+ goto out;
1672 -+ }
1673 -+
1674 -+ /*
1675 - * Locate the exit code in the bottom-but-one page, so that *NULL
1676 - * still has disastrous affects.
1677 - */
1678 -@@ -419,27 +462,6 @@ int swsusp_arch_resume(void)
1679 - __flush_dcache_area(hibernate_exit, exit_size);
1680 -
1681 - /*
1682 -- * Restoring the memory image will overwrite the ttbr1 page tables.
1683 -- * Create a second copy of just the linear map, and use this when
1684 -- * restoring.
1685 -- */
1686 -- tmp_pg_dir = (pgd_t *)get_safe_page(GFP_ATOMIC);
1687 -- if (!tmp_pg_dir) {
1688 -- pr_err("Failed to allocate memory for temporary page tables.");
1689 -- rc = -ENOMEM;
1690 -- goto out;
1691 -- }
1692 -- rc = copy_page_tables(tmp_pg_dir, PAGE_OFFSET, 0);
1693 -- if (rc)
1694 -- goto out;
1695 --
1696 -- /*
1697 -- * Since we only copied the linear map, we need to find restore_pblist's
1698 -- * linear map address.
1699 -- */
1700 -- lm_restore_pblist = LMADDR(restore_pblist);
1701 --
1702 -- /*
1703 - * KASLR will cause the el2 vectors to be in a different location in
1704 - * the resumed kernel. Load hibernate's temporary copy into el2.
1705 - *
1706 -@@ -453,12 +475,6 @@ int swsusp_arch_resume(void)
1707 - __hyp_set_vectors(el2_vectors);
1708 - }
1709 -
1710 -- /*
1711 -- * We need a zero page that is zero before & after resume in order to
1712 -- * to break before make on the ttbr1 page tables.
1713 -- */
1714 -- zero_page = (void *)get_safe_page(GFP_ATOMIC);
1715 --
1716 - hibernate_exit(virt_to_phys(tmp_pg_dir), resume_hdr.ttbr1_el1,
1717 - resume_hdr.reenter_kernel, lm_restore_pblist,
1718 - resume_hdr.__hyp_stub_vectors, virt_to_phys(zero_page));
1719 -diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
1720 -index 62ff3c0..490db85 100644
1721 ---- a/arch/arm64/kernel/smp.c
1722 -+++ b/arch/arm64/kernel/smp.c
1723 -@@ -267,7 +267,6 @@ asmlinkage void secondary_start_kernel(void)
1724 - set_cpu_online(cpu, true);
1725 - complete(&cpu_running);
1726 -
1727 -- local_dbg_enable();
1728 - local_irq_enable();
1729 - local_async_enable();
1730 -
1731 -@@ -437,9 +436,9 @@ void __init smp_cpus_done(unsigned int max_cpus)
1732 -
1733 - void __init smp_prepare_boot_cpu(void)
1734 - {
1735 -+ set_my_cpu_offset(per_cpu_offset(smp_processor_id()));
1736 - cpuinfo_store_boot_cpu();
1737 - save_boot_cpu_run_el();
1738 -- set_my_cpu_offset(per_cpu_offset(smp_processor_id()));
1739 - }
1740 -
1741 - static u64 __init of_get_cpu_mpidr(struct device_node *dn)
1742 -@@ -694,6 +693,13 @@ void __init smp_prepare_cpus(unsigned int max_cpus)
1743 - smp_store_cpu_info(smp_processor_id());
1744 -
1745 - /*
1746 -+ * If UP is mandated by "nosmp" (which implies "maxcpus=0"), don't set
1747 -+ * secondary CPUs present.
1748 -+ */
1749 -+ if (max_cpus == 0)
1750 -+ return;
1751 -+
1752 -+ /*
1753 - * Initialise the present map (which describes the set of CPUs
1754 - * actually populated at the present time) and release the
1755 - * secondaries from the bootloader.
1756 -diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
1757 -index 435e820..e564d45 100644
1758 ---- a/arch/arm64/kernel/vmlinux.lds.S
1759 -+++ b/arch/arm64/kernel/vmlinux.lds.S
1760 -@@ -181,9 +181,9 @@ SECTIONS
1761 - *(.hash)
1762 - }
1763 -
1764 -- __rela_offset = ADDR(.rela) - KIMAGE_VADDR;
1765 -+ __rela_offset = ABSOLUTE(ADDR(.rela) - KIMAGE_VADDR);
1766 - __rela_size = SIZEOF(.rela);
1767 -- __dynsym_offset = ADDR(.dynsym) - KIMAGE_VADDR;
1768 -+ __dynsym_offset = ABSOLUTE(ADDR(.dynsym) - KIMAGE_VADDR);
1769 -
1770 - . = ALIGN(SEGMENT_ALIGN);
1771 - __init_end = .;
1772 -diff --git a/arch/arm64/kvm/hyp/sysreg-sr.c b/arch/arm64/kvm/hyp/sysreg-sr.c
1773 -index 0f7c40e..9341376 100644
1774 ---- a/arch/arm64/kvm/hyp/sysreg-sr.c
1775 -+++ b/arch/arm64/kvm/hyp/sysreg-sr.c
1776 -@@ -27,8 +27,8 @@ static void __hyp_text __sysreg_do_nothing(struct kvm_cpu_context *ctxt) { }
1777 - /*
1778 - * Non-VHE: Both host and guest must save everything.
1779 - *
1780 -- * VHE: Host must save tpidr*_el[01], actlr_el1, sp0, pc, pstate, and
1781 -- * guest must save everything.
1782 -+ * VHE: Host must save tpidr*_el[01], actlr_el1, mdscr_el1, sp0, pc,
1783 -+ * pstate, and guest must save everything.
1784 - */
1785 -
1786 - static void __hyp_text __sysreg_save_common_state(struct kvm_cpu_context *ctxt)
1787 -@@ -37,6 +37,7 @@ static void __hyp_text __sysreg_save_common_state(struct kvm_cpu_context *ctxt)
1788 - ctxt->sys_regs[TPIDR_EL0] = read_sysreg(tpidr_el0);
1789 - ctxt->sys_regs[TPIDRRO_EL0] = read_sysreg(tpidrro_el0);
1790 - ctxt->sys_regs[TPIDR_EL1] = read_sysreg(tpidr_el1);
1791 -+ ctxt->sys_regs[MDSCR_EL1] = read_sysreg(mdscr_el1);
1792 - ctxt->gp_regs.regs.sp = read_sysreg(sp_el0);
1793 - ctxt->gp_regs.regs.pc = read_sysreg_el2(elr);
1794 - ctxt->gp_regs.regs.pstate = read_sysreg_el2(spsr);
1795 -@@ -61,7 +62,6 @@ static void __hyp_text __sysreg_save_state(struct kvm_cpu_context *ctxt)
1796 - ctxt->sys_regs[AMAIR_EL1] = read_sysreg_el1(amair);
1797 - ctxt->sys_regs[CNTKCTL_EL1] = read_sysreg_el1(cntkctl);
1798 - ctxt->sys_regs[PAR_EL1] = read_sysreg(par_el1);
1799 -- ctxt->sys_regs[MDSCR_EL1] = read_sysreg(mdscr_el1);
1800 -
1801 - ctxt->gp_regs.sp_el1 = read_sysreg(sp_el1);
1802 - ctxt->gp_regs.elr_el1 = read_sysreg_el1(elr);
1803 -@@ -90,6 +90,7 @@ static void __hyp_text __sysreg_restore_common_state(struct kvm_cpu_context *ctx
1804 - write_sysreg(ctxt->sys_regs[TPIDR_EL0], tpidr_el0);
1805 - write_sysreg(ctxt->sys_regs[TPIDRRO_EL0], tpidrro_el0);
1806 - write_sysreg(ctxt->sys_regs[TPIDR_EL1], tpidr_el1);
1807 -+ write_sysreg(ctxt->sys_regs[MDSCR_EL1], mdscr_el1);
1808 - write_sysreg(ctxt->gp_regs.regs.sp, sp_el0);
1809 - write_sysreg_el2(ctxt->gp_regs.regs.pc, elr);
1810 - write_sysreg_el2(ctxt->gp_regs.regs.pstate, spsr);
1811 -@@ -114,7 +115,6 @@ static void __hyp_text __sysreg_restore_state(struct kvm_cpu_context *ctxt)
1812 - write_sysreg_el1(ctxt->sys_regs[AMAIR_EL1], amair);
1813 - write_sysreg_el1(ctxt->sys_regs[CNTKCTL_EL1], cntkctl);
1814 - write_sysreg(ctxt->sys_regs[PAR_EL1], par_el1);
1815 -- write_sysreg(ctxt->sys_regs[MDSCR_EL1], mdscr_el1);
1816 -
1817 - write_sysreg(ctxt->gp_regs.sp_el1, sp_el1);
1818 - write_sysreg_el1(ctxt->gp_regs.elr_el1, elr);
1819 -diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
1820 -index e9e0e6d..898c0e6 100644
1821 ---- a/arch/arm64/kvm/inject_fault.c
1822 -+++ b/arch/arm64/kvm/inject_fault.c
1823 -@@ -132,16 +132,14 @@ static u64 get_except_vector(struct kvm_vcpu *vcpu, enum exception_type type)
1824 - static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr)
1825 - {
1826 - unsigned long cpsr = *vcpu_cpsr(vcpu);
1827 -- bool is_aarch32;
1828 -+ bool is_aarch32 = vcpu_mode_is_32bit(vcpu);
1829 - u32 esr = 0;
1830 -
1831 -- is_aarch32 = vcpu_mode_is_32bit(vcpu);
1832 --
1833 -- *vcpu_spsr(vcpu) = cpsr;
1834 - *vcpu_elr_el1(vcpu) = *vcpu_pc(vcpu);
1835 --
1836 - *vcpu_pc(vcpu) = get_except_vector(vcpu, except_type_sync);
1837 -+
1838 - *vcpu_cpsr(vcpu) = PSTATE_FAULT_BITS_64;
1839 -+ *vcpu_spsr(vcpu) = cpsr;
1840 -
1841 - vcpu_sys_reg(vcpu, FAR_EL1) = addr;
1842 -
1843 -@@ -172,11 +170,11 @@ static void inject_undef64(struct kvm_vcpu *vcpu)
1844 - unsigned long cpsr = *vcpu_cpsr(vcpu);
1845 - u32 esr = (ESR_ELx_EC_UNKNOWN << ESR_ELx_EC_SHIFT);
1846 -
1847 -- *vcpu_spsr(vcpu) = cpsr;
1848 - *vcpu_elr_el1(vcpu) = *vcpu_pc(vcpu);
1849 --
1850 - *vcpu_pc(vcpu) = get_except_vector(vcpu, except_type_sync);
1851 -+
1852 - *vcpu_cpsr(vcpu) = PSTATE_FAULT_BITS_64;
1853 -+ *vcpu_spsr(vcpu) = cpsr;
1854 -
1855 - /*
1856 - * Build an unknown exception, depending on the instruction
1857 -diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
1858 -index 0f85a46..3e90a2c 100644
1859 ---- a/arch/arm64/mm/mmu.c
1860 -+++ b/arch/arm64/mm/mmu.c
1861 -@@ -748,9 +748,9 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot)
1862 - /*
1863 - * Check whether the physical FDT address is set and meets the minimum
1864 - * alignment requirement. Since we are relying on MIN_FDT_ALIGN to be
1865 -- * at least 8 bytes so that we can always access the size field of the
1866 -- * FDT header after mapping the first chunk, double check here if that
1867 -- * is indeed the case.
1868 -+ * at least 8 bytes so that we can always access the magic and size
1869 -+ * fields of the FDT header after mapping the first chunk, double check
1870 -+ * here if that is indeed the case.
1871 - */
1872 - BUILD_BUG_ON(MIN_FDT_ALIGN < 8);
1873 - if (!dt_phys || dt_phys % MIN_FDT_ALIGN)
1874 -@@ -778,7 +778,7 @@ void *__init __fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot)
1875 - create_mapping_noalloc(round_down(dt_phys, SWAPPER_BLOCK_SIZE),
1876 - dt_virt_base, SWAPPER_BLOCK_SIZE, prot);
1877 -
1878 -- if (fdt_check_header(dt_virt) != 0)
1879 -+ if (fdt_magic(dt_virt) != FDT_MAGIC)
1880 - return NULL;
1881 -
1882 - *size = fdt_totalsize(dt_virt);
1883 -diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
1884 -index c431787..5bb61de 100644
1885 ---- a/arch/arm64/mm/proc.S
1886 -+++ b/arch/arm64/mm/proc.S
1887 -@@ -180,6 +180,8 @@ ENTRY(__cpu_setup)
1888 - msr cpacr_el1, x0 // Enable FP/ASIMD
1889 - mov x0, #1 << 12 // Reset mdscr_el1 and disable
1890 - msr mdscr_el1, x0 // access to the DCC from EL0
1891 -+ isb // Unmask debug exceptions now,
1892 -+ enable_dbg // since this is per-cpu
1893 - reset_pmuserenr_el0 x0 // Disable PMU access from EL0
1894 - /*
1895 - * Memory region attributes for LPAE:
1896 -diff --git a/arch/metag/include/asm/cmpxchg_lnkget.h b/arch/metag/include/asm/cmpxchg_lnkget.h
1897 -index 0154e28..2369ad3 100644
1898 ---- a/arch/metag/include/asm/cmpxchg_lnkget.h
1899 -+++ b/arch/metag/include/asm/cmpxchg_lnkget.h
1900 -@@ -73,7 +73,7 @@ static inline unsigned long __cmpxchg_u32(volatile int *m, unsigned long old,
1901 - " DCACHE [%2], %0\n"
1902 - #endif
1903 - "2:\n"
1904 -- : "=&d" (temp), "=&da" (retval)
1905 -+ : "=&d" (temp), "=&d" (retval)
1906 - : "da" (m), "bd" (old), "da" (new)
1907 - : "cc"
1908 - );
1909 -diff --git a/arch/mips/kernel/cevt-r4k.c b/arch/mips/kernel/cevt-r4k.c
1910 -index e4c21bb..804d2a2 100644
1911 ---- a/arch/mips/kernel/cevt-r4k.c
1912 -+++ b/arch/mips/kernel/cevt-r4k.c
1913 -@@ -276,12 +276,7 @@ int r4k_clockevent_init(void)
1914 - CLOCK_EVT_FEAT_C3STOP |
1915 - CLOCK_EVT_FEAT_PERCPU;
1916 -
1917 -- clockevent_set_clock(cd, mips_hpt_frequency);
1918 --
1919 -- /* Calculate the min / max delta */
1920 -- cd->max_delta_ns = clockevent_delta2ns(0x7fffffff, cd);
1921 - min_delta = calculate_min_delta();
1922 -- cd->min_delta_ns = clockevent_delta2ns(min_delta, cd);
1923 -
1924 - cd->rating = 300;
1925 - cd->irq = irq;
1926 -@@ -289,7 +284,7 @@ int r4k_clockevent_init(void)
1927 - cd->set_next_event = mips_next_event;
1928 - cd->event_handler = mips_event_handler;
1929 -
1930 -- clockevents_register_device(cd);
1931 -+ clockevents_config_and_register(cd, mips_hpt_frequency, min_delta, 0x7fffffff);
1932 -
1933 - if (cp0_timer_irq_installed)
1934 - return 0;
1935 -diff --git a/arch/mips/kernel/csrc-r4k.c b/arch/mips/kernel/csrc-r4k.c
1936 -index 1f91056..d76275d 100644
1937 ---- a/arch/mips/kernel/csrc-r4k.c
1938 -+++ b/arch/mips/kernel/csrc-r4k.c
1939 -@@ -23,7 +23,7 @@ static struct clocksource clocksource_mips = {
1940 - .flags = CLOCK_SOURCE_IS_CONTINUOUS,
1941 - };
1942 -
1943 --static u64 notrace r4k_read_sched_clock(void)
1944 -+static u64 __maybe_unused notrace r4k_read_sched_clock(void)
1945 - {
1946 - return read_c0_count();
1947 - }
1948 -@@ -82,7 +82,9 @@ int __init init_r4k_clocksource(void)
1949 -
1950 - clocksource_register_hz(&clocksource_mips, mips_hpt_frequency);
1951 -
1952 -+#ifndef CONFIG_CPU_FREQ
1953 - sched_clock_register(r4k_read_sched_clock, 32, mips_hpt_frequency);
1954 -+#endif
1955 -
1956 - return 0;
1957 - }
1958 -diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
1959 -index 645c8a1..2b42a74 100644
1960 ---- a/arch/mips/kvm/emulate.c
1961 -+++ b/arch/mips/kvm/emulate.c
1962 -@@ -1615,8 +1615,14 @@ enum emulation_result kvm_mips_emulate_cache(uint32_t inst, uint32_t *opc,
1963 -
1964 - preempt_disable();
1965 - if (KVM_GUEST_KSEGX(va) == KVM_GUEST_KSEG0) {
1966 -- if (kvm_mips_host_tlb_lookup(vcpu, va) < 0)
1967 -- kvm_mips_handle_kseg0_tlb_fault(va, vcpu);
1968 -+ if (kvm_mips_host_tlb_lookup(vcpu, va) < 0 &&
1969 -+ kvm_mips_handle_kseg0_tlb_fault(va, vcpu)) {
1970 -+ kvm_err("%s: handling mapped kseg0 tlb fault for %lx, vcpu: %p, ASID: %#lx\n",
1971 -+ __func__, va, vcpu, read_c0_entryhi());
1972 -+ er = EMULATE_FAIL;
1973 -+ preempt_enable();
1974 -+ goto done;
1975 -+ }
1976 - } else if ((KVM_GUEST_KSEGX(va) < KVM_GUEST_KSEG0) ||
1977 - KVM_GUEST_KSEGX(va) == KVM_GUEST_KSEG23) {
1978 - int index;
1979 -@@ -1654,14 +1660,19 @@ enum emulation_result kvm_mips_emulate_cache(uint32_t inst, uint32_t *opc,
1980 - run, vcpu);
1981 - preempt_enable();
1982 - goto dont_update_pc;
1983 -- } else {
1984 -- /*
1985 -- * We fault an entry from the guest tlb to the
1986 -- * shadow host TLB
1987 -- */
1988 -- kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb,
1989 -- NULL,
1990 -- NULL);
1991 -+ }
1992 -+ /*
1993 -+ * We fault an entry from the guest tlb to the
1994 -+ * shadow host TLB
1995 -+ */
1996 -+ if (kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb,
1997 -+ NULL, NULL)) {
1998 -+ kvm_err("%s: handling mapped seg tlb fault for %lx, index: %u, vcpu: %p, ASID: %#lx\n",
1999 -+ __func__, va, index, vcpu,
2000 -+ read_c0_entryhi());
2001 -+ er = EMULATE_FAIL;
2002 -+ preempt_enable();
2003 -+ goto done;
2004 - }
2005 - }
2006 - } else {
2007 -@@ -2625,8 +2636,13 @@ enum emulation_result kvm_mips_handle_tlbmiss(unsigned long cause,
2008 - * OK we have a Guest TLB entry, now inject it into the
2009 - * shadow host TLB
2010 - */
2011 -- kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb, NULL,
2012 -- NULL);
2013 -+ if (kvm_mips_handle_mapped_seg_tlb_fault(vcpu, tlb,
2014 -+ NULL, NULL)) {
2015 -+ kvm_err("%s: handling mapped seg tlb fault for %lx, index: %u, vcpu: %p, ASID: %#lx\n",
2016 -+ __func__, va, index, vcpu,
2017 -+ read_c0_entryhi());
2018 -+ er = EMULATE_FAIL;
2019 -+ }
2020 - }
2021 - }
2022 -
2023 -diff --git a/arch/mips/kvm/tlb.c b/arch/mips/kvm/tlb.c
2024 -index ed021ae..ad2270f 100644
2025 ---- a/arch/mips/kvm/tlb.c
2026 -+++ b/arch/mips/kvm/tlb.c
2027 -@@ -284,7 +284,7 @@ int kvm_mips_handle_kseg0_tlb_fault(unsigned long badvaddr,
2028 - }
2029 -
2030 - gfn = (KVM_GUEST_CPHYSADDR(badvaddr) >> PAGE_SHIFT);
2031 -- if (gfn >= kvm->arch.guest_pmap_npages) {
2032 -+ if ((gfn | 1) >= kvm->arch.guest_pmap_npages) {
2033 - kvm_err("%s: Invalid gfn: %#llx, BadVaddr: %#lx\n", __func__,
2034 - gfn, badvaddr);
2035 - kvm_mips_dump_host_tlbs();
2036 -@@ -373,26 +373,40 @@ int kvm_mips_handle_mapped_seg_tlb_fault(struct kvm_vcpu *vcpu,
2037 - unsigned long entryhi = 0, entrylo0 = 0, entrylo1 = 0;
2038 - struct kvm *kvm = vcpu->kvm;
2039 - kvm_pfn_t pfn0, pfn1;
2040 -+ gfn_t gfn0, gfn1;
2041 -+ long tlb_lo[2];
2042 - int ret;
2043 -
2044 -- if ((tlb->tlb_hi & VPN2_MASK) == 0) {
2045 -- pfn0 = 0;
2046 -- pfn1 = 0;
2047 -- } else {
2048 -- if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb->tlb_lo0)
2049 -- >> PAGE_SHIFT) < 0)
2050 -- return -1;
2051 --
2052 -- if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb->tlb_lo1)
2053 -- >> PAGE_SHIFT) < 0)
2054 -- return -1;
2055 --
2056 -- pfn0 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb->tlb_lo0)
2057 -- >> PAGE_SHIFT];
2058 -- pfn1 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb->tlb_lo1)
2059 -- >> PAGE_SHIFT];
2060 -+ tlb_lo[0] = tlb->tlb_lo0;
2061 -+ tlb_lo[1] = tlb->tlb_lo1;
2062 -+
2063 -+ /*
2064 -+ * The commpage address must not be mapped to anything else if the guest
2065 -+ * TLB contains entries nearby, or commpage accesses will break.
2066 -+ */
2067 -+ if (!((tlb->tlb_hi ^ KVM_GUEST_COMMPAGE_ADDR) &
2068 -+ VPN2_MASK & (PAGE_MASK << 1)))
2069 -+ tlb_lo[(KVM_GUEST_COMMPAGE_ADDR >> PAGE_SHIFT) & 1] = 0;
2070 -+
2071 -+ gfn0 = mips3_tlbpfn_to_paddr(tlb_lo[0]) >> PAGE_SHIFT;
2072 -+ gfn1 = mips3_tlbpfn_to_paddr(tlb_lo[1]) >> PAGE_SHIFT;
2073 -+ if (gfn0 >= kvm->arch.guest_pmap_npages ||
2074 -+ gfn1 >= kvm->arch.guest_pmap_npages) {
2075 -+ kvm_err("%s: Invalid gfn: [%#llx, %#llx], EHi: %#lx\n",
2076 -+ __func__, gfn0, gfn1, tlb->tlb_hi);
2077 -+ kvm_mips_dump_guest_tlbs(vcpu);
2078 -+ return -1;
2079 - }
2080 -
2081 -+ if (kvm_mips_map_page(kvm, gfn0) < 0)
2082 -+ return -1;
2083 -+
2084 -+ if (kvm_mips_map_page(kvm, gfn1) < 0)
2085 -+ return -1;
2086 -+
2087 -+ pfn0 = kvm->arch.guest_pmap[gfn0];
2088 -+ pfn1 = kvm->arch.guest_pmap[gfn1];
2089 -+
2090 - if (hpa0)
2091 - *hpa0 = pfn0 << PAGE_SHIFT;
2092 -
2093 -@@ -401,9 +415,9 @@ int kvm_mips_handle_mapped_seg_tlb_fault(struct kvm_vcpu *vcpu,
2094 -
2095 - /* Get attributes from the Guest TLB */
2096 - entrylo0 = mips3_paddr_to_tlbpfn(pfn0 << PAGE_SHIFT) | (0x3 << 3) |
2097 -- (tlb->tlb_lo0 & MIPS3_PG_D) | (tlb->tlb_lo0 & MIPS3_PG_V);
2098 -+ (tlb_lo[0] & MIPS3_PG_D) | (tlb_lo[0] & MIPS3_PG_V);
2099 - entrylo1 = mips3_paddr_to_tlbpfn(pfn1 << PAGE_SHIFT) | (0x3 << 3) |
2100 -- (tlb->tlb_lo1 & MIPS3_PG_D) | (tlb->tlb_lo1 & MIPS3_PG_V);
2101 -+ (tlb_lo[1] & MIPS3_PG_D) | (tlb_lo[1] & MIPS3_PG_V);
2102 -
2103 - kvm_debug("@ %#lx tlb_lo0: 0x%08lx tlb_lo1: 0x%08lx\n", vcpu->arch.pc,
2104 - tlb->tlb_lo0, tlb->tlb_lo1);
2105 -@@ -776,10 +790,16 @@ uint32_t kvm_get_inst(uint32_t *opc, struct kvm_vcpu *vcpu)
2106 - local_irq_restore(flags);
2107 - return KVM_INVALID_INST;
2108 - }
2109 -- kvm_mips_handle_mapped_seg_tlb_fault(vcpu,
2110 -- &vcpu->arch.
2111 -- guest_tlb[index],
2112 -- NULL, NULL);
2113 -+ if (kvm_mips_handle_mapped_seg_tlb_fault(vcpu,
2114 -+ &vcpu->arch.guest_tlb[index],
2115 -+ NULL, NULL)) {
2116 -+ kvm_err("%s: handling mapped seg tlb fault failed for %p, index: %u, vcpu: %p, ASID: %#lx\n",
2117 -+ __func__, opc, index, vcpu,
2118 -+ read_c0_entryhi());
2119 -+ kvm_mips_dump_guest_tlbs(vcpu);
2120 -+ local_irq_restore(flags);
2121 -+ return KVM_INVALID_INST;
2122 -+ }
2123 - inst = *(opc);
2124 - }
2125 - local_irq_restore(flags);
2126 -diff --git a/arch/mips/loongson64/loongson-3/hpet.c b/arch/mips/loongson64/loongson-3/hpet.c
2127 -index 249039a..4788bea 100644
2128 ---- a/arch/mips/loongson64/loongson-3/hpet.c
2129 -+++ b/arch/mips/loongson64/loongson-3/hpet.c
2130 -@@ -13,8 +13,8 @@
2131 - #define SMBUS_PCI_REG64 0x64
2132 - #define SMBUS_PCI_REGB4 0xb4
2133 -
2134 --#define HPET_MIN_CYCLES 64
2135 --#define HPET_MIN_PROG_DELTA (HPET_MIN_CYCLES + (HPET_MIN_CYCLES >> 1))
2136 -+#define HPET_MIN_CYCLES 16
2137 -+#define HPET_MIN_PROG_DELTA (HPET_MIN_CYCLES * 12)
2138 -
2139 - static DEFINE_SPINLOCK(hpet_lock);
2140 - DEFINE_PER_CPU(struct clock_event_device, hpet_clockevent_device);
2141 -@@ -157,14 +157,14 @@ static int hpet_tick_resume(struct clock_event_device *evt)
2142 - static int hpet_next_event(unsigned long delta,
2143 - struct clock_event_device *evt)
2144 - {
2145 -- unsigned int cnt;
2146 -- int res;
2147 -+ u32 cnt;
2148 -+ s32 res;
2149 -
2150 - cnt = hpet_read(HPET_COUNTER);
2151 -- cnt += delta;
2152 -+ cnt += (u32) delta;
2153 - hpet_write(HPET_T0_CMP, cnt);
2154 -
2155 -- res = (int)(cnt - hpet_read(HPET_COUNTER));
2156 -+ res = (s32)(cnt - hpet_read(HPET_COUNTER));
2157 -
2158 - return res < HPET_MIN_CYCLES ? -ETIME : 0;
2159 - }
2160 -@@ -230,7 +230,7 @@ void __init setup_hpet_timer(void)
2161 -
2162 - cd = &per_cpu(hpet_clockevent_device, cpu);
2163 - cd->name = "hpet";
2164 -- cd->rating = 320;
2165 -+ cd->rating = 100;
2166 - cd->features = CLOCK_EVT_FEAT_PERIODIC | CLOCK_EVT_FEAT_ONESHOT;
2167 - cd->set_state_shutdown = hpet_set_state_shutdown;
2168 - cd->set_state_periodic = hpet_set_state_periodic;
2169 -diff --git a/arch/mips/mm/uasm-mips.c b/arch/mips/mm/uasm-mips.c
2170 -index 9c2220a..45e3b87 100644
2171 ---- a/arch/mips/mm/uasm-mips.c
2172 -+++ b/arch/mips/mm/uasm-mips.c
2173 -@@ -65,7 +65,7 @@ static struct insn insn_table[] = {
2174 - #ifndef CONFIG_CPU_MIPSR6
2175 - { insn_cache, M(cache_op, 0, 0, 0, 0, 0), RS | RT | SIMM },
2176 - #else
2177 -- { insn_cache, M6(cache_op, 0, 0, 0, cache6_op), RS | RT | SIMM9 },
2178 -+ { insn_cache, M6(spec3_op, 0, 0, 0, cache6_op), RS | RT | SIMM9 },
2179 - #endif
2180 - { insn_daddiu, M(daddiu_op, 0, 0, 0, 0, 0), RS | RT | SIMM },
2181 - { insn_daddu, M(spec_op, 0, 0, 0, 0, daddu_op), RS | RT | RD },
2182 -diff --git a/arch/powerpc/kernel/tm.S b/arch/powerpc/kernel/tm.S
2183 -index b7019b5..298afcf 100644
2184 ---- a/arch/powerpc/kernel/tm.S
2185 -+++ b/arch/powerpc/kernel/tm.S
2186 -@@ -338,8 +338,6 @@ _GLOBAL(__tm_recheckpoint)
2187 - */
2188 - subi r7, r7, STACK_FRAME_OVERHEAD
2189 -
2190 -- SET_SCRATCH0(r1)
2191 --
2192 - mfmsr r6
2193 - /* R4 = original MSR to indicate whether thread used FP/Vector etc. */
2194 -
2195 -@@ -468,6 +466,7 @@ restore_gprs:
2196 - * until we turn MSR RI back on.
2197 - */
2198 -
2199 -+ SET_SCRATCH0(r1)
2200 - ld r5, -8(r1)
2201 - ld r1, -16(r1)
2202 -
2203 -diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
2204 -index e571ad2..38e108e 100644
2205 ---- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
2206 -+++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
2207 -@@ -655,112 +655,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
2208 -
2209 - #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2210 - BEGIN_FTR_SECTION
2211 -- b skip_tm
2212 --END_FTR_SECTION_IFCLR(CPU_FTR_TM)
2213 --
2214 -- /* Turn on TM/FP/VSX/VMX so we can restore them. */
2215 -- mfmsr r5
2216 -- li r6, MSR_TM >> 32
2217 -- sldi r6, r6, 32
2218 -- or r5, r5, r6
2219 -- ori r5, r5, MSR_FP
2220 -- oris r5, r5, (MSR_VEC | MSR_VSX)@h
2221 -- mtmsrd r5
2222 --
2223 -- /*
2224 -- * The user may change these outside of a transaction, so they must
2225 -- * always be context switched.
2226 -- */
2227 -- ld r5, VCPU_TFHAR(r4)
2228 -- ld r6, VCPU_TFIAR(r4)
2229 -- ld r7, VCPU_TEXASR(r4)
2230 -- mtspr SPRN_TFHAR, r5
2231 -- mtspr SPRN_TFIAR, r6
2232 -- mtspr SPRN_TEXASR, r7
2233 --
2234 -- ld r5, VCPU_MSR(r4)
2235 -- rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
2236 -- beq skip_tm /* TM not active in guest */
2237 --
2238 -- /* Make sure the failure summary is set, otherwise we'll program check
2239 -- * when we trechkpt. It's possible that this might have been not set
2240 -- * on a kvmppc_set_one_reg() call but we shouldn't let this crash the
2241 -- * host.
2242 -- */
2243 -- oris r7, r7, (TEXASR_FS)@h
2244 -- mtspr SPRN_TEXASR, r7
2245 --
2246 -- /*
2247 -- * We need to load up the checkpointed state for the guest.
2248 -- * We need to do this early as it will blow away any GPRs, VSRs and
2249 -- * some SPRs.
2250 -- */
2251 --
2252 -- mr r31, r4
2253 -- addi r3, r31, VCPU_FPRS_TM
2254 -- bl load_fp_state
2255 -- addi r3, r31, VCPU_VRS_TM
2256 -- bl load_vr_state
2257 -- mr r4, r31
2258 -- lwz r7, VCPU_VRSAVE_TM(r4)
2259 -- mtspr SPRN_VRSAVE, r7
2260 --
2261 -- ld r5, VCPU_LR_TM(r4)
2262 -- lwz r6, VCPU_CR_TM(r4)
2263 -- ld r7, VCPU_CTR_TM(r4)
2264 -- ld r8, VCPU_AMR_TM(r4)
2265 -- ld r9, VCPU_TAR_TM(r4)
2266 -- mtlr r5
2267 -- mtcr r6
2268 -- mtctr r7
2269 -- mtspr SPRN_AMR, r8
2270 -- mtspr SPRN_TAR, r9
2271 --
2272 -- /*
2273 -- * Load up PPR and DSCR values but don't put them in the actual SPRs
2274 -- * till the last moment to avoid running with userspace PPR and DSCR for
2275 -- * too long.
2276 -- */
2277 -- ld r29, VCPU_DSCR_TM(r4)
2278 -- ld r30, VCPU_PPR_TM(r4)
2279 --
2280 -- std r2, PACATMSCRATCH(r13) /* Save TOC */
2281 --
2282 -- /* Clear the MSR RI since r1, r13 are all going to be foobar. */
2283 -- li r5, 0
2284 -- mtmsrd r5, 1
2285 --
2286 -- /* Load GPRs r0-r28 */
2287 -- reg = 0
2288 -- .rept 29
2289 -- ld reg, VCPU_GPRS_TM(reg)(r31)
2290 -- reg = reg + 1
2291 -- .endr
2292 --
2293 -- mtspr SPRN_DSCR, r29
2294 -- mtspr SPRN_PPR, r30
2295 --
2296 -- /* Load final GPRs */
2297 -- ld 29, VCPU_GPRS_TM(29)(r31)
2298 -- ld 30, VCPU_GPRS_TM(30)(r31)
2299 -- ld 31, VCPU_GPRS_TM(31)(r31)
2300 --
2301 -- /* TM checkpointed state is now setup. All GPRs are now volatile. */
2302 -- TRECHKPT
2303 --
2304 -- /* Now let's get back the state we need. */
2305 -- HMT_MEDIUM
2306 -- GET_PACA(r13)
2307 -- ld r29, HSTATE_DSCR(r13)
2308 -- mtspr SPRN_DSCR, r29
2309 -- ld r4, HSTATE_KVM_VCPU(r13)
2310 -- ld r1, HSTATE_HOST_R1(r13)
2311 -- ld r2, PACATMSCRATCH(r13)
2312 --
2313 -- /* Set the MSR RI since we have our registers back. */
2314 -- li r5, MSR_RI
2315 -- mtmsrd r5, 1
2316 --skip_tm:
2317 -+ bl kvmppc_restore_tm
2318 -+END_FTR_SECTION_IFSET(CPU_FTR_TM)
2319 - #endif
2320 -
2321 - /* Load guest PMU registers */
2322 -@@ -841,12 +737,6 @@ BEGIN_FTR_SECTION
2323 - /* Skip next section on POWER7 */
2324 - b 8f
2325 - END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
2326 -- /* Turn on TM so we can access TFHAR/TFIAR/TEXASR */
2327 -- mfmsr r8
2328 -- li r0, 1
2329 -- rldimi r8, r0, MSR_TM_LG, 63-MSR_TM_LG
2330 -- mtmsrd r8
2331 --
2332 - /* Load up POWER8-specific registers */
2333 - ld r5, VCPU_IAMR(r4)
2334 - lwz r6, VCPU_PSPB(r4)
2335 -@@ -1436,106 +1326,8 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S)
2336 -
2337 - #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2338 - BEGIN_FTR_SECTION
2339 -- b 2f
2340 --END_FTR_SECTION_IFCLR(CPU_FTR_TM)
2341 -- /* Turn on TM. */
2342 -- mfmsr r8
2343 -- li r0, 1
2344 -- rldimi r8, r0, MSR_TM_LG, 63-MSR_TM_LG
2345 -- mtmsrd r8
2346 --
2347 -- ld r5, VCPU_MSR(r9)
2348 -- rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
2349 -- beq 1f /* TM not active in guest. */
2350 --
2351 -- li r3, TM_CAUSE_KVM_RESCHED
2352 --
2353 -- /* Clear the MSR RI since r1, r13 are all going to be foobar. */
2354 -- li r5, 0
2355 -- mtmsrd r5, 1
2356 --
2357 -- /* All GPRs are volatile at this point. */
2358 -- TRECLAIM(R3)
2359 --
2360 -- /* Temporarily store r13 and r9 so we have some regs to play with */
2361 -- SET_SCRATCH0(r13)
2362 -- GET_PACA(r13)
2363 -- std r9, PACATMSCRATCH(r13)
2364 -- ld r9, HSTATE_KVM_VCPU(r13)
2365 --
2366 -- /* Get a few more GPRs free. */
2367 -- std r29, VCPU_GPRS_TM(29)(r9)
2368 -- std r30, VCPU_GPRS_TM(30)(r9)
2369 -- std r31, VCPU_GPRS_TM(31)(r9)
2370 --
2371 -- /* Save away PPR and DSCR soon so don't run with user values. */
2372 -- mfspr r31, SPRN_PPR
2373 -- HMT_MEDIUM
2374 -- mfspr r30, SPRN_DSCR
2375 -- ld r29, HSTATE_DSCR(r13)
2376 -- mtspr SPRN_DSCR, r29
2377 --
2378 -- /* Save all but r9, r13 & r29-r31 */
2379 -- reg = 0
2380 -- .rept 29
2381 -- .if (reg != 9) && (reg != 13)
2382 -- std reg, VCPU_GPRS_TM(reg)(r9)
2383 -- .endif
2384 -- reg = reg + 1
2385 -- .endr
2386 -- /* ... now save r13 */
2387 -- GET_SCRATCH0(r4)
2388 -- std r4, VCPU_GPRS_TM(13)(r9)
2389 -- /* ... and save r9 */
2390 -- ld r4, PACATMSCRATCH(r13)
2391 -- std r4, VCPU_GPRS_TM(9)(r9)
2392 --
2393 -- /* Reload stack pointer and TOC. */
2394 -- ld r1, HSTATE_HOST_R1(r13)
2395 -- ld r2, PACATOC(r13)
2396 --
2397 -- /* Set MSR RI now we have r1 and r13 back. */
2398 -- li r5, MSR_RI
2399 -- mtmsrd r5, 1
2400 --
2401 -- /* Save away checkpinted SPRs. */
2402 -- std r31, VCPU_PPR_TM(r9)
2403 -- std r30, VCPU_DSCR_TM(r9)
2404 -- mflr r5
2405 -- mfcr r6
2406 -- mfctr r7
2407 -- mfspr r8, SPRN_AMR
2408 -- mfspr r10, SPRN_TAR
2409 -- std r5, VCPU_LR_TM(r9)
2410 -- stw r6, VCPU_CR_TM(r9)
2411 -- std r7, VCPU_CTR_TM(r9)
2412 -- std r8, VCPU_AMR_TM(r9)
2413 -- std r10, VCPU_TAR_TM(r9)
2414 --
2415 -- /* Restore r12 as trap number. */
2416 -- lwz r12, VCPU_TRAP(r9)
2417 --
2418 -- /* Save FP/VSX. */
2419 -- addi r3, r9, VCPU_FPRS_TM
2420 -- bl store_fp_state
2421 -- addi r3, r9, VCPU_VRS_TM
2422 -- bl store_vr_state
2423 -- mfspr r6, SPRN_VRSAVE
2424 -- stw r6, VCPU_VRSAVE_TM(r9)
2425 --1:
2426 -- /*
2427 -- * We need to save these SPRs after the treclaim so that the software
2428 -- * error code is recorded correctly in the TEXASR. Also the user may
2429 -- * change these outside of a transaction, so they must always be
2430 -- * context switched.
2431 -- */
2432 -- mfspr r5, SPRN_TFHAR
2433 -- mfspr r6, SPRN_TFIAR
2434 -- mfspr r7, SPRN_TEXASR
2435 -- std r5, VCPU_TFHAR(r9)
2436 -- std r6, VCPU_TFIAR(r9)
2437 -- std r7, VCPU_TEXASR(r9)
2438 --2:
2439 -+ bl kvmppc_save_tm
2440 -+END_FTR_SECTION_IFSET(CPU_FTR_TM)
2441 - #endif
2442 -
2443 - /* Increment yield count if they have a VPA */
2444 -@@ -2245,6 +2037,13 @@ _GLOBAL(kvmppc_h_cede) /* r3 = vcpu pointer, r11 = msr, r13 = paca */
2445 - /* save FP state */
2446 - bl kvmppc_save_fp
2447 -
2448 -+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2449 -+BEGIN_FTR_SECTION
2450 -+ ld r9, HSTATE_KVM_VCPU(r13)
2451 -+ bl kvmppc_save_tm
2452 -+END_FTR_SECTION_IFSET(CPU_FTR_TM)
2453 -+#endif
2454 -+
2455 - /*
2456 - * Set DEC to the smaller of DEC and HDEC, so that we wake
2457 - * no later than the end of our timeslice (HDEC interrupts
2458 -@@ -2321,6 +2120,12 @@ kvm_end_cede:
2459 - bl kvmhv_accumulate_time
2460 - #endif
2461 -
2462 -+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2463 -+BEGIN_FTR_SECTION
2464 -+ bl kvmppc_restore_tm
2465 -+END_FTR_SECTION_IFSET(CPU_FTR_TM)
2466 -+#endif
2467 -+
2468 - /* load up FP state */
2469 - bl kvmppc_load_fp
2470 -
2471 -@@ -2631,6 +2436,239 @@ END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
2472 - mr r4,r31
2473 - blr
2474 -
2475 -+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
2476 -+/*
2477 -+ * Save transactional state and TM-related registers.
2478 -+ * Called with r9 pointing to the vcpu struct.
2479 -+ * This can modify all checkpointed registers, but
2480 -+ * restores r1, r2 and r9 (vcpu pointer) before exit.
2481 -+ */
2482 -+kvmppc_save_tm:
2483 -+ mflr r0
2484 -+ std r0, PPC_LR_STKOFF(r1)
2485 -+
2486 -+ /* Turn on TM. */
2487 -+ mfmsr r8
2488 -+ li r0, 1
2489 -+ rldimi r8, r0, MSR_TM_LG, 63-MSR_TM_LG
2490 -+ mtmsrd r8
2491 -+
2492 -+ ld r5, VCPU_MSR(r9)
2493 -+ rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
2494 -+ beq 1f /* TM not active in guest. */
2495 -+
2496 -+ std r1, HSTATE_HOST_R1(r13)
2497 -+ li r3, TM_CAUSE_KVM_RESCHED
2498 -+
2499 -+ /* Clear the MSR RI since r1, r13 are all going to be foobar. */
2500 -+ li r5, 0
2501 -+ mtmsrd r5, 1
2502 -+
2503 -+ /* All GPRs are volatile at this point. */
2504 -+ TRECLAIM(R3)
2505 -+
2506 -+ /* Temporarily store r13 and r9 so we have some regs to play with */
2507 -+ SET_SCRATCH0(r13)
2508 -+ GET_PACA(r13)
2509 -+ std r9, PACATMSCRATCH(r13)
2510 -+ ld r9, HSTATE_KVM_VCPU(r13)
2511 -+
2512 -+ /* Get a few more GPRs free. */
2513 -+ std r29, VCPU_GPRS_TM(29)(r9)
2514 -+ std r30, VCPU_GPRS_TM(30)(r9)
2515 -+ std r31, VCPU_GPRS_TM(31)(r9)
2516 -+
2517 -+ /* Save away PPR and DSCR soon so don't run with user values. */
2518 -+ mfspr r31, SPRN_PPR
2519 -+ HMT_MEDIUM
2520 -+ mfspr r30, SPRN_DSCR
2521 -+ ld r29, HSTATE_DSCR(r13)
2522 -+ mtspr SPRN_DSCR, r29
2523 -+
2524 -+ /* Save all but r9, r13 & r29-r31 */
2525 -+ reg = 0
2526 -+ .rept 29
2527 -+ .if (reg != 9) && (reg != 13)
2528 -+ std reg, VCPU_GPRS_TM(reg)(r9)
2529 -+ .endif
2530 -+ reg = reg + 1
2531 -+ .endr
2532 -+ /* ... now save r13 */
2533 -+ GET_SCRATCH0(r4)
2534 -+ std r4, VCPU_GPRS_TM(13)(r9)
2535 -+ /* ... and save r9 */
2536 -+ ld r4, PACATMSCRATCH(r13)
2537 -+ std r4, VCPU_GPRS_TM(9)(r9)
2538 -+
2539 -+ /* Reload stack pointer and TOC. */
2540 -+ ld r1, HSTATE_HOST_R1(r13)
2541 -+ ld r2, PACATOC(r13)
2542 -+
2543 -+ /* Set MSR RI now we have r1 and r13 back. */
2544 -+ li r5, MSR_RI
2545 -+ mtmsrd r5, 1
2546 -+
2547 -+ /* Save away checkpinted SPRs. */
2548 -+ std r31, VCPU_PPR_TM(r9)
2549 -+ std r30, VCPU_DSCR_TM(r9)
2550 -+ mflr r5
2551 -+ mfcr r6
2552 -+ mfctr r7
2553 -+ mfspr r8, SPRN_AMR
2554 -+ mfspr r10, SPRN_TAR
2555 -+ std r5, VCPU_LR_TM(r9)
2556 -+ stw r6, VCPU_CR_TM(r9)
2557 -+ std r7, VCPU_CTR_TM(r9)
2558 -+ std r8, VCPU_AMR_TM(r9)
2559 -+ std r10, VCPU_TAR_TM(r9)
2560 -+
2561 -+ /* Restore r12 as trap number. */
2562 -+ lwz r12, VCPU_TRAP(r9)
2563 -+
2564 -+ /* Save FP/VSX. */
2565 -+ addi r3, r9, VCPU_FPRS_TM
2566 -+ bl store_fp_state
2567 -+ addi r3, r9, VCPU_VRS_TM
2568 -+ bl store_vr_state
2569 -+ mfspr r6, SPRN_VRSAVE
2570 -+ stw r6, VCPU_VRSAVE_TM(r9)
2571 -+1:
2572 -+ /*
2573 -+ * We need to save these SPRs after the treclaim so that the software
2574 -+ * error code is recorded correctly in the TEXASR. Also the user may
2575 -+ * change these outside of a transaction, so they must always be
2576 -+ * context switched.
2577 -+ */
2578 -+ mfspr r5, SPRN_TFHAR
2579 -+ mfspr r6, SPRN_TFIAR
2580 -+ mfspr r7, SPRN_TEXASR
2581 -+ std r5, VCPU_TFHAR(r9)
2582 -+ std r6, VCPU_TFIAR(r9)
2583 -+ std r7, VCPU_TEXASR(r9)
2584 -+
2585 -+ ld r0, PPC_LR_STKOFF(r1)
2586 -+ mtlr r0
2587 -+ blr
2588 -+
2589 -+/*
2590 -+ * Restore transactional state and TM-related registers.
2591 -+ * Called with r4 pointing to the vcpu struct.
2592 -+ * This potentially modifies all checkpointed registers.
2593 -+ * It restores r1, r2, r4 from the PACA.
2594 -+ */
2595 -+kvmppc_restore_tm:
2596 -+ mflr r0
2597 -+ std r0, PPC_LR_STKOFF(r1)
2598 -+
2599 -+ /* Turn on TM/FP/VSX/VMX so we can restore them. */
2600 -+ mfmsr r5
2601 -+ li r6, MSR_TM >> 32
2602 -+ sldi r6, r6, 32
2603 -+ or r5, r5, r6
2604 -+ ori r5, r5, MSR_FP
2605 -+ oris r5, r5, (MSR_VEC | MSR_VSX)@h
2606 -+ mtmsrd r5
2607 -+
2608 -+ /*
2609 -+ * The user may change these outside of a transaction, so they must
2610 -+ * always be context switched.
2611 -+ */
2612 -+ ld r5, VCPU_TFHAR(r4)
2613 -+ ld r6, VCPU_TFIAR(r4)
2614 -+ ld r7, VCPU_TEXASR(r4)
2615 -+ mtspr SPRN_TFHAR, r5
2616 -+ mtspr SPRN_TFIAR, r6
2617 -+ mtspr SPRN_TEXASR, r7
2618 -+
2619 -+ ld r5, VCPU_MSR(r4)
2620 -+ rldicl. r5, r5, 64 - MSR_TS_S_LG, 62
2621 -+ beqlr /* TM not active in guest */
2622 -+ std r1, HSTATE_HOST_R1(r13)
2623 -+
2624 -+ /* Make sure the failure summary is set, otherwise we'll program check
2625 -+ * when we trechkpt. It's possible that this might have been not set
2626 -+ * on a kvmppc_set_one_reg() call but we shouldn't let this crash the
2627 -+ * host.
2628 -+ */
2629 -+ oris r7, r7, (TEXASR_FS)@h
2630 -+ mtspr SPRN_TEXASR, r7
2631 -+
2632 -+ /*
2633 -+ * We need to load up the checkpointed state for the guest.
2634 -+ * We need to do this early as it will blow away any GPRs, VSRs and
2635 -+ * some SPRs.
2636 -+ */
2637 -+
2638 -+ mr r31, r4
2639 -+ addi r3, r31, VCPU_FPRS_TM
2640 -+ bl load_fp_state
2641 -+ addi r3, r31, VCPU_VRS_TM
2642 -+ bl load_vr_state
2643 -+ mr r4, r31
2644 -+ lwz r7, VCPU_VRSAVE_TM(r4)
2645 -+ mtspr SPRN_VRSAVE, r7
2646 -+
2647 -+ ld r5, VCPU_LR_TM(r4)
2648 -+ lwz r6, VCPU_CR_TM(r4)
2649 -+ ld r7, VCPU_CTR_TM(r4)
2650 -+ ld r8, VCPU_AMR_TM(r4)
2651 -+ ld r9, VCPU_TAR_TM(r4)
2652 -+ mtlr r5
2653 -+ mtcr r6
2654 -+ mtctr r7
2655 -+ mtspr SPRN_AMR, r8
2656 -+ mtspr SPRN_TAR, r9
2657 -+
2658 -+ /*
2659 -+ * Load up PPR and DSCR values but don't put them in the actual SPRs
2660 -+ * till the last moment to avoid running with userspace PPR and DSCR for
2661 -+ * too long.
2662 -+ */
2663 -+ ld r29, VCPU_DSCR_TM(r4)
2664 -+ ld r30, VCPU_PPR_TM(r4)
2665 -+
2666 -+ std r2, PACATMSCRATCH(r13) /* Save TOC */
2667 -+
2668 -+ /* Clear the MSR RI since r1, r13 are all going to be foobar. */
2669 -+ li r5, 0
2670 -+ mtmsrd r5, 1
2671 -+
2672 -+ /* Load GPRs r0-r28 */
2673 -+ reg = 0
2674 -+ .rept 29
2675 -+ ld reg, VCPU_GPRS_TM(reg)(r31)
2676 -+ reg = reg + 1
2677 -+ .endr
2678 -+
2679 -+ mtspr SPRN_DSCR, r29
2680 -+ mtspr SPRN_PPR, r30
2681 -+
2682 -+ /* Load final GPRs */
2683 -+ ld 29, VCPU_GPRS_TM(29)(r31)
2684 -+ ld 30, VCPU_GPRS_TM(30)(r31)
2685 -+ ld 31, VCPU_GPRS_TM(31)(r31)
2686 -+
2687 -+ /* TM checkpointed state is now setup. All GPRs are now volatile. */
2688 -+ TRECHKPT
2689 -+
2690 -+ /* Now let's get back the state we need. */
2691 -+ HMT_MEDIUM
2692 -+ GET_PACA(r13)
2693 -+ ld r29, HSTATE_DSCR(r13)
2694 -+ mtspr SPRN_DSCR, r29
2695 -+ ld r4, HSTATE_KVM_VCPU(r13)
2696 -+ ld r1, HSTATE_HOST_R1(r13)
2697 -+ ld r2, PACATMSCRATCH(r13)
2698 -+
2699 -+ /* Set the MSR RI since we have our registers back. */
2700 -+ li r5, MSR_RI
2701 -+ mtmsrd r5, 1
2702 -+
2703 -+ ld r0, PPC_LR_STKOFF(r1)
2704 -+ mtlr r0
2705 -+ blr
2706 -+#endif
2707 -+
2708 - /*
2709 - * We come here if we get any exception or interrupt while we are
2710 - * executing host real mode code while in guest MMU context.
2711 -diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h
2712 -index 18d2beb..42b968a8 100644
2713 ---- a/arch/s390/include/asm/pgtable.h
2714 -+++ b/arch/s390/include/asm/pgtable.h
2715 -@@ -893,7 +893,7 @@ void ptep_zap_key(struct mm_struct *mm, unsigned long addr, pte_t *ptep);
2716 - bool test_and_clear_guest_dirty(struct mm_struct *mm, unsigned long address);
2717 - int set_guest_storage_key(struct mm_struct *mm, unsigned long addr,
2718 - unsigned char key, bool nq);
2719 --unsigned char get_guest_storage_key(struct mm_struct *mm, unsigned long addr);
2720 -+unsigned long get_guest_storage_key(struct mm_struct *mm, unsigned long addr);
2721 -
2722 - /*
2723 - * Certain architectures need to do special things when PTEs
2724 -diff --git a/arch/s390/include/asm/tlbflush.h b/arch/s390/include/asm/tlbflush.h
2725 -index a2e6ef3..0a20316 100644
2726 ---- a/arch/s390/include/asm/tlbflush.h
2727 -+++ b/arch/s390/include/asm/tlbflush.h
2728 -@@ -81,7 +81,8 @@ static inline void __tlb_flush_full(struct mm_struct *mm)
2729 - }
2730 -
2731 - /*
2732 -- * Flush TLB entries for a specific ASCE on all CPUs.
2733 -+ * Flush TLB entries for a specific ASCE on all CPUs. Should never be used
2734 -+ * when more than one asce (e.g. gmap) ran on this mm.
2735 - */
2736 - static inline void __tlb_flush_asce(struct mm_struct *mm, unsigned long asce)
2737 - {
2738 -diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c
2739 -index cace818..313c3b8 100644
2740 ---- a/arch/s390/mm/gmap.c
2741 -+++ b/arch/s390/mm/gmap.c
2742 -@@ -85,7 +85,7 @@ EXPORT_SYMBOL_GPL(gmap_alloc);
2743 - static void gmap_flush_tlb(struct gmap *gmap)
2744 - {
2745 - if (MACHINE_HAS_IDTE)
2746 -- __tlb_flush_asce(gmap->mm, gmap->asce);
2747 -+ __tlb_flush_idte(gmap->asce);
2748 - else
2749 - __tlb_flush_global();
2750 - }
2751 -@@ -124,7 +124,7 @@ void gmap_free(struct gmap *gmap)
2752 -
2753 - /* Flush tlb. */
2754 - if (MACHINE_HAS_IDTE)
2755 -- __tlb_flush_asce(gmap->mm, gmap->asce);
2756 -+ __tlb_flush_idte(gmap->asce);
2757 - else
2758 - __tlb_flush_global();
2759 -
2760 -diff --git a/arch/s390/mm/pgtable.c b/arch/s390/mm/pgtable.c
2761 -index 9f0ce0e..ebb4f87 100644
2762 ---- a/arch/s390/mm/pgtable.c
2763 -+++ b/arch/s390/mm/pgtable.c
2764 -@@ -543,7 +543,7 @@ int set_guest_storage_key(struct mm_struct *mm, unsigned long addr,
2765 - }
2766 - EXPORT_SYMBOL(set_guest_storage_key);
2767 -
2768 --unsigned char get_guest_storage_key(struct mm_struct *mm, unsigned long addr)
2769 -+unsigned long get_guest_storage_key(struct mm_struct *mm, unsigned long addr)
2770 - {
2771 - unsigned char key;
2772 - spinlock_t *ptl;
2773 -diff --git a/arch/um/os-Linux/signal.c b/arch/um/os-Linux/signal.c
2774 -index 8acaf4e..a86d7cc 100644
2775 ---- a/arch/um/os-Linux/signal.c
2776 -+++ b/arch/um/os-Linux/signal.c
2777 -@@ -15,6 +15,7 @@
2778 - #include <kern_util.h>
2779 - #include <os.h>
2780 - #include <sysdep/mcontext.h>
2781 -+#include <um_malloc.h>
2782 -
2783 - void (*sig_info[NSIG])(int, struct siginfo *, struct uml_pt_regs *) = {
2784 - [SIGTRAP] = relay_signal,
2785 -@@ -32,7 +33,7 @@ static void sig_handler_common(int sig, struct siginfo *si, mcontext_t *mc)
2786 - struct uml_pt_regs *r;
2787 - int save_errno = errno;
2788 -
2789 -- r = malloc(sizeof(struct uml_pt_regs));
2790 -+ r = uml_kmalloc(sizeof(struct uml_pt_regs), UM_GFP_ATOMIC);
2791 - if (!r)
2792 - panic("out of memory");
2793 -
2794 -@@ -91,7 +92,7 @@ static void timer_real_alarm_handler(mcontext_t *mc)
2795 - {
2796 - struct uml_pt_regs *regs;
2797 -
2798 -- regs = malloc(sizeof(struct uml_pt_regs));
2799 -+ regs = uml_kmalloc(sizeof(struct uml_pt_regs), UM_GFP_ATOMIC);
2800 - if (!regs)
2801 - panic("out of memory");
2802 -
2803 -diff --git a/arch/unicore32/include/asm/mmu_context.h b/arch/unicore32/include/asm/mmu_context.h
2804 -index e35632e..62dfc64 100644
2805 ---- a/arch/unicore32/include/asm/mmu_context.h
2806 -+++ b/arch/unicore32/include/asm/mmu_context.h
2807 -@@ -98,7 +98,7 @@ static inline void arch_bprm_mm_init(struct mm_struct *mm,
2808 - }
2809 -
2810 - static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,
2811 -- bool write, bool foreign)
2812 -+ bool write, bool execute, bool foreign)
2813 - {
2814 - /* by default, allow everything */
2815 - return true;
2816 -diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
2817 -index 874e8bd..bd136ac 100644
2818 ---- a/arch/x86/events/intel/uncore_snbep.c
2819 -+++ b/arch/x86/events/intel/uncore_snbep.c
2820 -@@ -2546,7 +2546,7 @@ void hswep_uncore_cpu_init(void)
2821 -
2822 - static struct intel_uncore_type hswep_uncore_ha = {
2823 - .name = "ha",
2824 -- .num_counters = 5,
2825 -+ .num_counters = 4,
2826 - .num_boxes = 2,
2827 - .perf_ctr_bits = 48,
2828 - SNBEP_UNCORE_PCI_COMMON_INIT(),
2829 -@@ -2565,7 +2565,7 @@ static struct uncore_event_desc hswep_uncore_imc_events[] = {
2830 -
2831 - static struct intel_uncore_type hswep_uncore_imc = {
2832 - .name = "imc",
2833 -- .num_counters = 5,
2834 -+ .num_counters = 4,
2835 - .num_boxes = 8,
2836 - .perf_ctr_bits = 48,
2837 - .fixed_ctr_bits = 48,
2838 -@@ -2611,7 +2611,7 @@ static struct intel_uncore_type hswep_uncore_irp = {
2839 -
2840 - static struct intel_uncore_type hswep_uncore_qpi = {
2841 - .name = "qpi",
2842 -- .num_counters = 5,
2843 -+ .num_counters = 4,
2844 - .num_boxes = 3,
2845 - .perf_ctr_bits = 48,
2846 - .perf_ctr = SNBEP_PCI_PMON_CTR0,
2847 -@@ -2693,7 +2693,7 @@ static struct event_constraint hswep_uncore_r3qpi_constraints[] = {
2848 -
2849 - static struct intel_uncore_type hswep_uncore_r3qpi = {
2850 - .name = "r3qpi",
2851 -- .num_counters = 4,
2852 -+ .num_counters = 3,
2853 - .num_boxes = 3,
2854 - .perf_ctr_bits = 44,
2855 - .constraints = hswep_uncore_r3qpi_constraints,
2856 -@@ -2892,7 +2892,7 @@ static struct intel_uncore_type bdx_uncore_ha = {
2857 -
2858 - static struct intel_uncore_type bdx_uncore_imc = {
2859 - .name = "imc",
2860 -- .num_counters = 5,
2861 -+ .num_counters = 4,
2862 - .num_boxes = 8,
2863 - .perf_ctr_bits = 48,
2864 - .fixed_ctr_bits = 48,
2865 -diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
2866 -index c146f3c..0149ac5 100644
2867 ---- a/arch/x86/kvm/mtrr.c
2868 -+++ b/arch/x86/kvm/mtrr.c
2869 -@@ -539,6 +539,7 @@ static void mtrr_lookup_var_start(struct mtrr_iter *iter)
2870 -
2871 - iter->fixed = false;
2872 - iter->start_max = iter->start;
2873 -+ iter->range = NULL;
2874 - iter->range = list_prepare_entry(iter->range, &mtrr_state->head, node);
2875 -
2876 - __mtrr_lookup_var_next(iter);
2877 -diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
2878 -index 64a79f2..8326d68 100644
2879 ---- a/arch/x86/kvm/vmx.c
2880 -+++ b/arch/x86/kvm/vmx.c
2881 -@@ -8224,6 +8224,7 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
2882 - if ((vectoring_info & VECTORING_INFO_VALID_MASK) &&
2883 - (exit_reason != EXIT_REASON_EXCEPTION_NMI &&
2884 - exit_reason != EXIT_REASON_EPT_VIOLATION &&
2885 -+ exit_reason != EXIT_REASON_PML_FULL &&
2886 - exit_reason != EXIT_REASON_TASK_SWITCH)) {
2887 - vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
2888 - vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV;
2889 -@@ -8854,6 +8855,22 @@ static void vmx_load_vmcs01(struct kvm_vcpu *vcpu)
2890 - put_cpu();
2891 - }
2892 -
2893 -+/*
2894 -+ * Ensure that the current vmcs of the logical processor is the
2895 -+ * vmcs01 of the vcpu before calling free_nested().
2896 -+ */
2897 -+static void vmx_free_vcpu_nested(struct kvm_vcpu *vcpu)
2898 -+{
2899 -+ struct vcpu_vmx *vmx = to_vmx(vcpu);
2900 -+ int r;
2901 -+
2902 -+ r = vcpu_load(vcpu);
2903 -+ BUG_ON(r);
2904 -+ vmx_load_vmcs01(vcpu);
2905 -+ free_nested(vmx);
2906 -+ vcpu_put(vcpu);
2907 -+}
2908 -+
2909 - static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
2910 - {
2911 - struct vcpu_vmx *vmx = to_vmx(vcpu);
2912 -@@ -8862,8 +8879,7 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
2913 - vmx_destroy_pml_buffer(vmx);
2914 - free_vpid(vmx->vpid);
2915 - leave_guest_mode(vcpu);
2916 -- vmx_load_vmcs01(vcpu);
2917 -- free_nested(vmx);
2918 -+ vmx_free_vcpu_nested(vcpu);
2919 - free_loaded_vmcs(vmx->loaded_vmcs);
2920 - kfree(vmx->guest_msrs);
2921 - kvm_vcpu_uninit(vcpu);
2922 -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
2923 -index 7da5dd2..fea2c57 100644
2924 ---- a/arch/x86/kvm/x86.c
2925 -+++ b/arch/x86/kvm/x86.c
2926 -@@ -91,6 +91,7 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
2927 -
2928 - static void update_cr8_intercept(struct kvm_vcpu *vcpu);
2929 - static void process_nmi(struct kvm_vcpu *vcpu);
2930 -+static void process_smi(struct kvm_vcpu *vcpu);
2931 - static void __kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
2932 -
2933 - struct kvm_x86_ops *kvm_x86_ops __read_mostly;
2934 -@@ -5296,13 +5297,8 @@ static void kvm_smm_changed(struct kvm_vcpu *vcpu)
2935 - /* This is a good place to trace that we are exiting SMM. */
2936 - trace_kvm_enter_smm(vcpu->vcpu_id, vcpu->arch.smbase, false);
2937 -
2938 -- if (unlikely(vcpu->arch.smi_pending)) {
2939 -- kvm_make_request(KVM_REQ_SMI, vcpu);
2940 -- vcpu->arch.smi_pending = 0;
2941 -- } else {
2942 -- /* Process a latched INIT, if any. */
2943 -- kvm_make_request(KVM_REQ_EVENT, vcpu);
2944 -- }
2945 -+ /* Process a latched INIT or SMI, if any. */
2946 -+ kvm_make_request(KVM_REQ_EVENT, vcpu);
2947 - }
2948 -
2949 - kvm_mmu_reset_context(vcpu);
2950 -@@ -6102,7 +6098,10 @@ static int inject_pending_event(struct kvm_vcpu *vcpu, bool req_int_win)
2951 - }
2952 -
2953 - /* try to inject new event if pending */
2954 -- if (vcpu->arch.nmi_pending && kvm_x86_ops->nmi_allowed(vcpu)) {
2955 -+ if (vcpu->arch.smi_pending && !is_smm(vcpu)) {
2956 -+ vcpu->arch.smi_pending = false;
2957 -+ process_smi(vcpu);
2958 -+ } else if (vcpu->arch.nmi_pending && kvm_x86_ops->nmi_allowed(vcpu)) {
2959 - --vcpu->arch.nmi_pending;
2960 - vcpu->arch.nmi_injected = true;
2961 - kvm_x86_ops->set_nmi(vcpu);
2962 -@@ -6312,11 +6311,6 @@ static void process_smi(struct kvm_vcpu *vcpu)
2963 - char buf[512];
2964 - u32 cr0;
2965 -
2966 -- if (is_smm(vcpu)) {
2967 -- vcpu->arch.smi_pending = true;
2968 -- return;
2969 -- }
2970 --
2971 - trace_kvm_enter_smm(vcpu->vcpu_id, vcpu->arch.smbase, true);
2972 - vcpu->arch.hflags |= HF_SMM_MASK;
2973 - memset(buf, 0, 512);
2974 -@@ -6379,6 +6373,12 @@ static void process_smi(struct kvm_vcpu *vcpu)
2975 - kvm_mmu_reset_context(vcpu);
2976 - }
2977 -
2978 -+static void process_smi_request(struct kvm_vcpu *vcpu)
2979 -+{
2980 -+ vcpu->arch.smi_pending = true;
2981 -+ kvm_make_request(KVM_REQ_EVENT, vcpu);
2982 -+}
2983 -+
2984 - void kvm_make_scan_ioapic_request(struct kvm *kvm)
2985 - {
2986 - kvm_make_all_cpus_request(kvm, KVM_REQ_SCAN_IOAPIC);
2987 -@@ -6500,7 +6500,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
2988 - if (kvm_check_request(KVM_REQ_STEAL_UPDATE, vcpu))
2989 - record_steal_time(vcpu);
2990 - if (kvm_check_request(KVM_REQ_SMI, vcpu))
2991 -- process_smi(vcpu);
2992 -+ process_smi_request(vcpu);
2993 - if (kvm_check_request(KVM_REQ_NMI, vcpu))
2994 - process_nmi(vcpu);
2995 - if (kvm_check_request(KVM_REQ_PMU, vcpu))
2996 -@@ -6573,8 +6573,18 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
2997 -
2998 - if (inject_pending_event(vcpu, req_int_win) != 0)
2999 - req_immediate_exit = true;
3000 -- /* enable NMI/IRQ window open exits if needed */
3001 - else {
3002 -+ /* Enable NMI/IRQ window open exits if needed.
3003 -+ *
3004 -+ * SMIs have two cases: 1) they can be nested, and
3005 -+ * then there is nothing to do here because RSM will
3006 -+ * cause a vmexit anyway; 2) or the SMI can be pending
3007 -+ * because inject_pending_event has completed the
3008 -+ * injection of an IRQ or NMI from the previous vmexit,
3009 -+ * and then we request an immediate exit to inject the SMI.
3010 -+ */
3011 -+ if (vcpu->arch.smi_pending && !is_smm(vcpu))
3012 -+ req_immediate_exit = true;
3013 - if (vcpu->arch.nmi_pending)
3014 - kvm_x86_ops->enable_nmi_window(vcpu);
3015 - if (kvm_cpu_has_injectable_intr(vcpu) || req_int_win)
3016 -@@ -6625,8 +6635,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
3017 -
3018 - kvm_load_guest_xcr0(vcpu);
3019 -
3020 -- if (req_immediate_exit)
3021 -+ if (req_immediate_exit) {
3022 -+ kvm_make_request(KVM_REQ_EVENT, vcpu);
3023 - smp_send_reschedule(vcpu->cpu);
3024 -+ }
3025 -
3026 - trace_kvm_entry(vcpu->vcpu_id);
3027 - wait_lapic_expire(vcpu);
3028 -@@ -7427,6 +7439,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
3029 - {
3030 - vcpu->arch.hflags = 0;
3031 -
3032 -+ vcpu->arch.smi_pending = 0;
3033 - atomic_set(&vcpu->arch.nmi_queued, 0);
3034 - vcpu->arch.nmi_pending = 0;
3035 - vcpu->arch.nmi_injected = false;
3036 -diff --git a/arch/x86/pci/intel_mid_pci.c b/arch/x86/pci/intel_mid_pci.c
3037 -index 8b93e63..ae97f24 100644
3038 ---- a/arch/x86/pci/intel_mid_pci.c
3039 -+++ b/arch/x86/pci/intel_mid_pci.c
3040 -@@ -37,6 +37,7 @@
3041 -
3042 - /* Quirks for the listed devices */
3043 - #define PCI_DEVICE_ID_INTEL_MRFL_MMC 0x1190
3044 -+#define PCI_DEVICE_ID_INTEL_MRFL_HSU 0x1191
3045 -
3046 - /* Fixed BAR fields */
3047 - #define PCIE_VNDR_CAP_ID_FIXED_BAR 0x00 /* Fixed BAR (TBD) */
3048 -@@ -225,13 +226,20 @@ static int intel_mid_pci_irq_enable(struct pci_dev *dev)
3049 - /* Special treatment for IRQ0 */
3050 - if (dev->irq == 0) {
3051 - /*
3052 -+ * Skip HS UART common registers device since it has
3053 -+ * IRQ0 assigned and not used by the kernel.
3054 -+ */
3055 -+ if (dev->device == PCI_DEVICE_ID_INTEL_MRFL_HSU)
3056 -+ return -EBUSY;
3057 -+ /*
3058 - * TNG has IRQ0 assigned to eMMC controller. But there
3059 - * are also other devices with bogus PCI configuration
3060 - * that have IRQ0 assigned. This check ensures that
3061 -- * eMMC gets it.
3062 -+ * eMMC gets it. The rest of devices still could be
3063 -+ * enabled without interrupt line being allocated.
3064 - */
3065 - if (dev->device != PCI_DEVICE_ID_INTEL_MRFL_MMC)
3066 -- return -EBUSY;
3067 -+ return 0;
3068 - }
3069 - break;
3070 - default:
3071 -diff --git a/block/bio.c b/block/bio.c
3072 -index 0e4aa42..4623869 100644
3073 ---- a/block/bio.c
3074 -+++ b/block/bio.c
3075 -@@ -579,6 +579,8 @@ void __bio_clone_fast(struct bio *bio, struct bio *bio_src)
3076 - bio->bi_rw = bio_src->bi_rw;
3077 - bio->bi_iter = bio_src->bi_iter;
3078 - bio->bi_io_vec = bio_src->bi_io_vec;
3079 -+
3080 -+ bio_clone_blkcg_association(bio, bio_src);
3081 - }
3082 - EXPORT_SYMBOL(__bio_clone_fast);
3083 -
3084 -@@ -684,6 +686,8 @@ integrity_clone:
3085 - }
3086 - }
3087 -
3088 -+ bio_clone_blkcg_association(bio, bio_src);
3089 -+
3090 - return bio;
3091 - }
3092 - EXPORT_SYMBOL(bio_clone_bioset);
3093 -@@ -2005,6 +2009,17 @@ void bio_disassociate_task(struct bio *bio)
3094 - }
3095 - }
3096 -
3097 -+/**
3098 -+ * bio_clone_blkcg_association - clone blkcg association from src to dst bio
3099 -+ * @dst: destination bio
3100 -+ * @src: source bio
3101 -+ */
3102 -+void bio_clone_blkcg_association(struct bio *dst, struct bio *src)
3103 -+{
3104 -+ if (src->bi_css)
3105 -+ WARN_ON(bio_associate_blkcg(dst, src->bi_css));
3106 -+}
3107 -+
3108 - #endif /* CONFIG_BLK_CGROUP */
3109 -
3110 - static void __init biovec_init_slabs(void)
3111 -diff --git a/block/genhd.c b/block/genhd.c
3112 -index 3eebd25..086f1a3 100644
3113 ---- a/block/genhd.c
3114 -+++ b/block/genhd.c
3115 -@@ -613,7 +613,7 @@ void add_disk(struct gendisk *disk)
3116 -
3117 - /* Register BDI before referencing it from bdev */
3118 - bdi = &disk->queue->backing_dev_info;
3119 -- bdi_register_dev(bdi, disk_devt(disk));
3120 -+ bdi_register_owner(bdi, disk_to_dev(disk));
3121 -
3122 - blk_register_region(disk_devt(disk), disk->minors, NULL,
3123 - exact_match, exact_lock, disk);
3124 -diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
3125 -index 290d6f5..f4218df 100644
3126 ---- a/drivers/acpi/ec.c
3127 -+++ b/drivers/acpi/ec.c
3128 -@@ -101,6 +101,7 @@ enum ec_command {
3129 - #define ACPI_EC_UDELAY_POLL 550 /* Wait 1ms for EC transaction polling */
3130 - #define ACPI_EC_CLEAR_MAX 100 /* Maximum number of events to query
3131 - * when trying to clear the EC */
3132 -+#define ACPI_EC_MAX_QUERIES 16 /* Maximum number of parallel queries */
3133 -
3134 - enum {
3135 - EC_FLAGS_QUERY_PENDING, /* Query is pending */
3136 -@@ -121,6 +122,10 @@ static unsigned int ec_delay __read_mostly = ACPI_EC_DELAY;
3137 - module_param(ec_delay, uint, 0644);
3138 - MODULE_PARM_DESC(ec_delay, "Timeout(ms) waited until an EC command completes");
3139 -
3140 -+static unsigned int ec_max_queries __read_mostly = ACPI_EC_MAX_QUERIES;
3141 -+module_param(ec_max_queries, uint, 0644);
3142 -+MODULE_PARM_DESC(ec_max_queries, "Maximum parallel _Qxx evaluations");
3143 -+
3144 - static bool ec_busy_polling __read_mostly;
3145 - module_param(ec_busy_polling, bool, 0644);
3146 - MODULE_PARM_DESC(ec_busy_polling, "Use busy polling to advance EC transaction");
3147 -@@ -174,6 +179,7 @@ static void acpi_ec_event_processor(struct work_struct *work);
3148 -
3149 - struct acpi_ec *boot_ec, *first_ec;
3150 - EXPORT_SYMBOL(first_ec);
3151 -+static struct workqueue_struct *ec_query_wq;
3152 -
3153 - static int EC_FLAGS_CLEAR_ON_RESUME; /* Needs acpi_ec_clear() on boot/resume */
3154 - static int EC_FLAGS_QUERY_HANDSHAKE; /* Needs QR_EC issued when SCI_EVT set */
3155 -@@ -1098,7 +1104,7 @@ static int acpi_ec_query(struct acpi_ec *ec, u8 *data)
3156 - * work queue execution.
3157 - */
3158 - ec_dbg_evt("Query(0x%02x) scheduled", value);
3159 -- if (!schedule_work(&q->work)) {
3160 -+ if (!queue_work(ec_query_wq, &q->work)) {
3161 - ec_dbg_evt("Query(0x%02x) overlapped", value);
3162 - result = -EBUSY;
3163 - }
3164 -@@ -1660,15 +1666,41 @@ static struct acpi_driver acpi_ec_driver = {
3165 - },
3166 - };
3167 -
3168 -+static inline int acpi_ec_query_init(void)
3169 -+{
3170 -+ if (!ec_query_wq) {
3171 -+ ec_query_wq = alloc_workqueue("kec_query", 0,
3172 -+ ec_max_queries);
3173 -+ if (!ec_query_wq)
3174 -+ return -ENODEV;
3175 -+ }
3176 -+ return 0;
3177 -+}
3178 -+
3179 -+static inline void acpi_ec_query_exit(void)
3180 -+{
3181 -+ if (ec_query_wq) {
3182 -+ destroy_workqueue(ec_query_wq);
3183 -+ ec_query_wq = NULL;
3184 -+ }
3185 -+}
3186 -+
3187 - int __init acpi_ec_init(void)
3188 - {
3189 -- int result = 0;
3190 -+ int result;
3191 -
3192 -+ /* register workqueue for _Qxx evaluations */
3193 -+ result = acpi_ec_query_init();
3194 -+ if (result)
3195 -+ goto err_exit;
3196 - /* Now register the driver for the EC */
3197 - result = acpi_bus_register_driver(&acpi_ec_driver);
3198 -- if (result < 0)
3199 -- return -ENODEV;
3200 -+ if (result)
3201 -+ goto err_exit;
3202 -
3203 -+err_exit:
3204 -+ if (result)
3205 -+ acpi_ec_query_exit();
3206 - return result;
3207 - }
3208 -
3209 -@@ -1678,5 +1710,6 @@ static void __exit acpi_ec_exit(void)
3210 - {
3211 -
3212 - acpi_bus_unregister_driver(&acpi_ec_driver);
3213 -+ acpi_ec_query_exit();
3214 - }
3215 - #endif /* 0 */
3216 -diff --git a/drivers/bcma/host_pci.c b/drivers/bcma/host_pci.c
3217 -index cae5385..bd46569 100644
3218 ---- a/drivers/bcma/host_pci.c
3219 -+++ b/drivers/bcma/host_pci.c
3220 -@@ -295,6 +295,7 @@ static const struct pci_device_id bcma_pci_bridge_tbl[] = {
3221 - { PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4359) },
3222 - { PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x4360) },
3223 - { PCI_DEVICE_SUB(PCI_VENDOR_ID_BROADCOM, 0x4365, PCI_VENDOR_ID_DELL, 0x0016) },
3224 -+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_BROADCOM, 0x4365, PCI_VENDOR_ID_FOXCONN, 0xe092) },
3225 - { PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x43a0) },
3226 - { PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x43a9) },
3227 - { PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, 0x43aa) },
3228 -diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
3229 -index 84708a5..a1dcf12 100644
3230 ---- a/drivers/block/floppy.c
3231 -+++ b/drivers/block/floppy.c
3232 -@@ -3663,11 +3663,6 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
3233 -
3234 - opened_bdev[drive] = bdev;
3235 -
3236 -- if (!(mode & (FMODE_READ|FMODE_WRITE))) {
3237 -- res = -EINVAL;
3238 -- goto out;
3239 -- }
3240 --
3241 - res = -ENXIO;
3242 -
3243 - if (!floppy_track_buffer) {
3244 -@@ -3711,13 +3706,15 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
3245 - if (UFDCS->rawcmd == 1)
3246 - UFDCS->rawcmd = 2;
3247 -
3248 -- UDRS->last_checked = 0;
3249 -- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
3250 -- check_disk_change(bdev);
3251 -- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
3252 -- goto out;
3253 -- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
3254 -- goto out;
3255 -+ if (mode & (FMODE_READ|FMODE_WRITE)) {
3256 -+ UDRS->last_checked = 0;
3257 -+ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
3258 -+ check_disk_change(bdev);
3259 -+ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
3260 -+ goto out;
3261 -+ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
3262 -+ goto out;
3263 -+ }
3264 -
3265 - res = -EROFS;
3266 -
3267 -diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
3268 -index 2589468..fadba88 100644
3269 ---- a/drivers/bluetooth/ath3k.c
3270 -+++ b/drivers/bluetooth/ath3k.c
3271 -@@ -123,6 +123,7 @@ static const struct usb_device_id ath3k_table[] = {
3272 - { USB_DEVICE(0x13d3, 0x3472) },
3273 - { USB_DEVICE(0x13d3, 0x3474) },
3274 - { USB_DEVICE(0x13d3, 0x3487) },
3275 -+ { USB_DEVICE(0x13d3, 0x3490) },
3276 -
3277 - /* Atheros AR5BBU12 with sflash firmware */
3278 - { USB_DEVICE(0x0489, 0xE02C) },
3279 -@@ -190,6 +191,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
3280 - { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
3281 - { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
3282 - { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
3283 -+ { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
3284 -
3285 - /* Atheros AR5BBU22 with sflash firmware */
3286 - { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 },
3287 -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
3288 -index a3be65e..9f40c34 100644
3289 ---- a/drivers/bluetooth/btusb.c
3290 -+++ b/drivers/bluetooth/btusb.c
3291 -@@ -237,6 +237,7 @@ static const struct usb_device_id blacklist_table[] = {
3292 - { USB_DEVICE(0x13d3, 0x3472), .driver_info = BTUSB_ATH3012 },
3293 - { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
3294 - { USB_DEVICE(0x13d3, 0x3487), .driver_info = BTUSB_ATH3012 },
3295 -+ { USB_DEVICE(0x13d3, 0x3490), .driver_info = BTUSB_ATH3012 },
3296 -
3297 - /* Atheros AR5BBU12 with sflash firmware */
3298 - { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
3299 -diff --git a/drivers/char/random.c b/drivers/char/random.c
3300 -index 87ab9f6..d72c6d1 100644
3301 ---- a/drivers/char/random.c
3302 -+++ b/drivers/char/random.c
3303 -@@ -949,6 +949,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
3304 - /* award one bit for the contents of the fast pool */
3305 - credit_entropy_bits(r, credit + 1);
3306 - }
3307 -+EXPORT_SYMBOL_GPL(add_interrupt_randomness);
3308 -
3309 - #ifdef CONFIG_BLOCK
3310 - void add_disk_randomness(struct gendisk *disk)
3311 -@@ -1461,12 +1462,16 @@ random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
3312 - static ssize_t
3313 - urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
3314 - {
3315 -+ static int maxwarn = 10;
3316 - int ret;
3317 -
3318 -- if (unlikely(nonblocking_pool.initialized == 0))
3319 -- printk_once(KERN_NOTICE "random: %s urandom read "
3320 -- "with %d bits of entropy available\n",
3321 -- current->comm, nonblocking_pool.entropy_total);
3322 -+ if (unlikely(nonblocking_pool.initialized == 0) &&
3323 -+ maxwarn > 0) {
3324 -+ maxwarn--;
3325 -+ printk(KERN_NOTICE "random: %s: uninitialized urandom read "
3326 -+ "(%zd bytes read, %d bits of entropy available)\n",
3327 -+ current->comm, nbytes, nonblocking_pool.entropy_total);
3328 -+ }
3329 -
3330 - nbytes = min_t(size_t, nbytes, INT_MAX >> (ENTROPY_SHIFT + 3));
3331 - ret = extract_entropy_user(&nonblocking_pool, buf, nbytes);
3332 -@@ -1774,13 +1779,15 @@ int random_int_secret_init(void)
3333 - return 0;
3334 - }
3335 -
3336 -+static DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash)
3337 -+ __aligned(sizeof(unsigned long));
3338 -+
3339 - /*
3340 - * Get a random word for internal kernel use only. Similar to urandom but
3341 - * with the goal of minimal entropy pool depletion. As a result, the random
3342 - * value is not cryptographically secure but for several uses the cost of
3343 - * depleting entropy is too high
3344 - */
3345 --static DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash);
3346 - unsigned int get_random_int(void)
3347 - {
3348 - __u32 *hash;
3349 -@@ -1850,12 +1857,18 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
3350 - {
3351 - struct entropy_store *poolp = &input_pool;
3352 -
3353 -- /* Suspend writing if we're above the trickle threshold.
3354 -- * We'll be woken up again once below random_write_wakeup_thresh,
3355 -- * or when the calling thread is about to terminate.
3356 -- */
3357 -- wait_event_interruptible(random_write_wait, kthread_should_stop() ||
3358 -+ if (unlikely(nonblocking_pool.initialized == 0))
3359 -+ poolp = &nonblocking_pool;
3360 -+ else {
3361 -+ /* Suspend writing if we're above the trickle
3362 -+ * threshold. We'll be woken up again once below
3363 -+ * random_write_wakeup_thresh, or when the calling
3364 -+ * thread is about to terminate.
3365 -+ */
3366 -+ wait_event_interruptible(random_write_wait,
3367 -+ kthread_should_stop() ||
3368 - ENTROPY_BITS(&input_pool) <= random_write_wakeup_bits);
3369 -+ }
3370 - mix_pool_bytes(poolp, buffer, count);
3371 - credit_entropy_bits(poolp, entropy);
3372 - }
3373 -diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
3374 -index a12b319..e9fd1d8 100644
3375 ---- a/drivers/char/tpm/tpm_crb.c
3376 -+++ b/drivers/char/tpm/tpm_crb.c
3377 -@@ -246,7 +246,7 @@ static void __iomem *crb_map_res(struct device *dev, struct crb_priv *priv,
3378 -
3379 - /* Detect a 64 bit address on a 32 bit system */
3380 - if (start != new_res.start)
3381 -- return ERR_PTR(-EINVAL);
3382 -+ return (void __iomem *) ERR_PTR(-EINVAL);
3383 -
3384 - if (!resource_contains(&priv->res, &new_res))
3385 - return devm_ioremap_resource(dev, &new_res);
3386 -diff --git a/drivers/clk/rockchip/clk-rk3399.c b/drivers/clk/rockchip/clk-rk3399.c
3387 -index 8059a8d..31b77f7 100644
3388 ---- a/drivers/clk/rockchip/clk-rk3399.c
3389 -+++ b/drivers/clk/rockchip/clk-rk3399.c
3390 -@@ -586,7 +586,7 @@ static struct rockchip_clk_branch rk3399_clk_branches[] __initdata = {
3391 - RK3399_CLKGATE_CON(8), 15, GFLAGS),
3392 -
3393 - COMPOSITE(SCLK_SPDIF_REC_DPTX, "clk_spdif_rec_dptx", mux_pll_src_cpll_gpll_p, 0,
3394 -- RK3399_CLKSEL_CON(32), 15, 1, MFLAGS, 0, 5, DFLAGS,
3395 -+ RK3399_CLKSEL_CON(32), 15, 1, MFLAGS, 8, 5, DFLAGS,
3396 - RK3399_CLKGATE_CON(10), 6, GFLAGS),
3397 - /* i2s */
3398 - COMPOSITE(0, "clk_i2s0_div", mux_pll_src_cpll_gpll_p, 0,
3399 -diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
3400 -index 1fa1a32..1b15917 100644
3401 ---- a/drivers/cpufreq/intel_pstate.c
3402 -+++ b/drivers/cpufreq/intel_pstate.c
3403 -@@ -944,7 +944,7 @@ static int core_get_max_pstate(void)
3404 - if (err)
3405 - goto skip_tar;
3406 -
3407 -- tdp_msr = MSR_CONFIG_TDP_NOMINAL + tdp_ctrl;
3408 -+ tdp_msr = MSR_CONFIG_TDP_NOMINAL + (tdp_ctrl & 0x3);
3409 - err = rdmsrl_safe(tdp_msr, &tdp_ratio);
3410 - if (err)
3411 - goto skip_tar;
3412 -diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
3413 -index 10c305b..4e0f8e7 100644
3414 ---- a/drivers/edac/edac_mc_sysfs.c
3415 -+++ b/drivers/edac/edac_mc_sysfs.c
3416 -@@ -313,7 +313,6 @@ static struct device_type csrow_attr_type = {
3417 - * possible dynamic channel DIMM Label attribute files
3418 - *
3419 - */
3420 --
3421 - DEVICE_CHANNEL(ch0_dimm_label, S_IRUGO | S_IWUSR,
3422 - channel_dimm_label_show, channel_dimm_label_store, 0);
3423 - DEVICE_CHANNEL(ch1_dimm_label, S_IRUGO | S_IWUSR,
3424 -@@ -326,6 +325,10 @@ DEVICE_CHANNEL(ch4_dimm_label, S_IRUGO | S_IWUSR,
3425 - channel_dimm_label_show, channel_dimm_label_store, 4);
3426 - DEVICE_CHANNEL(ch5_dimm_label, S_IRUGO | S_IWUSR,
3427 - channel_dimm_label_show, channel_dimm_label_store, 5);
3428 -+DEVICE_CHANNEL(ch6_dimm_label, S_IRUGO | S_IWUSR,
3429 -+ channel_dimm_label_show, channel_dimm_label_store, 6);
3430 -+DEVICE_CHANNEL(ch7_dimm_label, S_IRUGO | S_IWUSR,
3431 -+ channel_dimm_label_show, channel_dimm_label_store, 7);
3432 -
3433 - /* Total possible dynamic DIMM Label attribute file table */
3434 - static struct attribute *dynamic_csrow_dimm_attr[] = {
3435 -@@ -335,6 +338,8 @@ static struct attribute *dynamic_csrow_dimm_attr[] = {
3436 - &dev_attr_legacy_ch3_dimm_label.attr.attr,
3437 - &dev_attr_legacy_ch4_dimm_label.attr.attr,
3438 - &dev_attr_legacy_ch5_dimm_label.attr.attr,
3439 -+ &dev_attr_legacy_ch6_dimm_label.attr.attr,
3440 -+ &dev_attr_legacy_ch7_dimm_label.attr.attr,
3441 - NULL
3442 - };
3443 -
3444 -@@ -351,6 +356,10 @@ DEVICE_CHANNEL(ch4_ce_count, S_IRUGO,
3445 - channel_ce_count_show, NULL, 4);
3446 - DEVICE_CHANNEL(ch5_ce_count, S_IRUGO,
3447 - channel_ce_count_show, NULL, 5);
3448 -+DEVICE_CHANNEL(ch6_ce_count, S_IRUGO,
3449 -+ channel_ce_count_show, NULL, 6);
3450 -+DEVICE_CHANNEL(ch7_ce_count, S_IRUGO,
3451 -+ channel_ce_count_show, NULL, 7);
3452 -
3453 - /* Total possible dynamic ce_count attribute file table */
3454 - static struct attribute *dynamic_csrow_ce_count_attr[] = {
3455 -@@ -360,6 +369,8 @@ static struct attribute *dynamic_csrow_ce_count_attr[] = {
3456 - &dev_attr_legacy_ch3_ce_count.attr.attr,
3457 - &dev_attr_legacy_ch4_ce_count.attr.attr,
3458 - &dev_attr_legacy_ch5_ce_count.attr.attr,
3459 -+ &dev_attr_legacy_ch6_ce_count.attr.attr,
3460 -+ &dev_attr_legacy_ch7_ce_count.attr.attr,
3461 - NULL
3462 - };
3463 -
3464 -@@ -371,9 +382,16 @@ static umode_t csrow_dev_is_visible(struct kobject *kobj,
3465 -
3466 - if (idx >= csrow->nr_channels)
3467 - return 0;
3468 -+
3469 -+ if (idx >= ARRAY_SIZE(dynamic_csrow_ce_count_attr) - 1) {
3470 -+ WARN_ONCE(1, "idx: %d\n", idx);
3471 -+ return 0;
3472 -+ }
3473 -+
3474 - /* Only expose populated DIMMs */
3475 - if (!csrow->channels[idx]->dimm->nr_pages)
3476 - return 0;
3477 -+
3478 - return attr->mode;
3479 - }
3480 -
3481 -diff --git a/drivers/gpio/gpio-intel-mid.c b/drivers/gpio/gpio-intel-mid.c
3482 -index cdaba13..c0f7cce 100644
3483 ---- a/drivers/gpio/gpio-intel-mid.c
3484 -+++ b/drivers/gpio/gpio-intel-mid.c
3485 -@@ -17,7 +17,6 @@
3486 - * Moorestown platform Langwell chip.
3487 - * Medfield platform Penwell chip.
3488 - * Clovertrail platform Cloverview chip.
3489 -- * Merrifield platform Tangier chip.
3490 - */
3491 -
3492 - #include <linux/module.h>
3493 -@@ -64,10 +63,6 @@ enum GPIO_REG {
3494 - /* intel_mid gpio driver data */
3495 - struct intel_mid_gpio_ddata {
3496 - u16 ngpio; /* number of gpio pins */
3497 -- u32 gplr_offset; /* offset of first GPLR register from base */
3498 -- u32 flis_base; /* base address of FLIS registers */
3499 -- u32 flis_len; /* length of FLIS registers */
3500 -- u32 (*get_flis_offset)(int gpio);
3501 - u32 chip_irq_type; /* chip interrupt type */
3502 - };
3503 -
3504 -@@ -252,15 +247,6 @@ static const struct intel_mid_gpio_ddata gpio_cloverview_core = {
3505 - .chip_irq_type = INTEL_MID_IRQ_TYPE_EDGE,
3506 - };
3507 -
3508 --static const struct intel_mid_gpio_ddata gpio_tangier = {
3509 -- .ngpio = 192,
3510 -- .gplr_offset = 4,
3511 -- .flis_base = 0xff0c0000,
3512 -- .flis_len = 0x8000,
3513 -- .get_flis_offset = NULL,
3514 -- .chip_irq_type = INTEL_MID_IRQ_TYPE_EDGE,
3515 --};
3516 --
3517 - static const struct pci_device_id intel_gpio_ids[] = {
3518 - {
3519 - /* Lincroft */
3520 -@@ -287,11 +273,6 @@ static const struct pci_device_id intel_gpio_ids[] = {
3521 - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x08f7),
3522 - .driver_data = (kernel_ulong_t)&gpio_cloverview_core,
3523 - },
3524 -- {
3525 -- /* Tangier */
3526 -- PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x1199),
3527 -- .driver_data = (kernel_ulong_t)&gpio_tangier,
3528 -- },
3529 - { 0 }
3530 - };
3531 - MODULE_DEVICE_TABLE(pci, intel_gpio_ids);
3532 -@@ -401,7 +382,7 @@ static int intel_gpio_probe(struct pci_dev *pdev,
3533 - spin_lock_init(&priv->lock);
3534 -
3535 - pci_set_drvdata(pdev, priv);
3536 -- retval = gpiochip_add_data(&priv->chip, priv);
3537 -+ retval = devm_gpiochip_add_data(&pdev->dev, &priv->chip, priv);
3538 - if (retval) {
3539 - dev_err(&pdev->dev, "gpiochip_add error %d\n", retval);
3540 - return retval;
3541 -diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
3542 -index 5e3be32..3745de6 100644
3543 ---- a/drivers/gpio/gpio-pca953x.c
3544 -+++ b/drivers/gpio/gpio-pca953x.c
3545 -@@ -90,7 +90,7 @@ MODULE_DEVICE_TABLE(acpi, pca953x_acpi_ids);
3546 - #define MAX_BANK 5
3547 - #define BANK_SZ 8
3548 -
3549 --#define NBANK(chip) (chip->gpio_chip.ngpio / BANK_SZ)
3550 -+#define NBANK(chip) DIV_ROUND_UP(chip->gpio_chip.ngpio, BANK_SZ)
3551 -
3552 - struct pca953x_chip {
3553 - unsigned gpio_start;
3554 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
3555 -index 9df1bcb..9831753 100644
3556 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
3557 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
3558 -@@ -551,28 +551,19 @@ int amdgpu_atombios_get_clock_info(struct amdgpu_device *adev)
3559 - le16_to_cpu(firmware_info->info.usReferenceClock);
3560 - ppll->reference_div = 0;
3561 -
3562 -- if (crev < 2)
3563 -- ppll->pll_out_min =
3564 -- le16_to_cpu(firmware_info->info.usMinPixelClockPLL_Output);
3565 -- else
3566 -- ppll->pll_out_min =
3567 -- le32_to_cpu(firmware_info->info_12.ulMinPixelClockPLL_Output);
3568 -+ ppll->pll_out_min =
3569 -+ le32_to_cpu(firmware_info->info_12.ulMinPixelClockPLL_Output);
3570 - ppll->pll_out_max =
3571 - le32_to_cpu(firmware_info->info.ulMaxPixelClockPLL_Output);
3572 -
3573 -- if (crev >= 4) {
3574 -- ppll->lcd_pll_out_min =
3575 -- le16_to_cpu(firmware_info->info_14.usLcdMinPixelClockPLL_Output) * 100;
3576 -- if (ppll->lcd_pll_out_min == 0)
3577 -- ppll->lcd_pll_out_min = ppll->pll_out_min;
3578 -- ppll->lcd_pll_out_max =
3579 -- le16_to_cpu(firmware_info->info_14.usLcdMaxPixelClockPLL_Output) * 100;
3580 -- if (ppll->lcd_pll_out_max == 0)
3581 -- ppll->lcd_pll_out_max = ppll->pll_out_max;
3582 -- } else {
3583 -+ ppll->lcd_pll_out_min =
3584 -+ le16_to_cpu(firmware_info->info_14.usLcdMinPixelClockPLL_Output) * 100;
3585 -+ if (ppll->lcd_pll_out_min == 0)
3586 - ppll->lcd_pll_out_min = ppll->pll_out_min;
3587 -+ ppll->lcd_pll_out_max =
3588 -+ le16_to_cpu(firmware_info->info_14.usLcdMaxPixelClockPLL_Output) * 100;
3589 -+ if (ppll->lcd_pll_out_max == 0)
3590 - ppll->lcd_pll_out_max = ppll->pll_out_max;
3591 -- }
3592 -
3593 - if (ppll->pll_out_min == 0)
3594 - ppll->pll_out_min = 64800;
3595 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
3596 -index 35a1248..1b4c069 100644
3597 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
3598 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
3599 -@@ -10,6 +10,7 @@
3600 - #include <linux/slab.h>
3601 - #include <linux/acpi.h>
3602 - #include <linux/pci.h>
3603 -+#include <linux/delay.h>
3604 -
3605 - #include "amd_acpi.h"
3606 -
3607 -@@ -259,6 +260,10 @@ static int amdgpu_atpx_set_discrete_state(struct amdgpu_atpx *atpx, u8 state)
3608 - if (!info)
3609 - return -EIO;
3610 - kfree(info);
3611 -+
3612 -+ /* 200ms delay is required after off */
3613 -+ if (state == 0)
3614 -+ msleep(200);
3615 - }
3616 - return 0;
3617 - }
3618 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
3619 -index cb07da4..ff0b55a 100644
3620 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
3621 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
3622 -@@ -1690,7 +1690,6 @@ amdgpu_connector_add(struct amdgpu_device *adev,
3623 - DRM_MODE_SCALE_NONE);
3624 - /* no HPD on analog connectors */
3625 - amdgpu_connector->hpd.hpd = AMDGPU_HPD_NONE;
3626 -- connector->polled = DRM_CONNECTOR_POLL_CONNECT;
3627 - connector->interlace_allowed = true;
3628 - connector->doublescan_allowed = true;
3629 - break;
3630 -@@ -1893,8 +1892,10 @@ amdgpu_connector_add(struct amdgpu_device *adev,
3631 - }
3632 -
3633 - if (amdgpu_connector->hpd.hpd == AMDGPU_HPD_NONE) {
3634 -- if (i2c_bus->valid)
3635 -- connector->polled = DRM_CONNECTOR_POLL_CONNECT;
3636 -+ if (i2c_bus->valid) {
3637 -+ connector->polled = DRM_CONNECTOR_POLL_CONNECT |
3638 -+ DRM_CONNECTOR_POLL_DISCONNECT;
3639 -+ }
3640 - } else
3641 - connector->polled = DRM_CONNECTOR_POLL_HPD;
3642 -
3643 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
3644 -index 6e92008..b7f5650 100644
3645 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
3646 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
3647 -@@ -1841,7 +1841,23 @@ int amdgpu_resume_kms(struct drm_device *dev, bool resume, bool fbcon)
3648 - }
3649 -
3650 - drm_kms_helper_poll_enable(dev);
3651 -+
3652 -+ /*
3653 -+ * Most of the connector probing functions try to acquire runtime pm
3654 -+ * refs to ensure that the GPU is powered on when connector polling is
3655 -+ * performed. Since we're calling this from a runtime PM callback,
3656 -+ * trying to acquire rpm refs will cause us to deadlock.
3657 -+ *
3658 -+ * Since we're guaranteed to be holding the rpm lock, it's safe to
3659 -+ * temporarily disable the rpm helpers so this doesn't deadlock us.
3660 -+ */
3661 -+#ifdef CONFIG_PM
3662 -+ dev->dev->power.disable_depth++;
3663 -+#endif
3664 - drm_helper_hpd_irq_event(dev);
3665 -+#ifdef CONFIG_PM
3666 -+ dev->dev->power.disable_depth--;
3667 -+#endif
3668 -
3669 - if (fbcon) {
3670 - amdgpu_fbdev_set_suspend(adev, 0);
3671 -diff --git a/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c b/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
3672 -index 48b6bd6..c32eca2 100644
3673 ---- a/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
3674 -+++ b/drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
3675 -@@ -98,6 +98,7 @@ amdgpu_atombios_encoder_set_backlight_level(struct amdgpu_encoder *amdgpu_encode
3676 - case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_LVTMA:
3677 - case ENCODER_OBJECT_ID_INTERNAL_UNIPHY1:
3678 - case ENCODER_OBJECT_ID_INTERNAL_UNIPHY2:
3679 -+ case ENCODER_OBJECT_ID_INTERNAL_UNIPHY3:
3680 - if (dig->backlight_level == 0)
3681 - amdgpu_atombios_encoder_setup_dig_transmitter(encoder,
3682 - ATOM_TRANSMITTER_ACTION_LCD_BLOFF, 0, 0);
3683 -diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
3684 -index 1feb643..9269548 100644
3685 ---- a/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
3686 -+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
3687 -@@ -167,6 +167,7 @@ static int gmc_v7_0_init_microcode(struct amdgpu_device *adev)
3688 - break;
3689 - case CHIP_KAVERI:
3690 - case CHIP_KABINI:
3691 -+ case CHIP_MULLINS:
3692 - return 0;
3693 - default: BUG();
3694 - }
3695 -diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c b/drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c
3696 -index 90b35c5..ffc7c0d 100644
3697 ---- a/drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c
3698 -+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c
3699 -@@ -592,12 +592,12 @@ bool atomctrl_get_pp_assign_pin(
3700 - const uint32_t pinId,
3701 - pp_atomctrl_gpio_pin_assignment *gpio_pin_assignment)
3702 - {
3703 -- bool bRet = 0;
3704 -+ bool bRet = false;
3705 - ATOM_GPIO_PIN_LUT *gpio_lookup_table =
3706 - get_gpio_lookup_table(hwmgr->device);
3707 -
3708 - PP_ASSERT_WITH_CODE((NULL != gpio_lookup_table),
3709 -- "Could not find GPIO lookup Table in BIOS.", return -1);
3710 -+ "Could not find GPIO lookup Table in BIOS.", return false);
3711 -
3712 - bRet = atomctrl_lookup_gpio_pin(gpio_lookup_table, pinId,
3713 - gpio_pin_assignment);
3714 -diff --git a/drivers/gpu/drm/drm_cache.c b/drivers/gpu/drm/drm_cache.c
3715 -index 059f7c3..a7916e5 100644
3716 ---- a/drivers/gpu/drm/drm_cache.c
3717 -+++ b/drivers/gpu/drm/drm_cache.c
3718 -@@ -136,6 +136,7 @@ drm_clflush_virt_range(void *addr, unsigned long length)
3719 - mb();
3720 - for (; addr < end; addr += size)
3721 - clflushopt(addr);
3722 -+ clflushopt(end - 1); /* force serialisation */
3723 - mb();
3724 - return;
3725 - }
3726 -diff --git a/drivers/gpu/drm/drm_dp_helper.c b/drivers/gpu/drm/drm_dp_helper.c
3727 -index eeaf5a7..67b28f8 100644
3728 ---- a/drivers/gpu/drm/drm_dp_helper.c
3729 -+++ b/drivers/gpu/drm/drm_dp_helper.c
3730 -@@ -203,7 +203,7 @@ static int drm_dp_dpcd_access(struct drm_dp_aux *aux, u8 request,
3731 -
3732 - ret = aux->transfer(aux, &msg);
3733 -
3734 -- if (ret > 0) {
3735 -+ if (ret >= 0) {
3736 - native_reply = msg.reply & DP_AUX_NATIVE_REPLY_MASK;
3737 - if (native_reply == DP_AUX_NATIVE_REPLY_ACK) {
3738 - if (ret == size)
3739 -diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
3740 -index 7df26d4..2cb472b 100644
3741 ---- a/drivers/gpu/drm/drm_edid.c
3742 -+++ b/drivers/gpu/drm/drm_edid.c
3743 -@@ -74,6 +74,8 @@
3744 - #define EDID_QUIRK_FORCE_8BPC (1 << 8)
3745 - /* Force 12bpc */
3746 - #define EDID_QUIRK_FORCE_12BPC (1 << 9)
3747 -+/* Force 6bpc */
3748 -+#define EDID_QUIRK_FORCE_6BPC (1 << 10)
3749 -
3750 - struct detailed_mode_closure {
3751 - struct drm_connector *connector;
3752 -@@ -100,6 +102,9 @@ static struct edid_quirk {
3753 - /* Unknown Acer */
3754 - { "ACR", 2423, EDID_QUIRK_FIRST_DETAILED_PREFERRED },
3755 -
3756 -+ /* AEO model 0 reports 8 bpc, but is a 6 bpc panel */
3757 -+ { "AEO", 0, EDID_QUIRK_FORCE_6BPC },
3758 -+
3759 - /* Belinea 10 15 55 */
3760 - { "MAX", 1516, EDID_QUIRK_PREFER_LARGE_60 },
3761 - { "MAX", 0x77e, EDID_QUIRK_PREFER_LARGE_60 },
3762 -@@ -4082,6 +4087,9 @@ int drm_add_edid_modes(struct drm_connector *connector, struct edid *edid)
3763 -
3764 - drm_add_display_info(edid, &connector->display_info, connector);
3765 -
3766 -+ if (quirks & EDID_QUIRK_FORCE_6BPC)
3767 -+ connector->display_info.bpc = 6;
3768 -+
3769 - if (quirks & EDID_QUIRK_FORCE_8BPC)
3770 - connector->display_info.bpc = 8;
3771 -
3772 -diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
3773 -index bc3f2e6..227a63e 100644
3774 ---- a/drivers/gpu/drm/i915/i915_drv.h
3775 -+++ b/drivers/gpu/drm/i915/i915_drv.h
3776 -@@ -2591,6 +2591,8 @@ struct drm_i915_cmd_table {
3777 - #define SKL_REVID_D0 0x3
3778 - #define SKL_REVID_E0 0x4
3779 - #define SKL_REVID_F0 0x5
3780 -+#define SKL_REVID_G0 0x6
3781 -+#define SKL_REVID_H0 0x7
3782 -
3783 - #define IS_SKL_REVID(p, since, until) (IS_SKYLAKE(p) && IS_REVID(p, since, until))
3784 -
3785 -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
3786 -index 3fcf7dd..bc3b6dd 100644
3787 ---- a/drivers/gpu/drm/i915/i915_reg.h
3788 -+++ b/drivers/gpu/drm/i915/i915_reg.h
3789 -@@ -1672,6 +1672,9 @@ enum skl_disp_power_wells {
3790 -
3791 - #define GEN7_TLB_RD_ADDR _MMIO(0x4700)
3792 -
3793 -+#define GEN9_GAMT_ECO_REG_RW_IA _MMIO(0x4ab0)
3794 -+#define GAMT_ECO_ENABLE_IN_PLACE_DECOMPRESS (1<<18)
3795 -+
3796 - #define GAMT_CHKN_BIT_REG _MMIO(0x4ab8)
3797 - #define GAMT_CHKN_DISABLE_DYNAMIC_CREDIT_SHARING (1<<28)
3798 -
3799 -@@ -7538,6 +7541,8 @@ enum skl_disp_power_wells {
3800 -
3801 - #define CDCLK_FREQ _MMIO(0x46200)
3802 -
3803 -+#define CDCLK_FREQ _MMIO(0x46200)
3804 -+
3805 - #define _TRANSA_MSA_MISC 0x60410
3806 - #define _TRANSB_MSA_MISC 0x61410
3807 - #define _TRANSC_MSA_MISC 0x62410
3808 -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
3809 -index 3074c56..3289319 100644
3810 ---- a/drivers/gpu/drm/i915/intel_display.c
3811 -+++ b/drivers/gpu/drm/i915/intel_display.c
3812 -@@ -9700,6 +9700,8 @@ static void broadwell_set_cdclk(struct drm_device *dev, int cdclk)
3813 -
3814 - I915_WRITE(CDCLK_FREQ, DIV_ROUND_CLOSEST(cdclk, 1000) - 1);
3815 -
3816 -+ I915_WRITE(CDCLK_FREQ, DIV_ROUND_CLOSEST(cdclk, 1000) - 1);
3817 -+
3818 - intel_update_cdclk(dev);
3819 -
3820 - WARN(cdclk != dev_priv->cdclk_freq,
3821 -@@ -12095,21 +12097,11 @@ connected_sink_compute_bpp(struct intel_connector *connector,
3822 - pipe_config->pipe_bpp = connector->base.display_info.bpc*3;
3823 - }
3824 -
3825 -- /* Clamp bpp to default limit on screens without EDID 1.4 */
3826 -- if (connector->base.display_info.bpc == 0) {
3827 -- int type = connector->base.connector_type;
3828 -- int clamp_bpp = 24;
3829 --
3830 -- /* Fall back to 18 bpp when DP sink capability is unknown. */
3831 -- if (type == DRM_MODE_CONNECTOR_DisplayPort ||
3832 -- type == DRM_MODE_CONNECTOR_eDP)
3833 -- clamp_bpp = 18;
3834 --
3835 -- if (bpp > clamp_bpp) {
3836 -- DRM_DEBUG_KMS("clamping display bpp (was %d) to default limit of %d\n",
3837 -- bpp, clamp_bpp);
3838 -- pipe_config->pipe_bpp = clamp_bpp;
3839 -- }
3840 -+ /* Clamp bpp to 8 on screens without EDID 1.4 */
3841 -+ if (connector->base.display_info.bpc == 0 && bpp > 24) {
3842 -+ DRM_DEBUG_KMS("clamping display bpp (was %d) to default limit of 24\n",
3843 -+ bpp);
3844 -+ pipe_config->pipe_bpp = 24;
3845 - }
3846 - }
3847 -
3848 -diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c
3849 -index 2863b92..c1ca5a7 100644
3850 ---- a/drivers/gpu/drm/i915/intel_pm.c
3851 -+++ b/drivers/gpu/drm/i915/intel_pm.c
3852 -@@ -4563,7 +4563,8 @@ void gen6_rps_idle(struct drm_i915_private *dev_priv)
3853 - else
3854 - gen6_set_rps(dev_priv->dev, dev_priv->rps.idle_freq);
3855 - dev_priv->rps.last_adj = 0;
3856 -- I915_WRITE(GEN6_PMINTRMSK, 0xffffffff);
3857 -+ I915_WRITE(GEN6_PMINTRMSK,
3858 -+ gen6_sanitize_rps_pm_mask(dev_priv, ~0));
3859 - }
3860 - mutex_unlock(&dev_priv->rps.hw_lock);
3861 -
3862 -diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c
3863 -index 68c5af0..9d778f3 100644
3864 ---- a/drivers/gpu/drm/i915/intel_ringbuffer.c
3865 -+++ b/drivers/gpu/drm/i915/intel_ringbuffer.c
3866 -@@ -1135,6 +1135,11 @@ static int skl_init_workarounds(struct intel_engine_cs *engine)
3867 - /* WaDisableGafsUnitClkGating:skl */
3868 - WA_SET_BIT(GEN7_UCGCTL4, GEN8_EU_GAUNIT_CLOCK_GATE_DISABLE);
3869 -
3870 -+ /* WaInPlaceDecompressionHang:skl */
3871 -+ if (IS_SKL_REVID(dev_priv, SKL_REVID_H0, REVID_FOREVER))
3872 -+ WA_SET_BIT(GEN9_GAMT_ECO_REG_RW_IA,
3873 -+ GAMT_ECO_ENABLE_IN_PLACE_DECOMPRESS);
3874 -+
3875 - /* WaDisableLSQCROPERFforOCL:skl */
3876 - ret = wa_ring_whitelist_reg(engine, GEN8_L3SQCREG4);
3877 - if (ret)
3878 -@@ -1194,6 +1199,11 @@ static int bxt_init_workarounds(struct intel_engine_cs *engine)
3879 - WA_SET_BIT_MASKED(COMMON_SLICE_CHICKEN2,
3880 - GEN8_SBE_DISABLE_REPLAY_BUF_OPTIMIZATION);
3881 -
3882 -+ /* WaInPlaceDecompressionHang:bxt */
3883 -+ if (IS_BXT_REVID(dev_priv, BXT_REVID_C0, REVID_FOREVER))
3884 -+ WA_SET_BIT(GEN9_GAMT_ECO_REG_RW_IA,
3885 -+ GAMT_ECO_ENABLE_IN_PLACE_DECOMPRESS);
3886 -+
3887 - return 0;
3888 - }
3889 -
3890 -@@ -1241,6 +1251,10 @@ static int kbl_init_workarounds(struct intel_engine_cs *engine)
3891 - GEN7_HALF_SLICE_CHICKEN1,
3892 - GEN7_SBE_SS_CACHE_DISPATCH_PORT_SHARING_DISABLE);
3893 -
3894 -+ /* WaInPlaceDecompressionHang:kbl */
3895 -+ WA_SET_BIT(GEN9_GAMT_ECO_REG_RW_IA,
3896 -+ GAMT_ECO_ENABLE_IN_PLACE_DECOMPRESS);
3897 -+
3898 - /* WaDisableLSQCROPERFforOCL:kbl */
3899 - ret = wa_ring_whitelist_reg(engine, GEN8_L3SQCREG4);
3900 - if (ret)
3901 -diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c
3902 -index 11f8dd9..d6c134b 100644
3903 ---- a/drivers/gpu/drm/nouveau/nouveau_drm.c
3904 -+++ b/drivers/gpu/drm/nouveau/nouveau_drm.c
3905 -@@ -324,7 +324,16 @@ static int nouveau_drm_probe(struct pci_dev *pdev,
3906 - !vga_switcheroo_handler_flags())
3907 - return -EPROBE_DEFER;
3908 -
3909 -- /* remove conflicting drivers (vesafb, efifb etc) */
3910 -+ /* We need to check that the chipset is supported before booting
3911 -+ * fbdev off the hardware, as there's no way to put it back.
3912 -+ */
3913 -+ ret = nvkm_device_pci_new(pdev, NULL, "error", true, false, 0, &device);
3914 -+ if (ret)
3915 -+ return ret;
3916 -+
3917 -+ nvkm_device_del(&device);
3918 -+
3919 -+ /* Remove conflicting drivers (vesafb, efifb etc). */
3920 - aper = alloc_apertures(3);
3921 - if (!aper)
3922 - return -ENOMEM;
3923 -diff --git a/drivers/gpu/drm/nouveau/nv04_fbcon.c b/drivers/gpu/drm/nouveau/nv04_fbcon.c
3924 -index 7d9248b..da8fd5f 100644
3925 ---- a/drivers/gpu/drm/nouveau/nv04_fbcon.c
3926 -+++ b/drivers/gpu/drm/nouveau/nv04_fbcon.c
3927 -@@ -107,11 +107,11 @@ nv04_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
3928 - ((image->dx + image->width) & 0xffff));
3929 - OUT_RING(chan, bg);
3930 - OUT_RING(chan, fg);
3931 -- OUT_RING(chan, (image->height << 16) | image->width);
3932 -+ OUT_RING(chan, (image->height << 16) | ALIGN(image->width, 8));
3933 - OUT_RING(chan, (image->height << 16) | image->width);
3934 - OUT_RING(chan, (image->dy << 16) | (image->dx & 0xffff));
3935 -
3936 -- dsize = ALIGN(image->width * image->height, 32) >> 5;
3937 -+ dsize = ALIGN(ALIGN(image->width, 8) * image->height, 32) >> 5;
3938 - while (dsize) {
3939 - int iter_len = dsize > 128 ? 128 : dsize;
3940 -
3941 -diff --git a/drivers/gpu/drm/nouveau/nv50_fbcon.c b/drivers/gpu/drm/nouveau/nv50_fbcon.c
3942 -index 1aeb698..af3d3c4 100644
3943 ---- a/drivers/gpu/drm/nouveau/nv50_fbcon.c
3944 -+++ b/drivers/gpu/drm/nouveau/nv50_fbcon.c
3945 -@@ -125,7 +125,7 @@ nv50_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
3946 - OUT_RING(chan, 0);
3947 - OUT_RING(chan, image->dy);
3948 -
3949 -- dwords = ALIGN(image->width * image->height, 32) >> 5;
3950 -+ dwords = ALIGN(ALIGN(image->width, 8) * image->height, 32) >> 5;
3951 - while (dwords) {
3952 - int push = dwords > 2047 ? 2047 : dwords;
3953 -
3954 -diff --git a/drivers/gpu/drm/nouveau/nvc0_fbcon.c b/drivers/gpu/drm/nouveau/nvc0_fbcon.c
3955 -index 839f4c8..054b6a0 100644
3956 ---- a/drivers/gpu/drm/nouveau/nvc0_fbcon.c
3957 -+++ b/drivers/gpu/drm/nouveau/nvc0_fbcon.c
3958 -@@ -125,7 +125,7 @@ nvc0_fbcon_imageblit(struct fb_info *info, const struct fb_image *image)
3959 - OUT_RING (chan, 0);
3960 - OUT_RING (chan, image->dy);
3961 -
3962 -- dwords = ALIGN(image->width * image->height, 32) >> 5;
3963 -+ dwords = ALIGN(ALIGN(image->width, 8) * image->height, 32) >> 5;
3964 - while (dwords) {
3965 - int push = dwords > 2047 ? 2047 : dwords;
3966 -
3967 -diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv30.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv30.c
3968 -index 69de8c6..f1e15a4 100644
3969 ---- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv30.c
3970 -+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv30.c
3971 -@@ -76,8 +76,8 @@ nv30_gr_chan_new(struct nvkm_gr *base, struct nvkm_fifo_chan *fifoch,
3972 - nvkm_wo32(chan->inst, i, 0x00040004);
3973 - for (i = 0x1f18; i <= 0x3088 ; i += 16) {
3974 - nvkm_wo32(chan->inst, i + 0, 0x10700ff9);
3975 -- nvkm_wo32(chan->inst, i + 1, 0x0436086c);
3976 -- nvkm_wo32(chan->inst, i + 2, 0x000c001b);
3977 -+ nvkm_wo32(chan->inst, i + 4, 0x0436086c);
3978 -+ nvkm_wo32(chan->inst, i + 8, 0x000c001b);
3979 - }
3980 - for (i = 0x30b8; i < 0x30c8; i += 4)
3981 - nvkm_wo32(chan->inst, i, 0x0000ffff);
3982 -diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv34.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv34.c
3983 -index 2207dac2..300f5ed 100644
3984 ---- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv34.c
3985 -+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/nv34.c
3986 -@@ -75,8 +75,8 @@ nv34_gr_chan_new(struct nvkm_gr *base, struct nvkm_fifo_chan *fifoch,
3987 - nvkm_wo32(chan->inst, i, 0x00040004);
3988 - for (i = 0x15ac; i <= 0x271c ; i += 16) {
3989 - nvkm_wo32(chan->inst, i + 0, 0x10700ff9);
3990 -- nvkm_wo32(chan->inst, i + 1, 0x0436086c);
3991 -- nvkm_wo32(chan->inst, i + 2, 0x000c001b);
3992 -+ nvkm_wo32(chan->inst, i + 4, 0x0436086c);
3993 -+ nvkm_wo32(chan->inst, i + 8, 0x000c001b);
3994 - }
3995 - for (i = 0x274c; i < 0x275c; i += 4)
3996 - nvkm_wo32(chan->inst, i, 0x0000ffff);
3997 -diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
3998 -index 587cae4..56bb758 100644
3999 ---- a/drivers/gpu/drm/radeon/atombios_encoders.c
4000 -+++ b/drivers/gpu/drm/radeon/atombios_encoders.c
4001 -@@ -120,6 +120,7 @@ atombios_set_backlight_level(struct radeon_encoder *radeon_encoder, u8 level)
4002 - case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_LVTMA:
4003 - case ENCODER_OBJECT_ID_INTERNAL_UNIPHY1:
4004 - case ENCODER_OBJECT_ID_INTERNAL_UNIPHY2:
4005 -+ case ENCODER_OBJECT_ID_INTERNAL_UNIPHY3:
4006 - if (dig->backlight_level == 0)
4007 - atombios_dig_transmitter_setup(encoder, ATOM_TRANSMITTER_ACTION_LCD_BLOFF, 0, 0);
4008 - else {
4009 -diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
4010 -index f8097a0..5df3ec7 100644
4011 ---- a/drivers/gpu/drm/radeon/radeon_atombios.c
4012 -+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
4013 -@@ -1155,7 +1155,7 @@ bool radeon_atom_get_clock_info(struct drm_device *dev)
4014 - le16_to_cpu(firmware_info->info.usReferenceClock);
4015 - p1pll->reference_div = 0;
4016 -
4017 -- if (crev < 2)
4018 -+ if ((frev < 2) && (crev < 2))
4019 - p1pll->pll_out_min =
4020 - le16_to_cpu(firmware_info->info.usMinPixelClockPLL_Output);
4021 - else
4022 -@@ -1164,7 +1164,7 @@ bool radeon_atom_get_clock_info(struct drm_device *dev)
4023 - p1pll->pll_out_max =
4024 - le32_to_cpu(firmware_info->info.ulMaxPixelClockPLL_Output);
4025 -
4026 -- if (crev >= 4) {
4027 -+ if (((frev < 2) && (crev >= 4)) || (frev >= 2)) {
4028 - p1pll->lcd_pll_out_min =
4029 - le16_to_cpu(firmware_info->info_14.usLcdMinPixelClockPLL_Output) * 100;
4030 - if (p1pll->lcd_pll_out_min == 0)
4031 -diff --git a/drivers/gpu/drm/radeon/radeon_atpx_handler.c b/drivers/gpu/drm/radeon/radeon_atpx_handler.c
4032 -index 95f4fea..1b3f4e5 100644
4033 ---- a/drivers/gpu/drm/radeon/radeon_atpx_handler.c
4034 -+++ b/drivers/gpu/drm/radeon/radeon_atpx_handler.c
4035 -@@ -10,6 +10,7 @@
4036 - #include <linux/slab.h>
4037 - #include <linux/acpi.h>
4038 - #include <linux/pci.h>
4039 -+#include <linux/delay.h>
4040 -
4041 - #include "radeon_acpi.h"
4042 -
4043 -@@ -258,6 +259,10 @@ static int radeon_atpx_set_discrete_state(struct radeon_atpx *atpx, u8 state)
4044 - if (!info)
4045 - return -EIO;
4046 - kfree(info);
4047 -+
4048 -+ /* 200ms delay is required after off */
4049 -+ if (state == 0)
4050 -+ msleep(200);
4051 - }
4052 - return 0;
4053 - }
4054 -diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
4055 -index 81a63d7..b79f3b0 100644
4056 ---- a/drivers/gpu/drm/radeon/radeon_connectors.c
4057 -+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
4058 -@@ -2064,7 +2064,6 @@ radeon_add_atom_connector(struct drm_device *dev,
4059 - RADEON_OUTPUT_CSC_BYPASS);
4060 - /* no HPD on analog connectors */
4061 - radeon_connector->hpd.hpd = RADEON_HPD_NONE;
4062 -- connector->polled = DRM_CONNECTOR_POLL_CONNECT;
4063 - connector->interlace_allowed = true;
4064 - connector->doublescan_allowed = true;
4065 - break;
4066 -@@ -2314,8 +2313,10 @@ radeon_add_atom_connector(struct drm_device *dev,
4067 - }
4068 -
4069 - if (radeon_connector->hpd.hpd == RADEON_HPD_NONE) {
4070 -- if (i2c_bus->valid)
4071 -- connector->polled = DRM_CONNECTOR_POLL_CONNECT;
4072 -+ if (i2c_bus->valid) {
4073 -+ connector->polled = DRM_CONNECTOR_POLL_CONNECT |
4074 -+ DRM_CONNECTOR_POLL_DISCONNECT;
4075 -+ }
4076 - } else
4077 - connector->polled = DRM_CONNECTOR_POLL_HPD;
4078 -
4079 -@@ -2391,7 +2392,6 @@ radeon_add_legacy_connector(struct drm_device *dev,
4080 - 1);
4081 - /* no HPD on analog connectors */
4082 - radeon_connector->hpd.hpd = RADEON_HPD_NONE;
4083 -- connector->polled = DRM_CONNECTOR_POLL_CONNECT;
4084 - connector->interlace_allowed = true;
4085 - connector->doublescan_allowed = true;
4086 - break;
4087 -@@ -2476,10 +2476,13 @@ radeon_add_legacy_connector(struct drm_device *dev,
4088 - }
4089 -
4090 - if (radeon_connector->hpd.hpd == RADEON_HPD_NONE) {
4091 -- if (i2c_bus->valid)
4092 -- connector->polled = DRM_CONNECTOR_POLL_CONNECT;
4093 -+ if (i2c_bus->valid) {
4094 -+ connector->polled = DRM_CONNECTOR_POLL_CONNECT |
4095 -+ DRM_CONNECTOR_POLL_DISCONNECT;
4096 -+ }
4097 - } else
4098 - connector->polled = DRM_CONNECTOR_POLL_HPD;
4099 -+
4100 - connector->display_info.subpixel_order = subpixel_order;
4101 - drm_connector_register(connector);
4102 - }
4103 -diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
4104 -index 1c4d5b5..b167323 100644
4105 ---- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
4106 -+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
4107 -@@ -1048,6 +1048,17 @@ static void vop_crtc_destroy(struct drm_crtc *crtc)
4108 - drm_crtc_cleanup(crtc);
4109 - }
4110 -
4111 -+static void vop_crtc_reset(struct drm_crtc *crtc)
4112 -+{
4113 -+ if (crtc->state)
4114 -+ __drm_atomic_helper_crtc_destroy_state(crtc->state);
4115 -+ kfree(crtc->state);
4116 -+
4117 -+ crtc->state = kzalloc(sizeof(struct rockchip_crtc_state), GFP_KERNEL);
4118 -+ if (crtc->state)
4119 -+ crtc->state->crtc = crtc;
4120 -+}
4121 -+
4122 - static struct drm_crtc_state *vop_crtc_duplicate_state(struct drm_crtc *crtc)
4123 - {
4124 - struct rockchip_crtc_state *rockchip_state;
4125 -@@ -1073,7 +1084,7 @@ static const struct drm_crtc_funcs vop_crtc_funcs = {
4126 - .set_config = drm_atomic_helper_set_config,
4127 - .page_flip = drm_atomic_helper_page_flip,
4128 - .destroy = vop_crtc_destroy,
4129 -- .reset = drm_atomic_helper_crtc_reset,
4130 -+ .reset = vop_crtc_reset,
4131 - .atomic_duplicate_state = vop_crtc_duplicate_state,
4132 - .atomic_destroy_state = vop_crtc_destroy_state,
4133 - };
4134 -diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c
4135 -index 16b6f11..99ec3ff 100644
4136 ---- a/drivers/hid/uhid.c
4137 -+++ b/drivers/hid/uhid.c
4138 -@@ -51,10 +51,26 @@ struct uhid_device {
4139 - u32 report_id;
4140 - u32 report_type;
4141 - struct uhid_event report_buf;
4142 -+ struct work_struct worker;
4143 - };
4144 -
4145 - static struct miscdevice uhid_misc;
4146 -
4147 -+static void uhid_device_add_worker(struct work_struct *work)
4148 -+{
4149 -+ struct uhid_device *uhid = container_of(work, struct uhid_device, worker);
4150 -+ int ret;
4151 -+
4152 -+ ret = hid_add_device(uhid->hid);
4153 -+ if (ret) {
4154 -+ hid_err(uhid->hid, "Cannot register HID device: error %d\n", ret);
4155 -+
4156 -+ hid_destroy_device(uhid->hid);
4157 -+ uhid->hid = NULL;
4158 -+ uhid->running = false;
4159 -+ }
4160 -+}
4161 -+
4162 - static void uhid_queue(struct uhid_device *uhid, struct uhid_event *ev)
4163 - {
4164 - __u8 newhead;
4165 -@@ -498,18 +514,14 @@ static int uhid_dev_create2(struct uhid_device *uhid,
4166 - uhid->hid = hid;
4167 - uhid->running = true;
4168 -
4169 -- ret = hid_add_device(hid);
4170 -- if (ret) {
4171 -- hid_err(hid, "Cannot register HID device\n");
4172 -- goto err_hid;
4173 -- }
4174 -+ /* Adding of a HID device is done through a worker, to allow HID drivers
4175 -+ * which use feature requests during .probe to work, without they would
4176 -+ * be blocked on devlock, which is held by uhid_char_write.
4177 -+ */
4178 -+ schedule_work(&uhid->worker);
4179 -
4180 - return 0;
4181 -
4182 --err_hid:
4183 -- hid_destroy_device(hid);
4184 -- uhid->hid = NULL;
4185 -- uhid->running = false;
4186 - err_free:
4187 - kfree(uhid->rd_data);
4188 - uhid->rd_data = NULL;
4189 -@@ -550,6 +562,8 @@ static int uhid_dev_destroy(struct uhid_device *uhid)
4190 - uhid->running = false;
4191 - wake_up_interruptible(&uhid->report_wait);
4192 -
4193 -+ cancel_work_sync(&uhid->worker);
4194 -+
4195 - hid_destroy_device(uhid->hid);
4196 - kfree(uhid->rd_data);
4197 -
4198 -@@ -612,6 +626,7 @@ static int uhid_char_open(struct inode *inode, struct file *file)
4199 - init_waitqueue_head(&uhid->waitq);
4200 - init_waitqueue_head(&uhid->report_wait);
4201 - uhid->running = false;
4202 -+ INIT_WORK(&uhid->worker, uhid_device_add_worker);
4203 -
4204 - file->private_data = uhid;
4205 - nonseekable_open(inode, file);
4206 -diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
4207 -index 952f20f..e82f7e1 100644
4208 ---- a/drivers/hv/vmbus_drv.c
4209 -+++ b/drivers/hv/vmbus_drv.c
4210 -@@ -42,6 +42,7 @@
4211 - #include <linux/screen_info.h>
4212 - #include <linux/kdebug.h>
4213 - #include <linux/efi.h>
4214 -+#include <linux/random.h>
4215 - #include "hyperv_vmbus.h"
4216 -
4217 - static struct acpi_device *hv_acpi_dev;
4218 -@@ -806,6 +807,8 @@ static void vmbus_isr(void)
4219 - else
4220 - tasklet_schedule(hv_context.msg_dpc[cpu]);
4221 - }
4222 -+
4223 -+ add_interrupt_randomness(HYPERVISOR_CALLBACK_VECTOR, 0);
4224 - }
4225 -
4226 -
4227 -diff --git a/drivers/i2c/busses/i2c-efm32.c b/drivers/i2c/busses/i2c-efm32.c
4228 -index 8eff627..e253598 100644
4229 ---- a/drivers/i2c/busses/i2c-efm32.c
4230 -+++ b/drivers/i2c/busses/i2c-efm32.c
4231 -@@ -433,7 +433,7 @@ static int efm32_i2c_probe(struct platform_device *pdev)
4232 - ret = request_irq(ddata->irq, efm32_i2c_irq, 0, DRIVER_NAME, ddata);
4233 - if (ret < 0) {
4234 - dev_err(&pdev->dev, "failed to request irq (%d)\n", ret);
4235 -- return ret;
4236 -+ goto err_disable_clk;
4237 - }
4238 -
4239 - ret = i2c_add_adapter(&ddata->adapter);
4240 -diff --git a/drivers/infiniband/core/rw.c b/drivers/infiniband/core/rw.c
4241 -index 1eb9b12..dbfd854 100644
4242 ---- a/drivers/infiniband/core/rw.c
4243 -+++ b/drivers/infiniband/core/rw.c
4244 -@@ -58,19 +58,13 @@ static inline bool rdma_rw_io_needs_mr(struct ib_device *dev, u8 port_num,
4245 - return false;
4246 - }
4247 -
4248 --static inline u32 rdma_rw_max_sge(struct ib_device *dev,
4249 -- enum dma_data_direction dir)
4250 --{
4251 -- return dir == DMA_TO_DEVICE ?
4252 -- dev->attrs.max_sge : dev->attrs.max_sge_rd;
4253 --}
4254 --
4255 - static inline u32 rdma_rw_fr_page_list_len(struct ib_device *dev)
4256 - {
4257 - /* arbitrary limit to avoid allocating gigantic resources */
4258 - return min_t(u32, dev->attrs.max_fast_reg_page_list_len, 256);
4259 - }
4260 -
4261 -+/* Caller must have zero-initialized *reg. */
4262 - static int rdma_rw_init_one_mr(struct ib_qp *qp, u8 port_num,
4263 - struct rdma_rw_reg_ctx *reg, struct scatterlist *sg,
4264 - u32 sg_cnt, u32 offset)
4265 -@@ -114,6 +108,7 @@ static int rdma_rw_init_mr_wrs(struct rdma_rw_ctx *ctx, struct ib_qp *qp,
4266 - u8 port_num, struct scatterlist *sg, u32 sg_cnt, u32 offset,
4267 - u64 remote_addr, u32 rkey, enum dma_data_direction dir)
4268 - {
4269 -+ struct rdma_rw_reg_ctx *prev = NULL;
4270 - u32 pages_per_mr = rdma_rw_fr_page_list_len(qp->pd->device);
4271 - int i, j, ret = 0, count = 0;
4272 -
4273 -@@ -125,7 +120,6 @@ static int rdma_rw_init_mr_wrs(struct rdma_rw_ctx *ctx, struct ib_qp *qp,
4274 - }
4275 -
4276 - for (i = 0; i < ctx->nr_ops; i++) {
4277 -- struct rdma_rw_reg_ctx *prev = i ? &ctx->reg[i - 1] : NULL;
4278 - struct rdma_rw_reg_ctx *reg = &ctx->reg[i];
4279 - u32 nents = min(sg_cnt, pages_per_mr);
4280 -
4281 -@@ -162,9 +156,13 @@ static int rdma_rw_init_mr_wrs(struct rdma_rw_ctx *ctx, struct ib_qp *qp,
4282 - sg_cnt -= nents;
4283 - for (j = 0; j < nents; j++)
4284 - sg = sg_next(sg);
4285 -+ prev = reg;
4286 - offset = 0;
4287 - }
4288 -
4289 -+ if (prev)
4290 -+ prev->wr.wr.next = NULL;
4291 -+
4292 - ctx->type = RDMA_RW_MR;
4293 - return count;
4294 -
4295 -@@ -181,7 +179,8 @@ static int rdma_rw_init_map_wrs(struct rdma_rw_ctx *ctx, struct ib_qp *qp,
4296 - u64 remote_addr, u32 rkey, enum dma_data_direction dir)
4297 - {
4298 - struct ib_device *dev = qp->pd->device;
4299 -- u32 max_sge = rdma_rw_max_sge(dev, dir);
4300 -+ u32 max_sge = dir == DMA_TO_DEVICE ? qp->max_write_sge :
4301 -+ qp->max_read_sge;
4302 - struct ib_sge *sge;
4303 - u32 total_len = 0, i, j;
4304 -
4305 -@@ -205,11 +204,10 @@ static int rdma_rw_init_map_wrs(struct rdma_rw_ctx *ctx, struct ib_qp *qp,
4306 - rdma_wr->wr.opcode = IB_WR_RDMA_READ;
4307 - rdma_wr->remote_addr = remote_addr + total_len;
4308 - rdma_wr->rkey = rkey;
4309 -+ rdma_wr->wr.num_sge = nr_sge;
4310 - rdma_wr->wr.sg_list = sge;
4311 -
4312 - for (j = 0; j < nr_sge; j++, sg = sg_next(sg)) {
4313 -- rdma_wr->wr.num_sge++;
4314 --
4315 - sge->addr = ib_sg_dma_address(dev, sg) + offset;
4316 - sge->length = ib_sg_dma_len(dev, sg) - offset;
4317 - sge->lkey = qp->pd->local_dma_lkey;
4318 -@@ -220,8 +218,8 @@ static int rdma_rw_init_map_wrs(struct rdma_rw_ctx *ctx, struct ib_qp *qp,
4319 - offset = 0;
4320 - }
4321 -
4322 -- if (i + 1 < ctx->nr_ops)
4323 -- rdma_wr->wr.next = &ctx->map.wrs[i + 1].wr;
4324 -+ rdma_wr->wr.next = i + 1 < ctx->nr_ops ?
4325 -+ &ctx->map.wrs[i + 1].wr : NULL;
4326 - }
4327 -
4328 - ctx->type = RDMA_RW_MULTI_WR;
4329 -diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
4330 -index 6298f54..e39a0b5 100644
4331 ---- a/drivers/infiniband/core/verbs.c
4332 -+++ b/drivers/infiniband/core/verbs.c
4333 -@@ -814,6 +814,15 @@ struct ib_qp *ib_create_qp(struct ib_pd *pd,
4334 - }
4335 - }
4336 -
4337 -+ /*
4338 -+ * Note: all hw drivers guarantee that max_send_sge is lower than
4339 -+ * the device RDMA WRITE SGE limit but not all hw drivers ensure that
4340 -+ * max_send_sge <= max_sge_rd.
4341 -+ */
4342 -+ qp->max_write_sge = qp_init_attr->cap.max_send_sge;
4343 -+ qp->max_read_sge = min_t(u32, qp_init_attr->cap.max_send_sge,
4344 -+ device->attrs.max_sge_rd);
4345 -+
4346 - return qp;
4347 - }
4348 - EXPORT_SYMBOL(ib_create_qp);
4349 -diff --git a/drivers/infiniband/hw/mlx5/gsi.c b/drivers/infiniband/hw/mlx5/gsi.c
4350 -index 53e03c8..79e6309 100644
4351 ---- a/drivers/infiniband/hw/mlx5/gsi.c
4352 -+++ b/drivers/infiniband/hw/mlx5/gsi.c
4353 -@@ -69,15 +69,6 @@ static bool mlx5_ib_deth_sqpn_cap(struct mlx5_ib_dev *dev)
4354 - return MLX5_CAP_GEN(dev->mdev, set_deth_sqpn);
4355 - }
4356 -
4357 --static u32 next_outstanding(struct mlx5_ib_gsi_qp *gsi, u32 index)
4358 --{
4359 -- return ++index % gsi->cap.max_send_wr;
4360 --}
4361 --
4362 --#define for_each_outstanding_wr(gsi, index) \
4363 -- for (index = gsi->outstanding_ci; index != gsi->outstanding_pi; \
4364 -- index = next_outstanding(gsi, index))
4365 --
4366 - /* Call with gsi->lock locked */
4367 - static void generate_completions(struct mlx5_ib_gsi_qp *gsi)
4368 - {
4369 -@@ -85,8 +76,9 @@ static void generate_completions(struct mlx5_ib_gsi_qp *gsi)
4370 - struct mlx5_ib_gsi_wr *wr;
4371 - u32 index;
4372 -
4373 -- for_each_outstanding_wr(gsi, index) {
4374 -- wr = &gsi->outstanding_wrs[index];
4375 -+ for (index = gsi->outstanding_ci; index != gsi->outstanding_pi;
4376 -+ index++) {
4377 -+ wr = &gsi->outstanding_wrs[index % gsi->cap.max_send_wr];
4378 -
4379 - if (!wr->completed)
4380 - break;
4381 -@@ -430,8 +422,9 @@ static int mlx5_ib_add_outstanding_wr(struct mlx5_ib_gsi_qp *gsi,
4382 - return -ENOMEM;
4383 - }
4384 -
4385 -- gsi_wr = &gsi->outstanding_wrs[gsi->outstanding_pi];
4386 -- gsi->outstanding_pi = next_outstanding(gsi, gsi->outstanding_pi);
4387 -+ gsi_wr = &gsi->outstanding_wrs[gsi->outstanding_pi %
4388 -+ gsi->cap.max_send_wr];
4389 -+ gsi->outstanding_pi++;
4390 -
4391 - if (!wc) {
4392 - memset(&gsi_wr->wc, 0, sizeof(gsi_wr->wc));
4393 -diff --git a/drivers/infiniband/sw/rdmavt/Kconfig b/drivers/infiniband/sw/rdmavt/Kconfig
4394 -index 11aa6a3..1da8d01 100644
4395 ---- a/drivers/infiniband/sw/rdmavt/Kconfig
4396 -+++ b/drivers/infiniband/sw/rdmavt/Kconfig
4397 -@@ -1,6 +1,5 @@
4398 - config INFINIBAND_RDMAVT
4399 - tristate "RDMA verbs transport library"
4400 - depends on 64BIT
4401 -- default m
4402 - ---help---
4403 - This is a common software verbs provider for RDMA networks.
4404 -diff --git a/drivers/infiniband/sw/rdmavt/cq.c b/drivers/infiniband/sw/rdmavt/cq.c
4405 -index 6ca6fa8..f2f229e 100644
4406 ---- a/drivers/infiniband/sw/rdmavt/cq.c
4407 -+++ b/drivers/infiniband/sw/rdmavt/cq.c
4408 -@@ -510,6 +510,7 @@ int rvt_driver_cq_init(struct rvt_dev_info *rdi)
4409 -
4410 - if (rdi->worker)
4411 - return 0;
4412 -+ spin_lock_init(&rdi->n_cqs_lock);
4413 - rdi->worker = kzalloc(sizeof(*rdi->worker), GFP_KERNEL);
4414 - if (!rdi->worker)
4415 - return -ENOMEM;
4416 -diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c
4417 -index 4a41556..9a3b954 100644
4418 ---- a/drivers/infiniband/ulp/srpt/ib_srpt.c
4419 -+++ b/drivers/infiniband/ulp/srpt/ib_srpt.c
4420 -@@ -1601,6 +1601,7 @@ static int srpt_create_ch_ib(struct srpt_rdma_ch *ch)
4421 - struct ib_qp_init_attr *qp_init;
4422 - struct srpt_port *sport = ch->sport;
4423 - struct srpt_device *sdev = sport->sdev;
4424 -+ const struct ib_device_attr *attrs = &sdev->device->attrs;
4425 - u32 srp_sq_size = sport->port_attrib.srp_sq_size;
4426 - int ret;
4427 -
4428 -@@ -1638,7 +1639,7 @@ retry:
4429 - */
4430 - qp_init->cap.max_send_wr = srp_sq_size / 2;
4431 - qp_init->cap.max_rdma_ctxs = srp_sq_size / 2;
4432 -- qp_init->cap.max_send_sge = SRPT_DEF_SG_PER_WQE;
4433 -+ qp_init->cap.max_send_sge = min(attrs->max_sge, SRPT_MAX_SG_PER_WQE);
4434 - qp_init->port_num = ch->sport->port;
4435 -
4436 - ch->qp = ib_create_qp(sdev->pd, qp_init);
4437 -diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.h b/drivers/infiniband/ulp/srpt/ib_srpt.h
4438 -index 3890304..5818787 100644
4439 ---- a/drivers/infiniband/ulp/srpt/ib_srpt.h
4440 -+++ b/drivers/infiniband/ulp/srpt/ib_srpt.h
4441 -@@ -106,7 +106,11 @@ enum {
4442 - SRP_LOGIN_RSP_MULTICHAN_MAINTAINED = 0x2,
4443 -
4444 - SRPT_DEF_SG_TABLESIZE = 128,
4445 -- SRPT_DEF_SG_PER_WQE = 16,
4446 -+ /*
4447 -+ * An experimentally determined value that avoids that QP creation
4448 -+ * fails due to "swiotlb buffer is full" on systems using the swiotlb.
4449 -+ */
4450 -+ SRPT_MAX_SG_PER_WQE = 16,
4451 -
4452 - MIN_SRPT_SQ_SIZE = 16,
4453 - DEF_SRPT_SQ_SIZE = 4096,
4454 -diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c
4455 -index 2f58985..d15b338 100644
4456 ---- a/drivers/input/mouse/elan_i2c_core.c
4457 -+++ b/drivers/input/mouse/elan_i2c_core.c
4458 -@@ -4,7 +4,8 @@
4459 - * Copyright (c) 2013 ELAN Microelectronics Corp.
4460 - *
4461 - * Author: 林政維 (Duson Lin) <dusonlin@×××××××.tw>
4462 -- * Version: 1.6.0
4463 -+ * Author: KT Liao <kt.liao@×××××××.tw>
4464 -+ * Version: 1.6.2
4465 - *
4466 - * Based on cyapa driver:
4467 - * copyright (c) 2011-2012 Cypress Semiconductor, Inc.
4468 -@@ -40,7 +41,7 @@
4469 - #include "elan_i2c.h"
4470 -
4471 - #define DRIVER_NAME "elan_i2c"
4472 --#define ELAN_DRIVER_VERSION "1.6.1"
4473 -+#define ELAN_DRIVER_VERSION "1.6.2"
4474 - #define ELAN_VENDOR_ID 0x04f3
4475 - #define ETP_MAX_PRESSURE 255
4476 - #define ETP_FWIDTH_REDUCE 90
4477 -@@ -199,9 +200,41 @@ static int elan_sleep(struct elan_tp_data *data)
4478 - return error;
4479 - }
4480 -
4481 -+static int elan_query_product(struct elan_tp_data *data)
4482 -+{
4483 -+ int error;
4484 -+
4485 -+ error = data->ops->get_product_id(data->client, &data->product_id);
4486 -+ if (error)
4487 -+ return error;
4488 -+
4489 -+ error = data->ops->get_sm_version(data->client, &data->ic_type,
4490 -+ &data->sm_version);
4491 -+ if (error)
4492 -+ return error;
4493 -+
4494 -+ return 0;
4495 -+}
4496 -+
4497 -+static int elan_check_ASUS_special_fw(struct elan_tp_data *data)
4498 -+{
4499 -+ if (data->ic_type != 0x0E)
4500 -+ return false;
4501 -+
4502 -+ switch (data->product_id) {
4503 -+ case 0x05 ... 0x07:
4504 -+ case 0x09:
4505 -+ case 0x13:
4506 -+ return true;
4507 -+ default:
4508 -+ return false;
4509 -+ }
4510 -+}
4511 -+
4512 - static int __elan_initialize(struct elan_tp_data *data)
4513 - {
4514 - struct i2c_client *client = data->client;
4515 -+ bool woken_up = false;
4516 - int error;
4517 -
4518 - error = data->ops->initialize(client);
4519 -@@ -210,6 +243,27 @@ static int __elan_initialize(struct elan_tp_data *data)
4520 - return error;
4521 - }
4522 -
4523 -+ error = elan_query_product(data);
4524 -+ if (error)
4525 -+ return error;
4526 -+
4527 -+ /*
4528 -+ * Some ASUS devices were shipped with firmware that requires
4529 -+ * touchpads to be woken up first, before attempting to switch
4530 -+ * them into absolute reporting mode.
4531 -+ */
4532 -+ if (elan_check_ASUS_special_fw(data)) {
4533 -+ error = data->ops->sleep_control(client, false);
4534 -+ if (error) {
4535 -+ dev_err(&client->dev,
4536 -+ "failed to wake device up: %d\n", error);
4537 -+ return error;
4538 -+ }
4539 -+
4540 -+ msleep(200);
4541 -+ woken_up = true;
4542 -+ }
4543 -+
4544 - data->mode |= ETP_ENABLE_ABS;
4545 - error = data->ops->set_mode(client, data->mode);
4546 - if (error) {
4547 -@@ -218,11 +272,13 @@ static int __elan_initialize(struct elan_tp_data *data)
4548 - return error;
4549 - }
4550 -
4551 -- error = data->ops->sleep_control(client, false);
4552 -- if (error) {
4553 -- dev_err(&client->dev,
4554 -- "failed to wake device up: %d\n", error);
4555 -- return error;
4556 -+ if (!woken_up) {
4557 -+ error = data->ops->sleep_control(client, false);
4558 -+ if (error) {
4559 -+ dev_err(&client->dev,
4560 -+ "failed to wake device up: %d\n", error);
4561 -+ return error;
4562 -+ }
4563 - }
4564 -
4565 - return 0;
4566 -@@ -248,10 +304,6 @@ static int elan_query_device_info(struct elan_tp_data *data)
4567 - {
4568 - int error;
4569 -
4570 -- error = data->ops->get_product_id(data->client, &data->product_id);
4571 -- if (error)
4572 -- return error;
4573 --
4574 - error = data->ops->get_version(data->client, false, &data->fw_version);
4575 - if (error)
4576 - return error;
4577 -@@ -261,11 +313,6 @@ static int elan_query_device_info(struct elan_tp_data *data)
4578 - if (error)
4579 - return error;
4580 -
4581 -- error = data->ops->get_sm_version(data->client, &data->ic_type,
4582 -- &data->sm_version);
4583 -- if (error)
4584 -- return error;
4585 --
4586 - error = data->ops->get_version(data->client, true, &data->iap_version);
4587 - if (error)
4588 - return error;
4589 -diff --git a/drivers/input/touchscreen/sur40.c b/drivers/input/touchscreen/sur40.c
4590 -index 880c40b..b7e8c11 100644
4591 ---- a/drivers/input/touchscreen/sur40.c
4592 -+++ b/drivers/input/touchscreen/sur40.c
4593 -@@ -126,7 +126,7 @@ struct sur40_image_header {
4594 - #define VIDEO_PACKET_SIZE 16384
4595 -
4596 - /* polling interval (ms) */
4597 --#define POLL_INTERVAL 4
4598 -+#define POLL_INTERVAL 1
4599 -
4600 - /* maximum number of contacts FIXME: this is a guess? */
4601 - #define MAX_CONTACTS 64
4602 -@@ -448,7 +448,7 @@ static void sur40_process_video(struct sur40_state *sur40)
4603 -
4604 - /* return error if streaming was stopped in the meantime */
4605 - if (sur40->sequence == -1)
4606 -- goto err_poll;
4607 -+ return;
4608 -
4609 - /* mark as finished */
4610 - new_buf->vb.vb2_buf.timestamp = ktime_get_ns();
4611 -@@ -736,6 +736,7 @@ static int sur40_start_streaming(struct vb2_queue *vq, unsigned int count)
4612 - static void sur40_stop_streaming(struct vb2_queue *vq)
4613 - {
4614 - struct sur40_state *sur40 = vb2_get_drv_priv(vq);
4615 -+ vb2_wait_for_all_buffers(vq);
4616 - sur40->sequence = -1;
4617 -
4618 - /* Release all active buffers */
4619 -diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
4620 -index 634f636..2511c8b 100644
4621 ---- a/drivers/iommu/amd_iommu.c
4622 -+++ b/drivers/iommu/amd_iommu.c
4623 -@@ -466,9 +466,11 @@ static void init_iommu_group(struct device *dev)
4624 - if (!domain)
4625 - goto out;
4626 -
4627 -- dma_domain = to_pdomain(domain)->priv;
4628 -+ if (to_pdomain(domain)->flags == PD_DMA_OPS_MASK) {
4629 -+ dma_domain = to_pdomain(domain)->priv;
4630 -+ init_unity_mappings_for_device(dev, dma_domain);
4631 -+ }
4632 -
4633 -- init_unity_mappings_for_device(dev, dma_domain);
4634 - out:
4635 - iommu_group_put(group);
4636 - }
4637 -@@ -2512,8 +2514,15 @@ static void update_device_table(struct protection_domain *domain)
4638 - {
4639 - struct iommu_dev_data *dev_data;
4640 -
4641 -- list_for_each_entry(dev_data, &domain->dev_list, list)
4642 -+ list_for_each_entry(dev_data, &domain->dev_list, list) {
4643 - set_dte_entry(dev_data->devid, domain, dev_data->ats.enabled);
4644 -+
4645 -+ if (dev_data->devid == dev_data->alias)
4646 -+ continue;
4647 -+
4648 -+ /* There is an alias, update device table entry for it */
4649 -+ set_dte_entry(dev_data->alias, domain, dev_data->ats.enabled);
4650 -+ }
4651 - }
4652 -
4653 - static void update_domain(struct protection_domain *domain)
4654 -@@ -3103,9 +3112,7 @@ static struct iommu_domain *amd_iommu_domain_alloc(unsigned type)
4655 - static void amd_iommu_domain_free(struct iommu_domain *dom)
4656 - {
4657 - struct protection_domain *domain;
4658 --
4659 -- if (!dom)
4660 -- return;
4661 -+ struct dma_ops_domain *dma_dom;
4662 -
4663 - domain = to_pdomain(dom);
4664 -
4665 -@@ -3114,13 +3121,24 @@ static void amd_iommu_domain_free(struct iommu_domain *dom)
4666 -
4667 - BUG_ON(domain->dev_cnt != 0);
4668 -
4669 -- if (domain->mode != PAGE_MODE_NONE)
4670 -- free_pagetable(domain);
4671 -+ if (!dom)
4672 -+ return;
4673 -+
4674 -+ switch (dom->type) {
4675 -+ case IOMMU_DOMAIN_DMA:
4676 -+ dma_dom = domain->priv;
4677 -+ dma_ops_domain_free(dma_dom);
4678 -+ break;
4679 -+ default:
4680 -+ if (domain->mode != PAGE_MODE_NONE)
4681 -+ free_pagetable(domain);
4682 -
4683 -- if (domain->flags & PD_IOMMUV2_MASK)
4684 -- free_gcr3_table(domain);
4685 -+ if (domain->flags & PD_IOMMUV2_MASK)
4686 -+ free_gcr3_table(domain);
4687 -
4688 -- protection_domain_free(domain);
4689 -+ protection_domain_free(domain);
4690 -+ break;
4691 -+ }
4692 - }
4693 -
4694 - static void amd_iommu_detach_device(struct iommu_domain *dom,
4695 -diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c
4696 -index 5ecc86c..e27e3b7df 100644
4697 ---- a/drivers/iommu/exynos-iommu.c
4698 -+++ b/drivers/iommu/exynos-iommu.c
4699 -@@ -709,6 +709,7 @@ static struct platform_driver exynos_sysmmu_driver __refdata = {
4700 - .name = "exynos-sysmmu",
4701 - .of_match_table = sysmmu_of_match,
4702 - .pm = &sysmmu_pm_ops,
4703 -+ .suppress_bind_attrs = true,
4704 - }
4705 - };
4706 -
4707 -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
4708 -index 323dac9..d416242 100644
4709 ---- a/drivers/iommu/intel-iommu.c
4710 -+++ b/drivers/iommu/intel-iommu.c
4711 -@@ -2076,7 +2076,7 @@ out_unlock:
4712 - spin_unlock(&iommu->lock);
4713 - spin_unlock_irqrestore(&device_domain_lock, flags);
4714 -
4715 -- return 0;
4716 -+ return ret;
4717 - }
4718 -
4719 - struct domain_context_mapping_data {
4720 -diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
4721 -index a1ed1b7..f5c90e1 100644
4722 ---- a/drivers/iommu/io-pgtable-arm.c
4723 -+++ b/drivers/iommu/io-pgtable-arm.c
4724 -@@ -576,7 +576,7 @@ static phys_addr_t arm_lpae_iova_to_phys(struct io_pgtable_ops *ops,
4725 - return 0;
4726 -
4727 - found_translation:
4728 -- iova &= (ARM_LPAE_GRANULE(data) - 1);
4729 -+ iova &= (ARM_LPAE_BLOCK_SIZE(lvl, data) - 1);
4730 - return ((phys_addr_t)iopte_to_pfn(pte,data) << data->pg_shift) | iova;
4731 - }
4732 -
4733 -diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c
4734 -index b7341de..4bb49cd 100644
4735 ---- a/drivers/md/dm-flakey.c
4736 -+++ b/drivers/md/dm-flakey.c
4737 -@@ -289,10 +289,16 @@ static int flakey_map(struct dm_target *ti, struct bio *bio)
4738 - pb->bio_submitted = true;
4739 -
4740 - /*
4741 -- * Map reads as normal.
4742 -+ * Map reads as normal only if corrupt_bio_byte set.
4743 - */
4744 -- if (bio_data_dir(bio) == READ)
4745 -- goto map_bio;
4746 -+ if (bio_data_dir(bio) == READ) {
4747 -+ /* If flags were specified, only corrupt those that match. */
4748 -+ if (fc->corrupt_bio_byte && (fc->corrupt_bio_rw == READ) &&
4749 -+ all_corrupt_bio_flags_match(bio, fc))
4750 -+ goto map_bio;
4751 -+ else
4752 -+ return -EIO;
4753 -+ }
4754 -
4755 - /*
4756 - * Drop writes?
4757 -@@ -330,12 +336,13 @@ static int flakey_end_io(struct dm_target *ti, struct bio *bio, int error)
4758 -
4759 - /*
4760 - * Corrupt successful READs while in down state.
4761 -- * If flags were specified, only corrupt those that match.
4762 - */
4763 -- if (fc->corrupt_bio_byte && !error && pb->bio_submitted &&
4764 -- (bio_data_dir(bio) == READ) && (fc->corrupt_bio_rw == READ) &&
4765 -- all_corrupt_bio_flags_match(bio, fc))
4766 -- corrupt_bio_data(bio, fc);
4767 -+ if (!error && pb->bio_submitted && (bio_data_dir(bio) == READ)) {
4768 -+ if (fc->corrupt_bio_byte)
4769 -+ corrupt_bio_data(bio, fc);
4770 -+ else
4771 -+ return -EIO;
4772 -+ }
4773 -
4774 - return error;
4775 - }
4776 -diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c
4777 -index 459a9f8..0f0eb8a 100644
4778 ---- a/drivers/md/dm-verity-fec.c
4779 -+++ b/drivers/md/dm-verity-fec.c
4780 -@@ -453,9 +453,7 @@ int verity_fec_decode(struct dm_verity *v, struct dm_verity_io *io,
4781 - */
4782 -
4783 - offset = block << v->data_dev_block_bits;
4784 --
4785 -- res = offset;
4786 -- div64_u64(res, v->fec->rounds << v->data_dev_block_bits);
4787 -+ res = div64_u64(offset, v->fec->rounds << v->data_dev_block_bits);
4788 -
4789 - /*
4790 - * The base RS block we can feed to the interleaver to find out all
4791 -diff --git a/drivers/md/dm.c b/drivers/md/dm.c
4792 -index 1b2f962..fd40bcb 100644
4793 ---- a/drivers/md/dm.c
4794 -+++ b/drivers/md/dm.c
4795 -@@ -2175,7 +2175,7 @@ static void dm_request_fn(struct request_queue *q)
4796 - md_in_flight(md) && rq->bio && rq->bio->bi_vcnt == 1 &&
4797 - md->last_rq_pos == pos && md->last_rq_rw == rq_data_dir(rq)) ||
4798 - (ti->type->busy && ti->type->busy(ti))) {
4799 -- blk_delay_queue(q, HZ / 100);
4800 -+ blk_delay_queue(q, 10);
4801 - return;
4802 - }
4803 -
4804 -@@ -3128,7 +3128,8 @@ static void unlock_fs(struct mapped_device *md)
4805 - * Caller must hold md->suspend_lock
4806 - */
4807 - static int __dm_suspend(struct mapped_device *md, struct dm_table *map,
4808 -- unsigned suspend_flags, int interruptible)
4809 -+ unsigned suspend_flags, int interruptible,
4810 -+ int dmf_suspended_flag)
4811 - {
4812 - bool do_lockfs = suspend_flags & DM_SUSPEND_LOCKFS_FLAG;
4813 - bool noflush = suspend_flags & DM_SUSPEND_NOFLUSH_FLAG;
4814 -@@ -3195,6 +3196,8 @@ static int __dm_suspend(struct mapped_device *md, struct dm_table *map,
4815 - * to finish.
4816 - */
4817 - r = dm_wait_for_completion(md, interruptible);
4818 -+ if (!r)
4819 -+ set_bit(dmf_suspended_flag, &md->flags);
4820 -
4821 - if (noflush)
4822 - clear_bit(DMF_NOFLUSH_SUSPENDING, &md->flags);
4823 -@@ -3256,12 +3259,10 @@ retry:
4824 -
4825 - map = rcu_dereference_protected(md->map, lockdep_is_held(&md->suspend_lock));
4826 -
4827 -- r = __dm_suspend(md, map, suspend_flags, TASK_INTERRUPTIBLE);
4828 -+ r = __dm_suspend(md, map, suspend_flags, TASK_INTERRUPTIBLE, DMF_SUSPENDED);
4829 - if (r)
4830 - goto out_unlock;
4831 -
4832 -- set_bit(DMF_SUSPENDED, &md->flags);
4833 --
4834 - dm_table_postsuspend_targets(map);
4835 -
4836 - out_unlock:
4837 -@@ -3355,9 +3356,8 @@ static void __dm_internal_suspend(struct mapped_device *md, unsigned suspend_fla
4838 - * would require changing .presuspend to return an error -- avoid this
4839 - * until there is a need for more elaborate variants of internal suspend.
4840 - */
4841 -- (void) __dm_suspend(md, map, suspend_flags, TASK_UNINTERRUPTIBLE);
4842 --
4843 -- set_bit(DMF_SUSPENDED_INTERNALLY, &md->flags);
4844 -+ (void) __dm_suspend(md, map, suspend_flags, TASK_UNINTERRUPTIBLE,
4845 -+ DMF_SUSPENDED_INTERNALLY);
4846 -
4847 - dm_table_postsuspend_targets(map);
4848 - }
4849 -diff --git a/drivers/media/dvb-core/dvb_ringbuffer.c b/drivers/media/dvb-core/dvb_ringbuffer.c
4850 -index 1100e98..7df7fb3 100644
4851 ---- a/drivers/media/dvb-core/dvb_ringbuffer.c
4852 -+++ b/drivers/media/dvb-core/dvb_ringbuffer.c
4853 -@@ -55,7 +55,13 @@ void dvb_ringbuffer_init(struct dvb_ringbuffer *rbuf, void *data, size_t len)
4854 -
4855 - int dvb_ringbuffer_empty(struct dvb_ringbuffer *rbuf)
4856 - {
4857 -- return (rbuf->pread==rbuf->pwrite);
4858 -+ /* smp_load_acquire() to load write pointer on reader side
4859 -+ * this pairs with smp_store_release() in dvb_ringbuffer_write(),
4860 -+ * dvb_ringbuffer_write_user(), or dvb_ringbuffer_reset()
4861 -+ *
4862 -+ * for memory barriers also see Documentation/circular-buffers.txt
4863 -+ */
4864 -+ return (rbuf->pread == smp_load_acquire(&rbuf->pwrite));
4865 - }
4866 -
4867 -
4868 -@@ -64,7 +70,12 @@ ssize_t dvb_ringbuffer_free(struct dvb_ringbuffer *rbuf)
4869 - {
4870 - ssize_t free;
4871 -
4872 -- free = rbuf->pread - rbuf->pwrite;
4873 -+ /* ACCESS_ONCE() to load read pointer on writer side
4874 -+ * this pairs with smp_store_release() in dvb_ringbuffer_read(),
4875 -+ * dvb_ringbuffer_read_user(), dvb_ringbuffer_flush(),
4876 -+ * or dvb_ringbuffer_reset()
4877 -+ */
4878 -+ free = ACCESS_ONCE(rbuf->pread) - rbuf->pwrite;
4879 - if (free <= 0)
4880 - free += rbuf->size;
4881 - return free-1;
4882 -@@ -76,7 +87,11 @@ ssize_t dvb_ringbuffer_avail(struct dvb_ringbuffer *rbuf)
4883 - {
4884 - ssize_t avail;
4885 -
4886 -- avail = rbuf->pwrite - rbuf->pread;
4887 -+ /* smp_load_acquire() to load write pointer on reader side
4888 -+ * this pairs with smp_store_release() in dvb_ringbuffer_write(),
4889 -+ * dvb_ringbuffer_write_user(), or dvb_ringbuffer_reset()
4890 -+ */
4891 -+ avail = smp_load_acquire(&rbuf->pwrite) - rbuf->pread;
4892 - if (avail < 0)
4893 - avail += rbuf->size;
4894 - return avail;
4895 -@@ -86,14 +101,25 @@ ssize_t dvb_ringbuffer_avail(struct dvb_ringbuffer *rbuf)
4896 -
4897 - void dvb_ringbuffer_flush(struct dvb_ringbuffer *rbuf)
4898 - {
4899 -- rbuf->pread = rbuf->pwrite;
4900 -+ /* dvb_ringbuffer_flush() counts as read operation
4901 -+ * smp_load_acquire() to load write pointer
4902 -+ * smp_store_release() to update read pointer, this ensures that the
4903 -+ * correct pointer is visible for subsequent dvb_ringbuffer_free()
4904 -+ * calls on other cpu cores
4905 -+ */
4906 -+ smp_store_release(&rbuf->pread, smp_load_acquire(&rbuf->pwrite));
4907 - rbuf->error = 0;
4908 - }
4909 - EXPORT_SYMBOL(dvb_ringbuffer_flush);
4910 -
4911 - void dvb_ringbuffer_reset(struct dvb_ringbuffer *rbuf)
4912 - {
4913 -- rbuf->pread = rbuf->pwrite = 0;
4914 -+ /* dvb_ringbuffer_reset() counts as read and write operation
4915 -+ * smp_store_release() to update read pointer
4916 -+ */
4917 -+ smp_store_release(&rbuf->pread, 0);
4918 -+ /* smp_store_release() to update write pointer */
4919 -+ smp_store_release(&rbuf->pwrite, 0);
4920 - rbuf->error = 0;
4921 - }
4922 -
4923 -@@ -119,12 +145,17 @@ ssize_t dvb_ringbuffer_read_user(struct dvb_ringbuffer *rbuf, u8 __user *buf, si
4924 - return -EFAULT;
4925 - buf += split;
4926 - todo -= split;
4927 -- rbuf->pread = 0;
4928 -+ /* smp_store_release() for read pointer update to ensure
4929 -+ * that buf is not overwritten until read is complete,
4930 -+ * this pairs with ACCESS_ONCE() in dvb_ringbuffer_free()
4931 -+ */
4932 -+ smp_store_release(&rbuf->pread, 0);
4933 - }
4934 - if (copy_to_user(buf, rbuf->data+rbuf->pread, todo))
4935 - return -EFAULT;
4936 -
4937 -- rbuf->pread = (rbuf->pread + todo) % rbuf->size;
4938 -+ /* smp_store_release() to update read pointer, see above */
4939 -+ smp_store_release(&rbuf->pread, (rbuf->pread + todo) % rbuf->size);
4940 -
4941 - return len;
4942 - }
4943 -@@ -139,11 +170,16 @@ void dvb_ringbuffer_read(struct dvb_ringbuffer *rbuf, u8 *buf, size_t len)
4944 - memcpy(buf, rbuf->data+rbuf->pread, split);
4945 - buf += split;
4946 - todo -= split;
4947 -- rbuf->pread = 0;
4948 -+ /* smp_store_release() for read pointer update to ensure
4949 -+ * that buf is not overwritten until read is complete,
4950 -+ * this pairs with ACCESS_ONCE() in dvb_ringbuffer_free()
4951 -+ */
4952 -+ smp_store_release(&rbuf->pread, 0);
4953 - }
4954 - memcpy(buf, rbuf->data+rbuf->pread, todo);
4955 -
4956 -- rbuf->pread = (rbuf->pread + todo) % rbuf->size;
4957 -+ /* smp_store_release() to update read pointer, see above */
4958 -+ smp_store_release(&rbuf->pread, (rbuf->pread + todo) % rbuf->size);
4959 - }
4960 -
4961 -
4962 -@@ -158,10 +194,16 @@ ssize_t dvb_ringbuffer_write(struct dvb_ringbuffer *rbuf, const u8 *buf, size_t
4963 - memcpy(rbuf->data+rbuf->pwrite, buf, split);
4964 - buf += split;
4965 - todo -= split;
4966 -- rbuf->pwrite = 0;
4967 -+ /* smp_store_release() for write pointer update to ensure that
4968 -+ * written data is visible on other cpu cores before the pointer
4969 -+ * update, this pairs with smp_load_acquire() in
4970 -+ * dvb_ringbuffer_empty() or dvb_ringbuffer_avail()
4971 -+ */
4972 -+ smp_store_release(&rbuf->pwrite, 0);
4973 - }
4974 - memcpy(rbuf->data+rbuf->pwrite, buf, todo);
4975 -- rbuf->pwrite = (rbuf->pwrite + todo) % rbuf->size;
4976 -+ /* smp_store_release() for write pointer update, see above */
4977 -+ smp_store_release(&rbuf->pwrite, (rbuf->pwrite + todo) % rbuf->size);
4978 -
4979 - return len;
4980 - }
4981 -@@ -181,12 +223,18 @@ ssize_t dvb_ringbuffer_write_user(struct dvb_ringbuffer *rbuf,
4982 - return len - todo;
4983 - buf += split;
4984 - todo -= split;
4985 -- rbuf->pwrite = 0;
4986 -+ /* smp_store_release() for write pointer update to ensure that
4987 -+ * written data is visible on other cpu cores before the pointer
4988 -+ * update, this pairs with smp_load_acquire() in
4989 -+ * dvb_ringbuffer_empty() or dvb_ringbuffer_avail()
4990 -+ */
4991 -+ smp_store_release(&rbuf->pwrite, 0);
4992 - }
4993 - status = copy_from_user(rbuf->data+rbuf->pwrite, buf, todo);
4994 - if (status)
4995 - return len - todo;
4996 -- rbuf->pwrite = (rbuf->pwrite + todo) % rbuf->size;
4997 -+ /* smp_store_release() for write pointer update, see above */
4998 -+ smp_store_release(&rbuf->pwrite, (rbuf->pwrite + todo) % rbuf->size);
4999 -
5000 - return len;
5001 - }
5002 -diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc.c b/drivers/media/platform/s5p-mfc/s5p_mfc.c
5003 -index b16466f..beb4fd5 100644
5004 ---- a/drivers/media/platform/s5p-mfc/s5p_mfc.c
5005 -+++ b/drivers/media/platform/s5p-mfc/s5p_mfc.c
5006 -@@ -1050,6 +1050,11 @@ static int match_child(struct device *dev, void *data)
5007 - return !strcmp(dev_name(dev), (char *)data);
5008 - }
5009 -
5010 -+static void s5p_mfc_memdev_release(struct device *dev)
5011 -+{
5012 -+ dma_release_declared_memory(dev);
5013 -+}
5014 -+
5015 - static void *mfc_get_drv_data(struct platform_device *pdev);
5016 -
5017 - static int s5p_mfc_alloc_memdevs(struct s5p_mfc_dev *dev)
5018 -@@ -1062,6 +1067,9 @@ static int s5p_mfc_alloc_memdevs(struct s5p_mfc_dev *dev)
5019 - mfc_err("Not enough memory\n");
5020 - return -ENOMEM;
5021 - }
5022 -+
5023 -+ dev_set_name(dev->mem_dev_l, "%s", "s5p-mfc-l");
5024 -+ dev->mem_dev_l->release = s5p_mfc_memdev_release;
5025 - device_initialize(dev->mem_dev_l);
5026 - of_property_read_u32_array(dev->plat_dev->dev.of_node,
5027 - "samsung,mfc-l", mem_info, 2);
5028 -@@ -1079,6 +1087,9 @@ static int s5p_mfc_alloc_memdevs(struct s5p_mfc_dev *dev)
5029 - mfc_err("Not enough memory\n");
5030 - return -ENOMEM;
5031 - }
5032 -+
5033 -+ dev_set_name(dev->mem_dev_r, "%s", "s5p-mfc-r");
5034 -+ dev->mem_dev_r->release = s5p_mfc_memdev_release;
5035 - device_initialize(dev->mem_dev_r);
5036 - of_property_read_u32_array(dev->plat_dev->dev.of_node,
5037 - "samsung,mfc-r", mem_info, 2);
5038 -diff --git a/drivers/media/rc/ir-rc5-decoder.c b/drivers/media/rc/ir-rc5-decoder.c
5039 -index 6ffe776..a0fd4e6 100644
5040 ---- a/drivers/media/rc/ir-rc5-decoder.c
5041 -+++ b/drivers/media/rc/ir-rc5-decoder.c
5042 -@@ -29,7 +29,7 @@
5043 - #define RC5_BIT_START (1 * RC5_UNIT)
5044 - #define RC5_BIT_END (1 * RC5_UNIT)
5045 - #define RC5X_SPACE (4 * RC5_UNIT)
5046 --#define RC5_TRAILER (10 * RC5_UNIT) /* In reality, approx 100 */
5047 -+#define RC5_TRAILER (6 * RC5_UNIT) /* In reality, approx 100 */
5048 -
5049 - enum rc5_state {
5050 - STATE_INACTIVE,
5051 -diff --git a/drivers/media/rc/nuvoton-cir.c b/drivers/media/rc/nuvoton-cir.c
5052 -index 99b303b..e8ceb0e 100644
5053 ---- a/drivers/media/rc/nuvoton-cir.c
5054 -+++ b/drivers/media/rc/nuvoton-cir.c
5055 -@@ -401,6 +401,7 @@ static int nvt_hw_detect(struct nvt_dev *nvt)
5056 - /* Check if we're wired for the alternate EFER setup */
5057 - nvt->chip_major = nvt_cr_read(nvt, CR_CHIP_ID_HI);
5058 - if (nvt->chip_major == 0xff) {
5059 -+ nvt_efm_disable(nvt);
5060 - nvt->cr_efir = CR_EFIR2;
5061 - nvt->cr_efdr = CR_EFDR2;
5062 - nvt_efm_enable(nvt);
5063 -diff --git a/drivers/media/usb/usbtv/usbtv-audio.c b/drivers/media/usb/usbtv/usbtv-audio.c
5064 -index 78c12d2..5dab024 100644
5065 ---- a/drivers/media/usb/usbtv/usbtv-audio.c
5066 -+++ b/drivers/media/usb/usbtv/usbtv-audio.c
5067 -@@ -278,6 +278,9 @@ static void snd_usbtv_trigger(struct work_struct *work)
5068 - {
5069 - struct usbtv *chip = container_of(work, struct usbtv, snd_trigger);
5070 -
5071 -+ if (!chip->snd)
5072 -+ return;
5073 -+
5074 - if (atomic_read(&chip->snd_stream))
5075 - usbtv_audio_start(chip);
5076 - else
5077 -@@ -378,6 +381,8 @@ err:
5078 -
5079 - void usbtv_audio_free(struct usbtv *usbtv)
5080 - {
5081 -+ cancel_work_sync(&usbtv->snd_trigger);
5082 -+
5083 - if (usbtv->snd && usbtv->udev) {
5084 - snd_card_free(usbtv->snd);
5085 - usbtv->snd = NULL;
5086 -diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c
5087 -index 9fbcb67..633fc1a 100644
5088 ---- a/drivers/media/v4l2-core/videobuf2-core.c
5089 -+++ b/drivers/media/v4l2-core/videobuf2-core.c
5090 -@@ -1648,7 +1648,7 @@ static int __vb2_get_done_vb(struct vb2_queue *q, struct vb2_buffer **vb,
5091 - void *pb, int nonblocking)
5092 - {
5093 - unsigned long flags;
5094 -- int ret;
5095 -+ int ret = 0;
5096 -
5097 - /*
5098 - * Wait for at least one buffer to become available on the done_list.
5099 -@@ -1664,10 +1664,12 @@ static int __vb2_get_done_vb(struct vb2_queue *q, struct vb2_buffer **vb,
5100 - spin_lock_irqsave(&q->done_lock, flags);
5101 - *vb = list_first_entry(&q->done_list, struct vb2_buffer, done_entry);
5102 - /*
5103 -- * Only remove the buffer from done_list if v4l2_buffer can handle all
5104 -- * the planes.
5105 -+ * Only remove the buffer from done_list if all planes can be
5106 -+ * handled. Some cases such as V4L2 file I/O and DVB have pb
5107 -+ * == NULL; skip the check then as there's nothing to verify.
5108 - */
5109 -- ret = call_bufop(q, verify_planes_array, *vb, pb);
5110 -+ if (pb)
5111 -+ ret = call_bufop(q, verify_planes_array, *vb, pb);
5112 - if (!ret)
5113 - list_del(&(*vb)->done_entry);
5114 - spin_unlock_irqrestore(&q->done_lock, flags);
5115 -diff --git a/drivers/media/v4l2-core/videobuf2-v4l2.c b/drivers/media/v4l2-core/videobuf2-v4l2.c
5116 -index 0b1b8c7..7f366f1 100644
5117 ---- a/drivers/media/v4l2-core/videobuf2-v4l2.c
5118 -+++ b/drivers/media/v4l2-core/videobuf2-v4l2.c
5119 -@@ -74,6 +74,11 @@ static int __verify_planes_array(struct vb2_buffer *vb, const struct v4l2_buffer
5120 - return 0;
5121 - }
5122 -
5123 -+static int __verify_planes_array_core(struct vb2_buffer *vb, const void *pb)
5124 -+{
5125 -+ return __verify_planes_array(vb, pb);
5126 -+}
5127 -+
5128 - /**
5129 - * __verify_length() - Verify that the bytesused value for each plane fits in
5130 - * the plane length and that the data offset doesn't exceed the bytesused value.
5131 -@@ -437,6 +442,7 @@ static int __fill_vb2_buffer(struct vb2_buffer *vb,
5132 - }
5133 -
5134 - static const struct vb2_buf_ops v4l2_buf_ops = {
5135 -+ .verify_planes_array = __verify_planes_array_core,
5136 - .fill_user_buffer = __fill_v4l2_buffer,
5137 - .fill_vb2_buffer = __fill_vb2_buffer,
5138 - .copy_timestamp = __copy_timestamp,
5139 -diff --git a/drivers/mfd/qcom_rpm.c b/drivers/mfd/qcom_rpm.c
5140 -index 1be47ad..880d469 100644
5141 ---- a/drivers/mfd/qcom_rpm.c
5142 -+++ b/drivers/mfd/qcom_rpm.c
5143 -@@ -34,7 +34,13 @@ struct qcom_rpm_resource {
5144 - struct qcom_rpm_data {
5145 - u32 version;
5146 - const struct qcom_rpm_resource *resource_table;
5147 -- unsigned n_resources;
5148 -+ unsigned int n_resources;
5149 -+ unsigned int req_ctx_off;
5150 -+ unsigned int req_sel_off;
5151 -+ unsigned int ack_ctx_off;
5152 -+ unsigned int ack_sel_off;
5153 -+ unsigned int req_sel_size;
5154 -+ unsigned int ack_sel_size;
5155 - };
5156 -
5157 - struct qcom_rpm {
5158 -@@ -61,11 +67,7 @@ struct qcom_rpm {
5159 -
5160 - #define RPM_REQUEST_TIMEOUT (5 * HZ)
5161 -
5162 --#define RPM_REQUEST_CONTEXT 3
5163 --#define RPM_REQ_SELECT 11
5164 --#define RPM_ACK_CONTEXT 15
5165 --#define RPM_ACK_SELECTOR 23
5166 --#define RPM_SELECT_SIZE 7
5167 -+#define RPM_MAX_SEL_SIZE 7
5168 -
5169 - #define RPM_NOTIFICATION BIT(30)
5170 - #define RPM_REJECTED BIT(31)
5171 -@@ -157,6 +159,12 @@ static const struct qcom_rpm_data apq8064_template = {
5172 - .version = 3,
5173 - .resource_table = apq8064_rpm_resource_table,
5174 - .n_resources = ARRAY_SIZE(apq8064_rpm_resource_table),
5175 -+ .req_ctx_off = 3,
5176 -+ .req_sel_off = 11,
5177 -+ .ack_ctx_off = 15,
5178 -+ .ack_sel_off = 23,
5179 -+ .req_sel_size = 4,
5180 -+ .ack_sel_size = 7,
5181 - };
5182 -
5183 - static const struct qcom_rpm_resource msm8660_rpm_resource_table[] = {
5184 -@@ -240,6 +248,12 @@ static const struct qcom_rpm_data msm8660_template = {
5185 - .version = 2,
5186 - .resource_table = msm8660_rpm_resource_table,
5187 - .n_resources = ARRAY_SIZE(msm8660_rpm_resource_table),
5188 -+ .req_ctx_off = 3,
5189 -+ .req_sel_off = 11,
5190 -+ .ack_ctx_off = 19,
5191 -+ .ack_sel_off = 27,
5192 -+ .req_sel_size = 7,
5193 -+ .ack_sel_size = 7,
5194 - };
5195 -
5196 - static const struct qcom_rpm_resource msm8960_rpm_resource_table[] = {
5197 -@@ -322,6 +336,12 @@ static const struct qcom_rpm_data msm8960_template = {
5198 - .version = 3,
5199 - .resource_table = msm8960_rpm_resource_table,
5200 - .n_resources = ARRAY_SIZE(msm8960_rpm_resource_table),
5201 -+ .req_ctx_off = 3,
5202 -+ .req_sel_off = 11,
5203 -+ .ack_ctx_off = 15,
5204 -+ .ack_sel_off = 23,
5205 -+ .req_sel_size = 4,
5206 -+ .ack_sel_size = 7,
5207 - };
5208 -
5209 - static const struct qcom_rpm_resource ipq806x_rpm_resource_table[] = {
5210 -@@ -362,6 +382,12 @@ static const struct qcom_rpm_data ipq806x_template = {
5211 - .version = 3,
5212 - .resource_table = ipq806x_rpm_resource_table,
5213 - .n_resources = ARRAY_SIZE(ipq806x_rpm_resource_table),
5214 -+ .req_ctx_off = 3,
5215 -+ .req_sel_off = 11,
5216 -+ .ack_ctx_off = 15,
5217 -+ .ack_sel_off = 23,
5218 -+ .req_sel_size = 4,
5219 -+ .ack_sel_size = 7,
5220 - };
5221 -
5222 - static const struct of_device_id qcom_rpm_of_match[] = {
5223 -@@ -380,7 +406,7 @@ int qcom_rpm_write(struct qcom_rpm *rpm,
5224 - {
5225 - const struct qcom_rpm_resource *res;
5226 - const struct qcom_rpm_data *data = rpm->data;
5227 -- u32 sel_mask[RPM_SELECT_SIZE] = { 0 };
5228 -+ u32 sel_mask[RPM_MAX_SEL_SIZE] = { 0 };
5229 - int left;
5230 - int ret = 0;
5231 - int i;
5232 -@@ -398,12 +424,12 @@ int qcom_rpm_write(struct qcom_rpm *rpm,
5233 - writel_relaxed(buf[i], RPM_REQ_REG(rpm, res->target_id + i));
5234 -
5235 - bitmap_set((unsigned long *)sel_mask, res->select_id, 1);
5236 -- for (i = 0; i < ARRAY_SIZE(sel_mask); i++) {
5237 -+ for (i = 0; i < rpm->data->req_sel_size; i++) {
5238 - writel_relaxed(sel_mask[i],
5239 -- RPM_CTRL_REG(rpm, RPM_REQ_SELECT + i));
5240 -+ RPM_CTRL_REG(rpm, rpm->data->req_sel_off + i));
5241 - }
5242 -
5243 -- writel_relaxed(BIT(state), RPM_CTRL_REG(rpm, RPM_REQUEST_CONTEXT));
5244 -+ writel_relaxed(BIT(state), RPM_CTRL_REG(rpm, rpm->data->req_ctx_off));
5245 -
5246 - reinit_completion(&rpm->ack);
5247 - regmap_write(rpm->ipc_regmap, rpm->ipc_offset, BIT(rpm->ipc_bit));
5248 -@@ -426,10 +452,11 @@ static irqreturn_t qcom_rpm_ack_interrupt(int irq, void *dev)
5249 - u32 ack;
5250 - int i;
5251 -
5252 -- ack = readl_relaxed(RPM_CTRL_REG(rpm, RPM_ACK_CONTEXT));
5253 -- for (i = 0; i < RPM_SELECT_SIZE; i++)
5254 -- writel_relaxed(0, RPM_CTRL_REG(rpm, RPM_ACK_SELECTOR + i));
5255 -- writel(0, RPM_CTRL_REG(rpm, RPM_ACK_CONTEXT));
5256 -+ ack = readl_relaxed(RPM_CTRL_REG(rpm, rpm->data->ack_ctx_off));
5257 -+ for (i = 0; i < rpm->data->ack_sel_size; i++)
5258 -+ writel_relaxed(0,
5259 -+ RPM_CTRL_REG(rpm, rpm->data->ack_sel_off + i));
5260 -+ writel(0, RPM_CTRL_REG(rpm, rpm->data->ack_ctx_off));
5261 -
5262 - if (ack & RPM_NOTIFICATION) {
5263 - dev_warn(rpm->dev, "ignoring notification!\n");
5264 -diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
5265 -index 0b0dc29..77533f7 100644
5266 ---- a/drivers/mtd/nand/nand_base.c
5267 -+++ b/drivers/mtd/nand/nand_base.c
5268 -@@ -2610,7 +2610,7 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to,
5269 - int cached = writelen > bytes && page != blockmask;
5270 - uint8_t *wbuf = buf;
5271 - int use_bufpoi;
5272 -- int part_pagewr = (column || writelen < (mtd->writesize - 1));
5273 -+ int part_pagewr = (column || writelen < mtd->writesize);
5274 -
5275 - if (part_pagewr)
5276 - use_bufpoi = 1;
5277 -diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
5278 -index ef36182..0680516 100644
5279 ---- a/drivers/mtd/ubi/build.c
5280 -+++ b/drivers/mtd/ubi/build.c
5281 -@@ -874,7 +874,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
5282 - for (i = 0; i < UBI_MAX_DEVICES; i++) {
5283 - ubi = ubi_devices[i];
5284 - if (ubi && mtd->index == ubi->mtd->index) {
5285 -- ubi_err(ubi, "mtd%d is already attached to ubi%d",
5286 -+ pr_err("ubi: mtd%d is already attached to ubi%d",
5287 - mtd->index, i);
5288 - return -EEXIST;
5289 - }
5290 -@@ -889,7 +889,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
5291 - * no sense to attach emulated MTD devices, so we prohibit this.
5292 - */
5293 - if (mtd->type == MTD_UBIVOLUME) {
5294 -- ubi_err(ubi, "refuse attaching mtd%d - it is already emulated on top of UBI",
5295 -+ pr_err("ubi: refuse attaching mtd%d - it is already emulated on top of UBI",
5296 - mtd->index);
5297 - return -EINVAL;
5298 - }
5299 -@@ -900,7 +900,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
5300 - if (!ubi_devices[ubi_num])
5301 - break;
5302 - if (ubi_num == UBI_MAX_DEVICES) {
5303 -- ubi_err(ubi, "only %d UBI devices may be created",
5304 -+ pr_err("ubi: only %d UBI devices may be created",
5305 - UBI_MAX_DEVICES);
5306 - return -ENFILE;
5307 - }
5308 -@@ -910,7 +910,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
5309 -
5310 - /* Make sure ubi_num is not busy */
5311 - if (ubi_devices[ubi_num]) {
5312 -- ubi_err(ubi, "already exists");
5313 -+ pr_err("ubi: ubi%i already exists", ubi_num);
5314 - return -EEXIST;
5315 - }
5316 - }
5317 -@@ -992,6 +992,9 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
5318 - goto out_detach;
5319 - }
5320 -
5321 -+ /* Make device "available" before it becomes accessible via sysfs */
5322 -+ ubi_devices[ubi_num] = ubi;
5323 -+
5324 - err = uif_init(ubi, &ref);
5325 - if (err)
5326 - goto out_detach;
5327 -@@ -1036,7 +1039,6 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num,
5328 - wake_up_process(ubi->bgt_thread);
5329 - spin_unlock(&ubi->wl_lock);
5330 -
5331 -- ubi_devices[ubi_num] = ubi;
5332 - ubi_notify_all(ubi, UBI_VOLUME_ADDED, NULL);
5333 - return ubi_num;
5334 -
5335 -@@ -1047,6 +1049,7 @@ out_uif:
5336 - ubi_assert(ref);
5337 - uif_close(ubi);
5338 - out_detach:
5339 -+ ubi_devices[ubi_num] = NULL;
5340 - ubi_wl_close(ubi);
5341 - ubi_free_internal_volumes(ubi);
5342 - vfree(ubi->vtbl);
5343 -diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
5344 -index 10059df..0138f52 100644
5345 ---- a/drivers/mtd/ubi/vmt.c
5346 -+++ b/drivers/mtd/ubi/vmt.c
5347 -@@ -488,13 +488,6 @@ int ubi_resize_volume(struct ubi_volume_desc *desc, int reserved_pebs)
5348 - spin_unlock(&ubi->volumes_lock);
5349 - }
5350 -
5351 -- /* Change volume table record */
5352 -- vtbl_rec = ubi->vtbl[vol_id];
5353 -- vtbl_rec.reserved_pebs = cpu_to_be32(reserved_pebs);
5354 -- err = ubi_change_vtbl_record(ubi, vol_id, &vtbl_rec);
5355 -- if (err)
5356 -- goto out_acc;
5357 --
5358 - if (pebs < 0) {
5359 - for (i = 0; i < -pebs; i++) {
5360 - err = ubi_eba_unmap_leb(ubi, vol, reserved_pebs + i);
5361 -@@ -512,6 +505,24 @@ int ubi_resize_volume(struct ubi_volume_desc *desc, int reserved_pebs)
5362 - spin_unlock(&ubi->volumes_lock);
5363 - }
5364 -
5365 -+ /*
5366 -+ * When we shrink a volume we have to flush all pending (erase) work.
5367 -+ * Otherwise it can happen that upon next attach UBI finds a LEB with
5368 -+ * lnum > highest_lnum and refuses to attach.
5369 -+ */
5370 -+ if (pebs < 0) {
5371 -+ err = ubi_wl_flush(ubi, vol_id, UBI_ALL);
5372 -+ if (err)
5373 -+ goto out_acc;
5374 -+ }
5375 -+
5376 -+ /* Change volume table record */
5377 -+ vtbl_rec = ubi->vtbl[vol_id];
5378 -+ vtbl_rec.reserved_pebs = cpu_to_be32(reserved_pebs);
5379 -+ err = ubi_change_vtbl_record(ubi, vol_id, &vtbl_rec);
5380 -+ if (err)
5381 -+ goto out_acc;
5382 -+
5383 - vol->reserved_pebs = reserved_pebs;
5384 - if (vol->vol_type == UBI_DYNAMIC_VOLUME) {
5385 - vol->used_ebs = reserved_pebs;
5386 -diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
5387 -index 5b30922..2ce3199 100644
5388 ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
5389 -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
5390 -@@ -2469,10 +2469,22 @@ void brcmf_fws_bustxfail(struct brcmf_fws_info *fws, struct sk_buff *skb)
5391 - void brcmf_fws_bus_blocked(struct brcmf_pub *drvr, bool flow_blocked)
5392 - {
5393 - struct brcmf_fws_info *fws = drvr->fws;
5394 -+ struct brcmf_if *ifp;
5395 -+ int i;
5396 -
5397 -- fws->bus_flow_blocked = flow_blocked;
5398 -- if (!flow_blocked)
5399 -- brcmf_fws_schedule_deq(fws);
5400 -- else
5401 -- fws->stats.bus_flow_block++;
5402 -+ if (fws->avoid_queueing) {
5403 -+ for (i = 0; i < BRCMF_MAX_IFS; i++) {
5404 -+ ifp = drvr->iflist[i];
5405 -+ if (!ifp || !ifp->ndev)
5406 -+ continue;
5407 -+ brcmf_txflowblock_if(ifp, BRCMF_NETIF_STOP_REASON_FLOW,
5408 -+ flow_blocked);
5409 -+ }
5410 -+ } else {
5411 -+ fws->bus_flow_blocked = flow_blocked;
5412 -+ if (!flow_blocked)
5413 -+ brcmf_fws_schedule_deq(fws);
5414 -+ else
5415 -+ fws->stats.bus_flow_block++;
5416 -+ }
5417 - }
5418 -diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
5419 -index a588b05..6f020e4 100644
5420 ---- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
5421 -+++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
5422 -@@ -433,6 +433,7 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
5423 - /* 8000 Series */
5424 - {IWL_PCI_DEVICE(0x24F3, 0x0010, iwl8260_2ac_cfg)},
5425 - {IWL_PCI_DEVICE(0x24F3, 0x1010, iwl8260_2ac_cfg)},
5426 -+ {IWL_PCI_DEVICE(0x24F3, 0x10B0, iwl8260_2ac_cfg)},
5427 - {IWL_PCI_DEVICE(0x24F3, 0x0130, iwl8260_2ac_cfg)},
5428 - {IWL_PCI_DEVICE(0x24F3, 0x1130, iwl8260_2ac_cfg)},
5429 - {IWL_PCI_DEVICE(0x24F3, 0x0132, iwl8260_2ac_cfg)},
5430 -@@ -454,6 +455,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
5431 - {IWL_PCI_DEVICE(0x24F3, 0xD010, iwl8260_2ac_cfg)},
5432 - {IWL_PCI_DEVICE(0x24F3, 0xC050, iwl8260_2ac_cfg)},
5433 - {IWL_PCI_DEVICE(0x24F3, 0xD050, iwl8260_2ac_cfg)},
5434 -+ {IWL_PCI_DEVICE(0x24F3, 0xD0B0, iwl8260_2ac_cfg)},
5435 -+ {IWL_PCI_DEVICE(0x24F3, 0xB0B0, iwl8260_2ac_cfg)},
5436 - {IWL_PCI_DEVICE(0x24F3, 0x8010, iwl8260_2ac_cfg)},
5437 - {IWL_PCI_DEVICE(0x24F3, 0x8110, iwl8260_2ac_cfg)},
5438 - {IWL_PCI_DEVICE(0x24F3, 0x9010, iwl8260_2ac_cfg)},
5439 -@@ -481,6 +484,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
5440 - {IWL_PCI_DEVICE(0x24FD, 0x0010, iwl8265_2ac_cfg)},
5441 - {IWL_PCI_DEVICE(0x24FD, 0x0110, iwl8265_2ac_cfg)},
5442 - {IWL_PCI_DEVICE(0x24FD, 0x1110, iwl8265_2ac_cfg)},
5443 -+ {IWL_PCI_DEVICE(0x24FD, 0x1130, iwl8265_2ac_cfg)},
5444 -+ {IWL_PCI_DEVICE(0x24FD, 0x0130, iwl8265_2ac_cfg)},
5445 - {IWL_PCI_DEVICE(0x24FD, 0x1010, iwl8265_2ac_cfg)},
5446 - {IWL_PCI_DEVICE(0x24FD, 0x0050, iwl8265_2ac_cfg)},
5447 - {IWL_PCI_DEVICE(0x24FD, 0x0150, iwl8265_2ac_cfg)},
5448 -@@ -491,6 +496,10 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
5449 - {IWL_PCI_DEVICE(0x24FD, 0x0810, iwl8265_2ac_cfg)},
5450 - {IWL_PCI_DEVICE(0x24FD, 0x9110, iwl8265_2ac_cfg)},
5451 - {IWL_PCI_DEVICE(0x24FD, 0x8130, iwl8265_2ac_cfg)},
5452 -+ {IWL_PCI_DEVICE(0x24FD, 0x0910, iwl8265_2ac_cfg)},
5453 -+ {IWL_PCI_DEVICE(0x24FD, 0x0930, iwl8265_2ac_cfg)},
5454 -+ {IWL_PCI_DEVICE(0x24FD, 0x0950, iwl8265_2ac_cfg)},
5455 -+ {IWL_PCI_DEVICE(0x24FD, 0x0850, iwl8265_2ac_cfg)},
5456 -
5457 - /* 9000 Series */
5458 - {IWL_PCI_DEVICE(0x2526, 0x0000, iwl9260_2ac_cfg)},
5459 -diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
5460 -index de6974f..2d8cce2 100644
5461 ---- a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
5462 -+++ b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
5463 -@@ -496,7 +496,7 @@ void iwl_pcie_dump_csr(struct iwl_trans *trans);
5464 - /*****************************************************
5465 - * Helpers
5466 - ******************************************************/
5467 --static inline void iwl_disable_interrupts(struct iwl_trans *trans)
5468 -+static inline void _iwl_disable_interrupts(struct iwl_trans *trans)
5469 - {
5470 - struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
5471 -
5472 -@@ -519,7 +519,16 @@ static inline void iwl_disable_interrupts(struct iwl_trans *trans)
5473 - IWL_DEBUG_ISR(trans, "Disabled interrupts\n");
5474 - }
5475 -
5476 --static inline void iwl_enable_interrupts(struct iwl_trans *trans)
5477 -+static inline void iwl_disable_interrupts(struct iwl_trans *trans)
5478 -+{
5479 -+ struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
5480 -+
5481 -+ spin_lock(&trans_pcie->irq_lock);
5482 -+ _iwl_disable_interrupts(trans);
5483 -+ spin_unlock(&trans_pcie->irq_lock);
5484 -+}
5485 -+
5486 -+static inline void _iwl_enable_interrupts(struct iwl_trans *trans)
5487 - {
5488 - struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
5489 -
5490 -@@ -542,6 +551,14 @@ static inline void iwl_enable_interrupts(struct iwl_trans *trans)
5491 - }
5492 - }
5493 -
5494 -+static inline void iwl_enable_interrupts(struct iwl_trans *trans)
5495 -+{
5496 -+ struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
5497 -+
5498 -+ spin_lock(&trans_pcie->irq_lock);
5499 -+ _iwl_enable_interrupts(trans);
5500 -+ spin_unlock(&trans_pcie->irq_lock);
5501 -+}
5502 - static inline void iwl_enable_hw_int_msk_msix(struct iwl_trans *trans, u32 msk)
5503 - {
5504 - struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
5505 -diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
5506 -index 0a4a3c5..aaaf2ad 100644
5507 ---- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
5508 -+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
5509 -@@ -1507,7 +1507,7 @@ irqreturn_t iwl_pcie_irq_handler(int irq, void *dev_id)
5510 - * have anything to service
5511 - */
5512 - if (test_bit(STATUS_INT_ENABLED, &trans->status))
5513 -- iwl_enable_interrupts(trans);
5514 -+ _iwl_enable_interrupts(trans);
5515 - spin_unlock(&trans_pcie->irq_lock);
5516 - lock_map_release(&trans->sync_cmd_lockdep_map);
5517 - return IRQ_NONE;
5518 -@@ -1699,15 +1699,17 @@ irqreturn_t iwl_pcie_irq_handler(int irq, void *dev_id)
5519 - inta & ~trans_pcie->inta_mask);
5520 - }
5521 -
5522 -+ spin_lock(&trans_pcie->irq_lock);
5523 -+ /* only Re-enable all interrupt if disabled by irq */
5524 -+ if (test_bit(STATUS_INT_ENABLED, &trans->status))
5525 -+ _iwl_enable_interrupts(trans);
5526 - /* we are loading the firmware, enable FH_TX interrupt only */
5527 -- if (handled & CSR_INT_BIT_FH_TX)
5528 -+ else if (handled & CSR_INT_BIT_FH_TX)
5529 - iwl_enable_fw_load_int(trans);
5530 -- /* only Re-enable all interrupt if disabled by irq */
5531 -- else if (test_bit(STATUS_INT_ENABLED, &trans->status))
5532 -- iwl_enable_interrupts(trans);
5533 - /* Re-enable RF_KILL if it occurred */
5534 - else if (handled & CSR_INT_BIT_RF_KILL)
5535 - iwl_enable_rfkill_int(trans);
5536 -+ spin_unlock(&trans_pcie->irq_lock);
5537 -
5538 - out:
5539 - lock_map_release(&trans->sync_cmd_lockdep_map);
5540 -@@ -1771,7 +1773,7 @@ void iwl_pcie_reset_ict(struct iwl_trans *trans)
5541 - return;
5542 -
5543 - spin_lock(&trans_pcie->irq_lock);
5544 -- iwl_disable_interrupts(trans);
5545 -+ _iwl_disable_interrupts(trans);
5546 -
5547 - memset(trans_pcie->ict_tbl, 0, ICT_SIZE);
5548 -
5549 -@@ -1787,7 +1789,7 @@ void iwl_pcie_reset_ict(struct iwl_trans *trans)
5550 - trans_pcie->use_ict = true;
5551 - trans_pcie->ict_index = 0;
5552 - iwl_write32(trans, CSR_INT, trans_pcie->inta_mask);
5553 -- iwl_enable_interrupts(trans);
5554 -+ _iwl_enable_interrupts(trans);
5555 - spin_unlock(&trans_pcie->irq_lock);
5556 - }
5557 -
5558 -diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
5559 -index f603d78..d9f1394 100644
5560 ---- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
5561 -+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
5562 -@@ -801,6 +801,8 @@ static int iwl_pcie_load_cpu_sections_8000(struct iwl_trans *trans,
5563 -
5564 - *first_ucode_section = last_read_idx;
5565 -
5566 -+ iwl_enable_interrupts(trans);
5567 -+
5568 - if (cpu == 1)
5569 - iwl_write_direct32(trans, FH_UCODE_LOAD_STATUS, 0xFFFF);
5570 - else
5571 -@@ -980,6 +982,8 @@ static int iwl_pcie_load_given_ucode(struct iwl_trans *trans,
5572 - iwl_pcie_apply_destination(trans);
5573 - }
5574 -
5575 -+ iwl_enable_interrupts(trans);
5576 -+
5577 - /* release CPU reset */
5578 - iwl_write32(trans, CSR_RESET, 0);
5579 -
5580 -@@ -1033,9 +1037,7 @@ static void _iwl_trans_pcie_stop_device(struct iwl_trans *trans, bool low_power)
5581 - was_hw_rfkill = iwl_is_rfkill_set(trans);
5582 -
5583 - /* tell the device to stop sending interrupts */
5584 -- spin_lock(&trans_pcie->irq_lock);
5585 - iwl_disable_interrupts(trans);
5586 -- spin_unlock(&trans_pcie->irq_lock);
5587 -
5588 - /* device going down, Stop using ICT table */
5589 - iwl_pcie_disable_ict(trans);
5590 -@@ -1079,9 +1081,7 @@ static void _iwl_trans_pcie_stop_device(struct iwl_trans *trans, bool low_power)
5591 - * the time, unless the interrupt is ACKed even if the interrupt
5592 - * should be masked. Re-ACK all the interrupts here.
5593 - */
5594 -- spin_lock(&trans_pcie->irq_lock);
5595 - iwl_disable_interrupts(trans);
5596 -- spin_unlock(&trans_pcie->irq_lock);
5597 -
5598 - /* clear all status bits */
5599 - clear_bit(STATUS_SYNC_HCMD_ACTIVE, &trans->status);
5600 -@@ -1215,7 +1215,6 @@ static int iwl_trans_pcie_start_fw(struct iwl_trans *trans,
5601 - ret = iwl_pcie_load_given_ucode_8000(trans, fw);
5602 - else
5603 - ret = iwl_pcie_load_given_ucode(trans, fw);
5604 -- iwl_enable_interrupts(trans);
5605 -
5606 - /* re-check RF-Kill state since we may have missed the interrupt */
5607 - hw_rfkill = iwl_is_rfkill_set(trans);
5608 -@@ -1567,15 +1566,11 @@ static void iwl_trans_pcie_op_mode_leave(struct iwl_trans *trans)
5609 - mutex_lock(&trans_pcie->mutex);
5610 -
5611 - /* disable interrupts - don't enable HW RF kill interrupt */
5612 -- spin_lock(&trans_pcie->irq_lock);
5613 - iwl_disable_interrupts(trans);
5614 -- spin_unlock(&trans_pcie->irq_lock);
5615 -
5616 - iwl_pcie_apm_stop(trans, true);
5617 -
5618 -- spin_lock(&trans_pcie->irq_lock);
5619 - iwl_disable_interrupts(trans);
5620 -- spin_unlock(&trans_pcie->irq_lock);
5621 -
5622 - iwl_pcie_disable_ict(trans);
5623 -
5624 -diff --git a/drivers/of/base.c b/drivers/of/base.c
5625 -index ebf84e3..8bb3d1a 100644
5626 ---- a/drivers/of/base.c
5627 -+++ b/drivers/of/base.c
5628 -@@ -112,6 +112,7 @@ static ssize_t of_node_property_read(struct file *filp, struct kobject *kobj,
5629 - return memory_read_from_buffer(buf, count, &offset, pp->value, pp->length);
5630 - }
5631 -
5632 -+/* always return newly allocated name, caller must free after use */
5633 - static const char *safe_name(struct kobject *kobj, const char *orig_name)
5634 - {
5635 - const char *name = orig_name;
5636 -@@ -126,9 +127,12 @@ static const char *safe_name(struct kobject *kobj, const char *orig_name)
5637 - name = kasprintf(GFP_KERNEL, "%s#%i", orig_name, ++i);
5638 - }
5639 -
5640 -- if (name != orig_name)
5641 -+ if (name == orig_name) {
5642 -+ name = kstrdup(orig_name, GFP_KERNEL);
5643 -+ } else {
5644 - pr_warn("device-tree: Duplicate name in %s, renamed to \"%s\"\n",
5645 - kobject_name(kobj), name);
5646 -+ }
5647 - return name;
5648 - }
5649 -
5650 -@@ -159,6 +163,7 @@ int __of_add_property_sysfs(struct device_node *np, struct property *pp)
5651 - int __of_attach_node_sysfs(struct device_node *np)
5652 - {
5653 - const char *name;
5654 -+ struct kobject *parent;
5655 - struct property *pp;
5656 - int rc;
5657 -
5658 -@@ -171,15 +176,16 @@ int __of_attach_node_sysfs(struct device_node *np)
5659 - np->kobj.kset = of_kset;
5660 - if (!np->parent) {
5661 - /* Nodes without parents are new top level trees */
5662 -- rc = kobject_add(&np->kobj, NULL, "%s",
5663 -- safe_name(&of_kset->kobj, "base"));
5664 -+ name = safe_name(&of_kset->kobj, "base");
5665 -+ parent = NULL;
5666 - } else {
5667 - name = safe_name(&np->parent->kobj, kbasename(np->full_name));
5668 -- if (!name || !name[0])
5669 -- return -EINVAL;
5670 --
5671 -- rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
5672 -+ parent = &np->parent->kobj;
5673 - }
5674 -+ if (!name)
5675 -+ return -ENOMEM;
5676 -+ rc = kobject_add(&np->kobj, parent, "%s", name);
5677 -+ kfree(name);
5678 - if (rc)
5679 - return rc;
5680 -
5681 -@@ -1815,6 +1821,12 @@ int __of_remove_property(struct device_node *np, struct property *prop)
5682 - return 0;
5683 - }
5684 -
5685 -+void __of_sysfs_remove_bin_file(struct device_node *np, struct property *prop)
5686 -+{
5687 -+ sysfs_remove_bin_file(&np->kobj, &prop->attr);
5688 -+ kfree(prop->attr.attr.name);
5689 -+}
5690 -+
5691 - void __of_remove_property_sysfs(struct device_node *np, struct property *prop)
5692 - {
5693 - if (!IS_ENABLED(CONFIG_SYSFS))
5694 -@@ -1822,7 +1834,7 @@ void __of_remove_property_sysfs(struct device_node *np, struct property *prop)
5695 -
5696 - /* at early boot, bail here and defer setup to of_init() */
5697 - if (of_kset && of_node_is_attached(np))
5698 -- sysfs_remove_bin_file(&np->kobj, &prop->attr);
5699 -+ __of_sysfs_remove_bin_file(np, prop);
5700 - }
5701 -
5702 - /**
5703 -@@ -1895,7 +1907,7 @@ void __of_update_property_sysfs(struct device_node *np, struct property *newprop
5704 - return;
5705 -
5706 - if (oldprop)
5707 -- sysfs_remove_bin_file(&np->kobj, &oldprop->attr);
5708 -+ __of_sysfs_remove_bin_file(np, oldprop);
5709 - __of_add_property_sysfs(np, newprop);
5710 - }
5711 -
5712 -diff --git a/drivers/of/dynamic.c b/drivers/of/dynamic.c
5713 -index 3033fa3..a201559 100644
5714 ---- a/drivers/of/dynamic.c
5715 -+++ b/drivers/of/dynamic.c
5716 -@@ -55,7 +55,7 @@ void __of_detach_node_sysfs(struct device_node *np)
5717 - /* only remove properties if on sysfs */
5718 - if (of_node_is_attached(np)) {
5719 - for_each_property_of_node(np, pp)
5720 -- sysfs_remove_bin_file(&np->kobj, &pp->attr);
5721 -+ __of_sysfs_remove_bin_file(np, pp);
5722 - kobject_del(&np->kobj);
5723 - }
5724 -
5725 -diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
5726 -index 829469f..18bbb451 100644
5727 ---- a/drivers/of/of_private.h
5728 -+++ b/drivers/of/of_private.h
5729 -@@ -83,6 +83,9 @@ extern int __of_attach_node_sysfs(struct device_node *np);
5730 - extern void __of_detach_node(struct device_node *np);
5731 - extern void __of_detach_node_sysfs(struct device_node *np);
5732 -
5733 -+extern void __of_sysfs_remove_bin_file(struct device_node *np,
5734 -+ struct property *prop);
5735 -+
5736 - /* iterators for transactions, used for overlays */
5737 - /* forward iterator */
5738 - #define for_each_transaction_entry(_oft, _te) \
5739 -diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
5740 -index ee72ebe..7902fbf 100644
5741 ---- a/drivers/pci/quirks.c
5742 -+++ b/drivers/pci/quirks.c
5743 -@@ -3189,13 +3189,15 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
5744 - }
5745 -
5746 - /*
5747 -- * Atheros AR93xx chips do not behave after a bus reset. The device will
5748 -- * throw a Link Down error on AER-capable systems and regardless of AER,
5749 -- * config space of the device is never accessible again and typically
5750 -- * causes the system to hang or reset when access is attempted.
5751 -+ * Some Atheros AR9xxx and QCA988x chips do not behave after a bus reset.
5752 -+ * The device will throw a Link Down error on AER-capable systems and
5753 -+ * regardless of AER, config space of the device is never accessible again
5754 -+ * and typically causes the system to hang or reset when access is attempted.
5755 - * http://www.spinics.net/lists/linux-pci/msg34797.html
5756 - */
5757 - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0030, quirk_no_bus_reset);
5758 -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x0032, quirk_no_bus_reset);
5759 -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATHEROS, 0x003c, quirk_no_bus_reset);
5760 -
5761 - static void quirk_no_pm_reset(struct pci_dev *dev)
5762 - {
5763 -diff --git a/drivers/phy/phy-rcar-gen3-usb2.c b/drivers/phy/phy-rcar-gen3-usb2.c
5764 -index 4be3f5d..31156c9 100644
5765 ---- a/drivers/phy/phy-rcar-gen3-usb2.c
5766 -+++ b/drivers/phy/phy-rcar-gen3-usb2.c
5767 -@@ -21,6 +21,7 @@
5768 - #include <linux/phy/phy.h>
5769 - #include <linux/platform_device.h>
5770 - #include <linux/regulator/consumer.h>
5771 -+#include <linux/workqueue.h>
5772 -
5773 - /******* USB2.0 Host registers (original offset is +0x200) *******/
5774 - #define USB2_INT_ENABLE 0x000
5775 -@@ -81,9 +82,25 @@ struct rcar_gen3_chan {
5776 - struct extcon_dev *extcon;
5777 - struct phy *phy;
5778 - struct regulator *vbus;
5779 -+ struct work_struct work;
5780 -+ bool extcon_host;
5781 - bool has_otg;
5782 - };
5783 -
5784 -+static void rcar_gen3_phy_usb2_work(struct work_struct *work)
5785 -+{
5786 -+ struct rcar_gen3_chan *ch = container_of(work, struct rcar_gen3_chan,
5787 -+ work);
5788 -+
5789 -+ if (ch->extcon_host) {
5790 -+ extcon_set_cable_state_(ch->extcon, EXTCON_USB_HOST, true);
5791 -+ extcon_set_cable_state_(ch->extcon, EXTCON_USB, false);
5792 -+ } else {
5793 -+ extcon_set_cable_state_(ch->extcon, EXTCON_USB_HOST, false);
5794 -+ extcon_set_cable_state_(ch->extcon, EXTCON_USB, true);
5795 -+ }
5796 -+}
5797 -+
5798 - static void rcar_gen3_set_host_mode(struct rcar_gen3_chan *ch, int host)
5799 - {
5800 - void __iomem *usb2_base = ch->base;
5801 -@@ -130,8 +147,8 @@ static void rcar_gen3_init_for_host(struct rcar_gen3_chan *ch)
5802 - rcar_gen3_set_host_mode(ch, 1);
5803 - rcar_gen3_enable_vbus_ctrl(ch, 1);
5804 -
5805 -- extcon_set_cable_state_(ch->extcon, EXTCON_USB_HOST, true);
5806 -- extcon_set_cable_state_(ch->extcon, EXTCON_USB, false);
5807 -+ ch->extcon_host = true;
5808 -+ schedule_work(&ch->work);
5809 - }
5810 -
5811 - static void rcar_gen3_init_for_peri(struct rcar_gen3_chan *ch)
5812 -@@ -140,8 +157,8 @@ static void rcar_gen3_init_for_peri(struct rcar_gen3_chan *ch)
5813 - rcar_gen3_set_host_mode(ch, 0);
5814 - rcar_gen3_enable_vbus_ctrl(ch, 0);
5815 -
5816 -- extcon_set_cable_state_(ch->extcon, EXTCON_USB_HOST, false);
5817 -- extcon_set_cable_state_(ch->extcon, EXTCON_USB, true);
5818 -+ ch->extcon_host = false;
5819 -+ schedule_work(&ch->work);
5820 - }
5821 -
5822 - static bool rcar_gen3_check_id(struct rcar_gen3_chan *ch)
5823 -@@ -301,6 +318,7 @@ static int rcar_gen3_phy_usb2_probe(struct platform_device *pdev)
5824 - if (irq >= 0) {
5825 - int ret;
5826 -
5827 -+ INIT_WORK(&channel->work, rcar_gen3_phy_usb2_work);
5828 - irq = devm_request_irq(dev, irq, rcar_gen3_phy_usb2_irq,
5829 - IRQF_SHARED, dev_name(dev), channel);
5830 - if (irq < 0)
5831 -diff --git a/drivers/pinctrl/intel/pinctrl-cherryview.c b/drivers/pinctrl/intel/pinctrl-cherryview.c
5832 -index ac4f564..bf65c94 100644
5833 ---- a/drivers/pinctrl/intel/pinctrl-cherryview.c
5834 -+++ b/drivers/pinctrl/intel/pinctrl-cherryview.c
5835 -@@ -160,7 +160,6 @@ struct chv_pin_context {
5836 - * @pctldev: Pointer to the pin controller device
5837 - * @chip: GPIO chip in this pin controller
5838 - * @regs: MMIO registers
5839 -- * @lock: Lock to serialize register accesses
5840 - * @intr_lines: Stores mapping between 16 HW interrupt wires and GPIO
5841 - * offset (in GPIO number space)
5842 - * @community: Community this pinctrl instance represents
5843 -@@ -174,7 +173,6 @@ struct chv_pinctrl {
5844 - struct pinctrl_dev *pctldev;
5845 - struct gpio_chip chip;
5846 - void __iomem *regs;
5847 -- raw_spinlock_t lock;
5848 - unsigned intr_lines[16];
5849 - const struct chv_community *community;
5850 - u32 saved_intmask;
5851 -@@ -657,6 +655,17 @@ static const struct chv_community *chv_communities[] = {
5852 - &southeast_community,
5853 - };
5854 -
5855 -+/*
5856 -+ * Lock to serialize register accesses
5857 -+ *
5858 -+ * Due to a silicon issue, a shared lock must be used to prevent
5859 -+ * concurrent accesses across the 4 GPIO controllers.
5860 -+ *
5861 -+ * See Intel Atom Z8000 Processor Series Specification Update (Rev. 005),
5862 -+ * errata #CHT34, for further information.
5863 -+ */
5864 -+static DEFINE_RAW_SPINLOCK(chv_lock);
5865 -+
5866 - static void __iomem *chv_padreg(struct chv_pinctrl *pctrl, unsigned offset,
5867 - unsigned reg)
5868 - {
5869 -@@ -718,13 +727,13 @@ static void chv_pin_dbg_show(struct pinctrl_dev *pctldev, struct seq_file *s,
5870 - u32 ctrl0, ctrl1;
5871 - bool locked;
5872 -
5873 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5874 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5875 -
5876 - ctrl0 = readl(chv_padreg(pctrl, offset, CHV_PADCTRL0));
5877 - ctrl1 = readl(chv_padreg(pctrl, offset, CHV_PADCTRL1));
5878 - locked = chv_pad_locked(pctrl, offset);
5879 -
5880 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5881 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5882 -
5883 - if (ctrl0 & CHV_PADCTRL0_GPIOEN) {
5884 - seq_puts(s, "GPIO ");
5885 -@@ -787,14 +796,14 @@ static int chv_pinmux_set_mux(struct pinctrl_dev *pctldev, unsigned function,
5886 -
5887 - grp = &pctrl->community->groups[group];
5888 -
5889 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5890 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5891 -
5892 - /* Check first that the pad is not locked */
5893 - for (i = 0; i < grp->npins; i++) {
5894 - if (chv_pad_locked(pctrl, grp->pins[i])) {
5895 - dev_warn(pctrl->dev, "unable to set mode for locked pin %u\n",
5896 - grp->pins[i]);
5897 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5898 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5899 - return -EBUSY;
5900 - }
5901 - }
5902 -@@ -837,7 +846,7 @@ static int chv_pinmux_set_mux(struct pinctrl_dev *pctldev, unsigned function,
5903 - pin, altfunc->mode, altfunc->invert_oe ? "" : "not ");
5904 - }
5905 -
5906 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5907 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5908 -
5909 - return 0;
5910 - }
5911 -@@ -851,13 +860,13 @@ static int chv_gpio_request_enable(struct pinctrl_dev *pctldev,
5912 - void __iomem *reg;
5913 - u32 value;
5914 -
5915 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5916 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5917 -
5918 - if (chv_pad_locked(pctrl, offset)) {
5919 - value = readl(chv_padreg(pctrl, offset, CHV_PADCTRL0));
5920 - if (!(value & CHV_PADCTRL0_GPIOEN)) {
5921 - /* Locked so cannot enable */
5922 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5923 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5924 - return -EBUSY;
5925 - }
5926 - } else {
5927 -@@ -897,7 +906,7 @@ static int chv_gpio_request_enable(struct pinctrl_dev *pctldev,
5928 - chv_writel(value, reg);
5929 - }
5930 -
5931 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5932 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5933 -
5934 - return 0;
5935 - }
5936 -@@ -911,13 +920,13 @@ static void chv_gpio_disable_free(struct pinctrl_dev *pctldev,
5937 - void __iomem *reg;
5938 - u32 value;
5939 -
5940 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5941 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5942 -
5943 - reg = chv_padreg(pctrl, offset, CHV_PADCTRL0);
5944 - value = readl(reg) & ~CHV_PADCTRL0_GPIOEN;
5945 - chv_writel(value, reg);
5946 -
5947 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5948 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5949 - }
5950 -
5951 - static int chv_gpio_set_direction(struct pinctrl_dev *pctldev,
5952 -@@ -929,7 +938,7 @@ static int chv_gpio_set_direction(struct pinctrl_dev *pctldev,
5953 - unsigned long flags;
5954 - u32 ctrl0;
5955 -
5956 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5957 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5958 -
5959 - ctrl0 = readl(reg) & ~CHV_PADCTRL0_GPIOCFG_MASK;
5960 - if (input)
5961 -@@ -938,7 +947,7 @@ static int chv_gpio_set_direction(struct pinctrl_dev *pctldev,
5962 - ctrl0 |= CHV_PADCTRL0_GPIOCFG_GPO << CHV_PADCTRL0_GPIOCFG_SHIFT;
5963 - chv_writel(ctrl0, reg);
5964 -
5965 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5966 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5967 -
5968 - return 0;
5969 - }
5970 -@@ -963,10 +972,10 @@ static int chv_config_get(struct pinctrl_dev *pctldev, unsigned pin,
5971 - u16 arg = 0;
5972 - u32 term;
5973 -
5974 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5975 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5976 - ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0));
5977 - ctrl1 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL1));
5978 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5979 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5980 -
5981 - term = (ctrl0 & CHV_PADCTRL0_TERM_MASK) >> CHV_PADCTRL0_TERM_SHIFT;
5982 -
5983 -@@ -1040,7 +1049,7 @@ static int chv_config_set_pull(struct chv_pinctrl *pctrl, unsigned pin,
5984 - unsigned long flags;
5985 - u32 ctrl0, pull;
5986 -
5987 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
5988 -+ raw_spin_lock_irqsave(&chv_lock, flags);
5989 - ctrl0 = readl(reg);
5990 -
5991 - switch (param) {
5992 -@@ -1063,7 +1072,7 @@ static int chv_config_set_pull(struct chv_pinctrl *pctrl, unsigned pin,
5993 - pull = CHV_PADCTRL0_TERM_20K << CHV_PADCTRL0_TERM_SHIFT;
5994 - break;
5995 - default:
5996 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
5997 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
5998 - return -EINVAL;
5999 - }
6000 -
6001 -@@ -1081,7 +1090,7 @@ static int chv_config_set_pull(struct chv_pinctrl *pctrl, unsigned pin,
6002 - pull = CHV_PADCTRL0_TERM_20K << CHV_PADCTRL0_TERM_SHIFT;
6003 - break;
6004 - default:
6005 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6006 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6007 - return -EINVAL;
6008 - }
6009 -
6010 -@@ -1089,12 +1098,12 @@ static int chv_config_set_pull(struct chv_pinctrl *pctrl, unsigned pin,
6011 - break;
6012 -
6013 - default:
6014 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6015 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6016 - return -EINVAL;
6017 - }
6018 -
6019 - chv_writel(ctrl0, reg);
6020 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6021 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6022 -
6023 - return 0;
6024 - }
6025 -@@ -1160,9 +1169,9 @@ static int chv_gpio_get(struct gpio_chip *chip, unsigned offset)
6026 - unsigned long flags;
6027 - u32 ctrl0, cfg;
6028 -
6029 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
6030 -+ raw_spin_lock_irqsave(&chv_lock, flags);
6031 - ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0));
6032 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6033 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6034 -
6035 - cfg = ctrl0 & CHV_PADCTRL0_GPIOCFG_MASK;
6036 - cfg >>= CHV_PADCTRL0_GPIOCFG_SHIFT;
6037 -@@ -1180,7 +1189,7 @@ static void chv_gpio_set(struct gpio_chip *chip, unsigned offset, int value)
6038 - void __iomem *reg;
6039 - u32 ctrl0;
6040 -
6041 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
6042 -+ raw_spin_lock_irqsave(&chv_lock, flags);
6043 -
6044 - reg = chv_padreg(pctrl, pin, CHV_PADCTRL0);
6045 - ctrl0 = readl(reg);
6046 -@@ -1192,7 +1201,7 @@ static void chv_gpio_set(struct gpio_chip *chip, unsigned offset, int value)
6047 -
6048 - chv_writel(ctrl0, reg);
6049 -
6050 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6051 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6052 - }
6053 -
6054 - static int chv_gpio_get_direction(struct gpio_chip *chip, unsigned offset)
6055 -@@ -1202,9 +1211,9 @@ static int chv_gpio_get_direction(struct gpio_chip *chip, unsigned offset)
6056 - u32 ctrl0, direction;
6057 - unsigned long flags;
6058 -
6059 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
6060 -+ raw_spin_lock_irqsave(&chv_lock, flags);
6061 - ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0));
6062 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6063 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6064 -
6065 - direction = ctrl0 & CHV_PADCTRL0_GPIOCFG_MASK;
6066 - direction >>= CHV_PADCTRL0_GPIOCFG_SHIFT;
6067 -@@ -1242,14 +1251,14 @@ static void chv_gpio_irq_ack(struct irq_data *d)
6068 - int pin = chv_gpio_offset_to_pin(pctrl, irqd_to_hwirq(d));
6069 - u32 intr_line;
6070 -
6071 -- raw_spin_lock(&pctrl->lock);
6072 -+ raw_spin_lock(&chv_lock);
6073 -
6074 - intr_line = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0));
6075 - intr_line &= CHV_PADCTRL0_INTSEL_MASK;
6076 - intr_line >>= CHV_PADCTRL0_INTSEL_SHIFT;
6077 - chv_writel(BIT(intr_line), pctrl->regs + CHV_INTSTAT);
6078 -
6079 -- raw_spin_unlock(&pctrl->lock);
6080 -+ raw_spin_unlock(&chv_lock);
6081 - }
6082 -
6083 - static void chv_gpio_irq_mask_unmask(struct irq_data *d, bool mask)
6084 -@@ -1260,7 +1269,7 @@ static void chv_gpio_irq_mask_unmask(struct irq_data *d, bool mask)
6085 - u32 value, intr_line;
6086 - unsigned long flags;
6087 -
6088 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
6089 -+ raw_spin_lock_irqsave(&chv_lock, flags);
6090 -
6091 - intr_line = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0));
6092 - intr_line &= CHV_PADCTRL0_INTSEL_MASK;
6093 -@@ -1273,7 +1282,7 @@ static void chv_gpio_irq_mask_unmask(struct irq_data *d, bool mask)
6094 - value |= BIT(intr_line);
6095 - chv_writel(value, pctrl->regs + CHV_INTMASK);
6096 -
6097 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6098 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6099 - }
6100 -
6101 - static void chv_gpio_irq_mask(struct irq_data *d)
6102 -@@ -1307,7 +1316,7 @@ static unsigned chv_gpio_irq_startup(struct irq_data *d)
6103 - unsigned long flags;
6104 - u32 intsel, value;
6105 -
6106 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
6107 -+ raw_spin_lock_irqsave(&chv_lock, flags);
6108 - intsel = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0));
6109 - intsel &= CHV_PADCTRL0_INTSEL_MASK;
6110 - intsel >>= CHV_PADCTRL0_INTSEL_SHIFT;
6111 -@@ -1322,7 +1331,7 @@ static unsigned chv_gpio_irq_startup(struct irq_data *d)
6112 - irq_set_handler_locked(d, handler);
6113 - pctrl->intr_lines[intsel] = offset;
6114 - }
6115 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6116 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6117 - }
6118 -
6119 - chv_gpio_irq_unmask(d);
6120 -@@ -1338,7 +1347,7 @@ static int chv_gpio_irq_type(struct irq_data *d, unsigned type)
6121 - unsigned long flags;
6122 - u32 value;
6123 -
6124 -- raw_spin_lock_irqsave(&pctrl->lock, flags);
6125 -+ raw_spin_lock_irqsave(&chv_lock, flags);
6126 -
6127 - /*
6128 - * Pins which can be used as shared interrupt are configured in
6129 -@@ -1387,7 +1396,7 @@ static int chv_gpio_irq_type(struct irq_data *d, unsigned type)
6130 - else if (type & IRQ_TYPE_LEVEL_MASK)
6131 - irq_set_handler_locked(d, handle_level_irq);
6132 -
6133 -- raw_spin_unlock_irqrestore(&pctrl->lock, flags);
6134 -+ raw_spin_unlock_irqrestore(&chv_lock, flags);
6135 -
6136 - return 0;
6137 - }
6138 -@@ -1499,7 +1508,6 @@ static int chv_pinctrl_probe(struct platform_device *pdev)
6139 - if (i == ARRAY_SIZE(chv_communities))
6140 - return -ENODEV;
6141 -
6142 -- raw_spin_lock_init(&pctrl->lock);
6143 - pctrl->dev = &pdev->dev;
6144 -
6145 - #ifdef CONFIG_PM_SLEEP
6146 -diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
6147 -index 6f145f2..96ffda4 100644
6148 ---- a/drivers/platform/x86/hp-wmi.c
6149 -+++ b/drivers/platform/x86/hp-wmi.c
6150 -@@ -718,6 +718,11 @@ static int __init hp_wmi_rfkill_setup(struct platform_device *device)
6151 - if (err)
6152 - return err;
6153 -
6154 -+ err = hp_wmi_perform_query(HPWMI_WIRELESS_QUERY, 1, &wireless,
6155 -+ sizeof(wireless), 0);
6156 -+ if (err)
6157 -+ return err;
6158 -+
6159 - if (wireless & 0x1) {
6160 - wifi_rfkill = rfkill_alloc("hp-wifi", &device->dev,
6161 - RFKILL_TYPE_WLAN,
6162 -@@ -882,7 +887,7 @@ static int __init hp_wmi_bios_setup(struct platform_device *device)
6163 - wwan_rfkill = NULL;
6164 - rfkill2_count = 0;
6165 -
6166 -- if (hp_wmi_bios_2009_later() || hp_wmi_rfkill_setup(device))
6167 -+ if (hp_wmi_rfkill_setup(device))
6168 - hp_wmi_rfkill2_setup(device);
6169 -
6170 - err = device_create_file(&device->dev, &dev_attr_display);
6171 -diff --git a/drivers/regulator/s2mps11.c b/drivers/regulator/s2mps11.c
6172 -index 02fb6b4..d838e77 100644
6173 ---- a/drivers/regulator/s2mps11.c
6174 -+++ b/drivers/regulator/s2mps11.c
6175 -@@ -750,7 +750,7 @@ static const struct regulator_linear_range s2mps15_ldo_voltage_ranges3[] = {
6176 -
6177 - /* voltage range for s2mps15 LDO 7, 8, 9 and 10 */
6178 - static const struct regulator_linear_range s2mps15_ldo_voltage_ranges4[] = {
6179 -- REGULATOR_LINEAR_RANGE(700000, 0xc, 0x18, 25000),
6180 -+ REGULATOR_LINEAR_RANGE(700000, 0x10, 0x20, 25000),
6181 - };
6182 -
6183 - /* voltage range for s2mps15 LDO 1 */
6184 -@@ -760,12 +760,12 @@ static const struct regulator_linear_range s2mps15_ldo_voltage_ranges5[] = {
6185 -
6186 - /* voltage range for s2mps15 BUCK 1, 2, 3, 4, 5, 6 and 7 */
6187 - static const struct regulator_linear_range s2mps15_buck_voltage_ranges1[] = {
6188 -- REGULATOR_LINEAR_RANGE(500000, 0x20, 0xb0, 6250),
6189 -+ REGULATOR_LINEAR_RANGE(500000, 0x20, 0xc0, 6250),
6190 - };
6191 -
6192 - /* voltage range for s2mps15 BUCK 8, 9 and 10 */
6193 - static const struct regulator_linear_range s2mps15_buck_voltage_ranges2[] = {
6194 -- REGULATOR_LINEAR_RANGE(1000000, 0x20, 0xc0, 12500),
6195 -+ REGULATOR_LINEAR_RANGE(1000000, 0x20, 0x78, 12500),
6196 - };
6197 -
6198 - static const struct regulator_desc s2mps15_regulators[] = {
6199 -diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
6200 -index db3958b..fe0539e 100644
6201 ---- a/drivers/remoteproc/remoteproc_core.c
6202 -+++ b/drivers/remoteproc/remoteproc_core.c
6203 -@@ -1264,11 +1264,6 @@ int rproc_add(struct rproc *rproc)
6204 - if (ret < 0)
6205 - return ret;
6206 -
6207 -- /* expose to rproc_get_by_phandle users */
6208 -- mutex_lock(&rproc_list_mutex);
6209 -- list_add(&rproc->node, &rproc_list);
6210 -- mutex_unlock(&rproc_list_mutex);
6211 --
6212 - dev_info(dev, "%s is available\n", rproc->name);
6213 -
6214 - dev_info(dev, "Note: remoteproc is still under development and considered experimental.\n");
6215 -@@ -1276,8 +1271,16 @@ int rproc_add(struct rproc *rproc)
6216 -
6217 - /* create debugfs entries */
6218 - rproc_create_debug_dir(rproc);
6219 -+ ret = rproc_add_virtio_devices(rproc);
6220 -+ if (ret < 0)
6221 -+ return ret;
6222 -
6223 -- return rproc_add_virtio_devices(rproc);
6224 -+ /* expose to rproc_get_by_phandle users */
6225 -+ mutex_lock(&rproc_list_mutex);
6226 -+ list_add(&rproc->node, &rproc_list);
6227 -+ mutex_unlock(&rproc_list_mutex);
6228 -+
6229 -+ return 0;
6230 - }
6231 - EXPORT_SYMBOL(rproc_add);
6232 -
6233 -diff --git a/drivers/rtc/rtc-s3c.c b/drivers/rtc/rtc-s3c.c
6234 -index d01ad7e..4e823c4 100644
6235 ---- a/drivers/rtc/rtc-s3c.c
6236 -+++ b/drivers/rtc/rtc-s3c.c
6237 -@@ -149,12 +149,14 @@ static int s3c_rtc_setfreq(struct s3c_rtc *info, int freq)
6238 - if (!is_power_of_2(freq))
6239 - return -EINVAL;
6240 -
6241 -+ s3c_rtc_enable_clk(info);
6242 - spin_lock_irq(&info->pie_lock);
6243 -
6244 - if (info->data->set_freq)
6245 - info->data->set_freq(info, freq);
6246 -
6247 - spin_unlock_irq(&info->pie_lock);
6248 -+ s3c_rtc_disable_clk(info);
6249 -
6250 - return 0;
6251 - }
6252 -diff --git a/drivers/s390/cio/cmf.c b/drivers/s390/cio/cmf.c
6253 -index b2afad5..2a34eb5 100644
6254 ---- a/drivers/s390/cio/cmf.c
6255 -+++ b/drivers/s390/cio/cmf.c
6256 -@@ -753,6 +753,17 @@ static void reset_cmb(struct ccw_device *cdev)
6257 - cmf_generic_reset(cdev);
6258 - }
6259 -
6260 -+static int cmf_enabled(struct ccw_device *cdev)
6261 -+{
6262 -+ int enabled;
6263 -+
6264 -+ spin_lock_irq(cdev->ccwlock);
6265 -+ enabled = !!cdev->private->cmb;
6266 -+ spin_unlock_irq(cdev->ccwlock);
6267 -+
6268 -+ return enabled;
6269 -+}
6270 -+
6271 - static struct attribute_group cmf_attr_group;
6272 -
6273 - static struct cmb_operations cmbops_basic = {
6274 -@@ -1153,13 +1164,8 @@ static ssize_t cmb_enable_show(struct device *dev,
6275 - char *buf)
6276 - {
6277 - struct ccw_device *cdev = to_ccwdev(dev);
6278 -- int enabled;
6279 -
6280 -- spin_lock_irq(cdev->ccwlock);
6281 -- enabled = !!cdev->private->cmb;
6282 -- spin_unlock_irq(cdev->ccwlock);
6283 --
6284 -- return sprintf(buf, "%d\n", enabled);
6285 -+ return sprintf(buf, "%d\n", cmf_enabled(cdev));
6286 - }
6287 -
6288 - static ssize_t cmb_enable_store(struct device *dev,
6289 -@@ -1199,15 +1205,20 @@ int ccw_set_cmf(struct ccw_device *cdev, int enable)
6290 - * @cdev: The ccw device to be enabled
6291 - *
6292 - * Returns %0 for success or a negative error value.
6293 -- *
6294 -+ * Note: If this is called on a device for which channel measurement is already
6295 -+ * enabled a reset of the measurement data is triggered.
6296 - * Context:
6297 - * non-atomic
6298 - */
6299 - int enable_cmf(struct ccw_device *cdev)
6300 - {
6301 -- int ret;
6302 -+ int ret = 0;
6303 -
6304 - device_lock(&cdev->dev);
6305 -+ if (cmf_enabled(cdev)) {
6306 -+ cmbops->reset(cdev);
6307 -+ goto out_unlock;
6308 -+ }
6309 - get_device(&cdev->dev);
6310 - ret = cmbops->alloc(cdev);
6311 - if (ret)
6312 -@@ -1226,7 +1237,7 @@ int enable_cmf(struct ccw_device *cdev)
6313 - out:
6314 - if (ret)
6315 - put_device(&cdev->dev);
6316 --
6317 -+out_unlock:
6318 - device_unlock(&cdev->dev);
6319 - return ret;
6320 - }
6321 -diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
6322 -index 3bd0be6..c7e5695 100644
6323 ---- a/drivers/scsi/lpfc/lpfc_scsi.c
6324 -+++ b/drivers/scsi/lpfc/lpfc_scsi.c
6325 -@@ -3874,7 +3874,7 @@ int lpfc_sli4_scmd_to_wqidx_distr(struct lpfc_hba *phba,
6326 - uint32_t tag;
6327 - uint16_t hwq;
6328 -
6329 -- if (shost_use_blk_mq(cmnd->device->host)) {
6330 -+ if (cmnd && shost_use_blk_mq(cmnd->device->host)) {
6331 - tag = blk_mq_unique_tag(cmnd->request);
6332 - hwq = blk_mq_unique_tag_to_hwq(tag);
6333 -
6334 -diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
6335 -index f4b0690..2dab3dc 100644
6336 ---- a/drivers/scsi/megaraid/megaraid_sas_base.c
6337 -+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
6338 -@@ -4079,6 +4079,12 @@ megasas_get_pd_list(struct megasas_instance *instance)
6339 - struct MR_PD_ADDRESS *pd_addr;
6340 - dma_addr_t ci_h = 0;
6341 -
6342 -+ if (instance->pd_list_not_supported) {
6343 -+ dev_info(&instance->pdev->dev, "MR_DCMD_PD_LIST_QUERY "
6344 -+ "not supported by firmware\n");
6345 -+ return ret;
6346 -+ }
6347 -+
6348 - cmd = megasas_get_cmd(instance);
6349 -
6350 - if (!cmd) {
6351 -diff --git a/drivers/soc/qcom/smp2p.c b/drivers/soc/qcom/smp2p.c
6352 -index f1eed7f..9c2788b 100644
6353 ---- a/drivers/soc/qcom/smp2p.c
6354 -+++ b/drivers/soc/qcom/smp2p.c
6355 -@@ -344,11 +344,12 @@ static int qcom_smp2p_outbound_entry(struct qcom_smp2p *smp2p,
6356 - /* Allocate an entry from the smem item */
6357 - strlcpy(buf, entry->name, SMP2P_MAX_ENTRY_NAME);
6358 - memcpy_toio(out->entries[out->valid_entries].name, buf, SMP2P_MAX_ENTRY_NAME);
6359 -- out->valid_entries++;
6360 -
6361 - /* Make the logical entry reference the physical value */
6362 - entry->value = &out->entries[out->valid_entries].value;
6363 -
6364 -+ out->valid_entries++;
6365 -+
6366 - entry->state = qcom_smem_state_register(node, &smp2p_state_ops, entry);
6367 - if (IS_ERR(entry->state)) {
6368 - dev_err(smp2p->dev, "failed to register qcom_smem_state\n");
6369 -diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
6370 -index fe07c05..daf2844 100644
6371 ---- a/drivers/spi/spi-pxa2xx.c
6372 -+++ b/drivers/spi/spi-pxa2xx.c
6373 -@@ -585,7 +585,14 @@ static void reset_sccr1(struct driver_data *drv_data)
6374 - u32 sccr1_reg;
6375 -
6376 - sccr1_reg = pxa2xx_spi_read(drv_data, SSCR1) & ~drv_data->int_cr1;
6377 -- sccr1_reg &= ~SSCR1_RFT;
6378 -+ switch (drv_data->ssp_type) {
6379 -+ case QUARK_X1000_SSP:
6380 -+ sccr1_reg &= ~QUARK_X1000_SSCR1_RFT;
6381 -+ break;
6382 -+ default:
6383 -+ sccr1_reg &= ~SSCR1_RFT;
6384 -+ break;
6385 -+ }
6386 - sccr1_reg |= chip->threshold;
6387 - pxa2xx_spi_write(drv_data, SSCR1, sccr1_reg);
6388 - }
6389 -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
6390 -index 50f3d3a..39b928c 100644
6391 ---- a/drivers/target/iscsi/iscsi_target.c
6392 -+++ b/drivers/target/iscsi/iscsi_target.c
6393 -@@ -492,7 +492,8 @@ void iscsit_aborted_task(struct iscsi_conn *conn, struct iscsi_cmd *cmd)
6394 - bool scsi_cmd = (cmd->iscsi_opcode == ISCSI_OP_SCSI_CMD);
6395 -
6396 - spin_lock_bh(&conn->cmd_lock);
6397 -- if (!list_empty(&cmd->i_conn_node))
6398 -+ if (!list_empty(&cmd->i_conn_node) &&
6399 -+ !(cmd->se_cmd.transport_state & CMD_T_FABRIC_STOP))
6400 - list_del_init(&cmd->i_conn_node);
6401 - spin_unlock_bh(&conn->cmd_lock);
6402 -
6403 -@@ -4034,6 +4035,7 @@ int iscsi_target_rx_thread(void *arg)
6404 -
6405 - static void iscsit_release_commands_from_conn(struct iscsi_conn *conn)
6406 - {
6407 -+ LIST_HEAD(tmp_list);
6408 - struct iscsi_cmd *cmd = NULL, *cmd_tmp = NULL;
6409 - struct iscsi_session *sess = conn->sess;
6410 - /*
6411 -@@ -4042,18 +4044,26 @@ static void iscsit_release_commands_from_conn(struct iscsi_conn *conn)
6412 - * has been reset -> returned sleeping pre-handler state.
6413 - */
6414 - spin_lock_bh(&conn->cmd_lock);
6415 -- list_for_each_entry_safe(cmd, cmd_tmp, &conn->conn_cmd_list, i_conn_node) {
6416 -+ list_splice_init(&conn->conn_cmd_list, &tmp_list);
6417 -
6418 -+ list_for_each_entry(cmd, &tmp_list, i_conn_node) {
6419 -+ struct se_cmd *se_cmd = &cmd->se_cmd;
6420 -+
6421 -+ if (se_cmd->se_tfo != NULL) {
6422 -+ spin_lock(&se_cmd->t_state_lock);
6423 -+ se_cmd->transport_state |= CMD_T_FABRIC_STOP;
6424 -+ spin_unlock(&se_cmd->t_state_lock);
6425 -+ }
6426 -+ }
6427 -+ spin_unlock_bh(&conn->cmd_lock);
6428 -+
6429 -+ list_for_each_entry_safe(cmd, cmd_tmp, &tmp_list, i_conn_node) {
6430 - list_del_init(&cmd->i_conn_node);
6431 -- spin_unlock_bh(&conn->cmd_lock);
6432 -
6433 - iscsit_increment_maxcmdsn(cmd, sess);
6434 --
6435 - iscsit_free_cmd(cmd, true);
6436 -
6437 -- spin_lock_bh(&conn->cmd_lock);
6438 - }
6439 -- spin_unlock_bh(&conn->cmd_lock);
6440 - }
6441 -
6442 - static void iscsit_stop_timers_for_cmds(
6443 -diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
6444 -index b5212f0..adf419f 100644
6445 ---- a/drivers/target/iscsi/iscsi_target_login.c
6446 -+++ b/drivers/target/iscsi/iscsi_target_login.c
6447 -@@ -1371,8 +1371,9 @@ static int __iscsi_target_login_thread(struct iscsi_np *np)
6448 - }
6449 - login->zero_tsih = zero_tsih;
6450 -
6451 -- conn->sess->se_sess->sup_prot_ops =
6452 -- conn->conn_transport->iscsit_get_sup_prot_ops(conn);
6453 -+ if (conn->sess)
6454 -+ conn->sess->se_sess->sup_prot_ops =
6455 -+ conn->conn_transport->iscsit_get_sup_prot_ops(conn);
6456 -
6457 - tpg = conn->tpg;
6458 - if (!tpg) {
6459 -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
6460 -index a4046ca..6b42348 100644
6461 ---- a/drivers/target/target_core_device.c
6462 -+++ b/drivers/target/target_core_device.c
6463 -@@ -821,13 +821,15 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
6464 - * in ATA and we need to set TPE=1
6465 - */
6466 - bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
6467 -- struct request_queue *q, int block_size)
6468 -+ struct request_queue *q)
6469 - {
6470 -+ int block_size = queue_logical_block_size(q);
6471 -+
6472 - if (!blk_queue_discard(q))
6473 - return false;
6474 -
6475 -- attrib->max_unmap_lba_count = (q->limits.max_discard_sectors << 9) /
6476 -- block_size;
6477 -+ attrib->max_unmap_lba_count =
6478 -+ q->limits.max_discard_sectors >> (ilog2(block_size) - 9);
6479 - /*
6480 - * Currently hardcoded to 1 in Linux/SCSI code..
6481 - */
6482 -diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
6483 -index 75f0f08..7929186 100644
6484 ---- a/drivers/target/target_core_file.c
6485 -+++ b/drivers/target/target_core_file.c
6486 -@@ -161,8 +161,7 @@ static int fd_configure_device(struct se_device *dev)
6487 - dev_size, div_u64(dev_size, fd_dev->fd_block_size),
6488 - fd_dev->fd_block_size);
6489 -
6490 -- if (target_configure_unmap_from_queue(&dev->dev_attrib, q,
6491 -- fd_dev->fd_block_size))
6492 -+ if (target_configure_unmap_from_queue(&dev->dev_attrib, q))
6493 - pr_debug("IFILE: BLOCK Discard support available,"
6494 - " disabled by default\n");
6495 - /*
6496 -diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
6497 -index 7c4efb4..2077bc2 100644
6498 ---- a/drivers/target/target_core_iblock.c
6499 -+++ b/drivers/target/target_core_iblock.c
6500 -@@ -121,8 +121,7 @@ static int iblock_configure_device(struct se_device *dev)
6501 - dev->dev_attrib.hw_max_sectors = queue_max_hw_sectors(q);
6502 - dev->dev_attrib.hw_queue_depth = q->nr_requests;
6503 -
6504 -- if (target_configure_unmap_from_queue(&dev->dev_attrib, q,
6505 -- dev->dev_attrib.hw_block_size))
6506 -+ if (target_configure_unmap_from_queue(&dev->dev_attrib, q))
6507 - pr_debug("IBLOCK: BLOCK Discard support available,"
6508 - " disabled by default\n");
6509 -
6510 -diff --git a/drivers/target/target_core_internal.h b/drivers/target/target_core_internal.h
6511 -index fc91e85..e2c970a 100644
6512 ---- a/drivers/target/target_core_internal.h
6513 -+++ b/drivers/target/target_core_internal.h
6514 -@@ -146,6 +146,7 @@ sense_reason_t target_cmd_size_check(struct se_cmd *cmd, unsigned int size);
6515 - void target_qf_do_work(struct work_struct *work);
6516 - bool target_check_wce(struct se_device *dev);
6517 - bool target_check_fua(struct se_device *dev);
6518 -+void __target_execute_cmd(struct se_cmd *, bool);
6519 -
6520 - /* target_core_stat.c */
6521 - void target_stat_setup_dev_default_groups(struct se_device *);
6522 -diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
6523 -index a9057aa..04f616b 100644
6524 ---- a/drivers/target/target_core_sbc.c
6525 -+++ b/drivers/target/target_core_sbc.c
6526 -@@ -602,7 +602,7 @@ static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool succes
6527 - cmd->transport_state |= CMD_T_ACTIVE|CMD_T_BUSY|CMD_T_SENT;
6528 - spin_unlock_irq(&cmd->t_state_lock);
6529 -
6530 -- __target_execute_cmd(cmd);
6531 -+ __target_execute_cmd(cmd, false);
6532 -
6533 - kfree(buf);
6534 - return ret;
6535 -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
6536 -index 5ab3967..42c2a44 100644
6537 ---- a/drivers/target/target_core_transport.c
6538 -+++ b/drivers/target/target_core_transport.c
6539 -@@ -1303,23 +1303,6 @@ target_setup_cmd_from_cdb(struct se_cmd *cmd, unsigned char *cdb)
6540 -
6541 - trace_target_sequencer_start(cmd);
6542 -
6543 -- /*
6544 -- * Check for an existing UNIT ATTENTION condition
6545 -- */
6546 -- ret = target_scsi3_ua_check(cmd);
6547 -- if (ret)
6548 -- return ret;
6549 --
6550 -- ret = target_alua_state_check(cmd);
6551 -- if (ret)
6552 -- return ret;
6553 --
6554 -- ret = target_check_reservation(cmd);
6555 -- if (ret) {
6556 -- cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT;
6557 -- return ret;
6558 -- }
6559 --
6560 - ret = dev->transport->parse_cdb(cmd);
6561 - if (ret == TCM_UNSUPPORTED_SCSI_OPCODE)
6562 - pr_warn_ratelimited("%s/%s: Unsupported SCSI Opcode 0x%02x, sending CHECK_CONDITION.\n",
6563 -@@ -1761,20 +1744,45 @@ queue_full:
6564 - }
6565 - EXPORT_SYMBOL(transport_generic_request_failure);
6566 -
6567 --void __target_execute_cmd(struct se_cmd *cmd)
6568 -+void __target_execute_cmd(struct se_cmd *cmd, bool do_checks)
6569 - {
6570 - sense_reason_t ret;
6571 -
6572 -- if (cmd->execute_cmd) {
6573 -- ret = cmd->execute_cmd(cmd);
6574 -- if (ret) {
6575 -- spin_lock_irq(&cmd->t_state_lock);
6576 -- cmd->transport_state &= ~(CMD_T_BUSY|CMD_T_SENT);
6577 -- spin_unlock_irq(&cmd->t_state_lock);
6578 -+ if (!cmd->execute_cmd) {
6579 -+ ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
6580 -+ goto err;
6581 -+ }
6582 -+ if (do_checks) {
6583 -+ /*
6584 -+ * Check for an existing UNIT ATTENTION condition after
6585 -+ * target_handle_task_attr() has done SAM task attr
6586 -+ * checking, and possibly have already defered execution
6587 -+ * out to target_restart_delayed_cmds() context.
6588 -+ */
6589 -+ ret = target_scsi3_ua_check(cmd);
6590 -+ if (ret)
6591 -+ goto err;
6592 -+
6593 -+ ret = target_alua_state_check(cmd);
6594 -+ if (ret)
6595 -+ goto err;
6596 -
6597 -- transport_generic_request_failure(cmd, ret);
6598 -+ ret = target_check_reservation(cmd);
6599 -+ if (ret) {
6600 -+ cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT;
6601 -+ goto err;
6602 - }
6603 - }
6604 -+
6605 -+ ret = cmd->execute_cmd(cmd);
6606 -+ if (!ret)
6607 -+ return;
6608 -+err:
6609 -+ spin_lock_irq(&cmd->t_state_lock);
6610 -+ cmd->transport_state &= ~(CMD_T_BUSY|CMD_T_SENT);
6611 -+ spin_unlock_irq(&cmd->t_state_lock);
6612 -+
6613 -+ transport_generic_request_failure(cmd, ret);
6614 - }
6615 -
6616 - static int target_write_prot_action(struct se_cmd *cmd)
6617 -@@ -1819,6 +1827,8 @@ static bool target_handle_task_attr(struct se_cmd *cmd)
6618 - if (dev->transport->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
6619 - return false;
6620 -
6621 -+ cmd->se_cmd_flags |= SCF_TASK_ATTR_SET;
6622 -+
6623 - /*
6624 - * Check for the existence of HEAD_OF_QUEUE, and if true return 1
6625 - * to allow the passed struct se_cmd list of tasks to the front of the list.
6626 -@@ -1899,7 +1909,7 @@ void target_execute_cmd(struct se_cmd *cmd)
6627 - return;
6628 - }
6629 -
6630 -- __target_execute_cmd(cmd);
6631 -+ __target_execute_cmd(cmd, true);
6632 - }
6633 - EXPORT_SYMBOL(target_execute_cmd);
6634 -
6635 -@@ -1923,7 +1933,7 @@ static void target_restart_delayed_cmds(struct se_device *dev)
6636 - list_del(&cmd->se_delayed_node);
6637 - spin_unlock(&dev->delayed_cmd_lock);
6638 -
6639 -- __target_execute_cmd(cmd);
6640 -+ __target_execute_cmd(cmd, true);
6641 -
6642 - if (cmd->sam_task_attr == TCM_ORDERED_TAG)
6643 - break;
6644 -@@ -1941,6 +1951,9 @@ static void transport_complete_task_attr(struct se_cmd *cmd)
6645 - if (dev->transport->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
6646 - return;
6647 -
6648 -+ if (!(cmd->se_cmd_flags & SCF_TASK_ATTR_SET))
6649 -+ goto restart;
6650 -+
6651 - if (cmd->sam_task_attr == TCM_SIMPLE_TAG) {
6652 - atomic_dec_mb(&dev->simple_cmds);
6653 - dev->dev_cur_ordered_id++;
6654 -@@ -1957,7 +1970,7 @@ static void transport_complete_task_attr(struct se_cmd *cmd)
6655 - pr_debug("Incremented dev_cur_ordered_id: %u for ORDERED\n",
6656 - dev->dev_cur_ordered_id);
6657 - }
6658 --
6659 -+restart:
6660 - target_restart_delayed_cmds(dev);
6661 - }
6662 -
6663 -@@ -2557,15 +2570,10 @@ static void target_release_cmd_kref(struct kref *kref)
6664 - bool fabric_stop;
6665 -
6666 - spin_lock_irqsave(&se_sess->sess_cmd_lock, flags);
6667 -- if (list_empty(&se_cmd->se_cmd_list)) {
6668 -- spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
6669 -- target_free_cmd_mem(se_cmd);
6670 -- se_cmd->se_tfo->release_cmd(se_cmd);
6671 -- return;
6672 -- }
6673 -
6674 - spin_lock(&se_cmd->t_state_lock);
6675 -- fabric_stop = (se_cmd->transport_state & CMD_T_FABRIC_STOP);
6676 -+ fabric_stop = (se_cmd->transport_state & CMD_T_FABRIC_STOP) &&
6677 -+ (se_cmd->transport_state & CMD_T_ABORTED);
6678 - spin_unlock(&se_cmd->t_state_lock);
6679 -
6680 - if (se_cmd->cmd_wait_set || fabric_stop) {
6681 -diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
6682 -index 954941d..f9c798c 100644
6683 ---- a/drivers/tty/serial/atmel_serial.c
6684 -+++ b/drivers/tty/serial/atmel_serial.c
6685 -@@ -482,19 +482,21 @@ static void atmel_start_tx(struct uart_port *port)
6686 - {
6687 - struct atmel_uart_port *atmel_port = to_atmel_uart_port(port);
6688 -
6689 -- if (atmel_use_pdc_tx(port)) {
6690 -- if (atmel_uart_readl(port, ATMEL_PDC_PTSR) & ATMEL_PDC_TXTEN)
6691 -- /* The transmitter is already running. Yes, we
6692 -- really need this.*/
6693 -- return;
6694 -+ if (atmel_use_pdc_tx(port) && (atmel_uart_readl(port, ATMEL_PDC_PTSR)
6695 -+ & ATMEL_PDC_TXTEN))
6696 -+ /* The transmitter is already running. Yes, we
6697 -+ really need this.*/
6698 -+ return;
6699 -
6700 -+ if (atmel_use_pdc_tx(port) || atmel_use_dma_tx(port))
6701 - if ((port->rs485.flags & SER_RS485_ENABLED) &&
6702 - !(port->rs485.flags & SER_RS485_RX_DURING_TX))
6703 - atmel_stop_rx(port);
6704 -
6705 -+ if (atmel_use_pdc_tx(port))
6706 - /* re-enable PDC transmit */
6707 - atmel_uart_writel(port, ATMEL_PDC_PTCR, ATMEL_PDC_TXTEN);
6708 -- }
6709 -+
6710 - /* Enable interrupts */
6711 - atmel_uart_writel(port, ATMEL_US_IER, atmel_port->tx_done_mask);
6712 - }
6713 -diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
6714 -index b7d80bd..7d62610 100644
6715 ---- a/drivers/tty/serial/msm_serial.c
6716 -+++ b/drivers/tty/serial/msm_serial.c
6717 -@@ -726,7 +726,7 @@ static void msm_handle_tx(struct uart_port *port)
6718 - return;
6719 - }
6720 -
6721 -- pio_count = CIRC_CNT(xmit->head, xmit->tail, UART_XMIT_SIZE);
6722 -+ pio_count = CIRC_CNT_TO_END(xmit->head, xmit->tail, UART_XMIT_SIZE);
6723 - dma_count = CIRC_CNT_TO_END(xmit->head, xmit->tail, UART_XMIT_SIZE);
6724 -
6725 - dma_min = 1; /* Always DMA */
6726 -diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
6727 -index 99bb231..f0bd2ec 100644
6728 ---- a/drivers/tty/serial/samsung.c
6729 -+++ b/drivers/tty/serial/samsung.c
6730 -@@ -1684,7 +1684,7 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
6731 - return -ENODEV;
6732 -
6733 - if (port->mapbase != 0)
6734 -- return 0;
6735 -+ return -EINVAL;
6736 -
6737 - /* setup info for port */
6738 - port->dev = &platdev->dev;
6739 -@@ -1738,22 +1738,25 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
6740 - ourport->dma = devm_kzalloc(port->dev,
6741 - sizeof(*ourport->dma),
6742 - GFP_KERNEL);
6743 -- if (!ourport->dma)
6744 -- return -ENOMEM;
6745 -+ if (!ourport->dma) {
6746 -+ ret = -ENOMEM;
6747 -+ goto err;
6748 -+ }
6749 - }
6750 -
6751 - ourport->clk = clk_get(&platdev->dev, "uart");
6752 - if (IS_ERR(ourport->clk)) {
6753 - pr_err("%s: Controller clock not found\n",
6754 - dev_name(&platdev->dev));
6755 -- return PTR_ERR(ourport->clk);
6756 -+ ret = PTR_ERR(ourport->clk);
6757 -+ goto err;
6758 - }
6759 -
6760 - ret = clk_prepare_enable(ourport->clk);
6761 - if (ret) {
6762 - pr_err("uart: clock failed to prepare+enable: %d\n", ret);
6763 - clk_put(ourport->clk);
6764 -- return ret;
6765 -+ goto err;
6766 - }
6767 -
6768 - /* Keep all interrupts masked and cleared */
6769 -@@ -1769,7 +1772,12 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
6770 -
6771 - /* reset the fifos (and setup the uart) */
6772 - s3c24xx_serial_resetport(port, cfg);
6773 -+
6774 - return 0;
6775 -+
6776 -+err:
6777 -+ port->mapbase = 0;
6778 -+ return ret;
6779 - }
6780 -
6781 - /* Device driver serial port probe */
6782 -diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
6783 -index 944a6dc..d2e50a2 100644
6784 ---- a/drivers/usb/core/quirks.c
6785 -+++ b/drivers/usb/core/quirks.c
6786 -@@ -128,6 +128,9 @@ static const struct usb_device_id usb_quirk_list[] = {
6787 - { USB_DEVICE(0x04f3, 0x016f), .driver_info =
6788 - USB_QUIRK_DEVICE_QUALIFIER },
6789 -
6790 -+ { USB_DEVICE(0x04f3, 0x0381), .driver_info =
6791 -+ USB_QUIRK_NO_LPM },
6792 -+
6793 - { USB_DEVICE(0x04f3, 0x21b8), .driver_info =
6794 - USB_QUIRK_DEVICE_QUALIFIER },
6795 -
6796 -diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
6797 -index 07248ff..716f4f0 100644
6798 ---- a/drivers/usb/dwc3/gadget.c
6799 -+++ b/drivers/usb/dwc3/gadget.c
6800 -@@ -258,11 +258,13 @@ int dwc3_send_gadget_ep_cmd(struct dwc3 *dwc, unsigned ep,
6801 - * We will also set SUSPHY bit to what it was before returning as stated
6802 - * by the same section on Synopsys databook.
6803 - */
6804 -- reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0));
6805 -- if (unlikely(reg & DWC3_GUSB2PHYCFG_SUSPHY)) {
6806 -- susphy = true;
6807 -- reg &= ~DWC3_GUSB2PHYCFG_SUSPHY;
6808 -- dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg);
6809 -+ if (dwc->gadget.speed <= USB_SPEED_HIGH) {
6810 -+ reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0));
6811 -+ if (unlikely(reg & DWC3_GUSB2PHYCFG_SUSPHY)) {
6812 -+ susphy = true;
6813 -+ reg &= ~DWC3_GUSB2PHYCFG_SUSPHY;
6814 -+ dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg);
6815 -+ }
6816 - }
6817 -
6818 - if (cmd == DWC3_DEPCMD_STARTTRANSFER) {
6819 -@@ -2023,6 +2025,10 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep,
6820 - return 1;
6821 - }
6822 -
6823 -+ if (usb_endpoint_xfer_isoc(dep->endpoint.desc))
6824 -+ if ((event->status & DEPEVT_STATUS_IOC) &&
6825 -+ (trb->ctrl & DWC3_TRB_CTRL_IOC))
6826 -+ return 0;
6827 - return 1;
6828 - }
6829 -
6830 -diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c
6831 -index 18569de..bb1f6c8 100644
6832 ---- a/drivers/usb/gadget/udc/atmel_usba_udc.c
6833 -+++ b/drivers/usb/gadget/udc/atmel_usba_udc.c
6834 -@@ -1920,6 +1920,8 @@ static struct usba_ep * atmel_udc_of_init(struct platform_device *pdev,
6835 -
6836 - udc->errata = match->data;
6837 - udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9g45-pmc");
6838 -+ if (IS_ERR(udc->pmc))
6839 -+ udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9x5-pmc");
6840 - if (udc->errata && IS_ERR(udc->pmc))
6841 - return ERR_CAST(udc->pmc);
6842 -
6843 -diff --git a/drivers/usb/gadget/udc/pch_udc.c b/drivers/usb/gadget/udc/pch_udc.c
6844 -index ebc51ec..7175142 100644
6845 ---- a/drivers/usb/gadget/udc/pch_udc.c
6846 -+++ b/drivers/usb/gadget/udc/pch_udc.c
6847 -@@ -1477,11 +1477,11 @@ static void complete_req(struct pch_udc_ep *ep, struct pch_udc_request *req,
6848 - req->dma_mapped = 0;
6849 - }
6850 - ep->halted = 1;
6851 -- spin_lock(&dev->lock);
6852 -+ spin_unlock(&dev->lock);
6853 - if (!ep->in)
6854 - pch_udc_ep_clear_rrdy(ep);
6855 - usb_gadget_giveback_request(&ep->ep, &req->req);
6856 -- spin_unlock(&dev->lock);
6857 -+ spin_lock(&dev->lock);
6858 - ep->halted = halted;
6859 - }
6860 -
6861 -@@ -2573,9 +2573,9 @@ static void pch_udc_svc_ur_interrupt(struct pch_udc_dev *dev)
6862 - empty_req_queue(ep);
6863 - }
6864 - if (dev->driver) {
6865 -- spin_lock(&dev->lock);
6866 -- usb_gadget_udc_reset(&dev->gadget, dev->driver);
6867 - spin_unlock(&dev->lock);
6868 -+ usb_gadget_udc_reset(&dev->gadget, dev->driver);
6869 -+ spin_lock(&dev->lock);
6870 - }
6871 - }
6872 -
6873 -@@ -2654,9 +2654,9 @@ static void pch_udc_svc_intf_interrupt(struct pch_udc_dev *dev)
6874 - dev->ep[i].halted = 0;
6875 - }
6876 - dev->stall = 0;
6877 -- spin_lock(&dev->lock);
6878 -- dev->driver->setup(&dev->gadget, &dev->setup_data);
6879 - spin_unlock(&dev->lock);
6880 -+ dev->driver->setup(&dev->gadget, &dev->setup_data);
6881 -+ spin_lock(&dev->lock);
6882 - }
6883 -
6884 - /**
6885 -@@ -2691,9 +2691,9 @@ static void pch_udc_svc_cfg_interrupt(struct pch_udc_dev *dev)
6886 - dev->stall = 0;
6887 -
6888 - /* call gadget zero with setup data received */
6889 -- spin_lock(&dev->lock);
6890 -- dev->driver->setup(&dev->gadget, &dev->setup_data);
6891 - spin_unlock(&dev->lock);
6892 -+ dev->driver->setup(&dev->gadget, &dev->setup_data);
6893 -+ spin_lock(&dev->lock);
6894 - }
6895 -
6896 - /**
6897 -diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c
6898 -index 7be4e7d..280ed5f 100644
6899 ---- a/drivers/usb/renesas_usbhs/fifo.c
6900 -+++ b/drivers/usb/renesas_usbhs/fifo.c
6901 -@@ -810,20 +810,27 @@ static void xfer_work(struct work_struct *work)
6902 - {
6903 - struct usbhs_pkt *pkt = container_of(work, struct usbhs_pkt, work);
6904 - struct usbhs_pipe *pipe = pkt->pipe;
6905 -- struct usbhs_fifo *fifo = usbhs_pipe_to_fifo(pipe);
6906 -+ struct usbhs_fifo *fifo;
6907 - struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe);
6908 - struct dma_async_tx_descriptor *desc;
6909 -- struct dma_chan *chan = usbhsf_dma_chan_get(fifo, pkt);
6910 -+ struct dma_chan *chan;
6911 - struct device *dev = usbhs_priv_to_dev(priv);
6912 - enum dma_transfer_direction dir;
6913 -+ unsigned long flags;
6914 -
6915 -+ usbhs_lock(priv, flags);
6916 -+ fifo = usbhs_pipe_to_fifo(pipe);
6917 -+ if (!fifo)
6918 -+ goto xfer_work_end;
6919 -+
6920 -+ chan = usbhsf_dma_chan_get(fifo, pkt);
6921 - dir = usbhs_pipe_is_dir_in(pipe) ? DMA_DEV_TO_MEM : DMA_MEM_TO_DEV;
6922 -
6923 - desc = dmaengine_prep_slave_single(chan, pkt->dma + pkt->actual,
6924 - pkt->trans, dir,
6925 - DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
6926 - if (!desc)
6927 -- return;
6928 -+ goto xfer_work_end;
6929 -
6930 - desc->callback = usbhsf_dma_complete;
6931 - desc->callback_param = pipe;
6932 -@@ -831,7 +838,7 @@ static void xfer_work(struct work_struct *work)
6933 - pkt->cookie = dmaengine_submit(desc);
6934 - if (pkt->cookie < 0) {
6935 - dev_err(dev, "Failed to submit dma descriptor\n");
6936 -- return;
6937 -+ goto xfer_work_end;
6938 - }
6939 -
6940 - dev_dbg(dev, " %s %d (%d/ %d)\n",
6941 -@@ -842,6 +849,9 @@ static void xfer_work(struct work_struct *work)
6942 - usbhs_pipe_set_trans_count_if_bulk(pipe, pkt->trans);
6943 - dma_async_issue_pending(chan);
6944 - usbhs_pipe_enable(pipe);
6945 -+
6946 -+xfer_work_end:
6947 -+ usbhs_unlock(priv, flags);
6948 - }
6949 -
6950 - /*
6951 -diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c
6952 -index 30345c2..50f3363 100644
6953 ---- a/drivers/usb/renesas_usbhs/mod_gadget.c
6954 -+++ b/drivers/usb/renesas_usbhs/mod_gadget.c
6955 -@@ -585,6 +585,9 @@ static int usbhsg_ep_enable(struct usb_ep *ep,
6956 - struct usbhs_priv *priv = usbhsg_gpriv_to_priv(gpriv);
6957 - struct usbhs_pipe *pipe;
6958 - int ret = -EIO;
6959 -+ unsigned long flags;
6960 -+
6961 -+ usbhs_lock(priv, flags);
6962 -
6963 - /*
6964 - * if it already have pipe,
6965 -@@ -593,7 +596,8 @@ static int usbhsg_ep_enable(struct usb_ep *ep,
6966 - if (uep->pipe) {
6967 - usbhs_pipe_clear(uep->pipe);
6968 - usbhs_pipe_sequence_data0(uep->pipe);
6969 -- return 0;
6970 -+ ret = 0;
6971 -+ goto usbhsg_ep_enable_end;
6972 - }
6973 -
6974 - pipe = usbhs_pipe_malloc(priv,
6975 -@@ -621,6 +625,9 @@ static int usbhsg_ep_enable(struct usb_ep *ep,
6976 - ret = 0;
6977 - }
6978 -
6979 -+usbhsg_ep_enable_end:
6980 -+ usbhs_unlock(priv, flags);
6981 -+
6982 - return ret;
6983 - }
6984 -
6985 -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
6986 -index d96d423..8e07536 100644
6987 ---- a/drivers/usb/serial/option.c
6988 -+++ b/drivers/usb/serial/option.c
6989 -@@ -273,6 +273,7 @@ static void option_instat_callback(struct urb *urb);
6990 - #define TELIT_PRODUCT_LE922_USBCFG5 0x1045
6991 - #define TELIT_PRODUCT_LE920 0x1200
6992 - #define TELIT_PRODUCT_LE910 0x1201
6993 -+#define TELIT_PRODUCT_LE910_USBCFG4 0x1206
6994 -
6995 - /* ZTE PRODUCTS */
6996 - #define ZTE_VENDOR_ID 0x19d2
6997 -@@ -1198,6 +1199,8 @@ static const struct usb_device_id option_ids[] = {
6998 - .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
6999 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
7000 - .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
7001 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910_USBCFG4),
7002 -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
7003 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
7004 - .driver_info = (kernel_ulong_t)&telit_le920_blacklist },
7005 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622, 0xff, 0xff, 0xff) }, /* ZTE WCDMA products */
7006 -diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
7007 -index 476c0e3..f6ea8f4 100644
7008 ---- a/drivers/virtio/virtio_balloon.c
7009 -+++ b/drivers/virtio/virtio_balloon.c
7010 -@@ -202,6 +202,8 @@ static unsigned leak_balloon(struct virtio_balloon *vb, size_t num)
7011 - num = min(num, ARRAY_SIZE(vb->pfns));
7012 -
7013 - mutex_lock(&vb->balloon_lock);
7014 -+ /* We can't release more pages than taken */
7015 -+ num = min(num, (size_t)vb->num_pages);
7016 - for (vb->num_pfns = 0; vb->num_pfns < num;
7017 - vb->num_pfns += VIRTIO_BALLOON_PAGES_PER_PAGE) {
7018 - page = balloon_page_dequeue(vb_dev_info);
7019 -diff --git a/drivers/w1/masters/omap_hdq.c b/drivers/w1/masters/omap_hdq.c
7020 -index a2eec97..bb09de6 100644
7021 ---- a/drivers/w1/masters/omap_hdq.c
7022 -+++ b/drivers/w1/masters/omap_hdq.c
7023 -@@ -390,8 +390,6 @@ static int hdq_read_byte(struct hdq_data *hdq_data, u8 *val)
7024 - goto out;
7025 - }
7026 -
7027 -- hdq_data->hdq_irqstatus = 0;
7028 --
7029 - if (!(hdq_data->hdq_irqstatus & OMAP_HDQ_INT_STATUS_RXCOMPLETE)) {
7030 - hdq_reg_merge(hdq_data, OMAP_HDQ_CTRL_STATUS,
7031 - OMAP_HDQ_CTRL_STATUS_DIR | OMAP_HDQ_CTRL_STATUS_GO,
7032 -diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
7033 -index 75533ad..92fe3f8 100644
7034 ---- a/fs/btrfs/extent_io.c
7035 -+++ b/fs/btrfs/extent_io.c
7036 -@@ -2696,12 +2696,6 @@ struct bio *btrfs_bio_clone(struct bio *bio, gfp_t gfp_mask)
7037 - btrfs_bio->csum = NULL;
7038 - btrfs_bio->csum_allocated = NULL;
7039 - btrfs_bio->end_io = NULL;
7040 --
7041 --#ifdef CONFIG_BLK_CGROUP
7042 -- /* FIXME, put this into bio_clone_bioset */
7043 -- if (bio->bi_css)
7044 -- bio_associate_blkcg(new, bio->bi_css);
7045 --#endif
7046 - }
7047 - return new;
7048 - }
7049 -diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
7050 -index 2234e88..b56887b 100644
7051 ---- a/fs/btrfs/file.c
7052 -+++ b/fs/btrfs/file.c
7053 -@@ -1629,13 +1629,11 @@ again:
7054 - * managed to copy.
7055 - */
7056 - if (num_sectors > dirty_sectors) {
7057 -- /*
7058 -- * we round down because we don't want to count
7059 -- * any partial blocks actually sent through the
7060 -- * IO machines
7061 -- */
7062 -- release_bytes = round_down(release_bytes - copied,
7063 -- root->sectorsize);
7064 -+
7065 -+ /* release everything except the sectors we dirtied */
7066 -+ release_bytes -= dirty_sectors <<
7067 -+ root->fs_info->sb->s_blocksize_bits;
7068 -+
7069 - if (copied > 0) {
7070 - spin_lock(&BTRFS_I(inode)->lock);
7071 - BTRFS_I(inode)->outstanding_extents++;
7072 -diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
7073 -index 4ae7500..3f7c2cd 100644
7074 ---- a/fs/cachefiles/namei.c
7075 -+++ b/fs/cachefiles/namei.c
7076 -@@ -263,6 +263,8 @@ requeue:
7077 - void cachefiles_mark_object_inactive(struct cachefiles_cache *cache,
7078 - struct cachefiles_object *object)
7079 - {
7080 -+ blkcnt_t i_blocks = d_backing_inode(object->dentry)->i_blocks;
7081 -+
7082 - write_lock(&cache->active_lock);
7083 - rb_erase(&object->active_node, &cache->active_nodes);
7084 - clear_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags);
7085 -@@ -273,8 +275,7 @@ void cachefiles_mark_object_inactive(struct cachefiles_cache *cache,
7086 - /* This object can now be culled, so we need to let the daemon know
7087 - * that there is something it can remove if it needs to.
7088 - */
7089 -- atomic_long_add(d_backing_inode(object->dentry)->i_blocks,
7090 -- &cache->b_released);
7091 -+ atomic_long_add(i_blocks, &cache->b_released);
7092 - if (atomic_inc_return(&cache->f_released))
7093 - cachefiles_state_changed(cache);
7094 - }
7095 -diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h
7096 -index 3182273..1418daa 100644
7097 ---- a/fs/cifs/cifs_fs_sb.h
7098 -+++ b/fs/cifs/cifs_fs_sb.h
7099 -@@ -46,6 +46,9 @@
7100 - #define CIFS_MOUNT_CIFS_BACKUPUID 0x200000 /* backup intent bit for a user */
7101 - #define CIFS_MOUNT_CIFS_BACKUPGID 0x400000 /* backup intent bit for a group */
7102 - #define CIFS_MOUNT_MAP_SFM_CHR 0x800000 /* SFM/MAC mapping for illegal chars */
7103 -+#define CIFS_MOUNT_USE_PREFIX_PATH 0x1000000 /* make subpath with unaccessible
7104 -+ * root mountable
7105 -+ */
7106 -
7107 - struct cifs_sb_info {
7108 - struct rb_root tlink_tree;
7109 -@@ -67,5 +70,6 @@ struct cifs_sb_info {
7110 - struct backing_dev_info bdi;
7111 - struct delayed_work prune_tlinks;
7112 - struct rcu_head rcu;
7113 -+ char *prepath;
7114 - };
7115 - #endif /* _CIFS_FS_SB_H */
7116 -diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
7117 -index 6aeb8d4..8347c90 100644
7118 ---- a/fs/cifs/cifsencrypt.c
7119 -+++ b/fs/cifs/cifsencrypt.c
7120 -@@ -743,24 +743,26 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
7121 -
7122 - memcpy(ses->auth_key.response + baselen, tiblob, tilen);
7123 -
7124 -+ mutex_lock(&ses->server->srv_mutex);
7125 -+
7126 - rc = crypto_hmacmd5_alloc(ses->server);
7127 - if (rc) {
7128 - cifs_dbg(VFS, "could not crypto alloc hmacmd5 rc %d\n", rc);
7129 -- goto setup_ntlmv2_rsp_ret;
7130 -+ goto unlock;
7131 - }
7132 -
7133 - /* calculate ntlmv2_hash */
7134 - rc = calc_ntlmv2_hash(ses, ntlmv2_hash, nls_cp);
7135 - if (rc) {
7136 - cifs_dbg(VFS, "could not get v2 hash rc %d\n", rc);
7137 -- goto setup_ntlmv2_rsp_ret;
7138 -+ goto unlock;
7139 - }
7140 -
7141 - /* calculate first part of the client response (CR1) */
7142 - rc = CalcNTLMv2_response(ses, ntlmv2_hash);
7143 - if (rc) {
7144 - cifs_dbg(VFS, "Could not calculate CR1 rc: %d\n", rc);
7145 -- goto setup_ntlmv2_rsp_ret;
7146 -+ goto unlock;
7147 - }
7148 -
7149 - /* now calculate the session key for NTLMv2 */
7150 -@@ -769,13 +771,13 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
7151 - if (rc) {
7152 - cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n",
7153 - __func__);
7154 -- goto setup_ntlmv2_rsp_ret;
7155 -+ goto unlock;
7156 - }
7157 -
7158 - rc = crypto_shash_init(&ses->server->secmech.sdeschmacmd5->shash);
7159 - if (rc) {
7160 - cifs_dbg(VFS, "%s: Could not init hmacmd5\n", __func__);
7161 -- goto setup_ntlmv2_rsp_ret;
7162 -+ goto unlock;
7163 - }
7164 -
7165 - rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
7166 -@@ -783,7 +785,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
7167 - CIFS_HMAC_MD5_HASH_SIZE);
7168 - if (rc) {
7169 - cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
7170 -- goto setup_ntlmv2_rsp_ret;
7171 -+ goto unlock;
7172 - }
7173 -
7174 - rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash,
7175 -@@ -791,6 +793,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
7176 - if (rc)
7177 - cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
7178 -
7179 -+unlock:
7180 -+ mutex_unlock(&ses->server->srv_mutex);
7181 - setup_ntlmv2_rsp_ret:
7182 - kfree(tiblob);
7183 -
7184 -diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
7185 -index 5d841f3..6bbec5e 100644
7186 ---- a/fs/cifs/cifsfs.c
7187 -+++ b/fs/cifs/cifsfs.c
7188 -@@ -689,6 +689,14 @@ cifs_do_mount(struct file_system_type *fs_type,
7189 - goto out_cifs_sb;
7190 - }
7191 -
7192 -+ if (volume_info->prepath) {
7193 -+ cifs_sb->prepath = kstrdup(volume_info->prepath, GFP_KERNEL);
7194 -+ if (cifs_sb->prepath == NULL) {
7195 -+ root = ERR_PTR(-ENOMEM);
7196 -+ goto out_cifs_sb;
7197 -+ }
7198 -+ }
7199 -+
7200 - cifs_setup_cifs_sb(volume_info, cifs_sb);
7201 -
7202 - rc = cifs_mount(cifs_sb, volume_info);
7203 -@@ -727,7 +735,11 @@ cifs_do_mount(struct file_system_type *fs_type,
7204 - sb->s_flags |= MS_ACTIVE;
7205 - }
7206 -
7207 -- root = cifs_get_root(volume_info, sb);
7208 -+ if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH)
7209 -+ root = dget(sb->s_root);
7210 -+ else
7211 -+ root = cifs_get_root(volume_info, sb);
7212 -+
7213 - if (IS_ERR(root))
7214 - goto out_super;
7215 -
7216 -diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
7217 -index 7d2b15c..7ae0328 100644
7218 ---- a/fs/cifs/connect.c
7219 -+++ b/fs/cifs/connect.c
7220 -@@ -1228,6 +1228,8 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
7221 - vol->ops = &smb1_operations;
7222 - vol->vals = &smb1_values;
7223 -
7224 -+ vol->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
7225 -+
7226 - if (!mountdata)
7227 - goto cifs_parse_mount_err;
7228 -
7229 -@@ -2049,7 +2051,7 @@ static int match_server(struct TCP_Server_Info *server, struct smb_vol *vol)
7230 - if (!match_security(server, vol))
7231 - return 0;
7232 -
7233 -- if (server->echo_interval != vol->echo_interval)
7234 -+ if (server->echo_interval != vol->echo_interval * HZ)
7235 - return 0;
7236 -
7237 - return 1;
7238 -@@ -3483,6 +3485,44 @@ cifs_get_volume_info(char *mount_data, const char *devname)
7239 - return volume_info;
7240 - }
7241 -
7242 -+static int
7243 -+cifs_are_all_path_components_accessible(struct TCP_Server_Info *server,
7244 -+ unsigned int xid,
7245 -+ struct cifs_tcon *tcon,
7246 -+ struct cifs_sb_info *cifs_sb,
7247 -+ char *full_path)
7248 -+{
7249 -+ int rc;
7250 -+ char *s;
7251 -+ char sep, tmp;
7252 -+
7253 -+ sep = CIFS_DIR_SEP(cifs_sb);
7254 -+ s = full_path;
7255 -+
7256 -+ rc = server->ops->is_path_accessible(xid, tcon, cifs_sb, "");
7257 -+ while (rc == 0) {
7258 -+ /* skip separators */
7259 -+ while (*s == sep)
7260 -+ s++;
7261 -+ if (!*s)
7262 -+ break;
7263 -+ /* next separator */
7264 -+ while (*s && *s != sep)
7265 -+ s++;
7266 -+
7267 -+ /*
7268 -+ * temporarily null-terminate the path at the end of
7269 -+ * the current component
7270 -+ */
7271 -+ tmp = *s;
7272 -+ *s = 0;
7273 -+ rc = server->ops->is_path_accessible(xid, tcon, cifs_sb,
7274 -+ full_path);
7275 -+ *s = tmp;
7276 -+ }
7277 -+ return rc;
7278 -+}
7279 -+
7280 - int
7281 - cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info)
7282 - {
7283 -@@ -3620,6 +3660,16 @@ remote_path_check:
7284 - kfree(full_path);
7285 - goto mount_fail_check;
7286 - }
7287 -+
7288 -+ rc = cifs_are_all_path_components_accessible(server,
7289 -+ xid, tcon, cifs_sb,
7290 -+ full_path);
7291 -+ if (rc != 0) {
7292 -+ cifs_dbg(VFS, "cannot query dirs between root and final path, "
7293 -+ "enabling CIFS_MOUNT_USE_PREFIX_PATH\n");
7294 -+ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
7295 -+ rc = 0;
7296 -+ }
7297 - kfree(full_path);
7298 - }
7299 -
7300 -@@ -3889,6 +3939,7 @@ cifs_umount(struct cifs_sb_info *cifs_sb)
7301 -
7302 - bdi_destroy(&cifs_sb->bdi);
7303 - kfree(cifs_sb->mountdata);
7304 -+ kfree(cifs_sb->prepath);
7305 - call_rcu(&cifs_sb->rcu, delayed_free);
7306 - }
7307 -
7308 -diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
7309 -index fb0903f..6f7333d 100644
7310 ---- a/fs/cifs/dir.c
7311 -+++ b/fs/cifs/dir.c
7312 -@@ -84,6 +84,7 @@ build_path_from_dentry(struct dentry *direntry)
7313 - struct dentry *temp;
7314 - int namelen;
7315 - int dfsplen;
7316 -+ int pplen = 0;
7317 - char *full_path;
7318 - char dirsep;
7319 - struct cifs_sb_info *cifs_sb = CIFS_SB(direntry->d_sb);
7320 -@@ -95,8 +96,12 @@ build_path_from_dentry(struct dentry *direntry)
7321 - dfsplen = strnlen(tcon->treeName, MAX_TREE_SIZE + 1);
7322 - else
7323 - dfsplen = 0;
7324 -+
7325 -+ if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH)
7326 -+ pplen = cifs_sb->prepath ? strlen(cifs_sb->prepath) + 1 : 0;
7327 -+
7328 - cifs_bp_rename_retry:
7329 -- namelen = dfsplen;
7330 -+ namelen = dfsplen + pplen;
7331 - seq = read_seqbegin(&rename_lock);
7332 - rcu_read_lock();
7333 - for (temp = direntry; !IS_ROOT(temp);) {
7334 -@@ -137,7 +142,7 @@ cifs_bp_rename_retry:
7335 - }
7336 - }
7337 - rcu_read_unlock();
7338 -- if (namelen != dfsplen || read_seqretry(&rename_lock, seq)) {
7339 -+ if (namelen != dfsplen + pplen || read_seqretry(&rename_lock, seq)) {
7340 - cifs_dbg(FYI, "did not end path lookup where expected. namelen=%ddfsplen=%d\n",
7341 - namelen, dfsplen);
7342 - /* presumably this is only possible if racing with a rename
7343 -@@ -153,6 +158,17 @@ cifs_bp_rename_retry:
7344 - those safely to '/' if any are found in the middle of the prepath */
7345 - /* BB test paths to Windows with '/' in the midst of prepath */
7346 -
7347 -+ if (pplen) {
7348 -+ int i;
7349 -+
7350 -+ cifs_dbg(FYI, "using cifs_sb prepath <%s>\n", cifs_sb->prepath);
7351 -+ memcpy(full_path+dfsplen+1, cifs_sb->prepath, pplen-1);
7352 -+ full_path[dfsplen] = '\\';
7353 -+ for (i = 0; i < pplen-1; i++)
7354 -+ if (full_path[dfsplen+1+i] == '/')
7355 -+ full_path[dfsplen+1+i] = CIFS_DIR_SEP(cifs_sb);
7356 -+ }
7357 -+
7358 - if (dfsplen) {
7359 - strncpy(full_path, tcon->treeName, dfsplen);
7360 - if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
7361 -@@ -229,6 +245,13 @@ cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned int xid,
7362 - goto cifs_create_get_file_info;
7363 - }
7364 -
7365 -+ if (S_ISDIR(newinode->i_mode)) {
7366 -+ CIFSSMBClose(xid, tcon, fid->netfid);
7367 -+ iput(newinode);
7368 -+ rc = -EISDIR;
7369 -+ goto out;
7370 -+ }
7371 -+
7372 - if (!S_ISREG(newinode->i_mode)) {
7373 - /*
7374 - * The server may allow us to open things like
7375 -@@ -399,10 +422,14 @@ cifs_create_set_dentry:
7376 - if (rc != 0) {
7377 - cifs_dbg(FYI, "Create worked, get_inode_info failed rc = %d\n",
7378 - rc);
7379 -- if (server->ops->close)
7380 -- server->ops->close(xid, tcon, fid);
7381 -- goto out;
7382 -+ goto out_err;
7383 - }
7384 -+
7385 -+ if (S_ISDIR(newinode->i_mode)) {
7386 -+ rc = -EISDIR;
7387 -+ goto out_err;
7388 -+ }
7389 -+
7390 - d_drop(direntry);
7391 - d_add(direntry, newinode);
7392 -
7393 -@@ -410,6 +437,13 @@ out:
7394 - kfree(buf);
7395 - kfree(full_path);
7396 - return rc;
7397 -+
7398 -+out_err:
7399 -+ if (server->ops->close)
7400 -+ server->ops->close(xid, tcon, fid);
7401 -+ if (newinode)
7402 -+ iput(newinode);
7403 -+ goto out;
7404 - }
7405 -
7406 - int
7407 -diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
7408 -index 514dadb..b87efd0 100644
7409 ---- a/fs/cifs/inode.c
7410 -+++ b/fs/cifs/inode.c
7411 -@@ -1002,10 +1002,26 @@ struct inode *cifs_root_iget(struct super_block *sb)
7412 - struct inode *inode = NULL;
7413 - long rc;
7414 - struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb);
7415 -+ char *path = NULL;
7416 -+ int len;
7417 -+
7418 -+ if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH)
7419 -+ && cifs_sb->prepath) {
7420 -+ len = strlen(cifs_sb->prepath);
7421 -+ path = kzalloc(len + 2 /* leading sep + null */, GFP_KERNEL);
7422 -+ if (path == NULL)
7423 -+ return ERR_PTR(-ENOMEM);
7424 -+ path[0] = '/';
7425 -+ memcpy(path+1, cifs_sb->prepath, len);
7426 -+ } else {
7427 -+ path = kstrdup("", GFP_KERNEL);
7428 -+ if (path == NULL)
7429 -+ return ERR_PTR(-ENOMEM);
7430 -+ }
7431 -
7432 - xid = get_xid();
7433 - if (tcon->unix_ext) {
7434 -- rc = cifs_get_inode_info_unix(&inode, "", sb, xid);
7435 -+ rc = cifs_get_inode_info_unix(&inode, path, sb, xid);
7436 - /* some servers mistakenly claim POSIX support */
7437 - if (rc != -EOPNOTSUPP)
7438 - goto iget_no_retry;
7439 -@@ -1013,7 +1029,8 @@ struct inode *cifs_root_iget(struct super_block *sb)
7440 - tcon->unix_ext = false;
7441 - }
7442 -
7443 -- rc = cifs_get_inode_info(&inode, "", NULL, sb, xid, NULL);
7444 -+ convert_delimiter(path, CIFS_DIR_SEP(cifs_sb));
7445 -+ rc = cifs_get_inode_info(&inode, path, NULL, sb, xid, NULL);
7446 -
7447 - iget_no_retry:
7448 - if (!inode) {
7449 -@@ -1042,6 +1059,7 @@ iget_no_retry:
7450 - }
7451 -
7452 - out:
7453 -+ kfree(path);
7454 - /* can not call macro free_xid here since in a void func
7455 - * TODO: This is no longer true
7456 - */
7457 -diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
7458 -index 3525ed7..505e6d6 100644
7459 ---- a/fs/cifs/smb2ops.c
7460 -+++ b/fs/cifs/smb2ops.c
7461 -@@ -1044,6 +1044,9 @@ smb2_new_lease_key(struct cifs_fid *fid)
7462 - get_random_bytes(fid->lease_key, SMB2_LEASE_KEY_SIZE);
7463 - }
7464 -
7465 -+#define SMB2_SYMLINK_STRUCT_SIZE \
7466 -+ (sizeof(struct smb2_err_rsp) - 1 + sizeof(struct smb2_symlink_err_rsp))
7467 -+
7468 - static int
7469 - smb2_query_symlink(const unsigned int xid, struct cifs_tcon *tcon,
7470 - const char *full_path, char **target_path,
7471 -@@ -1056,7 +1059,10 @@ smb2_query_symlink(const unsigned int xid, struct cifs_tcon *tcon,
7472 - struct cifs_fid fid;
7473 - struct smb2_err_rsp *err_buf = NULL;
7474 - struct smb2_symlink_err_rsp *symlink;
7475 -- unsigned int sub_len, sub_offset;
7476 -+ unsigned int sub_len;
7477 -+ unsigned int sub_offset;
7478 -+ unsigned int print_len;
7479 -+ unsigned int print_offset;
7480 -
7481 - cifs_dbg(FYI, "%s: path: %s\n", __func__, full_path);
7482 -
7483 -@@ -1077,11 +1083,33 @@ smb2_query_symlink(const unsigned int xid, struct cifs_tcon *tcon,
7484 - kfree(utf16_path);
7485 - return -ENOENT;
7486 - }
7487 -+
7488 -+ if (le32_to_cpu(err_buf->ByteCount) < sizeof(struct smb2_symlink_err_rsp) ||
7489 -+ get_rfc1002_length(err_buf) + 4 < SMB2_SYMLINK_STRUCT_SIZE) {
7490 -+ kfree(utf16_path);
7491 -+ return -ENOENT;
7492 -+ }
7493 -+
7494 - /* open must fail on symlink - reset rc */
7495 - rc = 0;
7496 - symlink = (struct smb2_symlink_err_rsp *)err_buf->ErrorData;
7497 - sub_len = le16_to_cpu(symlink->SubstituteNameLength);
7498 - sub_offset = le16_to_cpu(symlink->SubstituteNameOffset);
7499 -+ print_len = le16_to_cpu(symlink->PrintNameLength);
7500 -+ print_offset = le16_to_cpu(symlink->PrintNameOffset);
7501 -+
7502 -+ if (get_rfc1002_length(err_buf) + 4 <
7503 -+ SMB2_SYMLINK_STRUCT_SIZE + sub_offset + sub_len) {
7504 -+ kfree(utf16_path);
7505 -+ return -ENOENT;
7506 -+ }
7507 -+
7508 -+ if (get_rfc1002_length(err_buf) + 4 <
7509 -+ SMB2_SYMLINK_STRUCT_SIZE + print_offset + print_len) {
7510 -+ kfree(utf16_path);
7511 -+ return -ENOENT;
7512 -+ }
7513 -+
7514 - *target_path = cifs_strndup_from_utf16(
7515 - (char *)symlink->PathBuffer + sub_offset,
7516 - sub_len, true, cifs_sb->local_nls);
7517 -diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
7518 -index 7007809..78313ad 100644
7519 ---- a/fs/jbd2/commit.c
7520 -+++ b/fs/jbd2/commit.c
7521 -@@ -124,7 +124,7 @@ static int journal_submit_commit_record(journal_t *journal,
7522 - struct commit_header *tmp;
7523 - struct buffer_head *bh;
7524 - int ret;
7525 -- struct timespec now = current_kernel_time();
7526 -+ struct timespec64 now = current_kernel_time64();
7527 -
7528 - *cbh = NULL;
7529 -
7530 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
7531 -index ff416d0..7796bea 100644
7532 ---- a/fs/nfs/nfs4proc.c
7533 -+++ b/fs/nfs/nfs4proc.c
7534 -@@ -427,6 +427,7 @@ static int nfs4_do_handle_exception(struct nfs_server *server,
7535 - case -NFS4ERR_DELAY:
7536 - nfs_inc_server_stats(server, NFSIOS_DELAY);
7537 - case -NFS4ERR_GRACE:
7538 -+ case -NFS4ERR_LAYOUTTRYLATER:
7539 - case -NFS4ERR_RECALLCONFLICT:
7540 - exception->delay = 1;
7541 - return 0;
7542 -@@ -7869,11 +7870,13 @@ nfs4_layoutget_handle_exception(struct rpc_task *task,
7543 - struct inode *inode = lgp->args.inode;
7544 - struct nfs_server *server = NFS_SERVER(inode);
7545 - struct pnfs_layout_hdr *lo;
7546 -- int status = task->tk_status;
7547 -+ int nfs4err = task->tk_status;
7548 -+ int err, status = 0;
7549 -+ LIST_HEAD(head);
7550 -
7551 - dprintk("--> %s tk_status => %d\n", __func__, -task->tk_status);
7552 -
7553 -- switch (status) {
7554 -+ switch (nfs4err) {
7555 - case 0:
7556 - goto out;
7557 -
7558 -@@ -7905,45 +7908,43 @@ nfs4_layoutget_handle_exception(struct rpc_task *task,
7559 - status = -EOVERFLOW;
7560 - goto out;
7561 - }
7562 -- /* Fallthrough */
7563 -+ status = -EBUSY;
7564 -+ break;
7565 - case -NFS4ERR_RECALLCONFLICT:
7566 -- nfs4_handle_exception(server, -NFS4ERR_RECALLCONFLICT,
7567 -- exception);
7568 - status = -ERECALLCONFLICT;
7569 -- goto out;
7570 -+ break;
7571 - case -NFS4ERR_EXPIRED:
7572 - case -NFS4ERR_BAD_STATEID:
7573 - exception->timeout = 0;
7574 - spin_lock(&inode->i_lock);
7575 -- if (nfs4_stateid_match(&lgp->args.stateid,
7576 -+ lo = NFS_I(inode)->layout;
7577 -+ /* If the open stateid was bad, then recover it. */
7578 -+ if (!lo || test_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags) ||
7579 -+ nfs4_stateid_match_other(&lgp->args.stateid,
7580 - &lgp->args.ctx->state->stateid)) {
7581 - spin_unlock(&inode->i_lock);
7582 -- /* If the open stateid was bad, then recover it. */
7583 - exception->state = lgp->args.ctx->state;
7584 - break;
7585 - }
7586 -- lo = NFS_I(inode)->layout;
7587 -- if (lo && !test_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags) &&
7588 -- nfs4_stateid_match_other(&lgp->args.stateid, &lo->plh_stateid)) {
7589 -- LIST_HEAD(head);
7590 --
7591 -- /*
7592 -- * Mark the bad layout state as invalid, then retry
7593 -- * with the current stateid.
7594 -- */
7595 -- set_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags);
7596 -- pnfs_mark_matching_lsegs_invalid(lo, &head, NULL, 0);
7597 -- spin_unlock(&inode->i_lock);
7598 -- pnfs_free_lseg_list(&head);
7599 -- status = -EAGAIN;
7600 -- goto out;
7601 -- } else
7602 -- spin_unlock(&inode->i_lock);
7603 -- }
7604 -
7605 -- status = nfs4_handle_exception(server, status, exception);
7606 -- if (exception->retry)
7607 -+ /*
7608 -+ * Mark the bad layout state as invalid, then retry
7609 -+ */
7610 -+ set_bit(NFS_LAYOUT_INVALID_STID, &lo->plh_flags);
7611 -+ pnfs_mark_matching_lsegs_invalid(lo, &head, NULL, 0);
7612 -+ spin_unlock(&inode->i_lock);
7613 -+ pnfs_free_lseg_list(&head);
7614 - status = -EAGAIN;
7615 -+ goto out;
7616 -+ }
7617 -+
7618 -+ err = nfs4_handle_exception(server, nfs4err, exception);
7619 -+ if (!status) {
7620 -+ if (exception->retry)
7621 -+ status = -EAGAIN;
7622 -+ else
7623 -+ status = err;
7624 -+ }
7625 - out:
7626 - dprintk("<-- %s\n", __func__);
7627 - return status;
7628 -diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
7629 -index 0fbe734..7d99236 100644
7630 ---- a/fs/nfs/pnfs.c
7631 -+++ b/fs/nfs/pnfs.c
7632 -@@ -1505,7 +1505,7 @@ pnfs_update_layout(struct inode *ino,
7633 - struct pnfs_layout_segment *lseg = NULL;
7634 - nfs4_stateid stateid;
7635 - long timeout = 0;
7636 -- unsigned long giveup = jiffies + rpc_get_timeout(server->client);
7637 -+ unsigned long giveup = jiffies + (clp->cl_lease_time << 1);
7638 - bool first;
7639 -
7640 - if (!pnfs_enabled_sb(NFS_SERVER(ino))) {
7641 -@@ -1645,33 +1645,44 @@ lookup_again:
7642 - lseg = send_layoutget(lo, ctx, &stateid, &arg, &timeout, gfp_flags);
7643 - trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg,
7644 - PNFS_UPDATE_LAYOUT_SEND_LAYOUTGET);
7645 -+ atomic_dec(&lo->plh_outstanding);
7646 - if (IS_ERR(lseg)) {
7647 - switch(PTR_ERR(lseg)) {
7648 -- case -ERECALLCONFLICT:
7649 -+ case -EBUSY:
7650 - if (time_after(jiffies, giveup))
7651 - lseg = NULL;
7652 -- /* Fallthrough */
7653 -- case -EAGAIN:
7654 -- pnfs_put_layout_hdr(lo);
7655 -- if (first)
7656 -- pnfs_clear_first_layoutget(lo);
7657 -- if (lseg) {
7658 -- trace_pnfs_update_layout(ino, pos, count,
7659 -- iomode, lo, lseg, PNFS_UPDATE_LAYOUT_RETRY);
7660 -- goto lookup_again;
7661 -+ break;
7662 -+ case -ERECALLCONFLICT:
7663 -+ /* Huh? We hold no layouts, how is there a recall? */
7664 -+ if (first) {
7665 -+ lseg = NULL;
7666 -+ break;
7667 - }
7668 -+ /* Destroy the existing layout and start over */
7669 -+ if (time_after(jiffies, giveup))
7670 -+ pnfs_destroy_layout(NFS_I(ino));
7671 - /* Fallthrough */
7672 -+ case -EAGAIN:
7673 -+ break;
7674 - default:
7675 - if (!nfs_error_is_fatal(PTR_ERR(lseg))) {
7676 - pnfs_layout_clear_fail_bit(lo, pnfs_iomode_to_fail_bit(iomode));
7677 - lseg = NULL;
7678 - }
7679 -+ goto out_put_layout_hdr;
7680 -+ }
7681 -+ if (lseg) {
7682 -+ if (first)
7683 -+ pnfs_clear_first_layoutget(lo);
7684 -+ trace_pnfs_update_layout(ino, pos, count,
7685 -+ iomode, lo, lseg, PNFS_UPDATE_LAYOUT_RETRY);
7686 -+ pnfs_put_layout_hdr(lo);
7687 -+ goto lookup_again;
7688 - }
7689 - } else {
7690 - pnfs_layout_clear_fail_bit(lo, pnfs_iomode_to_fail_bit(iomode));
7691 - }
7692 -
7693 -- atomic_dec(&lo->plh_outstanding);
7694 - out_put_layout_hdr:
7695 - if (first)
7696 - pnfs_clear_first_layoutget(lo);
7697 -diff --git a/fs/nfs/write.c b/fs/nfs/write.c
7698 -index e1c74d3..649fa5e 100644
7699 ---- a/fs/nfs/write.c
7700 -+++ b/fs/nfs/write.c
7701 -@@ -1289,6 +1289,9 @@ int nfs_updatepage(struct file *file, struct page *page,
7702 - dprintk("NFS: nfs_updatepage(%pD2 %d@%lld)\n",
7703 - file, count, (long long)(page_file_offset(page) + offset));
7704 -
7705 -+ if (!count)
7706 -+ goto out;
7707 -+
7708 - if (nfs_can_extend_write(file, page, inode)) {
7709 - count = max(count + offset, nfs_page_length(page));
7710 - offset = 0;
7711 -@@ -1299,7 +1302,7 @@ int nfs_updatepage(struct file *file, struct page *page,
7712 - nfs_set_pageerror(page);
7713 - else
7714 - __set_page_dirty_nobuffers(page);
7715 --
7716 -+out:
7717 - dprintk("NFS: nfs_updatepage returns %d (isize %lld)\n",
7718 - status, (long long)i_size_read(inode));
7719 - return status;
7720 -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
7721 -index 70d0b9b..806eda1 100644
7722 ---- a/fs/nfsd/nfs4state.c
7723 -+++ b/fs/nfsd/nfs4state.c
7724 -@@ -4906,6 +4906,32 @@ nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7725 - return nfs_ok;
7726 - }
7727 -
7728 -+static __be32
7729 -+nfsd4_free_lock_stateid(stateid_t *stateid, struct nfs4_stid *s)
7730 -+{
7731 -+ struct nfs4_ol_stateid *stp = openlockstateid(s);
7732 -+ __be32 ret;
7733 -+
7734 -+ mutex_lock(&stp->st_mutex);
7735 -+
7736 -+ ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
7737 -+ if (ret)
7738 -+ goto out;
7739 -+
7740 -+ ret = nfserr_locks_held;
7741 -+ if (check_for_locks(stp->st_stid.sc_file,
7742 -+ lockowner(stp->st_stateowner)))
7743 -+ goto out;
7744 -+
7745 -+ release_lock_stateid(stp);
7746 -+ ret = nfs_ok;
7747 -+
7748 -+out:
7749 -+ mutex_unlock(&stp->st_mutex);
7750 -+ nfs4_put_stid(s);
7751 -+ return ret;
7752 -+}
7753 -+
7754 - __be32
7755 - nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7756 - struct nfsd4_free_stateid *free_stateid)
7757 -@@ -4913,7 +4939,6 @@ nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7758 - stateid_t *stateid = &free_stateid->fr_stateid;
7759 - struct nfs4_stid *s;
7760 - struct nfs4_delegation *dp;
7761 -- struct nfs4_ol_stateid *stp;
7762 - struct nfs4_client *cl = cstate->session->se_client;
7763 - __be32 ret = nfserr_bad_stateid;
7764 -
7765 -@@ -4932,18 +4957,9 @@ nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7766 - ret = nfserr_locks_held;
7767 - break;
7768 - case NFS4_LOCK_STID:
7769 -- ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
7770 -- if (ret)
7771 -- break;
7772 -- stp = openlockstateid(s);
7773 -- ret = nfserr_locks_held;
7774 -- if (check_for_locks(stp->st_stid.sc_file,
7775 -- lockowner(stp->st_stateowner)))
7776 -- break;
7777 -- WARN_ON(!unhash_lock_stateid(stp));
7778 -+ atomic_inc(&s->sc_count);
7779 - spin_unlock(&cl->cl_lock);
7780 -- nfs4_put_stid(s);
7781 -- ret = nfs_ok;
7782 -+ ret = nfsd4_free_lock_stateid(stateid, s);
7783 - goto out;
7784 - case NFS4_REVOKED_DELEG_STID:
7785 - dp = delegstateid(s);
7786 -@@ -5510,7 +5526,7 @@ static __be32
7787 - lookup_or_create_lock_state(struct nfsd4_compound_state *cstate,
7788 - struct nfs4_ol_stateid *ost,
7789 - struct nfsd4_lock *lock,
7790 -- struct nfs4_ol_stateid **lst, bool *new)
7791 -+ struct nfs4_ol_stateid **plst, bool *new)
7792 - {
7793 - __be32 status;
7794 - struct nfs4_file *fi = ost->st_stid.sc_file;
7795 -@@ -5518,7 +5534,9 @@ lookup_or_create_lock_state(struct nfsd4_compound_state *cstate,
7796 - struct nfs4_client *cl = oo->oo_owner.so_client;
7797 - struct inode *inode = d_inode(cstate->current_fh.fh_dentry);
7798 - struct nfs4_lockowner *lo;
7799 -+ struct nfs4_ol_stateid *lst;
7800 - unsigned int strhashval;
7801 -+ bool hashed;
7802 -
7803 - lo = find_lockowner_str(cl, &lock->lk_new_owner);
7804 - if (!lo) {
7805 -@@ -5534,12 +5552,27 @@ lookup_or_create_lock_state(struct nfsd4_compound_state *cstate,
7806 - goto out;
7807 - }
7808 -
7809 -- *lst = find_or_create_lock_stateid(lo, fi, inode, ost, new);
7810 -- if (*lst == NULL) {
7811 -+retry:
7812 -+ lst = find_or_create_lock_stateid(lo, fi, inode, ost, new);
7813 -+ if (lst == NULL) {
7814 - status = nfserr_jukebox;
7815 - goto out;
7816 - }
7817 -+
7818 -+ mutex_lock(&lst->st_mutex);
7819 -+
7820 -+ /* See if it's still hashed to avoid race with FREE_STATEID */
7821 -+ spin_lock(&cl->cl_lock);
7822 -+ hashed = !list_empty(&lst->st_perfile);
7823 -+ spin_unlock(&cl->cl_lock);
7824 -+
7825 -+ if (!hashed) {
7826 -+ mutex_unlock(&lst->st_mutex);
7827 -+ nfs4_put_stid(&lst->st_stid);
7828 -+ goto retry;
7829 -+ }
7830 - status = nfs_ok;
7831 -+ *plst = lst;
7832 - out:
7833 - nfs4_put_stateowner(&lo->lo_owner);
7834 - return status;
7835 -@@ -5606,8 +5639,6 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
7836 - goto out;
7837 - status = lookup_or_create_lock_state(cstate, open_stp, lock,
7838 - &lock_stp, &new);
7839 -- if (status == nfs_ok)
7840 -- mutex_lock(&lock_stp->st_mutex);
7841 - } else {
7842 - status = nfs4_preprocess_seqid_op(cstate,
7843 - lock->lk_old_lock_seqid,
7844 -diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
7845 -index 9a7693d..6db75cb 100644
7846 ---- a/fs/overlayfs/super.c
7847 -+++ b/fs/overlayfs/super.c
7848 -@@ -404,7 +404,8 @@ static struct ovl_entry *ovl_alloc_entry(unsigned int numlower)
7849 - static bool ovl_dentry_remote(struct dentry *dentry)
7850 - {
7851 - return dentry->d_flags &
7852 -- (DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE);
7853 -+ (DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE |
7854 -+ DCACHE_OP_REAL);
7855 - }
7856 -
7857 - static bool ovl_dentry_weird(struct dentry *dentry)
7858 -diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
7859 -index 4c463b9..a36a5a4 100644
7860 ---- a/fs/xfs/xfs_aops.c
7861 -+++ b/fs/xfs/xfs_aops.c
7862 -@@ -87,6 +87,12 @@ xfs_find_bdev_for_inode(
7863 - * We're now finished for good with this page. Update the page state via the
7864 - * associated buffer_heads, paying attention to the start and end offsets that
7865 - * we need to process on the page.
7866 -+ *
7867 -+ * Landmine Warning: bh->b_end_io() will call end_page_writeback() on the last
7868 -+ * buffer in the IO. Once it does this, it is unsafe to access the bufferhead or
7869 -+ * the page at all, as we may be racing with memory reclaim and it can free both
7870 -+ * the bufferhead chain and the page as it will see the page as clean and
7871 -+ * unused.
7872 - */
7873 - static void
7874 - xfs_finish_page_writeback(
7875 -@@ -95,8 +101,9 @@ xfs_finish_page_writeback(
7876 - int error)
7877 - {
7878 - unsigned int end = bvec->bv_offset + bvec->bv_len - 1;
7879 -- struct buffer_head *head, *bh;
7880 -+ struct buffer_head *head, *bh, *next;
7881 - unsigned int off = 0;
7882 -+ unsigned int bsize;
7883 -
7884 - ASSERT(bvec->bv_offset < PAGE_SIZE);
7885 - ASSERT((bvec->bv_offset & ((1 << inode->i_blkbits) - 1)) == 0);
7886 -@@ -105,15 +112,17 @@ xfs_finish_page_writeback(
7887 -
7888 - bh = head = page_buffers(bvec->bv_page);
7889 -
7890 -+ bsize = bh->b_size;
7891 - do {
7892 -+ next = bh->b_this_page;
7893 - if (off < bvec->bv_offset)
7894 - goto next_bh;
7895 - if (off > end)
7896 - break;
7897 - bh->b_end_io(bh, !error);
7898 - next_bh:
7899 -- off += bh->b_size;
7900 -- } while ((bh = bh->b_this_page) != head);
7901 -+ off += bsize;
7902 -+ } while ((bh = next) != head);
7903 - }
7904 -
7905 - /*
7906 -diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h
7907 -index 3f10307..c357f27 100644
7908 ---- a/include/linux/backing-dev-defs.h
7909 -+++ b/include/linux/backing-dev-defs.h
7910 -@@ -163,6 +163,7 @@ struct backing_dev_info {
7911 - wait_queue_head_t wb_waitq;
7912 -
7913 - struct device *dev;
7914 -+ struct device *owner;
7915 -
7916 - struct timer_list laptop_mode_wb_timer;
7917 -
7918 -diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
7919 -index c82794f..89d3de3 100644
7920 ---- a/include/linux/backing-dev.h
7921 -+++ b/include/linux/backing-dev.h
7922 -@@ -24,6 +24,7 @@ __printf(3, 4)
7923 - int bdi_register(struct backing_dev_info *bdi, struct device *parent,
7924 - const char *fmt, ...);
7925 - int bdi_register_dev(struct backing_dev_info *bdi, dev_t dev);
7926 -+int bdi_register_owner(struct backing_dev_info *bdi, struct device *owner);
7927 - void bdi_unregister(struct backing_dev_info *bdi);
7928 -
7929 - int __must_check bdi_setup_and_register(struct backing_dev_info *, char *);
7930 -diff --git a/include/linux/bio.h b/include/linux/bio.h
7931 -index 9faebf7..75fadd2 100644
7932 ---- a/include/linux/bio.h
7933 -+++ b/include/linux/bio.h
7934 -@@ -527,11 +527,14 @@ extern unsigned int bvec_nr_vecs(unsigned short idx);
7935 - int bio_associate_blkcg(struct bio *bio, struct cgroup_subsys_state *blkcg_css);
7936 - int bio_associate_current(struct bio *bio);
7937 - void bio_disassociate_task(struct bio *bio);
7938 -+void bio_clone_blkcg_association(struct bio *dst, struct bio *src);
7939 - #else /* CONFIG_BLK_CGROUP */
7940 - static inline int bio_associate_blkcg(struct bio *bio,
7941 - struct cgroup_subsys_state *blkcg_css) { return 0; }
7942 - static inline int bio_associate_current(struct bio *bio) { return -ENOENT; }
7943 - static inline void bio_disassociate_task(struct bio *bio) { }
7944 -+static inline void bio_clone_blkcg_association(struct bio *dst,
7945 -+ struct bio *src) { }
7946 - #endif /* CONFIG_BLK_CGROUP */
7947 -
7948 - #ifdef CONFIG_HIGHMEM
7949 -diff --git a/include/linux/mlx5/qp.h b/include/linux/mlx5/qp.h
7950 -index ab31081..7879bf4 100644
7951 ---- a/include/linux/mlx5/qp.h
7952 -+++ b/include/linux/mlx5/qp.h
7953 -@@ -556,9 +556,9 @@ struct mlx5_destroy_qp_mbox_out {
7954 - struct mlx5_modify_qp_mbox_in {
7955 - struct mlx5_inbox_hdr hdr;
7956 - __be32 qpn;
7957 -- u8 rsvd1[4];
7958 -- __be32 optparam;
7959 - u8 rsvd0[4];
7960 -+ __be32 optparam;
7961 -+ u8 rsvd1[4];
7962 - struct mlx5_qp_context ctx;
7963 - u8 rsvd2[16];
7964 - };
7965 -diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
7966 -index 7e440d4..e694f02 100644
7967 ---- a/include/rdma/ib_verbs.h
7968 -+++ b/include/rdma/ib_verbs.h
7969 -@@ -1428,6 +1428,10 @@ struct ib_srq {
7970 - } ext;
7971 - };
7972 -
7973 -+/*
7974 -+ * @max_write_sge: Maximum SGE elements per RDMA WRITE request.
7975 -+ * @max_read_sge: Maximum SGE elements per RDMA READ request.
7976 -+ */
7977 - struct ib_qp {
7978 - struct ib_device *device;
7979 - struct ib_pd *pd;
7980 -@@ -1449,6 +1453,8 @@ struct ib_qp {
7981 - void (*event_handler)(struct ib_event *, void *);
7982 - void *qp_context;
7983 - u32 qp_num;
7984 -+ u32 max_write_sge;
7985 -+ u32 max_read_sge;
7986 - enum ib_qp_type qp_type;
7987 - };
7988 -
7989 -diff --git a/include/target/target_core_backend.h b/include/target/target_core_backend.h
7990 -index d8ab510..f6f3bc5 100644
7991 ---- a/include/target/target_core_backend.h
7992 -+++ b/include/target/target_core_backend.h
7993 -@@ -95,6 +95,6 @@ sense_reason_t passthrough_parse_cdb(struct se_cmd *cmd,
7994 - bool target_sense_desc_format(struct se_device *dev);
7995 - sector_t target_to_linux_sector(struct se_device *dev, sector_t lb);
7996 - bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
7997 -- struct request_queue *q, int block_size);
7998 -+ struct request_queue *q);
7999 -
8000 - #endif /* TARGET_CORE_BACKEND_H */
8001 -diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
8002 -index b316b44..fb8e3b6 100644
8003 ---- a/include/target/target_core_base.h
8004 -+++ b/include/target/target_core_base.h
8005 -@@ -142,6 +142,7 @@ enum se_cmd_flags_table {
8006 - SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC = 0x00200000,
8007 - SCF_ACK_KREF = 0x00400000,
8008 - SCF_USE_CPUID = 0x00800000,
8009 -+ SCF_TASK_ATTR_SET = 0x01000000,
8010 - };
8011 -
8012 - /*
8013 -diff --git a/include/target/target_core_fabric.h b/include/target/target_core_fabric.h
8014 -index de44462..5cd6faa 100644
8015 ---- a/include/target/target_core_fabric.h
8016 -+++ b/include/target/target_core_fabric.h
8017 -@@ -163,7 +163,6 @@ int core_tmr_alloc_req(struct se_cmd *, void *, u8, gfp_t);
8018 - void core_tmr_release_req(struct se_tmr_req *);
8019 - int transport_generic_handle_tmr(struct se_cmd *);
8020 - void transport_generic_request_failure(struct se_cmd *, sense_reason_t);
8021 --void __target_execute_cmd(struct se_cmd *);
8022 - int transport_lookup_tmr_lun(struct se_cmd *, u64);
8023 - void core_allocate_nexus_loss_ua(struct se_node_acl *acl);
8024 -
8025 -diff --git a/include/trace/events/sunrpc.h b/include/trace/events/sunrpc.h
8026 -index 003dca9..5664ca0 100644
8027 ---- a/include/trace/events/sunrpc.h
8028 -+++ b/include/trace/events/sunrpc.h
8029 -@@ -529,20 +529,27 @@ TRACE_EVENT(svc_xprt_do_enqueue,
8030 -
8031 - TP_STRUCT__entry(
8032 - __field(struct svc_xprt *, xprt)
8033 -- __field_struct(struct sockaddr_storage, ss)
8034 - __field(int, pid)
8035 - __field(unsigned long, flags)
8036 -+ __dynamic_array(unsigned char, addr, xprt != NULL ?
8037 -+ xprt->xpt_remotelen : 0)
8038 - ),
8039 -
8040 - TP_fast_assign(
8041 - __entry->xprt = xprt;
8042 -- xprt ? memcpy(&__entry->ss, &xprt->xpt_remote, sizeof(__entry->ss)) : memset(&__entry->ss, 0, sizeof(__entry->ss));
8043 - __entry->pid = rqst? rqst->rq_task->pid : 0;
8044 -- __entry->flags = xprt ? xprt->xpt_flags : 0;
8045 -+ if (xprt) {
8046 -+ memcpy(__get_dynamic_array(addr),
8047 -+ &xprt->xpt_remote,
8048 -+ xprt->xpt_remotelen);
8049 -+ __entry->flags = xprt->xpt_flags;
8050 -+ } else
8051 -+ __entry->flags = 0;
8052 - ),
8053 -
8054 - TP_printk("xprt=0x%p addr=%pIScp pid=%d flags=%s", __entry->xprt,
8055 -- (struct sockaddr *)&__entry->ss,
8056 -+ __get_dynamic_array_len(addr) != 0 ?
8057 -+ (struct sockaddr *)__get_dynamic_array(addr) : NULL,
8058 - __entry->pid, show_svc_xprt_flags(__entry->flags))
8059 - );
8060 -
8061 -@@ -553,18 +560,25 @@ TRACE_EVENT(svc_xprt_dequeue,
8062 -
8063 - TP_STRUCT__entry(
8064 - __field(struct svc_xprt *, xprt)
8065 -- __field_struct(struct sockaddr_storage, ss)
8066 - __field(unsigned long, flags)
8067 -+ __dynamic_array(unsigned char, addr, xprt != NULL ?
8068 -+ xprt->xpt_remotelen : 0)
8069 - ),
8070 -
8071 - TP_fast_assign(
8072 -- __entry->xprt = xprt,
8073 -- xprt ? memcpy(&__entry->ss, &xprt->xpt_remote, sizeof(__entry->ss)) : memset(&__entry->ss, 0, sizeof(__entry->ss));
8074 -- __entry->flags = xprt ? xprt->xpt_flags : 0;
8075 -+ __entry->xprt = xprt;
8076 -+ if (xprt) {
8077 -+ memcpy(__get_dynamic_array(addr),
8078 -+ &xprt->xpt_remote,
8079 -+ xprt->xpt_remotelen);
8080 -+ __entry->flags = xprt->xpt_flags;
8081 -+ } else
8082 -+ __entry->flags = 0;
8083 - ),
8084 -
8085 - TP_printk("xprt=0x%p addr=%pIScp flags=%s", __entry->xprt,
8086 -- (struct sockaddr *)&__entry->ss,
8087 -+ __get_dynamic_array_len(addr) != 0 ?
8088 -+ (struct sockaddr *)__get_dynamic_array(addr) : NULL,
8089 - show_svc_xprt_flags(__entry->flags))
8090 - );
8091 -
8092 -@@ -592,19 +606,26 @@ TRACE_EVENT(svc_handle_xprt,
8093 - TP_STRUCT__entry(
8094 - __field(struct svc_xprt *, xprt)
8095 - __field(int, len)
8096 -- __field_struct(struct sockaddr_storage, ss)
8097 - __field(unsigned long, flags)
8098 -+ __dynamic_array(unsigned char, addr, xprt != NULL ?
8099 -+ xprt->xpt_remotelen : 0)
8100 - ),
8101 -
8102 - TP_fast_assign(
8103 - __entry->xprt = xprt;
8104 -- xprt ? memcpy(&__entry->ss, &xprt->xpt_remote, sizeof(__entry->ss)) : memset(&__entry->ss, 0, sizeof(__entry->ss));
8105 - __entry->len = len;
8106 -- __entry->flags = xprt ? xprt->xpt_flags : 0;
8107 -+ if (xprt) {
8108 -+ memcpy(__get_dynamic_array(addr),
8109 -+ &xprt->xpt_remote,
8110 -+ xprt->xpt_remotelen);
8111 -+ __entry->flags = xprt->xpt_flags;
8112 -+ } else
8113 -+ __entry->flags = 0;
8114 - ),
8115 -
8116 - TP_printk("xprt=0x%p addr=%pIScp len=%d flags=%s", __entry->xprt,
8117 -- (struct sockaddr *)&__entry->ss,
8118 -+ __get_dynamic_array_len(addr) != 0 ?
8119 -+ (struct sockaddr *)__get_dynamic_array(addr) : NULL,
8120 - __entry->len, show_svc_xprt_flags(__entry->flags))
8121 - );
8122 - #endif /* _TRACE_SUNRPC_H */
8123 -diff --git a/kernel/auditsc.c b/kernel/auditsc.c
8124 -index 2672d10..b334128 100644
8125 ---- a/kernel/auditsc.c
8126 -+++ b/kernel/auditsc.c
8127 -@@ -72,6 +72,7 @@
8128 - #include <linux/compat.h>
8129 - #include <linux/ctype.h>
8130 - #include <linux/string.h>
8131 -+#include <linux/uaccess.h>
8132 - #include <uapi/linux/limits.h>
8133 -
8134 - #include "audit.h"
8135 -@@ -81,7 +82,8 @@
8136 - #define AUDITSC_SUCCESS 1
8137 - #define AUDITSC_FAILURE 2
8138 -
8139 --/* no execve audit message should be longer than this (userspace limits) */
8140 -+/* no execve audit message should be longer than this (userspace limits),
8141 -+ * see the note near the top of audit_log_execve_info() about this value */
8142 - #define MAX_EXECVE_AUDIT_LEN 7500
8143 -
8144 - /* max length to print of cmdline/proctitle value during audit */
8145 -@@ -987,184 +989,178 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
8146 - return rc;
8147 - }
8148 -
8149 --/*
8150 -- * to_send and len_sent accounting are very loose estimates. We aren't
8151 -- * really worried about a hard cap to MAX_EXECVE_AUDIT_LEN so much as being
8152 -- * within about 500 bytes (next page boundary)
8153 -- *
8154 -- * why snprintf? an int is up to 12 digits long. if we just assumed when
8155 -- * logging that a[%d]= was going to be 16 characters long we would be wasting
8156 -- * space in every audit message. In one 7500 byte message we can log up to
8157 -- * about 1000 min size arguments. That comes down to about 50% waste of space
8158 -- * if we didn't do the snprintf to find out how long arg_num_len was.
8159 -- */
8160 --static int audit_log_single_execve_arg(struct audit_context *context,
8161 -- struct audit_buffer **ab,
8162 -- int arg_num,
8163 -- size_t *len_sent,
8164 -- const char __user *p,
8165 -- char *buf)
8166 -+static void audit_log_execve_info(struct audit_context *context,
8167 -+ struct audit_buffer **ab)
8168 - {
8169 -- char arg_num_len_buf[12];
8170 -- const char __user *tmp_p = p;
8171 -- /* how many digits are in arg_num? 5 is the length of ' a=""' */
8172 -- size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 5;
8173 -- size_t len, len_left, to_send;
8174 -- size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN;
8175 -- unsigned int i, has_cntl = 0, too_long = 0;
8176 -- int ret;
8177 --
8178 -- /* strnlen_user includes the null we don't want to send */
8179 -- len_left = len = strnlen_user(p, MAX_ARG_STRLEN) - 1;
8180 --
8181 -- /*
8182 -- * We just created this mm, if we can't find the strings
8183 -- * we just copied into it something is _very_ wrong. Similar
8184 -- * for strings that are too long, we should not have created
8185 -- * any.
8186 -- */
8187 -- if (WARN_ON_ONCE(len < 0 || len > MAX_ARG_STRLEN - 1)) {
8188 -- send_sig(SIGKILL, current, 0);
8189 -- return -1;
8190 -+ long len_max;
8191 -+ long len_rem;
8192 -+ long len_full;
8193 -+ long len_buf;
8194 -+ long len_abuf;
8195 -+ long len_tmp;
8196 -+ bool require_data;
8197 -+ bool encode;
8198 -+ unsigned int iter;
8199 -+ unsigned int arg;
8200 -+ char *buf_head;
8201 -+ char *buf;
8202 -+ const char __user *p = (const char __user *)current->mm->arg_start;
8203 -+
8204 -+ /* NOTE: this buffer needs to be large enough to hold all the non-arg
8205 -+ * data we put in the audit record for this argument (see the
8206 -+ * code below) ... at this point in time 96 is plenty */
8207 -+ char abuf[96];
8208 -+
8209 -+ /* NOTE: we set MAX_EXECVE_AUDIT_LEN to a rather arbitrary limit, the
8210 -+ * current value of 7500 is not as important as the fact that it
8211 -+ * is less than 8k, a setting of 7500 gives us plenty of wiggle
8212 -+ * room if we go over a little bit in the logging below */
8213 -+ WARN_ON_ONCE(MAX_EXECVE_AUDIT_LEN > 7500);
8214 -+ len_max = MAX_EXECVE_AUDIT_LEN;
8215 -+
8216 -+ /* scratch buffer to hold the userspace args */
8217 -+ buf_head = kmalloc(MAX_EXECVE_AUDIT_LEN + 1, GFP_KERNEL);
8218 -+ if (!buf_head) {
8219 -+ audit_panic("out of memory for argv string");
8220 -+ return;
8221 - }
8222 -+ buf = buf_head;
8223 -
8224 -- /* walk the whole argument looking for non-ascii chars */
8225 -+ audit_log_format(*ab, "argc=%d", context->execve.argc);
8226 -+
8227 -+ len_rem = len_max;
8228 -+ len_buf = 0;
8229 -+ len_full = 0;
8230 -+ require_data = true;
8231 -+ encode = false;
8232 -+ iter = 0;
8233 -+ arg = 0;
8234 - do {
8235 -- if (len_left > MAX_EXECVE_AUDIT_LEN)
8236 -- to_send = MAX_EXECVE_AUDIT_LEN;
8237 -- else
8238 -- to_send = len_left;
8239 -- ret = copy_from_user(buf, tmp_p, to_send);
8240 -- /*
8241 -- * There is no reason for this copy to be short. We just
8242 -- * copied them here, and the mm hasn't been exposed to user-
8243 -- * space yet.
8244 -- */
8245 -- if (ret) {
8246 -- WARN_ON(1);
8247 -- send_sig(SIGKILL, current, 0);
8248 -- return -1;
8249 -- }
8250 -- buf[to_send] = '\0';
8251 -- has_cntl = audit_string_contains_control(buf, to_send);
8252 -- if (has_cntl) {
8253 -- /*
8254 -- * hex messages get logged as 2 bytes, so we can only
8255 -- * send half as much in each message
8256 -- */
8257 -- max_execve_audit_len = MAX_EXECVE_AUDIT_LEN / 2;
8258 -- break;
8259 -- }
8260 -- len_left -= to_send;
8261 -- tmp_p += to_send;
8262 -- } while (len_left > 0);
8263 --
8264 -- len_left = len;
8265 --
8266 -- if (len > max_execve_audit_len)
8267 -- too_long = 1;
8268 --
8269 -- /* rewalk the argument actually logging the message */
8270 -- for (i = 0; len_left > 0; i++) {
8271 -- int room_left;
8272 --
8273 -- if (len_left > max_execve_audit_len)
8274 -- to_send = max_execve_audit_len;
8275 -- else
8276 -- to_send = len_left;
8277 --
8278 -- /* do we have space left to send this argument in this ab? */
8279 -- room_left = MAX_EXECVE_AUDIT_LEN - arg_num_len - *len_sent;
8280 -- if (has_cntl)
8281 -- room_left -= (to_send * 2);
8282 -- else
8283 -- room_left -= to_send;
8284 -- if (room_left < 0) {
8285 -- *len_sent = 0;
8286 -- audit_log_end(*ab);
8287 -- *ab = audit_log_start(context, GFP_KERNEL, AUDIT_EXECVE);
8288 -- if (!*ab)
8289 -- return 0;
8290 -- }
8291 -+ /* NOTE: we don't ever want to trust this value for anything
8292 -+ * serious, but the audit record format insists we
8293 -+ * provide an argument length for really long arguments,
8294 -+ * e.g. > MAX_EXECVE_AUDIT_LEN, so we have no choice but
8295 -+ * to use strncpy_from_user() to obtain this value for
8296 -+ * recording in the log, although we don't use it
8297 -+ * anywhere here to avoid a double-fetch problem */
8298 -+ if (len_full == 0)
8299 -+ len_full = strnlen_user(p, MAX_ARG_STRLEN) - 1;
8300 -+
8301 -+ /* read more data from userspace */
8302 -+ if (require_data) {
8303 -+ /* can we make more room in the buffer? */
8304 -+ if (buf != buf_head) {
8305 -+ memmove(buf_head, buf, len_buf);
8306 -+ buf = buf_head;
8307 -+ }
8308 -+
8309 -+ /* fetch as much as we can of the argument */
8310 -+ len_tmp = strncpy_from_user(&buf_head[len_buf], p,
8311 -+ len_max - len_buf);
8312 -+ if (len_tmp == -EFAULT) {
8313 -+ /* unable to copy from userspace */
8314 -+ send_sig(SIGKILL, current, 0);
8315 -+ goto out;
8316 -+ } else if (len_tmp == (len_max - len_buf)) {
8317 -+ /* buffer is not large enough */
8318 -+ require_data = true;
8319 -+ /* NOTE: if we are going to span multiple
8320 -+ * buffers force the encoding so we stand
8321 -+ * a chance at a sane len_full value and
8322 -+ * consistent record encoding */
8323 -+ encode = true;
8324 -+ len_full = len_full * 2;
8325 -+ p += len_tmp;
8326 -+ } else {
8327 -+ require_data = false;
8328 -+ if (!encode)
8329 -+ encode = audit_string_contains_control(
8330 -+ buf, len_tmp);
8331 -+ /* try to use a trusted value for len_full */
8332 -+ if (len_full < len_max)
8333 -+ len_full = (encode ?
8334 -+ len_tmp * 2 : len_tmp);
8335 -+ p += len_tmp + 1;
8336 -+ }
8337 -+ len_buf += len_tmp;
8338 -+ buf_head[len_buf] = '\0';
8339 -
8340 -- /*
8341 -- * first record needs to say how long the original string was
8342 -- * so we can be sure nothing was lost.
8343 -- */
8344 -- if ((i == 0) && (too_long))
8345 -- audit_log_format(*ab, " a%d_len=%zu", arg_num,
8346 -- has_cntl ? 2*len : len);
8347 --
8348 -- /*
8349 -- * normally arguments are small enough to fit and we already
8350 -- * filled buf above when we checked for control characters
8351 -- * so don't bother with another copy_from_user
8352 -- */
8353 -- if (len >= max_execve_audit_len)
8354 -- ret = copy_from_user(buf, p, to_send);
8355 -- else
8356 -- ret = 0;
8357 -- if (ret) {
8358 -- WARN_ON(1);
8359 -- send_sig(SIGKILL, current, 0);
8360 -- return -1;
8361 -+ /* length of the buffer in the audit record? */
8362 -+ len_abuf = (encode ? len_buf * 2 : len_buf + 2);
8363 - }
8364 -- buf[to_send] = '\0';
8365 --
8366 -- /* actually log it */
8367 -- audit_log_format(*ab, " a%d", arg_num);
8368 -- if (too_long)
8369 -- audit_log_format(*ab, "[%d]", i);
8370 -- audit_log_format(*ab, "=");
8371 -- if (has_cntl)
8372 -- audit_log_n_hex(*ab, buf, to_send);
8373 -- else
8374 -- audit_log_string(*ab, buf);
8375 --
8376 -- p += to_send;
8377 -- len_left -= to_send;
8378 -- *len_sent += arg_num_len;
8379 -- if (has_cntl)
8380 -- *len_sent += to_send * 2;
8381 -- else
8382 -- *len_sent += to_send;
8383 -- }
8384 -- /* include the null we didn't log */
8385 -- return len + 1;
8386 --}
8387 -
8388 --static void audit_log_execve_info(struct audit_context *context,
8389 -- struct audit_buffer **ab)
8390 --{
8391 -- int i, len;
8392 -- size_t len_sent = 0;
8393 -- const char __user *p;
8394 -- char *buf;
8395 -+ /* write as much as we can to the audit log */
8396 -+ if (len_buf > 0) {
8397 -+ /* NOTE: some magic numbers here - basically if we
8398 -+ * can't fit a reasonable amount of data into the
8399 -+ * existing audit buffer, flush it and start with
8400 -+ * a new buffer */
8401 -+ if ((sizeof(abuf) + 8) > len_rem) {
8402 -+ len_rem = len_max;
8403 -+ audit_log_end(*ab);
8404 -+ *ab = audit_log_start(context,
8405 -+ GFP_KERNEL, AUDIT_EXECVE);
8406 -+ if (!*ab)
8407 -+ goto out;
8408 -+ }
8409 -
8410 -- p = (const char __user *)current->mm->arg_start;
8411 -+ /* create the non-arg portion of the arg record */
8412 -+ len_tmp = 0;
8413 -+ if (require_data || (iter > 0) ||
8414 -+ ((len_abuf + sizeof(abuf)) > len_rem)) {
8415 -+ if (iter == 0) {
8416 -+ len_tmp += snprintf(&abuf[len_tmp],
8417 -+ sizeof(abuf) - len_tmp,
8418 -+ " a%d_len=%lu",
8419 -+ arg, len_full);
8420 -+ }
8421 -+ len_tmp += snprintf(&abuf[len_tmp],
8422 -+ sizeof(abuf) - len_tmp,
8423 -+ " a%d[%d]=", arg, iter++);
8424 -+ } else
8425 -+ len_tmp += snprintf(&abuf[len_tmp],
8426 -+ sizeof(abuf) - len_tmp,
8427 -+ " a%d=", arg);
8428 -+ WARN_ON(len_tmp >= sizeof(abuf));
8429 -+ abuf[sizeof(abuf) - 1] = '\0';
8430 -+
8431 -+ /* log the arg in the audit record */
8432 -+ audit_log_format(*ab, "%s", abuf);
8433 -+ len_rem -= len_tmp;
8434 -+ len_tmp = len_buf;
8435 -+ if (encode) {
8436 -+ if (len_abuf > len_rem)
8437 -+ len_tmp = len_rem / 2; /* encoding */
8438 -+ audit_log_n_hex(*ab, buf, len_tmp);
8439 -+ len_rem -= len_tmp * 2;
8440 -+ len_abuf -= len_tmp * 2;
8441 -+ } else {
8442 -+ if (len_abuf > len_rem)
8443 -+ len_tmp = len_rem - 2; /* quotes */
8444 -+ audit_log_n_string(*ab, buf, len_tmp);
8445 -+ len_rem -= len_tmp + 2;
8446 -+ /* don't subtract the "2" because we still need
8447 -+ * to add quotes to the remaining string */
8448 -+ len_abuf -= len_tmp;
8449 -+ }
8450 -+ len_buf -= len_tmp;
8451 -+ buf += len_tmp;
8452 -+ }
8453 -
8454 -- audit_log_format(*ab, "argc=%d", context->execve.argc);
8455 -+ /* ready to move to the next argument? */
8456 -+ if ((len_buf == 0) && !require_data) {
8457 -+ arg++;
8458 -+ iter = 0;
8459 -+ len_full = 0;
8460 -+ require_data = true;
8461 -+ encode = false;
8462 -+ }
8463 -+ } while (arg < context->execve.argc);
8464 -
8465 -- /*
8466 -- * we need some kernel buffer to hold the userspace args. Just
8467 -- * allocate one big one rather than allocating one of the right size
8468 -- * for every single argument inside audit_log_single_execve_arg()
8469 -- * should be <8k allocation so should be pretty safe.
8470 -- */
8471 -- buf = kmalloc(MAX_EXECVE_AUDIT_LEN + 1, GFP_KERNEL);
8472 -- if (!buf) {
8473 -- audit_panic("out of memory for argv string");
8474 -- return;
8475 -- }
8476 -+ /* NOTE: the caller handles the final audit_log_end() call */
8477 -
8478 -- for (i = 0; i < context->execve.argc; i++) {
8479 -- len = audit_log_single_execve_arg(context, ab, i,
8480 -- &len_sent, p, buf);
8481 -- if (len <= 0)
8482 -- break;
8483 -- p += len;
8484 -- }
8485 -- kfree(buf);
8486 -+out:
8487 -+ kfree(buf_head);
8488 - }
8489 -
8490 - static void show_special(struct audit_context *context, int *call_panic)
8491 -diff --git a/kernel/cgroup.c b/kernel/cgroup.c
8492 -index 75c0ff0..e0be49f 100644
8493 ---- a/kernel/cgroup.c
8494 -+++ b/kernel/cgroup.c
8495 -@@ -2215,12 +2215,8 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
8496 - goto out_unlock;
8497 - }
8498 -
8499 -- /*
8500 -- * We know this subsystem has not yet been bound. Users in a non-init
8501 -- * user namespace may only mount hierarchies with no bound subsystems,
8502 -- * i.e. 'none,name=user1'
8503 -- */
8504 -- if (!opts.none && !capable(CAP_SYS_ADMIN)) {
8505 -+ /* Hierarchies may only be created in the initial cgroup namespace. */
8506 -+ if (ns != &init_cgroup_ns) {
8507 - ret = -EPERM;
8508 - goto out_unlock;
8509 - }
8510 -@@ -2962,6 +2958,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
8511 - int retval = 0;
8512 -
8513 - mutex_lock(&cgroup_mutex);
8514 -+ percpu_down_write(&cgroup_threadgroup_rwsem);
8515 - for_each_root(root) {
8516 - struct cgroup *from_cgrp;
8517 -
8518 -@@ -2976,6 +2973,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
8519 - if (retval)
8520 - break;
8521 - }
8522 -+ percpu_up_write(&cgroup_threadgroup_rwsem);
8523 - mutex_unlock(&cgroup_mutex);
8524 -
8525 - return retval;
8526 -@@ -4343,6 +4341,8 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
8527 -
8528 - mutex_lock(&cgroup_mutex);
8529 -
8530 -+ percpu_down_write(&cgroup_threadgroup_rwsem);
8531 -+
8532 - /* all tasks in @from are being moved, all csets are source */
8533 - spin_lock_irq(&css_set_lock);
8534 - list_for_each_entry(link, &from->cset_links, cset_link)
8535 -@@ -4371,6 +4371,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
8536 - } while (task && !ret);
8537 - out_err:
8538 - cgroup_migrate_finish(&preloaded_csets);
8539 -+ percpu_up_write(&cgroup_threadgroup_rwsem);
8540 - mutex_unlock(&cgroup_mutex);
8541 - return ret;
8542 - }
8543 -@@ -6309,14 +6310,11 @@ struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
8544 - if (!ns_capable(user_ns, CAP_SYS_ADMIN))
8545 - return ERR_PTR(-EPERM);
8546 -
8547 -- mutex_lock(&cgroup_mutex);
8548 -+ /* It is not safe to take cgroup_mutex here */
8549 - spin_lock_irq(&css_set_lock);
8550 --
8551 - cset = task_css_set(current);
8552 - get_css_set(cset);
8553 --
8554 - spin_unlock_irq(&css_set_lock);
8555 -- mutex_unlock(&cgroup_mutex);
8556 -
8557 - new_ns = alloc_cgroup_ns();
8558 - if (IS_ERR(new_ns)) {
8559 -diff --git a/kernel/module.c b/kernel/module.c
8560 -index 5f71aa6..6458a2f 100644
8561 ---- a/kernel/module.c
8562 -+++ b/kernel/module.c
8563 -@@ -2687,13 +2687,18 @@ static inline void kmemleak_load_module(const struct module *mod,
8564 - #endif
8565 -
8566 - #ifdef CONFIG_MODULE_SIG
8567 --static int module_sig_check(struct load_info *info)
8568 -+static int module_sig_check(struct load_info *info, int flags)
8569 - {
8570 - int err = -ENOKEY;
8571 - const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
8572 - const void *mod = info->hdr;
8573 -
8574 -- if (info->len > markerlen &&
8575 -+ /*
8576 -+ * Require flags == 0, as a module with version information
8577 -+ * removed is no longer the module that was signed
8578 -+ */
8579 -+ if (flags == 0 &&
8580 -+ info->len > markerlen &&
8581 - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
8582 - /* We truncate the module to discard the signature */
8583 - info->len -= markerlen;
8584 -@@ -2712,7 +2717,7 @@ static int module_sig_check(struct load_info *info)
8585 - return err;
8586 - }
8587 - #else /* !CONFIG_MODULE_SIG */
8588 --static int module_sig_check(struct load_info *info)
8589 -+static int module_sig_check(struct load_info *info, int flags)
8590 - {
8591 - return 0;
8592 - }
8593 -@@ -3498,7 +3503,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
8594 - long err;
8595 - char *after_dashes;
8596 -
8597 -- err = module_sig_check(info);
8598 -+ err = module_sig_check(info, flags);
8599 - if (err)
8600 - goto free_copy;
8601 -
8602 -diff --git a/mm/backing-dev.c b/mm/backing-dev.c
8603 -index ed173b8..9269911 100644
8604 ---- a/mm/backing-dev.c
8605 -+++ b/mm/backing-dev.c
8606 -@@ -825,6 +825,20 @@ int bdi_register_dev(struct backing_dev_info *bdi, dev_t dev)
8607 - }
8608 - EXPORT_SYMBOL(bdi_register_dev);
8609 -
8610 -+int bdi_register_owner(struct backing_dev_info *bdi, struct device *owner)
8611 -+{
8612 -+ int rc;
8613 -+
8614 -+ rc = bdi_register(bdi, NULL, "%u:%u", MAJOR(owner->devt),
8615 -+ MINOR(owner->devt));
8616 -+ if (rc)
8617 -+ return rc;
8618 -+ bdi->owner = owner;
8619 -+ get_device(owner);
8620 -+ return 0;
8621 -+}
8622 -+EXPORT_SYMBOL(bdi_register_owner);
8623 -+
8624 - /*
8625 - * Remove bdi from bdi_list, and ensure that it is no longer visible
8626 - */
8627 -@@ -849,6 +863,11 @@ void bdi_unregister(struct backing_dev_info *bdi)
8628 - device_unregister(bdi->dev);
8629 - bdi->dev = NULL;
8630 - }
8631 -+
8632 -+ if (bdi->owner) {
8633 -+ put_device(bdi->owner);
8634 -+ bdi->owner = NULL;
8635 -+ }
8636 - }
8637 -
8638 - void bdi_exit(struct backing_dev_info *bdi)
8639 -diff --git a/mm/hugetlb.c b/mm/hugetlb.c
8640 -index addfe4ac..d9ec1a5 100644
8641 ---- a/mm/hugetlb.c
8642 -+++ b/mm/hugetlb.c
8643 -@@ -2214,6 +2214,10 @@ static unsigned long set_max_huge_pages(struct hstate *h, unsigned long count,
8644 - * and reducing the surplus.
8645 - */
8646 - spin_unlock(&hugetlb_lock);
8647 -+
8648 -+ /* yield cpu to avoid soft lockup */
8649 -+ cond_resched();
8650 -+
8651 - if (hstate_is_gigantic(h))
8652 - ret = alloc_fresh_gigantic_page(h, nodes_allowed);
8653 - else
8654 -diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
8655 -index 388ee8b..1842141 100644
8656 ---- a/net/bluetooth/l2cap_sock.c
8657 -+++ b/net/bluetooth/l2cap_sock.c
8658 -@@ -927,7 +927,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
8659 - break;
8660 - }
8661 -
8662 -- if (get_user(opt, (u32 __user *) optval)) {
8663 -+ if (get_user(opt, (u16 __user *) optval)) {
8664 - err = -EFAULT;
8665 - break;
8666 - }
8667 -diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
8668 -index 1325776..bd007a9 100644
8669 ---- a/net/netlabel/netlabel_kapi.c
8670 -+++ b/net/netlabel/netlabel_kapi.c
8671 -@@ -824,7 +824,11 @@ socket_setattr_return:
8672 - */
8673 - void netlbl_sock_delattr(struct sock *sk)
8674 - {
8675 -- cipso_v4_sock_delattr(sk);
8676 -+ switch (sk->sk_family) {
8677 -+ case AF_INET:
8678 -+ cipso_v4_sock_delattr(sk);
8679 -+ break;
8680 -+ }
8681 - }
8682 -
8683 - /**
8684 -@@ -987,7 +991,11 @@ req_setattr_return:
8685 - */
8686 - void netlbl_req_delattr(struct request_sock *req)
8687 - {
8688 -- cipso_v4_req_delattr(req);
8689 -+ switch (req->rsk_ops->family) {
8690 -+ case AF_INET:
8691 -+ cipso_v4_req_delattr(req);
8692 -+ break;
8693 -+ }
8694 - }
8695 -
8696 - /**
8697 -diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
8698 -index e1675927..42396a7 100644
8699 ---- a/scripts/recordmcount.c
8700 -+++ b/scripts/recordmcount.c
8701 -@@ -33,10 +33,17 @@
8702 - #include <string.h>
8703 - #include <unistd.h>
8704 -
8705 -+/*
8706 -+ * glibc synced up and added the metag number but didn't add the relocations.
8707 -+ * Work around this in a crude manner for now.
8708 -+ */
8709 - #ifndef EM_METAG
8710 --/* Remove this when these make it to the standard system elf.h. */
8711 - #define EM_METAG 174
8712 -+#endif
8713 -+#ifndef R_METAG_ADDR32
8714 - #define R_METAG_ADDR32 2
8715 -+#endif
8716 -+#ifndef R_METAG_NONE
8717 - #define R_METAG_NONE 3
8718 - #endif
8719 -
8720 -diff --git a/sound/hda/array.c b/sound/hda/array.c
8721 -index 516795b..5dfa610 100644
8722 ---- a/sound/hda/array.c
8723 -+++ b/sound/hda/array.c
8724 -@@ -21,13 +21,15 @@ void *snd_array_new(struct snd_array *array)
8725 - return NULL;
8726 - if (array->used >= array->alloced) {
8727 - int num = array->alloced + array->alloc_align;
8728 -+ int oldsize = array->alloced * array->elem_size;
8729 - int size = (num + 1) * array->elem_size;
8730 - void *nlist;
8731 - if (snd_BUG_ON(num >= 4096))
8732 - return NULL;
8733 -- nlist = krealloc(array->list, size, GFP_KERNEL | __GFP_ZERO);
8734 -+ nlist = krealloc(array->list, size, GFP_KERNEL);
8735 - if (!nlist)
8736 - return NULL;
8737 -+ memset(nlist + oldsize, 0, size - oldsize);
8738 - array->list = nlist;
8739 - array->alloced = num;
8740 - }
8741 -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
8742 -index 6f8ea13..89dacf9 100644
8743 ---- a/sound/pci/hda/hda_intel.c
8744 -+++ b/sound/pci/hda/hda_intel.c
8745 -@@ -2265,6 +2265,8 @@ static const struct pci_device_id azx_ids[] = {
8746 - { PCI_DEVICE(0x1022, 0x780d),
8747 - .driver_data = AZX_DRIVER_GENERIC | AZX_DCAPS_PRESET_ATI_SB },
8748 - /* ATI HDMI */
8749 -+ { PCI_DEVICE(0x1002, 0x0002),
8750 -+ .driver_data = AZX_DRIVER_ATIHDMI_NS | AZX_DCAPS_PRESET_ATI_HDMI_NS },
8751 - { PCI_DEVICE(0x1002, 0x1308),
8752 - .driver_data = AZX_DRIVER_ATIHDMI_NS | AZX_DCAPS_PRESET_ATI_HDMI_NS },
8753 - { PCI_DEVICE(0x1002, 0x157a),
8754 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
8755 -index abcb5a6..f25479b 100644
8756 ---- a/sound/pci/hda/patch_realtek.c
8757 -+++ b/sound/pci/hda/patch_realtek.c
8758 -@@ -4674,6 +4674,22 @@ static void alc290_fixup_mono_speakers(struct hda_codec *codec,
8759 - }
8760 - }
8761 -
8762 -+static void alc298_fixup_speaker_volume(struct hda_codec *codec,
8763 -+ const struct hda_fixup *fix, int action)
8764 -+{
8765 -+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
8766 -+ /* The speaker is routed to the Node 0x06 by a mistake, as a result
8767 -+ we can't adjust the speaker's volume since this node does not has
8768 -+ Amp-out capability. we change the speaker's route to:
8769 -+ Node 0x02 (Audio Output) -> Node 0x0c (Audio Mixer) -> Node 0x17 (
8770 -+ Pin Complex), since Node 0x02 has Amp-out caps, we can adjust
8771 -+ speaker's volume now. */
8772 -+
8773 -+ hda_nid_t conn1[1] = { 0x0c };
8774 -+ snd_hda_override_conn_list(codec, 0x17, 1, conn1);
8775 -+ }
8776 -+}
8777 -+
8778 - /* Hook to update amp GPIO4 for automute */
8779 - static void alc280_hp_gpio4_automute_hook(struct hda_codec *codec,
8780 - struct hda_jack_callback *jack)
8781 -@@ -4823,6 +4839,7 @@ enum {
8782 - ALC280_FIXUP_HP_HEADSET_MIC,
8783 - ALC221_FIXUP_HP_FRONT_MIC,
8784 - ALC292_FIXUP_TPT460,
8785 -+ ALC298_FIXUP_SPK_VOLUME,
8786 - };
8787 -
8788 - static const struct hda_fixup alc269_fixups[] = {
8789 -@@ -5478,6 +5495,12 @@ static const struct hda_fixup alc269_fixups[] = {
8790 - .chained = true,
8791 - .chain_id = ALC293_FIXUP_LENOVO_SPK_NOISE,
8792 - },
8793 -+ [ALC298_FIXUP_SPK_VOLUME] = {
8794 -+ .type = HDA_FIXUP_FUNC,
8795 -+ .v.func = alc298_fixup_speaker_volume,
8796 -+ .chained = true,
8797 -+ .chain_id = ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
8798 -+ },
8799 - };
8800 -
8801 - static const struct snd_pci_quirk alc269_fixup_tbl[] = {
8802 -@@ -5524,6 +5547,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
8803 - SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13 9350", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
8804 - SND_PCI_QUIRK(0x1028, 0x0725, "Dell Inspiron 3162", ALC255_FIXUP_DELL_SPK_NOISE),
8805 - SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
8806 -+ SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME),
8807 - SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
8808 - SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
8809 - SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
8810 -@@ -5799,6 +5823,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
8811 - {0x1b, 0x01014020},
8812 - {0x21, 0x0221103f}),
8813 - SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
8814 -+ {0x14, 0x90170130},
8815 -+ {0x1b, 0x02011020},
8816 -+ {0x21, 0x0221103f}),
8817 -+ SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
8818 - {0x14, 0x90170150},
8819 - {0x1b, 0x02011020},
8820 - {0x21, 0x0221105f}),
8821 -diff --git a/tools/objtool/.gitignore b/tools/objtool/.gitignore
8822 -index a0b3128..d3102c8 100644
8823 ---- a/tools/objtool/.gitignore
8824 -+++ b/tools/objtool/.gitignore
8825 -@@ -1,2 +1,3 @@
8826 - arch/x86/insn/inat-tables.c
8827 - objtool
8828 -+fixdep
8829 -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
8830 -index 48bd520..dd25346 100644
8831 ---- a/virt/kvm/kvm_main.c
8832 -+++ b/virt/kvm/kvm_main.c
8833 -@@ -148,6 +148,7 @@ int vcpu_load(struct kvm_vcpu *vcpu)
8834 - put_cpu();
8835 - return 0;
8836 - }
8837 -+EXPORT_SYMBOL_GPL(vcpu_load);
8838 -
8839 - void vcpu_put(struct kvm_vcpu *vcpu)
8840 - {
8841 -@@ -157,6 +158,7 @@ void vcpu_put(struct kvm_vcpu *vcpu)
8842 - preempt_enable();
8843 - mutex_unlock(&vcpu->mutex);
8844 - }
8845 -+EXPORT_SYMBOL_GPL(vcpu_put);
8846 -
8847 - static void ack_flush(void *_completed)
8848 - {
8849
8850 diff --git a/4.7.4/1002_linux-4.7.3.patch b/4.7.4/1002_linux-4.7.3.patch
8851 deleted file mode 100644
8852 index caac684..0000000
8853 --- a/4.7.4/1002_linux-4.7.3.patch
8854 +++ /dev/null
8855 @@ -1,4418 +0,0 @@
8856 -diff --git a/Makefile b/Makefile
8857 -index bb98f1c..4afff18 100644
8858 ---- a/Makefile
8859 -+++ b/Makefile
8860 -@@ -1,6 +1,6 @@
8861 - VERSION = 4
8862 - PATCHLEVEL = 7
8863 --SUBLEVEL = 2
8864 -+SUBLEVEL = 3
8865 - EXTRAVERSION =
8866 - NAME = Psychotic Stoned Sheep
8867 -
8868 -diff --git a/arch/arc/include/asm/entry.h b/arch/arc/include/asm/entry.h
8869 -index ad7860c..51597f3 100644
8870 ---- a/arch/arc/include/asm/entry.h
8871 -+++ b/arch/arc/include/asm/entry.h
8872 -@@ -142,7 +142,7 @@
8873 -
8874 - #ifdef CONFIG_ARC_CURR_IN_REG
8875 - ; Retrieve orig r25 and save it with rest of callee_regs
8876 -- ld.as r12, [r12, PT_user_r25]
8877 -+ ld r12, [r12, PT_user_r25]
8878 - PUSH r12
8879 - #else
8880 - PUSH r25
8881 -@@ -198,7 +198,7 @@
8882 -
8883 - ; SP is back to start of pt_regs
8884 - #ifdef CONFIG_ARC_CURR_IN_REG
8885 -- st.as r12, [sp, PT_user_r25]
8886 -+ st r12, [sp, PT_user_r25]
8887 - #endif
8888 - .endm
8889 -
8890 -diff --git a/arch/arc/include/asm/irqflags-compact.h b/arch/arc/include/asm/irqflags-compact.h
8891 -index c1d3645..4c6eed8 100644
8892 ---- a/arch/arc/include/asm/irqflags-compact.h
8893 -+++ b/arch/arc/include/asm/irqflags-compact.h
8894 -@@ -188,10 +188,10 @@ static inline int arch_irqs_disabled(void)
8895 - .endm
8896 -
8897 - .macro IRQ_ENABLE scratch
8898 -+ TRACE_ASM_IRQ_ENABLE
8899 - lr \scratch, [status32]
8900 - or \scratch, \scratch, (STATUS_E1_MASK | STATUS_E2_MASK)
8901 - flag \scratch
8902 -- TRACE_ASM_IRQ_ENABLE
8903 - .endm
8904 -
8905 - #endif /* __ASSEMBLY__ */
8906 -diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h
8907 -index 0f92d97..89eeb37 100644
8908 ---- a/arch/arc/include/asm/pgtable.h
8909 -+++ b/arch/arc/include/asm/pgtable.h
8910 -@@ -280,7 +280,7 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep)
8911 -
8912 - #define pte_page(pte) pfn_to_page(pte_pfn(pte))
8913 - #define mk_pte(page, prot) pfn_pte(page_to_pfn(page), prot)
8914 --#define pfn_pte(pfn, prot) (__pte(((pte_t)(pfn) << PAGE_SHIFT) | pgprot_val(prot)))
8915 -+#define pfn_pte(pfn, prot) __pte(((pfn) << PAGE_SHIFT) | pgprot_val(prot))
8916 -
8917 - /* Don't use virt_to_pfn for macros below: could cause truncations for PAE40*/
8918 - #define pte_pfn(pte) (pte_val(pte) >> PAGE_SHIFT)
8919 -diff --git a/arch/arc/mm/cache.c b/arch/arc/mm/cache.c
8920 -index 5a294b2..0b10efe 100644
8921 ---- a/arch/arc/mm/cache.c
8922 -+++ b/arch/arc/mm/cache.c
8923 -@@ -921,6 +921,15 @@ void arc_cache_init(void)
8924 -
8925 - printk(arc_cache_mumbojumbo(0, str, sizeof(str)));
8926 -
8927 -+ /*
8928 -+ * Only master CPU needs to execute rest of function:
8929 -+ * - Assume SMP so all cores will have same cache config so
8930 -+ * any geomtry checks will be same for all
8931 -+ * - IOC setup / dma callbacks only need to be setup once
8932 -+ */
8933 -+ if (cpu)
8934 -+ return;
8935 -+
8936 - if (IS_ENABLED(CONFIG_ARC_HAS_ICACHE)) {
8937 - struct cpuinfo_arc_cache *ic = &cpuinfo_arc700[cpu].icache;
8938 -
8939 -diff --git a/arch/arm64/boot/dts/rockchip/rk3368.dtsi b/arch/arm64/boot/dts/rockchip/rk3368.dtsi
8940 -index 080203e..dc7f3bc 100644
8941 ---- a/arch/arm64/boot/dts/rockchip/rk3368.dtsi
8942 -+++ b/arch/arm64/boot/dts/rockchip/rk3368.dtsi
8943 -@@ -270,6 +270,8 @@
8944 - #io-channel-cells = <1>;
8945 - clocks = <&cru SCLK_SARADC>, <&cru PCLK_SARADC>;
8946 - clock-names = "saradc", "apb_pclk";
8947 -+ resets = <&cru SRST_SARADC>;
8948 -+ reset-names = "saradc-apb";
8949 - status = "disabled";
8950 - };
8951 -
8952 -diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
8953 -index 579b6e6..a55384f 100644
8954 ---- a/arch/arm64/include/asm/elf.h
8955 -+++ b/arch/arm64/include/asm/elf.h
8956 -@@ -140,6 +140,7 @@ typedef struct user_fpsimd_state elf_fpregset_t;
8957 -
8958 - #define SET_PERSONALITY(ex) clear_thread_flag(TIF_32BIT);
8959 -
8960 -+/* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
8961 - #define ARCH_DLINFO \
8962 - do { \
8963 - NEW_AUX_ENT(AT_SYSINFO_EHDR, \
8964 -diff --git a/arch/arm64/include/uapi/asm/auxvec.h b/arch/arm64/include/uapi/asm/auxvec.h
8965 -index 22d6d88..4cf0c17 100644
8966 ---- a/arch/arm64/include/uapi/asm/auxvec.h
8967 -+++ b/arch/arm64/include/uapi/asm/auxvec.h
8968 -@@ -19,4 +19,6 @@
8969 - /* vDSO location */
8970 - #define AT_SYSINFO_EHDR 33
8971 -
8972 -+#define AT_VECTOR_SIZE_ARCH 1 /* entries in ARCH_DLINFO */
8973 -+
8974 - #endif
8975 -diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
8976 -index 2c6e598..aa68aad 100644
8977 ---- a/arch/arm64/kernel/head.S
8978 -+++ b/arch/arm64/kernel/head.S
8979 -@@ -757,6 +757,9 @@ ENTRY(__enable_mmu)
8980 - isb
8981 - bl __create_page_tables // recreate kernel mapping
8982 -
8983 -+ tlbi vmalle1 // Remove any stale TLB entries
8984 -+ dsb nsh
8985 -+
8986 - msr sctlr_el1, x19 // re-enable the MMU
8987 - isb
8988 - ic iallu // flush instructions fetched
8989 -diff --git a/arch/arm64/kernel/sleep.S b/arch/arm64/kernel/sleep.S
8990 -index 9a3aec9..ccf79d8 100644
8991 ---- a/arch/arm64/kernel/sleep.S
8992 -+++ b/arch/arm64/kernel/sleep.S
8993 -@@ -101,12 +101,20 @@ ENTRY(cpu_resume)
8994 - bl el2_setup // if in EL2 drop to EL1 cleanly
8995 - /* enable the MMU early - so we can access sleep_save_stash by va */
8996 - adr_l lr, __enable_mmu /* __cpu_setup will return here */
8997 -- ldr x27, =_cpu_resume /* __enable_mmu will branch here */
8998 -+ adr_l x27, _resume_switched /* __enable_mmu will branch here */
8999 - adrp x25, idmap_pg_dir
9000 - adrp x26, swapper_pg_dir
9001 - b __cpu_setup
9002 - ENDPROC(cpu_resume)
9003 -
9004 -+ .pushsection ".idmap.text", "ax"
9005 -+_resume_switched:
9006 -+ ldr x8, =_cpu_resume
9007 -+ br x8
9008 -+ENDPROC(_resume_switched)
9009 -+ .ltorg
9010 -+ .popsection
9011 -+
9012 - ENTRY(_cpu_resume)
9013 - mrs x1, mpidr_el1
9014 - adrp x8, mpidr_hash
9015 -diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
9016 -index 5bb61de..9d37e96 100644
9017 ---- a/arch/arm64/mm/proc.S
9018 -+++ b/arch/arm64/mm/proc.S
9019 -@@ -100,7 +100,16 @@ ENTRY(cpu_do_resume)
9020 -
9021 - msr tcr_el1, x8
9022 - msr vbar_el1, x9
9023 -+
9024 -+ /*
9025 -+ * __cpu_setup() cleared MDSCR_EL1.MDE and friends, before unmasking
9026 -+ * debug exceptions. By restoring MDSCR_EL1 here, we may take a debug
9027 -+ * exception. Mask them until local_dbg_restore() in cpu_suspend()
9028 -+ * resets them.
9029 -+ */
9030 -+ disable_dbg
9031 - msr mdscr_el1, x10
9032 -+
9033 - msr sctlr_el1, x12
9034 - /*
9035 - * Restore oslsr_el1 by writing oslar_el1
9036 -diff --git a/arch/parisc/include/uapi/asm/errno.h b/arch/parisc/include/uapi/asm/errno.h
9037 -index c0ae625..274d5bc 100644
9038 ---- a/arch/parisc/include/uapi/asm/errno.h
9039 -+++ b/arch/parisc/include/uapi/asm/errno.h
9040 -@@ -97,10 +97,10 @@
9041 - #define ENOTCONN 235 /* Transport endpoint is not connected */
9042 - #define ESHUTDOWN 236 /* Cannot send after transport endpoint shutdown */
9043 - #define ETOOMANYREFS 237 /* Too many references: cannot splice */
9044 --#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */
9045 - #define ETIMEDOUT 238 /* Connection timed out */
9046 - #define ECONNREFUSED 239 /* Connection refused */
9047 --#define EREMOTERELEASE 240 /* Remote peer released connection */
9048 -+#define EREFUSED ECONNREFUSED /* for HP's NFS apparently */
9049 -+#define EREMOTERELEASE 240 /* Remote peer released connection */
9050 - #define EHOSTDOWN 241 /* Host is down */
9051 - #define EHOSTUNREACH 242 /* No route to host */
9052 -
9053 -diff --git a/arch/parisc/kernel/processor.c b/arch/parisc/kernel/processor.c
9054 -index 5adc339..0c2a94a 100644
9055 ---- a/arch/parisc/kernel/processor.c
9056 -+++ b/arch/parisc/kernel/processor.c
9057 -@@ -51,8 +51,6 @@ EXPORT_SYMBOL(_parisc_requires_coherency);
9058 -
9059 - DEFINE_PER_CPU(struct cpuinfo_parisc, cpu_data);
9060 -
9061 --extern int update_cr16_clocksource(void); /* from time.c */
9062 --
9063 - /*
9064 - ** PARISC CPU driver - claim "device" and initialize CPU data structures.
9065 - **
9066 -@@ -228,12 +226,6 @@ static int processor_probe(struct parisc_device *dev)
9067 - }
9068 - #endif
9069 -
9070 -- /* If we've registered more than one cpu,
9071 -- * we'll use the jiffies clocksource since cr16
9072 -- * is not synchronized between CPUs.
9073 -- */
9074 -- update_cr16_clocksource();
9075 --
9076 - return 0;
9077 - }
9078 -
9079 -diff --git a/arch/parisc/kernel/time.c b/arch/parisc/kernel/time.c
9080 -index 31ec99a..5eea7dc 100644
9081 ---- a/arch/parisc/kernel/time.c
9082 -+++ b/arch/parisc/kernel/time.c
9083 -@@ -220,18 +220,6 @@ static struct clocksource clocksource_cr16 = {
9084 - .flags = CLOCK_SOURCE_IS_CONTINUOUS,
9085 - };
9086 -
9087 --int update_cr16_clocksource(void)
9088 --{
9089 -- /* since the cr16 cycle counters are not synchronized across CPUs,
9090 -- we'll check if we should switch to a safe clocksource: */
9091 -- if (clocksource_cr16.rating != 0 && num_online_cpus() > 1) {
9092 -- clocksource_change_rating(&clocksource_cr16, 0);
9093 -- return 1;
9094 -- }
9095 --
9096 -- return 0;
9097 --}
9098 --
9099 - void __init start_cpu_itimer(void)
9100 - {
9101 - unsigned int cpu = smp_processor_id();
9102 -diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S
9103 -index 1dd5bd8..1330553 100644
9104 ---- a/arch/um/include/asm/common.lds.S
9105 -+++ b/arch/um/include/asm/common.lds.S
9106 -@@ -81,7 +81,7 @@
9107 - .altinstr_replacement : { *(.altinstr_replacement) }
9108 - /* .exit.text is discard at runtime, not link time, to deal with references
9109 - from .altinstructions and .eh_frame */
9110 -- .exit.text : { *(.exit.text) }
9111 -+ .exit.text : { EXIT_TEXT }
9112 - .exit.data : { *(.exit.data) }
9113 -
9114 - .preinit_array : {
9115 -diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
9116 -index 4e5be94..6fa8594 100644
9117 ---- a/arch/x86/include/asm/tlbflush.h
9118 -+++ b/arch/x86/include/asm/tlbflush.h
9119 -@@ -135,7 +135,14 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
9120 -
9121 - static inline void __native_flush_tlb(void)
9122 - {
9123 -+ /*
9124 -+ * If current->mm == NULL then we borrow a mm which may change during a
9125 -+ * task switch and therefore we must not be preempted while we write CR3
9126 -+ * back:
9127 -+ */
9128 -+ preempt_disable();
9129 - native_write_cr3(native_read_cr3());
9130 -+ preempt_enable();
9131 - }
9132 -
9133 - static inline void __native_flush_tlb_global_irq_disabled(void)
9134 -diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
9135 -index 6c1ff31..495c776 100644
9136 ---- a/arch/x86/kernel/uprobes.c
9137 -+++ b/arch/x86/kernel/uprobes.c
9138 -@@ -357,20 +357,22 @@ static void riprel_analyze(struct arch_uprobe *auprobe, struct insn *insn)
9139 - *cursor &= 0xfe;
9140 - }
9141 - /*
9142 -- * Similar treatment for VEX3 prefix.
9143 -- * TODO: add XOP/EVEX treatment when insn decoder supports them
9144 -+ * Similar treatment for VEX3/EVEX prefix.
9145 -+ * TODO: add XOP treatment when insn decoder supports them
9146 - */
9147 -- if (insn->vex_prefix.nbytes == 3) {
9148 -+ if (insn->vex_prefix.nbytes >= 3) {
9149 - /*
9150 - * vex2: c5 rvvvvLpp (has no b bit)
9151 - * vex3/xop: c4/8f rxbmmmmm wvvvvLpp
9152 - * evex: 62 rxbR00mm wvvvv1pp zllBVaaa
9153 -- * (evex will need setting of both b and x since
9154 -- * in non-sib encoding evex.x is 4th bit of MODRM.rm)
9155 -- * Setting VEX3.b (setting because it has inverted meaning):
9156 -+ * Setting VEX3.b (setting because it has inverted meaning).
9157 -+ * Setting EVEX.x since (in non-SIB encoding) EVEX.x
9158 -+ * is the 4th bit of MODRM.rm, and needs the same treatment.
9159 -+ * For VEX3-encoded insns, VEX3.x value has no effect in
9160 -+ * non-SIB encoding, the change is superfluous but harmless.
9161 - */
9162 - cursor = auprobe->insn + insn_offset_vex_prefix(insn) + 1;
9163 -- *cursor |= 0x20;
9164 -+ *cursor |= 0x60;
9165 - }
9166 -
9167 - /*
9168 -@@ -415,12 +417,10 @@ static void riprel_analyze(struct arch_uprobe *auprobe, struct insn *insn)
9169 -
9170 - reg = MODRM_REG(insn); /* Fetch modrm.reg */
9171 - reg2 = 0xff; /* Fetch vex.vvvv */
9172 -- if (insn->vex_prefix.nbytes == 2)
9173 -- reg2 = insn->vex_prefix.bytes[1];
9174 -- else if (insn->vex_prefix.nbytes == 3)
9175 -+ if (insn->vex_prefix.nbytes)
9176 - reg2 = insn->vex_prefix.bytes[2];
9177 - /*
9178 -- * TODO: add XOP, EXEV vvvv reading.
9179 -+ * TODO: add XOP vvvv reading.
9180 - *
9181 - * vex.vvvv field is in bits 6-3, bits are inverted.
9182 - * But in 32-bit mode, high-order bit may be ignored.
9183 -diff --git a/arch/x86/platform/uv/bios_uv.c b/arch/x86/platform/uv/bios_uv.c
9184 -index 815fec6..17943a8 100644
9185 ---- a/arch/x86/platform/uv/bios_uv.c
9186 -+++ b/arch/x86/platform/uv/bios_uv.c
9187 -@@ -188,7 +188,8 @@ EXPORT_SYMBOL_GPL(uv_bios_set_legacy_vga_target);
9188 - void uv_bios_init(void)
9189 - {
9190 - uv_systab = NULL;
9191 -- if ((efi.uv_systab == EFI_INVALID_TABLE_ADDR) || !efi.uv_systab) {
9192 -+ if ((efi.uv_systab == EFI_INVALID_TABLE_ADDR) ||
9193 -+ !efi.uv_systab || efi_runtime_disabled()) {
9194 - pr_crit("UV: UVsystab: missing\n");
9195 - return;
9196 - }
9197 -diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
9198 -index 8adac69..2e98173 100644
9199 ---- a/drivers/acpi/cppc_acpi.c
9200 -+++ b/drivers/acpi/cppc_acpi.c
9201 -@@ -299,8 +299,10 @@ int acpi_get_psd_map(struct cpudata **all_cpu_data)
9202 - continue;
9203 -
9204 - cpc_ptr = per_cpu(cpc_desc_ptr, i);
9205 -- if (!cpc_ptr)
9206 -- continue;
9207 -+ if (!cpc_ptr) {
9208 -+ retval = -EFAULT;
9209 -+ goto err_ret;
9210 -+ }
9211 -
9212 - pdomain = &(cpc_ptr->domain_info);
9213 - cpumask_set_cpu(i, pr->shared_cpu_map);
9214 -@@ -322,8 +324,10 @@ int acpi_get_psd_map(struct cpudata **all_cpu_data)
9215 - continue;
9216 -
9217 - match_cpc_ptr = per_cpu(cpc_desc_ptr, j);
9218 -- if (!match_cpc_ptr)
9219 -- continue;
9220 -+ if (!match_cpc_ptr) {
9221 -+ retval = -EFAULT;
9222 -+ goto err_ret;
9223 -+ }
9224 -
9225 - match_pdomain = &(match_cpc_ptr->domain_info);
9226 - if (match_pdomain->domain != pdomain->domain)
9227 -@@ -353,8 +357,10 @@ int acpi_get_psd_map(struct cpudata **all_cpu_data)
9228 - continue;
9229 -
9230 - match_cpc_ptr = per_cpu(cpc_desc_ptr, j);
9231 -- if (!match_cpc_ptr)
9232 -- continue;
9233 -+ if (!match_cpc_ptr) {
9234 -+ retval = -EFAULT;
9235 -+ goto err_ret;
9236 -+ }
9237 -
9238 - match_pdomain = &(match_cpc_ptr->domain_info);
9239 - if (match_pdomain->domain != pdomain->domain)
9240 -@@ -595,9 +601,6 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
9241 - /* Store CPU Logical ID */
9242 - cpc_ptr->cpu_id = pr->id;
9243 -
9244 -- /* Plug it into this CPUs CPC descriptor. */
9245 -- per_cpu(cpc_desc_ptr, pr->id) = cpc_ptr;
9246 --
9247 - /* Parse PSD data for this CPU */
9248 - ret = acpi_get_psd(cpc_ptr, handle);
9249 - if (ret)
9250 -@@ -610,6 +613,9 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
9251 - goto out_free;
9252 - }
9253 -
9254 -+ /* Plug PSD data into this CPUs CPC descriptor. */
9255 -+ per_cpu(cpc_desc_ptr, pr->id) = cpc_ptr;
9256 -+
9257 - /* Everything looks okay */
9258 - pr_debug("Parsed CPC struct for CPU: %d\n", pr->id);
9259 -
9260 -diff --git a/drivers/acpi/nfit.c b/drivers/acpi/nfit.c
9261 -index 1f0e060..375c10f 100644
9262 ---- a/drivers/acpi/nfit.c
9263 -+++ b/drivers/acpi/nfit.c
9264 -@@ -1396,11 +1396,12 @@ static u32 read_blk_stat(struct nfit_blk *nfit_blk, unsigned int bw)
9265 - {
9266 - struct nfit_blk_mmio *mmio = &nfit_blk->mmio[DCR];
9267 - u64 offset = nfit_blk->stat_offset + mmio->size * bw;
9268 -+ const u32 STATUS_MASK = 0x80000037;
9269 -
9270 - if (mmio->num_lines)
9271 - offset = to_interleave_offset(offset, mmio);
9272 -
9273 -- return readl(mmio->addr.base + offset);
9274 -+ return readl(mmio->addr.base + offset) & STATUS_MASK;
9275 - }
9276 -
9277 - static void write_blk_ctl(struct nfit_blk *nfit_blk, unsigned int bw,
9278 -diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
9279 -index 5f28cf7..f3c0222 100644
9280 ---- a/drivers/acpi/scan.c
9281 -+++ b/drivers/acpi/scan.c
9282 -@@ -1967,7 +1967,7 @@ int __init acpi_scan_init(void)
9283 -
9284 - static struct acpi_probe_entry *ape;
9285 - static int acpi_probe_count;
9286 --static DEFINE_SPINLOCK(acpi_probe_lock);
9287 -+static DEFINE_MUTEX(acpi_probe_mutex);
9288 -
9289 - static int __init acpi_match_madt(struct acpi_subtable_header *header,
9290 - const unsigned long end)
9291 -@@ -1986,7 +1986,7 @@ int __init __acpi_probe_device_table(struct acpi_probe_entry *ap_head, int nr)
9292 - if (acpi_disabled)
9293 - return 0;
9294 -
9295 -- spin_lock(&acpi_probe_lock);
9296 -+ mutex_lock(&acpi_probe_mutex);
9297 - for (ape = ap_head; nr; ape++, nr--) {
9298 - if (ACPI_COMPARE_NAME(ACPI_SIG_MADT, ape->id)) {
9299 - acpi_probe_count = 0;
9300 -@@ -1999,7 +1999,7 @@ int __init __acpi_probe_device_table(struct acpi_probe_entry *ap_head, int nr)
9301 - count++;
9302 - }
9303 - }
9304 -- spin_unlock(&acpi_probe_lock);
9305 -+ mutex_unlock(&acpi_probe_mutex);
9306 -
9307 - return count;
9308 - }
9309 -diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
9310 -index a1dcf12..84708a5 100644
9311 ---- a/drivers/block/floppy.c
9312 -+++ b/drivers/block/floppy.c
9313 -@@ -3663,6 +3663,11 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
9314 -
9315 - opened_bdev[drive] = bdev;
9316 -
9317 -+ if (!(mode & (FMODE_READ|FMODE_WRITE))) {
9318 -+ res = -EINVAL;
9319 -+ goto out;
9320 -+ }
9321 -+
9322 - res = -ENXIO;
9323 -
9324 - if (!floppy_track_buffer) {
9325 -@@ -3706,15 +3711,13 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
9326 - if (UFDCS->rawcmd == 1)
9327 - UFDCS->rawcmd = 2;
9328 -
9329 -- if (mode & (FMODE_READ|FMODE_WRITE)) {
9330 -- UDRS->last_checked = 0;
9331 -- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
9332 -- check_disk_change(bdev);
9333 -- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
9334 -- goto out;
9335 -- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
9336 -- goto out;
9337 -- }
9338 -+ UDRS->last_checked = 0;
9339 -+ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
9340 -+ check_disk_change(bdev);
9341 -+ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
9342 -+ goto out;
9343 -+ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
9344 -+ goto out;
9345 -
9346 - res = -EROFS;
9347 -
9348 -diff --git a/drivers/clk/renesas/r8a7795-cpg-mssr.c b/drivers/clk/renesas/r8a7795-cpg-mssr.c
9349 -index ca5519c..e7b98c4 100644
9350 ---- a/drivers/clk/renesas/r8a7795-cpg-mssr.c
9351 -+++ b/drivers/clk/renesas/r8a7795-cpg-mssr.c
9352 -@@ -91,6 +91,7 @@ static const struct cpg_core_clk r8a7795_core_clks[] __initconst = {
9353 - DEF_FIXED(".s1", CLK_S1, CLK_PLL1_DIV2, 3, 1),
9354 - DEF_FIXED(".s2", CLK_S2, CLK_PLL1_DIV2, 4, 1),
9355 - DEF_FIXED(".s3", CLK_S3, CLK_PLL1_DIV2, 6, 1),
9356 -+ DEF_FIXED(".sdsrc", CLK_SDSRC, CLK_PLL1_DIV2, 2, 1),
9357 -
9358 - /* Core Clock Outputs */
9359 - DEF_FIXED("ztr", R8A7795_CLK_ZTR, CLK_PLL1_DIV2, 6, 1),
9360 -@@ -109,10 +110,10 @@ static const struct cpg_core_clk r8a7795_core_clks[] __initconst = {
9361 - DEF_FIXED("s3d2", R8A7795_CLK_S3D2, CLK_S3, 2, 1),
9362 - DEF_FIXED("s3d4", R8A7795_CLK_S3D4, CLK_S3, 4, 1),
9363 -
9364 -- DEF_GEN3_SD("sd0", R8A7795_CLK_SD0, CLK_PLL1_DIV2, 0x0074),
9365 -- DEF_GEN3_SD("sd1", R8A7795_CLK_SD1, CLK_PLL1_DIV2, 0x0078),
9366 -- DEF_GEN3_SD("sd2", R8A7795_CLK_SD2, CLK_PLL1_DIV2, 0x0268),
9367 -- DEF_GEN3_SD("sd3", R8A7795_CLK_SD3, CLK_PLL1_DIV2, 0x026c),
9368 -+ DEF_GEN3_SD("sd0", R8A7795_CLK_SD0, CLK_SDSRC, 0x0074),
9369 -+ DEF_GEN3_SD("sd1", R8A7795_CLK_SD1, CLK_SDSRC, 0x0078),
9370 -+ DEF_GEN3_SD("sd2", R8A7795_CLK_SD2, CLK_SDSRC, 0x0268),
9371 -+ DEF_GEN3_SD("sd3", R8A7795_CLK_SD3, CLK_SDSRC, 0x026c),
9372 -
9373 - DEF_FIXED("cl", R8A7795_CLK_CL, CLK_PLL1_DIV2, 48, 1),
9374 - DEF_FIXED("cp", R8A7795_CLK_CP, CLK_EXTAL, 2, 1),
9375 -diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
9376 -index ea8189f..6dc5971 100644
9377 ---- a/drivers/crypto/caam/caamalg.c
9378 -+++ b/drivers/crypto/caam/caamalg.c
9379 -@@ -441,6 +441,9 @@ static int aead_set_sh_desc(struct crypto_aead *aead)
9380 - OP_ALG_AAI_CTR_MOD128);
9381 - const bool is_rfc3686 = alg->caam.rfc3686;
9382 -
9383 -+ if (!ctx->authsize)
9384 -+ return 0;
9385 -+
9386 - /* NULL encryption / decryption */
9387 - if (!ctx->enckeylen)
9388 - return aead_null_set_sh_desc(aead);
9389 -@@ -614,7 +617,7 @@ skip_enc:
9390 - keys_fit_inline = true;
9391 -
9392 - /* aead_givencrypt shared descriptor */
9393 -- desc = ctx->sh_desc_givenc;
9394 -+ desc = ctx->sh_desc_enc;
9395 -
9396 - /* Note: Context registers are saved. */
9397 - init_sh_desc_key_aead(desc, ctx, keys_fit_inline, is_rfc3686);
9398 -@@ -645,13 +648,13 @@ copy_iv:
9399 - append_operation(desc, ctx->class2_alg_type |
9400 - OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT);
9401 -
9402 -- /* ivsize + cryptlen = seqoutlen - authsize */
9403 -- append_math_sub_imm_u32(desc, REG3, SEQOUTLEN, IMM, ctx->authsize);
9404 --
9405 - /* Read and write assoclen bytes */
9406 - append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ);
9407 - append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
9408 -
9409 -+ /* ivsize + cryptlen = seqoutlen - authsize */
9410 -+ append_math_sub_imm_u32(desc, REG3, SEQOUTLEN, IMM, ctx->authsize);
9411 -+
9412 - /* Skip assoc data */
9413 - append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF);
9414 -
9415 -@@ -697,7 +700,7 @@ copy_iv:
9416 - ctx->sh_desc_enc_dma = dma_map_single(jrdev, desc,
9417 - desc_bytes(desc),
9418 - DMA_TO_DEVICE);
9419 -- if (dma_mapping_error(jrdev, ctx->sh_desc_givenc_dma)) {
9420 -+ if (dma_mapping_error(jrdev, ctx->sh_desc_enc_dma)) {
9421 - dev_err(jrdev, "unable to map shared descriptor\n");
9422 - return -ENOMEM;
9423 - }
9424 -diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
9425 -index 5845d4a..e9703f9 100644
9426 ---- a/drivers/crypto/caam/caamhash.c
9427 -+++ b/drivers/crypto/caam/caamhash.c
9428 -@@ -1897,6 +1897,7 @@ caam_hash_alloc(struct caam_hash_template *template,
9429 - template->name);
9430 - snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
9431 - template->driver_name);
9432 -+ t_alg->ahash_alg.setkey = NULL;
9433 - }
9434 - alg->cra_module = THIS_MODULE;
9435 - alg->cra_init = caam_hash_cra_init;
9436 -diff --git a/drivers/crypto/nx/nx.c b/drivers/crypto/nx/nx.c
9437 -index 0794f1c..42f0f22 100644
9438 ---- a/drivers/crypto/nx/nx.c
9439 -+++ b/drivers/crypto/nx/nx.c
9440 -@@ -392,7 +392,7 @@ static void nx_of_update_msc(struct device *dev,
9441 - ((bytes_so_far + sizeof(struct msc_triplet)) <= lenp) &&
9442 - i < msc->triplets;
9443 - i++) {
9444 -- if (msc->fc > NX_MAX_FC || msc->mode > NX_MAX_MODE) {
9445 -+ if (msc->fc >= NX_MAX_FC || msc->mode >= NX_MAX_MODE) {
9446 - dev_err(dev, "unknown function code/mode "
9447 - "combo: %d/%d (ignored)\n", msc->fc,
9448 - msc->mode);
9449 -diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
9450 -index 1e8852a8..4c9deef 100644
9451 ---- a/drivers/crypto/qat/qat_common/qat_algs.c
9452 -+++ b/drivers/crypto/qat/qat_common/qat_algs.c
9453 -@@ -1260,8 +1260,8 @@ static struct crypto_alg qat_algs[] = { {
9454 - .setkey = qat_alg_ablkcipher_xts_setkey,
9455 - .decrypt = qat_alg_ablkcipher_decrypt,
9456 - .encrypt = qat_alg_ablkcipher_encrypt,
9457 -- .min_keysize = AES_MIN_KEY_SIZE,
9458 -- .max_keysize = AES_MAX_KEY_SIZE,
9459 -+ .min_keysize = 2 * AES_MIN_KEY_SIZE,
9460 -+ .max_keysize = 2 * AES_MAX_KEY_SIZE,
9461 - .ivsize = AES_BLOCK_SIZE,
9462 - },
9463 - },
9464 -diff --git a/drivers/dax/pmem.c b/drivers/dax/pmem.c
9465 -index 55d510e..82e6743 100644
9466 ---- a/drivers/dax/pmem.c
9467 -+++ b/drivers/dax/pmem.c
9468 -@@ -118,6 +118,9 @@ static int dax_pmem_probe(struct device *dev)
9469 - return rc;
9470 - }
9471 -
9472 -+ /* adjust the dax_region resource to the start of data */
9473 -+ res.start += le64_to_cpu(pfn_sb->dataoff);
9474 -+
9475 - nd_region = to_nd_region(dev->parent);
9476 - dax_region = alloc_dax_region(dev, nd_region->id, &res,
9477 - le32_to_cpu(pfn_sb->align), addr, PFN_DEV|PFN_MAP);
9478 -diff --git a/drivers/dma/sh/usb-dmac.c b/drivers/dma/sh/usb-dmac.c
9479 -index 749f1bd..06ecdc3 100644
9480 ---- a/drivers/dma/sh/usb-dmac.c
9481 -+++ b/drivers/dma/sh/usb-dmac.c
9482 -@@ -600,27 +600,30 @@ static irqreturn_t usb_dmac_isr_channel(int irq, void *dev)
9483 - {
9484 - struct usb_dmac_chan *chan = dev;
9485 - irqreturn_t ret = IRQ_NONE;
9486 -- u32 mask = USB_DMACHCR_TE;
9487 -- u32 check_bits = USB_DMACHCR_TE | USB_DMACHCR_SP;
9488 -+ u32 mask = 0;
9489 - u32 chcr;
9490 -+ bool xfer_end = false;
9491 -
9492 - spin_lock(&chan->vc.lock);
9493 -
9494 - chcr = usb_dmac_chan_read(chan, USB_DMACHCR);
9495 -- if (chcr & check_bits)
9496 -- mask |= USB_DMACHCR_DE | check_bits;
9497 -+ if (chcr & (USB_DMACHCR_TE | USB_DMACHCR_SP)) {
9498 -+ mask |= USB_DMACHCR_DE | USB_DMACHCR_TE | USB_DMACHCR_SP;
9499 -+ if (chcr & USB_DMACHCR_DE)
9500 -+ xfer_end = true;
9501 -+ ret |= IRQ_HANDLED;
9502 -+ }
9503 - if (chcr & USB_DMACHCR_NULL) {
9504 - /* An interruption of TE will happen after we set FTE */
9505 - mask |= USB_DMACHCR_NULL;
9506 - chcr |= USB_DMACHCR_FTE;
9507 - ret |= IRQ_HANDLED;
9508 - }
9509 -- usb_dmac_chan_write(chan, USB_DMACHCR, chcr & ~mask);
9510 -+ if (mask)
9511 -+ usb_dmac_chan_write(chan, USB_DMACHCR, chcr & ~mask);
9512 -
9513 -- if (chcr & check_bits) {
9514 -+ if (xfer_end)
9515 - usb_dmac_isr_transfer_end(chan);
9516 -- ret |= IRQ_HANDLED;
9517 -- }
9518 -
9519 - spin_unlock(&chan->vc.lock);
9520 -
9521 -diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
9522 -index 4fb2eb7..ce0067b 100644
9523 ---- a/drivers/edac/sb_edac.c
9524 -+++ b/drivers/edac/sb_edac.c
9525 -@@ -552,9 +552,9 @@ static const struct pci_id_table pci_dev_descr_haswell_table[] = {
9526 - /* Knight's Landing Support */
9527 - /*
9528 - * KNL's memory channels are swizzled between memory controllers.
9529 -- * MC0 is mapped to CH3,5,6 and MC1 is mapped to CH0,1,2
9530 -+ * MC0 is mapped to CH3,4,5 and MC1 is mapped to CH0,1,2
9531 - */
9532 --#define knl_channel_remap(channel) ((channel + 3) % 6)
9533 -+#define knl_channel_remap(mc, chan) ((mc) ? (chan) : (chan) + 3)
9534 -
9535 - /* Memory controller, TAD tables, error injection - 2-8-0, 2-9-0 (2 of these) */
9536 - #define PCI_DEVICE_ID_INTEL_KNL_IMC_MC 0x7840
9537 -@@ -1286,7 +1286,7 @@ static u32 knl_get_mc_route(int entry, u32 reg)
9538 - mc = GET_BITFIELD(reg, entry*3, (entry*3)+2);
9539 - chan = GET_BITFIELD(reg, (entry*2) + 18, (entry*2) + 18 + 1);
9540 -
9541 -- return knl_channel_remap(mc*3 + chan);
9542 -+ return knl_channel_remap(mc, chan);
9543 - }
9544 -
9545 - /*
9546 -@@ -2997,8 +2997,15 @@ static void sbridge_mce_output_error(struct mem_ctl_info *mci,
9547 - } else {
9548 - char A = *("A");
9549 -
9550 -- channel = knl_channel_remap(channel);
9551 -+ /*
9552 -+ * Reported channel is in range 0-2, so we can't map it
9553 -+ * back to mc. To figure out mc we check machine check
9554 -+ * bank register that reported this error.
9555 -+ * bank15 means mc0 and bank16 means mc1.
9556 -+ */
9557 -+ channel = knl_channel_remap(m->bank == 16, channel);
9558 - channel_mask = 1 << channel;
9559 -+
9560 - snprintf(msg, sizeof(msg),
9561 - "%s%s err_code:%04x:%04x channel:%d (DIMM_%c)",
9562 - overflow ? " OVERFLOW" : "",
9563 -diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c
9564 -index c99c24b..9ae6c11 100644
9565 ---- a/drivers/firmware/efi/capsule-loader.c
9566 -+++ b/drivers/firmware/efi/capsule-loader.c
9567 -@@ -16,6 +16,7 @@
9568 - #include <linux/slab.h>
9569 - #include <linux/mutex.h>
9570 - #include <linux/efi.h>
9571 -+#include <linux/vmalloc.h>
9572 -
9573 - #define NO_FURTHER_WRITE_ACTION -1
9574 -
9575 -@@ -108,14 +109,15 @@ static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info)
9576 - int ret;
9577 - void *cap_hdr_temp;
9578 -
9579 -- cap_hdr_temp = kmap(cap_info->pages[0]);
9580 -+ cap_hdr_temp = vmap(cap_info->pages, cap_info->index,
9581 -+ VM_MAP, PAGE_KERNEL);
9582 - if (!cap_hdr_temp) {
9583 -- pr_debug("%s: kmap() failed\n", __func__);
9584 -+ pr_debug("%s: vmap() failed\n", __func__);
9585 - return -EFAULT;
9586 - }
9587 -
9588 - ret = efi_capsule_update(cap_hdr_temp, cap_info->pages);
9589 -- kunmap(cap_info->pages[0]);
9590 -+ vunmap(cap_hdr_temp);
9591 - if (ret) {
9592 - pr_err("%s: efi_capsule_update() failed\n", __func__);
9593 - return ret;
9594 -diff --git a/drivers/firmware/efi/capsule.c b/drivers/firmware/efi/capsule.c
9595 -index 53b9fd2..6eedff4 100644
9596 ---- a/drivers/firmware/efi/capsule.c
9597 -+++ b/drivers/firmware/efi/capsule.c
9598 -@@ -190,9 +190,9 @@ efi_capsule_update_locked(efi_capsule_header_t *capsule,
9599 - * map the capsule described by @capsule with its data in @pages and
9600 - * send it to the firmware via the UpdateCapsule() runtime service.
9601 - *
9602 -- * @capsule must be a virtual mapping of the first page in @pages
9603 -- * (@pages[0]) in the kernel address space. That is, a
9604 -- * capsule_header_t that describes the entire contents of the capsule
9605 -+ * @capsule must be a virtual mapping of the complete capsule update in the
9606 -+ * kernel address space, as the capsule can be consumed immediately.
9607 -+ * A capsule_header_t that describes the entire contents of the capsule
9608 - * must be at the start of the first data page.
9609 - *
9610 - * Even though this function will validate that the firmware supports
9611 -diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig
9612 -index d786061..5d457ff 100644
9613 ---- a/drivers/gpio/Kconfig
9614 -+++ b/drivers/gpio/Kconfig
9615 -@@ -50,6 +50,7 @@ config GPIO_DEVRES
9616 - config OF_GPIO
9617 - def_bool y
9618 - depends on OF
9619 -+ depends on HAS_IOMEM
9620 -
9621 - config GPIO_ACPI
9622 - def_bool y
9623 -diff --git a/drivers/gpio/gpio-max730x.c b/drivers/gpio/gpio-max730x.c
9624 -index 0880736..946d091 100644
9625 ---- a/drivers/gpio/gpio-max730x.c
9626 -+++ b/drivers/gpio/gpio-max730x.c
9627 -@@ -192,6 +192,10 @@ int __max730x_probe(struct max7301 *ts)
9628 - ts->chip.parent = dev;
9629 - ts->chip.owner = THIS_MODULE;
9630 -
9631 -+ ret = gpiochip_add_data(&ts->chip, ts);
9632 -+ if (ret)
9633 -+ goto exit_destroy;
9634 -+
9635 - /*
9636 - * initialize pullups according to platform data and cache the
9637 - * register values for later use.
9638 -@@ -213,10 +217,6 @@ int __max730x_probe(struct max7301 *ts)
9639 - }
9640 - }
9641 -
9642 -- ret = gpiochip_add_data(&ts->chip, ts);
9643 -- if (ret)
9644 -- goto exit_destroy;
9645 --
9646 - return ret;
9647 -
9648 - exit_destroy:
9649 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
9650 -index e055d5be..56475b1 100644
9651 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
9652 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
9653 -@@ -415,6 +415,8 @@ struct amdgpu_mman {
9654 -
9655 - /* custom LRU management */
9656 - struct amdgpu_mman_lru log2_size[AMDGPU_TTM_LRU_SIZE];
9657 -+ /* guard for log2_size array, don't add anything in between */
9658 -+ struct amdgpu_mman_lru guard;
9659 - };
9660 -
9661 - int amdgpu_copy_buffer(struct amdgpu_ring *ring,
9662 -@@ -637,9 +639,9 @@ int amdgpu_gart_table_vram_pin(struct amdgpu_device *adev);
9663 - void amdgpu_gart_table_vram_unpin(struct amdgpu_device *adev);
9664 - int amdgpu_gart_init(struct amdgpu_device *adev);
9665 - void amdgpu_gart_fini(struct amdgpu_device *adev);
9666 --void amdgpu_gart_unbind(struct amdgpu_device *adev, unsigned offset,
9667 -+void amdgpu_gart_unbind(struct amdgpu_device *adev, uint64_t offset,
9668 - int pages);
9669 --int amdgpu_gart_bind(struct amdgpu_device *adev, unsigned offset,
9670 -+int amdgpu_gart_bind(struct amdgpu_device *adev, uint64_t offset,
9671 - int pages, struct page **pagelist,
9672 - dma_addr_t *dma_addr, uint32_t flags);
9673 -
9674 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
9675 -index 9831753..fe872b8 100644
9676 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
9677 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
9678 -@@ -321,6 +321,19 @@ bool amdgpu_atombios_get_connector_info_from_object_table(struct amdgpu_device *
9679 - (le16_to_cpu(path->usConnObjectId) &
9680 - OBJECT_TYPE_MASK) >> OBJECT_TYPE_SHIFT;
9681 -
9682 -+ /* Skip TV/CV support */
9683 -+ if ((le16_to_cpu(path->usDeviceTag) ==
9684 -+ ATOM_DEVICE_TV1_SUPPORT) ||
9685 -+ (le16_to_cpu(path->usDeviceTag) ==
9686 -+ ATOM_DEVICE_CV_SUPPORT))
9687 -+ continue;
9688 -+
9689 -+ if (con_obj_id >= ARRAY_SIZE(object_connector_convert)) {
9690 -+ DRM_ERROR("invalid con_obj_id %d for device tag 0x%04x\n",
9691 -+ con_obj_id, le16_to_cpu(path->usDeviceTag));
9692 -+ continue;
9693 -+ }
9694 -+
9695 - connector_type =
9696 - object_connector_convert[con_obj_id];
9697 - connector_object_id = con_obj_id;
9698 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c
9699 -index 921bce2..0feea34 100644
9700 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c
9701 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c
9702 -@@ -221,7 +221,7 @@ void amdgpu_gart_table_vram_free(struct amdgpu_device *adev)
9703 - * Unbinds the requested pages from the gart page table and
9704 - * replaces them with the dummy page (all asics).
9705 - */
9706 --void amdgpu_gart_unbind(struct amdgpu_device *adev, unsigned offset,
9707 -+void amdgpu_gart_unbind(struct amdgpu_device *adev, uint64_t offset,
9708 - int pages)
9709 - {
9710 - unsigned t;
9711 -@@ -268,7 +268,7 @@ void amdgpu_gart_unbind(struct amdgpu_device *adev, unsigned offset,
9712 - * (all asics).
9713 - * Returns 0 for success, -EINVAL for failure.
9714 - */
9715 --int amdgpu_gart_bind(struct amdgpu_device *adev, unsigned offset,
9716 -+int amdgpu_gart_bind(struct amdgpu_device *adev, uint64_t offset,
9717 - int pages, struct page **pagelist, dma_addr_t *dma_addr,
9718 - uint32_t flags)
9719 - {
9720 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c
9721 -index 34e3542..194cfc1 100644
9722 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c
9723 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c
9724 -@@ -288,7 +288,7 @@ void amdgpu_ib_pool_fini(struct amdgpu_device *adev)
9725 - int amdgpu_ib_ring_tests(struct amdgpu_device *adev)
9726 - {
9727 - unsigned i;
9728 -- int r;
9729 -+ int r, ret = 0;
9730 -
9731 - for (i = 0; i < AMDGPU_MAX_RINGS; ++i) {
9732 - struct amdgpu_ring *ring = adev->rings[i];
9733 -@@ -309,10 +309,11 @@ int amdgpu_ib_ring_tests(struct amdgpu_device *adev)
9734 - } else {
9735 - /* still not good, but we can live with it */
9736 - DRM_ERROR("amdgpu: failed testing IB on ring %d (%d).\n", i, r);
9737 -+ ret = r;
9738 - }
9739 - }
9740 - }
9741 -- return 0;
9742 -+ return ret;
9743 - }
9744 -
9745 - /*
9746 -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
9747 -index 3b9053a..46c5297 100644
9748 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
9749 -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
9750 -@@ -251,8 +251,8 @@ static int amdgpu_move_blit(struct ttm_buffer_object *bo,
9751 -
9752 - adev = amdgpu_get_adev(bo->bdev);
9753 - ring = adev->mman.buffer_funcs_ring;
9754 -- old_start = old_mem->start << PAGE_SHIFT;
9755 -- new_start = new_mem->start << PAGE_SHIFT;
9756 -+ old_start = (u64)old_mem->start << PAGE_SHIFT;
9757 -+ new_start = (u64)new_mem->start << PAGE_SHIFT;
9758 -
9759 - switch (old_mem->mem_type) {
9760 - case TTM_PL_VRAM:
9761 -@@ -943,6 +943,8 @@ static struct list_head *amdgpu_ttm_lru_tail(struct ttm_buffer_object *tbo)
9762 - struct list_head *res = lru->lru[tbo->mem.mem_type];
9763 -
9764 - lru->lru[tbo->mem.mem_type] = &tbo->lru;
9765 -+ while ((++lru)->lru[tbo->mem.mem_type] == res)
9766 -+ lru->lru[tbo->mem.mem_type] = &tbo->lru;
9767 -
9768 - return res;
9769 - }
9770 -@@ -953,6 +955,8 @@ static struct list_head *amdgpu_ttm_swap_lru_tail(struct ttm_buffer_object *tbo)
9771 - struct list_head *res = lru->swap_lru;
9772 -
9773 - lru->swap_lru = &tbo->swap;
9774 -+ while ((++lru)->swap_lru == res)
9775 -+ lru->swap_lru = &tbo->swap;
9776 -
9777 - return res;
9778 - }
9779 -@@ -1004,6 +1008,10 @@ int amdgpu_ttm_init(struct amdgpu_device *adev)
9780 - lru->swap_lru = &adev->mman.bdev.glob->swap_lru;
9781 - }
9782 -
9783 -+ for (j = 0; j < TTM_NUM_MEM_TYPES; ++j)
9784 -+ adev->mman.guard.lru[j] = NULL;
9785 -+ adev->mman.guard.swap_lru = NULL;
9786 -+
9787 - adev->mman.initialized = true;
9788 - r = ttm_bo_init_mm(&adev->mman.bdev, TTM_PL_VRAM,
9789 - adev->mc.real_vram_size >> PAGE_SHIFT);
9790 -diff --git a/drivers/gpu/drm/amd/amdgpu/cik_sdma.c b/drivers/gpu/drm/amd/amdgpu/cik_sdma.c
9791 -index 9dc4e24..3a1bbe2 100644
9792 ---- a/drivers/gpu/drm/amd/amdgpu/cik_sdma.c
9793 -+++ b/drivers/gpu/drm/amd/amdgpu/cik_sdma.c
9794 -@@ -52,6 +52,7 @@ static void cik_sdma_set_ring_funcs(struct amdgpu_device *adev);
9795 - static void cik_sdma_set_irq_funcs(struct amdgpu_device *adev);
9796 - static void cik_sdma_set_buffer_funcs(struct amdgpu_device *adev);
9797 - static void cik_sdma_set_vm_pte_funcs(struct amdgpu_device *adev);
9798 -+static int cik_sdma_soft_reset(void *handle);
9799 -
9800 - MODULE_FIRMWARE("radeon/bonaire_sdma.bin");
9801 - MODULE_FIRMWARE("radeon/bonaire_sdma1.bin");
9802 -@@ -1051,6 +1052,8 @@ static int cik_sdma_resume(void *handle)
9803 - {
9804 - struct amdgpu_device *adev = (struct amdgpu_device *)handle;
9805 -
9806 -+ cik_sdma_soft_reset(handle);
9807 -+
9808 - return cik_sdma_hw_init(adev);
9809 - }
9810 -
9811 -diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
9812 -index fc8ff4d..6b40809 100644
9813 ---- a/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
9814 -+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
9815 -@@ -2777,8 +2777,7 @@ static int gfx_v7_0_cp_compute_resume(struct amdgpu_device *adev)
9816 - u64 wb_gpu_addr;
9817 - u32 *buf;
9818 - struct bonaire_mqd *mqd;
9819 --
9820 -- gfx_v7_0_cp_compute_enable(adev, true);
9821 -+ struct amdgpu_ring *ring;
9822 -
9823 - /* fix up chicken bits */
9824 - tmp = RREG32(mmCP_CPF_DEBUG);
9825 -@@ -2813,7 +2812,7 @@ static int gfx_v7_0_cp_compute_resume(struct amdgpu_device *adev)
9826 -
9827 - /* init the queues. Just two for now. */
9828 - for (i = 0; i < adev->gfx.num_compute_rings; i++) {
9829 -- struct amdgpu_ring *ring = &adev->gfx.compute_ring[i];
9830 -+ ring = &adev->gfx.compute_ring[i];
9831 -
9832 - if (ring->mqd_obj == NULL) {
9833 - r = amdgpu_bo_create(adev,
9834 -@@ -2992,6 +2991,13 @@ static int gfx_v7_0_cp_compute_resume(struct amdgpu_device *adev)
9835 - amdgpu_bo_unreserve(ring->mqd_obj);
9836 -
9837 - ring->ready = true;
9838 -+ }
9839 -+
9840 -+ gfx_v7_0_cp_compute_enable(adev, true);
9841 -+
9842 -+ for (i = 0; i < adev->gfx.num_compute_rings; i++) {
9843 -+ ring = &adev->gfx.compute_ring[i];
9844 -+
9845 - r = amdgpu_ring_test_ring(ring);
9846 - if (r)
9847 - ring->ready = false;
9848 -diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
9849 -index 85c4deb..fd3553b 100644
9850 ---- a/drivers/gpu/drm/i915/i915_drv.c
9851 -+++ b/drivers/gpu/drm/i915/i915_drv.c
9852 -@@ -1578,6 +1578,9 @@ static int intel_runtime_suspend(struct device *device)
9853 -
9854 - assert_forcewakes_inactive(dev_priv);
9855 -
9856 -+ if (!IS_VALLEYVIEW(dev_priv) || !IS_CHERRYVIEW(dev_priv))
9857 -+ intel_hpd_poll_init(dev_priv);
9858 -+
9859 - DRM_DEBUG_KMS("Device suspended\n");
9860 - return 0;
9861 - }
9862 -diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
9863 -index 227a63e..0ed5fd3 100644
9864 ---- a/drivers/gpu/drm/i915/i915_drv.h
9865 -+++ b/drivers/gpu/drm/i915/i915_drv.h
9866 -@@ -281,6 +281,9 @@ struct i915_hotplug {
9867 - u32 short_port_mask;
9868 - struct work_struct dig_port_work;
9869 -
9870 -+ struct work_struct poll_init_work;
9871 -+ bool poll_enabled;
9872 -+
9873 - /*
9874 - * if we get a HPD irq from DP and a HPD irq from non-DP
9875 - * the non-DP HPD could block the workqueue on a mode config
9876 -@@ -2791,6 +2794,8 @@ void intel_hpd_init(struct drm_i915_private *dev_priv);
9877 - void intel_hpd_init_work(struct drm_i915_private *dev_priv);
9878 - void intel_hpd_cancel_work(struct drm_i915_private *dev_priv);
9879 - bool intel_hpd_pin_to_port(enum hpd_pin pin, enum port *port);
9880 -+bool intel_hpd_disable(struct drm_i915_private *dev_priv, enum hpd_pin pin);
9881 -+void intel_hpd_enable(struct drm_i915_private *dev_priv, enum hpd_pin pin);
9882 -
9883 - /* i915_irq.c */
9884 - void i915_queue_hangcheck(struct drm_device *dev);
9885 -diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
9886 -index 92acdff..e856f79 100644
9887 ---- a/drivers/gpu/drm/i915/i915_gem_gtt.c
9888 -+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
9889 -@@ -2826,6 +2826,7 @@ void i915_ggtt_cleanup_hw(struct drm_device *dev)
9890 - struct i915_hw_ppgtt *ppgtt = dev_priv->mm.aliasing_ppgtt;
9891 -
9892 - ppgtt->base.cleanup(&ppgtt->base);
9893 -+ kfree(ppgtt);
9894 - }
9895 -
9896 - i915_gem_cleanup_stolen(dev);
9897 -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
9898 -index bc3b6dd..5369a6d 100644
9899 ---- a/drivers/gpu/drm/i915/i915_reg.h
9900 -+++ b/drivers/gpu/drm/i915/i915_reg.h
9901 -@@ -1522,6 +1522,7 @@ enum skl_disp_power_wells {
9902 - #define BALANCE_LEG_MASK(port) (7<<(8+3*(port)))
9903 - /* Balance leg disable bits */
9904 - #define BALANCE_LEG_DISABLE_SHIFT 23
9905 -+#define BALANCE_LEG_DISABLE(port) (1 << (23 + (port)))
9906 -
9907 - /*
9908 - * Fence registers
9909 -diff --git a/drivers/gpu/drm/i915/intel_audio.c b/drivers/gpu/drm/i915/intel_audio.c
9910 -index 02a7527..74eca43 100644
9911 ---- a/drivers/gpu/drm/i915/intel_audio.c
9912 -+++ b/drivers/gpu/drm/i915/intel_audio.c
9913 -@@ -600,6 +600,8 @@ static void i915_audio_component_codec_wake_override(struct device *dev,
9914 - if (!IS_SKYLAKE(dev_priv) && !IS_KABYLAKE(dev_priv))
9915 - return;
9916 -
9917 -+ i915_audio_component_get_power(dev);
9918 -+
9919 - /*
9920 - * Enable/disable generating the codec wake signal, overriding the
9921 - * internal logic to generate the codec wake to controller.
9922 -@@ -615,6 +617,8 @@ static void i915_audio_component_codec_wake_override(struct device *dev,
9923 - I915_WRITE(HSW_AUD_CHICKENBIT, tmp);
9924 - usleep_range(1000, 1500);
9925 - }
9926 -+
9927 -+ i915_audio_component_put_power(dev);
9928 - }
9929 -
9930 - /* Get CDCLK in kHz */
9931 -@@ -654,6 +658,7 @@ static int i915_audio_component_sync_audio_rate(struct device *dev,
9932 - !IS_HASWELL(dev_priv))
9933 - return 0;
9934 -
9935 -+ i915_audio_component_get_power(dev);
9936 - mutex_lock(&dev_priv->av_mutex);
9937 - /* 1. get the pipe */
9938 - intel_encoder = dev_priv->dig_port_map[port];
9939 -@@ -704,6 +709,7 @@ static int i915_audio_component_sync_audio_rate(struct device *dev,
9940 -
9941 - unlock:
9942 - mutex_unlock(&dev_priv->av_mutex);
9943 -+ i915_audio_component_put_power(dev);
9944 - return err;
9945 - }
9946 -
9947 -diff --git a/drivers/gpu/drm/i915/intel_crt.c b/drivers/gpu/drm/i915/intel_crt.c
9948 -index 3fbb6fc..a3f87d6 100644
9949 ---- a/drivers/gpu/drm/i915/intel_crt.c
9950 -+++ b/drivers/gpu/drm/i915/intel_crt.c
9951 -@@ -327,10 +327,25 @@ static bool valleyview_crt_detect_hotplug(struct drm_connector *connector)
9952 - struct drm_device *dev = connector->dev;
9953 - struct intel_crt *crt = intel_attached_crt(connector);
9954 - struct drm_i915_private *dev_priv = dev->dev_private;
9955 -+ bool reenable_hpd;
9956 - u32 adpa;
9957 - bool ret;
9958 - u32 save_adpa;
9959 -
9960 -+ /*
9961 -+ * Doing a force trigger causes a hpd interrupt to get sent, which can
9962 -+ * get us stuck in a loop if we're polling:
9963 -+ * - We enable power wells and reset the ADPA
9964 -+ * - output_poll_exec does force probe on VGA, triggering a hpd
9965 -+ * - HPD handler waits for poll to unlock dev->mode_config.mutex
9966 -+ * - output_poll_exec shuts off the ADPA, unlocks
9967 -+ * dev->mode_config.mutex
9968 -+ * - HPD handler runs, resets ADPA and brings us back to the start
9969 -+ *
9970 -+ * Just disable HPD interrupts here to prevent this
9971 -+ */
9972 -+ reenable_hpd = intel_hpd_disable(dev_priv, crt->base.hpd_pin);
9973 -+
9974 - save_adpa = adpa = I915_READ(crt->adpa_reg);
9975 - DRM_DEBUG_KMS("trigger hotplug detect cycle: adpa=0x%x\n", adpa);
9976 -
9977 -@@ -353,6 +368,9 @@ static bool valleyview_crt_detect_hotplug(struct drm_connector *connector)
9978 -
9979 - DRM_DEBUG_KMS("valleyview hotplug adpa=0x%x, result %d\n", adpa, ret);
9980 -
9981 -+ if (reenable_hpd)
9982 -+ intel_hpd_enable(dev_priv, crt->base.hpd_pin);
9983 -+
9984 - return ret;
9985 - }
9986 -
9987 -@@ -713,11 +731,11 @@ static int intel_crt_set_property(struct drm_connector *connector,
9988 - return 0;
9989 - }
9990 -
9991 --static void intel_crt_reset(struct drm_connector *connector)
9992 -+void intel_crt_reset(struct drm_encoder *encoder)
9993 - {
9994 -- struct drm_device *dev = connector->dev;
9995 -+ struct drm_device *dev = encoder->dev;
9996 - struct drm_i915_private *dev_priv = dev->dev_private;
9997 -- struct intel_crt *crt = intel_attached_crt(connector);
9998 -+ struct intel_crt *crt = intel_encoder_to_crt(to_intel_encoder(encoder));
9999 -
10000 - if (INTEL_INFO(dev)->gen >= 5) {
10001 - u32 adpa;
10002 -@@ -739,7 +757,6 @@ static void intel_crt_reset(struct drm_connector *connector)
10003 - */
10004 -
10005 - static const struct drm_connector_funcs intel_crt_connector_funcs = {
10006 -- .reset = intel_crt_reset,
10007 - .dpms = drm_atomic_helper_connector_dpms,
10008 - .detect = intel_crt_detect,
10009 - .fill_modes = drm_helper_probe_single_connector_modes,
10010 -@@ -757,6 +774,7 @@ static const struct drm_connector_helper_funcs intel_crt_connector_helper_funcs
10011 - };
10012 -
10013 - static const struct drm_encoder_funcs intel_crt_enc_funcs = {
10014 -+ .reset = intel_crt_reset,
10015 - .destroy = intel_encoder_destroy,
10016 - };
10017 -
10018 -@@ -902,5 +920,5 @@ void intel_crt_init(struct drm_device *dev)
10019 - dev_priv->fdi_rx_config = I915_READ(FDI_RX_CTL(PIPE_A)) & fdi_config;
10020 - }
10021 -
10022 -- intel_crt_reset(connector);
10023 -+ intel_crt_reset(&crt->base.base);
10024 - }
10025 -diff --git a/drivers/gpu/drm/i915/intel_ddi.c b/drivers/gpu/drm/i915/intel_ddi.c
10026 -index 01e523d..12c4f43 100644
10027 ---- a/drivers/gpu/drm/i915/intel_ddi.c
10028 -+++ b/drivers/gpu/drm/i915/intel_ddi.c
10029 -@@ -145,7 +145,7 @@ static const struct ddi_buf_trans skl_ddi_translations_dp[] = {
10030 - static const struct ddi_buf_trans skl_u_ddi_translations_dp[] = {
10031 - { 0x0000201B, 0x000000A2, 0x0 },
10032 - { 0x00005012, 0x00000088, 0x0 },
10033 -- { 0x80007011, 0x000000CD, 0x0 },
10034 -+ { 0x80007011, 0x000000CD, 0x1 },
10035 - { 0x80009010, 0x000000C0, 0x1 },
10036 - { 0x0000201B, 0x0000009D, 0x0 },
10037 - { 0x80005012, 0x000000C0, 0x1 },
10038 -@@ -158,7 +158,7 @@ static const struct ddi_buf_trans skl_u_ddi_translations_dp[] = {
10039 - static const struct ddi_buf_trans skl_y_ddi_translations_dp[] = {
10040 - { 0x00000018, 0x000000A2, 0x0 },
10041 - { 0x00005012, 0x00000088, 0x0 },
10042 -- { 0x80007011, 0x000000CD, 0x0 },
10043 -+ { 0x80007011, 0x000000CD, 0x3 },
10044 - { 0x80009010, 0x000000C0, 0x3 },
10045 - { 0x00000018, 0x0000009D, 0x0 },
10046 - { 0x80005012, 0x000000C0, 0x3 },
10047 -@@ -388,6 +388,40 @@ skl_get_buf_trans_hdmi(struct drm_i915_private *dev_priv, int *n_entries)
10048 - }
10049 - }
10050 -
10051 -+static int intel_ddi_hdmi_level(struct drm_i915_private *dev_priv, enum port port)
10052 -+{
10053 -+ int n_hdmi_entries;
10054 -+ int hdmi_level;
10055 -+ int hdmi_default_entry;
10056 -+
10057 -+ hdmi_level = dev_priv->vbt.ddi_port_info[port].hdmi_level_shift;
10058 -+
10059 -+ if (IS_BROXTON(dev_priv))
10060 -+ return hdmi_level;
10061 -+
10062 -+ if (IS_SKYLAKE(dev_priv) || IS_KABYLAKE(dev_priv)) {
10063 -+ skl_get_buf_trans_hdmi(dev_priv, &n_hdmi_entries);
10064 -+ hdmi_default_entry = 8;
10065 -+ } else if (IS_BROADWELL(dev_priv)) {
10066 -+ n_hdmi_entries = ARRAY_SIZE(bdw_ddi_translations_hdmi);
10067 -+ hdmi_default_entry = 7;
10068 -+ } else if (IS_HASWELL(dev_priv)) {
10069 -+ n_hdmi_entries = ARRAY_SIZE(hsw_ddi_translations_hdmi);
10070 -+ hdmi_default_entry = 6;
10071 -+ } else {
10072 -+ WARN(1, "ddi translation table missing\n");
10073 -+ n_hdmi_entries = ARRAY_SIZE(bdw_ddi_translations_hdmi);
10074 -+ hdmi_default_entry = 7;
10075 -+ }
10076 -+
10077 -+ /* Choose a good default if VBT is badly populated */
10078 -+ if (hdmi_level == HDMI_LEVEL_SHIFT_UNKNOWN ||
10079 -+ hdmi_level >= n_hdmi_entries)
10080 -+ hdmi_level = hdmi_default_entry;
10081 -+
10082 -+ return hdmi_level;
10083 -+}
10084 -+
10085 - /*
10086 - * Starting with Haswell, DDI port buffers must be programmed with correct
10087 - * values in advance. The buffer values are different for FDI and DP modes,
10088 -@@ -399,7 +433,7 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10089 - {
10090 - struct drm_i915_private *dev_priv = to_i915(encoder->base.dev);
10091 - u32 iboost_bit = 0;
10092 -- int i, n_hdmi_entries, n_dp_entries, n_edp_entries, hdmi_default_entry,
10093 -+ int i, n_hdmi_entries, n_dp_entries, n_edp_entries,
10094 - size;
10095 - int hdmi_level;
10096 - enum port port;
10097 -@@ -410,7 +444,7 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10098 - const struct ddi_buf_trans *ddi_translations;
10099 -
10100 - port = intel_ddi_get_encoder_port(encoder);
10101 -- hdmi_level = dev_priv->vbt.ddi_port_info[port].hdmi_level_shift;
10102 -+ hdmi_level = intel_ddi_hdmi_level(dev_priv, port);
10103 -
10104 - if (IS_BROXTON(dev_priv)) {
10105 - if (encoder->type != INTEL_OUTPUT_HDMI)
10106 -@@ -430,7 +464,6 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10107 - skl_get_buf_trans_edp(dev_priv, &n_edp_entries);
10108 - ddi_translations_hdmi =
10109 - skl_get_buf_trans_hdmi(dev_priv, &n_hdmi_entries);
10110 -- hdmi_default_entry = 8;
10111 - /* If we're boosting the current, set bit 31 of trans1 */
10112 - if (dev_priv->vbt.ddi_port_info[port].hdmi_boost_level ||
10113 - dev_priv->vbt.ddi_port_info[port].dp_boost_level)
10114 -@@ -456,7 +489,6 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10115 -
10116 - n_dp_entries = ARRAY_SIZE(bdw_ddi_translations_dp);
10117 - n_hdmi_entries = ARRAY_SIZE(bdw_ddi_translations_hdmi);
10118 -- hdmi_default_entry = 7;
10119 - } else if (IS_HASWELL(dev_priv)) {
10120 - ddi_translations_fdi = hsw_ddi_translations_fdi;
10121 - ddi_translations_dp = hsw_ddi_translations_dp;
10122 -@@ -464,7 +496,6 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10123 - ddi_translations_hdmi = hsw_ddi_translations_hdmi;
10124 - n_dp_entries = n_edp_entries = ARRAY_SIZE(hsw_ddi_translations_dp);
10125 - n_hdmi_entries = ARRAY_SIZE(hsw_ddi_translations_hdmi);
10126 -- hdmi_default_entry = 6;
10127 - } else {
10128 - WARN(1, "ddi translation table missing\n");
10129 - ddi_translations_edp = bdw_ddi_translations_dp;
10130 -@@ -474,7 +505,6 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10131 - n_edp_entries = ARRAY_SIZE(bdw_ddi_translations_edp);
10132 - n_dp_entries = ARRAY_SIZE(bdw_ddi_translations_dp);
10133 - n_hdmi_entries = ARRAY_SIZE(bdw_ddi_translations_hdmi);
10134 -- hdmi_default_entry = 7;
10135 - }
10136 -
10137 - switch (encoder->type) {
10138 -@@ -505,11 +535,6 @@ void intel_prepare_ddi_buffer(struct intel_encoder *encoder)
10139 - if (encoder->type != INTEL_OUTPUT_HDMI)
10140 - return;
10141 -
10142 -- /* Choose a good default if VBT is badly populated */
10143 -- if (hdmi_level == HDMI_LEVEL_SHIFT_UNKNOWN ||
10144 -- hdmi_level >= n_hdmi_entries)
10145 -- hdmi_level = hdmi_default_entry;
10146 --
10147 - /* Entry 9 is for HDMI: */
10148 - I915_WRITE(DDI_BUF_TRANS_LO(port, i),
10149 - ddi_translations_hdmi[hdmi_level].trans1 | iboost_bit);
10150 -@@ -1371,14 +1396,30 @@ void intel_ddi_disable_pipe_clock(struct intel_crtc *intel_crtc)
10151 - TRANS_CLK_SEL_DISABLED);
10152 - }
10153 -
10154 --static void skl_ddi_set_iboost(struct drm_i915_private *dev_priv,
10155 -- u32 level, enum port port, int type)
10156 -+static void _skl_ddi_set_iboost(struct drm_i915_private *dev_priv,
10157 -+ enum port port, uint8_t iboost)
10158 - {
10159 -+ u32 tmp;
10160 -+
10161 -+ tmp = I915_READ(DISPIO_CR_TX_BMU_CR0);
10162 -+ tmp &= ~(BALANCE_LEG_MASK(port) | BALANCE_LEG_DISABLE(port));
10163 -+ if (iboost)
10164 -+ tmp |= iboost << BALANCE_LEG_SHIFT(port);
10165 -+ else
10166 -+ tmp |= BALANCE_LEG_DISABLE(port);
10167 -+ I915_WRITE(DISPIO_CR_TX_BMU_CR0, tmp);
10168 -+}
10169 -+
10170 -+static void skl_ddi_set_iboost(struct intel_encoder *encoder, u32 level)
10171 -+{
10172 -+ struct intel_digital_port *intel_dig_port = enc_to_dig_port(&encoder->base);
10173 -+ struct drm_i915_private *dev_priv = to_i915(intel_dig_port->base.base.dev);
10174 -+ enum port port = intel_dig_port->port;
10175 -+ int type = encoder->type;
10176 - const struct ddi_buf_trans *ddi_translations;
10177 - uint8_t iboost;
10178 - uint8_t dp_iboost, hdmi_iboost;
10179 - int n_entries;
10180 -- u32 reg;
10181 -
10182 - /* VBT may override standard boost values */
10183 - dp_iboost = dev_priv->vbt.ddi_port_info[port].dp_boost_level;
10184 -@@ -1420,16 +1461,10 @@ static void skl_ddi_set_iboost(struct drm_i915_private *dev_priv,
10185 - return;
10186 - }
10187 -
10188 -- reg = I915_READ(DISPIO_CR_TX_BMU_CR0);
10189 -- reg &= ~BALANCE_LEG_MASK(port);
10190 -- reg &= ~(1 << (BALANCE_LEG_DISABLE_SHIFT + port));
10191 --
10192 -- if (iboost)
10193 -- reg |= iboost << BALANCE_LEG_SHIFT(port);
10194 -- else
10195 -- reg |= 1 << (BALANCE_LEG_DISABLE_SHIFT + port);
10196 -+ _skl_ddi_set_iboost(dev_priv, port, iboost);
10197 -
10198 -- I915_WRITE(DISPIO_CR_TX_BMU_CR0, reg);
10199 -+ if (port == PORT_A && intel_dig_port->max_lanes == 4)
10200 -+ _skl_ddi_set_iboost(dev_priv, PORT_E, iboost);
10201 - }
10202 -
10203 - static void bxt_ddi_vswing_sequence(struct drm_i915_private *dev_priv,
10204 -@@ -1560,7 +1595,7 @@ uint32_t ddi_signal_levels(struct intel_dp *intel_dp)
10205 - level = translate_signal_level(signal_levels);
10206 -
10207 - if (IS_SKYLAKE(dev_priv) || IS_KABYLAKE(dev_priv))
10208 -- skl_ddi_set_iboost(dev_priv, level, port, encoder->type);
10209 -+ skl_ddi_set_iboost(encoder, level);
10210 - else if (IS_BROXTON(dev_priv))
10211 - bxt_ddi_vswing_sequence(dev_priv, level, port, encoder->type);
10212 -
10213 -@@ -1629,6 +1664,10 @@ static void intel_ddi_pre_enable(struct intel_encoder *intel_encoder)
10214 - intel_dp_stop_link_train(intel_dp);
10215 - } else if (type == INTEL_OUTPUT_HDMI) {
10216 - struct intel_hdmi *intel_hdmi = enc_to_intel_hdmi(encoder);
10217 -+ int level = intel_ddi_hdmi_level(dev_priv, port);
10218 -+
10219 -+ if (IS_SKYLAKE(dev_priv) || IS_KABYLAKE(dev_priv))
10220 -+ skl_ddi_set_iboost(intel_encoder, level);
10221 -
10222 - intel_hdmi->set_infoframes(encoder,
10223 - crtc->config->has_hdmi_sink,
10224 -diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
10225 -index f7f0f01..94144a7 100644
10226 ---- a/drivers/gpu/drm/i915/intel_drv.h
10227 -+++ b/drivers/gpu/drm/i915/intel_drv.h
10228 -@@ -1052,7 +1052,7 @@ void gen8_irq_power_well_pre_disable(struct drm_i915_private *dev_priv,
10229 -
10230 - /* intel_crt.c */
10231 - void intel_crt_init(struct drm_device *dev);
10232 --
10233 -+void intel_crt_reset(struct drm_encoder *encoder);
10234 -
10235 - /* intel_ddi.c */
10236 - void intel_ddi_clk_select(struct intel_encoder *encoder,
10237 -@@ -1346,6 +1346,8 @@ void intel_dsi_init(struct drm_device *dev);
10238 -
10239 - /* intel_dvo.c */
10240 - void intel_dvo_init(struct drm_device *dev);
10241 -+/* intel_hotplug.c */
10242 -+void intel_hpd_poll_init(struct drm_i915_private *dev_priv);
10243 -
10244 -
10245 - /* legacy fbdev emulation in intel_fbdev.c */
10246 -diff --git a/drivers/gpu/drm/i915/intel_hotplug.c b/drivers/gpu/drm/i915/intel_hotplug.c
10247 -index bee6730..2c49458 100644
10248 ---- a/drivers/gpu/drm/i915/intel_hotplug.c
10249 -+++ b/drivers/gpu/drm/i915/intel_hotplug.c
10250 -@@ -453,20 +453,47 @@ void intel_hpd_irq_handler(struct drm_device *dev,
10251 - *
10252 - * This is a separate step from interrupt enabling to simplify the locking rules
10253 - * in the driver load and resume code.
10254 -+ *
10255 -+ * Also see: intel_hpd_poll_init(), which enables connector polling
10256 - */
10257 - void intel_hpd_init(struct drm_i915_private *dev_priv)
10258 - {
10259 -- struct drm_device *dev = dev_priv->dev;
10260 -- struct drm_mode_config *mode_config = &dev->mode_config;
10261 -- struct drm_connector *connector;
10262 - int i;
10263 -
10264 - for_each_hpd_pin(i) {
10265 - dev_priv->hotplug.stats[i].count = 0;
10266 - dev_priv->hotplug.stats[i].state = HPD_ENABLED;
10267 - }
10268 -+
10269 -+ WRITE_ONCE(dev_priv->hotplug.poll_enabled, false);
10270 -+ schedule_work(&dev_priv->hotplug.poll_init_work);
10271 -+
10272 -+ /*
10273 -+ * Interrupt setup is already guaranteed to be single-threaded, this is
10274 -+ * just to make the assert_spin_locked checks happy.
10275 -+ */
10276 -+ spin_lock_irq(&dev_priv->irq_lock);
10277 -+ if (dev_priv->display.hpd_irq_setup)
10278 -+ dev_priv->display.hpd_irq_setup(dev_priv->dev);
10279 -+ spin_unlock_irq(&dev_priv->irq_lock);
10280 -+}
10281 -+
10282 -+void i915_hpd_poll_init_work(struct work_struct *work) {
10283 -+ struct drm_i915_private *dev_priv =
10284 -+ container_of(work, struct drm_i915_private,
10285 -+ hotplug.poll_init_work);
10286 -+ struct drm_device *dev = dev_priv->dev;
10287 -+ struct drm_mode_config *mode_config = &dev->mode_config;
10288 -+ struct drm_connector *connector;
10289 -+ bool enabled;
10290 -+
10291 -+ mutex_lock(&dev->mode_config.mutex);
10292 -+
10293 -+ enabled = READ_ONCE(dev_priv->hotplug.poll_enabled);
10294 -+
10295 - list_for_each_entry(connector, &mode_config->connector_list, head) {
10296 -- struct intel_connector *intel_connector = to_intel_connector(connector);
10297 -+ struct intel_connector *intel_connector =
10298 -+ to_intel_connector(connector);
10299 - connector->polled = intel_connector->polled;
10300 -
10301 - /* MST has a dynamic intel_connector->encoder and it's reprobing
10302 -@@ -475,24 +502,62 @@ void intel_hpd_init(struct drm_i915_private *dev_priv)
10303 - continue;
10304 -
10305 - if (!connector->polled && I915_HAS_HOTPLUG(dev) &&
10306 -- intel_connector->encoder->hpd_pin > HPD_NONE)
10307 -- connector->polled = DRM_CONNECTOR_POLL_HPD;
10308 -+ intel_connector->encoder->hpd_pin > HPD_NONE) {
10309 -+ connector->polled = enabled ?
10310 -+ DRM_CONNECTOR_POLL_CONNECT |
10311 -+ DRM_CONNECTOR_POLL_DISCONNECT :
10312 -+ DRM_CONNECTOR_POLL_HPD;
10313 -+ }
10314 - }
10315 -
10316 -+ if (enabled)
10317 -+ drm_kms_helper_poll_enable_locked(dev);
10318 -+
10319 -+ mutex_unlock(&dev->mode_config.mutex);
10320 -+
10321 - /*
10322 -- * Interrupt setup is already guaranteed to be single-threaded, this is
10323 -- * just to make the assert_spin_locked checks happy.
10324 -+ * We might have missed any hotplugs that happened while we were
10325 -+ * in the middle of disabling polling
10326 - */
10327 -- spin_lock_irq(&dev_priv->irq_lock);
10328 -- if (dev_priv->display.hpd_irq_setup)
10329 -- dev_priv->display.hpd_irq_setup(dev);
10330 -- spin_unlock_irq(&dev_priv->irq_lock);
10331 -+ if (!enabled)
10332 -+ drm_helper_hpd_irq_event(dev);
10333 -+}
10334 -+
10335 -+/**
10336 -+ * intel_hpd_poll_init - enables/disables polling for connectors with hpd
10337 -+ * @dev_priv: i915 device instance
10338 -+ * @enabled: Whether to enable or disable polling
10339 -+ *
10340 -+ * This function enables polling for all connectors, regardless of whether or
10341 -+ * not they support hotplug detection. Under certain conditions HPD may not be
10342 -+ * functional. On most Intel GPUs, this happens when we enter runtime suspend.
10343 -+ * On Valleyview and Cherryview systems, this also happens when we shut off all
10344 -+ * of the powerwells.
10345 -+ *
10346 -+ * Since this function can get called in contexts where we're already holding
10347 -+ * dev->mode_config.mutex, we do the actual hotplug enabling in a seperate
10348 -+ * worker.
10349 -+ *
10350 -+ * Also see: intel_hpd_init(), which restores hpd handling.
10351 -+ */
10352 -+void intel_hpd_poll_init(struct drm_i915_private *dev_priv)
10353 -+{
10354 -+ WRITE_ONCE(dev_priv->hotplug.poll_enabled, true);
10355 -+
10356 -+ /*
10357 -+ * We might already be holding dev->mode_config.mutex, so do this in a
10358 -+ * seperate worker
10359 -+ * As well, there's no issue if we race here since we always reschedule
10360 -+ * this worker anyway
10361 -+ */
10362 -+ schedule_work(&dev_priv->hotplug.poll_init_work);
10363 - }
10364 -
10365 - void intel_hpd_init_work(struct drm_i915_private *dev_priv)
10366 - {
10367 - INIT_WORK(&dev_priv->hotplug.hotplug_work, i915_hotplug_work_func);
10368 - INIT_WORK(&dev_priv->hotplug.dig_port_work, i915_digport_work_func);
10369 -+ INIT_WORK(&dev_priv->hotplug.poll_init_work, i915_hpd_poll_init_work);
10370 - INIT_DELAYED_WORK(&dev_priv->hotplug.reenable_work,
10371 - intel_hpd_irq_storm_reenable_work);
10372 - }
10373 -@@ -509,5 +574,33 @@ void intel_hpd_cancel_work(struct drm_i915_private *dev_priv)
10374 -
10375 - cancel_work_sync(&dev_priv->hotplug.dig_port_work);
10376 - cancel_work_sync(&dev_priv->hotplug.hotplug_work);
10377 -+ cancel_work_sync(&dev_priv->hotplug.poll_init_work);
10378 - cancel_delayed_work_sync(&dev_priv->hotplug.reenable_work);
10379 - }
10380 -+
10381 -+bool intel_hpd_disable(struct drm_i915_private *dev_priv, enum hpd_pin pin)
10382 -+{
10383 -+ bool ret = false;
10384 -+
10385 -+ if (pin == HPD_NONE)
10386 -+ return false;
10387 -+
10388 -+ spin_lock_irq(&dev_priv->irq_lock);
10389 -+ if (dev_priv->hotplug.stats[pin].state == HPD_ENABLED) {
10390 -+ dev_priv->hotplug.stats[pin].state = HPD_DISABLED;
10391 -+ ret = true;
10392 -+ }
10393 -+ spin_unlock_irq(&dev_priv->irq_lock);
10394 -+
10395 -+ return ret;
10396 -+}
10397 -+
10398 -+void intel_hpd_enable(struct drm_i915_private *dev_priv, enum hpd_pin pin)
10399 -+{
10400 -+ if (pin == HPD_NONE)
10401 -+ return;
10402 -+
10403 -+ spin_lock_irq(&dev_priv->irq_lock);
10404 -+ dev_priv->hotplug.stats[pin].state = HPD_ENABLED;
10405 -+ spin_unlock_irq(&dev_priv->irq_lock);
10406 -+}
10407 -diff --git a/drivers/gpu/drm/i915/intel_runtime_pm.c b/drivers/gpu/drm/i915/intel_runtime_pm.c
10408 -index 7fb1da4..2592b39 100644
10409 ---- a/drivers/gpu/drm/i915/intel_runtime_pm.c
10410 -+++ b/drivers/gpu/drm/i915/intel_runtime_pm.c
10411 -@@ -952,6 +952,7 @@ static void vlv_init_display_clock_gating(struct drm_i915_private *dev_priv)
10412 -
10413 - static void vlv_display_power_well_init(struct drm_i915_private *dev_priv)
10414 - {
10415 -+ struct intel_encoder *encoder;
10416 - enum pipe pipe;
10417 -
10418 - /*
10419 -@@ -987,6 +988,12 @@ static void vlv_display_power_well_init(struct drm_i915_private *dev_priv)
10420 -
10421 - intel_hpd_init(dev_priv);
10422 -
10423 -+ /* Re-enable the ADPA, if we have one */
10424 -+ for_each_intel_encoder(dev_priv->dev, encoder) {
10425 -+ if (encoder->type == INTEL_OUTPUT_ANALOG)
10426 -+ intel_crt_reset(&encoder->base);
10427 -+ }
10428 -+
10429 - i915_redisable_vga_power_on(dev_priv->dev);
10430 - }
10431 -
10432 -@@ -1000,6 +1007,8 @@ static void vlv_display_power_well_deinit(struct drm_i915_private *dev_priv)
10433 - synchronize_irq(dev_priv->dev->irq);
10434 -
10435 - vlv_power_sequencer_reset(dev_priv);
10436 -+
10437 -+ intel_hpd_poll_init(dev_priv);
10438 - }
10439 -
10440 - static void vlv_display_power_well_enable(struct drm_i915_private *dev_priv,
10441 -diff --git a/drivers/hwmon/iio_hwmon.c b/drivers/hwmon/iio_hwmon.c
10442 -index b550ba5..8944987 100644
10443 ---- a/drivers/hwmon/iio_hwmon.c
10444 -+++ b/drivers/hwmon/iio_hwmon.c
10445 -@@ -110,24 +110,24 @@ static int iio_hwmon_probe(struct platform_device *pdev)
10446 -
10447 - switch (type) {
10448 - case IIO_VOLTAGE:
10449 -- a->dev_attr.attr.name = kasprintf(GFP_KERNEL,
10450 -- "in%d_input",
10451 -- in_i++);
10452 -+ a->dev_attr.attr.name = devm_kasprintf(dev, GFP_KERNEL,
10453 -+ "in%d_input",
10454 -+ in_i++);
10455 - break;
10456 - case IIO_TEMP:
10457 -- a->dev_attr.attr.name = kasprintf(GFP_KERNEL,
10458 -- "temp%d_input",
10459 -- temp_i++);
10460 -+ a->dev_attr.attr.name = devm_kasprintf(dev, GFP_KERNEL,
10461 -+ "temp%d_input",
10462 -+ temp_i++);
10463 - break;
10464 - case IIO_CURRENT:
10465 -- a->dev_attr.attr.name = kasprintf(GFP_KERNEL,
10466 -- "curr%d_input",
10467 -- curr_i++);
10468 -+ a->dev_attr.attr.name = devm_kasprintf(dev, GFP_KERNEL,
10469 -+ "curr%d_input",
10470 -+ curr_i++);
10471 - break;
10472 - case IIO_HUMIDITYRELATIVE:
10473 -- a->dev_attr.attr.name = kasprintf(GFP_KERNEL,
10474 -- "humidity%d_input",
10475 -- humidity_i++);
10476 -+ a->dev_attr.attr.name = devm_kasprintf(dev, GFP_KERNEL,
10477 -+ "humidity%d_input",
10478 -+ humidity_i++);
10479 - break;
10480 - default:
10481 - ret = -EINVAL;
10482 -diff --git a/drivers/hwmon/it87.c b/drivers/hwmon/it87.c
10483 -index 730d840..55bf479 100644
10484 ---- a/drivers/hwmon/it87.c
10485 -+++ b/drivers/hwmon/it87.c
10486 -@@ -2015,6 +2015,7 @@ static struct attribute *it87_attributes_in[] = {
10487 - &sensor_dev_attr_in10_input.dev_attr.attr, /* 41 */
10488 - &sensor_dev_attr_in11_input.dev_attr.attr, /* 41 */
10489 - &sensor_dev_attr_in12_input.dev_attr.attr, /* 41 */
10490 -+ NULL
10491 - };
10492 -
10493 - static const struct attribute_group it87_group_in = {
10494 -diff --git a/drivers/i2c/busses/i2c-cros-ec-tunnel.c b/drivers/i2c/busses/i2c-cros-ec-tunnel.c
10495 -index a0d95ff..2d5ff863 100644
10496 ---- a/drivers/i2c/busses/i2c-cros-ec-tunnel.c
10497 -+++ b/drivers/i2c/busses/i2c-cros-ec-tunnel.c
10498 -@@ -215,7 +215,7 @@ static int ec_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg i2c_msgs[],
10499 - msg->outsize = request_len;
10500 - msg->insize = response_len;
10501 -
10502 -- result = cros_ec_cmd_xfer(bus->ec, msg);
10503 -+ result = cros_ec_cmd_xfer_status(bus->ec, msg);
10504 - if (result < 0) {
10505 - dev_err(dev, "Error transferring EC i2c message %d\n", result);
10506 - goto exit;
10507 -diff --git a/drivers/i2c/muxes/i2c-demux-pinctrl.c b/drivers/i2c/muxes/i2c-demux-pinctrl.c
10508 -index 8de073a..215ac87 100644
10509 ---- a/drivers/i2c/muxes/i2c-demux-pinctrl.c
10510 -+++ b/drivers/i2c/muxes/i2c-demux-pinctrl.c
10511 -@@ -68,7 +68,7 @@ static int i2c_demux_activate_master(struct i2c_demux_pinctrl_priv *priv, u32 ne
10512 - adap = of_find_i2c_adapter_by_node(priv->chan[new_chan].parent_np);
10513 - if (!adap) {
10514 - ret = -ENODEV;
10515 -- goto err;
10516 -+ goto err_with_revert;
10517 - }
10518 -
10519 - p = devm_pinctrl_get_select(adap->dev.parent, priv->bus_name);
10520 -@@ -103,6 +103,8 @@ static int i2c_demux_activate_master(struct i2c_demux_pinctrl_priv *priv, u32 ne
10521 -
10522 - err_with_put:
10523 - i2c_put_adapter(adap);
10524 -+ err_with_revert:
10525 -+ of_changeset_revert(&priv->chan[new_chan].chgset);
10526 - err:
10527 - dev_err(priv->dev, "failed to setup demux-adapter %d (%d)\n", new_chan, ret);
10528 - return ret;
10529 -diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c
10530 -index 90462fc..49bf9c5 100644
10531 ---- a/drivers/iio/industrialio-buffer.c
10532 -+++ b/drivers/iio/industrialio-buffer.c
10533 -@@ -107,6 +107,7 @@ ssize_t iio_buffer_read_first_n_outer(struct file *filp, char __user *buf,
10534 - {
10535 - struct iio_dev *indio_dev = filp->private_data;
10536 - struct iio_buffer *rb = indio_dev->buffer;
10537 -+ DEFINE_WAIT_FUNC(wait, woken_wake_function);
10538 - size_t datum_size;
10539 - size_t to_wait;
10540 - int ret;
10541 -@@ -131,19 +132,29 @@ ssize_t iio_buffer_read_first_n_outer(struct file *filp, char __user *buf,
10542 - else
10543 - to_wait = min_t(size_t, n / datum_size, rb->watermark);
10544 -
10545 -+ add_wait_queue(&rb->pollq, &wait);
10546 - do {
10547 -- ret = wait_event_interruptible(rb->pollq,
10548 -- iio_buffer_ready(indio_dev, rb, to_wait, n / datum_size));
10549 -- if (ret)
10550 -- return ret;
10551 -+ if (!indio_dev->info) {
10552 -+ ret = -ENODEV;
10553 -+ break;
10554 -+ }
10555 -
10556 -- if (!indio_dev->info)
10557 -- return -ENODEV;
10558 -+ if (!iio_buffer_ready(indio_dev, rb, to_wait, n / datum_size)) {
10559 -+ if (signal_pending(current)) {
10560 -+ ret = -ERESTARTSYS;
10561 -+ break;
10562 -+ }
10563 -+
10564 -+ wait_woken(&wait, TASK_INTERRUPTIBLE,
10565 -+ MAX_SCHEDULE_TIMEOUT);
10566 -+ continue;
10567 -+ }
10568 -
10569 - ret = rb->access->read_first_n(rb, n, buf);
10570 - if (ret == 0 && (filp->f_flags & O_NONBLOCK))
10571 - ret = -EAGAIN;
10572 - } while (ret == 0);
10573 -+ remove_wait_queue(&rb->pollq, &wait);
10574 -
10575 - return ret;
10576 - }
10577 -diff --git a/drivers/input/keyboard/tegra-kbc.c b/drivers/input/keyboard/tegra-kbc.c
10578 -index acc5394..29485bc 100644
10579 ---- a/drivers/input/keyboard/tegra-kbc.c
10580 -+++ b/drivers/input/keyboard/tegra-kbc.c
10581 -@@ -376,7 +376,7 @@ static int tegra_kbc_start(struct tegra_kbc *kbc)
10582 - /* Reset the KBC controller to clear all previous status.*/
10583 - reset_control_assert(kbc->rst);
10584 - udelay(100);
10585 -- reset_control_assert(kbc->rst);
10586 -+ reset_control_deassert(kbc->rst);
10587 - udelay(100);
10588 -
10589 - tegra_kbc_config_pins(kbc);
10590 -diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
10591 -index faa295e..c83bce8 100644
10592 ---- a/drivers/input/rmi4/rmi_driver.c
10593 -+++ b/drivers/input/rmi4/rmi_driver.c
10594 -@@ -553,7 +553,6 @@ int rmi_read_register_desc(struct rmi_device *d, u16 addr,
10595 - goto free_struct_buff;
10596 -
10597 - reg = find_first_bit(rdesc->presense_map, RMI_REG_DESC_PRESENSE_BITS);
10598 -- map_offset = 0;
10599 - for (i = 0; i < rdesc->num_registers; i++) {
10600 - struct rmi_register_desc_item *item = &rdesc->registers[i];
10601 - int reg_size = struct_buf[offset];
10602 -@@ -576,6 +575,8 @@ int rmi_read_register_desc(struct rmi_device *d, u16 addr,
10603 - item->reg = reg;
10604 - item->reg_size = reg_size;
10605 -
10606 -+ map_offset = 0;
10607 -+
10608 - do {
10609 - for (b = 0; b < 7; b++) {
10610 - if (struct_buf[offset] & (0x1 << b))
10611 -diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
10612 -index 4541957..405252a 100644
10613 ---- a/drivers/input/serio/i8042.c
10614 -+++ b/drivers/input/serio/i8042.c
10615 -@@ -1277,6 +1277,7 @@ static int __init i8042_create_kbd_port(void)
10616 - serio->start = i8042_start;
10617 - serio->stop = i8042_stop;
10618 - serio->close = i8042_port_close;
10619 -+ serio->ps2_cmd_mutex = &i8042_mutex;
10620 - serio->port_data = port;
10621 - serio->dev.parent = &i8042_platform_device->dev;
10622 - strlcpy(serio->name, "i8042 KBD port", sizeof(serio->name));
10623 -@@ -1304,6 +1305,7 @@ static int __init i8042_create_aux_port(int idx)
10624 - serio->write = i8042_aux_write;
10625 - serio->start = i8042_start;
10626 - serio->stop = i8042_stop;
10627 -+ serio->ps2_cmd_mutex = &i8042_mutex;
10628 - serio->port_data = port;
10629 - serio->dev.parent = &i8042_platform_device->dev;
10630 - if (idx < 0) {
10631 -@@ -1373,21 +1375,6 @@ static void i8042_unregister_ports(void)
10632 - }
10633 - }
10634 -
10635 --/*
10636 -- * Checks whether port belongs to i8042 controller.
10637 -- */
10638 --bool i8042_check_port_owner(const struct serio *port)
10639 --{
10640 -- int i;
10641 --
10642 -- for (i = 0; i < I8042_NUM_PORTS; i++)
10643 -- if (i8042_ports[i].serio == port)
10644 -- return true;
10645 --
10646 -- return false;
10647 --}
10648 --EXPORT_SYMBOL(i8042_check_port_owner);
10649 --
10650 - static void i8042_free_irqs(void)
10651 - {
10652 - if (i8042_aux_irq_registered)
10653 -diff --git a/drivers/input/serio/libps2.c b/drivers/input/serio/libps2.c
10654 -index 316f2c8..83e9c66 100644
10655 ---- a/drivers/input/serio/libps2.c
10656 -+++ b/drivers/input/serio/libps2.c
10657 -@@ -56,19 +56,17 @@ EXPORT_SYMBOL(ps2_sendbyte);
10658 -
10659 - void ps2_begin_command(struct ps2dev *ps2dev)
10660 - {
10661 -- mutex_lock(&ps2dev->cmd_mutex);
10662 -+ struct mutex *m = ps2dev->serio->ps2_cmd_mutex ?: &ps2dev->cmd_mutex;
10663 -
10664 -- if (i8042_check_port_owner(ps2dev->serio))
10665 -- i8042_lock_chip();
10666 -+ mutex_lock(m);
10667 - }
10668 - EXPORT_SYMBOL(ps2_begin_command);
10669 -
10670 - void ps2_end_command(struct ps2dev *ps2dev)
10671 - {
10672 -- if (i8042_check_port_owner(ps2dev->serio))
10673 -- i8042_unlock_chip();
10674 -+ struct mutex *m = ps2dev->serio->ps2_cmd_mutex ?: &ps2dev->cmd_mutex;
10675 -
10676 -- mutex_unlock(&ps2dev->cmd_mutex);
10677 -+ mutex_unlock(m);
10678 - }
10679 - EXPORT_SYMBOL(ps2_end_command);
10680 -
10681 -diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
10682 -index 5f6b3bc..46ba2b6 100644
10683 ---- a/drivers/iommu/arm-smmu-v3.c
10684 -+++ b/drivers/iommu/arm-smmu-v3.c
10685 -@@ -879,7 +879,7 @@ static void arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu)
10686 - * We may have concurrent producers, so we need to be careful
10687 - * not to touch any of the shadow cmdq state.
10688 - */
10689 -- queue_read(cmd, Q_ENT(q, idx), q->ent_dwords);
10690 -+ queue_read(cmd, Q_ENT(q, cons), q->ent_dwords);
10691 - dev_err(smmu->dev, "skipping command in error state:\n");
10692 - for (i = 0; i < ARRAY_SIZE(cmd); ++i)
10693 - dev_err(smmu->dev, "\t0x%016llx\n", (unsigned long long)cmd[i]);
10694 -@@ -890,7 +890,7 @@ static void arm_smmu_cmdq_skip_err(struct arm_smmu_device *smmu)
10695 - return;
10696 - }
10697 -
10698 -- queue_write(cmd, Q_ENT(q, idx), q->ent_dwords);
10699 -+ queue_write(Q_ENT(q, cons), cmd, q->ent_dwords);
10700 - }
10701 -
10702 - static void arm_smmu_cmdq_issue_cmd(struct arm_smmu_device *smmu,
10703 -@@ -1034,6 +1034,9 @@ static void arm_smmu_write_strtab_ent(struct arm_smmu_device *smmu, u32 sid,
10704 - case STRTAB_STE_0_CFG_S2_TRANS:
10705 - ste_live = true;
10706 - break;
10707 -+ case STRTAB_STE_0_CFG_ABORT:
10708 -+ if (disable_bypass)
10709 -+ break;
10710 - default:
10711 - BUG(); /* STE corruption */
10712 - }
10713 -diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c
10714 -index 9345a3f..31422d4 100644
10715 ---- a/drivers/iommu/arm-smmu.c
10716 -+++ b/drivers/iommu/arm-smmu.c
10717 -@@ -686,8 +686,7 @@ static struct iommu_gather_ops arm_smmu_gather_ops = {
10718 -
10719 - static irqreturn_t arm_smmu_context_fault(int irq, void *dev)
10720 - {
10721 -- int flags, ret;
10722 -- u32 fsr, fsynr, resume;
10723 -+ u32 fsr, fsynr;
10724 - unsigned long iova;
10725 - struct iommu_domain *domain = dev;
10726 - struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
10727 -@@ -701,34 +700,15 @@ static irqreturn_t arm_smmu_context_fault(int irq, void *dev)
10728 - if (!(fsr & FSR_FAULT))
10729 - return IRQ_NONE;
10730 -
10731 -- if (fsr & FSR_IGN)
10732 -- dev_err_ratelimited(smmu->dev,
10733 -- "Unexpected context fault (fsr 0x%x)\n",
10734 -- fsr);
10735 --
10736 - fsynr = readl_relaxed(cb_base + ARM_SMMU_CB_FSYNR0);
10737 -- flags = fsynr & FSYNR0_WNR ? IOMMU_FAULT_WRITE : IOMMU_FAULT_READ;
10738 --
10739 - iova = readq_relaxed(cb_base + ARM_SMMU_CB_FAR);
10740 -- if (!report_iommu_fault(domain, smmu->dev, iova, flags)) {
10741 -- ret = IRQ_HANDLED;
10742 -- resume = RESUME_RETRY;
10743 -- } else {
10744 -- dev_err_ratelimited(smmu->dev,
10745 -- "Unhandled context fault: iova=0x%08lx, fsynr=0x%x, cb=%d\n",
10746 -- iova, fsynr, cfg->cbndx);
10747 -- ret = IRQ_NONE;
10748 -- resume = RESUME_TERMINATE;
10749 -- }
10750 --
10751 -- /* Clear the faulting FSR */
10752 -- writel(fsr, cb_base + ARM_SMMU_CB_FSR);
10753 -
10754 -- /* Retry or terminate any stalled transactions */
10755 -- if (fsr & FSR_SS)
10756 -- writel_relaxed(resume, cb_base + ARM_SMMU_CB_RESUME);
10757 -+ dev_err_ratelimited(smmu->dev,
10758 -+ "Unhandled context fault: fsr=0x%x, iova=0x%08lx, fsynr=0x%x, cb=%d\n",
10759 -+ fsr, iova, fsynr, cfg->cbndx);
10760 -
10761 -- return ret;
10762 -+ writel(fsr, cb_base + ARM_SMMU_CB_FSR);
10763 -+ return IRQ_HANDLED;
10764 - }
10765 -
10766 - static irqreturn_t arm_smmu_global_fault(int irq, void *dev)
10767 -@@ -837,7 +817,7 @@ static void arm_smmu_init_context_bank(struct arm_smmu_domain *smmu_domain,
10768 - }
10769 -
10770 - /* SCTLR */
10771 -- reg = SCTLR_CFCFG | SCTLR_CFIE | SCTLR_CFRE | SCTLR_M | SCTLR_EAE_SBOP;
10772 -+ reg = SCTLR_CFIE | SCTLR_CFRE | SCTLR_M | SCTLR_EAE_SBOP;
10773 - if (stage1)
10774 - reg |= SCTLR_S1_ASIDPNE;
10775 - #ifdef __BIG_ENDIAN
10776 -diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
10777 -index ea5a9eb..97a2308 100644
10778 ---- a/drivers/iommu/dma-iommu.c
10779 -+++ b/drivers/iommu/dma-iommu.c
10780 -@@ -68,7 +68,8 @@ void iommu_put_dma_cookie(struct iommu_domain *domain)
10781 - if (!iovad)
10782 - return;
10783 -
10784 -- put_iova_domain(iovad);
10785 -+ if (iovad->granule)
10786 -+ put_iova_domain(iovad);
10787 - kfree(iovad);
10788 - domain->iova_cookie = NULL;
10789 - }
10790 -diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
10791 -index 8c61399..def8ca1 100644
10792 ---- a/drivers/iommu/io-pgtable-arm-v7s.c
10793 -+++ b/drivers/iommu/io-pgtable-arm-v7s.c
10794 -@@ -286,12 +286,14 @@ static int arm_v7s_pte_to_prot(arm_v7s_iopte pte, int lvl)
10795 - int prot = IOMMU_READ;
10796 - arm_v7s_iopte attr = pte >> ARM_V7S_ATTR_SHIFT(lvl);
10797 -
10798 -- if (attr & ARM_V7S_PTE_AP_RDONLY)
10799 -+ if (!(attr & ARM_V7S_PTE_AP_RDONLY))
10800 - prot |= IOMMU_WRITE;
10801 - if ((attr & (ARM_V7S_TEX_MASK << ARM_V7S_TEX_SHIFT)) == 0)
10802 - prot |= IOMMU_MMIO;
10803 - else if (pte & ARM_V7S_ATTR_C)
10804 - prot |= IOMMU_CACHE;
10805 -+ if (pte & ARM_V7S_ATTR_XN(lvl))
10806 -+ prot |= IOMMU_NOEXEC;
10807 -
10808 - return prot;
10809 - }
10810 -diff --git a/drivers/md/dm-round-robin.c b/drivers/md/dm-round-robin.c
10811 -index 4ace1da..6c25213 100644
10812 ---- a/drivers/md/dm-round-robin.c
10813 -+++ b/drivers/md/dm-round-robin.c
10814 -@@ -210,14 +210,17 @@ static struct dm_path *rr_select_path(struct path_selector *ps, size_t nr_bytes)
10815 - struct path_info *pi = NULL;
10816 - struct dm_path *current_path = NULL;
10817 -
10818 -+ local_irq_save(flags);
10819 - current_path = *this_cpu_ptr(s->current_path);
10820 - if (current_path) {
10821 - percpu_counter_dec(&s->repeat_count);
10822 -- if (percpu_counter_read_positive(&s->repeat_count) > 0)
10823 -+ if (percpu_counter_read_positive(&s->repeat_count) > 0) {
10824 -+ local_irq_restore(flags);
10825 - return current_path;
10826 -+ }
10827 - }
10828 -
10829 -- spin_lock_irqsave(&s->lock, flags);
10830 -+ spin_lock(&s->lock);
10831 - if (!list_empty(&s->valid_paths)) {
10832 - pi = list_entry(s->valid_paths.next, struct path_info, list);
10833 - list_move_tail(&pi->list, &s->valid_paths);
10834 -diff --git a/drivers/of/base.c b/drivers/of/base.c
10835 -index 8bb3d1a..c6a8f47 100644
10836 ---- a/drivers/of/base.c
10837 -+++ b/drivers/of/base.c
10838 -@@ -2318,20 +2318,13 @@ struct device_node *of_graph_get_endpoint_by_regs(
10839 - const struct device_node *parent, int port_reg, int reg)
10840 - {
10841 - struct of_endpoint endpoint;
10842 -- struct device_node *node, *prev_node = NULL;
10843 --
10844 -- while (1) {
10845 -- node = of_graph_get_next_endpoint(parent, prev_node);
10846 -- of_node_put(prev_node);
10847 -- if (!node)
10848 -- break;
10849 -+ struct device_node *node = NULL;
10850 -
10851 -+ for_each_endpoint_of_node(parent, node) {
10852 - of_graph_parse_endpoint(node, &endpoint);
10853 - if (((port_reg == -1) || (endpoint.port == port_reg)) &&
10854 - ((reg == -1) || (endpoint.id == reg)))
10855 - return node;
10856 --
10857 -- prev_node = node;
10858 - }
10859 -
10860 - return NULL;
10861 -diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
10862 -index a080f44..565e2a4 100644
10863 ---- a/drivers/pci/msi.c
10864 -+++ b/drivers/pci/msi.c
10865 -@@ -1277,6 +1277,8 @@ struct irq_domain *pci_msi_create_irq_domain(struct fwnode_handle *fwnode,
10866 - if (info->flags & MSI_FLAG_USE_DEF_CHIP_OPS)
10867 - pci_msi_domain_update_chip_ops(info);
10868 -
10869 -+ info->flags |= MSI_FLAG_ACTIVATE_EARLY;
10870 -+
10871 - domain = msi_create_irq_domain(fwnode, info, parent);
10872 - if (!domain)
10873 - return NULL;
10874 -diff --git a/drivers/pinctrl/meson/pinctrl-meson.c b/drivers/pinctrl/meson/pinctrl-meson.c
10875 -index 11623c6..44e69c9 100644
10876 ---- a/drivers/pinctrl/meson/pinctrl-meson.c
10877 -+++ b/drivers/pinctrl/meson/pinctrl-meson.c
10878 -@@ -727,13 +727,7 @@ static int meson_pinctrl_probe(struct platform_device *pdev)
10879 - return PTR_ERR(pc->pcdev);
10880 - }
10881 -
10882 -- ret = meson_gpiolib_register(pc);
10883 -- if (ret) {
10884 -- pinctrl_unregister(pc->pcdev);
10885 -- return ret;
10886 -- }
10887 --
10888 -- return 0;
10889 -+ return meson_gpiolib_register(pc);
10890 - }
10891 -
10892 - static struct platform_driver meson_pinctrl_driver = {
10893 -diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c
10894 -index 634b4d3..b3e7723 100644
10895 ---- a/drivers/pinctrl/pinctrl-amd.c
10896 -+++ b/drivers/pinctrl/pinctrl-amd.c
10897 -@@ -43,17 +43,6 @@ static int amd_gpio_direction_input(struct gpio_chip *gc, unsigned offset)
10898 -
10899 - spin_lock_irqsave(&gpio_dev->lock, flags);
10900 - pin_reg = readl(gpio_dev->base + offset * 4);
10901 -- /*
10902 -- * Suppose BIOS or Bootloader sets specific debounce for the
10903 -- * GPIO. if not, set debounce to be 2.75ms and remove glitch.
10904 -- */
10905 -- if ((pin_reg & DB_TMR_OUT_MASK) == 0) {
10906 -- pin_reg |= 0xf;
10907 -- pin_reg |= BIT(DB_TMR_OUT_UNIT_OFF);
10908 -- pin_reg |= DB_TYPE_REMOVE_GLITCH << DB_CNTRL_OFF;
10909 -- pin_reg &= ~BIT(DB_TMR_LARGE_OFF);
10910 -- }
10911 --
10912 - pin_reg &= ~BIT(OUTPUT_ENABLE_OFF);
10913 - writel(pin_reg, gpio_dev->base + offset * 4);
10914 - spin_unlock_irqrestore(&gpio_dev->lock, flags);
10915 -@@ -326,15 +315,6 @@ static void amd_gpio_irq_enable(struct irq_data *d)
10916 -
10917 - spin_lock_irqsave(&gpio_dev->lock, flags);
10918 - pin_reg = readl(gpio_dev->base + (d->hwirq)*4);
10919 -- /*
10920 -- Suppose BIOS or Bootloader sets specific debounce for the
10921 -- GPIO. if not, set debounce to be 2.75ms.
10922 -- */
10923 -- if ((pin_reg & DB_TMR_OUT_MASK) == 0) {
10924 -- pin_reg |= 0xf;
10925 -- pin_reg |= BIT(DB_TMR_OUT_UNIT_OFF);
10926 -- pin_reg &= ~BIT(DB_TMR_LARGE_OFF);
10927 -- }
10928 - pin_reg |= BIT(INTERRUPT_ENABLE_OFF);
10929 - pin_reg |= BIT(INTERRUPT_MASK_OFF);
10930 - writel(pin_reg, gpio_dev->base + (d->hwirq)*4);
10931 -diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c
10932 -index b6e161f..6c084b2 100644
10933 ---- a/drivers/platform/chrome/cros_ec_proto.c
10934 -+++ b/drivers/platform/chrome/cros_ec_proto.c
10935 -@@ -380,3 +380,20 @@ int cros_ec_cmd_xfer(struct cros_ec_device *ec_dev,
10936 - return ret;
10937 - }
10938 - EXPORT_SYMBOL(cros_ec_cmd_xfer);
10939 -+
10940 -+int cros_ec_cmd_xfer_status(struct cros_ec_device *ec_dev,
10941 -+ struct cros_ec_command *msg)
10942 -+{
10943 -+ int ret;
10944 -+
10945 -+ ret = cros_ec_cmd_xfer(ec_dev, msg);
10946 -+ if (ret < 0) {
10947 -+ dev_err(ec_dev->dev, "Command xfer error (err:%d)\n", ret);
10948 -+ } else if (msg->result != EC_RES_SUCCESS) {
10949 -+ dev_dbg(ec_dev->dev, "Command result (err: %d)\n", msg->result);
10950 -+ return -EPROTO;
10951 -+ }
10952 -+
10953 -+ return ret;
10954 -+}
10955 -+EXPORT_SYMBOL(cros_ec_cmd_xfer_status);
10956 -diff --git a/drivers/s390/block/dasd.c b/drivers/s390/block/dasd.c
10957 -index 8973d34..fb1b56a 100644
10958 ---- a/drivers/s390/block/dasd.c
10959 -+++ b/drivers/s390/block/dasd.c
10960 -@@ -1643,9 +1643,18 @@ void dasd_int_handler(struct ccw_device *cdev, unsigned long intparm,
10961 - u8 *sense = NULL;
10962 - int expires;
10963 -
10964 -+ cqr = (struct dasd_ccw_req *) intparm;
10965 - if (IS_ERR(irb)) {
10966 - switch (PTR_ERR(irb)) {
10967 - case -EIO:
10968 -+ if (cqr && cqr->status == DASD_CQR_CLEAR_PENDING) {
10969 -+ device = (struct dasd_device *) cqr->startdev;
10970 -+ cqr->status = DASD_CQR_CLEARED;
10971 -+ dasd_device_clear_timer(device);
10972 -+ wake_up(&dasd_flush_wq);
10973 -+ dasd_schedule_device_bh(device);
10974 -+ return;
10975 -+ }
10976 - break;
10977 - case -ETIMEDOUT:
10978 - DBF_EVENT_DEVID(DBF_WARNING, cdev, "%s: "
10979 -@@ -1661,7 +1670,6 @@ void dasd_int_handler(struct ccw_device *cdev, unsigned long intparm,
10980 - }
10981 -
10982 - now = get_tod_clock();
10983 -- cqr = (struct dasd_ccw_req *) intparm;
10984 - /* check for conditions that should be handled immediately */
10985 - if (!cqr ||
10986 - !(scsw_dstat(&irb->scsw) == (DEV_STAT_CHN_END | DEV_STAT_DEV_END) &&
10987 -diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
10988 -index 4b3bb52..c424e8b 100644
10989 ---- a/drivers/scsi/aacraid/commctrl.c
10990 -+++ b/drivers/scsi/aacraid/commctrl.c
10991 -@@ -63,7 +63,7 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
10992 - struct fib *fibptr;
10993 - struct hw_fib * hw_fib = (struct hw_fib *)0;
10994 - dma_addr_t hw_fib_pa = (dma_addr_t)0LL;
10995 -- unsigned size;
10996 -+ unsigned int size, osize;
10997 - int retval;
10998 -
10999 - if (dev->in_reset) {
11000 -@@ -87,7 +87,8 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
11001 - * will not overrun the buffer when we copy the memory. Return
11002 - * an error if we would.
11003 - */
11004 -- size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr);
11005 -+ osize = size = le16_to_cpu(kfib->header.Size) +
11006 -+ sizeof(struct aac_fibhdr);
11007 - if (size < le16_to_cpu(kfib->header.SenderSize))
11008 - size = le16_to_cpu(kfib->header.SenderSize);
11009 - if (size > dev->max_fib_size) {
11010 -@@ -118,6 +119,14 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
11011 - goto cleanup;
11012 - }
11013 -
11014 -+ /* Sanity check the second copy */
11015 -+ if ((osize != le16_to_cpu(kfib->header.Size) +
11016 -+ sizeof(struct aac_fibhdr))
11017 -+ || (size < le16_to_cpu(kfib->header.SenderSize))) {
11018 -+ retval = -EINVAL;
11019 -+ goto cleanup;
11020 -+ }
11021 -+
11022 - if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) {
11023 - aac_adapter_interrupt(dev);
11024 - /*
11025 -diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
11026 -index 2dab3dc..c1ed25a 100644
11027 ---- a/drivers/scsi/megaraid/megaraid_sas_base.c
11028 -+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
11029 -@@ -5037,7 +5037,7 @@ static int megasas_init_fw(struct megasas_instance *instance)
11030 - /* Find first memory bar */
11031 - bar_list = pci_select_bars(instance->pdev, IORESOURCE_MEM);
11032 - instance->bar = find_first_bit(&bar_list, sizeof(unsigned long));
11033 -- if (pci_request_selected_regions(instance->pdev, instance->bar,
11034 -+ if (pci_request_selected_regions(instance->pdev, 1<<instance->bar,
11035 - "megasas: LSI")) {
11036 - dev_printk(KERN_DEBUG, &instance->pdev->dev, "IO memory region busy!\n");
11037 - return -EBUSY;
11038 -@@ -5339,7 +5339,7 @@ fail_ready_state:
11039 - iounmap(instance->reg_set);
11040 -
11041 - fail_ioremap:
11042 -- pci_release_selected_regions(instance->pdev, instance->bar);
11043 -+ pci_release_selected_regions(instance->pdev, 1<<instance->bar);
11044 -
11045 - return -EINVAL;
11046 - }
11047 -@@ -5360,7 +5360,7 @@ static void megasas_release_mfi(struct megasas_instance *instance)
11048 -
11049 - iounmap(instance->reg_set);
11050 -
11051 -- pci_release_selected_regions(instance->pdev, instance->bar);
11052 -+ pci_release_selected_regions(instance->pdev, 1<<instance->bar);
11053 - }
11054 -
11055 - /**
11056 -diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
11057 -index ec83754..52d8bbf 100644
11058 ---- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
11059 -+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
11060 -@@ -2603,7 +2603,7 @@ megasas_release_fusion(struct megasas_instance *instance)
11061 -
11062 - iounmap(instance->reg_set);
11063 -
11064 -- pci_release_selected_regions(instance->pdev, instance->bar);
11065 -+ pci_release_selected_regions(instance->pdev, 1<<instance->bar);
11066 - }
11067 -
11068 - /**
11069 -diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
11070 -index 751f13e..750f82c 100644
11071 ---- a/drivers/scsi/mpt3sas/mpt3sas_base.c
11072 -+++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
11073 -@@ -2188,6 +2188,17 @@ mpt3sas_base_map_resources(struct MPT3SAS_ADAPTER *ioc)
11074 - } else
11075 - ioc->msix96_vector = 0;
11076 -
11077 -+ if (ioc->is_warpdrive) {
11078 -+ ioc->reply_post_host_index[0] = (resource_size_t __iomem *)
11079 -+ &ioc->chip->ReplyPostHostIndex;
11080 -+
11081 -+ for (i = 1; i < ioc->cpu_msix_table_sz; i++)
11082 -+ ioc->reply_post_host_index[i] =
11083 -+ (resource_size_t __iomem *)
11084 -+ ((u8 __iomem *)&ioc->chip->Doorbell + (0x4000 + ((i - 1)
11085 -+ * 4)));
11086 -+ }
11087 -+
11088 - list_for_each_entry(reply_q, &ioc->reply_queue_list, list)
11089 - pr_info(MPT3SAS_FMT "%s: IRQ %d\n",
11090 - reply_q->name, ((ioc->msix_enable) ? "PCI-MSI-X enabled" :
11091 -@@ -5280,17 +5291,6 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc)
11092 - if (r)
11093 - goto out_free_resources;
11094 -
11095 -- if (ioc->is_warpdrive) {
11096 -- ioc->reply_post_host_index[0] = (resource_size_t __iomem *)
11097 -- &ioc->chip->ReplyPostHostIndex;
11098 --
11099 -- for (i = 1; i < ioc->cpu_msix_table_sz; i++)
11100 -- ioc->reply_post_host_index[i] =
11101 -- (resource_size_t __iomem *)
11102 -- ((u8 __iomem *)&ioc->chip->Doorbell + (0x4000 + ((i - 1)
11103 -- * 4)));
11104 -- }
11105 --
11106 - pci_set_drvdata(ioc->pdev, ioc->shost);
11107 - r = _base_get_ioc_facts(ioc, CAN_SLEEP);
11108 - if (r)
11109 -diff --git a/drivers/staging/comedi/drivers/comedi_test.c b/drivers/staging/comedi/drivers/comedi_test.c
11110 -index 4ab1866..ec5b9a2 100644
11111 ---- a/drivers/staging/comedi/drivers/comedi_test.c
11112 -+++ b/drivers/staging/comedi/drivers/comedi_test.c
11113 -@@ -56,11 +56,6 @@
11114 -
11115 - #define N_CHANS 8
11116 -
11117 --enum waveform_state_bits {
11118 -- WAVEFORM_AI_RUNNING,
11119 -- WAVEFORM_AO_RUNNING
11120 --};
11121 --
11122 - /* Data unique to this driver */
11123 - struct waveform_private {
11124 - struct timer_list ai_timer; /* timer for AI commands */
11125 -@@ -68,7 +63,6 @@ struct waveform_private {
11126 - unsigned int wf_amplitude; /* waveform amplitude in microvolts */
11127 - unsigned int wf_period; /* waveform period in microseconds */
11128 - unsigned int wf_current; /* current time in waveform period */
11129 -- unsigned long state_bits;
11130 - unsigned int ai_scan_period; /* AI scan period in usec */
11131 - unsigned int ai_convert_period; /* AI conversion period in usec */
11132 - struct timer_list ao_timer; /* timer for AO commands */
11133 -@@ -191,10 +185,6 @@ static void waveform_ai_timer(unsigned long arg)
11134 - unsigned int nsamples;
11135 - unsigned int time_increment;
11136 -
11137 -- /* check command is still active */
11138 -- if (!test_bit(WAVEFORM_AI_RUNNING, &devpriv->state_bits))
11139 -- return;
11140 --
11141 - now = ktime_to_us(ktime_get());
11142 - nsamples = comedi_nsamples_left(s, UINT_MAX);
11143 -
11144 -@@ -386,11 +376,6 @@ static int waveform_ai_cmd(struct comedi_device *dev,
11145 - */
11146 - devpriv->ai_timer.expires =
11147 - jiffies + usecs_to_jiffies(devpriv->ai_convert_period) + 1;
11148 --
11149 -- /* mark command as active */
11150 -- smp_mb__before_atomic();
11151 -- set_bit(WAVEFORM_AI_RUNNING, &devpriv->state_bits);
11152 -- smp_mb__after_atomic();
11153 - add_timer(&devpriv->ai_timer);
11154 - return 0;
11155 - }
11156 -@@ -400,11 +385,12 @@ static int waveform_ai_cancel(struct comedi_device *dev,
11157 - {
11158 - struct waveform_private *devpriv = dev->private;
11159 -
11160 -- /* mark command as no longer active */
11161 -- clear_bit(WAVEFORM_AI_RUNNING, &devpriv->state_bits);
11162 -- smp_mb__after_atomic();
11163 -- /* cannot call del_timer_sync() as may be called from timer routine */
11164 -- del_timer(&devpriv->ai_timer);
11165 -+ if (in_softirq()) {
11166 -+ /* Assume we were called from the timer routine itself. */
11167 -+ del_timer(&devpriv->ai_timer);
11168 -+ } else {
11169 -+ del_timer_sync(&devpriv->ai_timer);
11170 -+ }
11171 - return 0;
11172 - }
11173 -
11174 -@@ -436,10 +422,6 @@ static void waveform_ao_timer(unsigned long arg)
11175 - u64 scans_since;
11176 - unsigned int scans_avail = 0;
11177 -
11178 -- /* check command is still active */
11179 -- if (!test_bit(WAVEFORM_AO_RUNNING, &devpriv->state_bits))
11180 -- return;
11181 --
11182 - /* determine number of scan periods since last time */
11183 - now = ktime_to_us(ktime_get());
11184 - scans_since = now - devpriv->ao_last_scan_time;
11185 -@@ -518,11 +500,6 @@ static int waveform_ao_inttrig_start(struct comedi_device *dev,
11186 - devpriv->ao_last_scan_time = ktime_to_us(ktime_get());
11187 - devpriv->ao_timer.expires =
11188 - jiffies + usecs_to_jiffies(devpriv->ao_scan_period);
11189 --
11190 -- /* mark command as active */
11191 -- smp_mb__before_atomic();
11192 -- set_bit(WAVEFORM_AO_RUNNING, &devpriv->state_bits);
11193 -- smp_mb__after_atomic();
11194 - add_timer(&devpriv->ao_timer);
11195 -
11196 - return 1;
11197 -@@ -608,11 +585,12 @@ static int waveform_ao_cancel(struct comedi_device *dev,
11198 - struct waveform_private *devpriv = dev->private;
11199 -
11200 - s->async->inttrig = NULL;
11201 -- /* mark command as no longer active */
11202 -- clear_bit(WAVEFORM_AO_RUNNING, &devpriv->state_bits);
11203 -- smp_mb__after_atomic();
11204 -- /* cannot call del_timer_sync() as may be called from timer routine */
11205 -- del_timer(&devpriv->ao_timer);
11206 -+ if (in_softirq()) {
11207 -+ /* Assume we were called from the timer routine itself. */
11208 -+ del_timer(&devpriv->ao_timer);
11209 -+ } else {
11210 -+ del_timer_sync(&devpriv->ao_timer);
11211 -+ }
11212 - return 0;
11213 - }
11214 -
11215 -diff --git a/drivers/staging/comedi/drivers/daqboard2000.c b/drivers/staging/comedi/drivers/daqboard2000.c
11216 -index a536a15..a91ea02 100644
11217 ---- a/drivers/staging/comedi/drivers/daqboard2000.c
11218 -+++ b/drivers/staging/comedi/drivers/daqboard2000.c
11219 -@@ -636,7 +636,7 @@ static const void *daqboard2000_find_boardinfo(struct comedi_device *dev,
11220 - const struct daq200_boardtype *board;
11221 - int i;
11222 -
11223 -- if (pcidev->subsystem_device != PCI_VENDOR_ID_IOTECH)
11224 -+ if (pcidev->subsystem_vendor != PCI_VENDOR_ID_IOTECH)
11225 - return NULL;
11226 -
11227 - for (i = 0; i < ARRAY_SIZE(boardtypes); i++) {
11228 -diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c
11229 -index 8dabb19..0f97d7b 100644
11230 ---- a/drivers/staging/comedi/drivers/ni_mio_common.c
11231 -+++ b/drivers/staging/comedi/drivers/ni_mio_common.c
11232 -@@ -2772,7 +2772,15 @@ static int ni_ao_inttrig(struct comedi_device *dev,
11233 - int i;
11234 - static const int timeout = 1000;
11235 -
11236 -- if (trig_num != cmd->start_arg)
11237 -+ /*
11238 -+ * Require trig_num == cmd->start_arg when cmd->start_src == TRIG_INT.
11239 -+ * For backwards compatibility, also allow trig_num == 0 when
11240 -+ * cmd->start_src != TRIG_INT (i.e. when cmd->start_src == TRIG_EXT);
11241 -+ * in that case, the internal trigger is being used as a pre-trigger
11242 -+ * before the external trigger.
11243 -+ */
11244 -+ if (!(trig_num == cmd->start_arg ||
11245 -+ (trig_num == 0 && cmd->start_src != TRIG_INT)))
11246 - return -EINVAL;
11247 -
11248 - /*
11249 -@@ -5480,7 +5488,7 @@ static int ni_E_init(struct comedi_device *dev,
11250 - s->maxdata = (devpriv->is_m_series) ? 0xffffffff
11251 - : 0x00ffffff;
11252 - s->insn_read = ni_tio_insn_read;
11253 -- s->insn_write = ni_tio_insn_read;
11254 -+ s->insn_write = ni_tio_insn_write;
11255 - s->insn_config = ni_tio_insn_config;
11256 - #ifdef PCIDMA
11257 - if (dev->irq && devpriv->mite) {
11258 -diff --git a/drivers/staging/lustre/lustre/llite/namei.c b/drivers/staging/lustre/lustre/llite/namei.c
11259 -index 5eba0eb..86e40ce 100644
11260 ---- a/drivers/staging/lustre/lustre/llite/namei.c
11261 -+++ b/drivers/staging/lustre/lustre/llite/namei.c
11262 -@@ -391,6 +391,7 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
11263 - struct inode *inode = NULL;
11264 - __u64 bits = 0;
11265 - int rc = 0;
11266 -+ struct dentry *alias;
11267 -
11268 - /* NB 1 request reference will be taken away by ll_intent_lock()
11269 - * when I return
11270 -@@ -415,26 +416,12 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
11271 - */
11272 - }
11273 -
11274 -- /* Only hash *de if it is unhashed (new dentry).
11275 -- * Atoimc_open may passing hashed dentries for open.
11276 -- */
11277 -- if (d_unhashed(*de)) {
11278 -- struct dentry *alias;
11279 --
11280 -- alias = ll_splice_alias(inode, *de);
11281 -- if (IS_ERR(alias)) {
11282 -- rc = PTR_ERR(alias);
11283 -- goto out;
11284 -- }
11285 -- *de = alias;
11286 -- } else if (!it_disposition(it, DISP_LOOKUP_NEG) &&
11287 -- !it_disposition(it, DISP_OPEN_CREATE)) {
11288 -- /* With DISP_OPEN_CREATE dentry will be
11289 -- * instantiated in ll_create_it.
11290 -- */
11291 -- LASSERT(!d_inode(*de));
11292 -- d_instantiate(*de, inode);
11293 -+ alias = ll_splice_alias(inode, *de);
11294 -+ if (IS_ERR(alias)) {
11295 -+ rc = PTR_ERR(alias);
11296 -+ goto out;
11297 - }
11298 -+ *de = alias;
11299 -
11300 - if (!it_disposition(it, DISP_LOOKUP_NEG)) {
11301 - /* we have lookup look - unhide dentry */
11302 -@@ -590,6 +577,24 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
11303 - dentry, PFID(ll_inode2fid(dir)), dir, file, open_flags, mode,
11304 - *opened);
11305 -
11306 -+ /* Only negative dentries enter here */
11307 -+ LASSERT(!d_inode(dentry));
11308 -+
11309 -+ if (!d_in_lookup(dentry)) {
11310 -+ /* A valid negative dentry that just passed revalidation,
11311 -+ * there's little point to try and open it server-side,
11312 -+ * even though there's a minuscle chance it might succeed.
11313 -+ * Either way it's a valid race to just return -ENOENT here.
11314 -+ */
11315 -+ if (!(open_flags & O_CREAT))
11316 -+ return -ENOENT;
11317 -+
11318 -+ /* Otherwise we just unhash it to be rehashed afresh via
11319 -+ * lookup if necessary
11320 -+ */
11321 -+ d_drop(dentry);
11322 -+ }
11323 -+
11324 - it = kzalloc(sizeof(*it), GFP_NOFS);
11325 - if (!it)
11326 - return -ENOMEM;
11327 -diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
11328 -index 065f5d9..dfec5a1 100644
11329 ---- a/drivers/usb/chipidea/udc.c
11330 -+++ b/drivers/usb/chipidea/udc.c
11331 -@@ -1596,8 +1596,11 @@ static int ci_udc_pullup(struct usb_gadget *_gadget, int is_on)
11332 - {
11333 - struct ci_hdrc *ci = container_of(_gadget, struct ci_hdrc, gadget);
11334 -
11335 -- /* Data+ pullup controlled by OTG state machine in OTG fsm mode */
11336 -- if (ci_otg_is_fsm_mode(ci))
11337 -+ /*
11338 -+ * Data+ pullup controlled by OTG state machine in OTG fsm mode;
11339 -+ * and don't touch Data+ in host mode for dual role config.
11340 -+ */
11341 -+ if (ci_otg_is_fsm_mode(ci) || ci->role == CI_ROLE_HOST)
11342 - return 0;
11343 -
11344 - pm_runtime_get_sync(&ci->gadget.dev);
11345 -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
11346 -index 94a14f5..0a4d54a 100644
11347 ---- a/drivers/usb/class/cdc-acm.c
11348 -+++ b/drivers/usb/class/cdc-acm.c
11349 -@@ -1405,7 +1405,6 @@ made_compressed_probe:
11350 - spin_lock_init(&acm->write_lock);
11351 - spin_lock_init(&acm->read_lock);
11352 - mutex_init(&acm->mutex);
11353 -- acm->rx_endpoint = usb_rcvbulkpipe(usb_dev, epread->bEndpointAddress);
11354 - acm->is_int_ep = usb_endpoint_xfer_int(epread);
11355 - if (acm->is_int_ep)
11356 - acm->bInterval = epread->bInterval;
11357 -@@ -1445,14 +1444,14 @@ made_compressed_probe:
11358 - urb->transfer_dma = rb->dma;
11359 - if (acm->is_int_ep) {
11360 - usb_fill_int_urb(urb, acm->dev,
11361 -- acm->rx_endpoint,
11362 -+ usb_rcvintpipe(usb_dev, epread->bEndpointAddress),
11363 - rb->base,
11364 - acm->readsize,
11365 - acm_read_bulk_callback, rb,
11366 - acm->bInterval);
11367 - } else {
11368 - usb_fill_bulk_urb(urb, acm->dev,
11369 -- acm->rx_endpoint,
11370 -+ usb_rcvbulkpipe(usb_dev, epread->bEndpointAddress),
11371 - rb->base,
11372 - acm->readsize,
11373 - acm_read_bulk_callback, rb);
11374 -diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
11375 -index 05ce308..1f1eabf 100644
11376 ---- a/drivers/usb/class/cdc-acm.h
11377 -+++ b/drivers/usb/class/cdc-acm.h
11378 -@@ -96,7 +96,6 @@ struct acm {
11379 - struct acm_rb read_buffers[ACM_NR];
11380 - struct acm_wb *putbuffer; /* for acm_tty_put_char() */
11381 - int rx_buflimit;
11382 -- int rx_endpoint;
11383 - spinlock_t read_lock;
11384 - int write_used; /* number of non-empty write buffers */
11385 - int transmitting;
11386 -diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
11387 -index 31ccdcc..15ce4ab 100644
11388 ---- a/drivers/usb/core/config.c
11389 -+++ b/drivers/usb/core/config.c
11390 -@@ -171,6 +171,31 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
11391 - ep, buffer, size);
11392 - }
11393 -
11394 -+static const unsigned short low_speed_maxpacket_maxes[4] = {
11395 -+ [USB_ENDPOINT_XFER_CONTROL] = 8,
11396 -+ [USB_ENDPOINT_XFER_ISOC] = 0,
11397 -+ [USB_ENDPOINT_XFER_BULK] = 0,
11398 -+ [USB_ENDPOINT_XFER_INT] = 8,
11399 -+};
11400 -+static const unsigned short full_speed_maxpacket_maxes[4] = {
11401 -+ [USB_ENDPOINT_XFER_CONTROL] = 64,
11402 -+ [USB_ENDPOINT_XFER_ISOC] = 1023,
11403 -+ [USB_ENDPOINT_XFER_BULK] = 64,
11404 -+ [USB_ENDPOINT_XFER_INT] = 64,
11405 -+};
11406 -+static const unsigned short high_speed_maxpacket_maxes[4] = {
11407 -+ [USB_ENDPOINT_XFER_CONTROL] = 64,
11408 -+ [USB_ENDPOINT_XFER_ISOC] = 1024,
11409 -+ [USB_ENDPOINT_XFER_BULK] = 512,
11410 -+ [USB_ENDPOINT_XFER_INT] = 1024,
11411 -+};
11412 -+static const unsigned short super_speed_maxpacket_maxes[4] = {
11413 -+ [USB_ENDPOINT_XFER_CONTROL] = 512,
11414 -+ [USB_ENDPOINT_XFER_ISOC] = 1024,
11415 -+ [USB_ENDPOINT_XFER_BULK] = 1024,
11416 -+ [USB_ENDPOINT_XFER_INT] = 1024,
11417 -+};
11418 -+
11419 - static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
11420 - int asnum, struct usb_host_interface *ifp, int num_ep,
11421 - unsigned char *buffer, int size)
11422 -@@ -179,6 +204,8 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
11423 - struct usb_endpoint_descriptor *d;
11424 - struct usb_host_endpoint *endpoint;
11425 - int n, i, j, retval;
11426 -+ unsigned int maxp;
11427 -+ const unsigned short *maxpacket_maxes;
11428 -
11429 - d = (struct usb_endpoint_descriptor *) buffer;
11430 - buffer += d->bLength;
11431 -@@ -286,6 +313,42 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
11432 - endpoint->desc.wMaxPacketSize = cpu_to_le16(8);
11433 - }
11434 -
11435 -+ /* Validate the wMaxPacketSize field */
11436 -+ maxp = usb_endpoint_maxp(&endpoint->desc);
11437 -+
11438 -+ /* Find the highest legal maxpacket size for this endpoint */
11439 -+ i = 0; /* additional transactions per microframe */
11440 -+ switch (to_usb_device(ddev)->speed) {
11441 -+ case USB_SPEED_LOW:
11442 -+ maxpacket_maxes = low_speed_maxpacket_maxes;
11443 -+ break;
11444 -+ case USB_SPEED_FULL:
11445 -+ maxpacket_maxes = full_speed_maxpacket_maxes;
11446 -+ break;
11447 -+ case USB_SPEED_HIGH:
11448 -+ /* Bits 12..11 are allowed only for HS periodic endpoints */
11449 -+ if (usb_endpoint_xfer_int(d) || usb_endpoint_xfer_isoc(d)) {
11450 -+ i = maxp & (BIT(12) | BIT(11));
11451 -+ maxp &= ~i;
11452 -+ }
11453 -+ /* fallthrough */
11454 -+ default:
11455 -+ maxpacket_maxes = high_speed_maxpacket_maxes;
11456 -+ break;
11457 -+ case USB_SPEED_SUPER:
11458 -+ case USB_SPEED_SUPER_PLUS:
11459 -+ maxpacket_maxes = super_speed_maxpacket_maxes;
11460 -+ break;
11461 -+ }
11462 -+ j = maxpacket_maxes[usb_endpoint_type(&endpoint->desc)];
11463 -+
11464 -+ if (maxp > j) {
11465 -+ dev_warn(ddev, "config %d interface %d altsetting %d endpoint 0x%X has invalid maxpacket %d, setting to %d\n",
11466 -+ cfgno, inum, asnum, d->bEndpointAddress, maxp, j);
11467 -+ maxp = j;
11468 -+ endpoint->desc.wMaxPacketSize = cpu_to_le16(i | maxp);
11469 -+ }
11470 -+
11471 - /*
11472 - * Some buggy high speed devices have bulk endpoints using
11473 - * maxpacket sizes other than 512. High speed HCDs may not
11474 -@@ -293,9 +356,6 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
11475 - */
11476 - if (to_usb_device(ddev)->speed == USB_SPEED_HIGH
11477 - && usb_endpoint_xfer_bulk(d)) {
11478 -- unsigned maxp;
11479 --
11480 -- maxp = usb_endpoint_maxp(&endpoint->desc) & 0x07ff;
11481 - if (maxp != 512)
11482 - dev_warn(ddev, "config %d interface %d altsetting %d "
11483 - "bulk endpoint 0x%X has invalid maxpacket %d\n",
11484 -diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
11485 -index e9f5043..50b6baa 100644
11486 ---- a/drivers/usb/core/devio.c
11487 -+++ b/drivers/usb/core/devio.c
11488 -@@ -241,7 +241,8 @@ static int usbdev_mmap(struct file *file, struct vm_area_struct *vma)
11489 - goto error_decrease_mem;
11490 - }
11491 -
11492 -- mem = usb_alloc_coherent(ps->dev, size, GFP_USER, &dma_handle);
11493 -+ mem = usb_alloc_coherent(ps->dev, size, GFP_USER | __GFP_NOWARN,
11494 -+ &dma_handle);
11495 - if (!mem) {
11496 - ret = -ENOMEM;
11497 - goto error_free_usbm;
11498 -@@ -1708,11 +1709,17 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
11499 - as->urb->start_frame = uurb->start_frame;
11500 - as->urb->number_of_packets = number_of_packets;
11501 - as->urb->stream_id = stream_id;
11502 -- if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
11503 -- ps->dev->speed == USB_SPEED_HIGH)
11504 -- as->urb->interval = 1 << min(15, ep->desc.bInterval - 1);
11505 -- else
11506 -- as->urb->interval = ep->desc.bInterval;
11507 -+
11508 -+ if (ep->desc.bInterval) {
11509 -+ if (uurb->type == USBDEVFS_URB_TYPE_ISO ||
11510 -+ ps->dev->speed == USB_SPEED_HIGH ||
11511 -+ ps->dev->speed >= USB_SPEED_SUPER)
11512 -+ as->urb->interval = 1 <<
11513 -+ min(15, ep->desc.bInterval - 1);
11514 -+ else
11515 -+ as->urb->interval = ep->desc.bInterval;
11516 -+ }
11517 -+
11518 - as->urb->context = as;
11519 - as->urb->complete = async_completed;
11520 - for (totlen = u = 0; u < number_of_packets; u++) {
11521 -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
11522 -index bee1351..1d5fc32 100644
11523 ---- a/drivers/usb/core/hub.c
11524 -+++ b/drivers/usb/core/hub.c
11525 -@@ -1052,14 +1052,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
11526 -
11527 - /* Continue a partial initialization */
11528 - if (type == HUB_INIT2 || type == HUB_INIT3) {
11529 -- device_lock(hub->intfdev);
11530 -+ device_lock(&hdev->dev);
11531 -
11532 - /* Was the hub disconnected while we were waiting? */
11533 -- if (hub->disconnected) {
11534 -- device_unlock(hub->intfdev);
11535 -- kref_put(&hub->kref, hub_release);
11536 -- return;
11537 -- }
11538 -+ if (hub->disconnected)
11539 -+ goto disconnected;
11540 - if (type == HUB_INIT2)
11541 - goto init2;
11542 - goto init3;
11543 -@@ -1262,7 +1259,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
11544 - queue_delayed_work(system_power_efficient_wq,
11545 - &hub->init_work,
11546 - msecs_to_jiffies(delay));
11547 -- device_unlock(hub->intfdev);
11548 -+ device_unlock(&hdev->dev);
11549 - return; /* Continues at init3: below */
11550 - } else {
11551 - msleep(delay);
11552 -@@ -1281,12 +1278,12 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
11553 - /* Scan all ports that need attention */
11554 - kick_hub_wq(hub);
11555 -
11556 -- /* Allow autosuspend if it was suppressed */
11557 -- if (type <= HUB_INIT3)
11558 -+ if (type == HUB_INIT2 || type == HUB_INIT3) {
11559 -+ /* Allow autosuspend if it was suppressed */
11560 -+ disconnected:
11561 - usb_autopm_put_interface_async(to_usb_interface(hub->intfdev));
11562 --
11563 -- if (type == HUB_INIT2 || type == HUB_INIT3)
11564 -- device_unlock(hub->intfdev);
11565 -+ device_unlock(&hdev->dev);
11566 -+ }
11567 -
11568 - kref_put(&hub->kref, hub_release);
11569 - }
11570 -@@ -1315,8 +1312,6 @@ static void hub_quiesce(struct usb_hub *hub, enum hub_quiescing_type type)
11571 - struct usb_device *hdev = hub->hdev;
11572 - int i;
11573 -
11574 -- cancel_delayed_work_sync(&hub->init_work);
11575 --
11576 - /* hub_wq and related activity won't re-trigger */
11577 - hub->quiescing = 1;
11578 -
11579 -diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c
11580 -index 14196cd..2fd5057 100644
11581 ---- a/drivers/usb/dwc3/dwc3-pci.c
11582 -+++ b/drivers/usb/dwc3/dwc3-pci.c
11583 -@@ -37,6 +37,7 @@
11584 - #define PCI_DEVICE_ID_INTEL_BXT 0x0aaa
11585 - #define PCI_DEVICE_ID_INTEL_BXT_M 0x1aaa
11586 - #define PCI_DEVICE_ID_INTEL_APL 0x5aaa
11587 -+#define PCI_DEVICE_ID_INTEL_KBP 0xa2b0
11588 -
11589 - static const struct acpi_gpio_params reset_gpios = { 0, 0, false };
11590 - static const struct acpi_gpio_params cs_gpios = { 1, 0, false };
11591 -@@ -214,6 +215,7 @@ static const struct pci_device_id dwc3_pci_id_table[] = {
11592 - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BXT), },
11593 - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BXT_M), },
11594 - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_APL), },
11595 -+ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_KBP), },
11596 - { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_NL_USB), },
11597 - { } /* Terminating Entry */
11598 - };
11599 -diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
11600 -index 716f4f0..05a5300 100644
11601 ---- a/drivers/usb/dwc3/gadget.c
11602 -+++ b/drivers/usb/dwc3/gadget.c
11603 -@@ -1897,7 +1897,8 @@ static void dwc3_gadget_free_endpoints(struct dwc3 *dwc)
11604 -
11605 - static int __dwc3_cleanup_done_trbs(struct dwc3 *dwc, struct dwc3_ep *dep,
11606 - struct dwc3_request *req, struct dwc3_trb *trb,
11607 -- const struct dwc3_event_depevt *event, int status)
11608 -+ const struct dwc3_event_depevt *event, int status,
11609 -+ int chain)
11610 - {
11611 - unsigned int count;
11612 - unsigned int s_pkt = 0;
11613 -@@ -1905,6 +1906,19 @@ static int __dwc3_cleanup_done_trbs(struct dwc3 *dwc, struct dwc3_ep *dep,
11614 -
11615 - trace_dwc3_complete_trb(dep, trb);
11616 -
11617 -+ /*
11618 -+ * If we're in the middle of series of chained TRBs and we
11619 -+ * receive a short transfer along the way, DWC3 will skip
11620 -+ * through all TRBs including the last TRB in the chain (the
11621 -+ * where CHN bit is zero. DWC3 will also avoid clearing HWO
11622 -+ * bit and SW has to do it manually.
11623 -+ *
11624 -+ * We're going to do that here to avoid problems of HW trying
11625 -+ * to use bogus TRBs for transfers.
11626 -+ */
11627 -+ if (chain && (trb->ctrl & DWC3_TRB_CTRL_HWO))
11628 -+ trb->ctrl &= ~DWC3_TRB_CTRL_HWO;
11629 -+
11630 - if ((trb->ctrl & DWC3_TRB_CTRL_HWO) && status != -ESHUTDOWN)
11631 - /*
11632 - * We continue despite the error. There is not much we
11633 -@@ -1916,6 +1930,7 @@ static int __dwc3_cleanup_done_trbs(struct dwc3 *dwc, struct dwc3_ep *dep,
11634 - */
11635 - dev_err(dwc->dev, "%s's TRB (%p) still owned by HW\n",
11636 - dep->name, trb);
11637 -+
11638 - count = trb->size & DWC3_TRB_SIZE_MASK;
11639 -
11640 - if (dep->direction) {
11641 -@@ -1954,15 +1969,7 @@ static int __dwc3_cleanup_done_trbs(struct dwc3 *dwc, struct dwc3_ep *dep,
11642 - s_pkt = 1;
11643 - }
11644 -
11645 -- /*
11646 -- * We assume here we will always receive the entire data block
11647 -- * which we should receive. Meaning, if we program RX to
11648 -- * receive 4K but we receive only 2K, we assume that's all we
11649 -- * should receive and we simply bounce the request back to the
11650 -- * gadget driver for further processing.
11651 -- */
11652 -- req->request.actual += req->request.length - count;
11653 -- if (s_pkt)
11654 -+ if (s_pkt && !chain)
11655 - return 1;
11656 - if ((event->status & DEPEVT_STATUS_LST) &&
11657 - (trb->ctrl & (DWC3_TRB_CTRL_LST |
11658 -@@ -1981,13 +1988,17 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep,
11659 - struct dwc3_trb *trb;
11660 - unsigned int slot;
11661 - unsigned int i;
11662 -+ int count = 0;
11663 - int ret;
11664 -
11665 - do {
11666 -+ int chain;
11667 -+
11668 - req = next_request(&dep->started_list);
11669 - if (WARN_ON_ONCE(!req))
11670 - return 1;
11671 -
11672 -+ chain = req->request.num_mapped_sgs > 0;
11673 - i = 0;
11674 - do {
11675 - slot = req->first_trb_index + i;
11676 -@@ -1995,13 +2006,22 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep,
11677 - slot++;
11678 - slot %= DWC3_TRB_NUM;
11679 - trb = &dep->trb_pool[slot];
11680 -+ count += trb->size & DWC3_TRB_SIZE_MASK;
11681 -
11682 - ret = __dwc3_cleanup_done_trbs(dwc, dep, req, trb,
11683 -- event, status);
11684 -+ event, status, chain);
11685 - if (ret)
11686 - break;
11687 - } while (++i < req->request.num_mapped_sgs);
11688 -
11689 -+ /*
11690 -+ * We assume here we will always receive the entire data block
11691 -+ * which we should receive. Meaning, if we program RX to
11692 -+ * receive 4K but we receive only 2K, we assume that's all we
11693 -+ * should receive and we simply bounce the request back to the
11694 -+ * gadget driver for further processing.
11695 -+ */
11696 -+ req->request.actual += req->request.length - count;
11697 - dwc3_gadget_giveback(dep, req, status);
11698 -
11699 - if (ret)
11700 -diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
11701 -index aa3707b..be64798 100644
11702 ---- a/drivers/usb/gadget/legacy/inode.c
11703 -+++ b/drivers/usb/gadget/legacy/inode.c
11704 -@@ -542,7 +542,7 @@ static ssize_t ep_aio(struct kiocb *iocb,
11705 - */
11706 - spin_lock_irq(&epdata->dev->lock);
11707 - value = -ENODEV;
11708 -- if (unlikely(epdata->ep))
11709 -+ if (unlikely(epdata->ep == NULL))
11710 - goto fail;
11711 -
11712 - req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
11713 -diff --git a/drivers/usb/gadget/udc/fsl_qe_udc.c b/drivers/usb/gadget/udc/fsl_qe_udc.c
11714 -index 93d28cb..cf8819a 100644
11715 ---- a/drivers/usb/gadget/udc/fsl_qe_udc.c
11716 -+++ b/drivers/usb/gadget/udc/fsl_qe_udc.c
11717 -@@ -2053,7 +2053,7 @@ static void setup_received_handle(struct qe_udc *udc,
11718 - struct qe_ep *ep;
11719 -
11720 - if (wValue != 0 || wLength != 0
11721 -- || pipe > USB_MAX_ENDPOINTS)
11722 -+ || pipe >= USB_MAX_ENDPOINTS)
11723 - break;
11724 - ep = &udc->eps[pipe];
11725 -
11726 -diff --git a/drivers/usb/gadget/udc/udc-core.c b/drivers/usb/gadget/udc/udc-core.c
11727 -index e1b2dce..bd46950 100644
11728 ---- a/drivers/usb/gadget/udc/udc-core.c
11729 -+++ b/drivers/usb/gadget/udc/udc-core.c
11730 -@@ -106,7 +106,7 @@ void usb_gadget_unmap_request_by_dev(struct device *dev,
11731 - return;
11732 -
11733 - if (req->num_mapped_sgs) {
11734 -- dma_unmap_sg(dev, req->sg, req->num_mapped_sgs,
11735 -+ dma_unmap_sg(dev, req->sg, req->num_sgs,
11736 - is_in ? DMA_TO_DEVICE : DMA_FROM_DEVICE);
11737 -
11738 - req->num_mapped_sgs = 0;
11739 -diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
11740 -index a962b89..1e5f529 100644
11741 ---- a/drivers/usb/host/ehci-hcd.c
11742 -+++ b/drivers/usb/host/ehci-hcd.c
11743 -@@ -332,11 +332,11 @@ static void ehci_turn_off_all_ports(struct ehci_hcd *ehci)
11744 - int port = HCS_N_PORTS(ehci->hcs_params);
11745 -
11746 - while (port--) {
11747 -- ehci_writel(ehci, PORT_RWC_BITS,
11748 -- &ehci->regs->port_status[port]);
11749 - spin_unlock_irq(&ehci->lock);
11750 - ehci_port_power(ehci, port, false);
11751 - spin_lock_irq(&ehci->lock);
11752 -+ ehci_writel(ehci, PORT_RWC_BITS,
11753 -+ &ehci->regs->port_status[port]);
11754 - }
11755 - }
11756 -
11757 -diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
11758 -index d61fcc4..730b9fd 100644
11759 ---- a/drivers/usb/host/xhci-hub.c
11760 -+++ b/drivers/usb/host/xhci-hub.c
11761 -@@ -386,6 +386,9 @@ static int xhci_stop_device(struct xhci_hcd *xhci, int slot_id, int suspend)
11762 -
11763 - ret = 0;
11764 - virt_dev = xhci->devs[slot_id];
11765 -+ if (!virt_dev)
11766 -+ return -ENODEV;
11767 -+
11768 - cmd = xhci_alloc_command(xhci, false, true, GFP_NOIO);
11769 - if (!cmd) {
11770 - xhci_dbg(xhci, "Couldn't allocate command structure.\n");
11771 -diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
11772 -index c10972f..69f7fab 100644
11773 ---- a/drivers/usb/host/xhci-pci.c
11774 -+++ b/drivers/usb/host/xhci-pci.c
11775 -@@ -314,11 +314,12 @@ static void xhci_pci_remove(struct pci_dev *dev)
11776 - usb_remove_hcd(xhci->shared_hcd);
11777 - usb_put_hcd(xhci->shared_hcd);
11778 - }
11779 -- usb_hcd_pci_remove(dev);
11780 -
11781 - /* Workaround for spurious wakeups at shutdown with HSW */
11782 - if (xhci->quirks & XHCI_SPURIOUS_WAKEUP)
11783 - pci_set_power_state(dev, PCI_D3hot);
11784 -+
11785 -+ usb_hcd_pci_remove(dev);
11786 - }
11787 -
11788 - #ifdef CONFIG_PM
11789 -diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
11790 -index d7d5025..bc17bcf 100644
11791 ---- a/drivers/usb/host/xhci-ring.c
11792 -+++ b/drivers/usb/host/xhci-ring.c
11793 -@@ -1325,12 +1325,6 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
11794 -
11795 - cmd = list_entry(xhci->cmd_list.next, struct xhci_command, cmd_list);
11796 -
11797 -- if (cmd->command_trb != xhci->cmd_ring->dequeue) {
11798 -- xhci_err(xhci,
11799 -- "Command completion event does not match command\n");
11800 -- return;
11801 -- }
11802 --
11803 - del_timer(&xhci->cmd_timer);
11804 -
11805 - trace_xhci_cmd_completion(cmd_trb, (struct xhci_generic_trb *) event);
11806 -@@ -1342,6 +1336,13 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
11807 - xhci_handle_stopped_cmd_ring(xhci, cmd);
11808 - return;
11809 - }
11810 -+
11811 -+ if (cmd->command_trb != xhci->cmd_ring->dequeue) {
11812 -+ xhci_err(xhci,
11813 -+ "Command completion event does not match command\n");
11814 -+ return;
11815 -+ }
11816 -+
11817 - /*
11818 - * Host aborted the command ring, check if the current command was
11819 - * supposed to be aborted, otherwise continue normally.
11820 -diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
11821 -index 6b978f0..5c8210d 100644
11822 ---- a/drivers/usb/misc/usbtest.c
11823 -+++ b/drivers/usb/misc/usbtest.c
11824 -@@ -585,7 +585,6 @@ static void sg_timeout(unsigned long _req)
11825 - {
11826 - struct usb_sg_request *req = (struct usb_sg_request *) _req;
11827 -
11828 -- req->status = -ETIMEDOUT;
11829 - usb_sg_cancel(req);
11830 - }
11831 -
11832 -@@ -616,8 +615,10 @@ static int perform_sglist(
11833 - mod_timer(&sg_timer, jiffies +
11834 - msecs_to_jiffies(SIMPLE_IO_TIMEOUT));
11835 - usb_sg_wait(req);
11836 -- del_timer_sync(&sg_timer);
11837 -- retval = req->status;
11838 -+ if (!del_timer_sync(&sg_timer))
11839 -+ retval = -ETIMEDOUT;
11840 -+ else
11841 -+ retval = req->status;
11842 -
11843 - /* FIXME check resulting data pattern */
11844 -
11845 -@@ -2602,7 +2603,7 @@ usbtest_ioctl(struct usb_interface *intf, unsigned int code, void *buf)
11846 - ktime_get_ts64(&start);
11847 -
11848 - retval = usbtest_do_ioctl(intf, param_32);
11849 -- if (retval)
11850 -+ if (retval < 0)
11851 - goto free_mutex;
11852 -
11853 - ktime_get_ts64(&end);
11854 -diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c
11855 -index baeb7d2..8c81aac 100644
11856 ---- a/drivers/usb/renesas_usbhs/common.c
11857 -+++ b/drivers/usb/renesas_usbhs/common.c
11858 -@@ -514,7 +514,8 @@ static struct renesas_usbhs_platform_info *usbhs_parse_dt(struct device *dev)
11859 - if (gpio > 0)
11860 - dparam->enable_gpio = gpio;
11861 -
11862 -- if (dparam->type == USBHS_TYPE_RCAR_GEN2)
11863 -+ if (dparam->type == USBHS_TYPE_RCAR_GEN2 ||
11864 -+ dparam->type == USBHS_TYPE_RCAR_GEN3)
11865 - dparam->has_usb_dmac = 1;
11866 -
11867 - return info;
11868 -diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c
11869 -index 280ed5f..857e783 100644
11870 ---- a/drivers/usb/renesas_usbhs/fifo.c
11871 -+++ b/drivers/usb/renesas_usbhs/fifo.c
11872 -@@ -871,7 +871,7 @@ static int usbhsf_dma_prepare_push(struct usbhs_pkt *pkt, int *is_done)
11873 -
11874 - /* use PIO if packet is less than pio_dma_border or pipe is DCP */
11875 - if ((len < usbhs_get_dparam(priv, pio_dma_border)) ||
11876 -- usbhs_pipe_is_dcp(pipe))
11877 -+ usbhs_pipe_type_is(pipe, USB_ENDPOINT_XFER_ISOC))
11878 - goto usbhsf_pio_prepare_push;
11879 -
11880 - /* check data length if this driver don't use USB-DMAC */
11881 -@@ -976,7 +976,7 @@ static int usbhsf_dma_prepare_pop_with_usb_dmac(struct usbhs_pkt *pkt,
11882 -
11883 - /* use PIO if packet is less than pio_dma_border or pipe is DCP */
11884 - if ((pkt->length < usbhs_get_dparam(priv, pio_dma_border)) ||
11885 -- usbhs_pipe_is_dcp(pipe))
11886 -+ usbhs_pipe_type_is(pipe, USB_ENDPOINT_XFER_ISOC))
11887 - goto usbhsf_pio_prepare_pop;
11888 -
11889 - fifo = usbhsf_get_dma_fifo(priv, pkt);
11890 -diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c
11891 -index 50f3363..c4c6474 100644
11892 ---- a/drivers/usb/renesas_usbhs/mod_gadget.c
11893 -+++ b/drivers/usb/renesas_usbhs/mod_gadget.c
11894 -@@ -617,10 +617,13 @@ static int usbhsg_ep_enable(struct usb_ep *ep,
11895 - * use dmaengine if possible.
11896 - * It will use pio handler if impossible.
11897 - */
11898 -- if (usb_endpoint_dir_in(desc))
11899 -+ if (usb_endpoint_dir_in(desc)) {
11900 - pipe->handler = &usbhs_fifo_dma_push_handler;
11901 -- else
11902 -+ } else {
11903 - pipe->handler = &usbhs_fifo_dma_pop_handler;
11904 -+ usbhs_xxxsts_clear(priv, BRDYSTS,
11905 -+ usbhs_pipe_number(pipe));
11906 -+ }
11907 -
11908 - ret = 0;
11909 - }
11910 -@@ -1073,7 +1076,7 @@ int usbhs_mod_gadget_probe(struct usbhs_priv *priv)
11911 -
11912 - gpriv->transceiver = usb_get_phy(USB_PHY_TYPE_UNDEFINED);
11913 - dev_info(dev, "%stransceiver found\n",
11914 -- gpriv->transceiver ? "" : "no ");
11915 -+ !IS_ERR(gpriv->transceiver) ? "" : "no ");
11916 -
11917 - /*
11918 - * CAUTION
11919 -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
11920 -index 0082080..b2d767e 100644
11921 ---- a/drivers/usb/serial/ftdi_sio.c
11922 -+++ b/drivers/usb/serial/ftdi_sio.c
11923 -@@ -648,6 +648,8 @@ static const struct usb_device_id id_table_combined[] = {
11924 - { USB_DEVICE(FTDI_VID, FTDI_ELV_TFD128_PID) },
11925 - { USB_DEVICE(FTDI_VID, FTDI_ELV_FM3RX_PID) },
11926 - { USB_DEVICE(FTDI_VID, FTDI_ELV_WS777_PID) },
11927 -+ { USB_DEVICE(FTDI_VID, FTDI_PALMSENS_PID) },
11928 -+ { USB_DEVICE(FTDI_VID, FTDI_IVIUM_XSTAT_PID) },
11929 - { USB_DEVICE(FTDI_VID, LINX_SDMUSBQSS_PID) },
11930 - { USB_DEVICE(FTDI_VID, LINX_MASTERDEVEL2_PID) },
11931 - { USB_DEVICE(FTDI_VID, LINX_FUTURE_0_PID) },
11932 -@@ -1008,6 +1010,7 @@ static const struct usb_device_id id_table_combined[] = {
11933 - { USB_DEVICE(ICPDAS_VID, ICPDAS_I7560U_PID) },
11934 - { USB_DEVICE(ICPDAS_VID, ICPDAS_I7561U_PID) },
11935 - { USB_DEVICE(ICPDAS_VID, ICPDAS_I7563U_PID) },
11936 -+ { USB_DEVICE(WICED_VID, WICED_USB20706V2_PID) },
11937 - { } /* Terminating entry */
11938 - };
11939 -
11940 -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
11941 -index c5d6c1e..f87a938 100644
11942 ---- a/drivers/usb/serial/ftdi_sio_ids.h
11943 -+++ b/drivers/usb/serial/ftdi_sio_ids.h
11944 -@@ -406,6 +406,12 @@
11945 - #define FTDI_4N_GALAXY_DE_3_PID 0xF3C2
11946 -
11947 - /*
11948 -+ * Ivium Technologies product IDs
11949 -+ */
11950 -+#define FTDI_PALMSENS_PID 0xf440
11951 -+#define FTDI_IVIUM_XSTAT_PID 0xf441
11952 -+
11953 -+/*
11954 - * Linx Technologies product ids
11955 - */
11956 - #define LINX_SDMUSBQSS_PID 0xF448 /* Linx SDM-USB-QS-S */
11957 -@@ -673,6 +679,12 @@
11958 - #define INTREPID_NEOVI_PID 0x0701
11959 -
11960 - /*
11961 -+ * WICED USB UART
11962 -+ */
11963 -+#define WICED_VID 0x0A5C
11964 -+#define WICED_USB20706V2_PID 0x6422
11965 -+
11966 -+/*
11967 - * Definitions for ID TECH (www.idt-net.com) devices
11968 - */
11969 - #define IDTECH_VID 0x0ACD /* ID TECH Vendor ID */
11970 -diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
11971 -index 5608af4..de9992b 100644
11972 ---- a/drivers/usb/serial/mos7720.c
11973 -+++ b/drivers/usb/serial/mos7720.c
11974 -@@ -1252,7 +1252,7 @@ static int mos7720_write(struct tty_struct *tty, struct usb_serial_port *port,
11975 -
11976 - if (urb->transfer_buffer == NULL) {
11977 - urb->transfer_buffer = kmalloc(URB_TRANSFER_BUFFER_SIZE,
11978 -- GFP_KERNEL);
11979 -+ GFP_ATOMIC);
11980 - if (!urb->transfer_buffer)
11981 - goto exit;
11982 - }
11983 -diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
11984 -index ed378fb..57426d7 100644
11985 ---- a/drivers/usb/serial/mos7840.c
11986 -+++ b/drivers/usb/serial/mos7840.c
11987 -@@ -1340,8 +1340,8 @@ static int mos7840_write(struct tty_struct *tty, struct usb_serial_port *port,
11988 - }
11989 -
11990 - if (urb->transfer_buffer == NULL) {
11991 -- urb->transfer_buffer =
11992 -- kmalloc(URB_TRANSFER_BUFFER_SIZE, GFP_KERNEL);
11993 -+ urb->transfer_buffer = kmalloc(URB_TRANSFER_BUFFER_SIZE,
11994 -+ GFP_ATOMIC);
11995 - if (!urb->transfer_buffer)
11996 - goto exit;
11997 - }
11998 -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
11999 -index 8e07536..9894e34 100644
12000 ---- a/drivers/usb/serial/option.c
12001 -+++ b/drivers/usb/serial/option.c
12002 -@@ -274,6 +274,12 @@ static void option_instat_callback(struct urb *urb);
12003 - #define TELIT_PRODUCT_LE920 0x1200
12004 - #define TELIT_PRODUCT_LE910 0x1201
12005 - #define TELIT_PRODUCT_LE910_USBCFG4 0x1206
12006 -+#define TELIT_PRODUCT_LE920A4_1207 0x1207
12007 -+#define TELIT_PRODUCT_LE920A4_1208 0x1208
12008 -+#define TELIT_PRODUCT_LE920A4_1211 0x1211
12009 -+#define TELIT_PRODUCT_LE920A4_1212 0x1212
12010 -+#define TELIT_PRODUCT_LE920A4_1213 0x1213
12011 -+#define TELIT_PRODUCT_LE920A4_1214 0x1214
12012 -
12013 - /* ZTE PRODUCTS */
12014 - #define ZTE_VENDOR_ID 0x19d2
12015 -@@ -519,6 +525,12 @@ static void option_instat_callback(struct urb *urb);
12016 - #define VIATELECOM_VENDOR_ID 0x15eb
12017 - #define VIATELECOM_PRODUCT_CDS7 0x0001
12018 -
12019 -+/* WeTelecom products */
12020 -+#define WETELECOM_VENDOR_ID 0x22de
12021 -+#define WETELECOM_PRODUCT_WMD200 0x6801
12022 -+#define WETELECOM_PRODUCT_6802 0x6802
12023 -+#define WETELECOM_PRODUCT_WMD300 0x6803
12024 -+
12025 - struct option_blacklist_info {
12026 - /* bitmask of interface numbers blacklisted for send_setup */
12027 - const unsigned long sendsetup;
12028 -@@ -628,6 +640,11 @@ static const struct option_blacklist_info telit_le920_blacklist = {
12029 - .reserved = BIT(1) | BIT(5),
12030 - };
12031 -
12032 -+static const struct option_blacklist_info telit_le920a4_blacklist_1 = {
12033 -+ .sendsetup = BIT(0),
12034 -+ .reserved = BIT(1),
12035 -+};
12036 -+
12037 - static const struct option_blacklist_info telit_le922_blacklist_usbcfg0 = {
12038 - .sendsetup = BIT(2),
12039 - .reserved = BIT(0) | BIT(1) | BIT(3),
12040 -@@ -1203,6 +1220,16 @@ static const struct usb_device_id option_ids[] = {
12041 - .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
12042 - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
12043 - .driver_info = (kernel_ulong_t)&telit_le920_blacklist },
12044 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920A4_1207) },
12045 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920A4_1208),
12046 -+ .driver_info = (kernel_ulong_t)&telit_le920a4_blacklist_1 },
12047 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920A4_1211),
12048 -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
12049 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920A4_1212),
12050 -+ .driver_info = (kernel_ulong_t)&telit_le920a4_blacklist_1 },
12051 -+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920A4_1213, 0xff) },
12052 -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920A4_1214),
12053 -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
12054 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622, 0xff, 0xff, 0xff) }, /* ZTE WCDMA products */
12055 - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0002, 0xff, 0xff, 0xff),
12056 - .driver_info = (kernel_ulong_t)&net_intf1_blacklist },
12057 -@@ -1966,9 +1993,13 @@ static const struct usb_device_id option_ids[] = {
12058 - .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
12059 - { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
12060 - { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
12061 -+ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/A3 */
12062 - { USB_DEVICE_INTERFACE_CLASS(0x2020, 0x4000, 0xff) }, /* OLICARD300 - MT6225 */
12063 - { USB_DEVICE(INOVIA_VENDOR_ID, INOVIA_SEW858) },
12064 - { USB_DEVICE(VIATELECOM_VENDOR_ID, VIATELECOM_PRODUCT_CDS7) },
12065 -+ { USB_DEVICE_AND_INTERFACE_INFO(WETELECOM_VENDOR_ID, WETELECOM_PRODUCT_WMD200, 0xff, 0xff, 0xff) },
12066 -+ { USB_DEVICE_AND_INTERFACE_INFO(WETELECOM_VENDOR_ID, WETELECOM_PRODUCT_6802, 0xff, 0xff, 0xff) },
12067 -+ { USB_DEVICE_AND_INTERFACE_INFO(WETELECOM_VENDOR_ID, WETELECOM_PRODUCT_WMD300, 0xff, 0xff, 0xff) },
12068 - { } /* Terminating entry */
12069 - };
12070 - MODULE_DEVICE_TABLE(usb, option_ids);
12071 -diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c
12072 -index b1b9bac..d213cf4 100644
12073 ---- a/drivers/usb/serial/usb-serial.c
12074 -+++ b/drivers/usb/serial/usb-serial.c
12075 -@@ -1433,7 +1433,7 @@ int usb_serial_register_drivers(struct usb_serial_driver *const serial_drivers[]
12076 -
12077 - rc = usb_register(udriver);
12078 - if (rc)
12079 -- return rc;
12080 -+ goto failed_usb_register;
12081 -
12082 - for (sd = serial_drivers; *sd; ++sd) {
12083 - (*sd)->usb_driver = udriver;
12084 -@@ -1451,6 +1451,8 @@ int usb_serial_register_drivers(struct usb_serial_driver *const serial_drivers[]
12085 - while (sd-- > serial_drivers)
12086 - usb_serial_deregister(*sd);
12087 - usb_deregister(udriver);
12088 -+failed_usb_register:
12089 -+ kfree(udriver);
12090 - return rc;
12091 - }
12092 - EXPORT_SYMBOL_GPL(usb_serial_register_drivers);
12093 -diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
12094 -index 15ecfc9..152b438 100644
12095 ---- a/drivers/vfio/pci/vfio_pci_intrs.c
12096 -+++ b/drivers/vfio/pci/vfio_pci_intrs.c
12097 -@@ -564,67 +564,80 @@ static int vfio_pci_set_msi_trigger(struct vfio_pci_device *vdev,
12098 - }
12099 -
12100 - static int vfio_pci_set_ctx_trigger_single(struct eventfd_ctx **ctx,
12101 -- uint32_t flags, void *data)
12102 -+ unsigned int count, uint32_t flags,
12103 -+ void *data)
12104 - {
12105 -- int32_t fd = *(int32_t *)data;
12106 --
12107 -- if (!(flags & VFIO_IRQ_SET_DATA_TYPE_MASK))
12108 -- return -EINVAL;
12109 --
12110 - /* DATA_NONE/DATA_BOOL enables loopback testing */
12111 - if (flags & VFIO_IRQ_SET_DATA_NONE) {
12112 -- if (*ctx)
12113 -- eventfd_signal(*ctx, 1);
12114 -- return 0;
12115 -+ if (*ctx) {
12116 -+ if (count) {
12117 -+ eventfd_signal(*ctx, 1);
12118 -+ } else {
12119 -+ eventfd_ctx_put(*ctx);
12120 -+ *ctx = NULL;
12121 -+ }
12122 -+ return 0;
12123 -+ }
12124 - } else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
12125 -- uint8_t trigger = *(uint8_t *)data;
12126 -+ uint8_t trigger;
12127 -+
12128 -+ if (!count)
12129 -+ return -EINVAL;
12130 -+
12131 -+ trigger = *(uint8_t *)data;
12132 - if (trigger && *ctx)
12133 - eventfd_signal(*ctx, 1);
12134 -- return 0;
12135 -- }
12136 -
12137 -- /* Handle SET_DATA_EVENTFD */
12138 -- if (fd == -1) {
12139 -- if (*ctx)
12140 -- eventfd_ctx_put(*ctx);
12141 -- *ctx = NULL;
12142 - return 0;
12143 -- } else if (fd >= 0) {
12144 -- struct eventfd_ctx *efdctx;
12145 -- efdctx = eventfd_ctx_fdget(fd);
12146 -- if (IS_ERR(efdctx))
12147 -- return PTR_ERR(efdctx);
12148 -- if (*ctx)
12149 -- eventfd_ctx_put(*ctx);
12150 -- *ctx = efdctx;
12151 -+ } else if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
12152 -+ int32_t fd;
12153 -+
12154 -+ if (!count)
12155 -+ return -EINVAL;
12156 -+
12157 -+ fd = *(int32_t *)data;
12158 -+ if (fd == -1) {
12159 -+ if (*ctx)
12160 -+ eventfd_ctx_put(*ctx);
12161 -+ *ctx = NULL;
12162 -+ } else if (fd >= 0) {
12163 -+ struct eventfd_ctx *efdctx;
12164 -+
12165 -+ efdctx = eventfd_ctx_fdget(fd);
12166 -+ if (IS_ERR(efdctx))
12167 -+ return PTR_ERR(efdctx);
12168 -+
12169 -+ if (*ctx)
12170 -+ eventfd_ctx_put(*ctx);
12171 -+
12172 -+ *ctx = efdctx;
12173 -+ }
12174 - return 0;
12175 -- } else
12176 -- return -EINVAL;
12177 -+ }
12178 -+
12179 -+ return -EINVAL;
12180 - }
12181 -
12182 - static int vfio_pci_set_err_trigger(struct vfio_pci_device *vdev,
12183 - unsigned index, unsigned start,
12184 - unsigned count, uint32_t flags, void *data)
12185 - {
12186 -- if (index != VFIO_PCI_ERR_IRQ_INDEX)
12187 -+ if (index != VFIO_PCI_ERR_IRQ_INDEX || start != 0 || count > 1)
12188 - return -EINVAL;
12189 -
12190 -- /*
12191 -- * We should sanitize start & count, but that wasn't caught
12192 -- * originally, so this IRQ index must forever ignore them :-(
12193 -- */
12194 --
12195 -- return vfio_pci_set_ctx_trigger_single(&vdev->err_trigger, flags, data);
12196 -+ return vfio_pci_set_ctx_trigger_single(&vdev->err_trigger,
12197 -+ count, flags, data);
12198 - }
12199 -
12200 - static int vfio_pci_set_req_trigger(struct vfio_pci_device *vdev,
12201 - unsigned index, unsigned start,
12202 - unsigned count, uint32_t flags, void *data)
12203 - {
12204 -- if (index != VFIO_PCI_REQ_IRQ_INDEX || start != 0 || count != 1)
12205 -+ if (index != VFIO_PCI_REQ_IRQ_INDEX || start != 0 || count > 1)
12206 - return -EINVAL;
12207 -
12208 -- return vfio_pci_set_ctx_trigger_single(&vdev->req_trigger, flags, data);
12209 -+ return vfio_pci_set_ctx_trigger_single(&vdev->req_trigger,
12210 -+ count, flags, data);
12211 - }
12212 -
12213 - int vfio_pci_set_irqs_ioctl(struct vfio_pci_device *vdev, uint32_t flags,
12214 -diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
12215 -index ca6bfdd..2ebf30e 100644
12216 ---- a/drivers/virtio/virtio_ring.c
12217 -+++ b/drivers/virtio/virtio_ring.c
12218 -@@ -316,6 +316,8 @@ static inline int virtqueue_add(struct virtqueue *_vq,
12219 - * host should service the ring ASAP. */
12220 - if (out_sgs)
12221 - vq->notify(&vq->vq);
12222 -+ if (indirect)
12223 -+ kfree(desc);
12224 - END_USE(vq);
12225 - return -ENOSPC;
12226 - }
12227 -diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
12228 -index 4274a7b..72f5048 100644
12229 ---- a/fs/btrfs/ctree.h
12230 -+++ b/fs/btrfs/ctree.h
12231 -@@ -1040,6 +1040,7 @@ struct btrfs_fs_info {
12232 - struct btrfs_workqueue *qgroup_rescan_workers;
12233 - struct completion qgroup_rescan_completion;
12234 - struct btrfs_work qgroup_rescan_work;
12235 -+ bool qgroup_rescan_running; /* protected by qgroup_rescan_lock */
12236 -
12237 - /* filesystem state */
12238 - unsigned long fs_state;
12239 -diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
12240 -index 60ce119..864cf3b 100644
12241 ---- a/fs/btrfs/disk-io.c
12242 -+++ b/fs/btrfs/disk-io.c
12243 -@@ -1626,8 +1626,8 @@ fail:
12244 - return ret;
12245 - }
12246 -
12247 --static struct btrfs_root *btrfs_lookup_fs_root(struct btrfs_fs_info *fs_info,
12248 -- u64 root_id)
12249 -+struct btrfs_root *btrfs_lookup_fs_root(struct btrfs_fs_info *fs_info,
12250 -+ u64 root_id)
12251 - {
12252 - struct btrfs_root *root;
12253 -
12254 -@@ -2306,6 +2306,7 @@ static void btrfs_init_qgroup(struct btrfs_fs_info *fs_info)
12255 - fs_info->quota_enabled = 0;
12256 - fs_info->pending_quota_state = 0;
12257 - fs_info->qgroup_ulist = NULL;
12258 -+ fs_info->qgroup_rescan_running = false;
12259 - mutex_init(&fs_info->qgroup_rescan_lock);
12260 - }
12261 -
12262 -@@ -3849,7 +3850,7 @@ void close_ctree(struct btrfs_root *root)
12263 - smp_mb();
12264 -
12265 - /* wait for the qgroup rescan worker to stop */
12266 -- btrfs_qgroup_wait_for_completion(fs_info);
12267 -+ btrfs_qgroup_wait_for_completion(fs_info, false);
12268 -
12269 - /* wait for the uuid_scan task to finish */
12270 - down(&fs_info->uuid_tree_rescan_sem);
12271 -diff --git a/fs/btrfs/disk-io.h b/fs/btrfs/disk-io.h
12272 -index acba821..355e31f 100644
12273 ---- a/fs/btrfs/disk-io.h
12274 -+++ b/fs/btrfs/disk-io.h
12275 -@@ -68,6 +68,8 @@ struct extent_buffer *btrfs_find_tree_block(struct btrfs_fs_info *fs_info,
12276 - struct btrfs_root *btrfs_read_fs_root(struct btrfs_root *tree_root,
12277 - struct btrfs_key *location);
12278 - int btrfs_init_fs_root(struct btrfs_root *root);
12279 -+struct btrfs_root *btrfs_lookup_fs_root(struct btrfs_fs_info *fs_info,
12280 -+ u64 root_id);
12281 - int btrfs_insert_fs_root(struct btrfs_fs_info *fs_info,
12282 - struct btrfs_root *root);
12283 - void btrfs_free_fs_roots(struct btrfs_fs_info *fs_info);
12284 -diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
12285 -index 0517356..3722a1f 100644
12286 ---- a/fs/btrfs/ioctl.c
12287 -+++ b/fs/btrfs/ioctl.c
12288 -@@ -5088,7 +5088,7 @@ static long btrfs_ioctl_quota_rescan_wait(struct file *file, void __user *arg)
12289 - if (!capable(CAP_SYS_ADMIN))
12290 - return -EPERM;
12291 -
12292 -- return btrfs_qgroup_wait_for_completion(root->fs_info);
12293 -+ return btrfs_qgroup_wait_for_completion(root->fs_info, true);
12294 - }
12295 -
12296 - static long _btrfs_ioctl_set_received_subvol(struct file *file,
12297 -diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
12298 -index 9d4c05b..4904ebe 100644
12299 ---- a/fs/btrfs/qgroup.c
12300 -+++ b/fs/btrfs/qgroup.c
12301 -@@ -995,7 +995,7 @@ int btrfs_quota_disable(struct btrfs_trans_handle *trans,
12302 - goto out;
12303 - fs_info->quota_enabled = 0;
12304 - fs_info->pending_quota_state = 0;
12305 -- btrfs_qgroup_wait_for_completion(fs_info);
12306 -+ btrfs_qgroup_wait_for_completion(fs_info, false);
12307 - spin_lock(&fs_info->qgroup_lock);
12308 - quota_root = fs_info->quota_root;
12309 - fs_info->quota_root = NULL;
12310 -@@ -2302,6 +2302,10 @@ static void btrfs_qgroup_rescan_worker(struct btrfs_work *work)
12311 - int err = -ENOMEM;
12312 - int ret = 0;
12313 -
12314 -+ mutex_lock(&fs_info->qgroup_rescan_lock);
12315 -+ fs_info->qgroup_rescan_running = true;
12316 -+ mutex_unlock(&fs_info->qgroup_rescan_lock);
12317 -+
12318 - path = btrfs_alloc_path();
12319 - if (!path)
12320 - goto out;
12321 -@@ -2368,6 +2372,9 @@ out:
12322 - }
12323 -
12324 - done:
12325 -+ mutex_lock(&fs_info->qgroup_rescan_lock);
12326 -+ fs_info->qgroup_rescan_running = false;
12327 -+ mutex_unlock(&fs_info->qgroup_rescan_lock);
12328 - complete_all(&fs_info->qgroup_rescan_completion);
12329 - }
12330 -
12331 -@@ -2486,20 +2493,26 @@ btrfs_qgroup_rescan(struct btrfs_fs_info *fs_info)
12332 - return 0;
12333 - }
12334 -
12335 --int btrfs_qgroup_wait_for_completion(struct btrfs_fs_info *fs_info)
12336 -+int btrfs_qgroup_wait_for_completion(struct btrfs_fs_info *fs_info,
12337 -+ bool interruptible)
12338 - {
12339 - int running;
12340 - int ret = 0;
12341 -
12342 - mutex_lock(&fs_info->qgroup_rescan_lock);
12343 - spin_lock(&fs_info->qgroup_lock);
12344 -- running = fs_info->qgroup_flags & BTRFS_QGROUP_STATUS_FLAG_RESCAN;
12345 -+ running = fs_info->qgroup_rescan_running;
12346 - spin_unlock(&fs_info->qgroup_lock);
12347 - mutex_unlock(&fs_info->qgroup_rescan_lock);
12348 -
12349 -- if (running)
12350 -+ if (!running)
12351 -+ return 0;
12352 -+
12353 -+ if (interruptible)
12354 - ret = wait_for_completion_interruptible(
12355 - &fs_info->qgroup_rescan_completion);
12356 -+ else
12357 -+ wait_for_completion(&fs_info->qgroup_rescan_completion);
12358 -
12359 - return ret;
12360 - }
12361 -diff --git a/fs/btrfs/qgroup.h b/fs/btrfs/qgroup.h
12362 -index ecb2c14..3d73e4c 100644
12363 ---- a/fs/btrfs/qgroup.h
12364 -+++ b/fs/btrfs/qgroup.h
12365 -@@ -46,7 +46,8 @@ int btrfs_quota_disable(struct btrfs_trans_handle *trans,
12366 - struct btrfs_fs_info *fs_info);
12367 - int btrfs_qgroup_rescan(struct btrfs_fs_info *fs_info);
12368 - void btrfs_qgroup_rescan_resume(struct btrfs_fs_info *fs_info);
12369 --int btrfs_qgroup_wait_for_completion(struct btrfs_fs_info *fs_info);
12370 -+int btrfs_qgroup_wait_for_completion(struct btrfs_fs_info *fs_info,
12371 -+ bool interruptible);
12372 - int btrfs_add_qgroup_relation(struct btrfs_trans_handle *trans,
12373 - struct btrfs_fs_info *fs_info, u64 src, u64 dst);
12374 - int btrfs_del_qgroup_relation(struct btrfs_trans_handle *trans,
12375 -diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c
12376 -index f1c3086..3454aa4 100644
12377 ---- a/fs/btrfs/root-tree.c
12378 -+++ b/fs/btrfs/root-tree.c
12379 -@@ -272,6 +272,23 @@ int btrfs_find_orphan_roots(struct btrfs_root *tree_root)
12380 - root_key.objectid = key.offset;
12381 - key.offset++;
12382 -
12383 -+ /*
12384 -+ * The root might have been inserted already, as before we look
12385 -+ * for orphan roots, log replay might have happened, which
12386 -+ * triggers a transaction commit and qgroup accounting, which
12387 -+ * in turn reads and inserts fs roots while doing backref
12388 -+ * walking.
12389 -+ */
12390 -+ root = btrfs_lookup_fs_root(tree_root->fs_info,
12391 -+ root_key.objectid);
12392 -+ if (root) {
12393 -+ WARN_ON(!test_bit(BTRFS_ROOT_ORPHAN_ITEM_INSERTED,
12394 -+ &root->state));
12395 -+ if (btrfs_root_refs(&root->root_item) == 0)
12396 -+ btrfs_add_dead_root(root);
12397 -+ continue;
12398 -+ }
12399 -+
12400 - root = btrfs_read_fs_root(tree_root, &root_key);
12401 - err = PTR_ERR_OR_ZERO(root);
12402 - if (err && err != -ENOENT) {
12403 -@@ -310,16 +327,8 @@ int btrfs_find_orphan_roots(struct btrfs_root *tree_root)
12404 - set_bit(BTRFS_ROOT_ORPHAN_ITEM_INSERTED, &root->state);
12405 -
12406 - err = btrfs_insert_fs_root(root->fs_info, root);
12407 -- /*
12408 -- * The root might have been inserted already, as before we look
12409 -- * for orphan roots, log replay might have happened, which
12410 -- * triggers a transaction commit and qgroup accounting, which
12411 -- * in turn reads and inserts fs roots while doing backref
12412 -- * walking.
12413 -- */
12414 -- if (err == -EEXIST)
12415 -- err = 0;
12416 - if (err) {
12417 -+ BUG_ON(err == -EEXIST);
12418 - btrfs_free_fs_root(root);
12419 - break;
12420 - }
12421 -diff --git a/fs/seq_file.c b/fs/seq_file.c
12422 -index 19f532e..6dc4296 100644
12423 ---- a/fs/seq_file.c
12424 -+++ b/fs/seq_file.c
12425 -@@ -223,8 +223,10 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
12426 - size -= n;
12427 - buf += n;
12428 - copied += n;
12429 -- if (!m->count)
12430 -+ if (!m->count) {
12431 -+ m->from = 0;
12432 - m->index++;
12433 -+ }
12434 - if (!size)
12435 - goto Done;
12436 - }
12437 -diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
12438 -index f35523d..b803213 100644
12439 ---- a/fs/sysfs/file.c
12440 -+++ b/fs/sysfs/file.c
12441 -@@ -114,9 +114,15 @@ static ssize_t sysfs_kf_read(struct kernfs_open_file *of, char *buf,
12442 - * If buf != of->prealloc_buf, we don't know how
12443 - * large it is, so cannot safely pass it to ->show
12444 - */
12445 -- if (pos || WARN_ON_ONCE(buf != of->prealloc_buf))
12446 -+ if (WARN_ON_ONCE(buf != of->prealloc_buf))
12447 - return 0;
12448 - len = ops->show(kobj, of->kn->priv, buf);
12449 -+ if (pos) {
12450 -+ if (len <= pos)
12451 -+ return 0;
12452 -+ len -= pos;
12453 -+ memmove(buf, buf + pos, len);
12454 -+ }
12455 - return min(count, len);
12456 - }
12457 -
12458 -diff --git a/include/linux/acpi.h b/include/linux/acpi.h
12459 -index 288fac5..47f95085 100644
12460 ---- a/include/linux/acpi.h
12461 -+++ b/include/linux/acpi.h
12462 -@@ -985,7 +985,7 @@ static inline struct fwnode_handle *acpi_get_next_subnode(struct device *dev,
12463 - return NULL;
12464 - }
12465 -
12466 --#define ACPI_DECLARE_PROBE_ENTRY(table, name, table_id, subtable, validate, data, fn) \
12467 -+#define ACPI_DECLARE_PROBE_ENTRY(table, name, table_id, subtable, valid, data, fn) \
12468 - static const void * __acpi_table_##name[] \
12469 - __attribute__((unused)) \
12470 - = { (void *) table_id, \
12471 -diff --git a/include/linux/i8042.h b/include/linux/i8042.h
12472 -index 0f9bafa..d98780c 100644
12473 ---- a/include/linux/i8042.h
12474 -+++ b/include/linux/i8042.h
12475 -@@ -62,7 +62,6 @@ struct serio;
12476 - void i8042_lock_chip(void);
12477 - void i8042_unlock_chip(void);
12478 - int i8042_command(unsigned char *param, int command);
12479 --bool i8042_check_port_owner(const struct serio *);
12480 - int i8042_install_filter(bool (*filter)(unsigned char data, unsigned char str,
12481 - struct serio *serio));
12482 - int i8042_remove_filter(bool (*filter)(unsigned char data, unsigned char str,
12483 -@@ -83,11 +82,6 @@ static inline int i8042_command(unsigned char *param, int command)
12484 - return -ENODEV;
12485 - }
12486 -
12487 --static inline bool i8042_check_port_owner(const struct serio *serio)
12488 --{
12489 -- return false;
12490 --}
12491 --
12492 - static inline int i8042_install_filter(bool (*filter)(unsigned char data, unsigned char str,
12493 - struct serio *serio))
12494 - {
12495 -diff --git a/include/linux/mfd/cros_ec.h b/include/linux/mfd/cros_ec.h
12496 -index 64184d2..d641a18 100644
12497 ---- a/include/linux/mfd/cros_ec.h
12498 -+++ b/include/linux/mfd/cros_ec.h
12499 -@@ -226,6 +226,21 @@ int cros_ec_cmd_xfer(struct cros_ec_device *ec_dev,
12500 - struct cros_ec_command *msg);
12501 -
12502 - /**
12503 -+ * cros_ec_cmd_xfer_status - Send a command to the ChromeOS EC
12504 -+ *
12505 -+ * This function is identical to cros_ec_cmd_xfer, except it returns success
12506 -+ * status only if both the command was transmitted successfully and the EC
12507 -+ * replied with success status. It's not necessary to check msg->result when
12508 -+ * using this function.
12509 -+ *
12510 -+ * @ec_dev: EC device
12511 -+ * @msg: Message to write
12512 -+ * @return: Num. of bytes transferred on success, <0 on failure
12513 -+ */
12514 -+int cros_ec_cmd_xfer_status(struct cros_ec_device *ec_dev,
12515 -+ struct cros_ec_command *msg);
12516 -+
12517 -+/**
12518 - * cros_ec_remove - Remove a ChromeOS EC
12519 - *
12520 - * Call this to deregister a ChromeOS EC, then clean up any private data.
12521 -diff --git a/include/linux/msi.h b/include/linux/msi.h
12522 -index 8b425c6..ec39a08 100644
12523 ---- a/include/linux/msi.h
12524 -+++ b/include/linux/msi.h
12525 -@@ -264,12 +264,12 @@ enum {
12526 - * callbacks.
12527 - */
12528 - MSI_FLAG_USE_DEF_CHIP_OPS = (1 << 1),
12529 -- /* Build identity map between hwirq and irq */
12530 -- MSI_FLAG_IDENTITY_MAP = (1 << 2),
12531 - /* Support multiple PCI MSI interrupts */
12532 -- MSI_FLAG_MULTI_PCI_MSI = (1 << 3),
12533 -+ MSI_FLAG_MULTI_PCI_MSI = (1 << 2),
12534 - /* Support PCI MSIX interrupts */
12535 -- MSI_FLAG_PCI_MSIX = (1 << 4),
12536 -+ MSI_FLAG_PCI_MSIX = (1 << 3),
12537 -+ /* Needs early activate, required for PCI */
12538 -+ MSI_FLAG_ACTIVATE_EARLY = (1 << 4),
12539 - };
12540 -
12541 - int msi_domain_set_affinity(struct irq_data *data, const struct cpumask *mask,
12542 -diff --git a/include/linux/serio.h b/include/linux/serio.h
12543 -index df4ab5d..c733cff 100644
12544 ---- a/include/linux/serio.h
12545 -+++ b/include/linux/serio.h
12546 -@@ -31,7 +31,8 @@ struct serio {
12547 -
12548 - struct serio_device_id id;
12549 -
12550 -- spinlock_t lock; /* protects critical sections from port's interrupt handler */
12551 -+ /* Protects critical sections from port's interrupt handler */
12552 -+ spinlock_t lock;
12553 -
12554 - int (*write)(struct serio *, unsigned char);
12555 - int (*open)(struct serio *);
12556 -@@ -40,16 +41,29 @@ struct serio {
12557 - void (*stop)(struct serio *);
12558 -
12559 - struct serio *parent;
12560 -- struct list_head child_node; /* Entry in parent->children list */
12561 -+ /* Entry in parent->children list */
12562 -+ struct list_head child_node;
12563 - struct list_head children;
12564 -- unsigned int depth; /* level of nesting in serio hierarchy */
12565 -+ /* Level of nesting in serio hierarchy */
12566 -+ unsigned int depth;
12567 -
12568 -- struct serio_driver *drv; /* accessed from interrupt, must be protected by serio->lock and serio->sem */
12569 -- struct mutex drv_mutex; /* protects serio->drv so attributes can pin driver */
12570 -+ /*
12571 -+ * serio->drv is accessed from interrupt handlers; when modifying
12572 -+ * caller should acquire serio->drv_mutex and serio->lock.
12573 -+ */
12574 -+ struct serio_driver *drv;
12575 -+ /* Protects serio->drv so attributes can pin current driver */
12576 -+ struct mutex drv_mutex;
12577 -
12578 - struct device dev;
12579 -
12580 - struct list_head node;
12581 -+
12582 -+ /*
12583 -+ * For use by PS/2 layer when several ports share hardware and
12584 -+ * may get indigestion when exposed to concurrent access (i8042).
12585 -+ */
12586 -+ struct mutex *ps2_cmd_mutex;
12587 - };
12588 - #define to_serio_port(d) container_of(d, struct serio, dev)
12589 -
12590 -diff --git a/include/trace/events/timer.h b/include/trace/events/timer.h
12591 -index 5144013..28c5da6 100644
12592 ---- a/include/trace/events/timer.h
12593 -+++ b/include/trace/events/timer.h
12594 -@@ -330,24 +330,32 @@ TRACE_EVENT(itimer_expire,
12595 - #ifdef CONFIG_NO_HZ_COMMON
12596 -
12597 - #define TICK_DEP_NAMES \
12598 -- tick_dep_name(NONE) \
12599 -+ tick_dep_mask_name(NONE) \
12600 - tick_dep_name(POSIX_TIMER) \
12601 - tick_dep_name(PERF_EVENTS) \
12602 - tick_dep_name(SCHED) \
12603 - tick_dep_name_end(CLOCK_UNSTABLE)
12604 -
12605 - #undef tick_dep_name
12606 -+#undef tick_dep_mask_name
12607 - #undef tick_dep_name_end
12608 -
12609 --#define tick_dep_name(sdep) TRACE_DEFINE_ENUM(TICK_DEP_MASK_##sdep);
12610 --#define tick_dep_name_end(sdep) TRACE_DEFINE_ENUM(TICK_DEP_MASK_##sdep);
12611 -+/* The MASK will convert to their bits and they need to be processed too */
12612 -+#define tick_dep_name(sdep) TRACE_DEFINE_ENUM(TICK_DEP_BIT_##sdep); \
12613 -+ TRACE_DEFINE_ENUM(TICK_DEP_MASK_##sdep);
12614 -+#define tick_dep_name_end(sdep) TRACE_DEFINE_ENUM(TICK_DEP_BIT_##sdep); \
12615 -+ TRACE_DEFINE_ENUM(TICK_DEP_MASK_##sdep);
12616 -+/* NONE only has a mask defined for it */
12617 -+#define tick_dep_mask_name(sdep) TRACE_DEFINE_ENUM(TICK_DEP_MASK_##sdep);
12618 -
12619 - TICK_DEP_NAMES
12620 -
12621 - #undef tick_dep_name
12622 -+#undef tick_dep_mask_name
12623 - #undef tick_dep_name_end
12624 -
12625 - #define tick_dep_name(sdep) { TICK_DEP_MASK_##sdep, #sdep },
12626 -+#define tick_dep_mask_name(sdep) { TICK_DEP_MASK_##sdep, #sdep },
12627 - #define tick_dep_name_end(sdep) { TICK_DEP_MASK_##sdep, #sdep }
12628 -
12629 - #define show_tick_dep_name(val) \
12630 -diff --git a/kernel/events/core.c b/kernel/events/core.c
12631 -index 43d43a2d..e68c0a7 100644
12632 ---- a/kernel/events/core.c
12633 -+++ b/kernel/events/core.c
12634 -@@ -242,18 +242,6 @@ unlock:
12635 - return ret;
12636 - }
12637 -
12638 --static void event_function_local(struct perf_event *event, event_f func, void *data)
12639 --{
12640 -- struct event_function_struct efs = {
12641 -- .event = event,
12642 -- .func = func,
12643 -- .data = data,
12644 -- };
12645 --
12646 -- int ret = event_function(&efs);
12647 -- WARN_ON_ONCE(ret);
12648 --}
12649 --
12650 - static void event_function_call(struct perf_event *event, event_f func, void *data)
12651 - {
12652 - struct perf_event_context *ctx = event->ctx;
12653 -@@ -303,6 +291,54 @@ again:
12654 - raw_spin_unlock_irq(&ctx->lock);
12655 - }
12656 -
12657 -+/*
12658 -+ * Similar to event_function_call() + event_function(), but hard assumes IRQs
12659 -+ * are already disabled and we're on the right CPU.
12660 -+ */
12661 -+static void event_function_local(struct perf_event *event, event_f func, void *data)
12662 -+{
12663 -+ struct perf_event_context *ctx = event->ctx;
12664 -+ struct perf_cpu_context *cpuctx = __get_cpu_context(ctx);
12665 -+ struct task_struct *task = READ_ONCE(ctx->task);
12666 -+ struct perf_event_context *task_ctx = NULL;
12667 -+
12668 -+ WARN_ON_ONCE(!irqs_disabled());
12669 -+
12670 -+ if (task) {
12671 -+ if (task == TASK_TOMBSTONE)
12672 -+ return;
12673 -+
12674 -+ task_ctx = ctx;
12675 -+ }
12676 -+
12677 -+ perf_ctx_lock(cpuctx, task_ctx);
12678 -+
12679 -+ task = ctx->task;
12680 -+ if (task == TASK_TOMBSTONE)
12681 -+ goto unlock;
12682 -+
12683 -+ if (task) {
12684 -+ /*
12685 -+ * We must be either inactive or active and the right task,
12686 -+ * otherwise we're screwed, since we cannot IPI to somewhere
12687 -+ * else.
12688 -+ */
12689 -+ if (ctx->is_active) {
12690 -+ if (WARN_ON_ONCE(task != current))
12691 -+ goto unlock;
12692 -+
12693 -+ if (WARN_ON_ONCE(cpuctx->task_ctx != ctx))
12694 -+ goto unlock;
12695 -+ }
12696 -+ } else {
12697 -+ WARN_ON_ONCE(&cpuctx->ctx != ctx);
12698 -+ }
12699 -+
12700 -+ func(event, cpuctx, ctx, data);
12701 -+unlock:
12702 -+ perf_ctx_unlock(cpuctx, task_ctx);
12703 -+}
12704 -+
12705 - #define PERF_FLAG_ALL (PERF_FLAG_FD_NO_GROUP |\
12706 - PERF_FLAG_FD_OUTPUT |\
12707 - PERF_FLAG_PID_CGROUP |\
12708 -diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
12709 -index b7a525a..8c50276 100644
12710 ---- a/kernel/events/uprobes.c
12711 -+++ b/kernel/events/uprobes.c
12712 -@@ -172,8 +172,10 @@ static int __replace_page(struct vm_area_struct *vma, unsigned long addr,
12713 - mmu_notifier_invalidate_range_start(mm, mmun_start, mmun_end);
12714 - err = -EAGAIN;
12715 - ptep = page_check_address(page, mm, addr, &ptl, 0);
12716 -- if (!ptep)
12717 -+ if (!ptep) {
12718 -+ mem_cgroup_cancel_charge(kpage, memcg, false);
12719 - goto unlock;
12720 -+ }
12721 -
12722 - get_page(kpage);
12723 - page_add_new_anon_rmap(kpage, vma, addr, false);
12724 -@@ -200,7 +202,6 @@ static int __replace_page(struct vm_area_struct *vma, unsigned long addr,
12725 -
12726 - err = 0;
12727 - unlock:
12728 -- mem_cgroup_cancel_charge(kpage, memcg, false);
12729 - mmu_notifier_invalidate_range_end(mm, mmun_start, mmun_end);
12730 - unlock_page(page);
12731 - return err;
12732 -diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
12733 -index 38e89ce..0afe671 100644
12734 ---- a/kernel/irq/msi.c
12735 -+++ b/kernel/irq/msi.c
12736 -@@ -324,7 +324,7 @@ int msi_domain_alloc_irqs(struct irq_domain *domain, struct device *dev,
12737 - struct msi_domain_ops *ops = info->ops;
12738 - msi_alloc_info_t arg;
12739 - struct msi_desc *desc;
12740 -- int i, ret, virq = -1;
12741 -+ int i, ret, virq;
12742 -
12743 - ret = msi_domain_prepare_irqs(domain, dev, nvec, &arg);
12744 - if (ret)
12745 -@@ -332,12 +332,8 @@ int msi_domain_alloc_irqs(struct irq_domain *domain, struct device *dev,
12746 -
12747 - for_each_msi_entry(desc, dev) {
12748 - ops->set_desc(&arg, desc);
12749 -- if (info->flags & MSI_FLAG_IDENTITY_MAP)
12750 -- virq = (int)ops->get_hwirq(info, &arg);
12751 -- else
12752 -- virq = -1;
12753 -
12754 -- virq = __irq_domain_alloc_irqs(domain, virq, desc->nvec_used,
12755 -+ virq = __irq_domain_alloc_irqs(domain, -1, desc->nvec_used,
12756 - dev_to_node(dev), &arg, false);
12757 - if (virq < 0) {
12758 - ret = -ENOSPC;
12759 -@@ -361,6 +357,17 @@ int msi_domain_alloc_irqs(struct irq_domain *domain, struct device *dev,
12760 - else
12761 - dev_dbg(dev, "irq [%d-%d] for MSI\n",
12762 - virq, virq + desc->nvec_used - 1);
12763 -+ /*
12764 -+ * This flag is set by the PCI layer as we need to activate
12765 -+ * the MSI entries before the PCI layer enables MSI in the
12766 -+ * card. Otherwise the card latches a random msi message.
12767 -+ */
12768 -+ if (info->flags & MSI_FLAG_ACTIVATE_EARLY) {
12769 -+ struct irq_data *irq_data;
12770 -+
12771 -+ irq_data = irq_domain_get_irq_data(domain, desc->irq);
12772 -+ irq_domain_activate_irq(irq_data);
12773 -+ }
12774 - }
12775 -
12776 - return 0;
12777 -diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c
12778 -index 75f98c5..a24cfb4 100644
12779 ---- a/kernel/sched/cputime.c
12780 -+++ b/kernel/sched/cputime.c
12781 -@@ -603,19 +603,25 @@ static void cputime_adjust(struct task_cputime *curr,
12782 - stime = curr->stime;
12783 - utime = curr->utime;
12784 -
12785 -- if (utime == 0) {
12786 -- stime = rtime;
12787 -+ /*
12788 -+ * If either stime or both stime and utime are 0, assume all runtime is
12789 -+ * userspace. Once a task gets some ticks, the monotonicy code at
12790 -+ * 'update' will ensure things converge to the observed ratio.
12791 -+ */
12792 -+ if (stime == 0) {
12793 -+ utime = rtime;
12794 - goto update;
12795 - }
12796 -
12797 -- if (stime == 0) {
12798 -- utime = rtime;
12799 -+ if (utime == 0) {
12800 -+ stime = rtime;
12801 - goto update;
12802 - }
12803 -
12804 - stime = scale_stime((__force u64)stime, (__force u64)rtime,
12805 - (__force u64)(stime + utime));
12806 -
12807 -+update:
12808 - /*
12809 - * Make sure stime doesn't go backwards; this preserves monotonicity
12810 - * for utime because rtime is monotonic.
12811 -@@ -638,7 +644,6 @@ static void cputime_adjust(struct task_cputime *curr,
12812 - stime = rtime - utime;
12813 - }
12814 -
12815 --update:
12816 - prev->stime = stime;
12817 - prev->utime = utime;
12818 - out:
12819 -diff --git a/mm/huge_memory.c b/mm/huge_memory.c
12820 -index 343a2b7..07f2825 100644
12821 ---- a/mm/huge_memory.c
12822 -+++ b/mm/huge_memory.c
12823 -@@ -2872,7 +2872,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
12824 - struct page *page;
12825 - pgtable_t pgtable;
12826 - pmd_t _pmd;
12827 -- bool young, write, dirty;
12828 -+ bool young, write, dirty, soft_dirty;
12829 - unsigned long addr;
12830 - int i;
12831 -
12832 -@@ -2898,6 +2898,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
12833 - write = pmd_write(*pmd);
12834 - young = pmd_young(*pmd);
12835 - dirty = pmd_dirty(*pmd);
12836 -+ soft_dirty = pmd_soft_dirty(*pmd);
12837 -
12838 - pmdp_huge_split_prepare(vma, haddr, pmd);
12839 - pgtable = pgtable_trans_huge_withdraw(mm, pmd);
12840 -@@ -2914,6 +2915,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
12841 - swp_entry_t swp_entry;
12842 - swp_entry = make_migration_entry(page + i, write);
12843 - entry = swp_entry_to_pte(swp_entry);
12844 -+ if (soft_dirty)
12845 -+ entry = pte_swp_mksoft_dirty(entry);
12846 - } else {
12847 - entry = mk_pte(page + i, vma->vm_page_prot);
12848 - entry = maybe_mkwrite(entry, vma);
12849 -@@ -2921,6 +2924,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
12850 - entry = pte_wrprotect(entry);
12851 - if (!young)
12852 - entry = pte_mkold(entry);
12853 -+ if (soft_dirty)
12854 -+ entry = pte_mksoft_dirty(entry);
12855 - }
12856 - if (dirty)
12857 - SetPageDirty(page + i);
12858 -diff --git a/mm/readahead.c b/mm/readahead.c
12859 -index 40be3ae..7f9f8c3 100644
12860 ---- a/mm/readahead.c
12861 -+++ b/mm/readahead.c
12862 -@@ -8,6 +8,7 @@
12863 - */
12864 -
12865 - #include <linux/kernel.h>
12866 -+#include <linux/dax.h>
12867 - #include <linux/gfp.h>
12868 - #include <linux/export.h>
12869 - #include <linux/blkdev.h>
12870 -@@ -545,6 +546,14 @@ do_readahead(struct address_space *mapping, struct file *filp,
12871 - if (!mapping || !mapping->a_ops)
12872 - return -EINVAL;
12873 -
12874 -+ /*
12875 -+ * Readahead doesn't make sense for DAX inodes, but we don't want it
12876 -+ * to report a failure either. Instead, we just return success and
12877 -+ * don't do any work.
12878 -+ */
12879 -+ if (dax_mapping(mapping))
12880 -+ return 0;
12881 -+
12882 - return force_page_cache_readahead(mapping, filp, index, nr);
12883 - }
12884 -
12885 -diff --git a/mm/slub.c b/mm/slub.c
12886 -index 825ff45..7a6d268 100644
12887 ---- a/mm/slub.c
12888 -+++ b/mm/slub.c
12889 -@@ -3479,6 +3479,7 @@ static void list_slab_objects(struct kmem_cache *s, struct page *page,
12890 - */
12891 - static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n)
12892 - {
12893 -+ LIST_HEAD(discard);
12894 - struct page *page, *h;
12895 -
12896 - BUG_ON(irqs_disabled());
12897 -@@ -3486,13 +3487,16 @@ static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n)
12898 - list_for_each_entry_safe(page, h, &n->partial, lru) {
12899 - if (!page->inuse) {
12900 - remove_partial(n, page);
12901 -- discard_slab(s, page);
12902 -+ list_add(&page->lru, &discard);
12903 - } else {
12904 - list_slab_objects(s, page,
12905 - "Objects remaining in %s on __kmem_cache_shutdown()");
12906 - }
12907 - }
12908 - spin_unlock_irq(&n->list_lock);
12909 -+
12910 -+ list_for_each_entry_safe(page, h, &discard, lru)
12911 -+ discard_slab(s, page);
12912 - }
12913 -
12914 - /*
12915 -diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
12916 -index 0c12e40..8cc49c0 100644
12917 ---- a/net/mac80211/cfg.c
12918 -+++ b/net/mac80211/cfg.c
12919 -@@ -869,7 +869,7 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
12920 -
12921 - /* free all potentially still buffered bcast frames */
12922 - local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps.bc_buf);
12923 -- skb_queue_purge(&sdata->u.ap.ps.bc_buf);
12924 -+ ieee80211_purge_tx_queue(&local->hw, &sdata->u.ap.ps.bc_buf);
12925 -
12926 - mutex_lock(&local->mtx);
12927 - ieee80211_vif_copy_chanctx_to_vlans(sdata, true);
12928 -diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
12929 -index 2030443..8bad2ad 100644
12930 ---- a/net/mac80211/tx.c
12931 -+++ b/net/mac80211/tx.c
12932 -@@ -365,7 +365,7 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
12933 - skb = skb_dequeue(&ps->bc_buf);
12934 - if (skb) {
12935 - purged++;
12936 -- dev_kfree_skb(skb);
12937 -+ ieee80211_free_txskb(&local->hw, skb);
12938 - }
12939 - total += skb_queue_len(&ps->bc_buf);
12940 - }
12941 -@@ -448,7 +448,7 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
12942 - if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
12943 - ps_dbg(tx->sdata,
12944 - "BC TX buffer full - dropping the oldest frame\n");
12945 -- dev_kfree_skb(skb_dequeue(&ps->bc_buf));
12946 -+ ieee80211_free_txskb(&tx->local->hw, skb_dequeue(&ps->bc_buf));
12947 - } else
12948 - tx->local->total_ps_buffered++;
12949 -
12950 -@@ -4055,7 +4055,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
12951 - sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
12952 - if (!ieee80211_tx_prepare(sdata, &tx, NULL, skb))
12953 - break;
12954 -- dev_kfree_skb_any(skb);
12955 -+ ieee80211_free_txskb(hw, skb);
12956 - }
12957 -
12958 - info = IEEE80211_SKB_CB(skb);
12959 -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
12960 -index e64ae93..bf4b0e9 100644
12961 ---- a/net/sunrpc/auth_gss/auth_gss.c
12962 -+++ b/net/sunrpc/auth_gss/auth_gss.c
12963 -@@ -340,12 +340,14 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
12964 - }
12965 -
12966 - static struct gss_upcall_msg *
12967 --__gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid)
12968 -+__gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth)
12969 - {
12970 - struct gss_upcall_msg *pos;
12971 - list_for_each_entry(pos, &pipe->in_downcall, list) {
12972 - if (!uid_eq(pos->uid, uid))
12973 - continue;
12974 -+ if (auth && pos->auth->service != auth->service)
12975 -+ continue;
12976 - atomic_inc(&pos->count);
12977 - dprintk("RPC: %s found msg %p\n", __func__, pos);
12978 - return pos;
12979 -@@ -365,7 +367,7 @@ gss_add_msg(struct gss_upcall_msg *gss_msg)
12980 - struct gss_upcall_msg *old;
12981 -
12982 - spin_lock(&pipe->lock);
12983 -- old = __gss_find_upcall(pipe, gss_msg->uid);
12984 -+ old = __gss_find_upcall(pipe, gss_msg->uid, gss_msg->auth);
12985 - if (old == NULL) {
12986 - atomic_inc(&gss_msg->count);
12987 - list_add(&gss_msg->list, &pipe->in_downcall);
12988 -@@ -714,7 +716,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
12989 - err = -ENOENT;
12990 - /* Find a matching upcall */
12991 - spin_lock(&pipe->lock);
12992 -- gss_msg = __gss_find_upcall(pipe, uid);
12993 -+ gss_msg = __gss_find_upcall(pipe, uid, NULL);
12994 - if (gss_msg == NULL) {
12995 - spin_unlock(&pipe->lock);
12996 - goto err_put_ctx;
12997 -diff --git a/net/sunrpc/xprtmultipath.c b/net/sunrpc/xprtmultipath.c
12998 -index e7fd769..66c9d63 100644
12999 ---- a/net/sunrpc/xprtmultipath.c
13000 -+++ b/net/sunrpc/xprtmultipath.c
13001 -@@ -271,14 +271,12 @@ struct rpc_xprt *xprt_iter_next_entry_multiple(struct rpc_xprt_iter *xpi,
13002 - xprt_switch_find_xprt_t find_next)
13003 - {
13004 - struct rpc_xprt_switch *xps = rcu_dereference(xpi->xpi_xpswitch);
13005 -- struct list_head *head;
13006 -
13007 - if (xps == NULL)
13008 - return NULL;
13009 -- head = &xps->xps_xprt_list;
13010 -- if (xps->xps_nxprts < 2)
13011 -- return xprt_switch_find_first_entry(head);
13012 -- return xprt_switch_set_next_cursor(head, &xpi->xpi_cursor, find_next);
13013 -+ return xprt_switch_set_next_cursor(&xps->xps_xprt_list,
13014 -+ &xpi->xpi_cursor,
13015 -+ find_next);
13016 - }
13017 -
13018 - static
13019 -diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
13020 -index 7e2b2fa..167cf59 100644
13021 ---- a/net/sunrpc/xprtsock.c
13022 -+++ b/net/sunrpc/xprtsock.c
13023 -@@ -2278,6 +2278,10 @@ static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
13024 - /* SYN_SENT! */
13025 - if (xprt->reestablish_timeout < XS_TCP_INIT_REEST_TO)
13026 - xprt->reestablish_timeout = XS_TCP_INIT_REEST_TO;
13027 -+ break;
13028 -+ case -EADDRNOTAVAIL:
13029 -+ /* Source port number is unavailable. Try a new one! */
13030 -+ transport->srcport = 0;
13031 - }
13032 - out:
13033 - return ret;
13034 -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
13035 -index 89dacf9..160c7f7 100644
13036 ---- a/sound/pci/hda/hda_intel.c
13037 -+++ b/sound/pci/hda/hda_intel.c
13038 -@@ -906,20 +906,23 @@ static int azx_resume(struct device *dev)
13039 - struct snd_card *card = dev_get_drvdata(dev);
13040 - struct azx *chip;
13041 - struct hda_intel *hda;
13042 -+ struct hdac_bus *bus;
13043 -
13044 - if (!card)
13045 - return 0;
13046 -
13047 - chip = card->private_data;
13048 - hda = container_of(chip, struct hda_intel, chip);
13049 -+ bus = azx_bus(chip);
13050 - if (chip->disabled || hda->init_failed || !chip->running)
13051 - return 0;
13052 -
13053 -- if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL
13054 -- && hda->need_i915_power) {
13055 -- snd_hdac_display_power(azx_bus(chip), true);
13056 -- snd_hdac_i915_set_bclk(azx_bus(chip));
13057 -+ if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL) {
13058 -+ snd_hdac_display_power(bus, true);
13059 -+ if (hda->need_i915_power)
13060 -+ snd_hdac_i915_set_bclk(bus);
13061 - }
13062 -+
13063 - if (chip->msi)
13064 - if (pci_enable_msi(pci) < 0)
13065 - chip->msi = 0;
13066 -@@ -929,6 +932,11 @@ static int azx_resume(struct device *dev)
13067 -
13068 - hda_intel_init_chip(chip, true);
13069 -
13070 -+ /* power down again for link-controlled chips */
13071 -+ if ((chip->driver_caps & AZX_DCAPS_I915_POWERWELL) &&
13072 -+ !hda->need_i915_power)
13073 -+ snd_hdac_display_power(bus, false);
13074 -+
13075 - snd_power_change_state(card, SNDRV_CTL_POWER_D0);
13076 -
13077 - trace_azx_resume(chip);
13078 -@@ -1008,6 +1016,7 @@ static int azx_runtime_resume(struct device *dev)
13079 -
13080 - chip = card->private_data;
13081 - hda = container_of(chip, struct hda_intel, chip);
13082 -+ bus = azx_bus(chip);
13083 - if (chip->disabled || hda->init_failed)
13084 - return 0;
13085 -
13086 -@@ -1015,15 +1024,9 @@ static int azx_runtime_resume(struct device *dev)
13087 - return 0;
13088 -
13089 - if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL) {
13090 -- bus = azx_bus(chip);
13091 -- if (hda->need_i915_power) {
13092 -- snd_hdac_display_power(bus, true);
13093 -+ snd_hdac_display_power(bus, true);
13094 -+ if (hda->need_i915_power)
13095 - snd_hdac_i915_set_bclk(bus);
13096 -- } else {
13097 -- /* toggle codec wakeup bit for STATESTS read */
13098 -- snd_hdac_set_codec_wakeup(bus, true);
13099 -- snd_hdac_set_codec_wakeup(bus, false);
13100 -- }
13101 - }
13102 -
13103 - /* Read STATESTS before controller reset */
13104 -@@ -1043,6 +1046,11 @@ static int azx_runtime_resume(struct device *dev)
13105 - azx_writew(chip, WAKEEN, azx_readw(chip, WAKEEN) &
13106 - ~STATESTS_INT_MASK);
13107 -
13108 -+ /* power down again for link-controlled chips */
13109 -+ if ((chip->driver_caps & AZX_DCAPS_I915_POWERWELL) &&
13110 -+ !hda->need_i915_power)
13111 -+ snd_hdac_display_power(bus, false);
13112 -+
13113 - trace_azx_runtime_resume(chip);
13114 - return 0;
13115 - }
13116 -diff --git a/sound/usb/line6/pcm.c b/sound/usb/line6/pcm.c
13117 -index 204cc07..41aa335 100644
13118 ---- a/sound/usb/line6/pcm.c
13119 -+++ b/sound/usb/line6/pcm.c
13120 -@@ -55,7 +55,6 @@ static int snd_line6_impulse_volume_put(struct snd_kcontrol *kcontrol,
13121 - err = line6_pcm_acquire(line6pcm, LINE6_STREAM_IMPULSE);
13122 - if (err < 0) {
13123 - line6pcm->impulse_volume = 0;
13124 -- line6_pcm_release(line6pcm, LINE6_STREAM_IMPULSE);
13125 - return err;
13126 - }
13127 - } else {
13128 -@@ -211,7 +210,9 @@ static void line6_stream_stop(struct snd_line6_pcm *line6pcm, int direction,
13129 - spin_lock_irqsave(&pstr->lock, flags);
13130 - clear_bit(type, &pstr->running);
13131 - if (!pstr->running) {
13132 -+ spin_unlock_irqrestore(&pstr->lock, flags);
13133 - line6_unlink_audio_urbs(line6pcm, pstr);
13134 -+ spin_lock_irqsave(&pstr->lock, flags);
13135 - if (direction == SNDRV_PCM_STREAM_CAPTURE) {
13136 - line6pcm->prev_fbuf = NULL;
13137 - line6pcm->prev_fsize = 0;
13138 -diff --git a/sound/usb/line6/pod.c b/sound/usb/line6/pod.c
13139 -index daf81d1..45dd348 100644
13140 ---- a/sound/usb/line6/pod.c
13141 -+++ b/sound/usb/line6/pod.c
13142 -@@ -244,8 +244,8 @@ static int pod_set_system_param_int(struct usb_line6_pod *pod, int value,
13143 - static ssize_t serial_number_show(struct device *dev,
13144 - struct device_attribute *attr, char *buf)
13145 - {
13146 -- struct usb_interface *interface = to_usb_interface(dev);
13147 -- struct usb_line6_pod *pod = usb_get_intfdata(interface);
13148 -+ struct snd_card *card = dev_to_snd_card(dev);
13149 -+ struct usb_line6_pod *pod = card->private_data;
13150 -
13151 - return sprintf(buf, "%u\n", pod->serial_number);
13152 - }
13153 -@@ -256,8 +256,8 @@ static ssize_t serial_number_show(struct device *dev,
13154 - static ssize_t firmware_version_show(struct device *dev,
13155 - struct device_attribute *attr, char *buf)
13156 - {
13157 -- struct usb_interface *interface = to_usb_interface(dev);
13158 -- struct usb_line6_pod *pod = usb_get_intfdata(interface);
13159 -+ struct snd_card *card = dev_to_snd_card(dev);
13160 -+ struct usb_line6_pod *pod = card->private_data;
13161 -
13162 - return sprintf(buf, "%d.%02d\n", pod->firmware_version / 100,
13163 - pod->firmware_version % 100);
13164 -@@ -269,8 +269,8 @@ static ssize_t firmware_version_show(struct device *dev,
13165 - static ssize_t device_id_show(struct device *dev,
13166 - struct device_attribute *attr, char *buf)
13167 - {
13168 -- struct usb_interface *interface = to_usb_interface(dev);
13169 -- struct usb_line6_pod *pod = usb_get_intfdata(interface);
13170 -+ struct snd_card *card = dev_to_snd_card(dev);
13171 -+ struct usb_line6_pod *pod = card->private_data;
13172 -
13173 - return sprintf(buf, "%d\n", pod->device_id);
13174 - }
13175 -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
13176 -index 6adde45..6cf1f35 100644
13177 ---- a/sound/usb/quirks.c
13178 -+++ b/sound/usb/quirks.c
13179 -@@ -1128,6 +1128,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
13180 - {
13181 - /* devices which do not support reading the sample rate. */
13182 - switch (chip->usb_id) {
13183 -+ case USB_ID(0x041E, 0x4080): /* Creative Live Cam VF0610 */
13184 - case USB_ID(0x045E, 0x075D): /* MS Lifecam Cinema */
13185 - case USB_ID(0x045E, 0x076D): /* MS Lifecam HD-5000 */
13186 - case USB_ID(0x045E, 0x076E): /* MS Lifecam HD-5001 */
13187 -@@ -1138,6 +1139,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
13188 - case USB_ID(0x047F, 0xAA05): /* Plantronics DA45 */
13189 - case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */
13190 - case USB_ID(0x0556, 0x0014): /* Phoenix Audio TMX320VC */
13191 -+ case USB_ID(0x05A3, 0x9420): /* ELP HD USB Camera */
13192 - case USB_ID(0x074D, 0x3553): /* Outlaw RR2150 (Micronas UAC3553B) */
13193 - case USB_ID(0x1de7, 0x0013): /* Phoenix Audio MT202exe */
13194 - case USB_ID(0x1de7, 0x0014): /* Phoenix Audio TMX320 */
13195 -diff --git a/tools/perf/arch/x86/util/intel-pt.c b/tools/perf/arch/x86/util/intel-pt.c
13196 -index a07b960..853b26d 100644
13197 ---- a/tools/perf/arch/x86/util/intel-pt.c
13198 -+++ b/tools/perf/arch/x86/util/intel-pt.c
13199 -@@ -501,7 +501,7 @@ static int intel_pt_recording_options(struct auxtrace_record *itr,
13200 - struct intel_pt_recording *ptr =
13201 - container_of(itr, struct intel_pt_recording, itr);
13202 - struct perf_pmu *intel_pt_pmu = ptr->intel_pt_pmu;
13203 -- bool have_timing_info;
13204 -+ bool have_timing_info, need_immediate = false;
13205 - struct perf_evsel *evsel, *intel_pt_evsel = NULL;
13206 - const struct cpu_map *cpus = evlist->cpus;
13207 - bool privileged = geteuid() == 0 || perf_event_paranoid() < 0;
13208 -@@ -655,6 +655,7 @@ static int intel_pt_recording_options(struct auxtrace_record *itr,
13209 - ptr->have_sched_switch = 3;
13210 - } else {
13211 - opts->record_switch_events = true;
13212 -+ need_immediate = true;
13213 - if (cpu_wide)
13214 - ptr->have_sched_switch = 3;
13215 - else
13216 -@@ -700,6 +701,9 @@ static int intel_pt_recording_options(struct auxtrace_record *itr,
13217 - tracking_evsel->attr.freq = 0;
13218 - tracking_evsel->attr.sample_period = 1;
13219 -
13220 -+ if (need_immediate)
13221 -+ tracking_evsel->immediate = true;
13222 -+
13223 - /* In per-cpu case, always need the time of mmap events etc */
13224 - if (!cpu_map__empty(cpus)) {
13225 - perf_evsel__set_sample_bit(tracking_evsel, TIME);
13226 -diff --git a/tools/perf/builtin-mem.c b/tools/perf/builtin-mem.c
13227 -index 1dc140c..3f02bea10 100644
13228 ---- a/tools/perf/builtin-mem.c
13229 -+++ b/tools/perf/builtin-mem.c
13230 -@@ -87,6 +87,9 @@ static int __cmd_record(int argc, const char **argv, struct perf_mem *mem)
13231 - if (mem->operation & MEM_OPERATION_LOAD)
13232 - perf_mem_events[PERF_MEM_EVENTS__LOAD].record = true;
13233 -
13234 -+ if (mem->operation & MEM_OPERATION_STORE)
13235 -+ perf_mem_events[PERF_MEM_EVENTS__STORE].record = true;
13236 -+
13237 - if (perf_mem_events[PERF_MEM_EVENTS__LOAD].record)
13238 - rec_argv[i++] = "-W";
13239 -
13240 -diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
13241 -index 87a297d..c33efb9 100644
13242 ---- a/tools/perf/util/symbol-elf.c
13243 -+++ b/tools/perf/util/symbol-elf.c
13244 -@@ -827,7 +827,8 @@ int dso__load_sym(struct dso *dso, struct map *map,
13245 - sec = syms_ss->symtab;
13246 - shdr = syms_ss->symshdr;
13247 -
13248 -- if (elf_section_by_name(elf, &ehdr, &tshdr, ".text", NULL))
13249 -+ if (elf_section_by_name(runtime_ss->elf, &runtime_ss->ehdr, &tshdr,
13250 -+ ".text", NULL))
13251 - dso->text_offset = tshdr.sh_addr - tshdr.sh_offset;
13252 -
13253 - if (runtime_ss->opdsec)
13254 -diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c
13255 -index c919866..1bfacc8 100644
13256 ---- a/tools/testing/nvdimm/test/nfit.c
13257 -+++ b/tools/testing/nvdimm/test/nfit.c
13258 -@@ -13,6 +13,7 @@
13259 - #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13260 - #include <linux/platform_device.h>
13261 - #include <linux/dma-mapping.h>
13262 -+#include <linux/workqueue.h>
13263 - #include <linux/libnvdimm.h>
13264 - #include <linux/vmalloc.h>
13265 - #include <linux/device.h>
13266 -@@ -1480,6 +1481,7 @@ static int nfit_test_probe(struct platform_device *pdev)
13267 - if (nfit_test->setup != nfit_test0_setup)
13268 - return 0;
13269 -
13270 -+ flush_work(&acpi_desc->work);
13271 - nfit_test->setup_hotplug = 1;
13272 - nfit_test->setup(nfit_test);
13273 -
13274
13275 diff --git a/4.7.4/1003_linux-4.7.4.patch b/4.7.4/1003_linux-4.7.4.patch
13276 deleted file mode 100644
13277 index af6c1d4..0000000
13278 --- a/4.7.4/1003_linux-4.7.4.patch
13279 +++ /dev/null
13280 @@ -1,2424 +0,0 @@
13281 -diff --git a/Makefile b/Makefile
13282 -index 4afff18..ec3bd11 100644
13283 ---- a/Makefile
13284 -+++ b/Makefile
13285 -@@ -1,6 +1,6 @@
13286 - VERSION = 4
13287 - PATCHLEVEL = 7
13288 --SUBLEVEL = 3
13289 -+SUBLEVEL = 4
13290 - EXTRAVERSION =
13291 - NAME = Psychotic Stoned Sheep
13292 -
13293 -diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
13294 -index 60078a6..b15e1c1 100644
13295 ---- a/arch/x86/kernel/apic/apic.c
13296 -+++ b/arch/x86/kernel/apic/apic.c
13297 -@@ -1597,6 +1597,9 @@ void __init enable_IR_x2apic(void)
13298 - unsigned long flags;
13299 - int ret, ir_stat;
13300 -
13301 -+ if (skip_ioapic_setup)
13302 -+ return;
13303 -+
13304 - ir_stat = irq_remapping_prepare();
13305 - if (ir_stat < 0 && !x2apic_supported())
13306 - return;
13307 -diff --git a/block/blk-core.c b/block/blk-core.c
13308 -index 2475b1c7..b993f88 100644
13309 ---- a/block/blk-core.c
13310 -+++ b/block/blk-core.c
13311 -@@ -515,7 +515,9 @@ EXPORT_SYMBOL_GPL(blk_queue_bypass_end);
13312 -
13313 - void blk_set_queue_dying(struct request_queue *q)
13314 - {
13315 -- queue_flag_set_unlocked(QUEUE_FLAG_DYING, q);
13316 -+ spin_lock_irq(q->queue_lock);
13317 -+ queue_flag_set(QUEUE_FLAG_DYING, q);
13318 -+ spin_unlock_irq(q->queue_lock);
13319 -
13320 - if (q->mq_ops)
13321 - blk_mq_wake_waiters(q);
13322 -diff --git a/block/blk-merge.c b/block/blk-merge.c
13323 -index 2613531..bea9344 100644
13324 ---- a/block/blk-merge.c
13325 -+++ b/block/blk-merge.c
13326 -@@ -94,9 +94,31 @@ static struct bio *blk_bio_segment_split(struct request_queue *q,
13327 - bool do_split = true;
13328 - struct bio *new = NULL;
13329 - const unsigned max_sectors = get_max_io_size(q, bio);
13330 -+ unsigned bvecs = 0;
13331 -
13332 - bio_for_each_segment(bv, bio, iter) {
13333 - /*
13334 -+ * With arbitrary bio size, the incoming bio may be very
13335 -+ * big. We have to split the bio into small bios so that
13336 -+ * each holds at most BIO_MAX_PAGES bvecs because
13337 -+ * bio_clone() can fail to allocate big bvecs.
13338 -+ *
13339 -+ * It should have been better to apply the limit per
13340 -+ * request queue in which bio_clone() is involved,
13341 -+ * instead of globally. The biggest blocker is the
13342 -+ * bio_clone() in bio bounce.
13343 -+ *
13344 -+ * If bio is splitted by this reason, we should have
13345 -+ * allowed to continue bios merging, but don't do
13346 -+ * that now for making the change simple.
13347 -+ *
13348 -+ * TODO: deal with bio bounce's bio_clone() gracefully
13349 -+ * and convert the global limit into per-queue limit.
13350 -+ */
13351 -+ if (bvecs++ >= BIO_MAX_PAGES)
13352 -+ goto split;
13353 -+
13354 -+ /*
13355 - * If the queue doesn't support SG gaps and adding this
13356 - * offset would create a gap, disallow it.
13357 - */
13358 -diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
13359 -index 84708a5..b206115 100644
13360 ---- a/drivers/block/floppy.c
13361 -+++ b/drivers/block/floppy.c
13362 -@@ -3663,11 +3663,6 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
13363 -
13364 - opened_bdev[drive] = bdev;
13365 -
13366 -- if (!(mode & (FMODE_READ|FMODE_WRITE))) {
13367 -- res = -EINVAL;
13368 -- goto out;
13369 -- }
13370 --
13371 - res = -ENXIO;
13372 -
13373 - if (!floppy_track_buffer) {
13374 -@@ -3711,20 +3706,21 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
13375 - if (UFDCS->rawcmd == 1)
13376 - UFDCS->rawcmd = 2;
13377 -
13378 -- UDRS->last_checked = 0;
13379 -- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
13380 -- check_disk_change(bdev);
13381 -- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
13382 -- goto out;
13383 -- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
13384 -- goto out;
13385 --
13386 -- res = -EROFS;
13387 --
13388 -- if ((mode & FMODE_WRITE) &&
13389 -- !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags))
13390 -- goto out;
13391 --
13392 -+ if (!(mode & FMODE_NDELAY)) {
13393 -+ if (mode & (FMODE_READ|FMODE_WRITE)) {
13394 -+ UDRS->last_checked = 0;
13395 -+ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
13396 -+ check_disk_change(bdev);
13397 -+ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
13398 -+ goto out;
13399 -+ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
13400 -+ goto out;
13401 -+ }
13402 -+ res = -EROFS;
13403 -+ if ((mode & FMODE_WRITE) &&
13404 -+ !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags))
13405 -+ goto out;
13406 -+ }
13407 - mutex_unlock(&open_lock);
13408 - mutex_unlock(&floppy_mutex);
13409 - return 0;
13410 -diff --git a/drivers/cpufreq/cpufreq-dt-platdev.c b/drivers/cpufreq/cpufreq-dt-platdev.c
13411 -index 0bb44d5..2ee40fd 100644
13412 ---- a/drivers/cpufreq/cpufreq-dt-platdev.c
13413 -+++ b/drivers/cpufreq/cpufreq-dt-platdev.c
13414 -@@ -74,6 +74,8 @@ static const struct of_device_id machines[] __initconst = {
13415 - { .compatible = "ti,omap5", },
13416 -
13417 - { .compatible = "xlnx,zynq-7000", },
13418 -+
13419 -+ { }
13420 - };
13421 -
13422 - static int __init cpufreq_dt_platdev_init(void)
13423 -diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
13424 -index 6dc5971..b304421 100644
13425 ---- a/drivers/crypto/caam/caamalg.c
13426 -+++ b/drivers/crypto/caam/caamalg.c
13427 -@@ -556,7 +556,10 @@ skip_enc:
13428 -
13429 - /* Read and write assoclen bytes */
13430 - append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ);
13431 -- append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
13432 -+ if (alg->caam.geniv)
13433 -+ append_math_add_imm_u32(desc, VARSEQOUTLEN, REG3, IMM, ivsize);
13434 -+ else
13435 -+ append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
13436 -
13437 - /* Skip assoc data */
13438 - append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF);
13439 -@@ -565,6 +568,14 @@ skip_enc:
13440 - append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS2 | FIFOLD_TYPE_MSG |
13441 - KEY_VLF);
13442 -
13443 -+ if (alg->caam.geniv) {
13444 -+ append_seq_load(desc, ivsize, LDST_CLASS_1_CCB |
13445 -+ LDST_SRCDST_BYTE_CONTEXT |
13446 -+ (ctx1_iv_off << LDST_OFFSET_SHIFT));
13447 -+ append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO |
13448 -+ (ctx1_iv_off << MOVE_OFFSET_SHIFT) | ivsize);
13449 -+ }
13450 -+
13451 - /* Load Counter into CONTEXT1 reg */
13452 - if (is_rfc3686)
13453 - append_load_imm_u32(desc, be32_to_cpu(1), LDST_IMM |
13454 -@@ -2150,7 +2161,7 @@ static void init_authenc_job(struct aead_request *req,
13455 -
13456 - init_aead_job(req, edesc, all_contig, encrypt);
13457 -
13458 -- if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
13459 -+ if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv))
13460 - append_load_as_imm(desc, req->iv, ivsize,
13461 - LDST_CLASS_1_CCB |
13462 - LDST_SRCDST_BYTE_CONTEXT |
13463 -@@ -2537,20 +2548,6 @@ static int aead_decrypt(struct aead_request *req)
13464 - return ret;
13465 - }
13466 -
13467 --static int aead_givdecrypt(struct aead_request *req)
13468 --{
13469 -- struct crypto_aead *aead = crypto_aead_reqtfm(req);
13470 -- unsigned int ivsize = crypto_aead_ivsize(aead);
13471 --
13472 -- if (req->cryptlen < ivsize)
13473 -- return -EINVAL;
13474 --
13475 -- req->cryptlen -= ivsize;
13476 -- req->assoclen += ivsize;
13477 --
13478 -- return aead_decrypt(req);
13479 --}
13480 --
13481 - /*
13482 - * allocate and map the ablkcipher extended descriptor for ablkcipher
13483 - */
13484 -@@ -3210,7 +3207,7 @@ static struct caam_aead_alg driver_aeads[] = {
13485 - .setkey = aead_setkey,
13486 - .setauthsize = aead_setauthsize,
13487 - .encrypt = aead_encrypt,
13488 -- .decrypt = aead_givdecrypt,
13489 -+ .decrypt = aead_decrypt,
13490 - .ivsize = AES_BLOCK_SIZE,
13491 - .maxauthsize = MD5_DIGEST_SIZE,
13492 - },
13493 -@@ -3256,7 +3253,7 @@ static struct caam_aead_alg driver_aeads[] = {
13494 - .setkey = aead_setkey,
13495 - .setauthsize = aead_setauthsize,
13496 - .encrypt = aead_encrypt,
13497 -- .decrypt = aead_givdecrypt,
13498 -+ .decrypt = aead_decrypt,
13499 - .ivsize = AES_BLOCK_SIZE,
13500 - .maxauthsize = SHA1_DIGEST_SIZE,
13501 - },
13502 -@@ -3302,7 +3299,7 @@ static struct caam_aead_alg driver_aeads[] = {
13503 - .setkey = aead_setkey,
13504 - .setauthsize = aead_setauthsize,
13505 - .encrypt = aead_encrypt,
13506 -- .decrypt = aead_givdecrypt,
13507 -+ .decrypt = aead_decrypt,
13508 - .ivsize = AES_BLOCK_SIZE,
13509 - .maxauthsize = SHA224_DIGEST_SIZE,
13510 - },
13511 -@@ -3348,7 +3345,7 @@ static struct caam_aead_alg driver_aeads[] = {
13512 - .setkey = aead_setkey,
13513 - .setauthsize = aead_setauthsize,
13514 - .encrypt = aead_encrypt,
13515 -- .decrypt = aead_givdecrypt,
13516 -+ .decrypt = aead_decrypt,
13517 - .ivsize = AES_BLOCK_SIZE,
13518 - .maxauthsize = SHA256_DIGEST_SIZE,
13519 - },
13520 -@@ -3394,7 +3391,7 @@ static struct caam_aead_alg driver_aeads[] = {
13521 - .setkey = aead_setkey,
13522 - .setauthsize = aead_setauthsize,
13523 - .encrypt = aead_encrypt,
13524 -- .decrypt = aead_givdecrypt,
13525 -+ .decrypt = aead_decrypt,
13526 - .ivsize = AES_BLOCK_SIZE,
13527 - .maxauthsize = SHA384_DIGEST_SIZE,
13528 - },
13529 -@@ -3440,7 +3437,7 @@ static struct caam_aead_alg driver_aeads[] = {
13530 - .setkey = aead_setkey,
13531 - .setauthsize = aead_setauthsize,
13532 - .encrypt = aead_encrypt,
13533 -- .decrypt = aead_givdecrypt,
13534 -+ .decrypt = aead_decrypt,
13535 - .ivsize = AES_BLOCK_SIZE,
13536 - .maxauthsize = SHA512_DIGEST_SIZE,
13537 - },
13538 -@@ -3486,7 +3483,7 @@ static struct caam_aead_alg driver_aeads[] = {
13539 - .setkey = aead_setkey,
13540 - .setauthsize = aead_setauthsize,
13541 - .encrypt = aead_encrypt,
13542 -- .decrypt = aead_givdecrypt,
13543 -+ .decrypt = aead_decrypt,
13544 - .ivsize = DES3_EDE_BLOCK_SIZE,
13545 - .maxauthsize = MD5_DIGEST_SIZE,
13546 - },
13547 -@@ -3534,7 +3531,7 @@ static struct caam_aead_alg driver_aeads[] = {
13548 - .setkey = aead_setkey,
13549 - .setauthsize = aead_setauthsize,
13550 - .encrypt = aead_encrypt,
13551 -- .decrypt = aead_givdecrypt,
13552 -+ .decrypt = aead_decrypt,
13553 - .ivsize = DES3_EDE_BLOCK_SIZE,
13554 - .maxauthsize = SHA1_DIGEST_SIZE,
13555 - },
13556 -@@ -3582,7 +3579,7 @@ static struct caam_aead_alg driver_aeads[] = {
13557 - .setkey = aead_setkey,
13558 - .setauthsize = aead_setauthsize,
13559 - .encrypt = aead_encrypt,
13560 -- .decrypt = aead_givdecrypt,
13561 -+ .decrypt = aead_decrypt,
13562 - .ivsize = DES3_EDE_BLOCK_SIZE,
13563 - .maxauthsize = SHA224_DIGEST_SIZE,
13564 - },
13565 -@@ -3630,7 +3627,7 @@ static struct caam_aead_alg driver_aeads[] = {
13566 - .setkey = aead_setkey,
13567 - .setauthsize = aead_setauthsize,
13568 - .encrypt = aead_encrypt,
13569 -- .decrypt = aead_givdecrypt,
13570 -+ .decrypt = aead_decrypt,
13571 - .ivsize = DES3_EDE_BLOCK_SIZE,
13572 - .maxauthsize = SHA256_DIGEST_SIZE,
13573 - },
13574 -@@ -3678,7 +3675,7 @@ static struct caam_aead_alg driver_aeads[] = {
13575 - .setkey = aead_setkey,
13576 - .setauthsize = aead_setauthsize,
13577 - .encrypt = aead_encrypt,
13578 -- .decrypt = aead_givdecrypt,
13579 -+ .decrypt = aead_decrypt,
13580 - .ivsize = DES3_EDE_BLOCK_SIZE,
13581 - .maxauthsize = SHA384_DIGEST_SIZE,
13582 - },
13583 -@@ -3726,7 +3723,7 @@ static struct caam_aead_alg driver_aeads[] = {
13584 - .setkey = aead_setkey,
13585 - .setauthsize = aead_setauthsize,
13586 - .encrypt = aead_encrypt,
13587 -- .decrypt = aead_givdecrypt,
13588 -+ .decrypt = aead_decrypt,
13589 - .ivsize = DES3_EDE_BLOCK_SIZE,
13590 - .maxauthsize = SHA512_DIGEST_SIZE,
13591 - },
13592 -@@ -3772,7 +3769,7 @@ static struct caam_aead_alg driver_aeads[] = {
13593 - .setkey = aead_setkey,
13594 - .setauthsize = aead_setauthsize,
13595 - .encrypt = aead_encrypt,
13596 -- .decrypt = aead_givdecrypt,
13597 -+ .decrypt = aead_decrypt,
13598 - .ivsize = DES_BLOCK_SIZE,
13599 - .maxauthsize = MD5_DIGEST_SIZE,
13600 - },
13601 -@@ -3818,7 +3815,7 @@ static struct caam_aead_alg driver_aeads[] = {
13602 - .setkey = aead_setkey,
13603 - .setauthsize = aead_setauthsize,
13604 - .encrypt = aead_encrypt,
13605 -- .decrypt = aead_givdecrypt,
13606 -+ .decrypt = aead_decrypt,
13607 - .ivsize = DES_BLOCK_SIZE,
13608 - .maxauthsize = SHA1_DIGEST_SIZE,
13609 - },
13610 -@@ -3864,7 +3861,7 @@ static struct caam_aead_alg driver_aeads[] = {
13611 - .setkey = aead_setkey,
13612 - .setauthsize = aead_setauthsize,
13613 - .encrypt = aead_encrypt,
13614 -- .decrypt = aead_givdecrypt,
13615 -+ .decrypt = aead_decrypt,
13616 - .ivsize = DES_BLOCK_SIZE,
13617 - .maxauthsize = SHA224_DIGEST_SIZE,
13618 - },
13619 -@@ -3910,7 +3907,7 @@ static struct caam_aead_alg driver_aeads[] = {
13620 - .setkey = aead_setkey,
13621 - .setauthsize = aead_setauthsize,
13622 - .encrypt = aead_encrypt,
13623 -- .decrypt = aead_givdecrypt,
13624 -+ .decrypt = aead_decrypt,
13625 - .ivsize = DES_BLOCK_SIZE,
13626 - .maxauthsize = SHA256_DIGEST_SIZE,
13627 - },
13628 -@@ -3956,7 +3953,7 @@ static struct caam_aead_alg driver_aeads[] = {
13629 - .setkey = aead_setkey,
13630 - .setauthsize = aead_setauthsize,
13631 - .encrypt = aead_encrypt,
13632 -- .decrypt = aead_givdecrypt,
13633 -+ .decrypt = aead_decrypt,
13634 - .ivsize = DES_BLOCK_SIZE,
13635 - .maxauthsize = SHA384_DIGEST_SIZE,
13636 - },
13637 -@@ -4002,7 +3999,7 @@ static struct caam_aead_alg driver_aeads[] = {
13638 - .setkey = aead_setkey,
13639 - .setauthsize = aead_setauthsize,
13640 - .encrypt = aead_encrypt,
13641 -- .decrypt = aead_givdecrypt,
13642 -+ .decrypt = aead_decrypt,
13643 - .ivsize = DES_BLOCK_SIZE,
13644 - .maxauthsize = SHA512_DIGEST_SIZE,
13645 - },
13646 -@@ -4051,7 +4048,7 @@ static struct caam_aead_alg driver_aeads[] = {
13647 - .setkey = aead_setkey,
13648 - .setauthsize = aead_setauthsize,
13649 - .encrypt = aead_encrypt,
13650 -- .decrypt = aead_givdecrypt,
13651 -+ .decrypt = aead_decrypt,
13652 - .ivsize = CTR_RFC3686_IV_SIZE,
13653 - .maxauthsize = MD5_DIGEST_SIZE,
13654 - },
13655 -@@ -4102,7 +4099,7 @@ static struct caam_aead_alg driver_aeads[] = {
13656 - .setkey = aead_setkey,
13657 - .setauthsize = aead_setauthsize,
13658 - .encrypt = aead_encrypt,
13659 -- .decrypt = aead_givdecrypt,
13660 -+ .decrypt = aead_decrypt,
13661 - .ivsize = CTR_RFC3686_IV_SIZE,
13662 - .maxauthsize = SHA1_DIGEST_SIZE,
13663 - },
13664 -@@ -4153,7 +4150,7 @@ static struct caam_aead_alg driver_aeads[] = {
13665 - .setkey = aead_setkey,
13666 - .setauthsize = aead_setauthsize,
13667 - .encrypt = aead_encrypt,
13668 -- .decrypt = aead_givdecrypt,
13669 -+ .decrypt = aead_decrypt,
13670 - .ivsize = CTR_RFC3686_IV_SIZE,
13671 - .maxauthsize = SHA224_DIGEST_SIZE,
13672 - },
13673 -@@ -4204,7 +4201,7 @@ static struct caam_aead_alg driver_aeads[] = {
13674 - .setkey = aead_setkey,
13675 - .setauthsize = aead_setauthsize,
13676 - .encrypt = aead_encrypt,
13677 -- .decrypt = aead_givdecrypt,
13678 -+ .decrypt = aead_decrypt,
13679 - .ivsize = CTR_RFC3686_IV_SIZE,
13680 - .maxauthsize = SHA256_DIGEST_SIZE,
13681 - },
13682 -@@ -4255,7 +4252,7 @@ static struct caam_aead_alg driver_aeads[] = {
13683 - .setkey = aead_setkey,
13684 - .setauthsize = aead_setauthsize,
13685 - .encrypt = aead_encrypt,
13686 -- .decrypt = aead_givdecrypt,
13687 -+ .decrypt = aead_decrypt,
13688 - .ivsize = CTR_RFC3686_IV_SIZE,
13689 - .maxauthsize = SHA384_DIGEST_SIZE,
13690 - },
13691 -@@ -4306,7 +4303,7 @@ static struct caam_aead_alg driver_aeads[] = {
13692 - .setkey = aead_setkey,
13693 - .setauthsize = aead_setauthsize,
13694 - .encrypt = aead_encrypt,
13695 -- .decrypt = aead_givdecrypt,
13696 -+ .decrypt = aead_decrypt,
13697 - .ivsize = CTR_RFC3686_IV_SIZE,
13698 - .maxauthsize = SHA512_DIGEST_SIZE,
13699 - },
13700 -diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
13701 -index 9bb99e2..79a05a3 100644
13702 ---- a/drivers/gpu/drm/drm_atomic.c
13703 -+++ b/drivers/gpu/drm/drm_atomic.c
13704 -@@ -465,7 +465,7 @@ int drm_atomic_crtc_set_property(struct drm_crtc *crtc,
13705 - val,
13706 - -1,
13707 - &replaced);
13708 -- state->color_mgmt_changed = replaced;
13709 -+ state->color_mgmt_changed |= replaced;
13710 - return ret;
13711 - } else if (property == config->ctm_property) {
13712 - ret = drm_atomic_replace_property_blob_from_id(crtc,
13713 -@@ -473,7 +473,7 @@ int drm_atomic_crtc_set_property(struct drm_crtc *crtc,
13714 - val,
13715 - sizeof(struct drm_color_ctm),
13716 - &replaced);
13717 -- state->color_mgmt_changed = replaced;
13718 -+ state->color_mgmt_changed |= replaced;
13719 - return ret;
13720 - } else if (property == config->gamma_lut_property) {
13721 - ret = drm_atomic_replace_property_blob_from_id(crtc,
13722 -@@ -481,7 +481,7 @@ int drm_atomic_crtc_set_property(struct drm_crtc *crtc,
13723 - val,
13724 - -1,
13725 - &replaced);
13726 -- state->color_mgmt_changed = replaced;
13727 -+ state->color_mgmt_changed |= replaced;
13728 - return ret;
13729 - } else if (crtc->funcs->atomic_set_property)
13730 - return crtc->funcs->atomic_set_property(crtc, state, property, val);
13731 -diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
13732 -index 0e3cc66..a5cae1b 100644
13733 ---- a/drivers/gpu/drm/drm_crtc.c
13734 -+++ b/drivers/gpu/drm/drm_crtc.c
13735 -@@ -5312,6 +5312,9 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev,
13736 - struct drm_pending_vblank_event *e = NULL;
13737 - int ret = -EINVAL;
13738 -
13739 -+ if (!drm_core_check_feature(dev, DRIVER_MODESET))
13740 -+ return -EINVAL;
13741 -+
13742 - if (page_flip->flags & ~DRM_MODE_PAGE_FLIP_FLAGS ||
13743 - page_flip->reserved != 0)
13744 - return -EINVAL;
13745 -diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
13746 -index eb4bb8b..eb515f0 100644
13747 ---- a/drivers/gpu/drm/msm/msm_gem_submit.c
13748 -+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
13749 -@@ -62,6 +62,14 @@ void msm_gem_submit_free(struct msm_gem_submit *submit)
13750 - kfree(submit);
13751 - }
13752 -
13753 -+static inline unsigned long __must_check
13754 -+copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
13755 -+{
13756 -+ if (access_ok(VERIFY_READ, from, n))
13757 -+ return __copy_from_user_inatomic(to, from, n);
13758 -+ return -EFAULT;
13759 -+}
13760 -+
13761 - static int submit_lookup_objects(struct msm_gem_submit *submit,
13762 - struct drm_msm_gem_submit *args, struct drm_file *file)
13763 - {
13764 -@@ -69,6 +77,7 @@ static int submit_lookup_objects(struct msm_gem_submit *submit,
13765 - int ret = 0;
13766 -
13767 - spin_lock(&file->table_lock);
13768 -+ pagefault_disable();
13769 -
13770 - for (i = 0; i < args->nr_bos; i++) {
13771 - struct drm_msm_gem_submit_bo submit_bo;
13772 -@@ -82,10 +91,15 @@ static int submit_lookup_objects(struct msm_gem_submit *submit,
13773 - */
13774 - submit->bos[i].flags = 0;
13775 -
13776 -- ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo));
13777 -- if (ret) {
13778 -- ret = -EFAULT;
13779 -- goto out_unlock;
13780 -+ ret = copy_from_user_inatomic(&submit_bo, userptr, sizeof(submit_bo));
13781 -+ if (unlikely(ret)) {
13782 -+ pagefault_enable();
13783 -+ spin_unlock(&file->table_lock);
13784 -+ ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo));
13785 -+ if (ret)
13786 -+ goto out;
13787 -+ spin_lock(&file->table_lock);
13788 -+ pagefault_disable();
13789 - }
13790 -
13791 - if (submit_bo.flags & ~MSM_SUBMIT_BO_FLAGS) {
13792 -@@ -125,9 +139,12 @@ static int submit_lookup_objects(struct msm_gem_submit *submit,
13793 - }
13794 -
13795 - out_unlock:
13796 -- submit->nr_bos = i;
13797 -+ pagefault_enable();
13798 - spin_unlock(&file->table_lock);
13799 -
13800 -+out:
13801 -+ submit->nr_bos = i;
13802 -+
13803 - return ret;
13804 - }
13805 -
13806 -diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c
13807 -index 259cd6e..17e3454 100644
13808 ---- a/drivers/gpu/drm/radeon/atombios_crtc.c
13809 -+++ b/drivers/gpu/drm/radeon/atombios_crtc.c
13810 -@@ -627,7 +627,9 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc,
13811 - if (radeon_crtc->ss.refdiv) {
13812 - radeon_crtc->pll_flags |= RADEON_PLL_USE_REF_DIV;
13813 - radeon_crtc->pll_reference_div = radeon_crtc->ss.refdiv;
13814 -- if (rdev->family >= CHIP_RV770)
13815 -+ if (ASIC_IS_AVIVO(rdev) &&
13816 -+ rdev->family != CHIP_RS780 &&
13817 -+ rdev->family != CHIP_RS880)
13818 - radeon_crtc->pll_flags |= RADEON_PLL_USE_FRAC_FB_DIV;
13819 - }
13820 - }
13821 -diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
13822 -index 590b037..0ab76dd 100644
13823 ---- a/drivers/gpu/drm/radeon/radeon_ttm.c
13824 -+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
13825 -@@ -263,8 +263,8 @@ static int radeon_move_blit(struct ttm_buffer_object *bo,
13826 -
13827 - rdev = radeon_get_rdev(bo->bdev);
13828 - ridx = radeon_copy_ring_index(rdev);
13829 -- old_start = old_mem->start << PAGE_SHIFT;
13830 -- new_start = new_mem->start << PAGE_SHIFT;
13831 -+ old_start = (u64)old_mem->start << PAGE_SHIFT;
13832 -+ new_start = (u64)new_mem->start << PAGE_SHIFT;
13833 -
13834 - switch (old_mem->mem_type) {
13835 - case TTM_PL_VRAM:
13836 -diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h
13837 -index 37cac59..2e24616 100644
13838 ---- a/drivers/gpu/drm/vc4/vc4_drv.h
13839 -+++ b/drivers/gpu/drm/vc4/vc4_drv.h
13840 -@@ -321,6 +321,15 @@ vc4_first_render_job(struct vc4_dev *vc4)
13841 - struct vc4_exec_info, head);
13842 - }
13843 -
13844 -+static inline struct vc4_exec_info *
13845 -+vc4_last_render_job(struct vc4_dev *vc4)
13846 -+{
13847 -+ if (list_empty(&vc4->render_job_list))
13848 -+ return NULL;
13849 -+ return list_last_entry(&vc4->render_job_list,
13850 -+ struct vc4_exec_info, head);
13851 -+}
13852 -+
13853 - /**
13854 - * struct vc4_texture_sample_info - saves the offsets into the UBO for texture
13855 - * setup parameters.
13856 -diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
13857 -index 46899d6..78ab08e 100644
13858 ---- a/drivers/gpu/drm/vc4/vc4_gem.c
13859 -+++ b/drivers/gpu/drm/vc4/vc4_gem.c
13860 -@@ -574,8 +574,8 @@ vc4_cl_lookup_bos(struct drm_device *dev,
13861 - spin_unlock(&file_priv->table_lock);
13862 -
13863 - fail:
13864 -- kfree(handles);
13865 -- return 0;
13866 -+ drm_free_large(handles);
13867 -+ return ret;
13868 - }
13869 -
13870 - static int
13871 -diff --git a/drivers/gpu/drm/vc4/vc4_irq.c b/drivers/gpu/drm/vc4/vc4_irq.c
13872 -index b0104a34..094bc6a 100644
13873 ---- a/drivers/gpu/drm/vc4/vc4_irq.c
13874 -+++ b/drivers/gpu/drm/vc4/vc4_irq.c
13875 -@@ -83,8 +83,10 @@ vc4_overflow_mem_work(struct work_struct *work)
13876 -
13877 - spin_lock_irqsave(&vc4->job_lock, irqflags);
13878 - current_exec = vc4_first_bin_job(vc4);
13879 -+ if (!current_exec)
13880 -+ current_exec = vc4_last_render_job(vc4);
13881 - if (current_exec) {
13882 -- vc4->overflow_mem->seqno = vc4->finished_seqno + 1;
13883 -+ vc4->overflow_mem->seqno = current_exec->seqno;
13884 - list_add_tail(&vc4->overflow_mem->unref_head,
13885 - &current_exec->unref_list);
13886 - vc4->overflow_mem = NULL;
13887 -diff --git a/drivers/irqchip/irq-mips-gic.c b/drivers/irqchip/irq-mips-gic.c
13888 -index 70ed1d0..d3ef0fc 100644
13889 ---- a/drivers/irqchip/irq-mips-gic.c
13890 -+++ b/drivers/irqchip/irq-mips-gic.c
13891 -@@ -713,9 +713,6 @@ static int gic_shared_irq_domain_map(struct irq_domain *d, unsigned int virq,
13892 - unsigned long flags;
13893 - int i;
13894 -
13895 -- irq_set_chip_and_handler(virq, &gic_level_irq_controller,
13896 -- handle_level_irq);
13897 --
13898 - spin_lock_irqsave(&gic_lock, flags);
13899 - gic_map_to_pin(intr, gic_cpu_pin);
13900 - gic_map_to_vpe(intr, mips_cm_vp_id(vpe));
13901 -@@ -732,6 +729,10 @@ static int gic_irq_domain_map(struct irq_domain *d, unsigned int virq,
13902 - {
13903 - if (GIC_HWIRQ_TO_LOCAL(hw) < GIC_NUM_LOCAL_INTRS)
13904 - return gic_local_irq_domain_map(d, virq, hw);
13905 -+
13906 -+ irq_set_chip_and_handler(virq, &gic_level_irq_controller,
13907 -+ handle_level_irq);
13908 -+
13909 - return gic_shared_irq_domain_map(d, virq, hw, 0);
13910 - }
13911 -
13912 -@@ -771,11 +772,13 @@ static int gic_irq_domain_alloc(struct irq_domain *d, unsigned int virq,
13913 - hwirq = GIC_SHARED_TO_HWIRQ(base_hwirq + i);
13914 -
13915 - ret = irq_domain_set_hwirq_and_chip(d, virq + i, hwirq,
13916 -- &gic_edge_irq_controller,
13917 -+ &gic_level_irq_controller,
13918 - NULL);
13919 - if (ret)
13920 - goto error;
13921 -
13922 -+ irq_set_handler(virq + i, handle_level_irq);
13923 -+
13924 - ret = gic_shared_irq_domain_map(d, virq + i, hwirq, cpu);
13925 - if (ret)
13926 - goto error;
13927 -@@ -890,10 +893,17 @@ void gic_dev_domain_free(struct irq_domain *d, unsigned int virq,
13928 - return;
13929 - }
13930 -
13931 -+static void gic_dev_domain_activate(struct irq_domain *domain,
13932 -+ struct irq_data *d)
13933 -+{
13934 -+ gic_shared_irq_domain_map(domain, d->irq, d->hwirq, 0);
13935 -+}
13936 -+
13937 - static struct irq_domain_ops gic_dev_domain_ops = {
13938 - .xlate = gic_dev_domain_xlate,
13939 - .alloc = gic_dev_domain_alloc,
13940 - .free = gic_dev_domain_free,
13941 -+ .activate = gic_dev_domain_activate,
13942 - };
13943 -
13944 - static int gic_ipi_domain_xlate(struct irq_domain *d, struct device_node *ctrlr,
13945 -diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
13946 -index f5dbb4e..5d3b231 100644
13947 ---- a/drivers/md/bcache/super.c
13948 -+++ b/drivers/md/bcache/super.c
13949 -@@ -1818,7 +1818,7 @@ static int cache_alloc(struct cache_sb *sb, struct cache *ca)
13950 - free = roundup_pow_of_two(ca->sb.nbuckets) >> 10;
13951 -
13952 - if (!init_fifo(&ca->free[RESERVE_BTREE], 8, GFP_KERNEL) ||
13953 -- !init_fifo(&ca->free[RESERVE_PRIO], prio_buckets(ca), GFP_KERNEL) ||
13954 -+ !init_fifo_exact(&ca->free[RESERVE_PRIO], prio_buckets(ca), GFP_KERNEL) ||
13955 - !init_fifo(&ca->free[RESERVE_MOVINGGC], free, GFP_KERNEL) ||
13956 - !init_fifo(&ca->free[RESERVE_NONE], free, GFP_KERNEL) ||
13957 - !init_fifo(&ca->free_inc, free << 2, GFP_KERNEL) ||
13958 -diff --git a/drivers/misc/mei/hw-me.c b/drivers/misc/mei/hw-me.c
13959 -index e2fb44c..dc3a854 100644
13960 ---- a/drivers/misc/mei/hw-me.c
13961 -+++ b/drivers/misc/mei/hw-me.c
13962 -@@ -1263,8 +1263,14 @@ static bool mei_me_fw_type_nm(struct pci_dev *pdev)
13963 - static bool mei_me_fw_type_sps(struct pci_dev *pdev)
13964 - {
13965 - u32 reg;
13966 -- /* Read ME FW Status check for SPS Firmware */
13967 -- pci_read_config_dword(pdev, PCI_CFG_HFS_1, &reg);
13968 -+ unsigned int devfn;
13969 -+
13970 -+ /*
13971 -+ * Read ME FW Status register to check for SPS Firmware
13972 -+ * The SPS FW is only signaled in pci function 0
13973 -+ */
13974 -+ devfn = PCI_DEVFN(PCI_SLOT(pdev->devfn), 0);
13975 -+ pci_bus_read_config_dword(pdev->bus, devfn, PCI_CFG_HFS_1, &reg);
13976 - trace_mei_pci_cfg_read(&pdev->dev, "PCI_CFG_HFS_1", PCI_CFG_HFS_1, reg);
13977 - /* if bits [19:16] = 15, running SPS Firmware */
13978 - return (reg & 0xf0000) == 0xf0000;
13979 -diff --git a/drivers/misc/mei/pci-me.c b/drivers/misc/mei/pci-me.c
13980 -index 64e64da..71cea9b 100644
13981 ---- a/drivers/misc/mei/pci-me.c
13982 -+++ b/drivers/misc/mei/pci-me.c
13983 -@@ -85,8 +85,8 @@ static const struct pci_device_id mei_me_pci_tbl[] = {
13984 -
13985 - {MEI_PCI_DEVICE(MEI_DEV_ID_SPT, mei_me_pch8_cfg)},
13986 - {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_2, mei_me_pch8_cfg)},
13987 -- {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H, mei_me_pch8_cfg)},
13988 -- {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H_2, mei_me_pch8_cfg)},
13989 -+ {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H, mei_me_pch8_sps_cfg)},
13990 -+ {MEI_PCI_DEVICE(MEI_DEV_ID_SPT_H_2, mei_me_pch8_sps_cfg)},
13991 -
13992 - {MEI_PCI_DEVICE(MEI_DEV_ID_BXT_M, mei_me_pch8_cfg)},
13993 - {MEI_PCI_DEVICE(MEI_DEV_ID_APL_I, mei_me_pch8_cfg)},
13994 -diff --git a/drivers/scsi/constants.c b/drivers/scsi/constants.c
13995 -index 83458f7..6dc96c8 100644
13996 ---- a/drivers/scsi/constants.c
13997 -+++ b/drivers/scsi/constants.c
13998 -@@ -361,8 +361,9 @@ static const char * const snstext[] = {
13999 -
14000 - /* Get sense key string or NULL if not available */
14001 - const char *
14002 --scsi_sense_key_string(unsigned char key) {
14003 -- if (key <= 0xE)
14004 -+scsi_sense_key_string(unsigned char key)
14005 -+{
14006 -+ if (key < ARRAY_SIZE(snstext))
14007 - return snstext[key];
14008 - return NULL;
14009 - }
14010 -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
14011 -index 0a4d54a..591e520 100644
14012 ---- a/drivers/usb/class/cdc-acm.c
14013 -+++ b/drivers/usb/class/cdc-acm.c
14014 -@@ -1196,6 +1196,8 @@ static int acm_probe(struct usb_interface *intf,
14015 - }
14016 -
14017 - if (!buflen) {
14018 -+ if (!intf->cur_altsetting || !intf->cur_altsetting->endpoint)
14019 -+ return -EINVAL;
14020 - if (intf->cur_altsetting->endpoint &&
14021 - intf->cur_altsetting->endpoint->extralen &&
14022 - intf->cur_altsetting->endpoint->extra) {
14023 -@@ -1276,6 +1278,8 @@ next_desc:
14024 - data_interface = usb_ifnum_to_if(usb_dev, (data_interface_num = call_interface_num));
14025 - control_interface = intf;
14026 - } else {
14027 -+ if (!intf->cur_altsetting)
14028 -+ return -ENODEV;
14029 - if (intf->cur_altsetting->desc.bNumEndpoints != 3) {
14030 - dev_dbg(&intf->dev,"No union descriptor, giving up\n");
14031 - return -ENODEV;
14032 -@@ -1305,15 +1309,22 @@ next_desc:
14033 - combined_interfaces = 1;
14034 - /* a popular other OS doesn't use it */
14035 - quirks |= NO_CAP_LINE;
14036 -+ if (!data_interface->cur_altsetting)
14037 -+ return -EINVAL;
14038 - if (data_interface->cur_altsetting->desc.bNumEndpoints != 3) {
14039 - dev_err(&intf->dev, "This needs exactly 3 endpoints\n");
14040 - return -EINVAL;
14041 - }
14042 - look_for_collapsed_interface:
14043 -+ if (!data_interface->cur_altsetting)
14044 -+ return -EINVAL;
14045 - for (i = 0; i < 3; i++) {
14046 - struct usb_endpoint_descriptor *ep;
14047 - ep = &data_interface->cur_altsetting->endpoint[i].desc;
14048 -
14049 -+ if (!ep)
14050 -+ return -ENODEV;
14051 -+
14052 - if (usb_endpoint_is_int_in(ep))
14053 - epctrl = ep;
14054 - else if (usb_endpoint_is_bulk_out(ep))
14055 -@@ -1332,8 +1343,12 @@ look_for_collapsed_interface:
14056 - skip_normal_probe:
14057 -
14058 - /*workaround for switched interfaces */
14059 -+ if (!data_interface->cur_altsetting)
14060 -+ return -EINVAL;
14061 - if (data_interface->cur_altsetting->desc.bInterfaceClass
14062 - != CDC_DATA_INTERFACE_TYPE) {
14063 -+ if (!control_interface->cur_altsetting)
14064 -+ return -EINVAL;
14065 - if (control_interface->cur_altsetting->desc.bInterfaceClass
14066 - == CDC_DATA_INTERFACE_TYPE) {
14067 - dev_dbg(&intf->dev,
14068 -@@ -1356,6 +1371,7 @@ skip_normal_probe:
14069 -
14070 -
14071 - if (data_interface->cur_altsetting->desc.bNumEndpoints < 2 ||
14072 -+ !control_interface->cur_altsetting ||
14073 - control_interface->cur_altsetting->desc.bNumEndpoints == 0)
14074 - return -EINVAL;
14075 -
14076 -@@ -1363,6 +1379,8 @@ skip_normal_probe:
14077 - epread = &data_interface->cur_altsetting->endpoint[0].desc;
14078 - epwrite = &data_interface->cur_altsetting->endpoint[1].desc;
14079 -
14080 -+ if (!epctrl || !epread || !epwrite)
14081 -+ return -ENODEV;
14082 -
14083 - /* workaround for switched endpoints */
14084 - if (!usb_endpoint_dir_in(epread)) {
14085 -diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c
14086 -index 9d6320e..6e29d05 100644
14087 ---- a/drivers/vhost/scsi.c
14088 -+++ b/drivers/vhost/scsi.c
14089 -@@ -88,7 +88,7 @@ struct vhost_scsi_cmd {
14090 - struct scatterlist *tvc_prot_sgl;
14091 - struct page **tvc_upages;
14092 - /* Pointer to response header iovec */
14093 -- struct iovec *tvc_resp_iov;
14094 -+ struct iovec tvc_resp_iov;
14095 - /* Pointer to vhost_scsi for our device */
14096 - struct vhost_scsi *tvc_vhost;
14097 - /* Pointer to vhost_virtqueue for the cmd */
14098 -@@ -547,7 +547,7 @@ static void vhost_scsi_complete_cmd_work(struct vhost_work *work)
14099 - memcpy(v_rsp.sense, cmd->tvc_sense_buf,
14100 - se_cmd->scsi_sense_length);
14101 -
14102 -- iov_iter_init(&iov_iter, READ, cmd->tvc_resp_iov,
14103 -+ iov_iter_init(&iov_iter, READ, &cmd->tvc_resp_iov,
14104 - cmd->tvc_in_iovs, sizeof(v_rsp));
14105 - ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter);
14106 - if (likely(ret == sizeof(v_rsp))) {
14107 -@@ -1044,7 +1044,7 @@ vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
14108 - }
14109 - cmd->tvc_vhost = vs;
14110 - cmd->tvc_vq = vq;
14111 -- cmd->tvc_resp_iov = &vq->iov[out];
14112 -+ cmd->tvc_resp_iov = vq->iov[out];
14113 - cmd->tvc_in_iovs = in;
14114 -
14115 - pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n",
14116 -diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c
14117 -index 7487971..c1010f01 100644
14118 ---- a/drivers/xen/xenbus/xenbus_dev_frontend.c
14119 -+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
14120 -@@ -316,7 +316,7 @@ static int xenbus_write_transaction(unsigned msg_type,
14121 - rc = -ENOMEM;
14122 - goto out;
14123 - }
14124 -- } else {
14125 -+ } else if (msg_type == XS_TRANSACTION_END) {
14126 - list_for_each_entry(trans, &u->transactions, list)
14127 - if (trans->handle.id == u->u.msg.tx_id)
14128 - break;
14129 -diff --git a/fs/block_dev.c b/fs/block_dev.c
14130 -index 71ccab1..b1495fa 100644
14131 ---- a/fs/block_dev.c
14132 -+++ b/fs/block_dev.c
14133 -@@ -659,7 +659,7 @@ static struct dentry *bd_mount(struct file_system_type *fs_type,
14134 - {
14135 - struct dentry *dent;
14136 - dent = mount_pseudo(fs_type, "bdev:", &bdev_sops, NULL, BDEVFS_MAGIC);
14137 -- if (dent)
14138 -+ if (!IS_ERR(dent))
14139 - dent->d_sb->s_iflags |= SB_I_CGROUPWB;
14140 - return dent;
14141 - }
14142 -diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
14143 -index 0f9961e..f96547f 100644
14144 ---- a/fs/crypto/policy.c
14145 -+++ b/fs/crypto/policy.c
14146 -@@ -95,10 +95,15 @@ static int create_encryption_context_from_policy(struct inode *inode,
14147 - int fscrypt_process_policy(struct inode *inode,
14148 - const struct fscrypt_policy *policy)
14149 - {
14150 -+ if (!inode_owner_or_capable(inode))
14151 -+ return -EACCES;
14152 -+
14153 - if (policy->version != 0)
14154 - return -EINVAL;
14155 -
14156 - if (!inode_has_encryption_context(inode)) {
14157 -+ if (!S_ISDIR(inode->i_mode))
14158 -+ return -EINVAL;
14159 - if (!inode->i_sb->s_cop->empty_dir)
14160 - return -EOPNOTSUPP;
14161 - if (!inode->i_sb->s_cop->empty_dir(inode))
14162 -diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
14163 -index ad05069..8a9feb3 100644
14164 ---- a/fs/ext4/crypto_policy.c
14165 -+++ b/fs/ext4/crypto_policy.c
14166 -@@ -102,6 +102,9 @@ static int ext4_create_encryption_context_from_policy(
14167 - int ext4_process_policy(const struct ext4_encryption_policy *policy,
14168 - struct inode *inode)
14169 - {
14170 -+ if (!inode_owner_or_capable(inode))
14171 -+ return -EACCES;
14172 -+
14173 - if (policy->version != 0)
14174 - return -EINVAL;
14175 -
14176 -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
14177 -index b747ec0..ea628af 100644
14178 ---- a/fs/ext4/inode.c
14179 -+++ b/fs/ext4/inode.c
14180 -@@ -51,25 +51,31 @@ static __u32 ext4_inode_csum(struct inode *inode, struct ext4_inode *raw,
14181 - struct ext4_inode_info *ei)
14182 - {
14183 - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
14184 -- __u16 csum_lo;
14185 -- __u16 csum_hi = 0;
14186 - __u32 csum;
14187 -+ __u16 dummy_csum = 0;
14188 -+ int offset = offsetof(struct ext4_inode, i_checksum_lo);
14189 -+ unsigned int csum_size = sizeof(dummy_csum);
14190 -
14191 -- csum_lo = le16_to_cpu(raw->i_checksum_lo);
14192 -- raw->i_checksum_lo = 0;
14193 -- if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE &&
14194 -- EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) {
14195 -- csum_hi = le16_to_cpu(raw->i_checksum_hi);
14196 -- raw->i_checksum_hi = 0;
14197 -- }
14198 -+ csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw, offset);
14199 -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, csum_size);
14200 -+ offset += csum_size;
14201 -+ csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset,
14202 -+ EXT4_GOOD_OLD_INODE_SIZE - offset);
14203 -
14204 -- csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw,
14205 -- EXT4_INODE_SIZE(inode->i_sb));
14206 --
14207 -- raw->i_checksum_lo = cpu_to_le16(csum_lo);
14208 -- if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE &&
14209 -- EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi))
14210 -- raw->i_checksum_hi = cpu_to_le16(csum_hi);
14211 -+ if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) {
14212 -+ offset = offsetof(struct ext4_inode, i_checksum_hi);
14213 -+ csum = ext4_chksum(sbi, csum, (__u8 *)raw +
14214 -+ EXT4_GOOD_OLD_INODE_SIZE,
14215 -+ offset - EXT4_GOOD_OLD_INODE_SIZE);
14216 -+ if (EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) {
14217 -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum,
14218 -+ csum_size);
14219 -+ offset += csum_size;
14220 -+ csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset,
14221 -+ EXT4_INODE_SIZE(inode->i_sb) -
14222 -+ offset);
14223 -+ }
14224 -+ }
14225 -
14226 - return csum;
14227 - }
14228 -@@ -5460,8 +5466,6 @@ int ext4_mark_inode_dirty(handle_t *handle, struct inode *inode)
14229 - sbi->s_want_extra_isize,
14230 - iloc, handle);
14231 - if (ret) {
14232 -- ext4_set_inode_state(inode,
14233 -- EXT4_STATE_NO_EXPAND);
14234 - if (mnt_count !=
14235 - le16_to_cpu(sbi->s_es->s_mnt_count)) {
14236 - ext4_warning(inode->i_sb,
14237 -diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
14238 -index ec4c399..5bb46b6 100644
14239 ---- a/fs/ext4/namei.c
14240 -+++ b/fs/ext4/namei.c
14241 -@@ -420,15 +420,14 @@ static __le32 ext4_dx_csum(struct inode *inode, struct ext4_dir_entry *dirent,
14242 - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
14243 - struct ext4_inode_info *ei = EXT4_I(inode);
14244 - __u32 csum;
14245 -- __le32 save_csum;
14246 - int size;
14247 -+ __u32 dummy_csum = 0;
14248 -+ int offset = offsetof(struct dx_tail, dt_checksum);
14249 -
14250 - size = count_offset + (count * sizeof(struct dx_entry));
14251 -- save_csum = t->dt_checksum;
14252 -- t->dt_checksum = 0;
14253 - csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)dirent, size);
14254 -- csum = ext4_chksum(sbi, csum, (__u8 *)t, sizeof(struct dx_tail));
14255 -- t->dt_checksum = save_csum;
14256 -+ csum = ext4_chksum(sbi, csum, (__u8 *)t, offset);
14257 -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum));
14258 -
14259 - return cpu_to_le32(csum);
14260 - }
14261 -diff --git a/fs/ext4/super.c b/fs/ext4/super.c
14262 -index 639bd756..d4505f8 100644
14263 ---- a/fs/ext4/super.c
14264 -+++ b/fs/ext4/super.c
14265 -@@ -2068,23 +2068,25 @@ failed:
14266 - static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group,
14267 - struct ext4_group_desc *gdp)
14268 - {
14269 -- int offset;
14270 -+ int offset = offsetof(struct ext4_group_desc, bg_checksum);
14271 - __u16 crc = 0;
14272 - __le32 le_group = cpu_to_le32(block_group);
14273 - struct ext4_sb_info *sbi = EXT4_SB(sb);
14274 -
14275 - if (ext4_has_metadata_csum(sbi->s_sb)) {
14276 - /* Use new metadata_csum algorithm */
14277 -- __le16 save_csum;
14278 - __u32 csum32;
14279 -+ __u16 dummy_csum = 0;
14280 -
14281 -- save_csum = gdp->bg_checksum;
14282 -- gdp->bg_checksum = 0;
14283 - csum32 = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&le_group,
14284 - sizeof(le_group));
14285 -- csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp,
14286 -- sbi->s_desc_size);
14287 -- gdp->bg_checksum = save_csum;
14288 -+ csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp, offset);
14289 -+ csum32 = ext4_chksum(sbi, csum32, (__u8 *)&dummy_csum,
14290 -+ sizeof(dummy_csum));
14291 -+ offset += sizeof(dummy_csum);
14292 -+ if (offset < sbi->s_desc_size)
14293 -+ csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp + offset,
14294 -+ sbi->s_desc_size - offset);
14295 -
14296 - crc = csum32 & 0xFFFF;
14297 - goto out;
14298 -@@ -2094,8 +2096,6 @@ static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group,
14299 - if (!ext4_has_feature_gdt_csum(sb))
14300 - return 0;
14301 -
14302 -- offset = offsetof(struct ext4_group_desc, bg_checksum);
14303 --
14304 - crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid));
14305 - crc = crc16(crc, (__u8 *)&le_group, sizeof(le_group));
14306 - crc = crc16(crc, (__u8 *)gdp, offset);
14307 -@@ -2131,6 +2131,7 @@ void ext4_group_desc_csum_set(struct super_block *sb, __u32 block_group,
14308 -
14309 - /* Called at mount-time, super-block is locked */
14310 - static int ext4_check_descriptors(struct super_block *sb,
14311 -+ ext4_fsblk_t sb_block,
14312 - ext4_group_t *first_not_zeroed)
14313 - {
14314 - struct ext4_sb_info *sbi = EXT4_SB(sb);
14315 -@@ -2161,6 +2162,11 @@ static int ext4_check_descriptors(struct super_block *sb,
14316 - grp = i;
14317 -
14318 - block_bitmap = ext4_block_bitmap(sb, gdp);
14319 -+ if (block_bitmap == sb_block) {
14320 -+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
14321 -+ "Block bitmap for group %u overlaps "
14322 -+ "superblock", i);
14323 -+ }
14324 - if (block_bitmap < first_block || block_bitmap > last_block) {
14325 - ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
14326 - "Block bitmap for group %u not in group "
14327 -@@ -2168,6 +2174,11 @@ static int ext4_check_descriptors(struct super_block *sb,
14328 - return 0;
14329 - }
14330 - inode_bitmap = ext4_inode_bitmap(sb, gdp);
14331 -+ if (inode_bitmap == sb_block) {
14332 -+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
14333 -+ "Inode bitmap for group %u overlaps "
14334 -+ "superblock", i);
14335 -+ }
14336 - if (inode_bitmap < first_block || inode_bitmap > last_block) {
14337 - ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
14338 - "Inode bitmap for group %u not in group "
14339 -@@ -2175,6 +2186,11 @@ static int ext4_check_descriptors(struct super_block *sb,
14340 - return 0;
14341 - }
14342 - inode_table = ext4_inode_table(sb, gdp);
14343 -+ if (inode_table == sb_block) {
14344 -+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
14345 -+ "Inode table for group %u overlaps "
14346 -+ "superblock", i);
14347 -+ }
14348 - if (inode_table < first_block ||
14349 - inode_table + sbi->s_itb_per_group - 1 > last_block) {
14350 - ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
14351 -@@ -3677,7 +3693,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
14352 - goto failed_mount2;
14353 - }
14354 - }
14355 -- if (!ext4_check_descriptors(sb, &first_not_zeroed)) {
14356 -+ if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) {
14357 - ext4_msg(sb, KERN_ERR, "group descriptors corrupted!");
14358 - ret = -EFSCORRUPTED;
14359 - goto failed_mount2;
14360 -diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
14361 -index e79bd32..2eb935c 100644
14362 ---- a/fs/ext4/xattr.c
14363 -+++ b/fs/ext4/xattr.c
14364 -@@ -121,17 +121,18 @@ static __le32 ext4_xattr_block_csum(struct inode *inode,
14365 - {
14366 - struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
14367 - __u32 csum;
14368 -- __le32 save_csum;
14369 - __le64 dsk_block_nr = cpu_to_le64(block_nr);
14370 -+ __u32 dummy_csum = 0;
14371 -+ int offset = offsetof(struct ext4_xattr_header, h_checksum);
14372 -
14373 -- save_csum = hdr->h_checksum;
14374 -- hdr->h_checksum = 0;
14375 - csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&dsk_block_nr,
14376 - sizeof(dsk_block_nr));
14377 -- csum = ext4_chksum(sbi, csum, (__u8 *)hdr,
14378 -- EXT4_BLOCK_SIZE(inode->i_sb));
14379 -+ csum = ext4_chksum(sbi, csum, (__u8 *)hdr, offset);
14380 -+ csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum));
14381 -+ offset += sizeof(dummy_csum);
14382 -+ csum = ext4_chksum(sbi, csum, (__u8 *)hdr + offset,
14383 -+ EXT4_BLOCK_SIZE(inode->i_sb) - offset);
14384 -
14385 -- hdr->h_checksum = save_csum;
14386 - return cpu_to_le32(csum);
14387 - }
14388 -
14389 -@@ -1352,15 +1353,19 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize,
14390 - size_t min_offs, free;
14391 - int total_ino;
14392 - void *base, *start, *end;
14393 -- int extra_isize = 0, error = 0, tried_min_extra_isize = 0;
14394 -+ int error = 0, tried_min_extra_isize = 0;
14395 - int s_min_extra_isize = le16_to_cpu(EXT4_SB(inode->i_sb)->s_es->s_min_extra_isize);
14396 -+ int isize_diff; /* How much do we need to grow i_extra_isize */
14397 -
14398 - down_write(&EXT4_I(inode)->xattr_sem);
14399 -+ /*
14400 -+ * Set EXT4_STATE_NO_EXPAND to avoid recursion when marking inode dirty
14401 -+ */
14402 -+ ext4_set_inode_state(inode, EXT4_STATE_NO_EXPAND);
14403 - retry:
14404 -- if (EXT4_I(inode)->i_extra_isize >= new_extra_isize) {
14405 -- up_write(&EXT4_I(inode)->xattr_sem);
14406 -- return 0;
14407 -- }
14408 -+ isize_diff = new_extra_isize - EXT4_I(inode)->i_extra_isize;
14409 -+ if (EXT4_I(inode)->i_extra_isize >= new_extra_isize)
14410 -+ goto out;
14411 -
14412 - header = IHDR(inode, raw_inode);
14413 - entry = IFIRST(header);
14414 -@@ -1381,7 +1386,7 @@ retry:
14415 - goto cleanup;
14416 -
14417 - free = ext4_xattr_free_space(last, &min_offs, base, &total_ino);
14418 -- if (free >= new_extra_isize) {
14419 -+ if (free >= isize_diff) {
14420 - entry = IFIRST(header);
14421 - ext4_xattr_shift_entries(entry, EXT4_I(inode)->i_extra_isize
14422 - - new_extra_isize, (void *)raw_inode +
14423 -@@ -1389,8 +1394,7 @@ retry:
14424 - (void *)header, total_ino,
14425 - inode->i_sb->s_blocksize);
14426 - EXT4_I(inode)->i_extra_isize = new_extra_isize;
14427 -- error = 0;
14428 -- goto cleanup;
14429 -+ goto out;
14430 - }
14431 -
14432 - /*
14433 -@@ -1413,7 +1417,7 @@ retry:
14434 - end = bh->b_data + bh->b_size;
14435 - min_offs = end - base;
14436 - free = ext4_xattr_free_space(first, &min_offs, base, NULL);
14437 -- if (free < new_extra_isize) {
14438 -+ if (free < isize_diff) {
14439 - if (!tried_min_extra_isize && s_min_extra_isize) {
14440 - tried_min_extra_isize++;
14441 - new_extra_isize = s_min_extra_isize;
14442 -@@ -1427,7 +1431,7 @@ retry:
14443 - free = inode->i_sb->s_blocksize;
14444 - }
14445 -
14446 -- while (new_extra_isize > 0) {
14447 -+ while (isize_diff > 0) {
14448 - size_t offs, size, entry_size;
14449 - struct ext4_xattr_entry *small_entry = NULL;
14450 - struct ext4_xattr_info i = {
14451 -@@ -1458,7 +1462,7 @@ retry:
14452 - EXT4_XATTR_SIZE(le32_to_cpu(last->e_value_size)) +
14453 - EXT4_XATTR_LEN(last->e_name_len);
14454 - if (total_size <= free && total_size < min_total_size) {
14455 -- if (total_size < new_extra_isize) {
14456 -+ if (total_size < isize_diff) {
14457 - small_entry = last;
14458 - } else {
14459 - entry = last;
14460 -@@ -1513,22 +1517,22 @@ retry:
14461 - error = ext4_xattr_ibody_set(handle, inode, &i, is);
14462 - if (error)
14463 - goto cleanup;
14464 -+ total_ino -= entry_size;
14465 -
14466 - entry = IFIRST(header);
14467 -- if (entry_size + EXT4_XATTR_SIZE(size) >= new_extra_isize)
14468 -- shift_bytes = new_extra_isize;
14469 -+ if (entry_size + EXT4_XATTR_SIZE(size) >= isize_diff)
14470 -+ shift_bytes = isize_diff;
14471 - else
14472 -- shift_bytes = entry_size + size;
14473 -+ shift_bytes = entry_size + EXT4_XATTR_SIZE(size);
14474 - /* Adjust the offsets and shift the remaining entries ahead */
14475 -- ext4_xattr_shift_entries(entry, EXT4_I(inode)->i_extra_isize -
14476 -- shift_bytes, (void *)raw_inode +
14477 -- EXT4_GOOD_OLD_INODE_SIZE + extra_isize + shift_bytes,
14478 -- (void *)header, total_ino - entry_size,
14479 -- inode->i_sb->s_blocksize);
14480 -+ ext4_xattr_shift_entries(entry, -shift_bytes,
14481 -+ (void *)raw_inode + EXT4_GOOD_OLD_INODE_SIZE +
14482 -+ EXT4_I(inode)->i_extra_isize + shift_bytes,
14483 -+ (void *)header, total_ino, inode->i_sb->s_blocksize);
14484 -
14485 -- extra_isize += shift_bytes;
14486 -- new_extra_isize -= shift_bytes;
14487 -- EXT4_I(inode)->i_extra_isize = extra_isize;
14488 -+ isize_diff -= shift_bytes;
14489 -+ EXT4_I(inode)->i_extra_isize += shift_bytes;
14490 -+ header = IHDR(inode, raw_inode);
14491 -
14492 - i.name = b_entry_name;
14493 - i.value = buffer;
14494 -@@ -1550,6 +1554,8 @@ retry:
14495 - kfree(bs);
14496 - }
14497 - brelse(bh);
14498 -+out:
14499 -+ ext4_clear_inode_state(inode, EXT4_STATE_NO_EXPAND);
14500 - up_write(&EXT4_I(inode)->xattr_sem);
14501 - return 0;
14502 -
14503 -@@ -1561,6 +1567,10 @@ cleanup:
14504 - kfree(is);
14505 - kfree(bs);
14506 - brelse(bh);
14507 -+ /*
14508 -+ * We deliberately leave EXT4_STATE_NO_EXPAND set here since inode
14509 -+ * size expansion failed.
14510 -+ */
14511 - up_write(&EXT4_I(inode)->xattr_sem);
14512 - return error;
14513 - }
14514 -diff --git a/fs/namei.c b/fs/namei.c
14515 -index 70580ab..9281b2b 100644
14516 ---- a/fs/namei.c
14517 -+++ b/fs/namei.c
14518 -@@ -901,6 +901,7 @@ static inline int may_follow_link(struct nameidata *nd)
14519 - {
14520 - const struct inode *inode;
14521 - const struct inode *parent;
14522 -+ kuid_t puid;
14523 -
14524 - if (!sysctl_protected_symlinks)
14525 - return 0;
14526 -@@ -916,7 +917,8 @@ static inline int may_follow_link(struct nameidata *nd)
14527 - return 0;
14528 -
14529 - /* Allowed if parent directory and link owner match. */
14530 -- if (uid_eq(parent->i_uid, inode->i_uid))
14531 -+ puid = parent->i_uid;
14532 -+ if (uid_valid(puid) && uid_eq(puid, inode->i_uid))
14533 - return 0;
14534 -
14535 - if (nd->flags & LOOKUP_RCU)
14536 -diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
14537 -index 80aa6f1..4133aa7 100644
14538 ---- a/fs/overlayfs/copy_up.c
14539 -+++ b/fs/overlayfs/copy_up.c
14540 -@@ -80,6 +80,8 @@ int ovl_copy_xattr(struct dentry *old, struct dentry *new)
14541 - }
14542 -
14543 - for (name = buf; name < (buf + list_size); name += strlen(name) + 1) {
14544 -+ if (ovl_is_private_xattr(name))
14545 -+ continue;
14546 - retry:
14547 - size = vfs_getxattr(old, name, value, value_size);
14548 - if (size == -ERANGE)
14549 -diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
14550 -index d1cdc60..ac98a71 100644
14551 ---- a/fs/overlayfs/inode.c
14552 -+++ b/fs/overlayfs/inode.c
14553 -@@ -231,7 +231,7 @@ static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
14554 - }
14555 -
14556 -
14557 --static bool ovl_is_private_xattr(const char *name)
14558 -+bool ovl_is_private_xattr(const char *name)
14559 - {
14560 - return strncmp(name, OVL_XATTR_PRE_NAME, OVL_XATTR_PRE_LEN) == 0;
14561 - }
14562 -@@ -279,24 +279,27 @@ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
14563 - {
14564 - struct dentry *realdentry = ovl_dentry_real(dentry);
14565 - ssize_t res;
14566 -- int off;
14567 -+ size_t len;
14568 -+ char *s;
14569 -
14570 - res = vfs_listxattr(realdentry, list, size);
14571 - if (res <= 0 || size == 0)
14572 - return res;
14573 -
14574 - /* filter out private xattrs */
14575 -- for (off = 0; off < res;) {
14576 -- char *s = list + off;
14577 -- size_t slen = strlen(s) + 1;
14578 -+ for (s = list, len = res; len;) {
14579 -+ size_t slen = strnlen(s, len) + 1;
14580 -
14581 -- BUG_ON(off + slen > res);
14582 -+ /* underlying fs providing us with an broken xattr list? */
14583 -+ if (WARN_ON(slen > len))
14584 -+ return -EIO;
14585 -
14586 -+ len -= slen;
14587 - if (ovl_is_private_xattr(s)) {
14588 - res -= slen;
14589 -- memmove(s, s + slen, res - off);
14590 -+ memmove(s, s + slen, len);
14591 - } else {
14592 -- off += slen;
14593 -+ s += slen;
14594 - }
14595 - }
14596 -
14597 -diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
14598 -index cfbca53..d8ddc31 100644
14599 ---- a/fs/overlayfs/overlayfs.h
14600 -+++ b/fs/overlayfs/overlayfs.h
14601 -@@ -168,6 +168,8 @@ int ovl_check_empty_dir(struct dentry *dentry, struct list_head *list);
14602 - void ovl_cleanup_whiteouts(struct dentry *upper, struct list_head *list);
14603 - void ovl_cache_free(struct list_head *list);
14604 - int ovl_check_d_type_supported(struct path *realpath);
14605 -+void ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt,
14606 -+ struct dentry *dentry, int level);
14607 -
14608 - /* inode.c */
14609 - int ovl_setattr(struct dentry *dentry, struct iattr *attr);
14610 -@@ -180,6 +182,7 @@ ssize_t ovl_getxattr(struct dentry *dentry, struct inode *inode,
14611 - ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size);
14612 - int ovl_removexattr(struct dentry *dentry, const char *name);
14613 - struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags);
14614 -+bool ovl_is_private_xattr(const char *name);
14615 -
14616 - struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
14617 - struct ovl_entry *oe);
14618 -diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c
14619 -index cf37fc7..f241b4e 100644
14620 ---- a/fs/overlayfs/readdir.c
14621 -+++ b/fs/overlayfs/readdir.c
14622 -@@ -248,7 +248,7 @@ static inline int ovl_dir_read(struct path *realpath,
14623 - err = rdd->err;
14624 - } while (!err && rdd->count);
14625 -
14626 -- if (!err && rdd->first_maybe_whiteout)
14627 -+ if (!err && rdd->first_maybe_whiteout && rdd->dentry)
14628 - err = ovl_check_whiteouts(realpath->dentry, rdd);
14629 -
14630 - fput(realfile);
14631 -@@ -606,3 +606,64 @@ int ovl_check_d_type_supported(struct path *realpath)
14632 -
14633 - return rdd.d_type_supported;
14634 - }
14635 -+
14636 -+static void ovl_workdir_cleanup_recurse(struct path *path, int level)
14637 -+{
14638 -+ int err;
14639 -+ struct inode *dir = path->dentry->d_inode;
14640 -+ LIST_HEAD(list);
14641 -+ struct ovl_cache_entry *p;
14642 -+ struct ovl_readdir_data rdd = {
14643 -+ .ctx.actor = ovl_fill_merge,
14644 -+ .dentry = NULL,
14645 -+ .list = &list,
14646 -+ .root = RB_ROOT,
14647 -+ .is_lowest = false,
14648 -+ };
14649 -+
14650 -+ err = ovl_dir_read(path, &rdd);
14651 -+ if (err)
14652 -+ goto out;
14653 -+
14654 -+ inode_lock_nested(dir, I_MUTEX_PARENT);
14655 -+ list_for_each_entry(p, &list, l_node) {
14656 -+ struct dentry *dentry;
14657 -+
14658 -+ if (p->name[0] == '.') {
14659 -+ if (p->len == 1)
14660 -+ continue;
14661 -+ if (p->len == 2 && p->name[1] == '.')
14662 -+ continue;
14663 -+ }
14664 -+ dentry = lookup_one_len(p->name, path->dentry, p->len);
14665 -+ if (IS_ERR(dentry))
14666 -+ continue;
14667 -+ if (dentry->d_inode)
14668 -+ ovl_workdir_cleanup(dir, path->mnt, dentry, level);
14669 -+ dput(dentry);
14670 -+ }
14671 -+ inode_unlock(dir);
14672 -+out:
14673 -+ ovl_cache_free(&list);
14674 -+}
14675 -+
14676 -+void ovl_workdir_cleanup(struct inode *dir, struct vfsmount *mnt,
14677 -+ struct dentry *dentry, int level)
14678 -+{
14679 -+ int err;
14680 -+
14681 -+ if (!d_is_dir(dentry) || level > 1) {
14682 -+ ovl_cleanup(dir, dentry);
14683 -+ return;
14684 -+ }
14685 -+
14686 -+ err = ovl_do_rmdir(dir, dentry);
14687 -+ if (err) {
14688 -+ struct path path = { .mnt = mnt, .dentry = dentry };
14689 -+
14690 -+ inode_unlock(dir);
14691 -+ ovl_workdir_cleanup_recurse(&path, level + 1);
14692 -+ inode_lock_nested(dir, I_MUTEX_PARENT);
14693 -+ ovl_cleanup(dir, dentry);
14694 -+ }
14695 -+}
14696 -diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
14697 -index 6db75cb..86f2025 100644
14698 ---- a/fs/overlayfs/super.c
14699 -+++ b/fs/overlayfs/super.c
14700 -@@ -798,6 +798,10 @@ retry:
14701 - struct kstat stat = {
14702 - .mode = S_IFDIR | 0,
14703 - };
14704 -+ struct iattr attr = {
14705 -+ .ia_valid = ATTR_MODE,
14706 -+ .ia_mode = stat.mode,
14707 -+ };
14708 -
14709 - if (work->d_inode) {
14710 - err = -EEXIST;
14711 -@@ -805,7 +809,7 @@ retry:
14712 - goto out_dput;
14713 -
14714 - retried = true;
14715 -- ovl_cleanup(dir, work);
14716 -+ ovl_workdir_cleanup(dir, mnt, work, 0);
14717 - dput(work);
14718 - goto retry;
14719 - }
14720 -@@ -813,6 +817,21 @@ retry:
14721 - err = ovl_create_real(dir, work, &stat, NULL, NULL, true);
14722 - if (err)
14723 - goto out_dput;
14724 -+
14725 -+ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
14726 -+ if (err && err != -ENODATA && err != -EOPNOTSUPP)
14727 -+ goto out_dput;
14728 -+
14729 -+ err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
14730 -+ if (err && err != -ENODATA && err != -EOPNOTSUPP)
14731 -+ goto out_dput;
14732 -+
14733 -+ /* Clear any inherited mode bits */
14734 -+ inode_lock(work->d_inode);
14735 -+ err = notify_change(work, &attr, NULL);
14736 -+ inode_unlock(work->d_inode);
14737 -+ if (err)
14738 -+ goto out_dput;
14739 - }
14740 - out_unlock:
14741 - inode_unlock(dir);
14742 -diff --git a/fs/ubifs/tnc_commit.c b/fs/ubifs/tnc_commit.c
14743 -index b45345d..51157da 100644
14744 ---- a/fs/ubifs/tnc_commit.c
14745 -+++ b/fs/ubifs/tnc_commit.c
14746 -@@ -370,7 +370,7 @@ static int layout_in_gaps(struct ubifs_info *c, int cnt)
14747 -
14748 - p = c->gap_lebs;
14749 - do {
14750 -- ubifs_assert(p < c->gap_lebs + sizeof(int) * c->lst.idx_lebs);
14751 -+ ubifs_assert(p < c->gap_lebs + c->lst.idx_lebs);
14752 - written = layout_leb_in_gaps(c, p);
14753 - if (written < 0) {
14754 - err = written;
14755 -diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c
14756 -index b5fc279..c63710f 100644
14757 ---- a/fs/ubifs/xattr.c
14758 -+++ b/fs/ubifs/xattr.c
14759 -@@ -575,7 +575,8 @@ static int ubifs_xattr_get(const struct xattr_handler *handler,
14760 - dbg_gen("xattr '%s', ino %lu ('%pd'), buf size %zd", name,
14761 - inode->i_ino, dentry, size);
14762 -
14763 -- return __ubifs_getxattr(inode, name, buffer, size);
14764 -+ name = xattr_full_name(handler, name);
14765 -+ return __ubifs_getxattr(inode, name, buffer, size);
14766 - }
14767 -
14768 - static int ubifs_xattr_set(const struct xattr_handler *handler,
14769 -@@ -586,6 +587,8 @@ static int ubifs_xattr_set(const struct xattr_handler *handler,
14770 - dbg_gen("xattr '%s', host ino %lu ('%pd'), size %zd",
14771 - name, inode->i_ino, dentry, size);
14772 -
14773 -+ name = xattr_full_name(handler, name);
14774 -+
14775 - if (value)
14776 - return __ubifs_setxattr(inode, name, value, size, flags);
14777 - else
14778 -diff --git a/fs/xfs/libxfs/xfs_sb.c b/fs/xfs/libxfs/xfs_sb.c
14779 -index 12ca867..85bdf3d 100644
14780 ---- a/fs/xfs/libxfs/xfs_sb.c
14781 -+++ b/fs/xfs/libxfs/xfs_sb.c
14782 -@@ -581,7 +581,8 @@ xfs_sb_verify(
14783 - * Only check the in progress field for the primary superblock as
14784 - * mkfs.xfs doesn't clear it from secondary superblocks.
14785 - */
14786 -- return xfs_mount_validate_sb(mp, &sb, bp->b_bn == XFS_SB_DADDR,
14787 -+ return xfs_mount_validate_sb(mp, &sb,
14788 -+ bp->b_maps[0].bm_bn == XFS_SB_DADDR,
14789 - check_version);
14790 - }
14791 -
14792 -diff --git a/include/linux/capability.h b/include/linux/capability.h
14793 -index 00690ff..5f3c63d 100644
14794 ---- a/include/linux/capability.h
14795 -+++ b/include/linux/capability.h
14796 -@@ -206,6 +206,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
14797 - struct user_namespace *ns, int cap);
14798 - extern bool capable(int cap);
14799 - extern bool ns_capable(struct user_namespace *ns, int cap);
14800 -+extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
14801 - #else
14802 - static inline bool has_capability(struct task_struct *t, int cap)
14803 - {
14804 -@@ -233,6 +234,10 @@ static inline bool ns_capable(struct user_namespace *ns, int cap)
14805 - {
14806 - return true;
14807 - }
14808 -+static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap)
14809 -+{
14810 -+ return true;
14811 -+}
14812 - #endif /* CONFIG_MULTIUSER */
14813 - extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
14814 - extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
14815 -diff --git a/kernel/capability.c b/kernel/capability.c
14816 -index 45432b5..00411c8 100644
14817 ---- a/kernel/capability.c
14818 -+++ b/kernel/capability.c
14819 -@@ -361,6 +361,24 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
14820 - return has_ns_capability_noaudit(t, &init_user_ns, cap);
14821 - }
14822 -
14823 -+static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit)
14824 -+{
14825 -+ int capable;
14826 -+
14827 -+ if (unlikely(!cap_valid(cap))) {
14828 -+ pr_crit("capable() called with invalid cap=%u\n", cap);
14829 -+ BUG();
14830 -+ }
14831 -+
14832 -+ capable = audit ? security_capable(current_cred(), ns, cap) :
14833 -+ security_capable_noaudit(current_cred(), ns, cap);
14834 -+ if (capable == 0) {
14835 -+ current->flags |= PF_SUPERPRIV;
14836 -+ return true;
14837 -+ }
14838 -+ return false;
14839 -+}
14840 -+
14841 - /**
14842 - * ns_capable - Determine if the current task has a superior capability in effect
14843 - * @ns: The usernamespace we want the capability in
14844 -@@ -374,19 +392,27 @@ bool has_capability_noaudit(struct task_struct *t, int cap)
14845 - */
14846 - bool ns_capable(struct user_namespace *ns, int cap)
14847 - {
14848 -- if (unlikely(!cap_valid(cap))) {
14849 -- pr_crit("capable() called with invalid cap=%u\n", cap);
14850 -- BUG();
14851 -- }
14852 --
14853 -- if (security_capable(current_cred(), ns, cap) == 0) {
14854 -- current->flags |= PF_SUPERPRIV;
14855 -- return true;
14856 -- }
14857 -- return false;
14858 -+ return ns_capable_common(ns, cap, true);
14859 - }
14860 - EXPORT_SYMBOL(ns_capable);
14861 -
14862 -+/**
14863 -+ * ns_capable_noaudit - Determine if the current task has a superior capability
14864 -+ * (unaudited) in effect
14865 -+ * @ns: The usernamespace we want the capability in
14866 -+ * @cap: The capability to be tested for
14867 -+ *
14868 -+ * Return true if the current task has the given superior capability currently
14869 -+ * available for use, false if not.
14870 -+ *
14871 -+ * This sets PF_SUPERPRIV on the task if the capability is available on the
14872 -+ * assumption that it's about to be used.
14873 -+ */
14874 -+bool ns_capable_noaudit(struct user_namespace *ns, int cap)
14875 -+{
14876 -+ return ns_capable_common(ns, cap, false);
14877 -+}
14878 -+EXPORT_SYMBOL(ns_capable_noaudit);
14879 -
14880 - /**
14881 - * capable - Determine if the current task has a superior capability in effect
14882 -diff --git a/kernel/cred.c b/kernel/cred.c
14883 -index 0c0cd8a..5f264fb 100644
14884 ---- a/kernel/cred.c
14885 -+++ b/kernel/cred.c
14886 -@@ -689,6 +689,8 @@ EXPORT_SYMBOL(set_security_override_from_ctx);
14887 - */
14888 - int set_create_files_as(struct cred *new, struct inode *inode)
14889 - {
14890 -+ if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
14891 -+ return -EINVAL;
14892 - new->fsuid = inode->i_uid;
14893 - new->fsgid = inode->i_gid;
14894 - return security_kernel_create_files_as(new, inode);
14895 -diff --git a/kernel/fork.c b/kernel/fork.c
14896 -index 4a7ec0c..aea4f4d 100644
14897 ---- a/kernel/fork.c
14898 -+++ b/kernel/fork.c
14899 -@@ -1406,7 +1406,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
14900 - p->real_start_time = ktime_get_boot_ns();
14901 - p->io_context = NULL;
14902 - p->audit_context = NULL;
14903 -- threadgroup_change_begin(current);
14904 - cgroup_fork(p);
14905 - #ifdef CONFIG_NUMA
14906 - p->mempolicy = mpol_dup(p->mempolicy);
14907 -@@ -1558,6 +1557,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
14908 - INIT_LIST_HEAD(&p->thread_group);
14909 - p->task_works = NULL;
14910 -
14911 -+ threadgroup_change_begin(current);
14912 - /*
14913 - * Ensure that the cgroup subsystem policies allow the new process to be
14914 - * forked. It should be noted the the new process's css_set can be changed
14915 -@@ -1658,6 +1658,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
14916 - bad_fork_cancel_cgroup:
14917 - cgroup_cancel_fork(p);
14918 - bad_fork_free_pid:
14919 -+ threadgroup_change_end(current);
14920 - if (pid != &init_struct_pid)
14921 - free_pid(pid);
14922 - bad_fork_cleanup_thread:
14923 -@@ -1690,7 +1691,6 @@ bad_fork_cleanup_policy:
14924 - mpol_put(p->mempolicy);
14925 - bad_fork_cleanup_threadgroup_lock:
14926 - #endif
14927 -- threadgroup_change_end(current);
14928 - delayacct_tsk_free(p);
14929 - bad_fork_cleanup_count:
14930 - atomic_dec(&p->cred->user->processes);
14931 -diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
14932 -index 479d25c..b6c3945 100644
14933 ---- a/kernel/time/timekeeping.c
14934 -+++ b/kernel/time/timekeeping.c
14935 -@@ -401,7 +401,10 @@ static __always_inline u64 __ktime_get_fast_ns(struct tk_fast *tkf)
14936 - do {
14937 - seq = raw_read_seqcount_latch(&tkf->seq);
14938 - tkr = tkf->base + (seq & 0x01);
14939 -- now = ktime_to_ns(tkr->base) + timekeeping_get_ns(tkr);
14940 -+ now = ktime_to_ns(tkr->base);
14941 -+
14942 -+ now += clocksource_delta(tkr->read(tkr->clock),
14943 -+ tkr->cycle_last, tkr->mask);
14944 - } while (read_seqcount_retry(&tkf->seq, seq));
14945 -
14946 - return now;
14947 -diff --git a/kernel/time/timekeeping_debug.c b/kernel/time/timekeeping_debug.c
14948 -index f6bd652..107310a 100644
14949 ---- a/kernel/time/timekeeping_debug.c
14950 -+++ b/kernel/time/timekeeping_debug.c
14951 -@@ -23,7 +23,9 @@
14952 -
14953 - #include "timekeeping_internal.h"
14954 -
14955 --static unsigned int sleep_time_bin[32] = {0};
14956 -+#define NUM_BINS 32
14957 -+
14958 -+static unsigned int sleep_time_bin[NUM_BINS] = {0};
14959 -
14960 - static int tk_debug_show_sleep_time(struct seq_file *s, void *data)
14961 - {
14962 -@@ -69,6 +71,9 @@ late_initcall(tk_debug_sleep_time_init);
14963 -
14964 - void tk_debug_account_sleep_time(struct timespec64 *t)
14965 - {
14966 -- sleep_time_bin[fls(t->tv_sec)]++;
14967 -+ /* Cap bin index so we don't overflow the array */
14968 -+ int bin = min(fls(t->tv_sec), NUM_BINS-1);
14969 -+
14970 -+ sleep_time_bin[bin]++;
14971 - }
14972 -
14973 -diff --git a/net/sunrpc/xprtrdma/frwr_ops.c b/net/sunrpc/xprtrdma/frwr_ops.c
14974 -index c094754..f02ab80 100644
14975 ---- a/net/sunrpc/xprtrdma/frwr_ops.c
14976 -+++ b/net/sunrpc/xprtrdma/frwr_ops.c
14977 -@@ -125,17 +125,16 @@ __frwr_reset_mr(struct rpcrdma_ia *ia, struct rpcrdma_mw *r)
14978 - }
14979 -
14980 - static void
14981 --__frwr_reset_and_unmap(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mw *mw)
14982 -+__frwr_reset_and_unmap(struct rpcrdma_mw *mw)
14983 - {
14984 -+ struct rpcrdma_xprt *r_xprt = mw->mw_xprt;
14985 - struct rpcrdma_ia *ia = &r_xprt->rx_ia;
14986 -- struct rpcrdma_frmr *f = &mw->frmr;
14987 - int rc;
14988 -
14989 - rc = __frwr_reset_mr(ia, mw);
14990 -- ib_dma_unmap_sg(ia->ri_device, f->fr_sg, f->fr_nents, f->fr_dir);
14991 -+ ib_dma_unmap_sg(ia->ri_device, mw->mw_sg, mw->mw_nents, mw->mw_dir);
14992 - if (rc)
14993 - return;
14994 --
14995 - rpcrdma_put_mw(r_xprt, mw);
14996 - }
14997 -
14998 -@@ -152,8 +151,7 @@ __frwr_recovery_worker(struct work_struct *work)
14999 - struct rpcrdma_mw *r = container_of(work, struct rpcrdma_mw,
15000 - mw_work);
15001 -
15002 -- __frwr_reset_and_unmap(r->mw_xprt, r);
15003 -- return;
15004 -+ __frwr_reset_and_unmap(r);
15005 - }
15006 -
15007 - /* A broken MR was discovered in a context that can't sleep.
15008 -@@ -167,8 +165,7 @@ __frwr_queue_recovery(struct rpcrdma_mw *r)
15009 - }
15010 -
15011 - static int
15012 --__frwr_init(struct rpcrdma_mw *r, struct ib_pd *pd, struct ib_device *device,
15013 -- unsigned int depth)
15014 -+__frwr_init(struct rpcrdma_mw *r, struct ib_pd *pd, unsigned int depth)
15015 - {
15016 - struct rpcrdma_frmr *f = &r->frmr;
15017 - int rc;
15018 -@@ -177,11 +174,11 @@ __frwr_init(struct rpcrdma_mw *r, struct ib_pd *pd, struct ib_device *device,
15019 - if (IS_ERR(f->fr_mr))
15020 - goto out_mr_err;
15021 -
15022 -- f->fr_sg = kcalloc(depth, sizeof(*f->fr_sg), GFP_KERNEL);
15023 -- if (!f->fr_sg)
15024 -+ r->mw_sg = kcalloc(depth, sizeof(*r->mw_sg), GFP_KERNEL);
15025 -+ if (!r->mw_sg)
15026 - goto out_list_err;
15027 -
15028 -- sg_init_table(f->fr_sg, depth);
15029 -+ sg_init_table(r->mw_sg, depth);
15030 -
15031 - init_completion(&f->fr_linv_done);
15032 -
15033 -@@ -210,7 +207,7 @@ __frwr_release(struct rpcrdma_mw *r)
15034 - if (rc)
15035 - dprintk("RPC: %s: ib_dereg_mr status %i\n",
15036 - __func__, rc);
15037 -- kfree(r->frmr.fr_sg);
15038 -+ kfree(r->mw_sg);
15039 - }
15040 -
15041 - static int
15042 -@@ -350,7 +347,6 @@ static int
15043 - frwr_op_init(struct rpcrdma_xprt *r_xprt)
15044 - {
15045 - struct rpcrdma_buffer *buf = &r_xprt->rx_buf;
15046 -- struct ib_device *device = r_xprt->rx_ia.ri_device;
15047 - unsigned int depth = r_xprt->rx_ia.ri_max_frmr_depth;
15048 - struct ib_pd *pd = r_xprt->rx_ia.ri_pd;
15049 - int i;
15050 -@@ -372,7 +368,7 @@ frwr_op_init(struct rpcrdma_xprt *r_xprt)
15051 - if (!r)
15052 - return -ENOMEM;
15053 -
15054 -- rc = __frwr_init(r, pd, device, depth);
15055 -+ rc = __frwr_init(r, pd, depth);
15056 - if (rc) {
15057 - kfree(r);
15058 - return rc;
15059 -@@ -386,7 +382,7 @@ frwr_op_init(struct rpcrdma_xprt *r_xprt)
15060 - return 0;
15061 - }
15062 -
15063 --/* Post a FAST_REG Work Request to register a memory region
15064 -+/* Post a REG_MR Work Request to register a memory region
15065 - * for remote access via RDMA READ or RDMA WRITE.
15066 - */
15067 - static int
15068 -@@ -394,8 +390,6 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg,
15069 - int nsegs, bool writing)
15070 - {
15071 - struct rpcrdma_ia *ia = &r_xprt->rx_ia;
15072 -- struct ib_device *device = ia->ri_device;
15073 -- enum dma_data_direction direction = rpcrdma_data_dir(writing);
15074 - struct rpcrdma_mr_seg *seg1 = seg;
15075 - struct rpcrdma_mw *mw;
15076 - struct rpcrdma_frmr *frmr;
15077 -@@ -421,15 +415,14 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg,
15078 -
15079 - if (nsegs > ia->ri_max_frmr_depth)
15080 - nsegs = ia->ri_max_frmr_depth;
15081 --
15082 - for (i = 0; i < nsegs;) {
15083 - if (seg->mr_page)
15084 -- sg_set_page(&frmr->fr_sg[i],
15085 -+ sg_set_page(&mw->mw_sg[i],
15086 - seg->mr_page,
15087 - seg->mr_len,
15088 - offset_in_page(seg->mr_offset));
15089 - else
15090 -- sg_set_buf(&frmr->fr_sg[i], seg->mr_offset,
15091 -+ sg_set_buf(&mw->mw_sg[i], seg->mr_offset,
15092 - seg->mr_len);
15093 -
15094 - ++seg;
15095 -@@ -440,26 +433,20 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg,
15096 - offset_in_page((seg-1)->mr_offset + (seg-1)->mr_len))
15097 - break;
15098 - }
15099 -- frmr->fr_nents = i;
15100 -- frmr->fr_dir = direction;
15101 --
15102 -- dma_nents = ib_dma_map_sg(device, frmr->fr_sg, frmr->fr_nents, direction);
15103 -- if (!dma_nents) {
15104 -- pr_err("RPC: %s: failed to dma map sg %p sg_nents %u\n",
15105 -- __func__, frmr->fr_sg, frmr->fr_nents);
15106 -- return -ENOMEM;
15107 -- }
15108 -+ mw->mw_nents = i;
15109 -+ mw->mw_dir = rpcrdma_data_dir(writing);
15110 -
15111 -- n = ib_map_mr_sg(mr, frmr->fr_sg, frmr->fr_nents, NULL, PAGE_SIZE);
15112 -- if (unlikely(n != frmr->fr_nents)) {
15113 -- pr_err("RPC: %s: failed to map mr %p (%u/%u)\n",
15114 -- __func__, frmr->fr_mr, n, frmr->fr_nents);
15115 -- rc = n < 0 ? n : -EINVAL;
15116 -- goto out_senderr;
15117 -- }
15118 -+ dma_nents = ib_dma_map_sg(ia->ri_device,
15119 -+ mw->mw_sg, mw->mw_nents, mw->mw_dir);
15120 -+ if (!dma_nents)
15121 -+ goto out_dmamap_err;
15122 -+
15123 -+ n = ib_map_mr_sg(mr, mw->mw_sg, mw->mw_nents, NULL, PAGE_SIZE);
15124 -+ if (unlikely(n != mw->mw_nents))
15125 -+ goto out_mapmr_err;
15126 -
15127 - dprintk("RPC: %s: Using frmr %p to map %u segments (%u bytes)\n",
15128 -- __func__, mw, frmr->fr_nents, mr->length);
15129 -+ __func__, mw, mw->mw_nents, mr->length);
15130 -
15131 - key = (u8)(mr->rkey & 0x000000FF);
15132 - ib_update_fast_reg_key(mr, ++key);
15133 -@@ -484,13 +471,25 @@ frwr_op_map(struct rpcrdma_xprt *r_xprt, struct rpcrdma_mr_seg *seg,
15134 - seg1->rl_mw = mw;
15135 - seg1->mr_rkey = mr->rkey;
15136 - seg1->mr_base = mr->iova;
15137 -- seg1->mr_nsegs = frmr->fr_nents;
15138 -+ seg1->mr_nsegs = mw->mw_nents;
15139 - seg1->mr_len = mr->length;
15140 -
15141 -- return frmr->fr_nents;
15142 -+ return mw->mw_nents;
15143 -+
15144 -+out_dmamap_err:
15145 -+ pr_err("rpcrdma: failed to dma map sg %p sg_nents %u\n",
15146 -+ mw->mw_sg, mw->mw_nents);
15147 -+ return -ENOMEM;
15148 -+
15149 -+out_mapmr_err:
15150 -+ pr_err("rpcrdma: failed to map mr %p (%u/%u)\n",
15151 -+ frmr->fr_mr, n, mw->mw_nents);
15152 -+ rc = n < 0 ? n : -EIO;
15153 -+ __frwr_queue_recovery(mw);
15154 -+ return rc;
15155 -
15156 - out_senderr:
15157 -- dprintk("RPC: %s: ib_post_send status %i\n", __func__, rc);
15158 -+ pr_err("rpcrdma: ib_post_send status %i\n", rc);
15159 - __frwr_queue_recovery(mw);
15160 - return rc;
15161 - }
15162 -@@ -582,8 +581,8 @@ unmap:
15163 - mw = seg->rl_mw;
15164 - seg->rl_mw = NULL;
15165 -
15166 -- ib_dma_unmap_sg(ia->ri_device, f->fr_sg, f->fr_nents,
15167 -- f->fr_dir);
15168 -+ ib_dma_unmap_sg(ia->ri_device,
15169 -+ mw->mw_sg, mw->mw_nents, mw->mw_dir);
15170 - rpcrdma_put_mw(r_xprt, mw);
15171 -
15172 - i += seg->mr_nsegs;
15173 -@@ -630,7 +629,7 @@ frwr_op_unmap_safe(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req,
15174 - mw = seg->rl_mw;
15175 -
15176 - if (sync)
15177 -- __frwr_reset_and_unmap(r_xprt, mw);
15178 -+ __frwr_reset_and_unmap(mw);
15179 - else
15180 - __frwr_queue_recovery(mw);
15181 -
15182 -diff --git a/net/sunrpc/xprtrdma/xprt_rdma.h b/net/sunrpc/xprtrdma/xprt_rdma.h
15183 -index 95cdc66..c53abd1 100644
15184 ---- a/net/sunrpc/xprtrdma/xprt_rdma.h
15185 -+++ b/net/sunrpc/xprtrdma/xprt_rdma.h
15186 -@@ -221,9 +221,6 @@ enum rpcrdma_frmr_state {
15187 - };
15188 -
15189 - struct rpcrdma_frmr {
15190 -- struct scatterlist *fr_sg;
15191 -- int fr_nents;
15192 -- enum dma_data_direction fr_dir;
15193 - struct ib_mr *fr_mr;
15194 - struct ib_cqe fr_cqe;
15195 - enum rpcrdma_frmr_state fr_state;
15196 -@@ -240,13 +237,16 @@ struct rpcrdma_fmr {
15197 - };
15198 -
15199 - struct rpcrdma_mw {
15200 -+ struct list_head mw_list;
15201 -+ struct scatterlist *mw_sg;
15202 -+ int mw_nents;
15203 -+ enum dma_data_direction mw_dir;
15204 - union {
15205 - struct rpcrdma_fmr fmr;
15206 - struct rpcrdma_frmr frmr;
15207 - };
15208 - struct work_struct mw_work;
15209 - struct rpcrdma_xprt *mw_xprt;
15210 -- struct list_head mw_list;
15211 - struct list_head mw_all;
15212 - };
15213 -
15214 -diff --git a/net/sysctl_net.c b/net/sysctl_net.c
15215 -index ed98c1f..46a71c7 100644
15216 ---- a/net/sysctl_net.c
15217 -+++ b/net/sysctl_net.c
15218 -@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head,
15219 - kgid_t root_gid = make_kgid(net->user_ns, 0);
15220 -
15221 - /* Allow network administrator to have same access as root. */
15222 -- if (ns_capable(net->user_ns, CAP_NET_ADMIN) ||
15223 -+ if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN) ||
15224 - uid_eq(root_uid, current_euid())) {
15225 - int mode = (table->mode >> 6) & 7;
15226 - return (mode << 6) | (mode << 3) | mode;
15227 -diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
15228 -index 705c287..7347fcc 100644
15229 ---- a/security/apparmor/policy.c
15230 -+++ b/security/apparmor/policy.c
15231 -@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
15232 - struct aa_profile *profile;
15233 -
15234 - rcu_read_lock();
15235 -- profile = aa_get_profile(__find_child(&parent->base.profiles, name));
15236 -+ do {
15237 -+ profile = __find_child(&parent->base.profiles, name);
15238 -+ } while (profile && !aa_get_profile_not0(profile));
15239 - rcu_read_unlock();
15240 -
15241 - /* refcount released by caller */
15242 -diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
15243 -index 795437b..b450a27 100644
15244 ---- a/sound/core/rawmidi.c
15245 -+++ b/sound/core/rawmidi.c
15246 -@@ -1633,11 +1633,13 @@ static int snd_rawmidi_dev_register(struct snd_device *device)
15247 - return -EBUSY;
15248 - }
15249 - list_add_tail(&rmidi->list, &snd_rawmidi_devices);
15250 -+ mutex_unlock(&register_mutex);
15251 - err = snd_register_device(SNDRV_DEVICE_TYPE_RAWMIDI,
15252 - rmidi->card, rmidi->device,
15253 - &snd_rawmidi_f_ops, rmidi, &rmidi->dev);
15254 - if (err < 0) {
15255 - rmidi_err(rmidi, "unable to register\n");
15256 -+ mutex_lock(&register_mutex);
15257 - list_del(&rmidi->list);
15258 - mutex_unlock(&register_mutex);
15259 - return err;
15260 -@@ -1645,6 +1647,7 @@ static int snd_rawmidi_dev_register(struct snd_device *device)
15261 - if (rmidi->ops && rmidi->ops->dev_register &&
15262 - (err = rmidi->ops->dev_register(rmidi)) < 0) {
15263 - snd_unregister_device(&rmidi->dev);
15264 -+ mutex_lock(&register_mutex);
15265 - list_del(&rmidi->list);
15266 - mutex_unlock(&register_mutex);
15267 - return err;
15268 -@@ -1677,7 +1680,6 @@ static int snd_rawmidi_dev_register(struct snd_device *device)
15269 - }
15270 - }
15271 - #endif /* CONFIG_SND_OSSEMUL */
15272 -- mutex_unlock(&register_mutex);
15273 - sprintf(name, "midi%d", rmidi->device);
15274 - entry = snd_info_create_card_entry(rmidi->card, name, rmidi->card->proc_root);
15275 - if (entry) {
15276 -diff --git a/sound/core/timer.c b/sound/core/timer.c
15277 -index 9a6157e..fc144f4 100644
15278 ---- a/sound/core/timer.c
15279 -+++ b/sound/core/timer.c
15280 -@@ -35,6 +35,9 @@
15281 - #include <sound/initval.h>
15282 - #include <linux/kmod.h>
15283 -
15284 -+/* internal flags */
15285 -+#define SNDRV_TIMER_IFLG_PAUSED 0x00010000
15286 -+
15287 - #if IS_ENABLED(CONFIG_SND_HRTIMER)
15288 - #define DEFAULT_TIMER_LIMIT 4
15289 - #else
15290 -@@ -294,8 +297,21 @@ int snd_timer_open(struct snd_timer_instance **ti,
15291 - get_device(&timer->card->card_dev);
15292 - timeri->slave_class = tid->dev_sclass;
15293 - timeri->slave_id = slave_id;
15294 -- if (list_empty(&timer->open_list_head) && timer->hw.open)
15295 -- timer->hw.open(timer);
15296 -+
15297 -+ if (list_empty(&timer->open_list_head) && timer->hw.open) {
15298 -+ int err = timer->hw.open(timer);
15299 -+ if (err) {
15300 -+ kfree(timeri->owner);
15301 -+ kfree(timeri);
15302 -+
15303 -+ if (timer->card)
15304 -+ put_device(&timer->card->card_dev);
15305 -+ module_put(timer->module);
15306 -+ mutex_unlock(&register_mutex);
15307 -+ return err;
15308 -+ }
15309 -+ }
15310 -+
15311 - list_add_tail(&timeri->open_list, &timer->open_list_head);
15312 - snd_timer_check_master(timeri);
15313 - mutex_unlock(&register_mutex);
15314 -@@ -526,6 +542,10 @@ static int snd_timer_stop1(struct snd_timer_instance *timeri, bool stop)
15315 - }
15316 - }
15317 - timeri->flags &= ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
15318 -+ if (stop)
15319 -+ timeri->flags &= ~SNDRV_TIMER_IFLG_PAUSED;
15320 -+ else
15321 -+ timeri->flags |= SNDRV_TIMER_IFLG_PAUSED;
15322 - snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
15323 - SNDRV_TIMER_EVENT_CONTINUE);
15324 - unlock:
15325 -@@ -587,6 +607,10 @@ int snd_timer_stop(struct snd_timer_instance *timeri)
15326 - */
15327 - int snd_timer_continue(struct snd_timer_instance *timeri)
15328 - {
15329 -+ /* timer can continue only after pause */
15330 -+ if (!(timeri->flags & SNDRV_TIMER_IFLG_PAUSED))
15331 -+ return -EINVAL;
15332 -+
15333 - if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE)
15334 - return snd_timer_start_slave(timeri, false);
15335 - else
15336 -@@ -813,6 +837,7 @@ int snd_timer_new(struct snd_card *card, char *id, struct snd_timer_id *tid,
15337 - timer->tmr_subdevice = tid->subdevice;
15338 - if (id)
15339 - strlcpy(timer->id, id, sizeof(timer->id));
15340 -+ timer->sticks = 1;
15341 - INIT_LIST_HEAD(&timer->device_list);
15342 - INIT_LIST_HEAD(&timer->open_list_head);
15343 - INIT_LIST_HEAD(&timer->active_list_head);
15344 -@@ -1817,6 +1842,9 @@ static int snd_timer_user_continue(struct file *file)
15345 - tu = file->private_data;
15346 - if (!tu->timeri)
15347 - return -EBADFD;
15348 -+ /* start timer instead of continue if it's not used before */
15349 -+ if (!(tu->timeri->flags & SNDRV_TIMER_IFLG_PAUSED))
15350 -+ return snd_timer_user_start(file);
15351 - tu->timeri->lost = 0;
15352 - return (err = snd_timer_continue(tu->timeri)) < 0 ? err : 0;
15353 - }
15354 -@@ -1958,6 +1986,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
15355 - tu->qused--;
15356 - spin_unlock_irq(&tu->qlock);
15357 -
15358 -+ mutex_lock(&tu->ioctl_lock);
15359 - if (tu->tread) {
15360 - if (copy_to_user(buffer, &tu->tqueue[qhead],
15361 - sizeof(struct snd_timer_tread)))
15362 -@@ -1967,6 +1996,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
15363 - sizeof(struct snd_timer_read)))
15364 - err = -EFAULT;
15365 - }
15366 -+ mutex_unlock(&tu->ioctl_lock);
15367 -
15368 - spin_lock_irq(&tu->qlock);
15369 - if (err < 0)
15370 -diff --git a/sound/firewire/fireworks/fireworks.h b/sound/firewire/fireworks/fireworks.h
15371 -index 03ed352..d73c12b 100644
15372 ---- a/sound/firewire/fireworks/fireworks.h
15373 -+++ b/sound/firewire/fireworks/fireworks.h
15374 -@@ -108,7 +108,6 @@ struct snd_efw {
15375 - u8 *resp_buf;
15376 - u8 *pull_ptr;
15377 - u8 *push_ptr;
15378 -- unsigned int resp_queues;
15379 - };
15380 -
15381 - int snd_efw_transaction_cmd(struct fw_unit *unit,
15382 -diff --git a/sound/firewire/fireworks/fireworks_hwdep.c b/sound/firewire/fireworks/fireworks_hwdep.c
15383 -index 33df865..2e1d9a2 100644
15384 ---- a/sound/firewire/fireworks/fireworks_hwdep.c
15385 -+++ b/sound/firewire/fireworks/fireworks_hwdep.c
15386 -@@ -25,6 +25,7 @@ hwdep_read_resp_buf(struct snd_efw *efw, char __user *buf, long remained,
15387 - {
15388 - unsigned int length, till_end, type;
15389 - struct snd_efw_transaction *t;
15390 -+ u8 *pull_ptr;
15391 - long count = 0;
15392 -
15393 - if (remained < sizeof(type) + sizeof(struct snd_efw_transaction))
15394 -@@ -38,8 +39,17 @@ hwdep_read_resp_buf(struct snd_efw *efw, char __user *buf, long remained,
15395 - buf += sizeof(type);
15396 -
15397 - /* write into buffer as many responses as possible */
15398 -- while (efw->resp_queues > 0) {
15399 -- t = (struct snd_efw_transaction *)(efw->pull_ptr);
15400 -+ spin_lock_irq(&efw->lock);
15401 -+
15402 -+ /*
15403 -+ * When another task reaches here during this task's access to user
15404 -+ * space, it picks up current position in buffer and can read the same
15405 -+ * series of responses.
15406 -+ */
15407 -+ pull_ptr = efw->pull_ptr;
15408 -+
15409 -+ while (efw->push_ptr != pull_ptr) {
15410 -+ t = (struct snd_efw_transaction *)(pull_ptr);
15411 - length = be32_to_cpu(t->length) * sizeof(__be32);
15412 -
15413 - /* confirm enough space for this response */
15414 -@@ -49,26 +59,39 @@ hwdep_read_resp_buf(struct snd_efw *efw, char __user *buf, long remained,
15415 - /* copy from ring buffer to user buffer */
15416 - while (length > 0) {
15417 - till_end = snd_efw_resp_buf_size -
15418 -- (unsigned int)(efw->pull_ptr - efw->resp_buf);
15419 -+ (unsigned int)(pull_ptr - efw->resp_buf);
15420 - till_end = min_t(unsigned int, length, till_end);
15421 -
15422 -- if (copy_to_user(buf, efw->pull_ptr, till_end))
15423 -+ spin_unlock_irq(&efw->lock);
15424 -+
15425 -+ if (copy_to_user(buf, pull_ptr, till_end))
15426 - return -EFAULT;
15427 -
15428 -- efw->pull_ptr += till_end;
15429 -- if (efw->pull_ptr >= efw->resp_buf +
15430 -- snd_efw_resp_buf_size)
15431 -- efw->pull_ptr -= snd_efw_resp_buf_size;
15432 -+ spin_lock_irq(&efw->lock);
15433 -+
15434 -+ pull_ptr += till_end;
15435 -+ if (pull_ptr >= efw->resp_buf + snd_efw_resp_buf_size)
15436 -+ pull_ptr -= snd_efw_resp_buf_size;
15437 -
15438 - length -= till_end;
15439 - buf += till_end;
15440 - count += till_end;
15441 - remained -= till_end;
15442 - }
15443 --
15444 -- efw->resp_queues--;
15445 - }
15446 -
15447 -+ /*
15448 -+ * All of tasks can read from the buffer nearly simultaneously, but the
15449 -+ * last position for each task is different depending on the length of
15450 -+ * given buffer. Here, for simplicity, a position of buffer is set by
15451 -+ * the latest task. It's better for a listening application to allow one
15452 -+ * thread to read from the buffer. Unless, each task can read different
15453 -+ * sequence of responses depending on variation of buffer length.
15454 -+ */
15455 -+ efw->pull_ptr = pull_ptr;
15456 -+
15457 -+ spin_unlock_irq(&efw->lock);
15458 -+
15459 - return count;
15460 - }
15461 -
15462 -@@ -76,14 +99,17 @@ static long
15463 - hwdep_read_locked(struct snd_efw *efw, char __user *buf, long count,
15464 - loff_t *offset)
15465 - {
15466 -- union snd_firewire_event event;
15467 -+ union snd_firewire_event event = {
15468 -+ .lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS,
15469 -+ };
15470 -
15471 -- memset(&event, 0, sizeof(event));
15472 -+ spin_lock_irq(&efw->lock);
15473 -
15474 -- event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;
15475 - event.lock_status.status = (efw->dev_lock_count > 0);
15476 - efw->dev_lock_changed = false;
15477 -
15478 -+ spin_unlock_irq(&efw->lock);
15479 -+
15480 - count = min_t(long, count, sizeof(event.lock_status));
15481 -
15482 - if (copy_to_user(buf, &event, count))
15483 -@@ -98,10 +124,15 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count,
15484 - {
15485 - struct snd_efw *efw = hwdep->private_data;
15486 - DEFINE_WAIT(wait);
15487 -+ bool dev_lock_changed;
15488 -+ bool queued;
15489 -
15490 - spin_lock_irq(&efw->lock);
15491 -
15492 -- while ((!efw->dev_lock_changed) && (efw->resp_queues == 0)) {
15493 -+ dev_lock_changed = efw->dev_lock_changed;
15494 -+ queued = efw->push_ptr != efw->pull_ptr;
15495 -+
15496 -+ while (!dev_lock_changed && !queued) {
15497 - prepare_to_wait(&efw->hwdep_wait, &wait, TASK_INTERRUPTIBLE);
15498 - spin_unlock_irq(&efw->lock);
15499 - schedule();
15500 -@@ -109,15 +140,17 @@ hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count,
15501 - if (signal_pending(current))
15502 - return -ERESTARTSYS;
15503 - spin_lock_irq(&efw->lock);
15504 -+ dev_lock_changed = efw->dev_lock_changed;
15505 -+ queued = efw->push_ptr != efw->pull_ptr;
15506 - }
15507 -
15508 -- if (efw->dev_lock_changed)
15509 -+ spin_unlock_irq(&efw->lock);
15510 -+
15511 -+ if (dev_lock_changed)
15512 - count = hwdep_read_locked(efw, buf, count, offset);
15513 -- else if (efw->resp_queues > 0)
15514 -+ else if (queued)
15515 - count = hwdep_read_resp_buf(efw, buf, count, offset);
15516 -
15517 -- spin_unlock_irq(&efw->lock);
15518 --
15519 - return count;
15520 - }
15521 -
15522 -@@ -160,7 +193,7 @@ hwdep_poll(struct snd_hwdep *hwdep, struct file *file, poll_table *wait)
15523 - poll_wait(file, &efw->hwdep_wait, wait);
15524 -
15525 - spin_lock_irq(&efw->lock);
15526 -- if (efw->dev_lock_changed || (efw->resp_queues > 0))
15527 -+ if (efw->dev_lock_changed || efw->pull_ptr != efw->push_ptr)
15528 - events = POLLIN | POLLRDNORM;
15529 - else
15530 - events = 0;
15531 -diff --git a/sound/firewire/fireworks/fireworks_proc.c b/sound/firewire/fireworks/fireworks_proc.c
15532 -index 0639dcb..beb0a0f 100644
15533 ---- a/sound/firewire/fireworks/fireworks_proc.c
15534 -+++ b/sound/firewire/fireworks/fireworks_proc.c
15535 -@@ -188,8 +188,8 @@ proc_read_queues_state(struct snd_info_entry *entry,
15536 - else
15537 - consumed = (unsigned int)(efw->push_ptr - efw->pull_ptr);
15538 -
15539 -- snd_iprintf(buffer, "%d %d/%d\n",
15540 -- efw->resp_queues, consumed, snd_efw_resp_buf_size);
15541 -+ snd_iprintf(buffer, "%d/%d\n",
15542 -+ consumed, snd_efw_resp_buf_size);
15543 - }
15544 -
15545 - static void
15546 -diff --git a/sound/firewire/fireworks/fireworks_transaction.c b/sound/firewire/fireworks/fireworks_transaction.c
15547 -index f550808..36a08ba 100644
15548 ---- a/sound/firewire/fireworks/fireworks_transaction.c
15549 -+++ b/sound/firewire/fireworks/fireworks_transaction.c
15550 -@@ -121,11 +121,11 @@ copy_resp_to_buf(struct snd_efw *efw, void *data, size_t length, int *rcode)
15551 - size_t capacity, till_end;
15552 - struct snd_efw_transaction *t;
15553 -
15554 -- spin_lock_irq(&efw->lock);
15555 --
15556 - t = (struct snd_efw_transaction *)data;
15557 - length = min_t(size_t, be32_to_cpu(t->length) * sizeof(u32), length);
15558 -
15559 -+ spin_lock_irq(&efw->lock);
15560 -+
15561 - if (efw->push_ptr < efw->pull_ptr)
15562 - capacity = (unsigned int)(efw->pull_ptr - efw->push_ptr);
15563 - else
15564 -@@ -155,7 +155,6 @@ copy_resp_to_buf(struct snd_efw *efw, void *data, size_t length, int *rcode)
15565 - }
15566 -
15567 - /* for hwdep */
15568 -- efw->resp_queues++;
15569 - wake_up(&efw->hwdep_wait);
15570 -
15571 - *rcode = RCODE_COMPLETE;
15572 -diff --git a/sound/firewire/tascam/tascam-hwdep.c b/sound/firewire/tascam/tascam-hwdep.c
15573 -index 131267c..106406c 100644
15574 ---- a/sound/firewire/tascam/tascam-hwdep.c
15575 -+++ b/sound/firewire/tascam/tascam-hwdep.c
15576 -@@ -16,31 +16,14 @@
15577 -
15578 - #include "tascam.h"
15579 -
15580 --static long hwdep_read_locked(struct snd_tscm *tscm, char __user *buf,
15581 -- long count)
15582 --{
15583 -- union snd_firewire_event event;
15584 --
15585 -- memset(&event, 0, sizeof(event));
15586 --
15587 -- event.lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS;
15588 -- event.lock_status.status = (tscm->dev_lock_count > 0);
15589 -- tscm->dev_lock_changed = false;
15590 --
15591 -- count = min_t(long, count, sizeof(event.lock_status));
15592 --
15593 -- if (copy_to_user(buf, &event, count))
15594 -- return -EFAULT;
15595 --
15596 -- return count;
15597 --}
15598 --
15599 - static long hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count,
15600 - loff_t *offset)
15601 - {
15602 - struct snd_tscm *tscm = hwdep->private_data;
15603 - DEFINE_WAIT(wait);
15604 -- union snd_firewire_event event;
15605 -+ union snd_firewire_event event = {
15606 -+ .lock_status.type = SNDRV_FIREWIRE_EVENT_LOCK_STATUS,
15607 -+ };
15608 -
15609 - spin_lock_irq(&tscm->lock);
15610 -
15611 -@@ -54,10 +37,16 @@ static long hwdep_read(struct snd_hwdep *hwdep, char __user *buf, long count,
15612 - spin_lock_irq(&tscm->lock);
15613 - }
15614 -
15615 -- memset(&event, 0, sizeof(event));
15616 -- count = hwdep_read_locked(tscm, buf, count);
15617 -+ event.lock_status.status = (tscm->dev_lock_count > 0);
15618 -+ tscm->dev_lock_changed = false;
15619 -+
15620 - spin_unlock_irq(&tscm->lock);
15621 -
15622 -+ count = min_t(long, count, sizeof(event.lock_status));
15623 -+
15624 -+ if (copy_to_user(buf, &event, count))
15625 -+ return -EFAULT;
15626 -+
15627 - return count;
15628 - }
15629 -
15630 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
15631 -index f25479b..eaee626 100644
15632 ---- a/sound/pci/hda/patch_realtek.c
15633 -+++ b/sound/pci/hda/patch_realtek.c
15634 -@@ -4840,6 +4840,7 @@ enum {
15635 - ALC221_FIXUP_HP_FRONT_MIC,
15636 - ALC292_FIXUP_TPT460,
15637 - ALC298_FIXUP_SPK_VOLUME,
15638 -+ ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER,
15639 - };
15640 -
15641 - static const struct hda_fixup alc269_fixups[] = {
15642 -@@ -5501,6 +5502,15 @@ static const struct hda_fixup alc269_fixups[] = {
15643 - .chained = true,
15644 - .chain_id = ALC298_FIXUP_DELL1_MIC_NO_PRESENCE,
15645 - },
15646 -+ [ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER] = {
15647 -+ .type = HDA_FIXUP_PINS,
15648 -+ .v.pins = (const struct hda_pintbl[]) {
15649 -+ { 0x1b, 0x90170151 },
15650 -+ { }
15651 -+ },
15652 -+ .chained = true,
15653 -+ .chain_id = ALC255_FIXUP_DELL1_MIC_NO_PRESENCE
15654 -+ },
15655 - };
15656 -
15657 - static const struct snd_pci_quirk alc269_fixup_tbl[] = {
15658 -@@ -5545,6 +5555,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
15659 - SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
15660 - SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK),
15661 - SND_PCI_QUIRK(0x1028, 0x0704, "Dell XPS 13 9350", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
15662 -+ SND_PCI_QUIRK(0x1028, 0x0706, "Dell Inspiron 7559", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER),
15663 - SND_PCI_QUIRK(0x1028, 0x0725, "Dell Inspiron 3162", ALC255_FIXUP_DELL_SPK_NOISE),
15664 - SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE),
15665 - SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME),
15666 -@@ -5879,6 +5890,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
15667 - {0x12, 0x90a60170},
15668 - {0x14, 0x90170120},
15669 - {0x21, 0x02211030}),
15670 -+ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell Inspiron 5468", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
15671 -+ {0x12, 0x90a60180},
15672 -+ {0x14, 0x90170120},
15673 -+ {0x21, 0x02211030}),
15674 - SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
15675 - ALC256_STANDARD_PINS),
15676 - SND_HDA_PIN_QUIRK(0x10ec0280, 0x103c, "HP", ALC280_FIXUP_HP_GPIO4,
15677 -diff --git a/sound/soc/atmel/atmel_ssc_dai.c b/sound/soc/atmel/atmel_ssc_dai.c
15678 -index 1267e1a..633d54ca 100644
15679 ---- a/sound/soc/atmel/atmel_ssc_dai.c
15680 -+++ b/sound/soc/atmel/atmel_ssc_dai.c
15681 -@@ -299,8 +299,9 @@ static int atmel_ssc_startup(struct snd_pcm_substream *substream,
15682 - clk_enable(ssc_p->ssc->clk);
15683 - ssc_p->mck_rate = clk_get_rate(ssc_p->ssc->clk);
15684 -
15685 -- /* Reset the SSC to keep it at a clean status */
15686 -- ssc_writel(ssc_p->ssc->regs, CR, SSC_BIT(CR_SWRST));
15687 -+ /* Reset the SSC unless initialized to keep it in a clean state */
15688 -+ if (!ssc_p->initialized)
15689 -+ ssc_writel(ssc_p->ssc->regs, CR, SSC_BIT(CR_SWRST));
15690 -
15691 - if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
15692 - dir = 0;
15693 -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
15694 -index 6cf1f35..152292e 100644
15695 ---- a/sound/usb/quirks.c
15696 -+++ b/sound/usb/quirks.c
15697 -@@ -1141,6 +1141,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
15698 - case USB_ID(0x0556, 0x0014): /* Phoenix Audio TMX320VC */
15699 - case USB_ID(0x05A3, 0x9420): /* ELP HD USB Camera */
15700 - case USB_ID(0x074D, 0x3553): /* Outlaw RR2150 (Micronas UAC3553B) */
15701 -+ case USB_ID(0x1901, 0x0191): /* GE B850V3 CP2114 audio interface */
15702 - case USB_ID(0x1de7, 0x0013): /* Phoenix Audio MT202exe */
15703 - case USB_ID(0x1de7, 0x0014): /* Phoenix Audio TMX320 */
15704 - case USB_ID(0x1de7, 0x0114): /* Phoenix Audio MT202pcs */
15705
15706 diff --git a/4.7.4/0000_README b/4.7.5/0000_README
15707 similarity index 81%
15708 rename from 4.7.4/0000_README
15709 rename to 4.7.5/0000_README
15710 index a9515bb..9104194 100644
15711 --- a/4.7.4/0000_README
15712 +++ b/4.7.5/0000_README
15713 @@ -2,23 +2,7 @@ README
15714 -----------------------------------------------------------------------------
15715 Individual Patch Descriptions:
15716 -----------------------------------------------------------------------------
15717 -Patch: 1000_linux-4.7.1.patch
15718 -From: http://www.kernel.org
15719 -Desc: Linux 4.7.1
15720 -
15721 -Patch: 1001_linux-4.7.2.patch
15722 -From: http://www.kernel.org
15723 -Desc: Linux 4.7.2
15724 -
15725 -Patch: 1002_linux-4.7.3.patch
15726 -From: http://www.kernel.org
15727 -Desc: Linux 4.7.3
15728 -
15729 -Patch: 1003_linux-4.7.4.patch
15730 -From: http://www.kernel.org
15731 -Desc: Linux 4.7.4
15732 -
15733 -Patch: 4420_grsecurity-3.1-4.7.4-201609211951.patch
15734 +Patch: 4420_grsecurity-3.1-4.7.5-201609261522.patch
15735 From: http://www.grsecurity.net
15736 Desc: hardened-sources base patch from upstream grsecurity
15737
15738
15739 diff --git a/4.7.4/4420_grsecurity-3.1-4.7.4-201609211951.patch b/4.7.5/4420_grsecurity-3.1-4.7.5-201609261522.patch
15740 similarity index 99%
15741 rename from 4.7.4/4420_grsecurity-3.1-4.7.4-201609211951.patch
15742 rename to 4.7.5/4420_grsecurity-3.1-4.7.5-201609261522.patch
15743 index 5bddf8c..9169f89 100644
15744 --- a/4.7.4/4420_grsecurity-3.1-4.7.4-201609211951.patch
15745 +++ b/4.7.5/4420_grsecurity-3.1-4.7.5-201609261522.patch
15746 @@ -420,7 +420,7 @@ index a3683ce..5ec8bf4 100644
15747
15748 A toggle value indicating if modules are allowed to be loaded
15749 diff --git a/Makefile b/Makefile
15750 -index ec3bd11..35d4d88 100644
15751 +index dd755d19..b480d63 100644
15752 --- a/Makefile
15753 +++ b/Makefile
15754 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
15755 @@ -3219,7 +3219,7 @@ index e2c6da0..6155a88 100644
15756 . = ALIGN(1<<SECTION_SHIFT);
15757 #else
15758 diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
15759 -index f1bde7c..6dc92ba 100644
15760 +index 4e1b22a..10ef049 100644
15761 --- a/arch/arm/kvm/arm.c
15762 +++ b/arch/arm/kvm/arm.c
15763 @@ -58,7 +58,7 @@ static unsigned long hyp_default_vectors;
15764 @@ -3231,7 +3231,7 @@ index f1bde7c..6dc92ba 100644
15765 static u32 kvm_next_vmid;
15766 static unsigned int kvm_vmid_bits __read_mostly;
15767 static DEFINE_SPINLOCK(kvm_vmid_lock);
15768 -@@ -389,7 +389,7 @@ void force_vm_exit(const cpumask_t *mask)
15769 +@@ -387,7 +387,7 @@ void force_vm_exit(const cpumask_t *mask)
15770 */
15771 static bool need_new_vmid_gen(struct kvm *kvm)
15772 {
15773 @@ -3240,7 +3240,7 @@ index f1bde7c..6dc92ba 100644
15774 }
15775
15776 /**
15777 -@@ -422,7 +422,7 @@ static void update_vttbr(struct kvm *kvm)
15778 +@@ -420,7 +420,7 @@ static void update_vttbr(struct kvm *kvm)
15779
15780 /* First user of a new VMID generation? */
15781 if (unlikely(kvm_next_vmid == 0)) {
15782 @@ -3249,7 +3249,7 @@ index f1bde7c..6dc92ba 100644
15783 kvm_next_vmid = 1;
15784
15785 /*
15786 -@@ -439,7 +439,7 @@ static void update_vttbr(struct kvm *kvm)
15787 +@@ -437,7 +437,7 @@ static void update_vttbr(struct kvm *kvm)
15788 kvm_call_hyp(__kvm_flush_vm_context);
15789 }
15790
15791 @@ -5435,7 +5435,7 @@ index 45698cd..e8e2dbc 100644
15792
15793 static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
15794 diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
15795 -index 2189d5d..420134b 100644
15796 +index ebcd8a1..dfa2f7a 100644
15797 --- a/arch/ia64/include/asm/uaccess.h
15798 +++ b/arch/ia64/include/asm/uaccess.h
15799 @@ -70,6 +70,7 @@
15800 @@ -5471,7 +5471,7 @@ index 2189d5d..420134b 100644
15801 return __copy_user((__force void __user *) to, from, count);
15802 }
15803
15804 -@@ -256,10 +269,13 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
15805 +@@ -256,19 +269,22 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
15806 ({ \
15807 void __user *__cu_to = (to); \
15808 const void *__cu_from = (from); \
15809 @@ -5480,30 +5480,42 @@ index 2189d5d..420134b 100644
15810 \
15811 - if (__access_ok(__cu_to, __cu_len, get_fs())) \
15812 + if (__cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) { \
15813 -+ if (!__builtin_constant_p(n)) \
15814 -+ check_object_size(__cu_from, __cu_len, true); \
15815 ++ check_object_size(__cu_from, __cu_len, true); \
15816 __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
15817 + } \
15818 __cu_len; \
15819 })
15820
15821 -@@ -267,11 +283,14 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
15822 - ({ \
15823 - void *__cu_to = (to); \
15824 - const void __user *__cu_from = (from); \
15825 -- long __cu_len = (n); \
15826 -+ unsigned long __cu_len = (n); \
15827 - \
15828 - __chk_user_ptr(__cu_from); \
15829 -- if (__access_ok(__cu_from, __cu_len, get_fs())) \
15830 -+ if (__cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) { \
15831 -+ if (!__builtin_constant_p(n)) \
15832 -+ check_object_size(__cu_to, __cu_len, false); \
15833 - __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \
15834 -+ } \
15835 - __cu_len; \
15836 + static inline unsigned long
15837 + copy_from_user(void *to, const void __user *from, unsigned long n)
15838 + {
15839 +- if (likely(__access_ok(from, n, get_fs())))
15840 +- n = __copy_user((__force void __user *) to, from, n);
15841 +- else
15842 ++ if (likely(__access_ok(from, n, get_fs()))) {
15843 ++ check_object_size(to, n, false);
15844 ++ n = __copy_user((void __force_user *) to, from, n);
15845 ++ } else if ((long)n > 0)
15846 + memset(to, 0, n);
15847 + return n;
15848 + }
15849 +@@ -339,11 +355,13 @@ extern unsigned long __strnlen_user (const char __user *, long);
15850 + __su_ret; \
15851 })
15852
15853 +-#define ARCH_HAS_RELATIVE_EXTABLE
15854 ++/* Generic code can't deal with the location-relative format that we use for compactness. */
15855 ++#define ARCH_HAS_SORT_EXTABLE
15856 ++#define ARCH_HAS_SEARCH_EXTABLE
15857 +
15858 + struct exception_table_entry {
15859 +- int insn; /* location-relative address of insn this fixup is for */
15860 +- int fixup; /* location-relative continuation addr.; if bit 2 is set, r9 is set to 0 */
15861 ++ int addr; /* location-relative address of insn this fixup is for */
15862 ++ int cont; /* location-relative continuation addr.; if bit 2 is set, r9 is set to 0 */
15863 + };
15864 +
15865 + extern void ia64_handle_exception (struct pt_regs *regs, const struct exception_table_entry *e);
15866 diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
15867 index 6ab0ae7..88f1b60 100644
15868 --- a/arch/ia64/kernel/module.c
15869 @@ -6711,10 +6723,10 @@ index e309d8f..20eefec 100644
15870 /*
15871 * We stash processor id into a COP0 register to retrieve it fast
15872 diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
15873 -index 7f109d4..40b1195 100644
15874 +index b6e20f3..afabc54 100644
15875 --- a/arch/mips/include/asm/uaccess.h
15876 +++ b/arch/mips/include/asm/uaccess.h
15877 -@@ -146,6 +146,7 @@ static inline bool eva_kernel_access(void)
15878 +@@ -147,6 +147,7 @@ static inline bool eva_kernel_access(void)
15879 __ok == 0; \
15880 })
15881
15882 @@ -7469,22 +7481,217 @@ index 291cee2..2ac33db 100644
15883 #define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC)
15884 #define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX)
15885 diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
15886 -index 0f59fd9..c502784 100644
15887 +index 37a1bee..a3916f9 100644
15888 --- a/arch/parisc/include/asm/uaccess.h
15889 +++ b/arch/parisc/include/asm/uaccess.h
15890 -@@ -220,10 +220,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
15891 +@@ -41,29 +41,34 @@ static inline long access_ok(int type, const void __user * addr,
15892 + #define get_user __get_user
15893 +
15894 + #if !defined(CONFIG_64BIT)
15895 +-#define LDD_USER(ptr) __get_user_asm64(ptr)
15896 ++#define LDD_KERNEL(ptr) BUILD_BUG()
15897 ++#define LDD_USER(ptr) BUILD_BUG()
15898 ++#define STD_KERNEL(x, ptr) __put_kernel_asm64(x, ptr)
15899 + #define STD_USER(x, ptr) __put_user_asm64(x, ptr)
15900 ++#define ASM_WORD_INSN ".word\t"
15901 + #else
15902 ++#define LDD_KERNEL(ptr) __get_kernel_asm("ldd", ptr)
15903 + #define LDD_USER(ptr) __get_user_asm("ldd", ptr)
15904 ++#define STD_KERNEL(x, ptr) __put_kernel_asm("std", x, ptr)
15905 + #define STD_USER(x, ptr) __put_user_asm("std", x, ptr)
15906 ++#define ASM_WORD_INSN ".dword\t"
15907 + #endif
15908 +
15909 + /*
15910 +- * The exception table contains two values: the first is the relative offset to
15911 +- * the address of the instruction that is allowed to fault, and the second is
15912 +- * the relative offset to the address of the fixup routine. Since relative
15913 +- * addresses are used, 32bit values are sufficient even on 64bit kernel.
15914 ++ * The exception table contains two values: the first is an address
15915 ++ * for an instruction that is allowed to fault, and the second is
15916 ++ * the address to the fixup routine. Even on a 64bit kernel we could
15917 ++ * use a 32bit (unsigned int) address here.
15918 + */
15919 +
15920 +-#define ARCH_HAS_RELATIVE_EXTABLE
15921 + struct exception_table_entry {
15922 +- int insn; /* relative address of insn that is allowed to fault. */
15923 +- int fixup; /* relative address of fixup routine */
15924 ++ unsigned long insn; /* address of insn that is allowed to fault. */
15925 ++ unsigned long fixup; /* fixup routine */
15926 + };
15927 +
15928 + #define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr )\
15929 + ".section __ex_table,\"aw\"\n" \
15930 +- ".word (" #fault_addr " - .), (" #except_addr " - .)\n\t" \
15931 ++ ASM_WORD_INSN #fault_addr ", " #except_addr "\n\t" \
15932 + ".previous\n"
15933 +
15934 + /*
15935 +@@ -77,70 +82,70 @@ struct exception_data {
15936 + unsigned long fault_addr;
15937 + };
15938 +
15939 +-/*
15940 +- * load_sr2() preloads the space register %%sr2 - based on the value of
15941 +- * get_fs() - with either a value of 0 to access kernel space (KERNEL_DS which
15942 +- * is 0), or with the current value of %%sr3 to access user space (USER_DS)
15943 +- * memory. The following __get_user_asm() and __put_user_asm() functions have
15944 +- * %%sr2 hard-coded to access the requested memory.
15945 +- */
15946 +-#define load_sr2() \
15947 +- __asm__(" or,= %0,%%r0,%%r0\n\t" \
15948 +- " mfsp %%sr3,%0\n\t" \
15949 +- " mtsp %0,%%sr2\n\t" \
15950 +- : : "r"(get_fs()) : )
15951 +-
15952 + #define __get_user(x, ptr) \
15953 + ({ \
15954 + register long __gu_err __asm__ ("r8") = 0; \
15955 + register long __gu_val __asm__ ("r9") = 0; \
15956 + \
15957 +- load_sr2(); \
15958 +- switch (sizeof(*(ptr))) { \
15959 ++ if (segment_eq(get_fs(), KERNEL_DS)) { \
15960 ++ switch (sizeof(*(ptr))) { \
15961 ++ case 1: __get_kernel_asm("ldb", ptr); break; \
15962 ++ case 2: __get_kernel_asm("ldh", ptr); break; \
15963 ++ case 4: __get_kernel_asm("ldw", ptr); break; \
15964 ++ case 8: LDD_KERNEL(ptr); break; \
15965 ++ default: BUILD_BUG(); break; \
15966 ++ } \
15967 ++ } \
15968 ++ else { \
15969 ++ switch (sizeof(*(ptr))) { \
15970 + case 1: __get_user_asm("ldb", ptr); break; \
15971 + case 2: __get_user_asm("ldh", ptr); break; \
15972 + case 4: __get_user_asm("ldw", ptr); break; \
15973 + case 8: LDD_USER(ptr); break; \
15974 + default: BUILD_BUG(); break; \
15975 ++ } \
15976 + } \
15977 + \
15978 + (x) = (__force __typeof__(*(ptr))) __gu_val; \
15979 + __gu_err; \
15980 + })
15981 +
15982 ++#define __get_kernel_asm(ldx, ptr) \
15983 ++ __asm__("\n1:\t" ldx "\t0(%2),%0\n\t" \
15984 ++ ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_1)\
15985 ++ : "=r"(__gu_val), "=r"(__gu_err) \
15986 ++ : "r"(ptr), "1"(__gu_err) \
15987 ++ : "r1");
15988 ++
15989 + #define __get_user_asm(ldx, ptr) \
15990 +- __asm__("\n1:\t" ldx "\t0(%%sr2,%2),%0\n\t" \
15991 ++ __asm__("\n1:\t" ldx "\t0(%%sr3,%2),%0\n\t" \
15992 + ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_1)\
15993 + : "=r"(__gu_val), "=r"(__gu_err) \
15994 + : "r"(ptr), "1"(__gu_err) \
15995 + : "r1");
15996 +
15997 +-#if !defined(CONFIG_64BIT)
15998 +-
15999 +-#define __get_user_asm64(ptr) \
16000 +- __asm__("\n1:\tldw 0(%%sr2,%2),%0" \
16001 +- "\n2:\tldw 4(%%sr2,%2),%R0\n\t" \
16002 +- ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_2)\
16003 +- ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_get_user_skip_1)\
16004 +- : "=r"(__gu_val), "=r"(__gu_err) \
16005 +- : "r"(ptr), "1"(__gu_err) \
16006 +- : "r1");
16007 +-
16008 +-#endif /* !defined(CONFIG_64BIT) */
16009 +-
16010 +-
16011 + #define __put_user(x, ptr) \
16012 + ({ \
16013 + register long __pu_err __asm__ ("r8") = 0; \
16014 + __typeof__(*(ptr)) __x = (__typeof__(*(ptr)))(x); \
16015 + \
16016 +- load_sr2(); \
16017 +- switch (sizeof(*(ptr))) { \
16018 ++ if (segment_eq(get_fs(), KERNEL_DS)) { \
16019 ++ switch (sizeof(*(ptr))) { \
16020 ++ case 1: __put_kernel_asm("stb", __x, ptr); break; \
16021 ++ case 2: __put_kernel_asm("sth", __x, ptr); break; \
16022 ++ case 4: __put_kernel_asm("stw", __x, ptr); break; \
16023 ++ case 8: STD_KERNEL(__x, ptr); break; \
16024 ++ default: BUILD_BUG(); break; \
16025 ++ } \
16026 ++ } \
16027 ++ else { \
16028 ++ switch (sizeof(*(ptr))) { \
16029 + case 1: __put_user_asm("stb", __x, ptr); break; \
16030 + case 2: __put_user_asm("sth", __x, ptr); break; \
16031 + case 4: __put_user_asm("stw", __x, ptr); break; \
16032 + case 8: STD_USER(__x, ptr); break; \
16033 + default: BUILD_BUG(); break; \
16034 ++ } \
16035 + } \
16036 + \
16037 + __pu_err; \
16038 +@@ -156,9 +161,17 @@ struct exception_data {
16039 + * r8/r9 are already listed as err/val.
16040 + */
16041 +
16042 ++#define __put_kernel_asm(stx, x, ptr) \
16043 ++ __asm__ __volatile__ ( \
16044 ++ "\n1:\t" stx "\t%2,0(%1)\n\t" \
16045 ++ ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_1)\
16046 ++ : "=r"(__pu_err) \
16047 ++ : "r"(ptr), "r"(x), "0"(__pu_err) \
16048 ++ : "r1")
16049 ++
16050 + #define __put_user_asm(stx, x, ptr) \
16051 + __asm__ __volatile__ ( \
16052 +- "\n1:\t" stx "\t%2,0(%%sr2,%1)\n\t" \
16053 ++ "\n1:\t" stx "\t%2,0(%%sr3,%1)\n\t" \
16054 + ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_1)\
16055 + : "=r"(__pu_err) \
16056 + : "r"(ptr), "r"(x), "0"(__pu_err) \
16057 +@@ -167,10 +180,21 @@ struct exception_data {
16058 +
16059 + #if !defined(CONFIG_64BIT)
16060 +
16061 ++#define __put_kernel_asm64(__val, ptr) do { \
16062 ++ __asm__ __volatile__ ( \
16063 ++ "\n1:\tstw %2,0(%1)" \
16064 ++ "\n2:\tstw %R2,4(%1)\n\t" \
16065 ++ ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_2)\
16066 ++ ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_put_user_skip_1)\
16067 ++ : "=r"(__pu_err) \
16068 ++ : "r"(ptr), "r"(__val), "0"(__pu_err) \
16069 ++ : "r1"); \
16070 ++} while (0)
16071 ++
16072 + #define __put_user_asm64(__val, ptr) do { \
16073 + __asm__ __volatile__ ( \
16074 +- "\n1:\tstw %2,0(%%sr2,%1)" \
16075 +- "\n2:\tstw %R2,4(%%sr2,%1)\n\t" \
16076 ++ "\n1:\tstw %2,0(%%sr3,%1)" \
16077 ++ "\n2:\tstw %R2,4(%%sr3,%1)\n\t" \
16078 + ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_2)\
16079 + ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_put_user_skip_1)\
16080 + : "=r"(__pu_err) \
16081 +@@ -221,14 +245,14 @@ static inline unsigned long __must_check copy_from_user(void *to,
16082 const void __user *from,
16083 unsigned long n)
16084 {
16085 - int sz = __compiletime_object_size(to);
16086 + size_t sz = __compiletime_object_size(to);
16087 - int ret = -EFAULT;
16088 + unsigned long ret = n;
16089
16090 - if (likely(sz == -1 || !__builtin_constant_p(n) || sz >= n))
16091 + if (likely(sz == (size_t)-1 || !__builtin_constant_p(n) || sz >= n))
16092 ret = __copy_from_user(to, from, n);
16093 else
16094 copy_from_user_overflow();
16095 +- if (unlikely(ret))
16096 ++ if (unlikely(ret && (long)ret > 0))
16097 + memset(to + (n - ret), 0, ret);
16098 + return ret;
16099 + }
16100 diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
16101 index a0ecdb4a..71d2069 100644
16102 --- a/arch/parisc/kernel/module.c
16103 @@ -8884,7 +9091,7 @@ index 8febc3f..a4614f3 100644
16104 #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
16105 _TIF_NOTIFY_RESUME | _TIF_UPROBE | \
16106 diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
16107 -index b7c20f0..4adc0f1 100644
16108 +index 43888c8..e231600 100644
16109 --- a/arch/powerpc/include/asm/uaccess.h
16110 +++ b/arch/powerpc/include/asm/uaccess.h
16111 @@ -58,6 +58,7 @@
16112 @@ -8895,7 +9102,29 @@ index b7c20f0..4adc0f1 100644
16113 #define access_ok(type, addr, size) \
16114 (__chk_user_ptr(addr), \
16115 __access_ok((__force unsigned long)(addr), (size), get_fs()))
16116 -@@ -303,52 +304,6 @@ do { \
16117 +@@ -274,6 +275,21 @@ do { \
16118 + __gu_err; \
16119 + })
16120 +
16121 ++#ifndef __powerpc64__
16122 ++#define __get_user64_nocheck(x, ptr, size) \
16123 ++({ \
16124 ++ long __gu_err; \
16125 ++ long long __gu_val; \
16126 ++ __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
16127 ++ __chk_user_ptr(ptr); \
16128 ++ if (!is_kernel_addr((unsigned long)__gu_addr)) \
16129 ++ might_fault(); \
16130 ++ __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
16131 ++ (x) = (__force __typeof__(*(ptr)))__gu_val; \
16132 ++ __gu_err; \
16133 ++})
16134 ++#endif /* __powerpc64__ */
16135 ++
16136 + #define __get_user_check(x, ptr, size) \
16137 + ({ \
16138 + long __gu_err = -EFAULT; \
16139 +@@ -303,39 +319,6 @@ do { \
16140 extern unsigned long __copy_tofrom_user(void __user *to,
16141 const void __user *from, unsigned long size);
16142
16143 @@ -8904,30 +9133,17 @@ index b7c20f0..4adc0f1 100644
16144 -static inline unsigned long copy_from_user(void *to,
16145 - const void __user *from, unsigned long n)
16146 -{
16147 -- unsigned long over;
16148 --
16149 -- if (access_ok(VERIFY_READ, from, n))
16150 +- if (likely(access_ok(VERIFY_READ, from, n)))
16151 - return __copy_tofrom_user((__force void __user *)to, from, n);
16152 -- if ((unsigned long)from < TASK_SIZE) {
16153 -- over = (unsigned long)from + n - TASK_SIZE;
16154 -- return __copy_tofrom_user((__force void __user *)to, from,
16155 -- n - over) + over;
16156 -- }
16157 +- memset(to, 0, n);
16158 - return n;
16159 -}
16160 -
16161 -static inline unsigned long copy_to_user(void __user *to,
16162 - const void *from, unsigned long n)
16163 -{
16164 -- unsigned long over;
16165 --
16166 - if (access_ok(VERIFY_WRITE, to, n))
16167 - return __copy_tofrom_user(to, (__force void __user *)from, n);
16168 -- if ((unsigned long)to < TASK_SIZE) {
16169 -- over = (unsigned long)to + n - TASK_SIZE;
16170 -- return __copy_tofrom_user(to, (__force void __user *)from,
16171 -- n - over) + over;
16172 -- }
16173 - return n;
16174 -}
16175 -
16176 @@ -8948,29 +9164,27 @@ index b7c20f0..4adc0f1 100644
16177 static inline unsigned long __copy_from_user_inatomic(void *to,
16178 const void __user *from, unsigned long n)
16179 {
16180 -@@ -372,6 +327,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
16181 +@@ -359,6 +342,9 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
16182 if (ret == 0)
16183 return 0;
16184 }
16185 +
16186 -+ if (!__builtin_constant_p(n))
16187 -+ check_object_size(to, n, false);
16188 ++ check_object_size(to, n, false);
16189 +
16190 return __copy_tofrom_user((__force void __user *)to, from, n);
16191 }
16192
16193 -@@ -398,6 +357,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
16194 +@@ -385,6 +371,9 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
16195 if (ret == 0)
16196 return 0;
16197 }
16198 +
16199 -+ if (!__builtin_constant_p(n))
16200 -+ check_object_size(from, n, true);
16201 ++ check_object_size(from, n, true);
16202 +
16203 return __copy_tofrom_user(to, (__force const void __user *)from, n);
16204 }
16205
16206 -@@ -415,6 +378,92 @@ static inline unsigned long __copy_to_user(void __user *to,
16207 +@@ -402,6 +391,70 @@ static inline unsigned long __copy_to_user(void __user *to,
16208 return __copy_to_user_inatomic(to, from, size);
16209 }
16210
16211 @@ -8979,45 +9193,26 @@ index b7c20f0..4adc0f1 100644
16212 +static inline unsigned long __must_check copy_from_user(void *to,
16213 + const void __user *from, unsigned long n)
16214 +{
16215 -+ unsigned long over;
16216 -+
16217 + if ((long)n < 0)
16218 + return n;
16219 +
16220 -+ if (access_ok(VERIFY_READ, from, n)) {
16221 -+ if (!__builtin_constant_p(n))
16222 -+ check_object_size(to, n, false);
16223 -+ return __copy_tofrom_user((__force void __user *)to, from, n);
16224 -+ }
16225 -+ if ((unsigned long)from < TASK_SIZE) {
16226 -+ over = (unsigned long)from + n - TASK_SIZE;
16227 -+ if (!__builtin_constant_p(n - over))
16228 -+ check_object_size(to, n - over, false);
16229 -+ return __copy_tofrom_user((__force void __user *)to, from,
16230 -+ n - over) + over;
16231 ++ if (likely(access_ok(VERIFY_READ, from, n))) {
16232 ++ check_object_size(to, n, false);
16233 ++ return __copy_tofrom_user((void __force_user *)to, from, n);
16234 + }
16235 ++ memset(to, 0, n);
16236 + return n;
16237 +}
16238 +
16239 +static inline unsigned long __must_check copy_to_user(void __user *to,
16240 + const void *from, unsigned long n)
16241 +{
16242 -+ unsigned long over;
16243 -+
16244 + if ((long)n < 0)
16245 + return n;
16246 +
16247 -+ if (access_ok(VERIFY_WRITE, to, n)) {
16248 -+ if (!__builtin_constant_p(n))
16249 -+ check_object_size(from, n, true);
16250 -+ return __copy_tofrom_user(to, (__force void __user *)from, n);
16251 -+ }
16252 -+ if ((unsigned long)to < TASK_SIZE) {
16253 -+ over = (unsigned long)to + n - TASK_SIZE;
16254 -+ if (!__builtin_constant_p(n))
16255 -+ check_object_size(from, n - over, true);
16256 -+ return __copy_tofrom_user(to, (__force void __user *)from,
16257 -+ n - over) + over;
16258 ++ if (likely(access_ok(VERIFY_WRITE, to, n))) {
16259 ++ check_object_size(from, n, true);
16260 ++ return __copy_tofrom_user(to, (void __force_user *)from, n);
16261 + }
16262 + return n;
16263 +}
16264 @@ -9032,12 +9227,10 @@ index b7c20f0..4adc0f1 100644
16265 + if ((long)n < 0 || n > INT_MAX)
16266 + return n;
16267 +
16268 -+ if (!__builtin_constant_p(n))
16269 ++ if (likely(access_ok(VERIFY_READ, from, n))) {
16270 + check_object_size(to, n, false);
16271 -+
16272 -+ if (likely(access_ok(VERIFY_READ, from, n)))
16273 + n = __copy_from_user(to, from, n);
16274 -+ else
16275 ++ } else
16276 + memset(to, 0, n);
16277 + return n;
16278 +}
16279 @@ -9048,8 +9241,7 @@ index b7c20f0..4adc0f1 100644
16280 + return n;
16281 +
16282 + if (likely(access_ok(VERIFY_WRITE, to, n))) {
16283 -+ if (!__builtin_constant_p(n))
16284 -+ check_object_size(from, n, true);
16285 ++ check_object_size(from, n, true);
16286 + n = __copy_to_user(to, from, n);
16287 + }
16288 + return n;
16289 @@ -9712,7 +9904,7 @@ index c4a93d6..4d2a9b4 100644
16290
16291 #endif /* __ASM_EXEC_H */
16292 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
16293 -index e0900dd..72d683d 100644
16294 +index 666fd8b..778a9b9 100644
16295 --- a/arch/s390/include/asm/uaccess.h
16296 +++ b/arch/s390/include/asm/uaccess.h
16297 @@ -59,6 +59,7 @@ static inline int __range_ok(unsigned long addr, unsigned long size)
16298 @@ -10591,7 +10783,7 @@ index bd56c28..4b63d83 100644
16299 #include <asm/uaccess_64.h>
16300 #else
16301 diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h
16302 -index 57aca27..a87e6eb 100644
16303 +index 3e8de69..d3d89a0 100644
16304 --- a/arch/sparc/include/asm/uaccess_32.h
16305 +++ b/arch/sparc/include/asm/uaccess_32.h
16306 @@ -47,6 +47,7 @@
16307 @@ -10602,7 +10794,92 @@ index 57aca27..a87e6eb 100644
16308 #define access_ok(type, addr, size) \
16309 ({ (void)(type); __access_ok((unsigned long)(addr), size); })
16310
16311 -@@ -248,27 +249,46 @@ unsigned long __copy_user(void __user *to, const void __user *from, unsigned lon
16312 +@@ -205,6 +206,31 @@ int __put_user_bad(void);
16313 + __gu_ret; \
16314 + })
16315 +
16316 ++#define __get_user_check_ret(x, addr, size, type, retval) ({ \
16317 ++ register unsigned long __gu_val __asm__ ("l1"); \
16318 ++ if (__access_ok(addr, size)) { \
16319 ++ switch (size) { \
16320 ++ case 1: \
16321 ++ __get_user_asm_ret(__gu_val, ub, addr, retval); \
16322 ++ break; \
16323 ++ case 2: \
16324 ++ __get_user_asm_ret(__gu_val, uh, addr, retval); \
16325 ++ break; \
16326 ++ case 4: \
16327 ++ __get_user_asm_ret(__gu_val, , addr, retval); \
16328 ++ break; \
16329 ++ case 8: \
16330 ++ __get_user_asm_ret(__gu_val, d, addr, retval); \
16331 ++ break; \
16332 ++ default: \
16333 ++ if (__get_user_bad()) \
16334 ++ return retval; \
16335 ++ } \
16336 ++ x = (__force type) __gu_val; \
16337 ++ } else \
16338 ++ return retval; \
16339 ++})
16340 ++
16341 + #define __get_user_nocheck(x, addr, size, type) ({ \
16342 + register int __gu_ret; \
16343 + register unsigned long __gu_val; \
16344 +@@ -222,6 +248,20 @@ int __put_user_bad(void);
16345 + __gu_ret; \
16346 + })
16347 +
16348 ++#define __get_user_nocheck_ret(x, addr, size, type, retval) ({ \
16349 ++ register unsigned long __gu_val __asm__ ("l1"); \
16350 ++ switch (size) { \
16351 ++ case 1: __get_user_asm_ret(__gu_val, ub, addr, retval); break; \
16352 ++ case 2: __get_user_asm_ret(__gu_val, uh, addr, retval); break; \
16353 ++ case 4: __get_user_asm_ret(__gu_val, , addr, retval); break; \
16354 ++ case 8: __get_user_asm_ret(__gu_val, d, addr, retval); break; \
16355 ++ default: \
16356 ++ if (__get_user_bad()) \
16357 ++ return retval; \
16358 ++ } \
16359 ++ x = (__force type) __gu_val; \
16360 ++})
16361 ++
16362 + #define __get_user_asm(x, size, addr, ret) \
16363 + __asm__ __volatile__( \
16364 + "/* Get user asm, inline. */\n" \
16365 +@@ -242,28 +282,70 @@ __asm__ __volatile__( \
16366 + : "=&r" (ret), "=&r" (x) : "m" (*__m(addr)), \
16367 + "i" (-EFAULT))
16368 +
16369 ++#define __get_user_asm_ret(x, size, addr, retval) \
16370 ++if (__builtin_constant_p(retval) && retval == -EFAULT) \
16371 ++ __asm__ __volatile__( \
16372 ++ "/* Get user asm ret, inline. */\n" \
16373 ++ "1:\t" "ld"#size " %1, %0\n\n\t" \
16374 ++ ".section __ex_table,#alloc\n\t" \
16375 ++ ".align 4\n\t" \
16376 ++ ".word 1b,__ret_efault\n\n\t" \
16377 ++ ".previous\n\t" \
16378 ++ : "=&r" (x) : "m" (*__m(addr))); \
16379 ++else \
16380 ++ __asm__ __volatile__( \
16381 ++ "/* Get user asm ret, inline. */\n" \
16382 ++ "1:\t" "ld"#size " %1, %0\n\n\t" \
16383 ++ ".section .fixup,#alloc,#execinstr\n\t" \
16384 ++ ".align 4\n" \
16385 ++ "3:\n\t" \
16386 ++ "ret\n\t" \
16387 ++ " restore %%g0, %2, %%o0\n\n\t" \
16388 ++ ".previous\n\t" \
16389 ++ ".section __ex_table,#alloc\n\t" \
16390 ++ ".align 4\n\t" \
16391 ++ ".word 1b, 3b\n\n\t" \
16392 ++ ".previous\n\t" \
16393 ++ : "=&r" (x) : "m" (*__m(addr)), "i" (retval))
16394 ++
16395 + int __get_user_bad(void);
16396 +
16397 + unsigned long __copy_user(void __user *to, const void __user *from, unsigned long size);
16398
16399 static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
16400 {
16401 @@ -10640,10 +10917,12 @@ index 57aca27..a87e6eb 100644
16402 + if (!__builtin_constant_p(n))
16403 + check_object_size(to, n, false);
16404 return __copy_user((__force void __user *) to, from, n);
16405 -- else
16406 -+ } else
16407 +- else {
16408 ++ } else {
16409 + memset(to, 0, n);
16410 return n;
16411 - }
16412 + }
16413 +@@ -271,6 +353,9 @@ static inline unsigned long copy_from_user(void *to, const void __user *from, un
16414
16415 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
16416 {
16417 @@ -18725,10 +19004,10 @@ index 9b4f9d3..ce64392 100644
16418
16419 intel_ds_init();
16420 diff --git a/arch/x86/events/intel/cqm.c b/arch/x86/events/intel/cqm.c
16421 -index 7b5fd81..3ca58b5 100644
16422 +index 4ff41ae..9303030 100644
16423 --- a/arch/x86/events/intel/cqm.c
16424 +++ b/arch/x86/events/intel/cqm.c
16425 -@@ -1479,7 +1479,7 @@ static struct attribute *intel_cmt_mbm_events_attr[] = {
16426 +@@ -1488,7 +1488,7 @@ static struct attribute *intel_cmt_mbm_events_attr[] = {
16427 NULL,
16428 };
16429
16430 @@ -18737,7 +19016,7 @@ index 7b5fd81..3ca58b5 100644
16431 .name = "events",
16432 .attrs = NULL,
16433 };
16434 -@@ -1737,7 +1737,9 @@ static int __init intel_cqm_init(void)
16435 +@@ -1746,7 +1746,9 @@ static int __init intel_cqm_init(void)
16436 goto out;
16437 }
16438
16439 @@ -18748,7 +19027,7 @@ index 7b5fd81..3ca58b5 100644
16440
16441 ret = intel_cqm_setup_rmid_cache();
16442 if (ret)
16443 -@@ -1753,12 +1755,14 @@ static int __init intel_cqm_init(void)
16444 +@@ -1762,12 +1764,14 @@ static int __init intel_cqm_init(void)
16445 if (ret && !cqm_enabled)
16446 goto out;
16447
16448 @@ -18789,7 +19068,7 @@ index 9ba4e41..f931fb9 100644
16449
16450 static ssize_t cstate_get_attr_cpumask(struct device *dev,
16451 diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
16452 -index 7ce9f3f..dc9146c 100644
16453 +index 9b983a4..b31c136 100644
16454 --- a/arch/x86/events/intel/ds.c
16455 +++ b/arch/x86/events/intel/ds.c
16456 @@ -601,7 +601,7 @@ unlock:
16457 @@ -18850,7 +19129,7 @@ index 9e2b40c..a9013c2 100644
16458 if (!insn.opcode.got)
16459 return X86_BR_ABORT;
16460 diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
16461 -index 04bb5fb..69cbd32 100644
16462 +index 861a7d9..2ff89b2 100644
16463 --- a/arch/x86/events/intel/pt.c
16464 +++ b/arch/x86/events/intel/pt.c
16465 @@ -172,11 +172,9 @@ static const struct attribute_group *pt_attr_groups[] = {
16466 @@ -24045,7 +24324,7 @@ index c3496619..3f3a7dc 100644
16467 asmlinkage void smp_deferred_error_interrupt(void);
16468 #endif
16469 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
16470 -index 2982387..35d07f4 100644
16471 +index 0328c2cc..35d07f4 100644
16472 --- a/arch/x86/include/asm/uaccess.h
16473 +++ b/arch/x86/include/asm/uaccess.h
16474 @@ -8,6 +8,7 @@
16475 @@ -24248,23 +24527,20 @@ index 2982387..35d07f4 100644
16476 break; \
16477 case 4: \
16478 __get_user_asm_ex(x, ptr, "l", "k", "=r"); \
16479 -@@ -412,9 +464,13 @@ do { \
16480 +@@ -412,10 +464,10 @@ do { \
16481 } while (0)
16482
16483 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
16484 - asm volatile("1: mov"itype" %1,%"rtype"0\n" \
16485 + asm volatile("1: "__copyuser_seg"mov"itype" %1,%"rtype"0\n"\
16486 "2:\n" \
16487 -- _ASM_EXTABLE_EX(1b, 2b) \
16488 -+ ".section .fixup,\"ax\"\n" \
16489 + ".section .fixup,\"ax\"\n" \
16490 +- "3:xor"itype" %"rtype"0,%"rtype"0\n" \
16491 + "3:xorl %k0,%k0\n" \
16492 -+ " jmp 2b\n" \
16493 -+ ".previous\n" \
16494 -+ _ASM_EXTABLE_EX(1b, 3b) \
16495 - : ltype(x) : "m" (__m(addr)))
16496 -
16497 - #define __put_user_nocheck(x, ptr, size) \
16498 -@@ -433,13 +489,24 @@ do { \
16499 + " jmp 2b\n" \
16500 + ".previous\n" \
16501 + _ASM_EXTABLE_EX(1b, 3b) \
16502 +@@ -437,13 +489,24 @@ do { \
16503 __uaccess_begin(); \
16504 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
16505 __uaccess_end(); \
16506 @@ -24291,7 +24567,7 @@ index 2982387..35d07f4 100644
16507
16508 /*
16509 * Tell gcc we read from memory instead of writing: this is because
16510 -@@ -447,8 +514,10 @@ struct __large_struct { unsigned long buf[100]; };
16511 +@@ -451,8 +514,10 @@ struct __large_struct { unsigned long buf[100]; };
16512 * aliasing issues.
16513 */
16514 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
16515 @@ -24303,7 +24579,7 @@ index 2982387..35d07f4 100644
16516 "2:\n" \
16517 ".section .fixup,\"ax\"\n" \
16518 "3: mov %3,%0\n" \
16519 -@@ -456,10 +525,12 @@ struct __large_struct { unsigned long buf[100]; };
16520 +@@ -460,10 +525,12 @@ struct __large_struct { unsigned long buf[100]; };
16521 ".previous\n" \
16522 _ASM_EXTABLE(1b, 3b) \
16523 : "=r"(err) \
16524 @@ -24318,7 +24594,7 @@ index 2982387..35d07f4 100644
16525 "2:\n" \
16526 _ASM_EXTABLE_EX(1b, 2b) \
16527 : : ltype(x), "m" (__m(addr)))
16528 -@@ -469,11 +540,13 @@ struct __large_struct { unsigned long buf[100]; };
16529 +@@ -473,11 +540,13 @@ struct __large_struct { unsigned long buf[100]; };
16530 */
16531 #define uaccess_try do { \
16532 current_thread_info()->uaccess_err = 0; \
16533 @@ -24332,7 +24608,7 @@ index 2982387..35d07f4 100644
16534 (err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \
16535 } while (0)
16536
16537 -@@ -499,8 +572,12 @@ struct __large_struct { unsigned long buf[100]; };
16538 +@@ -503,8 +572,12 @@ struct __large_struct { unsigned long buf[100]; };
16539 * On error, the variable @x is set to zero.
16540 */
16541
16542 @@ -24345,7 +24621,7 @@ index 2982387..35d07f4 100644
16543
16544 /**
16545 * __put_user: - Write a simple value into user space, with less checking.
16546 -@@ -523,8 +600,12 @@ struct __large_struct { unsigned long buf[100]; };
16547 +@@ -527,8 +600,12 @@ struct __large_struct { unsigned long buf[100]; };
16548 * Returns zero on success, or -EFAULT on error.
16549 */
16550
16551 @@ -24358,7 +24634,7 @@ index 2982387..35d07f4 100644
16552
16553 #define __get_user_unaligned __get_user
16554 #define __put_user_unaligned __put_user
16555 -@@ -542,7 +623,7 @@ struct __large_struct { unsigned long buf[100]; };
16556 +@@ -546,7 +623,7 @@ struct __large_struct { unsigned long buf[100]; };
16557 #define get_user_ex(x, ptr) do { \
16558 unsigned long __gue_val; \
16559 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
16560 @@ -24367,7 +24643,7 @@ index 2982387..35d07f4 100644
16561 } while (0)
16562
16563 #define put_user_try uaccess_try
16564 -@@ -560,7 +641,7 @@ extern __must_check long strlen_user(const char __user *str);
16565 +@@ -564,7 +641,7 @@ extern __must_check long strlen_user(const char __user *str);
16566 extern __must_check long strnlen_user(const char __user *str, long n);
16567
16568 unsigned long __must_check clear_user(void __user *mem, unsigned long len);
16569 @@ -24376,7 +24652,7 @@ index 2982387..35d07f4 100644
16570
16571 extern void __cmpxchg_wrong_size(void)
16572 __compiletime_error("Bad argument size for cmpxchg");
16573 -@@ -568,22 +649,23 @@ extern void __cmpxchg_wrong_size(void)
16574 +@@ -572,22 +649,23 @@ extern void __cmpxchg_wrong_size(void)
16575 #define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size) \
16576 ({ \
16577 int __ret = 0; \
16578 @@ -24405,7 +24681,7 @@ index 2982387..35d07f4 100644
16579 : "i" (-EFAULT), "q" (__new), "1" (__old) \
16580 : "memory" \
16581 ); \
16582 -@@ -592,14 +674,14 @@ extern void __cmpxchg_wrong_size(void)
16583 +@@ -596,14 +674,14 @@ extern void __cmpxchg_wrong_size(void)
16584 case 2: \
16585 { \
16586 asm volatile("\n" \
16587 @@ -24422,7 +24698,7 @@ index 2982387..35d07f4 100644
16588 : "i" (-EFAULT), "r" (__new), "1" (__old) \
16589 : "memory" \
16590 ); \
16591 -@@ -608,14 +690,14 @@ extern void __cmpxchg_wrong_size(void)
16592 +@@ -612,14 +690,14 @@ extern void __cmpxchg_wrong_size(void)
16593 case 4: \
16594 { \
16595 asm volatile("\n" \
16596 @@ -24439,7 +24715,7 @@ index 2982387..35d07f4 100644
16597 : "i" (-EFAULT), "r" (__new), "1" (__old) \
16598 : "memory" \
16599 ); \
16600 -@@ -627,14 +709,14 @@ extern void __cmpxchg_wrong_size(void)
16601 +@@ -631,14 +709,14 @@ extern void __cmpxchg_wrong_size(void)
16602 __cmpxchg_wrong_size(); \
16603 \
16604 asm volatile("\n" \
16605 @@ -24456,7 +24732,7 @@ index 2982387..35d07f4 100644
16606 : "i" (-EFAULT), "r" (__new), "1" (__old) \
16607 : "memory" \
16608 ); \
16609 -@@ -644,6 +726,7 @@ extern void __cmpxchg_wrong_size(void)
16610 +@@ -648,6 +726,7 @@ extern void __cmpxchg_wrong_size(void)
16611 __cmpxchg_wrong_size(); \
16612 } \
16613 __uaccess_end(); \
16614 @@ -24464,7 +24740,7 @@ index 2982387..35d07f4 100644
16615 *__uval = __old; \
16616 __ret; \
16617 })
16618 -@@ -667,17 +750,6 @@ extern struct movsl_mask {
16619 +@@ -671,17 +750,6 @@ extern struct movsl_mask {
16620
16621 #define ARCH_HAS_NOCACHE_UACCESS 1
16622
16623 @@ -24482,7 +24758,7 @@ index 2982387..35d07f4 100644
16624 #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
16625 # define copy_user_diag __compiletime_error
16626 #else
16627 -@@ -687,7 +759,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
16628 +@@ -691,7 +759,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
16629 extern void copy_user_diag("copy_from_user() buffer size is too small")
16630 copy_from_user_overflow(void);
16631 extern void copy_user_diag("copy_to_user() buffer size is too small")
16632 @@ -24491,7 +24767,7 @@ index 2982387..35d07f4 100644
16633
16634 #undef copy_user_diag
16635
16636 -@@ -700,7 +772,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
16637 +@@ -704,7 +772,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
16638
16639 extern void
16640 __compiletime_warning("copy_to_user() buffer size is not provably correct")
16641 @@ -24500,7 +24776,7 @@ index 2982387..35d07f4 100644
16642 #define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
16643
16644 #else
16645 -@@ -715,10 +787,16 @@ __copy_from_user_overflow(int size, unsigned long count)
16646 +@@ -719,10 +787,16 @@ __copy_from_user_overflow(int size, unsigned long count)
16647
16648 #endif
16649
16650 @@ -24518,7 +24794,7 @@ index 2982387..35d07f4 100644
16651
16652 might_fault();
16653
16654 -@@ -742,12 +820,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
16655 +@@ -746,12 +820,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
16656 * case, and do only runtime checking for non-constant sizes.
16657 */
16658
16659 @@ -24540,7 +24816,7 @@ index 2982387..35d07f4 100644
16660
16661 return n;
16662 }
16663 -@@ -755,19 +836,20 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
16664 +@@ -759,19 +836,20 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
16665 static inline unsigned long __must_check
16666 copy_to_user(void __user *to, const void *from, unsigned long n)
16667 {
16668 @@ -25776,10 +26052,10 @@ index 4a8697f..8a13428 100644
16669 obj-y += common.o
16670 obj-y += rdrand.o
16671 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
16672 -index f5c69d8..5eecf58 100644
16673 +index b81fe2d..fa46eca 100644
16674 --- a/arch/x86/kernel/cpu/amd.c
16675 +++ b/arch/x86/kernel/cpu/amd.c
16676 -@@ -780,7 +780,7 @@ static void init_amd(struct cpuinfo_x86 *c)
16677 +@@ -792,7 +792,7 @@ static void init_amd(struct cpuinfo_x86 *c)
16678 static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
16679 {
16680 /* AMD errata T13 (order #21922) */
16681 @@ -29478,10 +29754,10 @@ index 33ee3e0..6d23e5c 100644
16682 #endif /* SMP */
16683 };
16684 diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
16685 -index 7b3b3f2..68b5f72 100644
16686 +index 078c933..c5d51dc 100644
16687 --- a/arch/x86/kernel/paravirt.c
16688 +++ b/arch/x86/kernel/paravirt.c
16689 -@@ -64,6 +64,9 @@ u64 _paravirt_ident_64(u64 x)
16690 +@@ -64,6 +64,9 @@ u64 notrace _paravirt_ident_64(u64 x)
16691 {
16692 return x;
16693 }
16694 @@ -31985,10 +32261,10 @@ index 7cc2360..6ae1236 100644
16695 {
16696 struct kvm_kpic_state *s = opaque;
16697 diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
16698 -index 5f42d03..052f8a4 100644
16699 +index c7220ba..4d0a181 100644
16700 --- a/arch/x86/kvm/ioapic.c
16701 +++ b/arch/x86/kvm/ioapic.c
16702 -@@ -413,6 +413,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
16703 +@@ -415,6 +415,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
16704 #define IOAPIC_SUCCESSIVE_IRQ_MAX_COUNT 10000
16705
16706 static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
16707 @@ -37189,7 +37465,7 @@ index 7a1f7bb..5b4b5cc 100644
16708 while (numpages) {
16709 /*
16710 diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
16711 -index fb0604f..b9e0399 100644
16712 +index 5431a32..137f092 100644
16713 --- a/arch/x86/mm/pat.c
16714 +++ b/arch/x86/mm/pat.c
16715 @@ -633,7 +633,7 @@ int free_memtype(u64 start, u64 end)
16716 @@ -40002,7 +40278,7 @@ index 058c8d7..55229dd 100644
16717 __be32 *dst = (__be32 *)outbuf;
16718 u32 block[4];
16719 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
16720 -index 7921251..ba86330 100644
16721 +index 90fefae..1a7cd2e 100644
16722 --- a/crypto/cryptd.c
16723 +++ b/crypto/cryptd.c
16724 @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx {
16725 @@ -46652,7 +46928,7 @@ index 5d469b2..2a576b2 100644
16726 else
16727 type = types[map->type];
16728 diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
16729 -index 57676f8..020e7ca 100644
16730 +index a628975..98c84f7 100644
16731 --- a/drivers/gpu/drm/drm_ioc32.c
16732 +++ b/drivers/gpu/drm/drm_ioc32.c
16733 @@ -458,7 +458,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
16734 @@ -46673,16 +46949,16 @@ index 57676f8..020e7ca 100644
16735
16736 if (__put_user(count, &request->count)
16737 || __put_user(list, &request->list))
16738 -@@ -1072,7 +1072,7 @@ static int compat_drm_mode_addfb2(struct file *file, unsigned int cmd,
16739 - return 0;
16740 +@@ -1074,7 +1074,7 @@ static int compat_drm_mode_addfb2(struct file *file, unsigned int cmd,
16741 }
16742 + #endif
16743
16744 -static drm_ioctl_compat_t *drm_compat_ioctls[] = {
16745 +static drm_ioctl_compat_t drm_compat_ioctls[] = {
16746 [DRM_IOCTL_NR(DRM_IOCTL_VERSION32)] = compat_drm_version,
16747 [DRM_IOCTL_NR(DRM_IOCTL_GET_UNIQUE32)] = compat_drm_getunique,
16748 [DRM_IOCTL_NR(DRM_IOCTL_GET_MAP32)] = compat_drm_getmap,
16749 -@@ -1119,7 +1119,6 @@ static drm_ioctl_compat_t *drm_compat_ioctls[] = {
16750 +@@ -1123,7 +1123,6 @@ static drm_ioctl_compat_t *drm_compat_ioctls[] = {
16751 long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
16752 {
16753 unsigned int nr = DRM_IOCTL_NR(cmd);
16754 @@ -46690,7 +46966,7 @@ index 57676f8..020e7ca 100644
16755 int ret;
16756
16757 /* Assume that ioctls without an explicit compat routine will just
16758 -@@ -1129,10 +1128,8 @@ long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
16759 +@@ -1133,10 +1132,8 @@ long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
16760 if (nr >= ARRAY_SIZE(drm_compat_ioctls))
16761 return drm_ioctl(filp, cmd, arg);
16762
16763 @@ -50151,10 +50427,10 @@ index c966492..4e66371 100644
16764 /*
16765 * intel_idle_state_table_update()
16766 diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
16767 -index e6319a9..9e14f05 100644
16768 +index 2e6a427..8b6cf88 100644
16769 --- a/drivers/iio/industrialio-core.c
16770 +++ b/drivers/iio/industrialio-core.c
16771 -@@ -689,7 +689,7 @@ static ssize_t iio_write_channel_info(struct device *dev,
16772 +@@ -688,7 +688,7 @@ static ssize_t iio_write_channel_info(struct device *dev,
16773 }
16774
16775 static
16776 @@ -56024,7 +56300,7 @@ index fd40bcb..13b3f293 100644
16777
16778 void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
16779 diff --git a/drivers/md/md.c b/drivers/md/md.c
16780 -index 866825f..0c08c28 100644
16781 +index 0678a0a..90c7246 100644
16782 --- a/drivers/md/md.c
16783 +++ b/drivers/md/md.c
16784 @@ -198,10 +198,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
16785 @@ -56154,7 +56430,7 @@ index 866825f..0c08c28 100644
16786 mask |= POLLERR | POLLPRI;
16787 return mask;
16788 }
16789 -@@ -7637,7 +7638,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
16790 +@@ -7633,7 +7634,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
16791 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
16792 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
16793 (int)part_stat_read(&disk->part0, sectors[1]) -
16794 @@ -56163,7 +56439,7 @@ index 866825f..0c08c28 100644
16795 /* sync IO will cause sync_io to increase before the disk_stats
16796 * as sync_io is counted when a request starts, and
16797 * disk_stats is counted when it completes.
16798 -@@ -7901,7 +7902,7 @@ void md_do_sync(struct md_thread *thread)
16799 +@@ -7897,7 +7898,7 @@ void md_do_sync(struct md_thread *thread)
16800 * which defaults to physical size, but can be virtual size
16801 */
16802 max_sectors = mddev->resync_max_sectors;
16803 @@ -56172,7 +56448,7 @@ index 866825f..0c08c28 100644
16804 /* we don't use the checkpoint if there's a bitmap */
16805 if (test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery))
16806 j = mddev->resync_min;
16807 -@@ -8895,11 +8896,11 @@ static __exit void md_exit(void)
16808 +@@ -8891,11 +8892,11 @@ static __exit void md_exit(void)
16809 subsys_initcall(md_init);
16810 module_exit(md_exit)
16811
16812 @@ -58406,7 +58682,7 @@ index 528390f..cacc274 100644
16813 err = -EFAULT;
16814 goto out_array_args;
16815 diff --git a/drivers/memory/omap-gpmc.c b/drivers/memory/omap-gpmc.c
16816 -index 15508df..5f0ee4e 100644
16817 +index 73ec320..a3ed597 100644
16818 --- a/drivers/memory/omap-gpmc.c
16819 +++ b/drivers/memory/omap-gpmc.c
16820 @@ -234,7 +234,7 @@ struct omap3_gpmc_regs {
16821 @@ -61675,7 +61951,7 @@ index 4048fc5..333809f 100644
16822 /**
16823 * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
16824 diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
16825 -index c777cde..7fa85f9 100644
16826 +index e655b76..313a56d 100644
16827 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
16828 +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
16829 @@ -6421,7 +6421,7 @@ init_err_free:
16830 @@ -62735,7 +63011,7 @@ index 546fab0..8eeb822 100644
16831 struct mlx4_dev_persistent *persist = pci_get_drvdata(pdev);
16832
16833 diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
16834 -index 6695893..6abc392 100644
16835 +index e782d0f..6591e56 100644
16836 --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
16837 +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
16838 @@ -1384,7 +1384,7 @@ static void remove_one(struct pci_dev *pdev)
16839 @@ -63239,7 +63515,7 @@ index cb49c96..c1498cc 100644
16840 struct smc911x_local *lp = netdev_priv(dev);
16841 unsigned int free;
16842 diff --git a/drivers/net/ethernet/smsc/smc91x.c b/drivers/net/ethernet/smsc/smc91x.c
16843 -index 18ac52d..5fd8ce3 100644
16844 +index b69d0e1..718a393 100644
16845 --- a/drivers/net/ethernet/smsc/smc91x.c
16846 +++ b/drivers/net/ethernet/smsc/smc91x.c
16847 @@ -637,7 +637,7 @@ done: if (!THROTTLE_TX_PKTS)
16848 @@ -63994,10 +64270,10 @@ index fdee772..6c3ba123 100644
16849 };
16850
16851 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
16852 -index e16487c..c0987f1 100644
16853 +index 34259bd..60c2692 100644
16854 --- a/drivers/net/tun.c
16855 +++ b/drivers/net/tun.c
16856 -@@ -960,7 +960,7 @@ static void tun_set_headroom(struct net_device *dev, int new_hr)
16857 +@@ -956,7 +956,7 @@ static void tun_set_headroom(struct net_device *dev, int new_hr)
16858 {
16859 struct tun_struct *tun = netdev_priv(dev);
16860
16861 @@ -64006,7 +64282,7 @@ index e16487c..c0987f1 100644
16862 new_hr = NET_SKB_PAD;
16863
16864 tun->align = new_hr;
16865 -@@ -1558,7 +1558,7 @@ static int tun_validate(struct nlattr *tb[], struct nlattr *data[])
16866 +@@ -1554,7 +1554,7 @@ static int tun_validate(struct nlattr *tb[], struct nlattr *data[])
16867 return -EINVAL;
16868 }
16869
16870 @@ -64015,7 +64291,7 @@ index e16487c..c0987f1 100644
16871 .kind = DRV_NAME,
16872 .priv_size = sizeof(struct tun_struct),
16873 .setup = tun_setup,
16874 -@@ -1970,7 +1970,7 @@ unlock:
16875 +@@ -1966,7 +1966,7 @@ unlock:
16876 }
16877
16878 static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
16879 @@ -64024,7 +64300,7 @@ index e16487c..c0987f1 100644
16880 {
16881 struct tun_file *tfile = file->private_data;
16882 struct tun_struct *tun;
16883 -@@ -1984,6 +1984,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
16884 +@@ -1980,6 +1980,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
16885 int le;
16886 int ret;
16887
16888 @@ -64757,10 +65033,10 @@ index 9cbca12..eae7c79 100644
16889 struct ath_nf_limits {
16890 s16 max;
16891 diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
16892 -index 8b63988..2fd4697 100644
16893 +index 4b59a4c..14eb96d 100644
16894 --- a/drivers/net/wireless/ath/ath9k/main.c
16895 +++ b/drivers/net/wireless/ath/ath9k/main.c
16896 -@@ -2589,16 +2589,18 @@ void ath9k_fill_chanctx_ops(void)
16897 +@@ -2594,16 +2594,18 @@ void ath9k_fill_chanctx_ops(void)
16898 if (!ath9k_is_chanctx_enabled())
16899 return;
16900
16901 @@ -65413,7 +65689,7 @@ index 83770d2..3ec8a40 100644
16902 if (modparam_pio)
16903 wldev->__using_pio = true;
16904 diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
16905 -index 62f475e..c5c90d3 100644
16906 +index 121baba..80f9d55 100644
16907 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
16908 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
16909 @@ -5077,6 +5077,50 @@ static struct cfg80211_ops brcmf_cfg80211_ops = {
16910 @@ -77655,10 +77931,10 @@ index 0fbd7c0..66c6010 100644
16911 if (share_irqs)
16912 irqflag = IRQF_SHARED;
16913 diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c
16914 -index 8dd250f..84599cb 100644
16915 +index e67a463..c568cf1 100644
16916 --- a/drivers/tty/serial/8250/8250_pci.c
16917 +++ b/drivers/tty/serial/8250/8250_pci.c
16918 -@@ -5632,7 +5632,7 @@ static struct pci_device_id serial_pci_tbl[] = {
16919 +@@ -5771,7 +5771,7 @@ static struct pci_device_id serial_pci_tbl[] = {
16920 };
16921
16922 static pci_ers_result_t serial8250_io_error_detected(struct pci_dev *dev,
16923 @@ -79182,10 +79458,10 @@ index 69f7fab..05c4ff5 100644
16924 /* Device for a quirk */
16925 #define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73
16926 diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
16927 -index bc17bcf..4480e4a 100644
16928 +index e262ccc..43da57e 100644
16929 --- a/drivers/usb/host/xhci-ring.c
16930 +++ b/drivers/usb/host/xhci-ring.c
16931 -@@ -1872,9 +1872,9 @@ td_cleanup:
16932 +@@ -1876,9 +1876,9 @@ td_cleanup:
16933 * unsigned). Play it safe and say we didn't transfer anything.
16934 */
16935 if (urb->actual_length > urb->transfer_buffer_length) {
16936 @@ -79197,7 +79473,7 @@ index bc17bcf..4480e4a 100644
16937 urb->actual_length = 0;
16938 if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
16939 *status = -EREMOTEIO;
16940 -@@ -1953,10 +1953,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
16941 +@@ -1957,10 +1957,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
16942 return finish_td(xhci, td, event_trb, event, ep, status, false);
16943 case COMP_STOP:
16944 /* Did we stop at data stage? */
16945 @@ -79217,7 +79493,7 @@ index bc17bcf..4480e4a 100644
16946 /* fall through */
16947 case COMP_STOP_INVAL:
16948 return finish_td(xhci, td, event_trb, event, ep, status, false);
16949 -@@ -1970,12 +1975,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
16950 +@@ -1974,12 +1979,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
16951 /* else fall through */
16952 case COMP_STALL:
16953 /* Did we transfer part of the data (middle) phase? */
16954 @@ -79239,7 +79515,7 @@ index bc17bcf..4480e4a 100644
16955 td->urb->actual_length = 0;
16956
16957 return finish_td(xhci, td, event_trb, event, ep, status, false);
16958 -@@ -2008,9 +2016,12 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
16959 +@@ -2012,9 +2020,12 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
16960 * the last TRB.
16961 */
16962 td->urb_length_set = true;
16963 @@ -79255,7 +79531,7 @@ index bc17bcf..4480e4a 100644
16964 xhci_dbg(xhci, "Waiting for status "
16965 "stage event\n");
16966 return 0;
16967 -@@ -2205,11 +2216,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
16968 +@@ -2209,11 +2220,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
16969 /* Fast path - was this the last TRB in the TD for this URB? */
16970 } else if (event_trb == td->last_trb) {
16971 if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) {
16972 @@ -79268,7 +79544,7 @@ index bc17bcf..4480e4a 100644
16973 xhci_warn(xhci, "HC gave bad length "
16974 "of %d bytes left\n",
16975 EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)));
16976 -@@ -2218,7 +2225,10 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
16977 +@@ -2222,7 +2229,10 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
16978 *status = -EREMOTEIO;
16979 else
16980 *status = 0;
16981 @@ -97635,7 +97911,7 @@ index 948aa18..ae3bc17 100644
16982 spin_lock_init(&cur_trans->delayed_refs.lock);
16983
16984 diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
16985 -index c05f69a..2469b31 100644
16986 +index 542379f..054af97 100644
16987 --- a/fs/btrfs/tree-log.c
16988 +++ b/fs/btrfs/tree-log.c
16989 @@ -173,7 +173,7 @@ static int start_log_trans(struct btrfs_trans_handle *trans,
16990 @@ -102351,7 +102627,7 @@ index cbece12..9b01171 100644
16991 }
16992
16993 diff --git a/fs/fuse/file.c b/fs/fuse/file.c
16994 -index 6cac3dc..e3ad955 100644
16995 +index 76962a3..b0bdc86 100644
16996 --- a/fs/fuse/file.c
16997 +++ b/fs/fuse/file.c
16998 @@ -849,9 +849,9 @@ struct fuse_fill_data {
16999 @@ -102776,7 +103052,7 @@ index 8a65240..59ccf62 100644
17000 }
17001
17002 diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
17003 -index e157400..1b16643 100644
17004 +index 2bcb86e..b9fad5d 100644
17005 --- a/fs/kernfs/file.c
17006 +++ b/fs/kernfs/file.c
17007 @@ -34,7 +34,7 @@ static DEFINE_MUTEX(kernfs_open_file_mutex);
17008 @@ -104991,7 +105267,7 @@ index 5fe1cec..d0f4ac0 100644
17009 #if IS_ENABLED(CONFIG_NFS_V4)
17010 extern int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt);
17011 diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c
17012 -index aaa2e8d..deb6e76 100644
17013 +index 8cfa21f..fc50292 100644
17014 --- a/fs/nfs/callback_proc.c
17015 +++ b/fs/nfs/callback_proc.c
17016 @@ -19,10 +19,12 @@
17017 @@ -105042,7 +105318,7 @@ index aaa2e8d..deb6e76 100644
17018 int i;
17019 __be32 res = 0;
17020 struct nfs_client *clp = cps->clp;
17021 -@@ -444,10 +448,12 @@ out:
17022 +@@ -441,10 +445,12 @@ out:
17023 return status;
17024 }
17025
17026 @@ -105057,7 +105333,7 @@ index aaa2e8d..deb6e76 100644
17027 struct nfs4_slot_table *tbl;
17028 struct nfs4_slot *slot;
17029 struct nfs_client *clp;
17030 -@@ -549,9 +555,10 @@ validate_bitmap_values(unsigned long mask)
17031 +@@ -546,9 +552,10 @@ validate_bitmap_values(unsigned long mask)
17032 return (mask & ~RCA4_TYPE_MASK_ALL) == 0;
17033 }
17034
17035 @@ -105069,7 +105345,7 @@ index aaa2e8d..deb6e76 100644
17036 __be32 status;
17037 fmode_t flags = 0;
17038
17039 -@@ -584,9 +591,10 @@ out:
17040 +@@ -581,9 +588,10 @@ out:
17041 }
17042
17043 /* Reduce the fore channel's max_slots to the target value */
17044 @@ -110132,10 +110408,10 @@ index de1ff1d..bd4c347 100644
17045 .pc_ressize = sizeof(struct nfsd4_compoundres),
17046 .pc_release = nfsd4_release_compoundargs,
17047 diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
17048 -index 806eda1..125792c 100644
17049 +index 6a23098..69c65ea 100644
17050 --- a/fs/nfsd/nfs4state.c
17051 +++ b/fs/nfsd/nfs4state.c
17052 -@@ -2362,8 +2362,9 @@ static bool client_has_state(struct nfs4_client *clp)
17053 +@@ -2341,8 +2341,9 @@ static bool client_has_state(struct nfs4_client *clp)
17054 __be32
17055 nfsd4_exchange_id(struct svc_rqst *rqstp,
17056 struct nfsd4_compound_state *cstate,
17057 @@ -110146,7 +110422,7 @@ index 806eda1..125792c 100644
17058 struct nfs4_client *conf, *new;
17059 struct nfs4_client *unconf = NULL;
17060 __be32 status;
17061 -@@ -2639,8 +2640,9 @@ static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
17062 +@@ -2618,8 +2619,9 @@ static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
17063 __be32
17064 nfsd4_create_session(struct svc_rqst *rqstp,
17065 struct nfsd4_compound_state *cstate,
17066 @@ -110157,7 +110433,7 @@ index 806eda1..125792c 100644
17067 struct sockaddr *sa = svc_addr(rqstp);
17068 struct nfs4_client *conf, *unconf;
17069 struct nfs4_client *old = NULL;
17070 -@@ -2764,8 +2766,9 @@ static __be32 nfsd4_map_bcts_dir(u32 *dir)
17071 +@@ -2743,8 +2745,9 @@ static __be32 nfsd4_map_bcts_dir(u32 *dir)
17072 return nfserr_inval;
17073 }
17074
17075 @@ -110168,7 +110444,7 @@ index 806eda1..125792c 100644
17076 struct nfsd4_session *session = cstate->session;
17077 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
17078 __be32 status;
17079 -@@ -2785,8 +2788,9 @@ __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state
17080 +@@ -2764,8 +2767,9 @@ __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state
17081
17082 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
17083 struct nfsd4_compound_state *cstate,
17084 @@ -110179,7 +110455,7 @@ index 806eda1..125792c 100644
17085 __be32 status;
17086 struct nfsd4_conn *conn;
17087 struct nfsd4_session *session;
17088 -@@ -2828,8 +2832,9 @@ static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4
17089 +@@ -2807,8 +2811,9 @@ static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4
17090 __be32
17091 nfsd4_destroy_session(struct svc_rqst *r,
17092 struct nfsd4_compound_state *cstate,
17093 @@ -110190,7 +110466,7 @@ index 806eda1..125792c 100644
17094 struct nfsd4_session *ses;
17095 __be32 status;
17096 int ref_held_by_me = 0;
17097 -@@ -2925,8 +2930,9 @@ static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
17098 +@@ -2904,8 +2909,9 @@ static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
17099 __be32
17100 nfsd4_sequence(struct svc_rqst *rqstp,
17101 struct nfsd4_compound_state *cstate,
17102 @@ -110201,7 +110477,7 @@ index 806eda1..125792c 100644
17103 struct nfsd4_compoundres *resp = rqstp->rq_resp;
17104 struct xdr_stream *xdr = &resp->xdr;
17105 struct nfsd4_session *session;
17106 -@@ -3060,8 +3066,9 @@ nfsd4_sequence_done(struct nfsd4_compoundres *resp)
17107 +@@ -3039,8 +3045,9 @@ nfsd4_sequence_done(struct nfsd4_compoundres *resp)
17108 }
17109
17110 __be32
17111 @@ -110212,7 +110488,7 @@ index 806eda1..125792c 100644
17112 struct nfs4_client *conf, *unconf;
17113 struct nfs4_client *clp = NULL;
17114 __be32 status = 0;
17115 -@@ -3101,8 +3108,9 @@ out:
17116 +@@ -3080,8 +3087,9 @@ out:
17117 }
17118
17119 __be32
17120 @@ -110223,7 +110499,7 @@ index 806eda1..125792c 100644
17121 __be32 status = 0;
17122
17123 if (rc->rca_one_fs) {
17124 -@@ -3139,8 +3147,9 @@ out:
17125 +@@ -3118,8 +3126,9 @@ out:
17126
17127 __be32
17128 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17129 @@ -110234,7 +110510,7 @@ index 806eda1..125792c 100644
17130 struct xdr_netobj clname = setclid->se_name;
17131 nfs4_verifier clverifier = setclid->se_verf;
17132 struct nfs4_client *conf, *new;
17133 -@@ -3198,8 +3207,9 @@ out:
17134 +@@ -3177,8 +3186,9 @@ out:
17135 __be32
17136 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
17137 struct nfsd4_compound_state *cstate,
17138 @@ -110245,7 +110521,7 @@ index 806eda1..125792c 100644
17139 struct nfs4_client *conf, *unconf;
17140 struct nfs4_client *old = NULL;
17141 nfs4_verifier confirm = setclientid_confirm->sc_confirm;
17142 -@@ -4443,8 +4453,9 @@ void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
17143 +@@ -4422,8 +4432,9 @@ void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
17144
17145 __be32
17146 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17147 @@ -110256,7 +110532,7 @@ index 806eda1..125792c 100644
17148 struct nfs4_client *clp;
17149 __be32 status;
17150 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
17151 -@@ -4894,8 +4905,9 @@ out:
17152 +@@ -4873,8 +4884,9 @@ out:
17153 */
17154 __be32
17155 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17156 @@ -110267,7 +110543,7 @@ index 806eda1..125792c 100644
17157 struct nfsd4_test_stateid_id *stateid;
17158 struct nfs4_client *cl = cstate->session->se_client;
17159
17160 -@@ -4934,8 +4946,9 @@ out:
17161 +@@ -4913,8 +4925,9 @@ out:
17162
17163 __be32
17164 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17165 @@ -110278,7 +110554,7 @@ index 806eda1..125792c 100644
17166 stateid_t *stateid = &free_stateid->fr_stateid;
17167 struct nfs4_stid *s;
17168 struct nfs4_delegation *dp;
17169 -@@ -5063,8 +5076,9 @@ static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cs
17170 +@@ -5042,8 +5055,9 @@ static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cs
17171
17172 __be32
17173 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17174 @@ -110289,7 +110565,7 @@ index 806eda1..125792c 100644
17175 __be32 status;
17176 struct nfs4_openowner *oo;
17177 struct nfs4_ol_stateid *stp;
17178 -@@ -5132,8 +5146,9 @@ static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_ac
17179 +@@ -5111,8 +5125,9 @@ static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_ac
17180 __be32
17181 nfsd4_open_downgrade(struct svc_rqst *rqstp,
17182 struct nfsd4_compound_state *cstate,
17183 @@ -110300,7 +110576,7 @@ index 806eda1..125792c 100644
17184 __be32 status;
17185 struct nfs4_ol_stateid *stp;
17186 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
17187 -@@ -5201,8 +5216,9 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
17188 +@@ -5180,8 +5195,9 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
17189 */
17190 __be32
17191 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17192 @@ -110311,7 +110587,7 @@ index 806eda1..125792c 100644
17193 __be32 status;
17194 struct nfs4_ol_stateid *stp;
17195 struct net *net = SVC_NET(rqstp);
17196 -@@ -5231,8 +5247,9 @@ out:
17197 +@@ -5210,8 +5226,9 @@ out:
17198
17199 __be32
17200 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17201 @@ -110322,7 +110598,7 @@ index 806eda1..125792c 100644
17202 struct nfs4_delegation *dp;
17203 stateid_t *stateid = &dr->dr_stateid;
17204 struct nfs4_stid *s;
17205 -@@ -5583,8 +5600,9 @@ out:
17206 +@@ -5562,8 +5579,9 @@ out:
17207 */
17208 __be32
17209 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17210 @@ -110333,7 +110609,7 @@ index 806eda1..125792c 100644
17211 struct nfs4_openowner *open_sop = NULL;
17212 struct nfs4_lockowner *lock_sop = NULL;
17213 struct nfs4_ol_stateid *lock_stp = NULL;
17214 -@@ -5785,8 +5803,9 @@ static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct
17215 +@@ -5764,8 +5782,9 @@ static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct
17216 */
17217 __be32
17218 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17219 @@ -110344,7 +110620,7 @@ index 806eda1..125792c 100644
17220 struct file_lock *file_lock = NULL;
17221 struct nfs4_lockowner *lo = NULL;
17222 __be32 status;
17223 -@@ -5858,8 +5877,9 @@ out:
17224 +@@ -5837,8 +5856,9 @@ out:
17225
17226 __be32
17227 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
17228 @@ -110355,7 +110631,7 @@ index 806eda1..125792c 100644
17229 struct nfs4_ol_stateid *stp;
17230 struct file *filp = NULL;
17231 struct file_lock *file_lock = NULL;
17232 -@@ -5965,8 +5985,9 @@ check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner)
17233 +@@ -5944,8 +5964,9 @@ check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner)
17234 __be32
17235 nfsd4_release_lockowner(struct svc_rqst *rqstp,
17236 struct nfsd4_compound_state *cstate,
17237 @@ -110366,7 +110642,7 @@ index 806eda1..125792c 100644
17238 clientid_t *clid = &rlockowner->rl_clientid;
17239 struct nfs4_stateowner *sop;
17240 struct nfs4_lockowner *lo = NULL;
17241 -@@ -6910,26 +6931,34 @@ clear_current_stateid(struct nfsd4_compound_state *cstate)
17242 +@@ -6904,26 +6925,34 @@ clear_current_stateid(struct nfsd4_compound_state *cstate)
17243 * functions to set current state id
17244 */
17245 void
17246 @@ -110405,7 +110681,7 @@ index 806eda1..125792c 100644
17247 put_stateid(cstate, &lock->lk_resp_stateid);
17248 }
17249
17250 -@@ -6938,49 +6967,65 @@ nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, struct nfsd4_lock *lo
17251 +@@ -6932,49 +6961,65 @@ nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, struct nfsd4_lock *lo
17252 */
17253
17254 void
17255 @@ -114098,7 +114374,7 @@ index 88c7de1..3e4b510 100644
17256 static struct pid *
17257 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
17258 diff --git a/fs/proc/base.c b/fs/proc/base.c
17259 -index a11eb71..d48ca0e 100644
17260 +index 7583df7..d0091f3 100644
17261 --- a/fs/proc/base.c
17262 +++ b/fs/proc/base.c
17263 @@ -113,6 +113,14 @@ struct pid_entry {
17264 @@ -114368,7 +114644,7 @@ index a11eb71..d48ca0e 100644
17265
17266 if (src >= (env_end - env_start))
17267 break;
17268 -@@ -1584,7 +1690,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
17269 +@@ -1579,7 +1685,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
17270 return ERR_PTR(-ECHILD);
17271
17272 /* Are we allowed to snoop on the tasks file descriptors? */
17273 @@ -114377,7 +114653,7 @@ index a11eb71..d48ca0e 100644
17274 goto out;
17275
17276 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
17277 -@@ -1628,8 +1734,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
17278 +@@ -1623,8 +1729,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
17279 struct path path;
17280
17281 /* Are we allowed to snoop on the tasks file descriptors? */
17282 @@ -114398,7 +114674,7 @@ index a11eb71..d48ca0e 100644
17283
17284 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
17285 if (error)
17286 -@@ -1679,7 +1795,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
17287 +@@ -1674,7 +1790,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
17288 rcu_read_lock();
17289 cred = __task_cred(task);
17290 inode->i_uid = cred->euid;
17291 @@ -114410,7 +114686,7 @@ index a11eb71..d48ca0e 100644
17292 rcu_read_unlock();
17293 }
17294 security_task_to_inode(task, inode);
17295 -@@ -1715,10 +1835,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
17296 +@@ -1710,10 +1830,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
17297 return -ENOENT;
17298 }
17299 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
17300 @@ -114430,7 +114706,7 @@ index a11eb71..d48ca0e 100644
17301 }
17302 }
17303 rcu_read_unlock();
17304 -@@ -1756,11 +1885,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
17305 +@@ -1751,11 +1880,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
17306
17307 if (task) {
17308 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
17309 @@ -114451,7 +114727,7 @@ index a11eb71..d48ca0e 100644
17310 rcu_read_unlock();
17311 } else {
17312 inode->i_uid = GLOBAL_ROOT_UID;
17313 -@@ -2374,6 +2512,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
17314 +@@ -2369,6 +2507,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
17315 if (!task)
17316 goto out_no_task;
17317
17318 @@ -114461,7 +114737,7 @@ index a11eb71..d48ca0e 100644
17319 /*
17320 * Yes, it does not scale. And it should not. Don't add
17321 * new entries into /proc/<tgid>/ without very good reasons.
17322 -@@ -2404,6 +2545,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
17323 +@@ -2399,6 +2540,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
17324 if (!task)
17325 return -ENOENT;
17326
17327 @@ -114471,7 +114747,7 @@ index a11eb71..d48ca0e 100644
17328 if (!dir_emit_dots(file, ctx))
17329 goto out;
17330
17331 -@@ -2816,7 +2960,9 @@ static const struct inode_operations proc_task_inode_operations;
17332 +@@ -2811,7 +2955,9 @@ static const struct inode_operations proc_task_inode_operations;
17333 static const struct pid_entry tgid_base_stuff[] = {
17334 DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
17335 DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
17336 @@ -114481,7 +114757,7 @@ index a11eb71..d48ca0e 100644
17337 DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
17338 DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
17339 #ifdef CONFIG_NET
17340 -@@ -2834,7 +2980,7 @@ static const struct pid_entry tgid_base_stuff[] = {
17341 +@@ -2829,7 +2975,7 @@ static const struct pid_entry tgid_base_stuff[] = {
17342 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
17343 #endif
17344 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
17345 @@ -114490,7 +114766,7 @@ index a11eb71..d48ca0e 100644
17346 ONE("syscall", S_IRUSR, proc_pid_syscall),
17347 #endif
17348 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
17349 -@@ -2859,10 +3005,10 @@ static const struct pid_entry tgid_base_stuff[] = {
17350 +@@ -2854,10 +3000,10 @@ static const struct pid_entry tgid_base_stuff[] = {
17351 #ifdef CONFIG_SECURITY
17352 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
17353 #endif
17354 @@ -114503,7 +114779,7 @@ index a11eb71..d48ca0e 100644
17355 ONE("stack", S_IRUSR, proc_pid_stack),
17356 #endif
17357 #ifdef CONFIG_SCHED_INFO
17358 -@@ -2896,6 +3042,9 @@ static const struct pid_entry tgid_base_stuff[] = {
17359 +@@ -2891,6 +3037,9 @@ static const struct pid_entry tgid_base_stuff[] = {
17360 #ifdef CONFIG_HARDWALL
17361 ONE("hardwall", S_IRUGO, proc_pid_hardwall),
17362 #endif
17363 @@ -114513,7 +114789,7 @@ index a11eb71..d48ca0e 100644
17364 #ifdef CONFIG_USER_NS
17365 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
17366 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
17367 -@@ -3029,7 +3178,14 @@ static int proc_pid_instantiate(struct inode *dir,
17368 +@@ -3024,7 +3173,14 @@ static int proc_pid_instantiate(struct inode *dir,
17369 if (!inode)
17370 goto out;
17371
17372 @@ -114528,7 +114804,7 @@ index a11eb71..d48ca0e 100644
17373 inode->i_op = &proc_tgid_base_inode_operations;
17374 inode->i_fop = &proc_tgid_base_operations;
17375 inode->i_flags|=S_IMMUTABLE;
17376 -@@ -3067,7 +3223,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
17377 +@@ -3062,7 +3218,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
17378 if (!task)
17379 goto out;
17380
17381 @@ -114540,7 +114816,7 @@ index a11eb71..d48ca0e 100644
17382 put_task_struct(task);
17383 out:
17384 return ERR_PTR(result);
17385 -@@ -3221,7 +3381,7 @@ static const struct pid_entry tid_base_stuff[] = {
17386 +@@ -3216,7 +3376,7 @@ static const struct pid_entry tid_base_stuff[] = {
17387 NOD("comm", S_IFREG|S_IRUGO|S_IWUSR,
17388 &proc_tid_comm_inode_operations,
17389 &proc_pid_set_comm_operations, {}),
17390 @@ -114549,7 +114825,7 @@ index a11eb71..d48ca0e 100644
17391 ONE("syscall", S_IRUSR, proc_pid_syscall),
17392 #endif
17393 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
17394 -@@ -3248,10 +3408,10 @@ static const struct pid_entry tid_base_stuff[] = {
17395 +@@ -3243,10 +3403,10 @@ static const struct pid_entry tid_base_stuff[] = {
17396 #ifdef CONFIG_SECURITY
17397 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
17398 #endif
17399 @@ -128944,10 +129220,10 @@ index af0254c..a4e4da3 100644
17400 extern char __per_cpu_load[], __per_cpu_start[], __per_cpu_end[];
17401 extern char __kprobes_text_start[], __kprobes_text_end[];
17402 diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
17403 -index 1bfa602..aab89b1 100644
17404 +index 32901d1..5fa5a13 100644
17405 --- a/include/asm-generic/uaccess.h
17406 +++ b/include/asm-generic/uaccess.h
17407 -@@ -345,4 +345,20 @@ clear_user(void __user *to, unsigned long n)
17408 +@@ -351,4 +351,20 @@ clear_user(void __user *to, unsigned long n)
17409 return __clear_user(to, n);
17410 }
17411
17412 @@ -130502,10 +130778,10 @@ index 71c1b21..529a781 100644
17413 extern struct dma_map_ops dma_noop_ops;
17414
17415 diff --git a/include/linux/efi.h b/include/linux/efi.h
17416 -index f196dd0..bbcc416 100644
17417 +index 17fd2c5..a48e2bb 100644
17418 --- a/include/linux/efi.h
17419 +++ b/include/linux/efi.h
17420 -@@ -1184,6 +1184,7 @@ struct efivar_operations {
17421 +@@ -1193,6 +1193,7 @@ struct efivar_operations {
17422 efi_set_variable_t *set_variable_nonblocking;
17423 efi_query_variable_store_t *query_variable_store;
17424 };
17425 @@ -132479,7 +132755,7 @@ index 1eee6bc..9cf4912 100644
17426 extern struct ipc_namespace init_ipc_ns;
17427 extern atomic_t nr_ipc_ns;
17428 diff --git a/include/linux/irq.h b/include/linux/irq.h
17429 -index 4d758a7..f6ce482 100644
17430 +index cbb5a2c..276804f 100644
17431 --- a/include/linux/irq.h
17432 +++ b/include/linux/irq.h
17433 @@ -399,7 +399,10 @@ struct irq_chip {
17434 @@ -133198,7 +133474,7 @@ index 093607f..9717227 100644
17435 register_memory_notifier(&fn##_mem_nb); \
17436 })
17437 diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
17438 -index 4429d25..ae5ab54 100644
17439 +index 5e5b296..629113f 100644
17440 --- a/include/linux/mempolicy.h
17441 +++ b/include/linux/mempolicy.h
17442 @@ -91,6 +91,10 @@ static inline struct mempolicy *mpol_dup(struct mempolicy *pol)
17443 @@ -133212,7 +133488,7 @@ index 4429d25..ae5ab54 100644
17444
17445 static inline void mpol_get(struct mempolicy *pol)
17446 {
17447 -@@ -235,6 +239,9 @@ mpol_shared_policy_lookup(struct shared_policy *sp, unsigned long idx)
17448 +@@ -236,6 +240,9 @@ mpol_shared_policy_lookup(struct shared_policy *sp, unsigned long idx)
17449 }
17450
17451 #define vma_policy(vma) NULL
17452 @@ -133223,7 +133499,7 @@ index 4429d25..ae5ab54 100644
17453 static inline int
17454 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
17455 diff --git a/include/linux/mm.h b/include/linux/mm.h
17456 -index ece042d..8115afb 100644
17457 +index 317564b..3e200b9 100644
17458 --- a/include/linux/mm.h
17459 +++ b/include/linux/mm.h
17460 @@ -107,6 +107,7 @@ extern int mmap_rnd_compat_bits __read_mostly;
17461 @@ -133416,7 +133692,7 @@ index ece042d..8115afb 100644
17462 if (rlim < RLIM_INFINITY) {
17463 if (((new - start) + (end_data - start_data)) > rlim)
17464 return -ENOSPC;
17465 -@@ -1996,6 +2012,7 @@ extern unsigned long do_mmap(struct file *file, unsigned long addr,
17466 +@@ -1997,6 +2013,7 @@ extern unsigned long do_mmap(struct file *file, unsigned long addr,
17467 unsigned long len, unsigned long prot, unsigned long flags,
17468 vm_flags_t vm_flags, unsigned long pgoff, unsigned long *populate);
17469 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
17470 @@ -133424,7 +133700,7 @@ index ece042d..8115afb 100644
17471
17472 static inline unsigned long
17473 do_mmap_pgoff(struct file *file, unsigned long addr,
17474 -@@ -2032,10 +2049,11 @@ struct vm_unmapped_area_info {
17475 +@@ -2033,10 +2050,11 @@ struct vm_unmapped_area_info {
17476 unsigned long high_limit;
17477 unsigned long align_mask;
17478 unsigned long align_offset;
17479 @@ -133438,7 +133714,7 @@ index ece042d..8115afb 100644
17480
17481 /*
17482 * Search for an unmapped address range.
17483 -@@ -2047,7 +2065,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
17484 +@@ -2048,7 +2066,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
17485 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
17486 */
17487 static inline unsigned long
17488 @@ -133447,7 +133723,7 @@ index ece042d..8115afb 100644
17489 {
17490 if (info->flags & VM_UNMAPPED_AREA_TOPDOWN)
17491 return unmapped_area_topdown(info);
17492 -@@ -2107,6 +2125,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
17493 +@@ -2108,6 +2126,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
17494 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
17495 struct vm_area_struct **pprev);
17496
17497 @@ -133458,7 +133734,7 @@ index ece042d..8115afb 100644
17498 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
17499 NULL if none. Assume start_addr < end_addr. */
17500 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
17501 -@@ -2136,10 +2158,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
17502 +@@ -2137,10 +2159,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
17503 }
17504
17505 #ifdef CONFIG_MMU
17506 @@ -133471,7 +133747,7 @@ index ece042d..8115afb 100644
17507 {
17508 return __pgprot(0);
17509 }
17510 -@@ -2322,7 +2344,7 @@ extern int get_hwpoison_page(struct page *page);
17511 +@@ -2323,7 +2345,7 @@ extern int get_hwpoison_page(struct page *page);
17512 extern int sysctl_memory_failure_early_kill;
17513 extern int sysctl_memory_failure_recovery;
17514 extern void shake_page(struct page *p, int access);
17515 @@ -133480,7 +133756,7 @@ index ece042d..8115afb 100644
17516 extern int soft_offline_page(struct page *page, int flags);
17517
17518
17519 -@@ -2410,5 +2432,11 @@ void __init setup_nr_node_ids(void);
17520 +@@ -2411,5 +2433,11 @@ void __init setup_nr_node_ids(void);
17521 static inline void setup_nr_node_ids(void) {}
17522 #endif
17523
17524 @@ -133870,7 +134146,7 @@ index 25aa03b..9817031 100644
17525 struct iovec;
17526 struct kvec;
17527 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
17528 -index da4b33b..0ae34af 100644
17529 +index 4f0e6fb..2f980dd 100644
17530 --- a/include/linux/netdevice.h
17531 +++ b/include/linux/netdevice.h
17532 @@ -1290,6 +1290,7 @@ struct net_device_ops {
17533 @@ -133903,7 +134179,7 @@ index da4b33b..0ae34af 100644
17534
17535 #ifdef CONFIG_WIRELESS_EXT
17536 const struct iw_handler_def *wireless_handlers;
17537 -@@ -4152,7 +4153,7 @@ static inline bool netif_reduces_vlan_mtu(struct net_device *dev)
17538 +@@ -4153,7 +4154,7 @@ static inline bool netif_reduces_vlan_mtu(struct net_device *dev)
17539 return dev->priv_flags & IFF_MACSEC;
17540 }
17541
17542 @@ -137045,7 +137321,7 @@ index 5122b5e..598b440 100644
17543 void v9fs_register_trans(struct p9_trans_module *m);
17544 void v9fs_unregister_trans(struct p9_trans_module *m);
17545 diff --git a/include/net/af_unix.h b/include/net/af_unix.h
17546 -index 9b4c418..f3ff431 100644
17547 +index fd60ecc..64e2a1e 100644
17548 --- a/include/net/af_unix.h
17549 +++ b/include/net/af_unix.h
17550 @@ -36,7 +36,7 @@ struct unix_skb_parms {
17551 @@ -137951,7 +138227,7 @@ index ff5be7e..598bf64 100644
17552
17553 void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
17554 diff --git a/include/net/tcp.h b/include/net/tcp.h
17555 -index 0bcc70f..5c46882 100644
17556 +index 7254051..1f9ddac 100644
17557 --- a/include/net/tcp.h
17558 +++ b/include/net/tcp.h
17559 @@ -543,7 +543,7 @@ void tcp_retransmit_timer(struct sock *sk);
17560 @@ -137983,7 +138259,7 @@ index 0bcc70f..5c46882 100644
17561 union {
17562 struct {
17563 /* There is space for up to 20 bytes */
17564 -@@ -1869,7 +1869,7 @@ static inline void tcp_segs_in(struct tcp_sock *tp, const struct sk_buff *skb)
17565 +@@ -1871,7 +1871,7 @@ static inline void tcp_segs_in(struct tcp_sock *tp, const struct sk_buff *skb)
17566 */
17567 static inline void tcp_listendrop(const struct sock *sk)
17568 {
17569 @@ -140505,7 +140781,7 @@ index 8c50276..457c599 100644
17570 pagefault_disable();
17571 result = __get_user(opcode, (uprobe_opcode_t __user *)vaddr);
17572 diff --git a/kernel/exit.c b/kernel/exit.c
17573 -index 9e6e135..4af378d 100644
17574 +index 26a766a..b802979 100644
17575 --- a/kernel/exit.c
17576 +++ b/kernel/exit.c
17577 @@ -170,6 +170,10 @@ void release_task(struct task_struct *p)
17578 @@ -140566,7 +140842,7 @@ index 9e6e135..4af378d 100644
17579 exit_mm(tsk);
17580
17581 if (group_dead)
17582 -@@ -851,7 +860,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
17583 +@@ -846,7 +855,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
17584 * Take down every thread in the group. This is called by fatal signals
17585 * as well as by sys_exit_group (below).
17586 */
17587 @@ -140575,7 +140851,7 @@ index 9e6e135..4af378d 100644
17588 do_group_exit(int exit_code)
17589 {
17590 struct signal_struct *sig = current->signal;
17591 -@@ -979,6 +988,7 @@ static int wait_noreap_copyout(struct wait_opts *wo, struct task_struct *p,
17592 +@@ -974,6 +983,7 @@ static int wait_noreap_copyout(struct wait_opts *wo, struct task_struct *p,
17593 * the lock and this task is uninteresting. If we return nonzero, we have
17594 * released the lock and the system call should return.
17595 */
17596 @@ -140583,7 +140859,7 @@ index 9e6e135..4af378d 100644
17597 static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
17598 {
17599 int state, retval, status;
17600 -@@ -995,6 +1005,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
17601 +@@ -990,6 +1000,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
17602
17603 get_task_struct(p);
17604 read_unlock(&tasklist_lock);
17605 @@ -140591,7 +140867,7 @@ index 9e6e135..4af378d 100644
17606 sched_annotate_sleep();
17607
17608 if ((exit_code & 0x7f) == 0) {
17609 -@@ -1017,6 +1028,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
17610 +@@ -1012,6 +1023,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
17611 * We own this thread, nobody else can reap it.
17612 */
17613 read_unlock(&tasklist_lock);
17614 @@ -140599,7 +140875,7 @@ index 9e6e135..4af378d 100644
17615 sched_annotate_sleep();
17616
17617 /*
17618 -@@ -1159,6 +1171,8 @@ static int *task_stopped_code(struct task_struct *p, bool ptrace)
17619 +@@ -1154,6 +1166,8 @@ static int *task_stopped_code(struct task_struct *p, bool ptrace)
17620 * search should terminate.
17621 */
17622 static int wait_task_stopped(struct wait_opts *wo,
17623 @@ -140608,7 +140884,7 @@ index 9e6e135..4af378d 100644
17624 int ptrace, struct task_struct *p)
17625 {
17626 struct siginfo __user *infop;
17627 -@@ -1206,6 +1220,7 @@ unlock_sig:
17628 +@@ -1201,6 +1215,7 @@ unlock_sig:
17629 pid = task_pid_vnr(p);
17630 why = ptrace ? CLD_TRAPPED : CLD_STOPPED;
17631 read_unlock(&tasklist_lock);
17632 @@ -140616,7 +140892,7 @@ index 9e6e135..4af378d 100644
17633 sched_annotate_sleep();
17634
17635 if (unlikely(wo->wo_flags & WNOWAIT))
17636 -@@ -1243,6 +1258,7 @@ unlock_sig:
17637 +@@ -1238,6 +1253,7 @@ unlock_sig:
17638 * the lock and this task is uninteresting. If we return nonzero, we have
17639 * released the lock and the system call should return.
17640 */
17641 @@ -140624,7 +140900,7 @@ index 9e6e135..4af378d 100644
17642 static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
17643 {
17644 int retval;
17645 -@@ -1269,6 +1285,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
17646 +@@ -1264,6 +1280,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
17647 pid = task_pid_vnr(p);
17648 get_task_struct(p);
17649 read_unlock(&tasklist_lock);
17650 @@ -140632,7 +140908,7 @@ index 9e6e135..4af378d 100644
17651 sched_annotate_sleep();
17652
17653 if (!wo->wo_info) {
17654 -@@ -1298,6 +1315,8 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
17655 +@@ -1293,6 +1310,8 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
17656 * or another error from security_task_wait(), or still -ECHILD.
17657 */
17658 static int wait_consider_task(struct wait_opts *wo, int ptrace,
17659 @@ -140641,7 +140917,7 @@ index 9e6e135..4af378d 100644
17660 struct task_struct *p)
17661 {
17662 /*
17663 -@@ -1423,6 +1442,7 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace,
17664 +@@ -1418,6 +1437,7 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace,
17665 * ->notask_error is 0 if there were any eligible children,
17666 * or another error from security_task_wait(), or still -ECHILD.
17667 */
17668 @@ -140649,7 +140925,7 @@ index 9e6e135..4af378d 100644
17669 static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
17670 {
17671 struct task_struct *p;
17672 -@@ -1437,6 +1457,7 @@ static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
17673 +@@ -1432,6 +1452,7 @@ static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
17674 return 0;
17675 }
17676
17677 @@ -140657,7 +140933,7 @@ index 9e6e135..4af378d 100644
17678 static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk)
17679 {
17680 struct task_struct *p;
17681 -@@ -1500,12 +1521,16 @@ repeat:
17682 +@@ -1495,12 +1516,16 @@ repeat:
17683 tsk = current;
17684 do {
17685 retval = do_wait_thread(wo, tsk);
17686 @@ -140714,7 +140990,7 @@ index e820cce..72195de 100644
17687
17688 /* Given an address, look for it in the exception tables. */
17689 diff --git a/kernel/fork.c b/kernel/fork.c
17690 -index aea4f4d..59d599e 100644
17691 +index 74fd390..597bfcb 100644
17692 --- a/kernel/fork.c
17693 +++ b/kernel/fork.c
17694 @@ -197,12 +197,55 @@ static void free_thread_stack(unsigned long *stack)
17695 @@ -141054,7 +141330,7 @@ index aea4f4d..59d599e 100644
17696 }
17697
17698 static inline int mm_alloc_pgd(struct mm_struct *mm)
17699 -@@ -836,8 +940,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
17700 +@@ -859,8 +963,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
17701 return ERR_PTR(err);
17702
17703 mm = get_task_mm(task);
17704 @@ -141065,7 +141341,7 @@ index aea4f4d..59d599e 100644
17705 mmput(mm);
17706 mm = ERR_PTR(-EACCES);
17707 }
17708 -@@ -1038,13 +1142,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
17709 +@@ -1061,13 +1165,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
17710 spin_unlock(&fs->lock);
17711 return -EAGAIN;
17712 }
17713 @@ -141087,7 +141363,7 @@ index aea4f4d..59d599e 100644
17714 return 0;
17715 }
17716
17717 -@@ -1277,7 +1388,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
17718 +@@ -1300,7 +1411,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
17719 * parts of the process environment (as per the clone
17720 * flags). The actual kick-off is left to the caller.
17721 */
17722 @@ -141096,7 +141372,7 @@ index aea4f4d..59d599e 100644
17723 unsigned long stack_start,
17724 unsigned long stack_size,
17725 int __user *child_tidptr,
17726 -@@ -1349,6 +1460,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
17727 +@@ -1372,6 +1483,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
17728 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
17729 #endif
17730 retval = -EAGAIN;
17731 @@ -141106,7 +141382,7 @@ index aea4f4d..59d599e 100644
17732 if (atomic_read(&p->real_cred->user->processes) >=
17733 task_rlimit(p, RLIMIT_NPROC)) {
17734 if (p->real_cred->user != INIT_USER &&
17735 -@@ -1607,6 +1721,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
17736 +@@ -1630,6 +1744,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
17737 goto bad_fork_cancel_cgroup;
17738 }
17739
17740 @@ -141123,7 +141399,7 @@ index aea4f4d..59d599e 100644
17741 if (likely(p->pid)) {
17742 ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
17743
17744 -@@ -1698,6 +1822,8 @@ bad_fork_cleanup_count:
17745 +@@ -1721,6 +1845,8 @@ bad_fork_cleanup_count:
17746 bad_fork_free:
17747 free_task(p);
17748 fork_out:
17749 @@ -141132,7 +141408,7 @@ index aea4f4d..59d599e 100644
17750 return ERR_PTR(retval);
17751 }
17752
17753 -@@ -1761,6 +1887,7 @@ long _do_fork(unsigned long clone_flags,
17754 +@@ -1784,6 +1910,7 @@ long _do_fork(unsigned long clone_flags,
17755
17756 p = copy_process(clone_flags, stack_start, stack_size,
17757 child_tidptr, NULL, trace, tls, NUMA_NO_NODE);
17758 @@ -141140,7 +141416,7 @@ index aea4f4d..59d599e 100644
17759 /*
17760 * Do this prior waking up the new thread - the thread pointer
17761 * might get invalid after that point, if the thread exits quickly.
17762 -@@ -1777,6 +1904,8 @@ long _do_fork(unsigned long clone_flags,
17763 +@@ -1800,6 +1927,8 @@ long _do_fork(unsigned long clone_flags,
17764 if (clone_flags & CLONE_PARENT_SETTID)
17765 put_user(nr, parent_tidptr);
17766
17767 @@ -141149,7 +141425,7 @@ index aea4f4d..59d599e 100644
17768 if (clone_flags & CLONE_VFORK) {
17769 p->vfork_done = &vfork;
17770 init_completion(&vfork);
17771 -@@ -1913,7 +2042,7 @@ void __init proc_caches_init(void)
17772 +@@ -1936,7 +2065,7 @@ void __init proc_caches_init(void)
17773 sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
17774 SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
17775 NULL);
17776 @@ -141158,7 +141434,7 @@ index aea4f4d..59d599e 100644
17777 mmap_init();
17778 nsproxy_cache_init();
17779 }
17780 -@@ -1961,7 +2090,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
17781 +@@ -1984,7 +2113,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
17782 return 0;
17783
17784 /* don't need lock here; in the worst case we'll do useless copy */
17785 @@ -141167,7 +141443,7 @@ index aea4f4d..59d599e 100644
17786 return 0;
17787
17788 *new_fsp = copy_fs_struct(fs);
17789 -@@ -2074,7 +2203,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
17790 +@@ -2097,7 +2226,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
17791 fs = current->fs;
17792 spin_lock(&fs->lock);
17793 current->fs = new_fs;
17794 @@ -141177,7 +141453,7 @@ index aea4f4d..59d599e 100644
17795 new_fs = NULL;
17796 else
17797 new_fs = fs;
17798 -@@ -2138,7 +2268,7 @@ int unshare_files(struct files_struct **displaced)
17799 +@@ -2161,7 +2291,7 @@ int unshare_files(struct files_struct **displaced)
17800 int sysctl_max_threads(struct ctl_table *table, int write,
17801 void __user *buffer, size_t *lenp, loff_t *ppos)
17802 {
17803 @@ -141267,7 +141543,7 @@ index ef0bc02..2c983f5 100644
17804 irq_wake_secondary(desc, action);
17805
17806 diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
17807 -index 0afe671..244f89c 100644
17808 +index 6143b2f..87ffe77 100644
17809 --- a/kernel/irq/msi.c
17810 +++ b/kernel/irq/msi.c
17811 @@ -214,16 +214,18 @@ static void msi_domain_update_dom_ops(struct msi_domain_info *info)
17812 @@ -143098,18 +143374,46 @@ index a65ba13..f600dbb 100644
17813 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
17814 return -EPERM;
17815 diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
17816 -index 68d3ebc..82bb833 100644
17817 +index 68d3ebc..554935d 100644
17818 --- a/kernel/power/Kconfig
17819 +++ b/kernel/power/Kconfig
17820 -@@ -34,6 +34,8 @@ config HIBERNATE_CALLBACKS
17821 +@@ -34,6 +34,7 @@ config HIBERNATE_CALLBACKS
17822 config HIBERNATION
17823 bool "Hibernation (aka 'suspend to disk')"
17824 depends on SWAP && ARCH_HIBERNATION_POSSIBLE
17825 + depends on !GRKERNSEC_KMEM
17826 -+ depends on !PAX_MEMORY_SANITIZE
17827 select HIBERNATE_CALLBACKS
17828 select LZO_COMPRESS
17829 select LZO_DECOMPRESS
17830 +diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
17831 +index fca9254..a40591f 100644
17832 +--- a/kernel/power/hibernate.c
17833 ++++ b/kernel/power/hibernate.c
17834 +@@ -305,8 +305,10 @@ static int create_image(int platform_mode)
17835 + error);
17836 + /* Restore control flow magically appears here */
17837 + restore_processor_state();
17838 +- if (!in_suspend)
17839 ++ if (!in_suspend) {
17840 + events_check_enabled = false;
17841 ++ clear_free_pages();
17842 ++ }
17843 +
17844 + platform_leave(platform_mode);
17845 +
17846 +diff --git a/kernel/power/power.h b/kernel/power/power.h
17847 +index efe1b3b..cd674b2 100644
17848 +--- a/kernel/power/power.h
17849 ++++ b/kernel/power/power.h
17850 +@@ -101,6 +101,8 @@ extern int create_basic_memory_bitmaps(void);
17851 + extern void free_basic_memory_bitmaps(void);
17852 + extern int hibernate_preallocate_memory(void);
17853 +
17854 ++extern void clear_free_pages(void);
17855 ++
17856 + /**
17857 + * Auxiliary structure used for reading the snapshot image data and
17858 + * metadata from and writing them to the list of page backup entries
17859 diff --git a/kernel/power/process.c b/kernel/power/process.c
17860 index 0c2ee97..63229a6 100644
17861 --- a/kernel/power/process.c
17862 @@ -143153,6 +143457,37 @@ index 0c2ee97..63229a6 100644
17863 break;
17864
17865 if (pm_wakeup_pending()) {
17866 +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
17867 +index 3a97060..12c1d4e 100644
17868 +--- a/kernel/power/snapshot.c
17869 ++++ b/kernel/power/snapshot.c
17870 +@@ -1032,6 +1032,26 @@ void free_basic_memory_bitmaps(void)
17871 + pr_debug("PM: Basic memory bitmaps freed\n");
17872 + }
17873 +
17874 ++void clear_free_pages(void)
17875 ++{
17876 ++ struct memory_bitmap *bm = free_pages_map;
17877 ++ unsigned long pfn;
17878 ++
17879 ++ if (WARN_ON(!(free_pages_map)))
17880 ++ return;
17881 ++
17882 ++ memory_bm_position_reset(bm);
17883 ++ pfn = memory_bm_next_pfn(bm);
17884 ++ while (pfn != BM_END_OF_MAP) {
17885 ++ if (pfn_valid(pfn))
17886 ++ clear_highpage(pfn_to_page(pfn));
17887 ++
17888 ++ pfn = memory_bm_next_pfn(bm);
17889 ++ }
17890 ++ memory_bm_position_reset(bm);
17891 ++ pr_info("PM: free pages cleared after restore\n");
17892 ++}
17893 ++
17894 + /**
17895 + * snapshot_additional_pages - estimate the number of additional pages
17896 + * be needed for setting up the suspend image data structures for given
17897 diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
17898 index 60cdf63..eab5721 100644
17899 --- a/kernel/printk/printk.c
17900 @@ -143956,10 +144291,10 @@ index a5d966c..9c2d28b 100644
17901 #ifdef CONFIG_RT_GROUP_SCHED
17902 /*
17903 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
17904 -index 97ee9ac..f8349adf 100644
17905 +index 38eacc3..9f35d87 100644
17906 --- a/kernel/sched/core.c
17907 +++ b/kernel/sched/core.c
17908 -@@ -2236,7 +2236,7 @@ void set_numabalancing_state(bool enabled)
17909 +@@ -2258,7 +2258,7 @@ void set_numabalancing_state(bool enabled)
17910 int sysctl_numa_balancing(struct ctl_table *table, int write,
17911 void __user *buffer, size_t *lenp, loff_t *ppos)
17912 {
17913 @@ -143968,7 +144303,7 @@ index 97ee9ac..f8349adf 100644
17914 int err;
17915 int state = static_branch_likely(&sched_numa_balancing);
17916
17917 -@@ -2311,7 +2311,7 @@ static void __init init_schedstats(void)
17918 +@@ -2333,7 +2333,7 @@ static void __init init_schedstats(void)
17919 int sysctl_schedstats(struct ctl_table *table, int write,
17920 void __user *buffer, size_t *lenp, loff_t *ppos)
17921 {
17922 @@ -143977,7 +144312,7 @@ index 97ee9ac..f8349adf 100644
17923 int err;
17924 int state = static_branch_likely(&sched_schedstats);
17925
17926 -@@ -2754,7 +2754,7 @@ static struct rq *finish_task_switch(struct task_struct *prev)
17927 +@@ -2776,7 +2776,7 @@ static struct rq *finish_task_switch(struct task_struct *prev)
17928 /* rq->lock is NOT held, but preemption is disabled */
17929 static void __balance_callback(struct rq *rq)
17930 {
17931 @@ -143986,7 +144321,7 @@ index 97ee9ac..f8349adf 100644
17932 void (*func)(struct rq *rq);
17933 unsigned long flags;
17934
17935 -@@ -2762,7 +2762,7 @@ static void __balance_callback(struct rq *rq)
17936 +@@ -2784,7 +2784,7 @@ static void __balance_callback(struct rq *rq)
17937 head = rq->balance_callback;
17938 rq->balance_callback = NULL;
17939 while (head) {
17940 @@ -143995,7 +144330,7 @@ index 97ee9ac..f8349adf 100644
17941 next = head->next;
17942 head->next = NULL;
17943 head = next;
17944 -@@ -3708,6 +3708,8 @@ int can_nice(const struct task_struct *p, const int nice)
17945 +@@ -3730,6 +3730,8 @@ int can_nice(const struct task_struct *p, const int nice)
17946 /* convert nice value [19,-20] to rlimit style value [1,40] */
17947 int nice_rlim = nice_to_rlimit(nice);
17948
17949 @@ -144004,7 +144339,7 @@ index 97ee9ac..f8349adf 100644
17950 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
17951 capable(CAP_SYS_NICE));
17952 }
17953 -@@ -3734,7 +3736,8 @@ SYSCALL_DEFINE1(nice, int, increment)
17954 +@@ -3756,7 +3758,8 @@ SYSCALL_DEFINE1(nice, int, increment)
17955 nice = task_nice(current) + increment;
17956
17957 nice = clamp_val(nice, MIN_NICE, MAX_NICE);
17958 @@ -144014,7 +144349,7 @@ index 97ee9ac..f8349adf 100644
17959 return -EPERM;
17960
17961 retval = security_task_setnice(current, nice);
17962 -@@ -4044,6 +4047,7 @@ recheck:
17963 +@@ -4066,6 +4069,7 @@ recheck:
17964 if (policy != p->policy && !rlim_rtprio)
17965 return -EPERM;
17966
17967 @@ -144022,7 +144357,7 @@ index 97ee9ac..f8349adf 100644
17968 /* can't increase priority */
17969 if (attr->sched_priority > p->rt_priority &&
17970 attr->sched_priority > rlim_rtprio)
17971 -@@ -7529,7 +7533,7 @@ void __might_sleep(const char *file, int line, int preempt_offset)
17972 +@@ -7551,7 +7555,7 @@ void __might_sleep(const char *file, int line, int preempt_offset)
17973 */
17974 WARN_ONCE(current->state != TASK_RUNNING && current->task_state_change,
17975 "do not call blocking ops when !TASK_RUNNING; "
17976 @@ -149153,7 +149488,7 @@ index 9e04681..30759a2 100644
17977 mm = get_task_mm(tsk);
17978 if (!mm)
17979 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
17980 -index 297d685..388696f 100644
17981 +index e682861..c92d0a8 100644
17982 --- a/mm/mempolicy.c
17983 +++ b/mm/mempolicy.c
17984 @@ -730,6 +730,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
17985 @@ -150992,7 +151327,7 @@ index e248194..ff005a8 100644
17986 struct bdi_writeback *wb = dtc->wb;
17987 unsigned long write_bw = wb->avg_write_bandwidth;
17988 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
17989 -index 8b3e134..d47200a 100644
17990 +index 6e35419..3ebe533 100644
17991 --- a/mm/page_alloc.c
17992 +++ b/mm/page_alloc.c
17993 @@ -63,6 +63,7 @@
17994 @@ -151150,7 +151485,7 @@ index 8b3e134..d47200a 100644
17995 clear_bit(ZONE_FAIR_DEPLETED, &zone->flags);
17996 } while (zone++ != preferred_zone);
17997 }
17998 -@@ -6858,7 +6901,7 @@ static void __setup_per_zone_wmarks(void)
17999 +@@ -6812,7 +6855,7 @@ static void __setup_per_zone_wmarks(void)
18000
18001 __mod_zone_page_state(zone, NR_ALLOC_BATCH,
18002 high_wmark_pages(zone) - low_wmark_pages(zone) -
18003 @@ -154582,7 +154917,7 @@ index b7de71f..808387d 100644
18004
18005 return err;
18006 diff --git a/net/core/dev.c b/net/core/dev.c
18007 -index 904ff43..050ec70 100644
18008 +index 97fb3da..be181d7 100644
18009 --- a/net/core/dev.c
18010 +++ b/net/core/dev.c
18011 @@ -1766,7 +1766,7 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
18012 @@ -154630,7 +154965,7 @@ index 904ff43..050ec70 100644
18013 {
18014 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
18015
18016 -@@ -4206,9 +4206,9 @@ ncls:
18017 +@@ -4222,9 +4222,9 @@ ncls:
18018 } else {
18019 drop:
18020 if (!deliver_exact)
18021 @@ -154642,7 +154977,7 @@ index 904ff43..050ec70 100644
18022 kfree_skb(skb);
18023 /* Jamal, now you will not able to escape explaining
18024 * me how you were going to use this. :-)
18025 -@@ -5175,7 +5175,7 @@ out_unlock:
18026 +@@ -5191,7 +5191,7 @@ out_unlock:
18027 return work;
18028 }
18029
18030 @@ -154651,7 +154986,7 @@ index 904ff43..050ec70 100644
18031 {
18032 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
18033 unsigned long time_limit = jiffies + 2;
18034 -@@ -7390,9 +7390,9 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
18035 +@@ -7406,9 +7406,9 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
18036 } else {
18037 netdev_stats_to_stats64(storage, &dev->stats);
18038 }
18039 @@ -154664,7 +154999,7 @@ index 904ff43..050ec70 100644
18040 return storage;
18041 }
18042 EXPORT_SYMBOL(dev_get_stats);
18043 -@@ -8014,7 +8014,7 @@ static void __net_exit netdev_exit(struct net *net)
18044 +@@ -8030,7 +8030,7 @@ static void __net_exit netdev_exit(struct net *net)
18045 kfree(net->dev_index_head);
18046 }
18047
18048 @@ -154673,7 +155008,7 @@ index 904ff43..050ec70 100644
18049 .init = netdev_init,
18050 .exit = netdev_exit,
18051 };
18052 -@@ -8114,7 +8114,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
18053 +@@ -8130,7 +8130,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
18054 rtnl_unlock();
18055 }
18056
18057 @@ -154702,7 +155037,7 @@ index b94b1d2..da3ed7c 100644
18058 EXPORT_SYMBOL(dev_load);
18059
18060 diff --git a/net/core/filter.c b/net/core/filter.c
18061 -index e759d90..daa69dc 100644
18062 +index bca32d6..5a27650 100644
18063 --- a/net/core/filter.c
18064 +++ b/net/core/filter.c
18065 @@ -590,7 +590,11 @@ do_pass:
18066 @@ -156128,7 +156463,7 @@ index 71a52f4d..2bab905 100644
18067 msg.msg_flags = flags;
18068
18069 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
18070 -index a917903..b0bdff6 100644
18071 +index cc701fa..473bb8c 100644
18072 --- a/net/ipv4/ip_vti.c
18073 +++ b/net/ipv4/ip_vti.c
18074 @@ -44,7 +44,7 @@
18075 @@ -156149,6 +156484,15 @@ index a917903..b0bdff6 100644
18076 .kind = "vti",
18077 .maxtype = IFLA_VTI_MAX,
18078 .policy = vti_policy,
18079 +@@ -580,7 +580,7 @@ static int vti_device_event(struct notifier_block *unused,
18080 + return NOTIFY_DONE;
18081 + }
18082 +
18083 +-static struct notifier_block vti_notifier_block __read_mostly = {
18084 ++static notifier_block_no_const vti_notifier_block __read_only = {
18085 + .notifier_call = vti_device_event,
18086 + };
18087 +
18088 diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
18089 index 1d71c40..3f8a6fa 100644
18090 --- a/net/ipv4/ipconfig.c
18091 @@ -156807,7 +157151,7 @@ index 42bf89a..adc7e6d 100644
18092 write_pnet(&ireq->ireq_net, sock_net(sk_listener));
18093 ireq->ireq_family = sk_listener->sk_family;
18094 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
18095 -index 3708de2..2b40e93 100644
18096 +index ba7ce3f..b106df6 100644
18097 --- a/net/ipv4/tcp_ipv4.c
18098 +++ b/net/ipv4/tcp_ipv4.c
18099 @@ -88,6 +88,10 @@ int sysctl_tcp_tw_reuse __read_mostly;
18100 @@ -156821,7 +157165,7 @@ index 3708de2..2b40e93 100644
18101 #ifdef CONFIG_TCP_MD5SIG
18102 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
18103 __be32 daddr, __be32 saddr, const struct tcphdr *th);
18104 -@@ -1425,6 +1429,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
18105 +@@ -1431,6 +1435,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
18106 return 0;
18107
18108 reset:
18109 @@ -156831,7 +157175,7 @@ index 3708de2..2b40e93 100644
18110 tcp_v4_send_reset(rsk, skb);
18111 discard:
18112 kfree_skb(skb);
18113 -@@ -1592,12 +1599,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
18114 +@@ -1598,12 +1605,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
18115 lookup:
18116 sk = __inet_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source,
18117 th->dest, &refcounted);
18118 @@ -156854,7 +157198,7 @@ index 3708de2..2b40e93 100644
18119
18120 if (sk->sk_state == TCP_NEW_SYN_RECV) {
18121 struct request_sock *req = inet_reqsk(sk);
18122 -@@ -1687,6 +1701,10 @@ csum_error:
18123 +@@ -1693,6 +1707,10 @@ csum_error:
18124 bad_packet:
18125 __TCP_INC_STATS(net, TCP_MIB_INERRS);
18126 } else {
18127 @@ -156865,7 +157209,7 @@ index 3708de2..2b40e93 100644
18128 tcp_v4_send_reset(NULL, skb);
18129 }
18130
18131 -@@ -2425,7 +2443,7 @@ static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
18132 +@@ -2431,7 +2449,7 @@ static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
18133 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
18134 }
18135
18136 @@ -156957,7 +157301,7 @@ index debdd8b..7bcef89 100644
18137 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
18138 /* Has it gone just too far? */
18139 diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
18140 -index e61f7cd..8206e7a 100644
18141 +index 00d18c5..3e65784 100644
18142 --- a/net/ipv4/udp.c
18143 +++ b/net/ipv4/udp.c
18144 @@ -87,6 +87,7 @@
18145 @@ -157008,7 +157352,7 @@ index e61f7cd..8206e7a 100644
18146 daddr = inet->inet_daddr;
18147 dport = inet->inet_dport;
18148 /* Open fast path for connected socket.
18149 -@@ -1199,7 +1216,7 @@ static unsigned int first_packet_length(struct sock *sk)
18150 +@@ -1199,7 +1216,7 @@ static int first_packet_length(struct sock *sk)
18151 IS_UDPLITE(sk));
18152 __UDP_INC_STATS(sock_net(sk), UDP_MIB_INERRORS,
18153 IS_UDPLITE(sk));
18154 @@ -157180,7 +157524,7 @@ index 542074c..648df74 100644
18155 sizeof(XFRM_MODE_SKB_CB(skb)->flow_lbl));
18156
18157 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
18158 -index 047c75a..bc3f19c 100644
18159 +index 82e367b..1b4ae5e 100644
18160 --- a/net/ipv6/addrconf.c
18161 +++ b/net/ipv6/addrconf.c
18162 @@ -179,7 +179,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
18163 @@ -157210,7 +157554,7 @@ index 047c75a..bc3f19c 100644
18164 net->dev_base_seq;
18165 hlist_for_each_entry_rcu(dev, head, index_hlist) {
18166 if (idx < s_idx)
18167 -@@ -2596,7 +2596,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
18168 +@@ -2597,7 +2597,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
18169 p.iph.ihl = 5;
18170 p.iph.protocol = IPPROTO_IPV6;
18171 p.iph.ttl = 64;
18172 @@ -157219,7 +157563,7 @@ index 047c75a..bc3f19c 100644
18173
18174 if (ops->ndo_do_ioctl) {
18175 mm_segment_t oldfs = get_fs();
18176 -@@ -4029,16 +4029,23 @@ static const struct file_operations if6_fops = {
18177 +@@ -4031,16 +4031,23 @@ static const struct file_operations if6_fops = {
18178 .release = seq_release_net,
18179 };
18180
18181 @@ -157244,7 +157588,7 @@ index 047c75a..bc3f19c 100644
18182 }
18183
18184 static struct pernet_operations if6_proc_net_ops = {
18185 -@@ -4657,7 +4664,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
18186 +@@ -4659,7 +4666,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
18187 s_ip_idx = ip_idx = cb->args[2];
18188
18189 rcu_read_lock();
18190 @@ -157253,7 +157597,7 @@ index 047c75a..bc3f19c 100644
18191 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
18192 idx = 0;
18193 head = &net->dev_index_head[h];
18194 -@@ -4870,7 +4877,7 @@ static inline size_t inet6_if_nlmsg_size(void)
18195 +@@ -4872,7 +4879,7 @@ static inline size_t inet6_if_nlmsg_size(void)
18196 + nla_total_size(inet6_ifla6_size()); /* IFLA_PROTINFO */
18197 }
18198
18199 @@ -157262,7 +157606,7 @@ index 047c75a..bc3f19c 100644
18200 int items, int bytes)
18201 {
18202 int i;
18203 -@@ -4880,7 +4887,7 @@ static inline void __snmp6_fill_statsdev(u64 *stats, atomic_long_t *mib,
18204 +@@ -4882,7 +4889,7 @@ static inline void __snmp6_fill_statsdev(u64 *stats, atomic_long_t *mib,
18205 /* Use put_unaligned() because stats may not be aligned for u64. */
18206 put_unaligned(items, &stats[0]);
18207 for (i = 1; i < items; i++)
18208 @@ -157271,7 +157615,7 @@ index 047c75a..bc3f19c 100644
18209
18210 memset(&stats[items], 0, pad);
18211 }
18212 -@@ -5337,7 +5344,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
18213 +@@ -5339,7 +5346,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
18214 rt_genid_bump_ipv6(net);
18215 break;
18216 }
18217 @@ -157280,7 +157624,7 @@ index 047c75a..bc3f19c 100644
18218 }
18219
18220 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
18221 -@@ -5357,7 +5364,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
18222 +@@ -5359,7 +5366,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
18223 int *valp = ctl->data;
18224 int val = *valp;
18225 loff_t pos = *ppos;
18226 @@ -157289,7 +157633,7 @@ index 047c75a..bc3f19c 100644
18227 int ret;
18228
18229 /*
18230 -@@ -5380,7 +5387,7 @@ static
18231 +@@ -5382,7 +5389,7 @@ static
18232 int addrconf_sysctl_hop_limit(struct ctl_table *ctl, int write,
18233 void __user *buffer, size_t *lenp, loff_t *ppos)
18234 {
18235 @@ -157298,7 +157642,7 @@ index 047c75a..bc3f19c 100644
18236 int min_hl = 1, max_hl = 255;
18237
18238 lctl = *ctl;
18239 -@@ -5396,7 +5403,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
18240 +@@ -5398,7 +5405,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
18241 {
18242 struct inet6_dev *idev = ctl->extra1;
18243 int min_mtu = IPV6_MIN_MTU;
18244 @@ -157307,7 +157651,7 @@ index 047c75a..bc3f19c 100644
18245
18246 lctl = *ctl;
18247 lctl.extra1 = &min_mtu;
18248 -@@ -5471,7 +5478,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
18249 +@@ -5473,7 +5480,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
18250 int *valp = ctl->data;
18251 int val = *valp;
18252 loff_t pos = *ppos;
18253 @@ -157316,7 +157660,7 @@ index 047c75a..bc3f19c 100644
18254 int ret;
18255
18256 /*
18257 -@@ -5536,7 +5543,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
18258 +@@ -5538,7 +5545,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
18259 int err;
18260 struct in6_addr addr;
18261 char str[IPV6_MAX_STRLEN];
18262 @@ -157325,7 +157669,7 @@ index 047c75a..bc3f19c 100644
18263 struct net *net = ctl->extra2;
18264 struct ipv6_stable_secret *secret = ctl->data;
18265
18266 -@@ -5605,7 +5612,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
18267 +@@ -5607,7 +5614,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
18268 int *valp = ctl->data;
18269 int val = *valp;
18270 loff_t pos = *ppos;
18271 @@ -157334,7 +157678,7 @@ index 047c75a..bc3f19c 100644
18272 int ret;
18273
18274 /* ctl->data points to idev->cnf.ignore_routes_when_linkdown
18275 -@@ -5945,7 +5952,7 @@ static int __addrconf_sysctl_register(struct net *net, char *dev_name,
18276 +@@ -5947,7 +5954,7 @@ static int __addrconf_sysctl_register(struct net *net, char *dev_name,
18277 struct inet6_dev *idev, struct ipv6_devconf *p)
18278 {
18279 int i;
18280 @@ -157452,7 +157796,7 @@ index 776d145..69772ae 100644
18281 .maxtype = IFLA_GRE_MAX,
18282 .policy = ip6gre_policy,
18283 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
18284 -index 7b0481e..cd77386 100644
18285 +index 888543d..bcc126c 100644
18286 --- a/net/ipv6/ip6_tunnel.c
18287 +++ b/net/ipv6/ip6_tunnel.c
18288 @@ -80,7 +80,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
18289 @@ -157464,7 +157808,7 @@ index 7b0481e..cd77386 100644
18290
18291 static int ip6_tnl_net_id __read_mostly;
18292 struct ip6_tnl_net {
18293 -@@ -1992,7 +1992,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
18294 +@@ -1994,7 +1994,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
18295 [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
18296 };
18297
18298 @@ -157611,10 +157955,10 @@ index e4347ae..c7654e7 100644
18299 return -ENOMEM;
18300 }
18301 diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
18302 -index 3ee3e44..2f70cc3 100644
18303 +index 4086604..7a868ec 100644
18304 --- a/net/ipv6/ping.c
18305 +++ b/net/ipv6/ping.c
18306 -@@ -242,6 +242,24 @@ static struct pernet_operations ping_v6_net_ops = {
18307 +@@ -247,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = {
18308 };
18309 #endif
18310
18311 @@ -157639,7 +157983,7 @@ index 3ee3e44..2f70cc3 100644
18312 int __init pingv6_init(void)
18313 {
18314 #ifdef CONFIG_PROC_FS
18315 -@@ -249,13 +267,7 @@ int __init pingv6_init(void)
18316 +@@ -254,13 +272,7 @@ int __init pingv6_init(void)
18317 if (ret)
18318 return ret;
18319 #endif
18320 @@ -157654,7 +157998,7 @@ index 3ee3e44..2f70cc3 100644
18321 return inet6_register_protosw(&pingv6_protosw);
18322 }
18323
18324 -@@ -264,14 +276,9 @@ int __init pingv6_init(void)
18325 +@@ -269,14 +281,9 @@ int __init pingv6_init(void)
18326 */
18327 void pingv6_exit(void)
18328 {
18329 @@ -157893,7 +158237,7 @@ index 45243bb..cdb398e 100644
18330 struct ctl_table *ipv6_icmp_table;
18331 int err;
18332 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
18333 -index 2255d2b..b1c03a4 100644
18334 +index 889acc4..c4a32ab 100644
18335 --- a/net/ipv6/tcp_ipv6.c
18336 +++ b/net/ipv6/tcp_ipv6.c
18337 @@ -101,6 +101,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
18338 @@ -157907,7 +158251,7 @@ index 2255d2b..b1c03a4 100644
18339 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
18340 {
18341 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
18342 -@@ -1274,6 +1278,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
18343 +@@ -1280,6 +1284,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
18344 return 0;
18345
18346 reset:
18347 @@ -157917,7 +158261,7 @@ index 2255d2b..b1c03a4 100644
18348 tcp_v6_send_reset(sk, skb);
18349 discard:
18350 if (opt_skb)
18351 -@@ -1386,12 +1393,20 @@ lookup:
18352 +@@ -1392,12 +1399,20 @@ lookup:
18353 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
18354 th->source, th->dest, inet6_iif(skb),
18355 &refcounted);
18356 @@ -157940,7 +158284,7 @@ index 2255d2b..b1c03a4 100644
18357
18358 if (sk->sk_state == TCP_NEW_SYN_RECV) {
18359 struct request_sock *req = inet_reqsk(sk);
18360 -@@ -1481,6 +1496,10 @@ csum_error:
18361 +@@ -1487,6 +1502,10 @@ csum_error:
18362 bad_packet:
18363 __TCP_INC_STATS(net, TCP_MIB_INERRS);
18364 } else {
18365 @@ -158333,7 +158677,7 @@ index 8567366..7c8aa51 100644
18366 irda_task_kick(task);
18367 }
18368 diff --git a/net/irda/iriap.c b/net/irda/iriap.c
18369 -index 4a7ae32a..bfe8e78 100644
18370 +index 1138eaf..cb1900c 100644
18371 --- a/net/irda/iriap.c
18372 +++ b/net/irda/iriap.c
18373 @@ -61,7 +61,7 @@ static const char *const ias_charset_types[] __maybe_unused = {
18374 @@ -158365,7 +158709,7 @@ index 4a7ae32a..bfe8e78 100644
18375 }
18376
18377 /*
18378 -@@ -215,8 +215,10 @@ EXPORT_SYMBOL(iriap_open);
18379 +@@ -219,8 +219,10 @@ EXPORT_SYMBOL(iriap_open);
18380 * Removes (deallocates) the IrIAP instance
18381 *
18382 */
18383 @@ -158377,7 +158721,7 @@ index 4a7ae32a..bfe8e78 100644
18384 IRDA_ASSERT(self != NULL, return;);
18385 IRDA_ASSERT(self->magic == IAS_MAGIC, return;);
18386
18387 -@@ -942,7 +944,7 @@ void iriap_call_indication(struct iriap_cb *self, struct sk_buff *skb)
18388 +@@ -946,7 +948,7 @@ void iriap_call_indication(struct iriap_cb *self, struct sk_buff *skb)
18389 * Query has taken too long time, so abort
18390 *
18391 */
18392 @@ -158800,27 +159144,6 @@ index 7eaa000..2fa7f35 100644
18393 .notifier_call = iucv_cpu_notify,
18394 };
18395
18396 -diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
18397 -index 0b68ba7..48613f5 100644
18398 ---- a/net/kcm/kcmsock.c
18399 -+++ b/net/kcm/kcmsock.c
18400 -@@ -13,6 +13,7 @@
18401 - #include <linux/socket.h>
18402 - #include <linux/uaccess.h>
18403 - #include <linux/workqueue.h>
18404 -+#include <linux/syscalls.h>
18405 - #include <net/kcm.h>
18406 - #include <net/netns/generic.h>
18407 - #include <net/sock.h>
18408 -@@ -2035,7 +2036,7 @@ static int kcm_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
18409 - if (copy_to_user((void __user *)arg, &info,
18410 - sizeof(info))) {
18411 - err = -EFAULT;
18412 -- sock_release(newsock);
18413 -+ sys_close(info.fd);
18414 - }
18415 - }
18416 -
18417 diff --git a/net/key/af_key.c b/net/key/af_key.c
18418 index f9c9ecb..060751e 100644
18419 --- a/net/key/af_key.c
18420 @@ -161297,7 +161620,7 @@ index d3d50da..55e871e 100644
18421
18422 static int sctp_v4_protosw_init(void)
18423 diff --git a/net/sctp/sctp_diag.c b/net/sctp/sctp_diag.c
18424 -index f69edcf..f015617 100644
18425 +index 10bae22..1d96d9d 100644
18426 --- a/net/sctp/sctp_diag.c
18427 +++ b/net/sctp/sctp_diag.c
18428 @@ -150,7 +150,7 @@ static int inet_sctp_diag_fill(struct sock *sk, struct sctp_association *asoc,
18429 @@ -161820,23 +162143,10 @@ index 9d88c62..53396b6 100644
18430 #define gssx_dec_release_handle NULL
18431 #define gssx_enc_get_mic NULL
18432 diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
18433 -index e085f5a..c947fa5 100644
18434 +index 4605dc7..c947fa5 100644
18435 --- a/net/sunrpc/auth_gss/svcauth_gss.c
18436 +++ b/net/sunrpc/auth_gss/svcauth_gss.c
18437 -@@ -569,9 +569,10 @@ gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle)
18438 - struct rsc *found;
18439 -
18440 - memset(&rsci, 0, sizeof(rsci));
18441 -- rsci.handle.data = handle->data;
18442 -- rsci.handle.len = handle->len;
18443 -+ if (dup_to_netobj(&rsci.handle, handle->data, handle->len))
18444 -+ return NULL;
18445 - found = rsc_lookup(cd, &rsci);
18446 -+ rsc_free(&rsci);
18447 - if (!found)
18448 - return NULL;
18449 - if (cache_check(cd, &found->h, NULL))
18450 -@@ -1141,7 +1142,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
18451 +@@ -1142,7 +1142,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
18452 uint64_t *handle)
18453 {
18454 struct rsc rsci, *rscp = NULL;
18455 @@ -161845,7 +162155,7 @@ index e085f5a..c947fa5 100644
18456 long long ctxh;
18457 struct gss_api_mech *gm = NULL;
18458 time_t expiry;
18459 -@@ -1152,7 +1153,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
18460 +@@ -1153,7 +1153,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
18461 status = -ENOMEM;
18462 /* the handle needs to be just a unique id,
18463 * use a static counter */
18464 @@ -162384,10 +162694,10 @@ index 0dd0224..36a22a0 100644
18465 sub->evt.event = htohl(event, sub->swap);
18466 sub->evt.found_lower = htohl(found_lower, sub->swap);
18467 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
18468 -index 735362c..49c97c7 100644
18469 +index e444fa4..1e5a065 100644
18470 --- a/net/unix/af_unix.c
18471 +++ b/net/unix/af_unix.c
18472 -@@ -919,6 +919,12 @@ static struct sock *unix_find_other(struct net *net,
18473 +@@ -920,6 +920,12 @@ static struct sock *unix_find_other(struct net *net,
18474 err = -ECONNREFUSED;
18475 if (!S_ISSOCK(inode->i_mode))
18476 goto put_fail;
18477 @@ -162400,7 +162710,7 @@ index 735362c..49c97c7 100644
18478 u = unix_find_socket_byinode(inode);
18479 if (!u)
18480 goto put_fail;
18481 -@@ -939,6 +945,13 @@ static struct sock *unix_find_other(struct net *net,
18482 +@@ -940,6 +946,13 @@ static struct sock *unix_find_other(struct net *net,
18483 if (u) {
18484 struct dentry *dentry;
18485 dentry = unix_sk(u)->path.dentry;
18486 @@ -162414,27 +162724,27 @@ index 735362c..49c97c7 100644
18487 if (dentry)
18488 touch_atime(&unix_sk(u)->path);
18489 } else
18490 -@@ -960,13 +973,19 @@ static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mo
18491 -
18492 - err = security_path_mknod(path, dentry, mode, 0);
18493 +@@ -973,12 +986,19 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
18494 + */
18495 + err = security_path_mknod(&path, dentry, mode, 0);
18496 if (!err) {
18497 -+ if (!gr_acl_handle_mknod(dentry, path->dentry, path->mnt, mode)) {
18498 ++ if (!gr_acl_handle_mknod(dentry, path.dentry, path.mnt, mode)) {
18499 + err = -EACCES;
18500 + goto out;
18501 + }
18502 - err = vfs_mknod(d_inode(path->dentry), dentry, mode, 0);
18503 + err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
18504 if (!err) {
18505 - res->mnt = mntget(path->mnt);
18506 + res->mnt = mntget(path.mnt);
18507 res->dentry = dget(dentry);
18508 -+ gr_handle_create(dentry, path->mnt);
18509 ++ gr_handle_create(dentry, path.mnt);
18510 }
18511 }
18512 -
18513 ++
18514 +out:
18515 + done_path_create(&path, dentry);
18516 return err;
18517 }
18518 -
18519 -@@ -2811,9 +2830,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
18520 +@@ -2798,9 +2818,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
18521 seq_puts(seq, "Num RefCount Protocol Flags Type St "
18522 "Inode Path\n");
18523 else {
18524 @@ -162449,7 +162759,7 @@ index 735362c..49c97c7 100644
18525
18526 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
18527 s,
18528 -@@ -2838,10 +2861,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
18529 +@@ -2825,10 +2849,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
18530 seq_putc(seq, '@');
18531 i++;
18532 }
18533 @@ -162995,7 +163305,7 @@ index 94c7405..499cca4 100644
18534
18535 int cfg80211_wext_freq(struct iw_freq *freq);
18536 diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
18537 -index dbb2738e..6a52210 100644
18538 +index 6250b1c..91c4bc4 100644
18539 --- a/net/wireless/wext-core.c
18540 +++ b/net/wireless/wext-core.c
18541 @@ -781,8 +781,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
18542 @@ -214594,6 +214904,56 @@ index 552705d..9920f4fb 100644
18543 key = ima_hash_key(entry->digest);
18544 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
18545 return 0;
18546 +diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
18547 +index 5adbfc3..17a0610 100644
18548 +--- a/security/keys/encrypted-keys/encrypted.c
18549 ++++ b/security/keys/encrypted-keys/encrypted.c
18550 +@@ -29,6 +29,7 @@
18551 + #include <linux/rcupdate.h>
18552 + #include <linux/scatterlist.h>
18553 + #include <linux/ctype.h>
18554 ++#include <crypto/aes.h>
18555 + #include <crypto/hash.h>
18556 + #include <crypto/sha.h>
18557 + #include <crypto/skcipher.h>
18558 +@@ -478,6 +479,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
18559 + struct crypto_skcipher *tfm;
18560 + struct skcipher_request *req;
18561 + unsigned int encrypted_datalen;
18562 ++ u8 iv[AES_BLOCK_SIZE];
18563 + unsigned int padlen;
18564 + char pad[16];
18565 + int ret;
18566 +@@ -500,8 +502,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
18567 + sg_init_table(sg_out, 1);
18568 + sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
18569 +
18570 +- skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
18571 +- epayload->iv);
18572 ++ memcpy(iv, epayload->iv, sizeof(iv));
18573 ++ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
18574 + ret = crypto_skcipher_encrypt(req);
18575 + tfm = crypto_skcipher_reqtfm(req);
18576 + skcipher_request_free(req);
18577 +@@ -581,6 +583,7 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
18578 + struct crypto_skcipher *tfm;
18579 + struct skcipher_request *req;
18580 + unsigned int encrypted_datalen;
18581 ++ u8 iv[AES_BLOCK_SIZE];
18582 + char pad[16];
18583 + int ret;
18584 +
18585 +@@ -599,8 +602,8 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
18586 + epayload->decrypted_datalen);
18587 + sg_set_buf(&sg_out[1], pad, sizeof pad);
18588 +
18589 +- skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
18590 +- epayload->iv);
18591 ++ memcpy(iv, epayload->iv, sizeof(iv));
18592 ++ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
18593 + ret = crypto_skcipher_decrypt(req);
18594 + tfm = crypto_skcipher_reqtfm(req);
18595 + skcipher_request_free(req);
18596 diff --git a/security/keys/internal.h b/security/keys/internal.h
18597 index a705a7d..898c675 100644
18598 --- a/security/keys/internal.h
18599
18600 diff --git a/4.7.4/4425_grsec_remove_EI_PAX.patch b/4.7.5/4425_grsec_remove_EI_PAX.patch
18601 similarity index 100%
18602 rename from 4.7.4/4425_grsec_remove_EI_PAX.patch
18603 rename to 4.7.5/4425_grsec_remove_EI_PAX.patch
18604
18605 diff --git a/4.7.4/4427_force_XATTR_PAX_tmpfs.patch b/4.7.5/4427_force_XATTR_PAX_tmpfs.patch
18606 similarity index 100%
18607 rename from 4.7.4/4427_force_XATTR_PAX_tmpfs.patch
18608 rename to 4.7.5/4427_force_XATTR_PAX_tmpfs.patch
18609
18610 diff --git a/4.7.4/4430_grsec-remove-localversion-grsec.patch b/4.7.5/4430_grsec-remove-localversion-grsec.patch
18611 similarity index 100%
18612 rename from 4.7.4/4430_grsec-remove-localversion-grsec.patch
18613 rename to 4.7.5/4430_grsec-remove-localversion-grsec.patch
18614
18615 diff --git a/4.7.4/4435_grsec-mute-warnings.patch b/4.7.5/4435_grsec-mute-warnings.patch
18616 similarity index 100%
18617 rename from 4.7.4/4435_grsec-mute-warnings.patch
18618 rename to 4.7.5/4435_grsec-mute-warnings.patch
18619
18620 diff --git a/4.7.4/4440_grsec-remove-protected-paths.patch b/4.7.5/4440_grsec-remove-protected-paths.patch
18621 similarity index 100%
18622 rename from 4.7.4/4440_grsec-remove-protected-paths.patch
18623 rename to 4.7.5/4440_grsec-remove-protected-paths.patch
18624
18625 diff --git a/4.7.4/4450_grsec-kconfig-default-gids.patch b/4.7.5/4450_grsec-kconfig-default-gids.patch
18626 similarity index 100%
18627 rename from 4.7.4/4450_grsec-kconfig-default-gids.patch
18628 rename to 4.7.5/4450_grsec-kconfig-default-gids.patch
18629
18630 diff --git a/4.7.4/4465_selinux-avc_audit-log-curr_ip.patch b/4.7.5/4465_selinux-avc_audit-log-curr_ip.patch
18631 similarity index 100%
18632 rename from 4.7.4/4465_selinux-avc_audit-log-curr_ip.patch
18633 rename to 4.7.5/4465_selinux-avc_audit-log-curr_ip.patch
18634
18635 diff --git a/4.7.4/4470_disable-compat_vdso.patch b/4.7.5/4470_disable-compat_vdso.patch
18636 similarity index 100%
18637 rename from 4.7.4/4470_disable-compat_vdso.patch
18638 rename to 4.7.5/4470_disable-compat_vdso.patch
18639
18640 diff --git a/4.7.4/4475_emutramp_default_on.patch b/4.7.5/4475_emutramp_default_on.patch
18641 similarity index 100%
18642 rename from 4.7.4/4475_emutramp_default_on.patch
18643 rename to 4.7.5/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups