Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Sat, 03 Feb 2018 21:23:24
Message-Id: 1517692993.257f9c5d5274af2fdcbefb953d451bff7bdf7f3b.mpagano@gentoo
1 commit: 257f9c5d5274af2fdcbefb953d451bff7bdf7f3b
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sat Feb 3 21:23:13 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sat Feb 3 21:23:13 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=257f9c5d
7
8 Linux patch 4.4.115
9
10 0000_README | 4 +
11 1114_linux-4.4.115.patch | 1942 ++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 1946 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 918bb76..60d9f40 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -499,6 +499,10 @@ Patch: 1113_linux-4.4.114.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.4.114
21
22 +Patch: 1114_linux-4.4.115.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.4.115
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1114_linux-4.4.115.patch b/1114_linux-4.4.115.patch
31 new file mode 100644
32 index 0000000..998f062
33 --- /dev/null
34 +++ b/1114_linux-4.4.115.patch
35 @@ -0,0 +1,1942 @@
36 +diff --git a/Makefile b/Makefile
37 +index 153440b1bbb0..9c60120dd9fd 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,6 +1,6 @@
41 + VERSION = 4
42 + PATCHLEVEL = 4
43 +-SUBLEVEL = 114
44 ++SUBLEVEL = 115
45 + EXTRAVERSION =
46 + NAME = Blurry Fish Butt
47 +
48 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
49 +index 14cdc6dea493..83af36d9439f 100644
50 +--- a/arch/arm64/Kconfig
51 ++++ b/arch/arm64/Kconfig
52 +@@ -54,6 +54,7 @@ config ARM64
53 + select HAVE_ARCH_SECCOMP_FILTER
54 + select HAVE_ARCH_TRACEHOOK
55 + select HAVE_BPF_JIT
56 ++ select HAVE_EBPF_JIT
57 + select HAVE_C_RECORDMCOUNT
58 + select HAVE_CC_STACKPROTECTOR
59 + select HAVE_CMPXCHG_DOUBLE
60 +diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
61 +index 5ad7b721b769..2ee95ece0498 100644
62 +--- a/arch/s390/Kconfig
63 ++++ b/arch/s390/Kconfig
64 +@@ -123,6 +123,7 @@ config S390
65 + select HAVE_ARCH_TRACEHOOK
66 + select HAVE_ARCH_TRANSPARENT_HUGEPAGE
67 + select HAVE_BPF_JIT if PACK_STACK && HAVE_MARCH_Z196_FEATURES
68 ++ select HAVE_EBPF_JIT if PACK_STACK && HAVE_MARCH_Z196_FEATURES
69 + select HAVE_CMPXCHG_DOUBLE
70 + select HAVE_CMPXCHG_LOCAL
71 + select HAVE_DEBUG_KMEMLEAK
72 +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
73 +index 75d0053b495a..2db93042f2f3 100644
74 +--- a/arch/x86/Kconfig
75 ++++ b/arch/x86/Kconfig
76 +@@ -88,6 +88,7 @@ config X86
77 + select HAVE_ARCH_TRACEHOOK
78 + select HAVE_ARCH_TRANSPARENT_HUGEPAGE
79 + select HAVE_BPF_JIT if X86_64
80 ++ select HAVE_EBPF_JIT if X86_64
81 + select HAVE_CC_STACKPROTECTOR
82 + select HAVE_CMPXCHG_DOUBLE
83 + select HAVE_CMPXCHG_LOCAL
84 +diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
85 +index 3633ad6145c5..c18806b5db2a 100644
86 +--- a/arch/x86/crypto/aesni-intel_glue.c
87 ++++ b/arch/x86/crypto/aesni-intel_glue.c
88 +@@ -965,7 +965,7 @@ static int helper_rfc4106_encrypt(struct aead_request *req)
89 +
90 + if (sg_is_last(req->src) &&
91 + req->src->offset + req->src->length <= PAGE_SIZE &&
92 +- sg_is_last(req->dst) &&
93 ++ sg_is_last(req->dst) && req->dst->length &&
94 + req->dst->offset + req->dst->length <= PAGE_SIZE) {
95 + one_entry_in_sg = 1;
96 + scatterwalk_start(&src_sg_walk, req->src);
97 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
98 +index 9d2abb2a41d2..74fda1a453bd 100644
99 +--- a/arch/x86/include/asm/kvm_host.h
100 ++++ b/arch/x86/include/asm/kvm_host.h
101 +@@ -998,7 +998,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
102 + static inline int emulate_instruction(struct kvm_vcpu *vcpu,
103 + int emulation_type)
104 + {
105 +- return x86_emulate_instruction(vcpu, 0, emulation_type, NULL, 0);
106 ++ return x86_emulate_instruction(vcpu, 0,
107 ++ emulation_type | EMULTYPE_NO_REEXECUTE, NULL, 0);
108 + }
109 +
110 + void kvm_enable_efer_bits(u64);
111 +diff --git a/arch/x86/kernel/cpu/perf_event_intel_bts.c b/arch/x86/kernel/cpu/perf_event_intel_bts.c
112 +index 2cad71d1b14c..5af11c46d0b9 100644
113 +--- a/arch/x86/kernel/cpu/perf_event_intel_bts.c
114 ++++ b/arch/x86/kernel/cpu/perf_event_intel_bts.c
115 +@@ -22,6 +22,7 @@
116 + #include <linux/debugfs.h>
117 + #include <linux/device.h>
118 + #include <linux/coredump.h>
119 ++#include <linux/kaiser.h>
120 +
121 + #include <asm-generic/sizes.h>
122 + #include <asm/perf_event.h>
123 +@@ -67,6 +68,23 @@ static size_t buf_size(struct page *page)
124 + return 1 << (PAGE_SHIFT + page_private(page));
125 + }
126 +
127 ++static void bts_buffer_free_aux(void *data)
128 ++{
129 ++#ifdef CONFIG_PAGE_TABLE_ISOLATION
130 ++ struct bts_buffer *buf = data;
131 ++ int nbuf;
132 ++
133 ++ for (nbuf = 0; nbuf < buf->nr_bufs; nbuf++) {
134 ++ struct page *page = buf->buf[nbuf].page;
135 ++ void *kaddr = page_address(page);
136 ++ size_t page_size = buf_size(page);
137 ++
138 ++ kaiser_remove_mapping((unsigned long)kaddr, page_size);
139 ++ }
140 ++#endif
141 ++ kfree(data);
142 ++}
143 ++
144 + static void *
145 + bts_buffer_setup_aux(int cpu, void **pages, int nr_pages, bool overwrite)
146 + {
147 +@@ -103,29 +121,33 @@ bts_buffer_setup_aux(int cpu, void **pages, int nr_pages, bool overwrite)
148 + buf->real_size = size - size % BTS_RECORD_SIZE;
149 +
150 + for (pg = 0, nbuf = 0, offset = 0, pad = 0; nbuf < buf->nr_bufs; nbuf++) {
151 +- unsigned int __nr_pages;
152 ++ void *kaddr = pages[pg];
153 ++ size_t page_size;
154 ++
155 ++ page = virt_to_page(kaddr);
156 ++ page_size = buf_size(page);
157 ++
158 ++ if (kaiser_add_mapping((unsigned long)kaddr,
159 ++ page_size, __PAGE_KERNEL) < 0) {
160 ++ buf->nr_bufs = nbuf;
161 ++ bts_buffer_free_aux(buf);
162 ++ return NULL;
163 ++ }
164 +
165 +- page = virt_to_page(pages[pg]);
166 +- __nr_pages = PagePrivate(page) ? 1 << page_private(page) : 1;
167 + buf->buf[nbuf].page = page;
168 + buf->buf[nbuf].offset = offset;
169 + buf->buf[nbuf].displacement = (pad ? BTS_RECORD_SIZE - pad : 0);
170 +- buf->buf[nbuf].size = buf_size(page) - buf->buf[nbuf].displacement;
171 ++ buf->buf[nbuf].size = page_size - buf->buf[nbuf].displacement;
172 + pad = buf->buf[nbuf].size % BTS_RECORD_SIZE;
173 + buf->buf[nbuf].size -= pad;
174 +
175 +- pg += __nr_pages;
176 +- offset += __nr_pages << PAGE_SHIFT;
177 ++ pg += page_size >> PAGE_SHIFT;
178 ++ offset += page_size;
179 + }
180 +
181 + return buf;
182 + }
183 +
184 +-static void bts_buffer_free_aux(void *data)
185 +-{
186 +- kfree(data);
187 +-}
188 +-
189 + static unsigned long bts_buffer_offset(struct bts_buffer *buf, unsigned int idx)
190 + {
191 + return buf->buf[idx].offset + buf->buf[idx].displacement;
192 +diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
193 +index 91a4496db434..c77ab1f51fbe 100644
194 +--- a/arch/x86/kernel/tboot.c
195 ++++ b/arch/x86/kernel/tboot.c
196 +@@ -140,6 +140,16 @@ static int map_tboot_page(unsigned long vaddr, unsigned long pfn,
197 + return -1;
198 + set_pte_at(&tboot_mm, vaddr, pte, pfn_pte(pfn, prot));
199 + pte_unmap(pte);
200 ++
201 ++ /*
202 ++ * PTI poisons low addresses in the kernel page tables in the
203 ++ * name of making them unusable for userspace. To execute
204 ++ * code at such a low address, the poison must be cleared.
205 ++ *
206 ++ * Note: 'pgd' actually gets set in pud_alloc().
207 ++ */
208 ++ pgd->pgd &= ~_PAGE_NX;
209 ++
210 + return 0;
211 + }
212 +
213 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
214 +index 00045499f6c2..e4eb1d2bf849 100644
215 +--- a/arch/x86/kvm/emulate.c
216 ++++ b/arch/x86/kvm/emulate.c
217 +@@ -4978,6 +4978,8 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
218 + bool op_prefix = false;
219 + bool has_seg_override = false;
220 + struct opcode opcode;
221 ++ u16 dummy;
222 ++ struct desc_struct desc;
223 +
224 + ctxt->memop.type = OP_NONE;
225 + ctxt->memopp = NULL;
226 +@@ -4996,6 +4998,11 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
227 + switch (mode) {
228 + case X86EMUL_MODE_REAL:
229 + case X86EMUL_MODE_VM86:
230 ++ def_op_bytes = def_ad_bytes = 2;
231 ++ ctxt->ops->get_segment(ctxt, &dummy, &desc, NULL, VCPU_SREG_CS);
232 ++ if (desc.d)
233 ++ def_op_bytes = def_ad_bytes = 4;
234 ++ break;
235 + case X86EMUL_MODE_PROT16:
236 + def_op_bytes = def_ad_bytes = 2;
237 + break;
238 +diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
239 +index 3aab53f8cad2..d380111351c0 100644
240 +--- a/arch/x86/kvm/ioapic.c
241 ++++ b/arch/x86/kvm/ioapic.c
242 +@@ -247,8 +247,7 @@ void kvm_ioapic_scan_entry(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap)
243 + index == RTC_GSI) {
244 + if (kvm_apic_match_dest(vcpu, NULL, 0,
245 + e->fields.dest_id, e->fields.dest_mode) ||
246 +- (e->fields.trig_mode == IOAPIC_EDGE_TRIG &&
247 +- kvm_apic_pending_eoi(vcpu, e->fields.vector)))
248 ++ kvm_apic_pending_eoi(vcpu, e->fields.vector))
249 + __set_bit(e->fields.vector,
250 + (unsigned long *)eoi_exit_bitmap);
251 + }
252 +@@ -269,6 +268,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
253 + {
254 + unsigned index;
255 + bool mask_before, mask_after;
256 ++ int old_remote_irr, old_delivery_status;
257 + union kvm_ioapic_redirect_entry *e;
258 +
259 + switch (ioapic->ioregsel) {
260 +@@ -291,14 +291,28 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
261 + return;
262 + e = &ioapic->redirtbl[index];
263 + mask_before = e->fields.mask;
264 ++ /* Preserve read-only fields */
265 ++ old_remote_irr = e->fields.remote_irr;
266 ++ old_delivery_status = e->fields.delivery_status;
267 + if (ioapic->ioregsel & 1) {
268 + e->bits &= 0xffffffff;
269 + e->bits |= (u64) val << 32;
270 + } else {
271 + e->bits &= ~0xffffffffULL;
272 + e->bits |= (u32) val;
273 +- e->fields.remote_irr = 0;
274 + }
275 ++ e->fields.remote_irr = old_remote_irr;
276 ++ e->fields.delivery_status = old_delivery_status;
277 ++
278 ++ /*
279 ++ * Some OSes (Linux, Xen) assume that Remote IRR bit will
280 ++ * be cleared by IOAPIC hardware when the entry is configured
281 ++ * as edge-triggered. This behavior is used to simulate an
282 ++ * explicit EOI on IOAPICs that don't have the EOI register.
283 ++ */
284 ++ if (e->fields.trig_mode == IOAPIC_EDGE_TRIG)
285 ++ e->fields.remote_irr = 0;
286 ++
287 + mask_after = e->fields.mask;
288 + if (mask_before != mask_after)
289 + kvm_fire_mask_notifiers(ioapic->kvm, KVM_IRQCHIP_IOAPIC, index, mask_after);
290 +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
291 +index 75d60e40c389..f8d785aa2e96 100644
292 +--- a/arch/x86/kvm/vmx.c
293 ++++ b/arch/x86/kvm/vmx.c
294 +@@ -4954,7 +4954,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
295 + vmcs_write64(GUEST_IA32_DEBUGCTL, 0);
296 + }
297 +
298 +- vmcs_writel(GUEST_RFLAGS, 0x02);
299 ++ kvm_set_rflags(vcpu, X86_EFLAGS_FIXED);
300 + kvm_rip_write(vcpu, 0xfff0);
301 +
302 + vmcs_writel(GUEST_GDTR_BASE, 0);
303 +@@ -6023,7 +6023,7 @@ static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
304 + if (test_bit(KVM_REQ_EVENT, &vcpu->requests))
305 + return 1;
306 +
307 +- err = emulate_instruction(vcpu, EMULTYPE_NO_REEXECUTE);
308 ++ err = emulate_instruction(vcpu, 0);
309 +
310 + if (err == EMULATE_USER_EXIT) {
311 + ++vcpu->stat.mmio_exits;
312 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
313 +index f973cfa8ff4f..3900d34980de 100644
314 +--- a/arch/x86/kvm/x86.c
315 ++++ b/arch/x86/kvm/x86.c
316 +@@ -5153,7 +5153,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu)
317 + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
318 + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
319 + vcpu->run->internal.ndata = 0;
320 +- r = EMULATE_FAIL;
321 ++ r = EMULATE_USER_EXIT;
322 + }
323 + kvm_queue_exception(vcpu, UD_VECTOR);
324 +
325 +diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
326 +index 75991979f667..33c42b826791 100644
327 +--- a/arch/x86/net/bpf_jit_comp.c
328 ++++ b/arch/x86/net/bpf_jit_comp.c
329 +@@ -266,10 +266,10 @@ static void emit_bpf_tail_call(u8 **pprog)
330 + /* if (index >= array->map.max_entries)
331 + * goto out;
332 + */
333 +- EMIT4(0x48, 0x8B, 0x46, /* mov rax, qword ptr [rsi + 16] */
334 ++ EMIT2(0x89, 0xD2); /* mov edx, edx */
335 ++ EMIT3(0x39, 0x56, /* cmp dword ptr [rsi + 16], edx */
336 + offsetof(struct bpf_array, map.max_entries));
337 +- EMIT3(0x48, 0x39, 0xD0); /* cmp rax, rdx */
338 +-#define OFFSET1 47 /* number of bytes to jump */
339 ++#define OFFSET1 43 /* number of bytes to jump */
340 + EMIT2(X86_JBE, OFFSET1); /* jbe out */
341 + label1 = cnt;
342 +
343 +@@ -278,21 +278,20 @@ static void emit_bpf_tail_call(u8 **pprog)
344 + */
345 + EMIT2_off32(0x8B, 0x85, -STACKSIZE + 36); /* mov eax, dword ptr [rbp - 516] */
346 + EMIT3(0x83, 0xF8, MAX_TAIL_CALL_CNT); /* cmp eax, MAX_TAIL_CALL_CNT */
347 +-#define OFFSET2 36
348 ++#define OFFSET2 32
349 + EMIT2(X86_JA, OFFSET2); /* ja out */
350 + label2 = cnt;
351 + EMIT3(0x83, 0xC0, 0x01); /* add eax, 1 */
352 + EMIT2_off32(0x89, 0x85, -STACKSIZE + 36); /* mov dword ptr [rbp - 516], eax */
353 +
354 + /* prog = array->ptrs[index]; */
355 +- EMIT4_off32(0x48, 0x8D, 0x84, 0xD6, /* lea rax, [rsi + rdx * 8 + offsetof(...)] */
356 ++ EMIT4_off32(0x48, 0x8B, 0x84, 0xD6, /* mov rax, [rsi + rdx * 8 + offsetof(...)] */
357 + offsetof(struct bpf_array, ptrs));
358 +- EMIT3(0x48, 0x8B, 0x00); /* mov rax, qword ptr [rax] */
359 +
360 + /* if (prog == NULL)
361 + * goto out;
362 + */
363 +- EMIT4(0x48, 0x83, 0xF8, 0x00); /* cmp rax, 0 */
364 ++ EMIT3(0x48, 0x85, 0xC0); /* test rax,rax */
365 + #define OFFSET3 10
366 + EMIT2(X86_JE, OFFSET3); /* je out */
367 + label3 = cnt;
368 +diff --git a/crypto/af_alg.c b/crypto/af_alg.c
369 +index f5e18c2a4852..ca50eeb13097 100644
370 +--- a/crypto/af_alg.c
371 ++++ b/crypto/af_alg.c
372 +@@ -149,7 +149,7 @@ EXPORT_SYMBOL_GPL(af_alg_release_parent);
373 +
374 + static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
375 + {
376 +- const u32 forbidden = CRYPTO_ALG_INTERNAL;
377 ++ const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY;
378 + struct sock *sk = sock->sk;
379 + struct alg_sock *ask = alg_sk(sk);
380 + struct sockaddr_alg *sa = (void *)uaddr;
381 +@@ -157,6 +157,10 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
382 + void *private;
383 + int err;
384 +
385 ++ /* If caller uses non-allowed flag, return error. */
386 ++ if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed))
387 ++ return -EINVAL;
388 ++
389 + if (sock->state == SS_CONNECTED)
390 + return -EINVAL;
391 +
392 +@@ -175,9 +179,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
393 + if (IS_ERR(type))
394 + return PTR_ERR(type);
395 +
396 +- private = type->bind(sa->salg_name,
397 +- sa->salg_feat & ~forbidden,
398 +- sa->salg_mask & ~forbidden);
399 ++ private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask);
400 + if (IS_ERR(private)) {
401 + module_put(type->owner);
402 + return PTR_ERR(private);
403 +diff --git a/drivers/acpi/device_sysfs.c b/drivers/acpi/device_sysfs.c
404 +index b9afb47db7ed..1521d9a41d25 100644
405 +--- a/drivers/acpi/device_sysfs.c
406 ++++ b/drivers/acpi/device_sysfs.c
407 +@@ -146,6 +146,10 @@ static int create_pnp_modalias(struct acpi_device *acpi_dev, char *modalias,
408 + int count;
409 + struct acpi_hardware_id *id;
410 +
411 ++ /* Avoid unnecessarily loading modules for non present devices. */
412 ++ if (!acpi_device_is_present(acpi_dev))
413 ++ return 0;
414 ++
415 + /*
416 + * Since we skip ACPI_DT_NAMESPACE_HID from the modalias below, 0 should
417 + * be returned if ACPI_DT_NAMESPACE_HID is the only ACPI/PNP ID in the
418 +diff --git a/drivers/block/loop.c b/drivers/block/loop.c
419 +index cec36d5c24f5..1c36de9719e5 100644
420 +--- a/drivers/block/loop.c
421 ++++ b/drivers/block/loop.c
422 +@@ -1569,9 +1569,8 @@ out:
423 + return err;
424 + }
425 +
426 +-static void lo_release(struct gendisk *disk, fmode_t mode)
427 ++static void __lo_release(struct loop_device *lo)
428 + {
429 +- struct loop_device *lo = disk->private_data;
430 + int err;
431 +
432 + if (atomic_dec_return(&lo->lo_refcnt))
433 +@@ -1597,6 +1596,13 @@ static void lo_release(struct gendisk *disk, fmode_t mode)
434 + mutex_unlock(&lo->lo_ctl_mutex);
435 + }
436 +
437 ++static void lo_release(struct gendisk *disk, fmode_t mode)
438 ++{
439 ++ mutex_lock(&loop_index_mutex);
440 ++ __lo_release(disk->private_data);
441 ++ mutex_unlock(&loop_index_mutex);
442 ++}
443 ++
444 + static const struct block_device_operations lo_fops = {
445 + .owner = THIS_MODULE,
446 + .open = lo_open,
447 +diff --git a/drivers/cpufreq/Kconfig b/drivers/cpufreq/Kconfig
448 +index 659879a56dba..949610360b14 100644
449 +--- a/drivers/cpufreq/Kconfig
450 ++++ b/drivers/cpufreq/Kconfig
451 +@@ -236,6 +236,7 @@ endif
452 + if MIPS
453 + config LOONGSON2_CPUFREQ
454 + tristate "Loongson2 CPUFreq Driver"
455 ++ depends on LEMOTE_MACH2F
456 + help
457 + This option adds a CPUFreq driver for loongson processors which
458 + support software configurable cpu frequency.
459 +@@ -248,6 +249,7 @@ config LOONGSON2_CPUFREQ
460 +
461 + config LOONGSON1_CPUFREQ
462 + tristate "Loongson1 CPUFreq Driver"
463 ++ depends on LOONGSON1_LS1B
464 + help
465 + This option adds a CPUFreq driver for loongson1 processors which
466 + support software configurable cpu frequency.
467 +diff --git a/drivers/gpio/gpio-ath79.c b/drivers/gpio/gpio-ath79.c
468 +index 5eaea8b812cf..089a78983b39 100644
469 +--- a/drivers/gpio/gpio-ath79.c
470 ++++ b/drivers/gpio/gpio-ath79.c
471 +@@ -203,3 +203,6 @@ static struct platform_driver ath79_gpio_driver = {
472 + };
473 +
474 + module_platform_driver(ath79_gpio_driver);
475 ++
476 ++MODULE_DESCRIPTION("Atheros AR71XX/AR724X/AR913X GPIO API support");
477 ++MODULE_LICENSE("GPL v2");
478 +diff --git a/drivers/gpio/gpio-iop.c b/drivers/gpio/gpio-iop.c
479 +index 2ed0237a8baf..304e68633d29 100644
480 +--- a/drivers/gpio/gpio-iop.c
481 ++++ b/drivers/gpio/gpio-iop.c
482 +@@ -129,3 +129,7 @@ static int __init iop3xx_gpio_init(void)
483 + return platform_driver_register(&iop3xx_gpio_driver);
484 + }
485 + arch_initcall(iop3xx_gpio_init);
486 ++
487 ++MODULE_DESCRIPTION("GPIO handling for Intel IOP3xx processors");
488 ++MODULE_AUTHOR("Lennert Buytenhek <buytenh@××××××××××.org>");
489 ++MODULE_LICENSE("GPL");
490 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c
491 +index 0e1376317683..b233cf8436b0 100644
492 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c
493 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c
494 +@@ -367,29 +367,50 @@ static int kgd_hqd_sdma_load(struct kgd_dev *kgd, void *mqd)
495 + {
496 + struct amdgpu_device *adev = get_amdgpu_device(kgd);
497 + struct cik_sdma_rlc_registers *m;
498 ++ unsigned long end_jiffies;
499 + uint32_t sdma_base_addr;
500 ++ uint32_t data;
501 +
502 + m = get_sdma_mqd(mqd);
503 + sdma_base_addr = get_sdma_base_addr(m);
504 +
505 +- WREG32(sdma_base_addr + mmSDMA0_RLC0_VIRTUAL_ADDR,
506 +- m->sdma_rlc_virtual_addr);
507 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL,
508 ++ m->sdma_rlc_rb_cntl & (~SDMA0_RLC0_RB_CNTL__RB_ENABLE_MASK));
509 +
510 +- WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE,
511 +- m->sdma_rlc_rb_base);
512 ++ end_jiffies = msecs_to_jiffies(2000) + jiffies;
513 ++ while (true) {
514 ++ data = RREG32(sdma_base_addr + mmSDMA0_RLC0_CONTEXT_STATUS);
515 ++ if (data & SDMA0_RLC0_CONTEXT_STATUS__IDLE_MASK)
516 ++ break;
517 ++ if (time_after(jiffies, end_jiffies))
518 ++ return -ETIME;
519 ++ usleep_range(500, 1000);
520 ++ }
521 ++ if (m->sdma_engine_id) {
522 ++ data = RREG32(mmSDMA1_GFX_CONTEXT_CNTL);
523 ++ data = REG_SET_FIELD(data, SDMA1_GFX_CONTEXT_CNTL,
524 ++ RESUME_CTX, 0);
525 ++ WREG32(mmSDMA1_GFX_CONTEXT_CNTL, data);
526 ++ } else {
527 ++ data = RREG32(mmSDMA0_GFX_CONTEXT_CNTL);
528 ++ data = REG_SET_FIELD(data, SDMA0_GFX_CONTEXT_CNTL,
529 ++ RESUME_CTX, 0);
530 ++ WREG32(mmSDMA0_GFX_CONTEXT_CNTL, data);
531 ++ }
532 +
533 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_DOORBELL,
534 ++ m->sdma_rlc_doorbell);
535 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR, 0);
536 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_WPTR, 0);
537 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_VIRTUAL_ADDR,
538 ++ m->sdma_rlc_virtual_addr);
539 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE, m->sdma_rlc_rb_base);
540 + WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE_HI,
541 + m->sdma_rlc_rb_base_hi);
542 +-
543 + WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR_ADDR_LO,
544 + m->sdma_rlc_rb_rptr_addr_lo);
545 +-
546 + WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR_ADDR_HI,
547 + m->sdma_rlc_rb_rptr_addr_hi);
548 +-
549 +- WREG32(sdma_base_addr + mmSDMA0_RLC0_DOORBELL,
550 +- m->sdma_rlc_doorbell);
551 +-
552 + WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL,
553 + m->sdma_rlc_rb_cntl);
554 +
555 +@@ -492,9 +513,9 @@ static int kgd_hqd_sdma_destroy(struct kgd_dev *kgd, void *mqd,
556 + }
557 +
558 + WREG32(sdma_base_addr + mmSDMA0_RLC0_DOORBELL, 0);
559 +- WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_RPTR, 0);
560 +- WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_WPTR, 0);
561 +- WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_BASE, 0);
562 ++ WREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL,
563 ++ RREG32(sdma_base_addr + mmSDMA0_RLC0_RB_CNTL) |
564 ++ SDMA0_RLC0_RB_CNTL__RB_ENABLE_MASK);
565 +
566 + return 0;
567 + }
568 +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c
569 +index d83de985e88c..8577a563600f 100644
570 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c
571 ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c
572 +@@ -215,8 +215,8 @@ static int update_mqd_sdma(struct mqd_manager *mm, void *mqd,
573 + BUG_ON(!mm || !mqd || !q);
574 +
575 + m = get_sdma_mqd(mqd);
576 +- m->sdma_rlc_rb_cntl = ffs(q->queue_size / sizeof(unsigned int)) <<
577 +- SDMA0_RLC0_RB_CNTL__RB_SIZE__SHIFT |
578 ++ m->sdma_rlc_rb_cntl = (ffs(q->queue_size / sizeof(unsigned int)) - 1)
579 ++ << SDMA0_RLC0_RB_CNTL__RB_SIZE__SHIFT |
580 + q->vmid << SDMA0_RLC0_RB_CNTL__RB_VMID__SHIFT |
581 + 1 << SDMA0_RLC0_RB_CNTL__RPTR_WRITEBACK_ENABLE__SHIFT |
582 + 6 << SDMA0_RLC0_RB_CNTL__RPTR_WRITEBACK_TIMER__SHIFT;
583 +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
584 +index 7b69070f7ecc..aa41b840048f 100644
585 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
586 ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
587 +@@ -205,6 +205,24 @@ int pqm_create_queue(struct process_queue_manager *pqm,
588 +
589 + switch (type) {
590 + case KFD_QUEUE_TYPE_SDMA:
591 ++ if (dev->dqm->queue_count >=
592 ++ CIK_SDMA_QUEUES_PER_ENGINE * CIK_SDMA_ENGINE_NUM) {
593 ++ pr_err("Over-subscription is not allowed for SDMA.\n");
594 ++ retval = -EPERM;
595 ++ goto err_create_queue;
596 ++ }
597 ++
598 ++ retval = create_cp_queue(pqm, dev, &q, properties, f, *qid);
599 ++ if (retval != 0)
600 ++ goto err_create_queue;
601 ++ pqn->q = q;
602 ++ pqn->kq = NULL;
603 ++ retval = dev->dqm->ops.create_queue(dev->dqm, q, &pdd->qpd,
604 ++ &q->properties.vmid);
605 ++ pr_debug("DQM returned %d for create_queue\n", retval);
606 ++ print_queue(q);
607 ++ break;
608 ++
609 + case KFD_QUEUE_TYPE_COMPUTE:
610 + /* check if there is over subscription */
611 + if ((sched_policy == KFD_SCHED_POLICY_HWS_NO_OVERSUBSCRIPTION) &&
612 +diff --git a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
613 +index 7841970de48d..f516b5891932 100644
614 +--- a/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
615 ++++ b/drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
616 +@@ -611,7 +611,8 @@ static int omap_dmm_probe(struct platform_device *dev)
617 + match = of_match_node(dmm_of_match, dev->dev.of_node);
618 + if (!match) {
619 + dev_err(&dev->dev, "failed to find matching device node\n");
620 +- return -ENODEV;
621 ++ ret = -ENODEV;
622 ++ goto fail;
623 + }
624 +
625 + omap_dmm->plat_data = match->data;
626 +diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
627 +index ba59eaef2e07..d013acf3f83a 100644
628 +--- a/drivers/hwmon/pmbus/pmbus_core.c
629 ++++ b/drivers/hwmon/pmbus/pmbus_core.c
630 +@@ -20,6 +20,7 @@
631 + */
632 +
633 + #include <linux/kernel.h>
634 ++#include <linux/math64.h>
635 + #include <linux/module.h>
636 + #include <linux/init.h>
637 + #include <linux/err.h>
638 +@@ -476,8 +477,8 @@ static long pmbus_reg2data_linear(struct pmbus_data *data,
639 + static long pmbus_reg2data_direct(struct pmbus_data *data,
640 + struct pmbus_sensor *sensor)
641 + {
642 +- long val = (s16) sensor->data;
643 +- long m, b, R;
644 ++ s64 b, val = (s16)sensor->data;
645 ++ s32 m, R;
646 +
647 + m = data->info->m[sensor->class];
648 + b = data->info->b[sensor->class];
649 +@@ -505,11 +506,12 @@ static long pmbus_reg2data_direct(struct pmbus_data *data,
650 + R--;
651 + }
652 + while (R < 0) {
653 +- val = DIV_ROUND_CLOSEST(val, 10);
654 ++ val = div_s64(val + 5LL, 10L); /* round closest */
655 + R++;
656 + }
657 +
658 +- return (val - b) / m;
659 ++ val = div_s64(val - b, m);
660 ++ return clamp_val(val, LONG_MIN, LONG_MAX);
661 + }
662 +
663 + /*
664 +@@ -629,7 +631,8 @@ static u16 pmbus_data2reg_linear(struct pmbus_data *data,
665 + static u16 pmbus_data2reg_direct(struct pmbus_data *data,
666 + struct pmbus_sensor *sensor, long val)
667 + {
668 +- long m, b, R;
669 ++ s64 b, val64 = val;
670 ++ s32 m, R;
671 +
672 + m = data->info->m[sensor->class];
673 + b = data->info->b[sensor->class];
674 +@@ -646,18 +649,18 @@ static u16 pmbus_data2reg_direct(struct pmbus_data *data,
675 + R -= 3; /* Adjust R and b for data in milli-units */
676 + b *= 1000;
677 + }
678 +- val = val * m + b;
679 ++ val64 = val64 * m + b;
680 +
681 + while (R > 0) {
682 +- val *= 10;
683 ++ val64 *= 10;
684 + R--;
685 + }
686 + while (R < 0) {
687 +- val = DIV_ROUND_CLOSEST(val, 10);
688 ++ val64 = div_s64(val64 + 5LL, 10L); /* round closest */
689 + R++;
690 + }
691 +
692 +- return val;
693 ++ return (u16)clamp_val(val64, S16_MIN, S16_MAX);
694 + }
695 +
696 + static u16 pmbus_data2reg_vid(struct pmbus_data *data,
697 +diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
698 +index 5b815e64c1c9..a5a6909280fe 100644
699 +--- a/drivers/md/bcache/btree.c
700 ++++ b/drivers/md/bcache/btree.c
701 +@@ -808,7 +808,10 @@ int bch_btree_cache_alloc(struct cache_set *c)
702 + c->shrink.scan_objects = bch_mca_scan;
703 + c->shrink.seeks = 4;
704 + c->shrink.batch = c->btree_pages * 2;
705 +- register_shrinker(&c->shrink);
706 ++
707 ++ if (register_shrinker(&c->shrink))
708 ++ pr_warn("bcache: %s: could not register shrinker",
709 ++ __func__);
710 +
711 + return 0;
712 + }
713 +diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c
714 +index 29428bef272c..3bbc77aa6a33 100644
715 +--- a/drivers/media/usb/usbtv/usbtv-core.c
716 ++++ b/drivers/media/usb/usbtv/usbtv-core.c
717 +@@ -127,6 +127,7 @@ static void usbtv_disconnect(struct usb_interface *intf)
718 +
719 + static struct usb_device_id usbtv_id_table[] = {
720 + { USB_DEVICE(0x1b71, 0x3002) },
721 ++ { USB_DEVICE(0x1f71, 0x3301) },
722 + {}
723 + };
724 + MODULE_DEVICE_TABLE(usb, usbtv_id_table);
725 +diff --git a/drivers/mtd/nand/denali_pci.c b/drivers/mtd/nand/denali_pci.c
726 +index de31514df282..d38527e0a2f2 100644
727 +--- a/drivers/mtd/nand/denali_pci.c
728 ++++ b/drivers/mtd/nand/denali_pci.c
729 +@@ -119,3 +119,7 @@ static struct pci_driver denali_pci_driver = {
730 + };
731 +
732 + module_pci_driver(denali_pci_driver);
733 ++
734 ++MODULE_DESCRIPTION("PCI driver for Denali NAND controller");
735 ++MODULE_AUTHOR("Intel Corporation and its suppliers");
736 ++MODULE_LICENSE("GPL v2");
737 +diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
738 +index 53803fd6350c..02b23f6277fb 100644
739 +--- a/drivers/net/ethernet/intel/igb/igb_main.c
740 ++++ b/drivers/net/ethernet/intel/igb/igb_main.c
741 +@@ -3174,7 +3174,7 @@ static int __igb_close(struct net_device *netdev, bool suspending)
742 +
743 + static int igb_close(struct net_device *netdev)
744 + {
745 +- if (netif_device_present(netdev))
746 ++ if (netif_device_present(netdev) || netdev->dismantle)
747 + return __igb_close(netdev, false);
748 + return 0;
749 + }
750 +diff --git a/drivers/net/ethernet/xilinx/Kconfig b/drivers/net/ethernet/xilinx/Kconfig
751 +index 4f5c024c6192..5d5c0c433f3e 100644
752 +--- a/drivers/net/ethernet/xilinx/Kconfig
753 ++++ b/drivers/net/ethernet/xilinx/Kconfig
754 +@@ -34,6 +34,7 @@ config XILINX_AXI_EMAC
755 + config XILINX_LL_TEMAC
756 + tristate "Xilinx LL TEMAC (LocalLink Tri-mode Ethernet MAC) driver"
757 + depends on (PPC || MICROBLAZE)
758 ++ depends on !64BIT || BROKEN
759 + select PHYLIB
760 + ---help---
761 + This driver supports the Xilinx 10/100/1000 LocalLink TEMAC
762 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
763 +index fd221cc4cb79..eb7a9e62371c 100644
764 +--- a/drivers/net/xen-netfront.c
765 ++++ b/drivers/net/xen-netfront.c
766 +@@ -86,6 +86,8 @@ struct netfront_cb {
767 + /* IRQ name is queue name with "-tx" or "-rx" appended */
768 + #define IRQ_NAME_SIZE (QUEUE_NAME_SIZE + 3)
769 +
770 ++static DECLARE_WAIT_QUEUE_HEAD(module_unload_q);
771 ++
772 + struct netfront_stats {
773 + u64 packets;
774 + u64 bytes;
775 +@@ -2037,10 +2039,12 @@ static void netback_changed(struct xenbus_device *dev,
776 + break;
777 +
778 + case XenbusStateClosed:
779 ++ wake_up_all(&module_unload_q);
780 + if (dev->state == XenbusStateClosed)
781 + break;
782 + /* Missed the backend's CLOSING state -- fallthrough */
783 + case XenbusStateClosing:
784 ++ wake_up_all(&module_unload_q);
785 + xenbus_frontend_closed(dev);
786 + break;
787 + }
788 +@@ -2146,6 +2150,20 @@ static int xennet_remove(struct xenbus_device *dev)
789 +
790 + dev_dbg(&dev->dev, "%s\n", dev->nodename);
791 +
792 ++ if (xenbus_read_driver_state(dev->otherend) != XenbusStateClosed) {
793 ++ xenbus_switch_state(dev, XenbusStateClosing);
794 ++ wait_event(module_unload_q,
795 ++ xenbus_read_driver_state(dev->otherend) ==
796 ++ XenbusStateClosing);
797 ++
798 ++ xenbus_switch_state(dev, XenbusStateClosed);
799 ++ wait_event(module_unload_q,
800 ++ xenbus_read_driver_state(dev->otherend) ==
801 ++ XenbusStateClosed ||
802 ++ xenbus_read_driver_state(dev->otherend) ==
803 ++ XenbusStateUnknown);
804 ++ }
805 ++
806 + xennet_disconnect_backend(info);
807 +
808 + unregister_netdev(info->netdev);
809 +diff --git a/drivers/power/reset/zx-reboot.c b/drivers/power/reset/zx-reboot.c
810 +index a5b009673d0e..5eb719e73e9e 100644
811 +--- a/drivers/power/reset/zx-reboot.c
812 ++++ b/drivers/power/reset/zx-reboot.c
813 +@@ -78,3 +78,7 @@ static struct platform_driver zx_reboot_driver = {
814 + },
815 + };
816 + module_platform_driver(zx_reboot_driver);
817 ++
818 ++MODULE_DESCRIPTION("ZTE SoCs reset driver");
819 ++MODULE_AUTHOR("Jun Nie <jun.nie@××××××.org>");
820 ++MODULE_LICENSE("GPL v2");
821 +diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c
822 +index 8c758c36fc70..766a9176b4ad 100644
823 +--- a/drivers/scsi/aacraid/commsup.c
824 ++++ b/drivers/scsi/aacraid/commsup.c
825 +@@ -1363,13 +1363,13 @@ static int _aac_reset_adapter(struct aac_dev *aac, int forced)
826 + * will ensure that i/o is queisced and the card is flushed in that
827 + * case.
828 + */
829 ++ aac_free_irq(aac);
830 + aac_fib_map_free(aac);
831 + pci_free_consistent(aac->pdev, aac->comm_size, aac->comm_addr, aac->comm_phys);
832 + aac->comm_addr = NULL;
833 + aac->comm_phys = 0;
834 + kfree(aac->queues);
835 + aac->queues = NULL;
836 +- aac_free_irq(aac);
837 + kfree(aac->fsa_dev);
838 + aac->fsa_dev = NULL;
839 + quirks = aac_get_driver_ident(index)->quirks;
840 +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
841 +index 0c2482ec7d21..096c867069e9 100644
842 +--- a/drivers/scsi/ufs/ufshcd.c
843 ++++ b/drivers/scsi/ufs/ufshcd.c
844 +@@ -4392,12 +4392,15 @@ static int ufshcd_config_vreg(struct device *dev,
845 + struct ufs_vreg *vreg, bool on)
846 + {
847 + int ret = 0;
848 +- struct regulator *reg = vreg->reg;
849 +- const char *name = vreg->name;
850 ++ struct regulator *reg;
851 ++ const char *name;
852 + int min_uV, uA_load;
853 +
854 + BUG_ON(!vreg);
855 +
856 ++ reg = vreg->reg;
857 ++ name = vreg->name;
858 ++
859 + if (regulator_count_voltages(reg) > 0) {
860 + min_uV = on ? vreg->min_uV : 0;
861 + ret = regulator_set_voltage(reg, min_uV, vreg->max_uV);
862 +diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
863 +index 0e5723ab47f0..d17ec6775718 100644
864 +--- a/drivers/spi/spi-imx.c
865 ++++ b/drivers/spi/spi-imx.c
866 +@@ -1228,12 +1228,23 @@ static int spi_imx_remove(struct platform_device *pdev)
867 + {
868 + struct spi_master *master = platform_get_drvdata(pdev);
869 + struct spi_imx_data *spi_imx = spi_master_get_devdata(master);
870 ++ int ret;
871 +
872 + spi_bitbang_stop(&spi_imx->bitbang);
873 +
874 ++ ret = clk_enable(spi_imx->clk_per);
875 ++ if (ret)
876 ++ return ret;
877 ++
878 ++ ret = clk_enable(spi_imx->clk_ipg);
879 ++ if (ret) {
880 ++ clk_disable(spi_imx->clk_per);
881 ++ return ret;
882 ++ }
883 ++
884 + writel(0, spi_imx->base + MXC_CSPICTRL);
885 +- clk_unprepare(spi_imx->clk_ipg);
886 +- clk_unprepare(spi_imx->clk_per);
887 ++ clk_disable_unprepare(spi_imx->clk_ipg);
888 ++ clk_disable_unprepare(spi_imx->clk_per);
889 + spi_imx_sdma_exit(spi_imx);
890 + spi_master_put(master);
891 +
892 +diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
893 +index a076ede50b22..ec90f2781085 100644
894 +--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
895 ++++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
896 +@@ -1399,19 +1399,13 @@ static int rtw_wx_get_essid(struct net_device *dev,
897 + if ((check_fwstate(pmlmepriv, _FW_LINKED)) ||
898 + (check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE))) {
899 + len = pcur_bss->Ssid.SsidLength;
900 +-
901 +- wrqu->essid.length = len;
902 +-
903 + memcpy(extra, pcur_bss->Ssid.Ssid, len);
904 +-
905 +- wrqu->essid.flags = 1;
906 + } else {
907 +- ret = -1;
908 +- goto exit;
909 ++ len = 0;
910 ++ *extra = 0;
911 + }
912 +-
913 +-exit:
914 +-
915 ++ wrqu->essid.length = len;
916 ++ wrqu->essid.flags = 1;
917 +
918 + return ret;
919 + }
920 +diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c
921 +index 016e4be05cec..98176d12b3e1 100644
922 +--- a/drivers/tty/serial/imx.c
923 ++++ b/drivers/tty/serial/imx.c
924 +@@ -2057,12 +2057,14 @@ static void serial_imx_enable_wakeup(struct imx_port *sport, bool on)
925 + val &= ~UCR3_AWAKEN;
926 + writel(val, sport->port.membase + UCR3);
927 +
928 +- val = readl(sport->port.membase + UCR1);
929 +- if (on)
930 +- val |= UCR1_RTSDEN;
931 +- else
932 +- val &= ~UCR1_RTSDEN;
933 +- writel(val, sport->port.membase + UCR1);
934 ++ if (sport->have_rtscts) {
935 ++ val = readl(sport->port.membase + UCR1);
936 ++ if (on)
937 ++ val |= UCR1_RTSDEN;
938 ++ else
939 ++ val &= ~UCR1_RTSDEN;
940 ++ writel(val, sport->port.membase + UCR1);
941 ++ }
942 + }
943 +
944 + static int imx_serial_port_suspend_noirq(struct device *dev)
945 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
946 +index 3f6bb3fff890..edd8ef4ee502 100644
947 +--- a/drivers/usb/class/cdc-acm.c
948 ++++ b/drivers/usb/class/cdc-acm.c
949 +@@ -377,7 +377,7 @@ static int acm_submit_read_urb(struct acm *acm, int index, gfp_t mem_flags)
950 +
951 + res = usb_submit_urb(acm->read_urbs[index], mem_flags);
952 + if (res) {
953 +- if (res != -EPERM) {
954 ++ if (res != -EPERM && res != -ENODEV) {
955 + dev_err(&acm->data->dev,
956 + "%s - usb_submit_urb failed: %d\n",
957 + __func__, res);
958 +@@ -1695,6 +1695,9 @@ static const struct usb_device_id acm_ids[] = {
959 + { USB_DEVICE(0x0ace, 0x1611), /* ZyDAS 56K USB MODEM - new version */
960 + .driver_info = SINGLE_RX_URB, /* firmware bug */
961 + },
962 ++ { USB_DEVICE(0x11ca, 0x0201), /* VeriFone Mx870 Gadget Serial */
963 ++ .driver_info = SINGLE_RX_URB,
964 ++ },
965 + { USB_DEVICE(0x22b8, 0x7000), /* Motorola Q Phone */
966 + .driver_info = NO_UNION_NORMAL, /* has no union descriptor */
967 + },
968 +diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
969 +index d186d0282a38..f70dd3dd4393 100644
970 +--- a/drivers/usb/gadget/composite.c
971 ++++ b/drivers/usb/gadget/composite.c
972 +@@ -104,7 +104,6 @@ int config_ep_by_speed(struct usb_gadget *g,
973 + struct usb_function *f,
974 + struct usb_ep *_ep)
975 + {
976 +- struct usb_composite_dev *cdev = get_gadget_data(g);
977 + struct usb_endpoint_descriptor *chosen_desc = NULL;
978 + struct usb_descriptor_header **speed_desc = NULL;
979 +
980 +@@ -176,8 +175,12 @@ ep_found:
981 + _ep->maxburst = comp_desc->bMaxBurst + 1;
982 + break;
983 + default:
984 +- if (comp_desc->bMaxBurst != 0)
985 ++ if (comp_desc->bMaxBurst != 0) {
986 ++ struct usb_composite_dev *cdev;
987 ++
988 ++ cdev = get_gadget_data(g);
989 + ERROR(cdev, "ep0 bMaxBurst must be 0\n");
990 ++ }
991 + _ep->maxburst = 1;
992 + break;
993 + }
994 +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
995 +index 39bb65265bff..eb298daf49c7 100644
996 +--- a/drivers/usb/gadget/function/f_fs.c
997 ++++ b/drivers/usb/gadget/function/f_fs.c
998 +@@ -3490,7 +3490,8 @@ static void ffs_closed(struct ffs_data *ffs)
999 + ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
1000 + ffs_dev_unlock();
1001 +
1002 +- unregister_gadget_item(ci);
1003 ++ if (test_bit(FFS_FL_BOUND, &ffs->flags))
1004 ++ unregister_gadget_item(ci);
1005 + return;
1006 + done:
1007 + ffs_dev_unlock();
1008 +diff --git a/drivers/usb/serial/Kconfig b/drivers/usb/serial/Kconfig
1009 +index 56ecb8b5115d..584ae8cbaf1c 100644
1010 +--- a/drivers/usb/serial/Kconfig
1011 ++++ b/drivers/usb/serial/Kconfig
1012 +@@ -63,6 +63,7 @@ config USB_SERIAL_SIMPLE
1013 + - Google USB serial devices
1014 + - HP4x calculators
1015 + - a number of Motorola phones
1016 ++ - Motorola Tetra devices
1017 + - Novatel Wireless GPS receivers
1018 + - Siemens USB/MPI adapter.
1019 + - ViVOtech ViVOpay USB device.
1020 +diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
1021 +index 749e1b674145..6947985ccfb0 100644
1022 +--- a/drivers/usb/serial/io_edgeport.c
1023 ++++ b/drivers/usb/serial/io_edgeport.c
1024 +@@ -2219,7 +2219,6 @@ static int write_cmd_usb(struct edgeport_port *edge_port,
1025 + /* something went wrong */
1026 + dev_err(dev, "%s - usb_submit_urb(write command) failed, status = %d\n",
1027 + __func__, status);
1028 +- usb_kill_urb(urb);
1029 + usb_free_urb(urb);
1030 + atomic_dec(&CmdUrbs);
1031 + return status;
1032 +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
1033 +index a818c43a02ec..1799aa058a5b 100644
1034 +--- a/drivers/usb/serial/option.c
1035 ++++ b/drivers/usb/serial/option.c
1036 +@@ -383,6 +383,9 @@ static void option_instat_callback(struct urb *urb);
1037 + #define FOUR_G_SYSTEMS_PRODUCT_W14 0x9603
1038 + #define FOUR_G_SYSTEMS_PRODUCT_W100 0x9b01
1039 +
1040 ++/* Fujisoft products */
1041 ++#define FUJISOFT_PRODUCT_FS040U 0x9b02
1042 ++
1043 + /* iBall 3.5G connect wireless modem */
1044 + #define IBALL_3_5G_CONNECT 0x9605
1045 +
1046 +@@ -1897,6 +1900,8 @@ static const struct usb_device_id option_ids[] = {
1047 + { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W100),
1048 + .driver_info = (kernel_ulong_t)&four_g_w100_blacklist
1049 + },
1050 ++ {USB_DEVICE(LONGCHEER_VENDOR_ID, FUJISOFT_PRODUCT_FS040U),
1051 ++ .driver_info = (kernel_ulong_t)&net_intf3_blacklist},
1052 + { USB_DEVICE_INTERFACE_CLASS(LONGCHEER_VENDOR_ID, SPEEDUP_PRODUCT_SU9800, 0xff) },
1053 + { USB_DEVICE_INTERFACE_CLASS(LONGCHEER_VENDOR_ID, 0x9801, 0xff),
1054 + .driver_info = (kernel_ulong_t)&net_intf3_blacklist },
1055 +diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c
1056 +index a51b28379850..3da25ad267a2 100644
1057 +--- a/drivers/usb/serial/pl2303.c
1058 ++++ b/drivers/usb/serial/pl2303.c
1059 +@@ -39,6 +39,7 @@ static const struct usb_device_id id_table[] = {
1060 + { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_RSAQ2) },
1061 + { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_DCU11) },
1062 + { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_RSAQ3) },
1063 ++ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_CHILITAG) },
1064 + { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_PHAROS) },
1065 + { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_ALDIGA) },
1066 + { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_MMX) },
1067 +diff --git a/drivers/usb/serial/pl2303.h b/drivers/usb/serial/pl2303.h
1068 +index 3b5a15d1dc0d..123289085ee2 100644
1069 +--- a/drivers/usb/serial/pl2303.h
1070 ++++ b/drivers/usb/serial/pl2303.h
1071 +@@ -17,6 +17,7 @@
1072 + #define PL2303_PRODUCT_ID_DCU11 0x1234
1073 + #define PL2303_PRODUCT_ID_PHAROS 0xaaa0
1074 + #define PL2303_PRODUCT_ID_RSAQ3 0xaaa2
1075 ++#define PL2303_PRODUCT_ID_CHILITAG 0xaaa8
1076 + #define PL2303_PRODUCT_ID_ALDIGA 0x0611
1077 + #define PL2303_PRODUCT_ID_MMX 0x0612
1078 + #define PL2303_PRODUCT_ID_GPRS 0x0609
1079 +diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c
1080 +index e98b6e57b703..6aa7ff2c1cf7 100644
1081 +--- a/drivers/usb/serial/usb-serial-simple.c
1082 ++++ b/drivers/usb/serial/usb-serial-simple.c
1083 +@@ -80,6 +80,11 @@ DEVICE(vivopay, VIVOPAY_IDS);
1084 + { USB_DEVICE(0x22b8, 0x2c64) } /* Motorola V950 phone */
1085 + DEVICE(moto_modem, MOTO_IDS);
1086 +
1087 ++/* Motorola Tetra driver */
1088 ++#define MOTOROLA_TETRA_IDS() \
1089 ++ { USB_DEVICE(0x0cad, 0x9011) } /* Motorola Solutions TETRA PEI */
1090 ++DEVICE(motorola_tetra, MOTOROLA_TETRA_IDS);
1091 ++
1092 + /* Novatel Wireless GPS driver */
1093 + #define NOVATEL_IDS() \
1094 + { USB_DEVICE(0x09d7, 0x0100) } /* NovAtel FlexPack GPS */
1095 +@@ -110,6 +115,7 @@ static struct usb_serial_driver * const serial_drivers[] = {
1096 + &google_device,
1097 + &vivopay_device,
1098 + &moto_modem_device,
1099 ++ &motorola_tetra_device,
1100 + &novatel_gps_device,
1101 + &hp4x_device,
1102 + &suunto_device,
1103 +@@ -125,6 +131,7 @@ static const struct usb_device_id id_table[] = {
1104 + GOOGLE_IDS(),
1105 + VIVOPAY_IDS(),
1106 + MOTO_IDS(),
1107 ++ MOTOROLA_TETRA_IDS(),
1108 + NOVATEL_IDS(),
1109 + HP4X_IDS(),
1110 + SUUNTO_IDS(),
1111 +diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
1112 +index f952635ebe5f..de7214ae4fed 100644
1113 +--- a/drivers/usb/storage/uas.c
1114 ++++ b/drivers/usb/storage/uas.c
1115 +@@ -1052,20 +1052,19 @@ static int uas_post_reset(struct usb_interface *intf)
1116 + return 0;
1117 +
1118 + err = uas_configure_endpoints(devinfo);
1119 +- if (err) {
1120 ++ if (err && err != ENODEV)
1121 + shost_printk(KERN_ERR, shost,
1122 + "%s: alloc streams error %d after reset",
1123 + __func__, err);
1124 +- return 1;
1125 +- }
1126 +
1127 ++ /* we must unblock the host in every case lest we deadlock */
1128 + spin_lock_irqsave(shost->host_lock, flags);
1129 + scsi_report_bus_reset(shost, 0);
1130 + spin_unlock_irqrestore(shost->host_lock, flags);
1131 +
1132 + scsi_unblock_requests(shost);
1133 +
1134 +- return 0;
1135 ++ return err ? 1 : 0;
1136 + }
1137 +
1138 + static int uas_suspend(struct usb_interface *intf, pm_message_t message)
1139 +diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
1140 +index cfe99bec49de..45934deacfd7 100644
1141 +--- a/fs/btrfs/free-space-cache.c
1142 ++++ b/fs/btrfs/free-space-cache.c
1143 +@@ -1258,7 +1258,7 @@ static int __btrfs_write_out_cache(struct btrfs_root *root, struct inode *inode,
1144 + /* Lock all pages first so we can lock the extent safely. */
1145 + ret = io_ctl_prepare_pages(io_ctl, inode, 0);
1146 + if (ret)
1147 +- goto out;
1148 ++ goto out_unlock;
1149 +
1150 + lock_extent_bits(&BTRFS_I(inode)->io_tree, 0, i_size_read(inode) - 1,
1151 + 0, &cached_state);
1152 +@@ -1351,6 +1351,7 @@ out_nospc_locked:
1153 + out_nospc:
1154 + cleanup_write_cache_enospc(inode, io_ctl, &cached_state, &bitmap_list);
1155 +
1156 ++out_unlock:
1157 + if (block_group && (block_group->flags & BTRFS_BLOCK_GROUP_DATA))
1158 + up_write(&block_group->data_rwsem);
1159 +
1160 +diff --git a/fs/nfs_common/grace.c b/fs/nfs_common/grace.c
1161 +index fd8c9a5bcac4..77d136ac8909 100644
1162 +--- a/fs/nfs_common/grace.c
1163 ++++ b/fs/nfs_common/grace.c
1164 +@@ -30,7 +30,11 @@ locks_start_grace(struct net *net, struct lock_manager *lm)
1165 + struct list_head *grace_list = net_generic(net, grace_net_id);
1166 +
1167 + spin_lock(&grace_lock);
1168 +- list_add(&lm->list, grace_list);
1169 ++ if (list_empty(&lm->list))
1170 ++ list_add(&lm->list, grace_list);
1171 ++ else
1172 ++ WARN(1, "double list_add attempt detected in net %x %s\n",
1173 ++ net->ns.inum, (net == &init_net) ? "(init_net)" : "");
1174 + spin_unlock(&grace_lock);
1175 + }
1176 + EXPORT_SYMBOL_GPL(locks_start_grace);
1177 +@@ -104,7 +108,9 @@ grace_exit_net(struct net *net)
1178 + {
1179 + struct list_head *grace_list = net_generic(net, grace_net_id);
1180 +
1181 +- BUG_ON(!list_empty(grace_list));
1182 ++ WARN_ONCE(!list_empty(grace_list),
1183 ++ "net %x %s: grace_list is not empty\n",
1184 ++ net->ns.inum, __func__);
1185 + }
1186 +
1187 + static struct pernet_operations grace_net_ops = {
1188 +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
1189 +index 11c67e8b939d..ba27a5ff8677 100644
1190 +--- a/fs/nfsd/nfs4state.c
1191 ++++ b/fs/nfsd/nfs4state.c
1192 +@@ -63,12 +63,16 @@ static const stateid_t zero_stateid = {
1193 + static const stateid_t currentstateid = {
1194 + .si_generation = 1,
1195 + };
1196 ++static const stateid_t close_stateid = {
1197 ++ .si_generation = 0xffffffffU,
1198 ++};
1199 +
1200 + static u64 current_sessionid = 1;
1201 +
1202 + #define ZERO_STATEID(stateid) (!memcmp((stateid), &zero_stateid, sizeof(stateid_t)))
1203 + #define ONE_STATEID(stateid) (!memcmp((stateid), &one_stateid, sizeof(stateid_t)))
1204 + #define CURRENT_STATEID(stateid) (!memcmp((stateid), &currentstateid, sizeof(stateid_t)))
1205 ++#define CLOSE_STATEID(stateid) (!memcmp((stateid), &close_stateid, sizeof(stateid_t)))
1206 +
1207 + /* forward declarations */
1208 + static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner);
1209 +@@ -4701,7 +4705,8 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
1210 + struct nfs4_stid *s;
1211 + __be32 status = nfserr_bad_stateid;
1212 +
1213 +- if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
1214 ++ if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
1215 ++ CLOSE_STATEID(stateid))
1216 + return status;
1217 + /* Client debugging aid. */
1218 + if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
1219 +@@ -4759,7 +4764,8 @@ nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate,
1220 + else if (typemask & NFS4_DELEG_STID)
1221 + typemask |= NFS4_REVOKED_DELEG_STID;
1222 +
1223 +- if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
1224 ++ if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
1225 ++ CLOSE_STATEID(stateid))
1226 + return nfserr_bad_stateid;
1227 + status = lookup_clientid(&stateid->si_opaque.so_clid, cstate, nn);
1228 + if (status == nfserr_stale_clientid) {
1229 +@@ -5011,15 +5017,9 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_
1230 + status = nfsd4_check_seqid(cstate, sop, seqid);
1231 + if (status)
1232 + return status;
1233 +- if (stp->st_stid.sc_type == NFS4_CLOSED_STID
1234 +- || stp->st_stid.sc_type == NFS4_REVOKED_DELEG_STID)
1235 +- /*
1236 +- * "Closed" stateid's exist *only* to return
1237 +- * nfserr_replay_me from the previous step, and
1238 +- * revoked delegations are kept only for free_stateid.
1239 +- */
1240 +- return nfserr_bad_stateid;
1241 +- mutex_lock(&stp->st_mutex);
1242 ++ status = nfsd4_lock_ol_stateid(stp);
1243 ++ if (status != nfs_ok)
1244 ++ return status;
1245 + status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate));
1246 + if (status == nfs_ok)
1247 + status = nfs4_check_fh(current_fh, &stp->st_stid);
1248 +@@ -5243,6 +5243,11 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
1249 + nfsd4_close_open_stateid(stp);
1250 + mutex_unlock(&stp->st_mutex);
1251 +
1252 ++ /* See RFC5661 sectionm 18.2.4 */
1253 ++ if (stp->st_stid.sc_client->cl_minorversion)
1254 ++ memcpy(&close->cl_stateid, &close_stateid,
1255 ++ sizeof(close->cl_stateid));
1256 ++
1257 + /* put reference from nfs4_preprocess_seqid_op */
1258 + nfs4_put_stid(&stp->st_stid);
1259 + out:
1260 +@@ -6787,6 +6792,10 @@ static int nfs4_state_create_net(struct net *net)
1261 + INIT_LIST_HEAD(&nn->sessionid_hashtbl[i]);
1262 + nn->conf_name_tree = RB_ROOT;
1263 + nn->unconf_name_tree = RB_ROOT;
1264 ++ nn->boot_time = get_seconds();
1265 ++ nn->grace_ended = false;
1266 ++ nn->nfsd4_manager.block_opens = true;
1267 ++ INIT_LIST_HEAD(&nn->nfsd4_manager.list);
1268 + INIT_LIST_HEAD(&nn->client_lru);
1269 + INIT_LIST_HEAD(&nn->close_lru);
1270 + INIT_LIST_HEAD(&nn->del_recall_lru);
1271 +@@ -6841,9 +6850,6 @@ nfs4_state_start_net(struct net *net)
1272 + ret = nfs4_state_create_net(net);
1273 + if (ret)
1274 + return ret;
1275 +- nn->boot_time = get_seconds();
1276 +- nn->grace_ended = false;
1277 +- nn->nfsd4_manager.block_opens = true;
1278 + locks_start_grace(net, &nn->nfsd4_manager);
1279 + nfsd4_client_tracking_init(net);
1280 + printk(KERN_INFO "NFSD: starting %ld-second grace period (net %p)\n",
1281 +diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
1282 +index 353ff31dcee1..1cb1d02c5937 100644
1283 +--- a/fs/quota/dquot.c
1284 ++++ b/fs/quota/dquot.c
1285 +@@ -2919,7 +2919,8 @@ static int __init dquot_init(void)
1286 + pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld,"
1287 + " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order));
1288 +
1289 +- register_shrinker(&dqcache_shrinker);
1290 ++ if (register_shrinker(&dqcache_shrinker))
1291 ++ panic("Cannot register dquot shrinker");
1292 +
1293 + return 0;
1294 + }
1295 +diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
1296 +index a9063ac50c4e..da72090b9ce7 100644
1297 +--- a/fs/xfs/xfs_aops.c
1298 ++++ b/fs/xfs/xfs_aops.c
1299 +@@ -310,7 +310,7 @@ xfs_map_blocks(
1300 + (ip->i_df.if_flags & XFS_IFEXTENTS));
1301 + ASSERT(offset <= mp->m_super->s_maxbytes);
1302 +
1303 +- if (offset + count > mp->m_super->s_maxbytes)
1304 ++ if ((xfs_ufsize_t)offset + count > mp->m_super->s_maxbytes)
1305 + count = mp->m_super->s_maxbytes - offset;
1306 + end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + count);
1307 + offset_fsb = XFS_B_TO_FSBT(mp, offset);
1308 +@@ -1360,7 +1360,7 @@ xfs_map_trim_size(
1309 + if (mapping_size > size)
1310 + mapping_size = size;
1311 + if (offset < i_size_read(inode) &&
1312 +- offset + mapping_size >= i_size_read(inode)) {
1313 ++ (xfs_ufsize_t)offset + mapping_size >= i_size_read(inode)) {
1314 + /* limit mapping to block that spans EOF */
1315 + mapping_size = roundup_64(i_size_read(inode) - offset,
1316 + i_blocksize(inode));
1317 +@@ -1416,7 +1416,7 @@ __xfs_get_blocks(
1318 + }
1319 +
1320 + ASSERT(offset <= mp->m_super->s_maxbytes);
1321 +- if (offset + size > mp->m_super->s_maxbytes)
1322 ++ if ((xfs_ufsize_t)offset + size > mp->m_super->s_maxbytes)
1323 + size = mp->m_super->s_maxbytes - offset;
1324 + end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + size);
1325 + offset_fsb = XFS_B_TO_FSBT(mp, offset);
1326 +diff --git a/include/linux/bpf.h b/include/linux/bpf.h
1327 +index f2157159b26f..132585a7fbd8 100644
1328 +--- a/include/linux/bpf.h
1329 ++++ b/include/linux/bpf.h
1330 +@@ -31,17 +31,25 @@ struct bpf_map_ops {
1331 + };
1332 +
1333 + struct bpf_map {
1334 +- atomic_t refcnt;
1335 ++ /* 1st cacheline with read-mostly members of which some
1336 ++ * are also accessed in fast-path (e.g. ops, max_entries).
1337 ++ */
1338 ++ const struct bpf_map_ops *ops ____cacheline_aligned;
1339 + enum bpf_map_type map_type;
1340 + u32 key_size;
1341 + u32 value_size;
1342 + u32 max_entries;
1343 + u32 pages;
1344 + bool unpriv_array;
1345 +- struct user_struct *user;
1346 +- const struct bpf_map_ops *ops;
1347 +- struct work_struct work;
1348 ++ /* 7 bytes hole */
1349 ++
1350 ++ /* 2nd cacheline with misc members to avoid false sharing
1351 ++ * particularly with refcounting.
1352 ++ */
1353 ++ struct user_struct *user ____cacheline_aligned;
1354 ++ atomic_t refcnt;
1355 + atomic_t usercnt;
1356 ++ struct work_struct work;
1357 + };
1358 +
1359 + struct bpf_map_type_list {
1360 +diff --git a/init/Kconfig b/init/Kconfig
1361 +index 235c7a2c0d20..ef2f97dc6010 100644
1362 +--- a/init/Kconfig
1363 ++++ b/init/Kconfig
1364 +@@ -1556,6 +1556,13 @@ config BPF_SYSCALL
1365 + Enable the bpf() system call that allows to manipulate eBPF
1366 + programs and maps via file descriptors.
1367 +
1368 ++config BPF_JIT_ALWAYS_ON
1369 ++ bool "Permanently enable BPF JIT and remove BPF interpreter"
1370 ++ depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
1371 ++ help
1372 ++ Enables BPF JIT and removes BPF interpreter to avoid
1373 ++ speculative execution of BPF instructions by the interpreter
1374 ++
1375 + config SHMEM
1376 + bool "Use full shmem filesystem" if EXPERT
1377 + default y
1378 +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
1379 +index 3fd76cf0c21e..eb52d11fdaa7 100644
1380 +--- a/kernel/bpf/core.c
1381 ++++ b/kernel/bpf/core.c
1382 +@@ -256,6 +256,7 @@ noinline u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
1383 + }
1384 + EXPORT_SYMBOL_GPL(__bpf_call_base);
1385 +
1386 ++#ifndef CONFIG_BPF_JIT_ALWAYS_ON
1387 + /**
1388 + * __bpf_prog_run - run eBPF program on a given context
1389 + * @ctx: is the data we are operating on
1390 +@@ -443,7 +444,7 @@ select_insn:
1391 + DST = tmp;
1392 + CONT;
1393 + ALU_MOD_X:
1394 +- if (unlikely(SRC == 0))
1395 ++ if (unlikely((u32)SRC == 0))
1396 + return 0;
1397 + tmp = (u32) DST;
1398 + DST = do_div(tmp, (u32) SRC);
1399 +@@ -462,7 +463,7 @@ select_insn:
1400 + DST = div64_u64(DST, SRC);
1401 + CONT;
1402 + ALU_DIV_X:
1403 +- if (unlikely(SRC == 0))
1404 ++ if (unlikely((u32)SRC == 0))
1405 + return 0;
1406 + tmp = (u32) DST;
1407 + do_div(tmp, (u32) SRC);
1408 +@@ -517,7 +518,7 @@ select_insn:
1409 + struct bpf_map *map = (struct bpf_map *) (unsigned long) BPF_R2;
1410 + struct bpf_array *array = container_of(map, struct bpf_array, map);
1411 + struct bpf_prog *prog;
1412 +- u64 index = BPF_R3;
1413 ++ u32 index = BPF_R3;
1414 +
1415 + if (unlikely(index >= array->map.max_entries))
1416 + goto out;
1417 +@@ -725,6 +726,13 @@ load_byte:
1418 + return 0;
1419 + }
1420 +
1421 ++#else
1422 ++static unsigned int __bpf_prog_ret0(void *ctx, const struct bpf_insn *insn)
1423 ++{
1424 ++ return 0;
1425 ++}
1426 ++#endif
1427 ++
1428 + bool bpf_prog_array_compatible(struct bpf_array *array,
1429 + const struct bpf_prog *fp)
1430 + {
1431 +@@ -771,9 +779,23 @@ static int bpf_check_tail_call(const struct bpf_prog *fp)
1432 + */
1433 + int bpf_prog_select_runtime(struct bpf_prog *fp)
1434 + {
1435 ++#ifndef CONFIG_BPF_JIT_ALWAYS_ON
1436 + fp->bpf_func = (void *) __bpf_prog_run;
1437 +-
1438 ++#else
1439 ++ fp->bpf_func = (void *) __bpf_prog_ret0;
1440 ++#endif
1441 ++
1442 ++ /* eBPF JITs can rewrite the program in case constant
1443 ++ * blinding is active. However, in case of error during
1444 ++ * blinding, bpf_int_jit_compile() must always return a
1445 ++ * valid program, which in this case would simply not
1446 ++ * be JITed, but falls back to the interpreter.
1447 ++ */
1448 + bpf_int_jit_compile(fp);
1449 ++#ifdef CONFIG_BPF_JIT_ALWAYS_ON
1450 ++ if (!fp->jited)
1451 ++ return -ENOTSUPP;
1452 ++#endif
1453 + bpf_prog_lock_ro(fp);
1454 +
1455 + /* The tail call compatibility check can only be done at
1456 +diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
1457 +index 014c2d759916..c14003840bc5 100644
1458 +--- a/kernel/bpf/verifier.c
1459 ++++ b/kernel/bpf/verifier.c
1460 +@@ -191,6 +191,7 @@ struct bpf_insn_aux_data {
1461 + enum bpf_reg_type ptr_type; /* pointer type for load/store insns */
1462 + struct bpf_map *map_ptr; /* pointer for call insn into lookup_elem */
1463 + };
1464 ++ bool seen; /* this insn was processed by the verifier */
1465 + };
1466 +
1467 + #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */
1468 +@@ -682,6 +683,13 @@ static bool is_pointer_value(struct verifier_env *env, int regno)
1469 + }
1470 + }
1471 +
1472 ++static bool is_ctx_reg(struct verifier_env *env, int regno)
1473 ++{
1474 ++ const struct reg_state *reg = &env->cur_state.regs[regno];
1475 ++
1476 ++ return reg->type == PTR_TO_CTX;
1477 ++}
1478 ++
1479 + /* check whether memory at (regno + off) is accessible for t = (read | write)
1480 + * if t==write, value_regno is a register which value is stored into memory
1481 + * if t==read, value_regno is a register which will receive the value from memory
1482 +@@ -778,6 +786,12 @@ static int check_xadd(struct verifier_env *env, struct bpf_insn *insn)
1483 + return -EACCES;
1484 + }
1485 +
1486 ++ if (is_ctx_reg(env, insn->dst_reg)) {
1487 ++ verbose("BPF_XADD stores into R%d context is not allowed\n",
1488 ++ insn->dst_reg);
1489 ++ return -EACCES;
1490 ++ }
1491 ++
1492 + /* check whether atomic_add can read the memory */
1493 + err = check_mem_access(env, insn->dst_reg, insn->off,
1494 + BPF_SIZE(insn->code), BPF_READ, -1);
1495 +@@ -1164,6 +1178,11 @@ static int check_alu_op(struct verifier_env *env, struct bpf_insn *insn)
1496 + return -EINVAL;
1497 + }
1498 +
1499 ++ if (opcode == BPF_ARSH && BPF_CLASS(insn->code) != BPF_ALU64) {
1500 ++ verbose("BPF_ARSH not supported for 32 bit ALU\n");
1501 ++ return -EINVAL;
1502 ++ }
1503 ++
1504 + if ((opcode == BPF_LSH || opcode == BPF_RSH ||
1505 + opcode == BPF_ARSH) && BPF_SRC(insn->code) == BPF_K) {
1506 + int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32;
1507 +@@ -1793,6 +1812,7 @@ static int do_check(struct verifier_env *env)
1508 + print_bpf_insn(env, insn);
1509 + }
1510 +
1511 ++ env->insn_aux_data[insn_idx].seen = true;
1512 + if (class == BPF_ALU || class == BPF_ALU64) {
1513 + err = check_alu_op(env, insn);
1514 + if (err)
1515 +@@ -1902,6 +1922,12 @@ static int do_check(struct verifier_env *env)
1516 + if (err)
1517 + return err;
1518 +
1519 ++ if (is_ctx_reg(env, insn->dst_reg)) {
1520 ++ verbose("BPF_ST stores into R%d context is not allowed\n",
1521 ++ insn->dst_reg);
1522 ++ return -EACCES;
1523 ++ }
1524 ++
1525 + /* check that memory (dst_reg + off) is writeable */
1526 + err = check_mem_access(env, insn->dst_reg, insn->off,
1527 + BPF_SIZE(insn->code), BPF_WRITE,
1528 +@@ -1988,6 +2014,7 @@ process_bpf_exit:
1529 + return err;
1530 +
1531 + insn_idx++;
1532 ++ env->insn_aux_data[insn_idx].seen = true;
1533 + } else {
1534 + verbose("invalid BPF_LD mode\n");
1535 + return -EINVAL;
1536 +@@ -2125,6 +2152,7 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
1537 + u32 off, u32 cnt)
1538 + {
1539 + struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
1540 ++ int i;
1541 +
1542 + if (cnt == 1)
1543 + return 0;
1544 +@@ -2134,6 +2162,8 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
1545 + memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
1546 + memcpy(new_data + off + cnt - 1, old_data + off,
1547 + sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
1548 ++ for (i = off; i < off + cnt - 1; i++)
1549 ++ new_data[i].seen = true;
1550 + env->insn_aux_data = new_data;
1551 + vfree(old_data);
1552 + return 0;
1553 +@@ -2152,6 +2182,25 @@ static struct bpf_prog *bpf_patch_insn_data(struct verifier_env *env, u32 off,
1554 + return new_prog;
1555 + }
1556 +
1557 ++/* The verifier does more data flow analysis than llvm and will not explore
1558 ++ * branches that are dead at run time. Malicious programs can have dead code
1559 ++ * too. Therefore replace all dead at-run-time code with nops.
1560 ++ */
1561 ++static void sanitize_dead_code(struct verifier_env *env)
1562 ++{
1563 ++ struct bpf_insn_aux_data *aux_data = env->insn_aux_data;
1564 ++ struct bpf_insn nop = BPF_MOV64_REG(BPF_REG_0, BPF_REG_0);
1565 ++ struct bpf_insn *insn = env->prog->insnsi;
1566 ++ const int insn_cnt = env->prog->len;
1567 ++ int i;
1568 ++
1569 ++ for (i = 0; i < insn_cnt; i++) {
1570 ++ if (aux_data[i].seen)
1571 ++ continue;
1572 ++ memcpy(insn + i, &nop, sizeof(nop));
1573 ++ }
1574 ++}
1575 ++
1576 + /* convert load instructions that access fields of 'struct __sk_buff'
1577 + * into sequence of instructions that access fields of 'struct sk_buff'
1578 + */
1579 +@@ -2218,6 +2267,24 @@ static int fixup_bpf_calls(struct verifier_env *env)
1580 + int i, cnt, delta = 0;
1581 +
1582 + for (i = 0; i < insn_cnt; i++, insn++) {
1583 ++ if (insn->code == (BPF_ALU | BPF_MOD | BPF_X) ||
1584 ++ insn->code == (BPF_ALU | BPF_DIV | BPF_X)) {
1585 ++ /* due to JIT bugs clear upper 32-bits of src register
1586 ++ * before div/mod operation
1587 ++ */
1588 ++ insn_buf[0] = BPF_MOV32_REG(insn->src_reg, insn->src_reg);
1589 ++ insn_buf[1] = *insn;
1590 ++ cnt = 2;
1591 ++ new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
1592 ++ if (!new_prog)
1593 ++ return -ENOMEM;
1594 ++
1595 ++ delta += cnt - 1;
1596 ++ env->prog = prog = new_prog;
1597 ++ insn = new_prog->insnsi + i + delta;
1598 ++ continue;
1599 ++ }
1600 ++
1601 + if (insn->code != (BPF_JMP | BPF_CALL))
1602 + continue;
1603 +
1604 +@@ -2370,6 +2437,9 @@ skip_full_check:
1605 + while (pop_stack(env, NULL) >= 0);
1606 + free_states(env);
1607 +
1608 ++ if (ret == 0)
1609 ++ sanitize_dead_code(env);
1610 ++
1611 + if (ret == 0)
1612 + /* program is valid, convert *(u32*)(ctx + off) accesses */
1613 + ret = convert_ctx_accesses(env);
1614 +diff --git a/lib/test_bpf.c b/lib/test_bpf.c
1615 +index 7e26aea3e404..b7908d949a5f 100644
1616 +--- a/lib/test_bpf.c
1617 ++++ b/lib/test_bpf.c
1618 +@@ -5304,9 +5304,8 @@ static struct bpf_prog *generate_filter(int which, int *err)
1619 + return NULL;
1620 + }
1621 + }
1622 +- /* We don't expect to fail. */
1623 + if (*err) {
1624 +- pr_cont("FAIL to attach err=%d len=%d\n",
1625 ++ pr_cont("FAIL to prog_create err=%d len=%d\n",
1626 + *err, fprog.len);
1627 + return NULL;
1628 + }
1629 +@@ -5325,7 +5324,11 @@ static struct bpf_prog *generate_filter(int which, int *err)
1630 + fp->type = BPF_PROG_TYPE_SOCKET_FILTER;
1631 + memcpy(fp->insnsi, fptr, fp->len * sizeof(struct bpf_insn));
1632 +
1633 +- bpf_prog_select_runtime(fp);
1634 ++ *err = bpf_prog_select_runtime(fp);
1635 ++ if (*err) {
1636 ++ pr_cont("FAIL to select_runtime err=%d\n", *err);
1637 ++ return NULL;
1638 ++ }
1639 + break;
1640 + }
1641 +
1642 +@@ -5511,8 +5514,8 @@ static __init int test_bpf(void)
1643 + pass_cnt++;
1644 + continue;
1645 + }
1646 +-
1647 +- return err;
1648 ++ err_cnt++;
1649 ++ continue;
1650 + }
1651 +
1652 + pr_cont("jited:%u ", fp->jited);
1653 +diff --git a/mm/kmemleak.c b/mm/kmemleak.c
1654 +index 19423a45d7d7..1914ab9009d9 100644
1655 +--- a/mm/kmemleak.c
1656 ++++ b/mm/kmemleak.c
1657 +@@ -1394,6 +1394,8 @@ static void kmemleak_scan(void)
1658 + if (page_count(page) == 0)
1659 + continue;
1660 + scan_block(page, page + 1, NULL);
1661 ++ if (!(pfn % (MAX_SCAN_SIZE / sizeof(*page))))
1662 ++ cond_resched();
1663 + }
1664 + }
1665 + put_online_mems();
1666 +diff --git a/net/Kconfig b/net/Kconfig
1667 +index 127da94ae25e..6d94140beacc 100644
1668 +--- a/net/Kconfig
1669 ++++ b/net/Kconfig
1670 +@@ -388,3 +388,6 @@ endif # if NET
1671 + # Used by archs to tell that they support BPF_JIT
1672 + config HAVE_BPF_JIT
1673 + bool
1674 ++
1675 ++config HAVE_EBPF_JIT
1676 ++ bool
1677 +diff --git a/net/core/filter.c b/net/core/filter.c
1678 +index e94355452166..1a9ded6af138 100644
1679 +--- a/net/core/filter.c
1680 ++++ b/net/core/filter.c
1681 +@@ -430,6 +430,10 @@ do_pass:
1682 + convert_bpf_extensions(fp, &insn))
1683 + break;
1684 +
1685 ++ if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) ||
1686 ++ fp->code == (BPF_ALU | BPF_MOD | BPF_X))
1687 ++ *insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X);
1688 ++
1689 + *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k);
1690 + break;
1691 +
1692 +@@ -984,7 +988,9 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp)
1693 + */
1694 + goto out_err_free;
1695 +
1696 +- bpf_prog_select_runtime(fp);
1697 ++ err = bpf_prog_select_runtime(fp);
1698 ++ if (err)
1699 ++ goto out_err_free;
1700 +
1701 + kfree(old_prog);
1702 + return fp;
1703 +diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
1704 +index f5ef2115871f..6578a0a2f708 100644
1705 +--- a/net/core/sysctl_net_core.c
1706 ++++ b/net/core/sysctl_net_core.c
1707 +@@ -292,7 +292,13 @@ static struct ctl_table net_core_table[] = {
1708 + .data = &bpf_jit_enable,
1709 + .maxlen = sizeof(int),
1710 + .mode = 0644,
1711 ++#ifndef CONFIG_BPF_JIT_ALWAYS_ON
1712 + .proc_handler = proc_dointvec
1713 ++#else
1714 ++ .proc_handler = proc_dointvec_minmax,
1715 ++ .extra1 = &one,
1716 ++ .extra2 = &one,
1717 ++#endif
1718 + },
1719 + #endif
1720 + {
1721 +diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
1722 +index c6be0b4f4058..e68a409fc351 100644
1723 +--- a/net/mac80211/mesh_hwmp.c
1724 ++++ b/net/mac80211/mesh_hwmp.c
1725 +@@ -776,7 +776,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
1726 + struct mesh_path *mpath;
1727 + u8 ttl, flags, hopcount;
1728 + const u8 *orig_addr;
1729 +- u32 orig_sn, metric, metric_txsta, interval;
1730 ++ u32 orig_sn, new_metric, orig_metric, last_hop_metric, interval;
1731 + bool root_is_gate;
1732 +
1733 + ttl = rann->rann_ttl;
1734 +@@ -787,7 +787,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
1735 + interval = le32_to_cpu(rann->rann_interval);
1736 + hopcount = rann->rann_hopcount;
1737 + hopcount++;
1738 +- metric = le32_to_cpu(rann->rann_metric);
1739 ++ orig_metric = le32_to_cpu(rann->rann_metric);
1740 +
1741 + /* Ignore our own RANNs */
1742 + if (ether_addr_equal(orig_addr, sdata->vif.addr))
1743 +@@ -804,7 +804,10 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
1744 + return;
1745 + }
1746 +
1747 +- metric_txsta = airtime_link_metric_get(local, sta);
1748 ++ last_hop_metric = airtime_link_metric_get(local, sta);
1749 ++ new_metric = orig_metric + last_hop_metric;
1750 ++ if (new_metric < orig_metric)
1751 ++ new_metric = MAX_METRIC;
1752 +
1753 + mpath = mesh_path_lookup(sdata, orig_addr);
1754 + if (!mpath) {
1755 +@@ -817,7 +820,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
1756 + }
1757 +
1758 + if (!(SN_LT(mpath->sn, orig_sn)) &&
1759 +- !(mpath->sn == orig_sn && metric < mpath->rann_metric)) {
1760 ++ !(mpath->sn == orig_sn && new_metric < mpath->rann_metric)) {
1761 + rcu_read_unlock();
1762 + return;
1763 + }
1764 +@@ -835,7 +838,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
1765 + }
1766 +
1767 + mpath->sn = orig_sn;
1768 +- mpath->rann_metric = metric + metric_txsta;
1769 ++ mpath->rann_metric = new_metric;
1770 + mpath->is_root = true;
1771 + /* Recording RANNs sender address to send individually
1772 + * addressed PREQs destined for root mesh STA */
1773 +@@ -855,7 +858,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
1774 + mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
1775 + orig_sn, 0, NULL, 0, broadcast_addr,
1776 + hopcount, ttl, interval,
1777 +- metric + metric_txsta, 0, sdata);
1778 ++ new_metric, 0, sdata);
1779 + }
1780 +
1781 + rcu_read_unlock();
1782 +diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
1783 +index d26b28def310..21e4d339217e 100644
1784 +--- a/net/openvswitch/flow_netlink.c
1785 ++++ b/net/openvswitch/flow_netlink.c
1786 +@@ -1672,14 +1672,11 @@ int ovs_nla_put_mask(const struct sw_flow *flow, struct sk_buff *skb)
1787 +
1788 + #define MAX_ACTIONS_BUFSIZE (32 * 1024)
1789 +
1790 +-static struct sw_flow_actions *nla_alloc_flow_actions(int size, bool log)
1791 ++static struct sw_flow_actions *nla_alloc_flow_actions(int size)
1792 + {
1793 + struct sw_flow_actions *sfa;
1794 +
1795 +- if (size > MAX_ACTIONS_BUFSIZE) {
1796 +- OVS_NLERR(log, "Flow action size %u bytes exceeds max", size);
1797 +- return ERR_PTR(-EINVAL);
1798 +- }
1799 ++ WARN_ON_ONCE(size > MAX_ACTIONS_BUFSIZE);
1800 +
1801 + sfa = kmalloc(sizeof(*sfa) + size, GFP_KERNEL);
1802 + if (!sfa)
1803 +@@ -1752,12 +1749,15 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
1804 + new_acts_size = ksize(*sfa) * 2;
1805 +
1806 + if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
1807 +- if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size)
1808 ++ if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
1809 ++ OVS_NLERR(log, "Flow action size exceeds max %u",
1810 ++ MAX_ACTIONS_BUFSIZE);
1811 + return ERR_PTR(-EMSGSIZE);
1812 ++ }
1813 + new_acts_size = MAX_ACTIONS_BUFSIZE;
1814 + }
1815 +
1816 +- acts = nla_alloc_flow_actions(new_acts_size, log);
1817 ++ acts = nla_alloc_flow_actions(new_acts_size);
1818 + if (IS_ERR(acts))
1819 + return (void *)acts;
1820 +
1821 +@@ -2369,7 +2369,7 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
1822 + {
1823 + int err;
1824 +
1825 +- *sfa = nla_alloc_flow_actions(nla_len(attr), log);
1826 ++ *sfa = nla_alloc_flow_actions(min(nla_len(attr), MAX_ACTIONS_BUFSIZE));
1827 + if (IS_ERR(*sfa))
1828 + return PTR_ERR(*sfa);
1829 +
1830 +diff --git a/net/socket.c b/net/socket.c
1831 +index 2cf4f25f5c2b..5b31e5baf3b5 100644
1832 +--- a/net/socket.c
1833 ++++ b/net/socket.c
1834 +@@ -2534,6 +2534,15 @@ out_fs:
1835 +
1836 + core_initcall(sock_init); /* early initcall */
1837 +
1838 ++static int __init jit_init(void)
1839 ++{
1840 ++#ifdef CONFIG_BPF_JIT_ALWAYS_ON
1841 ++ bpf_jit_enable = 1;
1842 ++#endif
1843 ++ return 0;
1844 ++}
1845 ++pure_initcall(jit_init);
1846 ++
1847 + #ifdef CONFIG_PROC_FS
1848 + void socket_seq_show(struct seq_file *seq)
1849 + {
1850 +diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
1851 +index 27b6f55fa43a..728d65fbab0c 100644
1852 +--- a/net/sunrpc/xprtsock.c
1853 ++++ b/net/sunrpc/xprtsock.c
1854 +@@ -2360,6 +2360,7 @@ static void xs_tcp_setup_socket(struct work_struct *work)
1855 + case -ECONNREFUSED:
1856 + case -ECONNRESET:
1857 + case -ENETUNREACH:
1858 ++ case -EHOSTUNREACH:
1859 + case -EADDRINUSE:
1860 + case -ENOBUFS:
1861 + /* retry with existing socket, after a delay */
1862 +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
1863 +index 4b56c3b6c25f..3f370eb494d1 100644
1864 +--- a/security/selinux/hooks.c
1865 ++++ b/security/selinux/hooks.c
1866 +@@ -4032,6 +4032,8 @@ static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
1867 + struct lsm_network_audit net = {0,};
1868 + u32 tsid = task_sid(task);
1869 +
1870 ++ if (!sksec)
1871 ++ return -EFAULT;
1872 + if (sksec->sid == SECINITSID_KERNEL)
1873 + return 0;
1874 +
1875 +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
1876 +index b36de76f24e2..7bb9fe7a2c8e 100644
1877 +--- a/sound/core/seq/seq_clientmgr.c
1878 ++++ b/sound/core/seq/seq_clientmgr.c
1879 +@@ -236,6 +236,7 @@ static struct snd_seq_client *seq_create_client1(int client_index, int poolsize)
1880 + rwlock_init(&client->ports_lock);
1881 + mutex_init(&client->ports_mutex);
1882 + INIT_LIST_HEAD(&client->ports_list_head);
1883 ++ mutex_init(&client->ioctl_mutex);
1884 +
1885 + /* find free slot in the client table */
1886 + spin_lock_irqsave(&clients_lock, flags);
1887 +@@ -2195,6 +2196,7 @@ static int snd_seq_do_ioctl(struct snd_seq_client *client, unsigned int cmd,
1888 + void __user *arg)
1889 + {
1890 + struct seq_ioctl_table *p;
1891 ++ int ret;
1892 +
1893 + switch (cmd) {
1894 + case SNDRV_SEQ_IOCTL_PVERSION:
1895 +@@ -2208,8 +2210,12 @@ static int snd_seq_do_ioctl(struct snd_seq_client *client, unsigned int cmd,
1896 + if (! arg)
1897 + return -EFAULT;
1898 + for (p = ioctl_tables; p->cmd; p++) {
1899 +- if (p->cmd == cmd)
1900 +- return p->func(client, arg);
1901 ++ if (p->cmd == cmd) {
1902 ++ mutex_lock(&client->ioctl_mutex);
1903 ++ ret = p->func(client, arg);
1904 ++ mutex_unlock(&client->ioctl_mutex);
1905 ++ return ret;
1906 ++ }
1907 + }
1908 + pr_debug("ALSA: seq unknown ioctl() 0x%x (type='%c', number=0x%02x)\n",
1909 + cmd, _IOC_TYPE(cmd), _IOC_NR(cmd));
1910 +diff --git a/sound/core/seq/seq_clientmgr.h b/sound/core/seq/seq_clientmgr.h
1911 +index 20f0a725ec7d..91f8f165bfdc 100644
1912 +--- a/sound/core/seq/seq_clientmgr.h
1913 ++++ b/sound/core/seq/seq_clientmgr.h
1914 +@@ -59,6 +59,7 @@ struct snd_seq_client {
1915 + struct list_head ports_list_head;
1916 + rwlock_t ports_lock;
1917 + struct mutex ports_mutex;
1918 ++ struct mutex ioctl_mutex;
1919 + int convert32; /* convert 32->64bit */
1920 +
1921 + /* output pool */
1922 +diff --git a/tools/usb/usbip/src/usbip_bind.c b/tools/usb/usbip/src/usbip_bind.c
1923 +index fa46141ae68b..e121cfb1746a 100644
1924 +--- a/tools/usb/usbip/src/usbip_bind.c
1925 ++++ b/tools/usb/usbip/src/usbip_bind.c
1926 +@@ -144,6 +144,7 @@ static int bind_device(char *busid)
1927 + int rc;
1928 + struct udev *udev;
1929 + struct udev_device *dev;
1930 ++ const char *devpath;
1931 +
1932 + /* Check whether the device with this bus ID exists. */
1933 + udev = udev_new();
1934 +@@ -152,8 +153,16 @@ static int bind_device(char *busid)
1935 + err("device with the specified bus ID does not exist");
1936 + return -1;
1937 + }
1938 ++ devpath = udev_device_get_devpath(dev);
1939 + udev_unref(udev);
1940 +
1941 ++ /* If the device is already attached to vhci_hcd - bail out */
1942 ++ if (strstr(devpath, USBIP_VHCI_DRV_NAME)) {
1943 ++ err("bind loop detected: device: %s is attached to %s\n",
1944 ++ devpath, USBIP_VHCI_DRV_NAME);
1945 ++ return -1;
1946 ++ }
1947 ++
1948 + rc = unbind_other(busid);
1949 + if (rc == UNBIND_ST_FAILED) {
1950 + err("could not unbind driver from device on busid %s", busid);
1951 +diff --git a/tools/usb/usbip/src/usbip_list.c b/tools/usb/usbip/src/usbip_list.c
1952 +index d5ce34a410e7..ac6081c3db82 100644
1953 +--- a/tools/usb/usbip/src/usbip_list.c
1954 ++++ b/tools/usb/usbip/src/usbip_list.c
1955 +@@ -180,6 +180,7 @@ static int list_devices(bool parsable)
1956 + const char *busid;
1957 + char product_name[128];
1958 + int ret = -1;
1959 ++ const char *devpath;
1960 +
1961 + /* Create libudev context. */
1962 + udev = udev_new();
1963 +@@ -202,6 +203,14 @@ static int list_devices(bool parsable)
1964 + path = udev_list_entry_get_name(dev_list_entry);
1965 + dev = udev_device_new_from_syspath(udev, path);
1966 +
1967 ++ /* Ignore devices attached to vhci_hcd */
1968 ++ devpath = udev_device_get_devpath(dev);
1969 ++ if (strstr(devpath, USBIP_VHCI_DRV_NAME)) {
1970 ++ dbg("Skip the device %s already attached to %s\n",
1971 ++ devpath, USBIP_VHCI_DRV_NAME);
1972 ++ continue;
1973 ++ }
1974 ++
1975 + /* Get device information. */
1976 + idVendor = udev_device_get_sysattr_value(dev, "idVendor");
1977 + idProduct = udev_device_get_sysattr_value(dev, "idProduct");
Report Message
Find on MARC Find on Google Groups