Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 11 Mar 2020 10:15:36
Message-Id: 1583921718.5ae8d5d8898db4969ed428409fc7a49c51849663.mpagano@gentoo
1 commit: 5ae8d5d8898db4969ed428409fc7a49c51849663
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Mar 11 10:15:18 2020 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 11 10:15:18 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5ae8d5d8
7
8 Linux patch 4.9.216
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1215_linux-4.9.216.patch | 2992 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 2996 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 76947fa..bb20a18 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -903,6 +903,10 @@ Patch: 1214_linux-4.9.215.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.215
23
24 +Patch: 1215_linux-4.9.216.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.216
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1215_linux-4.9.216.patch b/1215_linux-4.9.216.patch
33 new file mode 100644
34 index 0000000..92f6664
35 --- /dev/null
36 +++ b/1215_linux-4.9.216.patch
37 @@ -0,0 +1,2992 @@
38 +diff --git a/Makefile b/Makefile
39 +index b594484788a8..f0290097784a 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 9
45 +-SUBLEVEL = 215
46 ++SUBLEVEL = 216
47 + EXTRAVERSION =
48 + NAME = Roaring Lionus
49 +
50 +diff --git a/arch/arm/boot/dts/ls1021a.dtsi b/arch/arm/boot/dts/ls1021a.dtsi
51 +index 27133c3a4b12..0de4ba698d1d 100644
52 +--- a/arch/arm/boot/dts/ls1021a.dtsi
53 ++++ b/arch/arm/boot/dts/ls1021a.dtsi
54 +@@ -505,7 +505,7 @@
55 + };
56 +
57 + mdio0: mdio@2d24000 {
58 +- compatible = "fsl,etsec2-mdio";
59 ++ compatible = "gianfar";
60 + device_type = "mdio";
61 + #address-cells = <1>;
62 + #size-cells = <0>;
63 +@@ -513,7 +513,7 @@
64 + };
65 +
66 + mdio1: mdio@2d64000 {
67 +- compatible = "fsl,etsec2-mdio";
68 ++ compatible = "gianfar";
69 + device_type = "mdio";
70 + #address-cells = <1>;
71 + #size-cells = <0>;
72 +diff --git a/arch/arm/mach-imx/Makefile b/arch/arm/mach-imx/Makefile
73 +index cab128913e72..3a4014870a91 100644
74 +--- a/arch/arm/mach-imx/Makefile
75 ++++ b/arch/arm/mach-imx/Makefile
76 +@@ -86,6 +86,8 @@ AFLAGS_suspend-imx6.o :=-Wa,-march=armv7-a
77 + obj-$(CONFIG_SOC_IMX6) += suspend-imx6.o
78 + obj-$(CONFIG_SOC_IMX53) += suspend-imx53.o
79 + endif
80 ++AFLAGS_resume-imx6.o :=-Wa,-march=armv7-a
81 ++obj-$(CONFIG_SOC_IMX6) += resume-imx6.o
82 + obj-$(CONFIG_SOC_IMX6) += pm-imx6.o
83 +
84 + obj-$(CONFIG_SOC_IMX1) += mach-imx1.o
85 +diff --git a/arch/arm/mach-imx/common.h b/arch/arm/mach-imx/common.h
86 +index c4436d9c52ff..a3f6885cefbf 100644
87 +--- a/arch/arm/mach-imx/common.h
88 ++++ b/arch/arm/mach-imx/common.h
89 +@@ -112,17 +112,17 @@ void imx_cpu_die(unsigned int cpu);
90 + int imx_cpu_kill(unsigned int cpu);
91 +
92 + #ifdef CONFIG_SUSPEND
93 +-void v7_cpu_resume(void);
94 + void imx53_suspend(void __iomem *ocram_vbase);
95 + extern const u32 imx53_suspend_sz;
96 + void imx6_suspend(void __iomem *ocram_vbase);
97 + #else
98 +-static inline void v7_cpu_resume(void) {}
99 + static inline void imx53_suspend(void __iomem *ocram_vbase) {}
100 + static const u32 imx53_suspend_sz;
101 + static inline void imx6_suspend(void __iomem *ocram_vbase) {}
102 + #endif
103 +
104 ++void v7_cpu_resume(void);
105 ++
106 + void imx6_pm_ccm_init(const char *ccm_compat);
107 + void imx6q_pm_init(void);
108 + void imx6dl_pm_init(void);
109 +diff --git a/arch/arm/mach-imx/resume-imx6.S b/arch/arm/mach-imx/resume-imx6.S
110 +new file mode 100644
111 +index 000000000000..5bd1ba7ef15b
112 +--- /dev/null
113 ++++ b/arch/arm/mach-imx/resume-imx6.S
114 +@@ -0,0 +1,24 @@
115 ++/* SPDX-License-Identifier: GPL-2.0-or-later */
116 ++/*
117 ++ * Copyright 2014 Freescale Semiconductor, Inc.
118 ++ */
119 ++
120 ++#include <linux/linkage.h>
121 ++#include <asm/assembler.h>
122 ++#include <asm/asm-offsets.h>
123 ++#include <asm/hardware/cache-l2x0.h>
124 ++#include "hardware.h"
125 ++
126 ++/*
127 ++ * The following code must assume it is running from physical address
128 ++ * where absolute virtual addresses to the data section have to be
129 ++ * turned into relative ones.
130 ++ */
131 ++
132 ++ENTRY(v7_cpu_resume)
133 ++ bl v7_invalidate_l1
134 ++#ifdef CONFIG_CACHE_L2X0
135 ++ bl l2c310_early_resume
136 ++#endif
137 ++ b cpu_resume
138 ++ENDPROC(v7_cpu_resume)
139 +diff --git a/arch/arm/mach-imx/suspend-imx6.S b/arch/arm/mach-imx/suspend-imx6.S
140 +index 76ee2ceec8d5..7d84b617af48 100644
141 +--- a/arch/arm/mach-imx/suspend-imx6.S
142 ++++ b/arch/arm/mach-imx/suspend-imx6.S
143 +@@ -333,17 +333,3 @@ resume:
144 +
145 + ret lr
146 + ENDPROC(imx6_suspend)
147 +-
148 +-/*
149 +- * The following code must assume it is running from physical address
150 +- * where absolute virtual addresses to the data section have to be
151 +- * turned into relative ones.
152 +- */
153 +-
154 +-ENTRY(v7_cpu_resume)
155 +- bl v7_invalidate_l1
156 +-#ifdef CONFIG_CACHE_L2X0
157 +- bl l2c310_early_resume
158 +-#endif
159 +- b cpu_resume
160 +-ENDPROC(v7_cpu_resume)
161 +diff --git a/arch/mips/kernel/vpe.c b/arch/mips/kernel/vpe.c
162 +index 544ea21bfef9..b2683aca401f 100644
163 +--- a/arch/mips/kernel/vpe.c
164 ++++ b/arch/mips/kernel/vpe.c
165 +@@ -134,7 +134,7 @@ void release_vpe(struct vpe *v)
166 + {
167 + list_del(&v->list);
168 + if (v->load_addr)
169 +- release_progmem(v);
170 ++ release_progmem(v->load_addr);
171 + kfree(v);
172 + }
173 +
174 +diff --git a/arch/powerpc/kernel/cputable.c b/arch/powerpc/kernel/cputable.c
175 +index 7471ed48f41f..514e04b62261 100644
176 +--- a/arch/powerpc/kernel/cputable.c
177 ++++ b/arch/powerpc/kernel/cputable.c
178 +@@ -2199,11 +2199,13 @@ static struct cpu_spec * __init setup_cpu_spec(unsigned long offset,
179 + * oprofile_cpu_type already has a value, then we are
180 + * possibly overriding a real PVR with a logical one,
181 + * and, in that case, keep the current value for
182 +- * oprofile_cpu_type.
183 ++ * oprofile_cpu_type. Futhermore, let's ensure that the
184 ++ * fix for the PMAO bug is enabled on compatibility mode.
185 + */
186 + if (old.oprofile_cpu_type != NULL) {
187 + t->oprofile_cpu_type = old.oprofile_cpu_type;
188 + t->oprofile_type = old.oprofile_type;
189 ++ t->cpu_features |= old.cpu_features & CPU_FTR_PMAO_BUG;
190 + }
191 + }
192 +
193 +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
194 +index 477df9782fdf..f490a4fab2f7 100644
195 +--- a/arch/x86/kernel/cpu/common.c
196 ++++ b/arch/x86/kernel/cpu/common.c
197 +@@ -388,7 +388,7 @@ static __always_inline void setup_pku(struct cpuinfo_x86 *c)
198 + * cpuid bit to be set. We need to ensure that we
199 + * update that bit in this CPU's "cpu_info".
200 + */
201 +- get_cpu_cap(c);
202 ++ set_cpu_cap(c, X86_FEATURE_OSPKE);
203 + }
204 +
205 + #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
206 +diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
207 +index aaf2f810d170..b28f45aca2ef 100644
208 +--- a/crypto/algif_skcipher.c
209 ++++ b/crypto/algif_skcipher.c
210 +@@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
211 + lock_sock(sk);
212 + tx_nents = skcipher_all_sg_nents(ctx);
213 + sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL);
214 +- if (unlikely(!sreq->tsg))
215 ++ if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg)))
216 + goto unlock;
217 + sg_init_table(sreq->tsg, tx_nents);
218 + memcpy(iv, ctx->iv, ivsize);
219 +diff --git a/drivers/acpi/acpi_watchdog.c b/drivers/acpi/acpi_watchdog.c
220 +index 396e358c2cee..7ef0a0e105e1 100644
221 +--- a/drivers/acpi/acpi_watchdog.c
222 ++++ b/drivers/acpi/acpi_watchdog.c
223 +@@ -129,12 +129,11 @@ void __init acpi_watchdog_init(void)
224 + gas = &entries[i].register_region;
225 +
226 + res.start = gas->address;
227 ++ res.end = res.start + ACPI_ACCESS_BYTE_WIDTH(gas->access_width) - 1;
228 + if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
229 + res.flags = IORESOURCE_MEM;
230 +- res.end = res.start + ALIGN(gas->access_width, 4) - 1;
231 + } else if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
232 + res.flags = IORESOURCE_IO;
233 +- res.end = res.start + gas->access_width - 1;
234 + } else {
235 + pr_warn("Unsupported address space: %u\n",
236 + gas->space_id);
237 +diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
238 +index 996b9ae15404..a4ef9a6bd367 100644
239 +--- a/drivers/char/ipmi/ipmi_ssif.c
240 ++++ b/drivers/char/ipmi/ipmi_ssif.c
241 +@@ -746,10 +746,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
242 + flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
243 + msg = ssif_info->curr_msg;
244 + if (msg) {
245 ++ if (data) {
246 ++ if (len > IPMI_MAX_MSG_LENGTH)
247 ++ len = IPMI_MAX_MSG_LENGTH;
248 ++ memcpy(msg->rsp, data, len);
249 ++ } else {
250 ++ len = 0;
251 ++ }
252 + msg->rsp_size = len;
253 +- if (msg->rsp_size > IPMI_MAX_MSG_LENGTH)
254 +- msg->rsp_size = IPMI_MAX_MSG_LENGTH;
255 +- memcpy(msg->rsp, data, msg->rsp_size);
256 + ssif_info->curr_msg = NULL;
257 + }
258 +
259 +diff --git a/drivers/dma/coh901318.c b/drivers/dma/coh901318.c
260 +index 6d7d2d54eacf..f0932f25a9b1 100644
261 +--- a/drivers/dma/coh901318.c
262 ++++ b/drivers/dma/coh901318.c
263 +@@ -1944,8 +1944,6 @@ static void dma_tc_handle(struct coh901318_chan *cohc)
264 + return;
265 + }
266 +
267 +- spin_lock(&cohc->lock);
268 +-
269 + /*
270 + * When we reach this point, at least one queue item
271 + * should have been moved over from cohc->queue to
272 +@@ -1966,8 +1964,6 @@ static void dma_tc_handle(struct coh901318_chan *cohc)
273 + if (coh901318_queue_start(cohc) == NULL)
274 + cohc->busy = 0;
275 +
276 +- spin_unlock(&cohc->lock);
277 +-
278 + /*
279 + * This tasklet will remove items from cohc->active
280 + * and thus terminates them.
281 +diff --git a/drivers/dma/tegra20-apb-dma.c b/drivers/dma/tegra20-apb-dma.c
282 +index 22f7f0c68a48..4eaf92b2b886 100644
283 +--- a/drivers/dma/tegra20-apb-dma.c
284 ++++ b/drivers/dma/tegra20-apb-dma.c
285 +@@ -288,7 +288,7 @@ static struct tegra_dma_desc *tegra_dma_desc_get(
286 +
287 + /* Do not allocate if desc are waiting for ack */
288 + list_for_each_entry(dma_desc, &tdc->free_dma_desc, node) {
289 +- if (async_tx_test_ack(&dma_desc->txd)) {
290 ++ if (async_tx_test_ack(&dma_desc->txd) && !dma_desc->cb_count) {
291 + list_del(&dma_desc->node);
292 + spin_unlock_irqrestore(&tdc->lock, flags);
293 + dma_desc->txd.flags = 0;
294 +@@ -755,10 +755,6 @@ static int tegra_dma_terminate_all(struct dma_chan *dc)
295 + bool was_busy;
296 +
297 + spin_lock_irqsave(&tdc->lock, flags);
298 +- if (list_empty(&tdc->pending_sg_req)) {
299 +- spin_unlock_irqrestore(&tdc->lock, flags);
300 +- return 0;
301 +- }
302 +
303 + if (!tdc->busy)
304 + goto skip_dma_stop;
305 +diff --git a/drivers/gpu/drm/msm/dsi/dsi_manager.c b/drivers/gpu/drm/msm/dsi/dsi_manager.c
306 +index c8d1f19c9a6d..d46b9e75a847 100644
307 +--- a/drivers/gpu/drm/msm/dsi/dsi_manager.c
308 ++++ b/drivers/gpu/drm/msm/dsi/dsi_manager.c
309 +@@ -306,7 +306,7 @@ static int dsi_mgr_connector_get_modes(struct drm_connector *connector)
310 + return num;
311 + }
312 +
313 +-static int dsi_mgr_connector_mode_valid(struct drm_connector *connector,
314 ++static enum drm_mode_status dsi_mgr_connector_mode_valid(struct drm_connector *connector,
315 + struct drm_display_mode *mode)
316 + {
317 + int id = dsi_mgr_connector_get_id(connector);
318 +@@ -438,6 +438,7 @@ static void dsi_mgr_bridge_post_disable(struct drm_bridge *bridge)
319 + struct msm_dsi *msm_dsi1 = dsi_mgr_get_dsi(DSI_1);
320 + struct mipi_dsi_host *host = msm_dsi->host;
321 + struct drm_panel *panel = msm_dsi->panel;
322 ++ struct msm_dsi_pll *src_pll;
323 + bool is_dual_dsi = IS_DUAL_DSI();
324 + int ret;
325 +
326 +@@ -471,6 +472,10 @@ static void dsi_mgr_bridge_post_disable(struct drm_bridge *bridge)
327 + id, ret);
328 + }
329 +
330 ++ /* Save PLL status if it is a clock source */
331 ++ src_pll = msm_dsi_phy_get_pll(msm_dsi->phy);
332 ++ msm_dsi_pll_save_state(src_pll);
333 ++
334 + ret = msm_dsi_host_power_off(host);
335 + if (ret)
336 + pr_err("%s: host %d power off failed,%d\n", __func__, id, ret);
337 +diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
338 +index 6abf315fd6da..ce32f41fc28a 100644
339 +--- a/drivers/gpu/drm/msm/msm_drv.c
340 ++++ b/drivers/gpu/drm/msm/msm_drv.c
341 +@@ -396,6 +396,14 @@ static int msm_drm_init(struct device *dev, struct drm_driver *drv)
342 + if (ret)
343 + goto fail;
344 +
345 ++ if (!dev->dma_parms) {
346 ++ dev->dma_parms = devm_kzalloc(dev, sizeof(*dev->dma_parms),
347 ++ GFP_KERNEL);
348 ++ if (!dev->dma_parms)
349 ++ return -ENOMEM;
350 ++ }
351 ++ dma_set_max_seg_size(dev, DMA_BIT_MASK(32));
352 ++
353 + msm_gem_shrinker_init(ddev);
354 +
355 + switch (get_mdp_ver(pdev)) {
356 +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
357 +index e382d6f23097..b4b9d8152536 100644
358 +--- a/drivers/hid/hid-core.c
359 ++++ b/drivers/hid/hid-core.c
360 +@@ -1547,7 +1547,9 @@ int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
361 +
362 + rsize = ((report->size - 1) >> 3) + 1;
363 +
364 +- if (rsize > HID_MAX_BUFFER_SIZE)
365 ++ if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)
366 ++ rsize = HID_MAX_BUFFER_SIZE - 1;
367 ++ else if (rsize > HID_MAX_BUFFER_SIZE)
368 + rsize = HID_MAX_BUFFER_SIZE;
369 +
370 + if (csize < rsize) {
371 +diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
372 +index 8903ea09ac58..dbdd265075da 100644
373 +--- a/drivers/hid/usbhid/hiddev.c
374 ++++ b/drivers/hid/usbhid/hiddev.c
375 +@@ -962,9 +962,9 @@ void hiddev_disconnect(struct hid_device *hid)
376 + hiddev->exist = 0;
377 +
378 + if (hiddev->open) {
379 +- mutex_unlock(&hiddev->existancelock);
380 + usbhid_close(hiddev->hid);
381 + wake_up_interruptible(&hiddev->wait);
382 ++ mutex_unlock(&hiddev->existancelock);
383 + } else {
384 + mutex_unlock(&hiddev->existancelock);
385 + kfree(hiddev);
386 +diff --git a/drivers/hwmon/adt7462.c b/drivers/hwmon/adt7462.c
387 +index 5929e126da63..d9923d63eb4f 100644
388 +--- a/drivers/hwmon/adt7462.c
389 ++++ b/drivers/hwmon/adt7462.c
390 +@@ -426,7 +426,7 @@ static int ADT7462_REG_VOLT(struct adt7462_data *data, int which)
391 + return 0x95;
392 + break;
393 + }
394 +- return -ENODEV;
395 ++ return 0;
396 + }
397 +
398 + /* Provide labels for sysfs */
399 +diff --git a/drivers/i2c/busses/i2c-jz4780.c b/drivers/i2c/busses/i2c-jz4780.c
400 +index 30132c3957cd..41ca9ff7b5da 100644
401 +--- a/drivers/i2c/busses/i2c-jz4780.c
402 ++++ b/drivers/i2c/busses/i2c-jz4780.c
403 +@@ -82,25 +82,6 @@
404 + #define JZ4780_I2C_STA_TFNF BIT(1)
405 + #define JZ4780_I2C_STA_ACT BIT(0)
406 +
407 +-static const char * const jz4780_i2c_abrt_src[] = {
408 +- "ABRT_7B_ADDR_NOACK",
409 +- "ABRT_10ADDR1_NOACK",
410 +- "ABRT_10ADDR2_NOACK",
411 +- "ABRT_XDATA_NOACK",
412 +- "ABRT_GCALL_NOACK",
413 +- "ABRT_GCALL_READ",
414 +- "ABRT_HS_ACKD",
415 +- "SBYTE_ACKDET",
416 +- "ABRT_HS_NORSTRT",
417 +- "SBYTE_NORSTRT",
418 +- "ABRT_10B_RD_NORSTRT",
419 +- "ABRT_MASTER_DIS",
420 +- "ARB_LOST",
421 +- "SLVFLUSH_TXFIFO",
422 +- "SLV_ARBLOST",
423 +- "SLVRD_INTX",
424 +-};
425 +-
426 + #define JZ4780_I2C_INTST_IGC BIT(11)
427 + #define JZ4780_I2C_INTST_ISTT BIT(10)
428 + #define JZ4780_I2C_INTST_ISTP BIT(9)
429 +@@ -538,21 +519,8 @@ done:
430 +
431 + static void jz4780_i2c_txabrt(struct jz4780_i2c *i2c, int src)
432 + {
433 +- int i;
434 +-
435 +- dev_err(&i2c->adap.dev, "txabrt: 0x%08x\n", src);
436 +- dev_err(&i2c->adap.dev, "device addr=%x\n",
437 +- jz4780_i2c_readw(i2c, JZ4780_I2C_TAR));
438 +- dev_err(&i2c->adap.dev, "send cmd count:%d %d\n",
439 +- i2c->cmd, i2c->cmd_buf[i2c->cmd]);
440 +- dev_err(&i2c->adap.dev, "receive data count:%d %d\n",
441 +- i2c->cmd, i2c->data_buf[i2c->cmd]);
442 +-
443 +- for (i = 0; i < 16; i++) {
444 +- if (src & BIT(i))
445 +- dev_dbg(&i2c->adap.dev, "I2C TXABRT[%d]=%s\n",
446 +- i, jz4780_i2c_abrt_src[i]);
447 +- }
448 ++ dev_dbg(&i2c->adap.dev, "txabrt: 0x%08x, cmd: %d, send: %d, recv: %d\n",
449 ++ src, i2c->cmd, i2c->cmd_buf[i2c->cmd], i2c->data_buf[i2c->cmd]);
450 + }
451 +
452 + static inline int jz4780_i2c_xfer_read(struct jz4780_i2c *i2c,
453 +diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
454 +index 71c7c4c328ef..304429fd04dd 100644
455 +--- a/drivers/infiniband/core/cm.c
456 ++++ b/drivers/infiniband/core/cm.c
457 +@@ -1073,6 +1073,7 @@ struct ib_cm_id *ib_cm_insert_listen(struct ib_device *device,
458 + /* Sharing an ib_cm_id with different handlers is not
459 + * supported */
460 + spin_unlock_irqrestore(&cm.lock, flags);
461 ++ ib_destroy_cm_id(cm_id);
462 + return ERR_PTR(-EINVAL);
463 + }
464 + atomic_inc(&cm_id_priv->refcount);
465 +diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c
466 +index 5495e22839a7..1f71c306923f 100644
467 +--- a/drivers/infiniband/core/iwcm.c
468 ++++ b/drivers/infiniband/core/iwcm.c
469 +@@ -137,8 +137,10 @@ static void dealloc_work_entries(struct iwcm_id_private *cm_id_priv)
470 + {
471 + struct list_head *e, *tmp;
472 +
473 +- list_for_each_safe(e, tmp, &cm_id_priv->work_free_list)
474 ++ list_for_each_safe(e, tmp, &cm_id_priv->work_free_list) {
475 ++ list_del(e);
476 + kfree(list_entry(e, struct iwcm_work, free_list));
477 ++ }
478 + }
479 +
480 + static int alloc_work_entries(struct iwcm_id_private *cm_id_priv, int count)
481 +diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c
482 +index 58b97226050f..1b7d77080d6b 100644
483 +--- a/drivers/md/dm-cache-target.c
484 ++++ b/drivers/md/dm-cache-target.c
485 +@@ -2192,8 +2192,8 @@ static void wait_for_migrations(struct cache *cache)
486 +
487 + static void stop_worker(struct cache *cache)
488 + {
489 +- cancel_delayed_work(&cache->waker);
490 +- flush_workqueue(cache->wq);
491 ++ cancel_delayed_work_sync(&cache->waker);
492 ++ drain_workqueue(cache->wq);
493 + }
494 +
495 + static void requeue_deferred_cells(struct cache *cache)
496 +diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
497 +index 912dc09bc7a7..905911f78693 100644
498 +--- a/drivers/net/ethernet/amazon/ena/ena_com.c
499 ++++ b/drivers/net/ethernet/amazon/ena/ena_com.c
500 +@@ -199,6 +199,11 @@ static inline void comp_ctxt_release(struct ena_com_admin_queue *queue,
501 + static struct ena_comp_ctx *get_comp_ctxt(struct ena_com_admin_queue *queue,
502 + u16 command_id, bool capture)
503 + {
504 ++ if (unlikely(!queue->comp_ctx)) {
505 ++ pr_err("Completion context is NULL\n");
506 ++ return NULL;
507 ++ }
508 ++
509 + if (unlikely(command_id >= queue->q_depth)) {
510 + pr_err("command id is larger than the queue size. cmd_id: %u queue size %d\n",
511 + command_id, queue->q_depth);
512 +@@ -839,6 +844,24 @@ static int ena_com_get_feature(struct ena_com_dev *ena_dev,
513 + 0);
514 + }
515 +
516 ++static void ena_com_hash_key_fill_default_key(struct ena_com_dev *ena_dev)
517 ++{
518 ++ struct ena_admin_feature_rss_flow_hash_control *hash_key =
519 ++ (ena_dev->rss).hash_key;
520 ++
521 ++ netdev_rss_key_fill(&hash_key->key, sizeof(hash_key->key));
522 ++ /* The key is stored in the device in u32 array
523 ++ * as well as the API requires the key to be passed in this
524 ++ * format. Thus the size of our array should be divided by 4
525 ++ */
526 ++ hash_key->keys_num = sizeof(hash_key->key) / sizeof(u32);
527 ++}
528 ++
529 ++int ena_com_get_current_hash_function(struct ena_com_dev *ena_dev)
530 ++{
531 ++ return ena_dev->rss.hash_func;
532 ++}
533 ++
534 + static int ena_com_hash_key_allocate(struct ena_com_dev *ena_dev)
535 + {
536 + struct ena_rss *rss = &ena_dev->rss;
537 +@@ -2034,15 +2057,16 @@ int ena_com_fill_hash_function(struct ena_com_dev *ena_dev,
538 +
539 + switch (func) {
540 + case ENA_ADMIN_TOEPLITZ:
541 +- if (key_len > sizeof(hash_key->key)) {
542 +- pr_err("key len (%hu) is bigger than the max supported (%zu)\n",
543 +- key_len, sizeof(hash_key->key));
544 +- return -EINVAL;
545 ++ if (key) {
546 ++ if (key_len != sizeof(hash_key->key)) {
547 ++ pr_err("key len (%hu) doesn't equal the supported size (%zu)\n",
548 ++ key_len, sizeof(hash_key->key));
549 ++ return -EINVAL;
550 ++ }
551 ++ memcpy(hash_key->key, key, key_len);
552 ++ rss->hash_init_val = init_val;
553 ++ hash_key->keys_num = key_len >> 2;
554 + }
555 +-
556 +- memcpy(hash_key->key, key, key_len);
557 +- rss->hash_init_val = init_val;
558 +- hash_key->keys_num = key_len >> 2;
559 + break;
560 + case ENA_ADMIN_CRC32:
561 + rss->hash_init_val = init_val;
562 +@@ -2079,7 +2103,11 @@ int ena_com_get_hash_function(struct ena_com_dev *ena_dev,
563 + if (unlikely(rc))
564 + return rc;
565 +
566 +- rss->hash_func = get_resp.u.flow_hash_func.selected_func;
567 ++ /* ffs() returns 1 in case the lsb is set */
568 ++ rss->hash_func = ffs(get_resp.u.flow_hash_func.selected_func);
569 ++ if (rss->hash_func)
570 ++ rss->hash_func--;
571 ++
572 + if (func)
573 + *func = rss->hash_func;
574 +
575 +@@ -2366,6 +2394,8 @@ int ena_com_rss_init(struct ena_com_dev *ena_dev, u16 indr_tbl_log_size)
576 + if (unlikely(rc))
577 + goto err_hash_key;
578 +
579 ++ ena_com_hash_key_fill_default_key(ena_dev);
580 ++
581 + rc = ena_com_hash_ctrl_init(ena_dev);
582 + if (unlikely(rc))
583 + goto err_hash_ctrl;
584 +diff --git a/drivers/net/ethernet/amazon/ena/ena_com.h b/drivers/net/ethernet/amazon/ena/ena_com.h
585 +index 509d7b8e15ab..98b2ad20f599 100644
586 +--- a/drivers/net/ethernet/amazon/ena/ena_com.h
587 ++++ b/drivers/net/ethernet/amazon/ena/ena_com.h
588 +@@ -41,6 +41,7 @@
589 + #include <linux/spinlock.h>
590 + #include <linux/types.h>
591 + #include <linux/wait.h>
592 ++#include <linux/netdevice.h>
593 +
594 + #include "ena_common_defs.h"
595 + #include "ena_admin_defs.h"
596 +@@ -622,6 +623,14 @@ int ena_com_rss_init(struct ena_com_dev *ena_dev, u16 log_size);
597 + */
598 + void ena_com_rss_destroy(struct ena_com_dev *ena_dev);
599 +
600 ++/* ena_com_get_current_hash_function - Get RSS hash function
601 ++ * @ena_dev: ENA communication layer struct
602 ++ *
603 ++ * Return the current hash function.
604 ++ * @return: 0 or one of the ena_admin_hash_functions values.
605 ++ */
606 ++int ena_com_get_current_hash_function(struct ena_com_dev *ena_dev);
607 ++
608 + /* ena_com_fill_hash_function - Fill RSS hash function
609 + * @ena_dev: ENA communication layer struct
610 + * @func: The hash function (Toeplitz or crc)
611 +diff --git a/drivers/net/ethernet/amazon/ena/ena_ethtool.c b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
612 +index 06fd061a20e9..0ef0a7b75751 100644
613 +--- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c
614 ++++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
615 +@@ -651,6 +651,28 @@ static u32 ena_get_rxfh_key_size(struct net_device *netdev)
616 + return ENA_HASH_KEY_SIZE;
617 + }
618 +
619 ++static int ena_indirection_table_get(struct ena_adapter *adapter, u32 *indir)
620 ++{
621 ++ struct ena_com_dev *ena_dev = adapter->ena_dev;
622 ++ int i, rc;
623 ++
624 ++ if (!indir)
625 ++ return 0;
626 ++
627 ++ rc = ena_com_indirect_table_get(ena_dev, indir);
628 ++ if (rc)
629 ++ return rc;
630 ++
631 ++ /* Our internal representation of the indices is: even indices
632 ++ * for Tx and uneven indices for Rx. We need to convert the Rx
633 ++ * indices to be consecutive
634 ++ */
635 ++ for (i = 0; i < ENA_RX_RSS_TABLE_SIZE; i++)
636 ++ indir[i] = ENA_IO_RXQ_IDX_TO_COMBINED_IDX(indir[i]);
637 ++
638 ++ return rc;
639 ++}
640 ++
641 + static int ena_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
642 + u8 *hfunc)
643 + {
644 +@@ -659,11 +681,25 @@ static int ena_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
645 + u8 func;
646 + int rc;
647 +
648 +- rc = ena_com_indirect_table_get(adapter->ena_dev, indir);
649 ++ rc = ena_indirection_table_get(adapter, indir);
650 + if (rc)
651 + return rc;
652 +
653 ++ /* We call this function in order to check if the device
654 ++ * supports getting/setting the hash function.
655 ++ */
656 + rc = ena_com_get_hash_function(adapter->ena_dev, &ena_func, key);
657 ++
658 ++ if (rc) {
659 ++ if (rc == -EOPNOTSUPP) {
660 ++ key = NULL;
661 ++ hfunc = NULL;
662 ++ rc = 0;
663 ++ }
664 ++
665 ++ return rc;
666 ++ }
667 ++
668 + if (rc)
669 + return rc;
670 +
671 +@@ -715,6 +751,9 @@ static int ena_set_rxfh(struct net_device *netdev, const u32 *indir,
672 + }
673 +
674 + switch (hfunc) {
675 ++ case ETH_RSS_HASH_NO_CHANGE:
676 ++ func = ena_com_get_current_hash_function(ena_dev);
677 ++ break;
678 + case ETH_RSS_HASH_TOP:
679 + func = ENA_ADMIN_TOEPLITZ;
680 + break;
681 +@@ -819,6 +858,7 @@ static const struct ethtool_ops ena_ethtool_ops = {
682 + .get_channels = ena_get_channels,
683 + .get_tunable = ena_get_tunable,
684 + .set_tunable = ena_set_tunable,
685 ++ .get_ts_info = ethtool_op_get_ts_info,
686 + };
687 +
688 + void ena_set_ethtool_ops(struct net_device *netdev)
689 +diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.h b/drivers/net/ethernet/amazon/ena/ena_netdev.h
690 +index 008f2d594d40..326c2e1437b3 100644
691 +--- a/drivers/net/ethernet/amazon/ena/ena_netdev.h
692 ++++ b/drivers/net/ethernet/amazon/ena/ena_netdev.h
693 +@@ -110,6 +110,8 @@
694 +
695 + #define ENA_IO_TXQ_IDX(q) (2 * (q))
696 + #define ENA_IO_RXQ_IDX(q) (2 * (q) + 1)
697 ++#define ENA_IO_TXQ_IDX_TO_COMBINED_IDX(q) ((q) / 2)
698 ++#define ENA_IO_RXQ_IDX_TO_COMBINED_IDX(q) (((q) - 1) / 2)
699 +
700 + #define ENA_MGMNT_IRQ_IDX 0
701 + #define ENA_IO_IRQ_FIRST_IDX 1
702 +diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
703 +index de4b5d267c30..17c07837033f 100644
704 +--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
705 ++++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
706 +@@ -1711,7 +1711,7 @@ static int xgene_enet_probe(struct platform_device *pdev)
707 + int ret;
708 +
709 + ndev = alloc_etherdev_mqs(sizeof(struct xgene_enet_pdata),
710 +- XGENE_NUM_RX_RING, XGENE_NUM_TX_RING);
711 ++ XGENE_NUM_TX_RING, XGENE_NUM_RX_RING);
712 + if (!ndev)
713 + return -ENOMEM;
714 +
715 +diff --git a/drivers/net/ethernet/micrel/ks8851_mll.c b/drivers/net/ethernet/micrel/ks8851_mll.c
716 +index 8dc1f0277117..d94e151cff12 100644
717 +--- a/drivers/net/ethernet/micrel/ks8851_mll.c
718 ++++ b/drivers/net/ethernet/micrel/ks8851_mll.c
719 +@@ -474,24 +474,6 @@ static int msg_enable;
720 + * chip is busy transferring packet data (RX/TX FIFO accesses).
721 + */
722 +
723 +-/**
724 +- * ks_rdreg8 - read 8 bit register from device
725 +- * @ks : The chip information
726 +- * @offset: The register address
727 +- *
728 +- * Read a 8bit register from the chip, returning the result
729 +- */
730 +-static u8 ks_rdreg8(struct ks_net *ks, int offset)
731 +-{
732 +- u16 data;
733 +- u8 shift_bit = offset & 0x03;
734 +- u8 shift_data = (offset & 1) << 3;
735 +- ks->cmd_reg_cache = (u16) offset | (u16)(BE0 << shift_bit);
736 +- iowrite16(ks->cmd_reg_cache, ks->hw_addr_cmd);
737 +- data = ioread16(ks->hw_addr);
738 +- return (u8)(data >> shift_data);
739 +-}
740 +-
741 + /**
742 + * ks_rdreg16 - read 16 bit register from device
743 + * @ks : The chip information
744 +@@ -502,27 +484,11 @@ static u8 ks_rdreg8(struct ks_net *ks, int offset)
745 +
746 + static u16 ks_rdreg16(struct ks_net *ks, int offset)
747 + {
748 +- ks->cmd_reg_cache = (u16)offset | ((BE1 | BE0) << (offset & 0x02));
749 ++ ks->cmd_reg_cache = (u16)offset | ((BE3 | BE2) >> (offset & 0x02));
750 + iowrite16(ks->cmd_reg_cache, ks->hw_addr_cmd);
751 + return ioread16(ks->hw_addr);
752 + }
753 +
754 +-/**
755 +- * ks_wrreg8 - write 8bit register value to chip
756 +- * @ks: The chip information
757 +- * @offset: The register address
758 +- * @value: The value to write
759 +- *
760 +- */
761 +-static void ks_wrreg8(struct ks_net *ks, int offset, u8 value)
762 +-{
763 +- u8 shift_bit = (offset & 0x03);
764 +- u16 value_write = (u16)(value << ((offset & 1) << 3));
765 +- ks->cmd_reg_cache = (u16)offset | (BE0 << shift_bit);
766 +- iowrite16(ks->cmd_reg_cache, ks->hw_addr_cmd);
767 +- iowrite16(value_write, ks->hw_addr);
768 +-}
769 +-
770 + /**
771 + * ks_wrreg16 - write 16bit register value to chip
772 + * @ks: The chip information
773 +@@ -533,7 +499,7 @@ static void ks_wrreg8(struct ks_net *ks, int offset, u8 value)
774 +
775 + static void ks_wrreg16(struct ks_net *ks, int offset, u16 value)
776 + {
777 +- ks->cmd_reg_cache = (u16)offset | ((BE1 | BE0) << (offset & 0x02));
778 ++ ks->cmd_reg_cache = (u16)offset | ((BE3 | BE2) >> (offset & 0x02));
779 + iowrite16(ks->cmd_reg_cache, ks->hw_addr_cmd);
780 + iowrite16(value, ks->hw_addr);
781 + }
782 +@@ -549,7 +515,7 @@ static inline void ks_inblk(struct ks_net *ks, u16 *wptr, u32 len)
783 + {
784 + len >>= 1;
785 + while (len--)
786 +- *wptr++ = (u16)ioread16(ks->hw_addr);
787 ++ *wptr++ = be16_to_cpu(ioread16(ks->hw_addr));
788 + }
789 +
790 + /**
791 +@@ -563,7 +529,7 @@ static inline void ks_outblk(struct ks_net *ks, u16 *wptr, u32 len)
792 + {
793 + len >>= 1;
794 + while (len--)
795 +- iowrite16(*wptr++, ks->hw_addr);
796 ++ iowrite16(cpu_to_be16(*wptr++), ks->hw_addr);
797 + }
798 +
799 + static void ks_disable_int(struct ks_net *ks)
800 +@@ -642,8 +608,7 @@ static void ks_read_config(struct ks_net *ks)
801 + u16 reg_data = 0;
802 +
803 + /* Regardless of bus width, 8 bit read should always work.*/
804 +- reg_data = ks_rdreg8(ks, KS_CCR) & 0x00FF;
805 +- reg_data |= ks_rdreg8(ks, KS_CCR+1) << 8;
806 ++ reg_data = ks_rdreg16(ks, KS_CCR);
807 +
808 + /* addr/data bus are multiplexed */
809 + ks->sharedbus = (reg_data & CCR_SHARED) == CCR_SHARED;
810 +@@ -747,7 +712,7 @@ static inline void ks_read_qmu(struct ks_net *ks, u16 *buf, u32 len)
811 +
812 + /* 1. set sudo DMA mode */
813 + ks_wrreg16(ks, KS_RXFDPR, RXFDPR_RXFPAI);
814 +- ks_wrreg8(ks, KS_RXQCR, (ks->rc_rxqcr | RXQCR_SDA) & 0xff);
815 ++ ks_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA);
816 +
817 + /* 2. read prepend data */
818 + /**
819 +@@ -764,7 +729,7 @@ static inline void ks_read_qmu(struct ks_net *ks, u16 *buf, u32 len)
820 + ks_inblk(ks, buf, ALIGN(len, 4));
821 +
822 + /* 4. reset sudo DMA Mode */
823 +- ks_wrreg8(ks, KS_RXQCR, ks->rc_rxqcr);
824 ++ ks_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr);
825 + }
826 +
827 + /**
828 +@@ -997,13 +962,13 @@ static void ks_write_qmu(struct ks_net *ks, u8 *pdata, u16 len)
829 + ks->txh.txw[1] = cpu_to_le16(len);
830 +
831 + /* 1. set sudo-DMA mode */
832 +- ks_wrreg8(ks, KS_RXQCR, (ks->rc_rxqcr | RXQCR_SDA) & 0xff);
833 ++ ks_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr | RXQCR_SDA);
834 + /* 2. write status/lenth info */
835 + ks_outblk(ks, ks->txh.txw, 4);
836 + /* 3. write pkt data */
837 + ks_outblk(ks, (u16 *)pdata, ALIGN(len, 4));
838 + /* 4. reset sudo-DMA mode */
839 +- ks_wrreg8(ks, KS_RXQCR, ks->rc_rxqcr);
840 ++ ks_wrreg16(ks, KS_RXQCR, ks->rc_rxqcr);
841 + /* 5. Enqueue Tx(move the pkt from TX buffer into TXQ) */
842 + ks_wrreg16(ks, KS_TXQCR, TXQCR_METFE);
843 + /* 6. wait until TXQCR_METFE is auto-cleared */
844 +diff --git a/drivers/net/phy/mdio-bcm-iproc.c b/drivers/net/phy/mdio-bcm-iproc.c
845 +index 46fe1ae919a3..51ce3ea17fb3 100644
846 +--- a/drivers/net/phy/mdio-bcm-iproc.c
847 ++++ b/drivers/net/phy/mdio-bcm-iproc.c
848 +@@ -188,6 +188,23 @@ static int iproc_mdio_remove(struct platform_device *pdev)
849 + return 0;
850 + }
851 +
852 ++#ifdef CONFIG_PM_SLEEP
853 ++int iproc_mdio_resume(struct device *dev)
854 ++{
855 ++ struct platform_device *pdev = to_platform_device(dev);
856 ++ struct iproc_mdio_priv *priv = platform_get_drvdata(pdev);
857 ++
858 ++ /* restore the mii clock configuration */
859 ++ iproc_mdio_config_clk(priv->base);
860 ++
861 ++ return 0;
862 ++}
863 ++
864 ++static const struct dev_pm_ops iproc_mdio_pm_ops = {
865 ++ .resume = iproc_mdio_resume
866 ++};
867 ++#endif /* CONFIG_PM_SLEEP */
868 ++
869 + static const struct of_device_id iproc_mdio_of_match[] = {
870 + { .compatible = "brcm,iproc-mdio", },
871 + { /* sentinel */ },
872 +@@ -198,6 +215,9 @@ static struct platform_driver iproc_mdio_driver = {
873 + .driver = {
874 + .name = "iproc-mdio",
875 + .of_match_table = iproc_mdio_of_match,
876 ++#ifdef CONFIG_PM_SLEEP
877 ++ .pm = &iproc_mdio_pm_ops,
878 ++#endif
879 + },
880 + .probe = iproc_mdio_probe,
881 + .remove = iproc_mdio_remove,
882 +diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c
883 +index 2af09c3851a5..cc841126147e 100644
884 +--- a/drivers/net/slip/slip.c
885 ++++ b/drivers/net/slip/slip.c
886 +@@ -868,7 +868,6 @@ err_free_chan:
887 + tty->disc_data = NULL;
888 + clear_bit(SLF_INUSE, &sl->flags);
889 + sl_free_netdev(sl->dev);
890 +- free_netdev(sl->dev);
891 +
892 + err_exit:
893 + rtnl_unlock();
894 +diff --git a/drivers/net/tun.c b/drivers/net/tun.c
895 +index 17be1f6a813f..44b16d945e33 100644
896 +--- a/drivers/net/tun.c
897 ++++ b/drivers/net/tun.c
898 +@@ -1106,6 +1106,13 @@ static void tun_net_init(struct net_device *dev)
899 + }
900 + }
901 +
902 ++static bool tun_sock_writeable(struct tun_struct *tun, struct tun_file *tfile)
903 ++{
904 ++ struct sock *sk = tfile->socket.sk;
905 ++
906 ++ return (tun->dev->flags & IFF_UP) && sock_writeable(sk);
907 ++}
908 ++
909 + /* Character device part */
910 +
911 + /* Poll */
912 +@@ -1128,10 +1135,14 @@ static unsigned int tun_chr_poll(struct file *file, poll_table *wait)
913 + if (!skb_array_empty(&tfile->tx_array))
914 + mask |= POLLIN | POLLRDNORM;
915 +
916 +- if (tun->dev->flags & IFF_UP &&
917 +- (sock_writeable(sk) ||
918 +- (!test_and_set_bit(SOCKWQ_ASYNC_NOSPACE, &sk->sk_socket->flags) &&
919 +- sock_writeable(sk))))
920 ++ /* Make sure SOCKWQ_ASYNC_NOSPACE is set if not writable to
921 ++ * guarantee EPOLLOUT to be raised by either here or
922 ++ * tun_sock_write_space(). Then process could get notification
923 ++ * after it writes to a down device and meets -EIO.
924 ++ */
925 ++ if (tun_sock_writeable(tun, tfile) ||
926 ++ (!test_and_set_bit(SOCKWQ_ASYNC_NOSPACE, &sk->sk_socket->flags) &&
927 ++ tun_sock_writeable(tun, tfile)))
928 + mask |= POLLOUT | POLLWRNORM;
929 +
930 + if (tun->dev->reg_state != NETREG_REGISTERED)
931 +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
932 +index de7b431fdd6b..97f6b8130db3 100644
933 +--- a/drivers/net/usb/qmi_wwan.c
934 ++++ b/drivers/net/usb/qmi_wwan.c
935 +@@ -951,6 +951,7 @@ static const struct usb_device_id products[] = {
936 + {QMI_FIXED_INTF(0x413c, 0x81b6, 8)}, /* Dell Wireless 5811e */
937 + {QMI_FIXED_INTF(0x413c, 0x81b6, 10)}, /* Dell Wireless 5811e */
938 + {QMI_FIXED_INTF(0x413c, 0x81d7, 0)}, /* Dell Wireless 5821e */
939 ++ {QMI_FIXED_INTF(0x413c, 0x81d7, 1)}, /* Dell Wireless 5821e preproduction config */
940 + {QMI_FIXED_INTF(0x413c, 0x81e0, 0)}, /* Dell Wireless 5821e with eSIM support*/
941 + {QMI_FIXED_INTF(0x03f0, 0x4e1d, 8)}, /* HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module */
942 + {QMI_FIXED_INTF(0x03f0, 0x9d1d, 1)}, /* HP lt4120 Snapdragon X5 LTE */
943 +diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
944 +index a2ebe46bcfc5..395bbe2c0f98 100644
945 +--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
946 ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
947 +@@ -898,9 +898,13 @@ int iwl_pcie_rx_init(struct iwl_trans *trans)
948 + return err;
949 + }
950 + def_rxq = trans_pcie->rxq;
951 +- if (!rba->alloc_wq)
952 ++ if (!rba->alloc_wq) {
953 + rba->alloc_wq = alloc_workqueue("rb_allocator",
954 + WQ_HIGHPRI | WQ_UNBOUND, 1);
955 ++ if (!rba->alloc_wq)
956 ++ return -ENOMEM;
957 ++ }
958 ++
959 + INIT_WORK(&rba->rx_alloc, iwl_pcie_rx_allocator_work);
960 +
961 + cancel_work_sync(&rba->rx_alloc);
962 +diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
963 +index f837c39a8017..0f6905123b0a 100644
964 +--- a/drivers/nfc/pn544/i2c.c
965 ++++ b/drivers/nfc/pn544/i2c.c
966 +@@ -240,6 +240,7 @@ static void pn544_hci_i2c_platform_init(struct pn544_i2c_phy *phy)
967 +
968 + out:
969 + gpio_set_value_cansleep(phy->gpio_en, !phy->en_polarity);
970 ++ usleep_range(10000, 15000);
971 + }
972 +
973 + static void pn544_hci_i2c_enable_mode(struct pn544_i2c_phy *phy, int run_mode)
974 +diff --git a/drivers/s390/cio/blacklist.c b/drivers/s390/cio/blacklist.c
975 +index 9082476b51db..4e9f794176d3 100644
976 +--- a/drivers/s390/cio/blacklist.c
977 ++++ b/drivers/s390/cio/blacklist.c
978 +@@ -302,8 +302,10 @@ static void *
979 + cio_ignore_proc_seq_next(struct seq_file *s, void *it, loff_t *offset)
980 + {
981 + struct ccwdev_iter *iter;
982 ++ loff_t p = *offset;
983 +
984 +- if (*offset >= (__MAX_SUBCHANNEL + 1) * (__MAX_SSID + 1))
985 ++ (*offset)++;
986 ++ if (p >= (__MAX_SUBCHANNEL + 1) * (__MAX_SSID + 1))
987 + return NULL;
988 + iter = it;
989 + if (iter->devno == __MAX_SUBCHANNEL) {
990 +@@ -313,7 +315,6 @@ cio_ignore_proc_seq_next(struct seq_file *s, void *it, loff_t *offset)
991 + return NULL;
992 + } else
993 + iter->devno++;
994 +- (*offset)++;
995 + return iter;
996 + }
997 +
998 +diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
999 +index e8819aa20415..c4e9eba36023 100644
1000 +--- a/drivers/tty/serial/8250/8250_core.c
1001 ++++ b/drivers/tty/serial/8250/8250_core.c
1002 +@@ -181,7 +181,7 @@ static int serial_link_irq_chain(struct uart_8250_port *up)
1003 + struct hlist_head *h;
1004 + struct hlist_node *n;
1005 + struct irq_info *i;
1006 +- int ret, irq_flags = up->port.flags & UPF_SHARE_IRQ ? IRQF_SHARED : 0;
1007 ++ int ret;
1008 +
1009 + mutex_lock(&hash_mutex);
1010 +
1011 +@@ -216,9 +216,8 @@ static int serial_link_irq_chain(struct uart_8250_port *up)
1012 + INIT_LIST_HEAD(&up->list);
1013 + i->head = &up->list;
1014 + spin_unlock_irq(&i->lock);
1015 +- irq_flags |= up->port.irqflags;
1016 + ret = request_irq(up->port.irq, serial8250_interrupt,
1017 +- irq_flags, "serial", i);
1018 ++ up->port.irqflags, "serial", i);
1019 + if (ret < 0)
1020 + serial_do_unlink(i, up);
1021 + }
1022 +diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
1023 +index 8f1233324586..c7a7574172fa 100644
1024 +--- a/drivers/tty/serial/8250/8250_port.c
1025 ++++ b/drivers/tty/serial/8250/8250_port.c
1026 +@@ -2199,6 +2199,10 @@ int serial8250_do_startup(struct uart_port *port)
1027 + }
1028 + }
1029 +
1030 ++ /* Check if we need to have shared IRQs */
1031 ++ if (port->irq && (up->port.flags & UPF_SHARE_IRQ))
1032 ++ up->port.irqflags |= IRQF_SHARED;
1033 ++
1034 + if (port->irq) {
1035 + unsigned char iir1;
1036 + /*
1037 +diff --git a/drivers/tty/serial/ar933x_uart.c b/drivers/tty/serial/ar933x_uart.c
1038 +index d4462512605b..246f4aab7407 100644
1039 +--- a/drivers/tty/serial/ar933x_uart.c
1040 ++++ b/drivers/tty/serial/ar933x_uart.c
1041 +@@ -289,6 +289,10 @@ static void ar933x_uart_set_termios(struct uart_port *port,
1042 + ar933x_uart_rmw_set(up, AR933X_UART_CS_REG,
1043 + AR933X_UART_CS_HOST_INT_EN);
1044 +
1045 ++ /* enable RX and TX ready overide */
1046 ++ ar933x_uart_rmw_set(up, AR933X_UART_CS_REG,
1047 ++ AR933X_UART_CS_TX_READY_ORIDE | AR933X_UART_CS_RX_READY_ORIDE);
1048 ++
1049 + /* reenable the UART */
1050 + ar933x_uart_rmw(up, AR933X_UART_CS_REG,
1051 + AR933X_UART_CS_IF_MODE_M << AR933X_UART_CS_IF_MODE_S,
1052 +@@ -421,6 +425,10 @@ static int ar933x_uart_startup(struct uart_port *port)
1053 + ar933x_uart_rmw_set(up, AR933X_UART_CS_REG,
1054 + AR933X_UART_CS_HOST_INT_EN);
1055 +
1056 ++ /* enable RX and TX ready overide */
1057 ++ ar933x_uart_rmw_set(up, AR933X_UART_CS_REG,
1058 ++ AR933X_UART_CS_TX_READY_ORIDE | AR933X_UART_CS_RX_READY_ORIDE);
1059 ++
1060 + /* Enable RX interrupts */
1061 + up->ier = AR933X_UART_INT_RX_VALID;
1062 + ar933x_uart_write(up, AR933X_UART_INT_EN_REG, up->ier);
1063 +diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c
1064 +index 401c983ec5f3..a10e4aa9e18e 100644
1065 +--- a/drivers/tty/serial/mvebu-uart.c
1066 ++++ b/drivers/tty/serial/mvebu-uart.c
1067 +@@ -581,7 +581,7 @@ static int mvebu_uart_probe(struct platform_device *pdev)
1068 +
1069 + port->membase = devm_ioremap_resource(&pdev->dev, reg);
1070 + if (IS_ERR(port->membase))
1071 +- return -PTR_ERR(port->membase);
1072 ++ return PTR_ERR(port->membase);
1073 +
1074 + data = devm_kzalloc(&pdev->dev, sizeof(struct mvebu_uart_data),
1075 + GFP_KERNEL);
1076 +diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
1077 +index 53cbf4ebef10..b6ff01131eef 100644
1078 +--- a/drivers/tty/sysrq.c
1079 ++++ b/drivers/tty/sysrq.c
1080 +@@ -543,7 +543,6 @@ void __handle_sysrq(int key, bool check_mask)
1081 + */
1082 + orig_log_level = console_loglevel;
1083 + console_loglevel = CONSOLE_LOGLEVEL_DEFAULT;
1084 +- pr_info("SysRq : ");
1085 +
1086 + op_p = __sysrq_get_key_op(key);
1087 + if (op_p) {
1088 +@@ -552,14 +551,15 @@ void __handle_sysrq(int key, bool check_mask)
1089 + * should not) and is the invoked operation enabled?
1090 + */
1091 + if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
1092 +- pr_cont("%s\n", op_p->action_msg);
1093 ++ pr_info("%s\n", op_p->action_msg);
1094 + console_loglevel = orig_log_level;
1095 + op_p->handler(key);
1096 + } else {
1097 +- pr_cont("This sysrq operation is disabled.\n");
1098 ++ pr_info("This sysrq operation is disabled.\n");
1099 ++ console_loglevel = orig_log_level;
1100 + }
1101 + } else {
1102 +- pr_cont("HELP : ");
1103 ++ pr_info("HELP : ");
1104 + /* Only print the help msg once per handler */
1105 + for (i = 0; i < ARRAY_SIZE(sysrq_key_table); i++) {
1106 + if (sysrq_key_table[i]) {
1107 +diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c
1108 +index 6ac05021c4a7..1edc1a36db4a 100644
1109 +--- a/drivers/tty/vt/selection.c
1110 ++++ b/drivers/tty/vt/selection.c
1111 +@@ -13,6 +13,7 @@
1112 + #include <linux/tty.h>
1113 + #include <linux/sched.h>
1114 + #include <linux/mm.h>
1115 ++#include <linux/mutex.h>
1116 + #include <linux/slab.h>
1117 + #include <linux/types.h>
1118 +
1119 +@@ -40,6 +41,7 @@ static volatile int sel_start = -1; /* cleared by clear_selection */
1120 + static int sel_end;
1121 + static int sel_buffer_lth;
1122 + static char *sel_buffer;
1123 ++static DEFINE_MUTEX(sel_lock);
1124 +
1125 + /* clear_selection, highlight and highlight_pointer can be called
1126 + from interrupt (via scrollback/front) */
1127 +@@ -156,14 +158,14 @@ static int store_utf8(u16 c, char *p)
1128 + * The entire selection process is managed under the console_lock. It's
1129 + * a lot under the lock but its hardly a performance path
1130 + */
1131 +-int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *tty)
1132 ++static int __set_selection(const struct tiocl_selection __user *sel, struct tty_struct *tty)
1133 + {
1134 + struct vc_data *vc = vc_cons[fg_console].d;
1135 + int sel_mode, new_sel_start, new_sel_end, spc;
1136 + char *bp, *obp;
1137 + int i, ps, pe, multiplier;
1138 + u16 c;
1139 +- int mode;
1140 ++ int mode, ret = 0;
1141 +
1142 + poke_blanked_console();
1143 +
1144 +@@ -324,7 +326,21 @@ int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *t
1145 + }
1146 + }
1147 + sel_buffer_lth = bp - sel_buffer;
1148 +- return 0;
1149 ++
1150 ++ return ret;
1151 ++}
1152 ++
1153 ++int set_selection(const struct tiocl_selection __user *v, struct tty_struct *tty)
1154 ++{
1155 ++ int ret;
1156 ++
1157 ++ mutex_lock(&sel_lock);
1158 ++ console_lock();
1159 ++ ret = __set_selection(v, tty);
1160 ++ console_unlock();
1161 ++ mutex_unlock(&sel_lock);
1162 ++
1163 ++ return ret;
1164 + }
1165 +
1166 + /* Insert the contents of the selection buffer into the
1167 +@@ -353,6 +369,7 @@ int paste_selection(struct tty_struct *tty)
1168 + tty_buffer_lock_exclusive(&vc->port);
1169 +
1170 + add_wait_queue(&vc->paste_wait, &wait);
1171 ++ mutex_lock(&sel_lock);
1172 + while (sel_buffer && sel_buffer_lth > pasted) {
1173 + set_current_state(TASK_INTERRUPTIBLE);
1174 + if (signal_pending(current)) {
1175 +@@ -360,7 +377,9 @@ int paste_selection(struct tty_struct *tty)
1176 + break;
1177 + }
1178 + if (tty_throttled(tty)) {
1179 ++ mutex_unlock(&sel_lock);
1180 + schedule();
1181 ++ mutex_lock(&sel_lock);
1182 + continue;
1183 + }
1184 + __set_current_state(TASK_RUNNING);
1185 +@@ -369,6 +388,7 @@ int paste_selection(struct tty_struct *tty)
1186 + count);
1187 + pasted += count;
1188 + }
1189 ++ mutex_unlock(&sel_lock);
1190 + remove_wait_queue(&vc->paste_wait, &wait);
1191 + __set_current_state(TASK_RUNNING);
1192 +
1193 +diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
1194 +index 232cb0a760b9..c1d3b685a587 100644
1195 +--- a/drivers/tty/vt/vt.c
1196 ++++ b/drivers/tty/vt/vt.c
1197 +@@ -2690,9 +2690,7 @@ int tioclinux(struct tty_struct *tty, unsigned long arg)
1198 + switch (type)
1199 + {
1200 + case TIOCL_SETSEL:
1201 +- console_lock();
1202 + ret = set_selection((struct tiocl_selection __user *)(p+1), tty);
1203 +- console_unlock();
1204 + break;
1205 + case TIOCL_PASTESEL:
1206 + ret = paste_selection(tty);
1207 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
1208 +index 3fcc3e74ae2e..c958cf42a1bb 100644
1209 +--- a/drivers/usb/core/hub.c
1210 ++++ b/drivers/usb/core/hub.c
1211 +@@ -954,13 +954,17 @@ int usb_remove_device(struct usb_device *udev)
1212 + {
1213 + struct usb_hub *hub;
1214 + struct usb_interface *intf;
1215 ++ int ret;
1216 +
1217 + if (!udev->parent) /* Can't remove a root hub */
1218 + return -EINVAL;
1219 + hub = usb_hub_to_struct_hub(udev->parent);
1220 + intf = to_usb_interface(hub->intfdev);
1221 +
1222 +- usb_autopm_get_interface(intf);
1223 ++ ret = usb_autopm_get_interface(intf);
1224 ++ if (ret < 0)
1225 ++ return ret;
1226 ++
1227 + set_bit(udev->portnum, hub->removed_bits);
1228 + hub_port_logical_disconnect(hub, udev->portnum);
1229 + usb_autopm_put_interface(intf);
1230 +diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c
1231 +index 460c855be0d0..53c1f6e604b1 100644
1232 +--- a/drivers/usb/core/port.c
1233 ++++ b/drivers/usb/core/port.c
1234 +@@ -179,7 +179,10 @@ static int usb_port_runtime_resume(struct device *dev)
1235 + if (!port_dev->is_superspeed && peer)
1236 + pm_runtime_get_sync(&peer->dev);
1237 +
1238 +- usb_autopm_get_interface(intf);
1239 ++ retval = usb_autopm_get_interface(intf);
1240 ++ if (retval < 0)
1241 ++ return retval;
1242 ++
1243 + retval = usb_hub_set_port_power(hdev, hub, port1, true);
1244 + msleep(hub_power_on_good_delay(hub));
1245 + if (udev && !retval) {
1246 +@@ -232,7 +235,10 @@ static int usb_port_runtime_suspend(struct device *dev)
1247 + if (usb_port_block_power_off)
1248 + return -EBUSY;
1249 +
1250 +- usb_autopm_get_interface(intf);
1251 ++ retval = usb_autopm_get_interface(intf);
1252 ++ if (retval < 0)
1253 ++ return retval;
1254 ++
1255 + retval = usb_hub_set_port_power(hdev, hub, port1, false);
1256 + usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_C_CONNECTION);
1257 + if (!port_dev->is_superspeed)
1258 +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
1259 +index ad8307140df8..64c03e871f2d 100644
1260 +--- a/drivers/usb/core/quirks.c
1261 ++++ b/drivers/usb/core/quirks.c
1262 +@@ -86,6 +86,9 @@ static const struct usb_device_id usb_quirk_list[] = {
1263 + /* Logitech PTZ Pro Camera */
1264 + { USB_DEVICE(0x046d, 0x0853), .driver_info = USB_QUIRK_DELAY_INIT },
1265 +
1266 ++ /* Logitech Screen Share */
1267 ++ { USB_DEVICE(0x046d, 0x086c), .driver_info = USB_QUIRK_NO_LPM },
1268 ++
1269 + /* Logitech Quickcam Fusion */
1270 + { USB_DEVICE(0x046d, 0x08c1), .driver_info = USB_QUIRK_RESET_RESUME },
1271 +
1272 +diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
1273 +index 4d7df2f6caf5..3a0452ff1a56 100644
1274 +--- a/drivers/usb/gadget/composite.c
1275 ++++ b/drivers/usb/gadget/composite.c
1276 +@@ -438,9 +438,13 @@ static u8 encode_bMaxPower(enum usb_device_speed speed,
1277 + if (!val)
1278 + return 0;
1279 + if (speed < USB_SPEED_SUPER)
1280 +- return DIV_ROUND_UP(val, 2);
1281 ++ return min(val, 500U) / 2;
1282 + else
1283 +- return DIV_ROUND_UP(val, 8);
1284 ++ /*
1285 ++ * USB 3.x supports up to 900mA, but since 900 isn't divisible
1286 ++ * by 8 the integral division will effectively cap to 896mA.
1287 ++ */
1288 ++ return min(val, 900U) / 8;
1289 + }
1290 +
1291 + static int config_buf(struct usb_configuration *config,
1292 +@@ -833,6 +837,10 @@ static int set_config(struct usb_composite_dev *cdev,
1293 +
1294 + /* when we return, be sure our power usage is valid */
1295 + power = c->MaxPower ? c->MaxPower : CONFIG_USB_GADGET_VBUS_DRAW;
1296 ++ if (gadget->speed < USB_SPEED_SUPER)
1297 ++ power = min(power, 500U);
1298 ++ else
1299 ++ power = min(power, 900U);
1300 + done:
1301 + usb_gadget_vbus_draw(gadget, power);
1302 + if (result >= 0 && cdev->delayed_status)
1303 +@@ -2272,7 +2280,7 @@ void composite_resume(struct usb_gadget *gadget)
1304 + {
1305 + struct usb_composite_dev *cdev = get_gadget_data(gadget);
1306 + struct usb_function *f;
1307 +- u16 maxpower;
1308 ++ unsigned maxpower;
1309 +
1310 + /* REVISIT: should we have config level
1311 + * suspend/resume callbacks?
1312 +@@ -2286,10 +2294,14 @@ void composite_resume(struct usb_gadget *gadget)
1313 + f->resume(f);
1314 + }
1315 +
1316 +- maxpower = cdev->config->MaxPower;
1317 ++ maxpower = cdev->config->MaxPower ?
1318 ++ cdev->config->MaxPower : CONFIG_USB_GADGET_VBUS_DRAW;
1319 ++ if (gadget->speed < USB_SPEED_SUPER)
1320 ++ maxpower = min(maxpower, 500U);
1321 ++ else
1322 ++ maxpower = min(maxpower, 900U);
1323 +
1324 +- usb_gadget_vbus_draw(gadget, maxpower ?
1325 +- maxpower : CONFIG_USB_GADGET_VBUS_DRAW);
1326 ++ usb_gadget_vbus_draw(gadget, maxpower);
1327 + }
1328 +
1329 + cdev->suspended = 0;
1330 +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
1331 +index d1278d2d544b..b5747f1270a6 100644
1332 +--- a/drivers/usb/gadget/function/f_fs.c
1333 ++++ b/drivers/usb/gadget/function/f_fs.c
1334 +@@ -1077,18 +1077,19 @@ static int ffs_aio_cancel(struct kiocb *kiocb)
1335 + {
1336 + struct ffs_io_data *io_data = kiocb->private;
1337 + struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1338 ++ unsigned long flags;
1339 + int value;
1340 +
1341 + ENTER();
1342 +
1343 +- spin_lock_irq(&epfile->ffs->eps_lock);
1344 ++ spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1345 +
1346 + if (likely(io_data && io_data->ep && io_data->req))
1347 + value = usb_ep_dequeue(io_data->ep, io_data->req);
1348 + else
1349 + value = -EINVAL;
1350 +
1351 +- spin_unlock_irq(&epfile->ffs->eps_lock);
1352 ++ spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1353 +
1354 + return value;
1355 + }
1356 +diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c
1357 +index 510a54f88963..5d7d0f2e80a5 100644
1358 +--- a/drivers/usb/gadget/function/u_serial.c
1359 ++++ b/drivers/usb/gadget/function/u_serial.c
1360 +@@ -715,8 +715,10 @@ static int gs_start_io(struct gs_port *port)
1361 + port->n_read = 0;
1362 + started = gs_start_rx(port);
1363 +
1364 +- /* unblock any pending writes into our circular buffer */
1365 + if (started) {
1366 ++ gs_start_tx(port);
1367 ++ /* Unblock any pending writes into our circular buffer, in case
1368 ++ * we didn't in gs_start_tx() */
1369 + tty_wakeup(port->port.tty);
1370 + } else {
1371 + gs_free_requests(ep, head, &port->read_allocated);
1372 +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
1373 +index 3ebf6307217c..a52ae34fb1c3 100644
1374 +--- a/drivers/usb/storage/unusual_devs.h
1375 ++++ b/drivers/usb/storage/unusual_devs.h
1376 +@@ -1277,6 +1277,12 @@ UNUSUAL_DEV( 0x090a, 0x1200, 0x0000, 0x9999,
1377 + USB_SC_RBC, USB_PR_BULK, NULL,
1378 + 0 ),
1379 +
1380 ++UNUSUAL_DEV(0x090c, 0x1000, 0x1100, 0x1100,
1381 ++ "Samsung",
1382 ++ "Flash Drive FIT",
1383 ++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
1384 ++ US_FL_MAX_SECTORS_64),
1385 ++
1386 + /* aeb */
1387 + UNUSUAL_DEV( 0x090c, 0x1132, 0x0000, 0xffff,
1388 + "Feiya",
1389 +diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
1390 +index dd8798bf88e7..861f43f8f9ce 100644
1391 +--- a/drivers/vhost/net.c
1392 ++++ b/drivers/vhost/net.c
1393 +@@ -914,11 +914,7 @@ static int vhost_net_release(struct inode *inode, struct file *f)
1394 +
1395 + static struct socket *get_raw_socket(int fd)
1396 + {
1397 +- struct {
1398 +- struct sockaddr_ll sa;
1399 +- char buf[MAX_ADDR_LEN];
1400 +- } uaddr;
1401 +- int uaddr_len = sizeof uaddr, r;
1402 ++ int r;
1403 + struct socket *sock = sockfd_lookup(fd, &r);
1404 +
1405 + if (!sock)
1406 +@@ -930,12 +926,7 @@ static struct socket *get_raw_socket(int fd)
1407 + goto err;
1408 + }
1409 +
1410 +- r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa,
1411 +- &uaddr_len, 0);
1412 +- if (r)
1413 +- goto err;
1414 +-
1415 +- if (uaddr.sa.sll_family != AF_PACKET) {
1416 ++ if (sock->sk->sk_family != AF_PACKET) {
1417 + r = -EPFNOSUPPORT;
1418 + goto err;
1419 + }
1420 +diff --git a/drivers/video/console/vgacon.c b/drivers/video/console/vgacon.c
1421 +index dda1c4b3a229..42c0a26646f6 100644
1422 +--- a/drivers/video/console/vgacon.c
1423 ++++ b/drivers/video/console/vgacon.c
1424 +@@ -1323,6 +1323,9 @@ static int vgacon_font_get(struct vc_data *c, struct console_font *font)
1425 + static int vgacon_resize(struct vc_data *c, unsigned int width,
1426 + unsigned int height, unsigned int user)
1427 + {
1428 ++ if ((width << 1) * height > vga_vram_size)
1429 ++ return -EINVAL;
1430 ++
1431 + if (width % 2 || width > screen_info.orig_video_cols ||
1432 + height > (screen_info.orig_video_lines * vga_default_font_height)/
1433 + c->vc_font.height)
1434 +diff --git a/drivers/watchdog/da9062_wdt.c b/drivers/watchdog/da9062_wdt.c
1435 +index 7386111220d5..daeb645fcea8 100644
1436 +--- a/drivers/watchdog/da9062_wdt.c
1437 ++++ b/drivers/watchdog/da9062_wdt.c
1438 +@@ -126,13 +126,6 @@ static int da9062_wdt_stop(struct watchdog_device *wdd)
1439 + struct da9062_watchdog *wdt = watchdog_get_drvdata(wdd);
1440 + int ret;
1441 +
1442 +- ret = da9062_reset_watchdog_timer(wdt);
1443 +- if (ret) {
1444 +- dev_err(wdt->hw->dev, "Failed to ping the watchdog (err = %d)\n",
1445 +- ret);
1446 +- return ret;
1447 +- }
1448 +-
1449 + ret = regmap_update_bits(wdt->hw->regmap,
1450 + DA9062AA_CONTROL_D,
1451 + DA9062AA_TWDSCALE_MASK,
1452 +diff --git a/drivers/watchdog/wdat_wdt.c b/drivers/watchdog/wdat_wdt.c
1453 +index 0da9943d405f..c310e841561c 100644
1454 +--- a/drivers/watchdog/wdat_wdt.c
1455 ++++ b/drivers/watchdog/wdat_wdt.c
1456 +@@ -392,7 +392,7 @@ static int wdat_wdt_probe(struct platform_device *pdev)
1457 +
1458 + memset(&r, 0, sizeof(r));
1459 + r.start = gas->address;
1460 +- r.end = r.start + gas->access_width - 1;
1461 ++ r.end = r.start + ACPI_ACCESS_BYTE_WIDTH(gas->access_width) - 1;
1462 + if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
1463 + r.flags = IORESOURCE_MEM;
1464 + } else if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
1465 +diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
1466 +index 15bac390dff9..10aedc2a4c2d 100644
1467 +--- a/fs/cifs/cifsacl.c
1468 ++++ b/fs/cifs/cifsacl.c
1469 +@@ -603,7 +603,7 @@ static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode,
1470 + ((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
1471 + *pmode |= (S_IXUGO & (*pbits_to_set));
1472 +
1473 +- cifs_dbg(NOISY, "access flags 0x%x mode now 0x%x\n", flags, *pmode);
1474 ++ cifs_dbg(NOISY, "access flags 0x%x mode now %04o\n", flags, *pmode);
1475 + return;
1476 + }
1477 +
1478 +@@ -632,7 +632,7 @@ static void mode_to_access_flags(umode_t mode, umode_t bits_to_use,
1479 + if (mode & S_IXUGO)
1480 + *pace_flags |= SET_FILE_EXEC_RIGHTS;
1481 +
1482 +- cifs_dbg(NOISY, "mode: 0x%x, access flags now 0x%x\n",
1483 ++ cifs_dbg(NOISY, "mode: %04o, access flags now 0x%x\n",
1484 + mode, *pace_flags);
1485 + return;
1486 + }
1487 +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
1488 +index 961fcb40183a..f2707ff795d4 100644
1489 +--- a/fs/cifs/connect.c
1490 ++++ b/fs/cifs/connect.c
1491 +@@ -3401,7 +3401,7 @@ int cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
1492 + cifs_sb->mnt_gid = pvolume_info->linux_gid;
1493 + cifs_sb->mnt_file_mode = pvolume_info->file_mode;
1494 + cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
1495 +- cifs_dbg(FYI, "file mode: 0x%hx dir mode: 0x%hx\n",
1496 ++ cifs_dbg(FYI, "file mode: %04ho dir mode: %04ho\n",
1497 + cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
1498 +
1499 + cifs_sb->actimeo = pvolume_info->actimeo;
1500 +diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
1501 +index b1c0961e6b3f..dfa85ad5b481 100644
1502 +--- a/fs/cifs/inode.c
1503 ++++ b/fs/cifs/inode.c
1504 +@@ -1573,7 +1573,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, umode_t mode)
1505 + struct TCP_Server_Info *server;
1506 + char *full_path;
1507 +
1508 +- cifs_dbg(FYI, "In cifs_mkdir, mode = 0x%hx inode = 0x%p\n",
1509 ++ cifs_dbg(FYI, "In cifs_mkdir, mode = %04ho inode = 0x%p\n",
1510 + mode, inode);
1511 +
1512 + cifs_sb = CIFS_SB(inode->i_sb);
1513 +@@ -1990,6 +1990,7 @@ int cifs_revalidate_dentry_attr(struct dentry *dentry)
1514 + struct inode *inode = d_inode(dentry);
1515 + struct super_block *sb = dentry->d_sb;
1516 + char *full_path = NULL;
1517 ++ int count = 0;
1518 +
1519 + if (inode == NULL)
1520 + return -ENOENT;
1521 +@@ -2011,15 +2012,18 @@ int cifs_revalidate_dentry_attr(struct dentry *dentry)
1522 + full_path, inode, inode->i_count.counter,
1523 + dentry, cifs_get_time(dentry), jiffies);
1524 +
1525 ++again:
1526 + if (cifs_sb_master_tcon(CIFS_SB(sb))->unix_ext)
1527 + rc = cifs_get_inode_info_unix(&inode, full_path, sb, xid);
1528 + else
1529 + rc = cifs_get_inode_info(&inode, full_path, NULL, sb,
1530 + xid, NULL);
1531 +-
1532 ++ if (rc == -EAGAIN && count++ < 10)
1533 ++ goto again;
1534 + out:
1535 + kfree(full_path);
1536 + free_xid(xid);
1537 ++
1538 + return rc;
1539 + }
1540 +
1541 +diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
1542 +index 3f3ec50bf773..b134315fb69d 100644
1543 +--- a/fs/ecryptfs/keystore.c
1544 ++++ b/fs/ecryptfs/keystore.c
1545 +@@ -1285,7 +1285,7 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1546 + printk(KERN_ERR "Enter w/ first byte != 0x%.2x\n",
1547 + ECRYPTFS_TAG_1_PACKET_TYPE);
1548 + rc = -EINVAL;
1549 +- goto out_free;
1550 ++ goto out;
1551 + }
1552 + /* Released: wipe_auth_tok_list called in ecryptfs_parse_packet_set or
1553 + * at end of function upon failure */
1554 +@@ -1335,7 +1335,7 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
1555 + printk(KERN_WARNING "Tag 1 packet contains key larger "
1556 + "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
1557 + rc = -EINVAL;
1558 +- goto out;
1559 ++ goto out_free;
1560 + }
1561 + memcpy((*new_auth_tok)->session_key.encrypted_key,
1562 + &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
1563 +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
1564 +index 2455fe1446d6..de601f3c023d 100644
1565 +--- a/fs/ext4/balloc.c
1566 ++++ b/fs/ext4/balloc.c
1567 +@@ -279,6 +279,7 @@ struct ext4_group_desc * ext4_get_group_desc(struct super_block *sb,
1568 + ext4_group_t ngroups = ext4_get_groups_count(sb);
1569 + struct ext4_group_desc *desc;
1570 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1571 ++ struct buffer_head *bh_p;
1572 +
1573 + if (block_group >= ngroups) {
1574 + ext4_error(sb, "block_group >= groups_count - block_group = %u,"
1575 +@@ -289,7 +290,14 @@ struct ext4_group_desc * ext4_get_group_desc(struct super_block *sb,
1576 +
1577 + group_desc = block_group >> EXT4_DESC_PER_BLOCK_BITS(sb);
1578 + offset = block_group & (EXT4_DESC_PER_BLOCK(sb) - 1);
1579 +- if (!sbi->s_group_desc[group_desc]) {
1580 ++ bh_p = sbi_array_rcu_deref(sbi, s_group_desc, group_desc);
1581 ++ /*
1582 ++ * sbi_array_rcu_deref returns with rcu unlocked, this is ok since
1583 ++ * the pointer being dereferenced won't be dereferenced again. By
1584 ++ * looking at the usage in add_new_gdb() the value isn't modified,
1585 ++ * just the pointer, and so it remains valid.
1586 ++ */
1587 ++ if (!bh_p) {
1588 + ext4_error(sb, "Group descriptor not loaded - "
1589 + "block_group = %u, group_desc = %u, desc = %u",
1590 + block_group, group_desc, offset);
1591 +@@ -297,10 +305,10 @@ struct ext4_group_desc * ext4_get_group_desc(struct super_block *sb,
1592 + }
1593 +
1594 + desc = (struct ext4_group_desc *)(
1595 +- (__u8 *)sbi->s_group_desc[group_desc]->b_data +
1596 ++ (__u8 *)bh_p->b_data +
1597 + offset * EXT4_DESC_SIZE(sb));
1598 + if (bh)
1599 +- *bh = sbi->s_group_desc[group_desc];
1600 ++ *bh = bh_p;
1601 + return desc;
1602 + }
1603 +
1604 +diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
1605 +index 9713d3d41412..eb0ec5068423 100644
1606 +--- a/fs/ext4/ext4.h
1607 ++++ b/fs/ext4/ext4.h
1608 +@@ -1367,7 +1367,7 @@ struct ext4_sb_info {
1609 + loff_t s_bitmap_maxbytes; /* max bytes for bitmap files */
1610 + struct buffer_head * s_sbh; /* Buffer containing the super block */
1611 + struct ext4_super_block *s_es; /* Pointer to the super block in the buffer */
1612 +- struct buffer_head **s_group_desc;
1613 ++ struct buffer_head * __rcu *s_group_desc;
1614 + unsigned int s_mount_opt;
1615 + unsigned int s_mount_opt2;
1616 + unsigned int s_mount_flags;
1617 +@@ -1427,7 +1427,7 @@ struct ext4_sb_info {
1618 + #endif
1619 +
1620 + /* for buddy allocator */
1621 +- struct ext4_group_info ***s_group_info;
1622 ++ struct ext4_group_info ** __rcu *s_group_info;
1623 + struct inode *s_buddy_cache;
1624 + spinlock_t s_md_lock;
1625 + unsigned short *s_mb_offsets;
1626 +@@ -1475,7 +1475,7 @@ struct ext4_sb_info {
1627 + unsigned int s_extent_max_zeroout_kb;
1628 +
1629 + unsigned int s_log_groups_per_flex;
1630 +- struct flex_groups *s_flex_groups;
1631 ++ struct flex_groups * __rcu *s_flex_groups;
1632 + ext4_group_t s_flex_groups_allocated;
1633 +
1634 + /* workqueue for reserved extent conversions (buffered io) */
1635 +@@ -1549,6 +1549,23 @@ static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino)
1636 + ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));
1637 + }
1638 +
1639 ++/*
1640 ++ * Returns: sbi->field[index]
1641 ++ * Used to access an array element from the following sbi fields which require
1642 ++ * rcu protection to avoid dereferencing an invalid pointer due to reassignment
1643 ++ * - s_group_desc
1644 ++ * - s_group_info
1645 ++ * - s_flex_group
1646 ++ */
1647 ++#define sbi_array_rcu_deref(sbi, field, index) \
1648 ++({ \
1649 ++ typeof(*((sbi)->field)) _v; \
1650 ++ rcu_read_lock(); \
1651 ++ _v = ((typeof(_v)*)rcu_dereference((sbi)->field))[index]; \
1652 ++ rcu_read_unlock(); \
1653 ++ _v; \
1654 ++})
1655 ++
1656 + /*
1657 + * Inode dynamic state flags
1658 + */
1659 +@@ -2558,6 +2575,7 @@ extern int ext4_generic_delete_entry(handle_t *handle,
1660 + extern bool ext4_empty_dir(struct inode *inode);
1661 +
1662 + /* resize.c */
1663 ++extern void ext4_kvfree_array_rcu(void *to_free);
1664 + extern int ext4_group_add(struct super_block *sb,
1665 + struct ext4_new_group_data *input);
1666 + extern int ext4_group_extend(struct super_block *sb,
1667 +@@ -2798,13 +2816,13 @@ static inline
1668 + struct ext4_group_info *ext4_get_group_info(struct super_block *sb,
1669 + ext4_group_t group)
1670 + {
1671 +- struct ext4_group_info ***grp_info;
1672 ++ struct ext4_group_info **grp_info;
1673 + long indexv, indexh;
1674 + BUG_ON(group >= EXT4_SB(sb)->s_groups_count);
1675 +- grp_info = EXT4_SB(sb)->s_group_info;
1676 + indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb));
1677 + indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1);
1678 +- return grp_info[indexv][indexh];
1679 ++ grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv);
1680 ++ return grp_info[indexh];
1681 + }
1682 +
1683 + /*
1684 +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
1685 +index 4f78e099de1d..c5af7bbf906f 100644
1686 +--- a/fs/ext4/ialloc.c
1687 ++++ b/fs/ext4/ialloc.c
1688 +@@ -331,11 +331,13 @@ void ext4_free_inode(handle_t *handle, struct inode *inode)
1689 +
1690 + percpu_counter_inc(&sbi->s_freeinodes_counter);
1691 + if (sbi->s_log_groups_per_flex) {
1692 +- ext4_group_t f = ext4_flex_group(sbi, block_group);
1693 ++ struct flex_groups *fg;
1694 +
1695 +- atomic_inc(&sbi->s_flex_groups[f].free_inodes);
1696 ++ fg = sbi_array_rcu_deref(sbi, s_flex_groups,
1697 ++ ext4_flex_group(sbi, block_group));
1698 ++ atomic_inc(&fg->free_inodes);
1699 + if (is_directory)
1700 +- atomic_dec(&sbi->s_flex_groups[f].used_dirs);
1701 ++ atomic_dec(&fg->used_dirs);
1702 + }
1703 + BUFFER_TRACE(bh2, "call ext4_handle_dirty_metadata");
1704 + fatal = ext4_handle_dirty_metadata(handle, NULL, bh2);
1705 +@@ -376,12 +378,13 @@ static void get_orlov_stats(struct super_block *sb, ext4_group_t g,
1706 + int flex_size, struct orlov_stats *stats)
1707 + {
1708 + struct ext4_group_desc *desc;
1709 +- struct flex_groups *flex_group = EXT4_SB(sb)->s_flex_groups;
1710 +
1711 + if (flex_size > 1) {
1712 +- stats->free_inodes = atomic_read(&flex_group[g].free_inodes);
1713 +- stats->free_clusters = atomic64_read(&flex_group[g].free_clusters);
1714 +- stats->used_dirs = atomic_read(&flex_group[g].used_dirs);
1715 ++ struct flex_groups *fg = sbi_array_rcu_deref(EXT4_SB(sb),
1716 ++ s_flex_groups, g);
1717 ++ stats->free_inodes = atomic_read(&fg->free_inodes);
1718 ++ stats->free_clusters = atomic64_read(&fg->free_clusters);
1719 ++ stats->used_dirs = atomic_read(&fg->used_dirs);
1720 + return;
1721 + }
1722 +
1723 +@@ -988,7 +991,8 @@ got:
1724 + if (sbi->s_log_groups_per_flex) {
1725 + ext4_group_t f = ext4_flex_group(sbi, group);
1726 +
1727 +- atomic_inc(&sbi->s_flex_groups[f].used_dirs);
1728 ++ atomic_inc(&sbi_array_rcu_deref(sbi, s_flex_groups,
1729 ++ f)->used_dirs);
1730 + }
1731 + }
1732 + if (ext4_has_group_desc_csum(sb)) {
1733 +@@ -1011,7 +1015,8 @@ got:
1734 +
1735 + if (sbi->s_log_groups_per_flex) {
1736 + flex_group = ext4_flex_group(sbi, group);
1737 +- atomic_dec(&sbi->s_flex_groups[flex_group].free_inodes);
1738 ++ atomic_dec(&sbi_array_rcu_deref(sbi, s_flex_groups,
1739 ++ flex_group)->free_inodes);
1740 + }
1741 +
1742 + inode->i_ino = ino + group * EXT4_INODES_PER_GROUP(sb);
1743 +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
1744 +index a49d0e5d7baf..c18668e3135e 100644
1745 +--- a/fs/ext4/mballoc.c
1746 ++++ b/fs/ext4/mballoc.c
1747 +@@ -2377,7 +2377,7 @@ int ext4_mb_alloc_groupinfo(struct super_block *sb, ext4_group_t ngroups)
1748 + {
1749 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1750 + unsigned size;
1751 +- struct ext4_group_info ***new_groupinfo;
1752 ++ struct ext4_group_info ***old_groupinfo, ***new_groupinfo;
1753 +
1754 + size = (ngroups + EXT4_DESC_PER_BLOCK(sb) - 1) >>
1755 + EXT4_DESC_PER_BLOCK_BITS(sb);
1756 +@@ -2390,13 +2390,16 @@ int ext4_mb_alloc_groupinfo(struct super_block *sb, ext4_group_t ngroups)
1757 + ext4_msg(sb, KERN_ERR, "can't allocate buddy meta group");
1758 + return -ENOMEM;
1759 + }
1760 +- if (sbi->s_group_info) {
1761 +- memcpy(new_groupinfo, sbi->s_group_info,
1762 ++ rcu_read_lock();
1763 ++ old_groupinfo = rcu_dereference(sbi->s_group_info);
1764 ++ if (old_groupinfo)
1765 ++ memcpy(new_groupinfo, old_groupinfo,
1766 + sbi->s_group_info_size * sizeof(*sbi->s_group_info));
1767 +- kvfree(sbi->s_group_info);
1768 +- }
1769 +- sbi->s_group_info = new_groupinfo;
1770 ++ rcu_read_unlock();
1771 ++ rcu_assign_pointer(sbi->s_group_info, new_groupinfo);
1772 + sbi->s_group_info_size = size / sizeof(*sbi->s_group_info);
1773 ++ if (old_groupinfo)
1774 ++ ext4_kvfree_array_rcu(old_groupinfo);
1775 + ext4_debug("allocated s_groupinfo array for %d meta_bg's\n",
1776 + sbi->s_group_info_size);
1777 + return 0;
1778 +@@ -2408,6 +2411,7 @@ int ext4_mb_add_groupinfo(struct super_block *sb, ext4_group_t group,
1779 + {
1780 + int i;
1781 + int metalen = 0;
1782 ++ int idx = group >> EXT4_DESC_PER_BLOCK_BITS(sb);
1783 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1784 + struct ext4_group_info **meta_group_info;
1785 + struct kmem_cache *cachep = get_groupinfo_cache(sb->s_blocksize_bits);
1786 +@@ -2426,12 +2430,12 @@ int ext4_mb_add_groupinfo(struct super_block *sb, ext4_group_t group,
1787 + "for a buddy group");
1788 + goto exit_meta_group_info;
1789 + }
1790 +- sbi->s_group_info[group >> EXT4_DESC_PER_BLOCK_BITS(sb)] =
1791 +- meta_group_info;
1792 ++ rcu_read_lock();
1793 ++ rcu_dereference(sbi->s_group_info)[idx] = meta_group_info;
1794 ++ rcu_read_unlock();
1795 + }
1796 +
1797 +- meta_group_info =
1798 +- sbi->s_group_info[group >> EXT4_DESC_PER_BLOCK_BITS(sb)];
1799 ++ meta_group_info = sbi_array_rcu_deref(sbi, s_group_info, idx);
1800 + i = group & (EXT4_DESC_PER_BLOCK(sb) - 1);
1801 +
1802 + meta_group_info[i] = kmem_cache_zalloc(cachep, GFP_NOFS);
1803 +@@ -2479,8 +2483,13 @@ int ext4_mb_add_groupinfo(struct super_block *sb, ext4_group_t group,
1804 + exit_group_info:
1805 + /* If a meta_group_info table has been allocated, release it now */
1806 + if (group % EXT4_DESC_PER_BLOCK(sb) == 0) {
1807 +- kfree(sbi->s_group_info[group >> EXT4_DESC_PER_BLOCK_BITS(sb)]);
1808 +- sbi->s_group_info[group >> EXT4_DESC_PER_BLOCK_BITS(sb)] = NULL;
1809 ++ struct ext4_group_info ***group_info;
1810 ++
1811 ++ rcu_read_lock();
1812 ++ group_info = rcu_dereference(sbi->s_group_info);
1813 ++ kfree(group_info[idx]);
1814 ++ group_info[idx] = NULL;
1815 ++ rcu_read_unlock();
1816 + }
1817 + exit_meta_group_info:
1818 + return -ENOMEM;
1819 +@@ -2493,6 +2502,7 @@ static int ext4_mb_init_backend(struct super_block *sb)
1820 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1821 + int err;
1822 + struct ext4_group_desc *desc;
1823 ++ struct ext4_group_info ***group_info;
1824 + struct kmem_cache *cachep;
1825 +
1826 + err = ext4_mb_alloc_groupinfo(sb, ngroups);
1827 +@@ -2527,11 +2537,16 @@ err_freebuddy:
1828 + while (i-- > 0)
1829 + kmem_cache_free(cachep, ext4_get_group_info(sb, i));
1830 + i = sbi->s_group_info_size;
1831 ++ rcu_read_lock();
1832 ++ group_info = rcu_dereference(sbi->s_group_info);
1833 + while (i-- > 0)
1834 +- kfree(sbi->s_group_info[i]);
1835 ++ kfree(group_info[i]);
1836 ++ rcu_read_unlock();
1837 + iput(sbi->s_buddy_cache);
1838 + err_freesgi:
1839 +- kvfree(sbi->s_group_info);
1840 ++ rcu_read_lock();
1841 ++ kvfree(rcu_dereference(sbi->s_group_info));
1842 ++ rcu_read_unlock();
1843 + return -ENOMEM;
1844 + }
1845 +
1846 +@@ -2720,7 +2735,7 @@ int ext4_mb_release(struct super_block *sb)
1847 + ext4_group_t ngroups = ext4_get_groups_count(sb);
1848 + ext4_group_t i;
1849 + int num_meta_group_infos;
1850 +- struct ext4_group_info *grinfo;
1851 ++ struct ext4_group_info *grinfo, ***group_info;
1852 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1853 + struct kmem_cache *cachep = get_groupinfo_cache(sb->s_blocksize_bits);
1854 +
1855 +@@ -2738,9 +2753,12 @@ int ext4_mb_release(struct super_block *sb)
1856 + num_meta_group_infos = (ngroups +
1857 + EXT4_DESC_PER_BLOCK(sb) - 1) >>
1858 + EXT4_DESC_PER_BLOCK_BITS(sb);
1859 ++ rcu_read_lock();
1860 ++ group_info = rcu_dereference(sbi->s_group_info);
1861 + for (i = 0; i < num_meta_group_infos; i++)
1862 +- kfree(sbi->s_group_info[i]);
1863 +- kvfree(sbi->s_group_info);
1864 ++ kfree(group_info[i]);
1865 ++ kvfree(group_info);
1866 ++ rcu_read_unlock();
1867 + }
1868 + kfree(sbi->s_mb_offsets);
1869 + kfree(sbi->s_mb_maxs);
1870 +@@ -2998,7 +3016,8 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac,
1871 + ext4_group_t flex_group = ext4_flex_group(sbi,
1872 + ac->ac_b_ex.fe_group);
1873 + atomic64_sub(ac->ac_b_ex.fe_len,
1874 +- &sbi->s_flex_groups[flex_group].free_clusters);
1875 ++ &sbi_array_rcu_deref(sbi, s_flex_groups,
1876 ++ flex_group)->free_clusters);
1877 + }
1878 +
1879 + err = ext4_handle_dirty_metadata(handle, NULL, bitmap_bh);
1880 +@@ -4888,7 +4907,8 @@ do_more:
1881 + if (sbi->s_log_groups_per_flex) {
1882 + ext4_group_t flex_group = ext4_flex_group(sbi, block_group);
1883 + atomic64_add(count_clusters,
1884 +- &sbi->s_flex_groups[flex_group].free_clusters);
1885 ++ &sbi_array_rcu_deref(sbi, s_flex_groups,
1886 ++ flex_group)->free_clusters);
1887 + }
1888 +
1889 + if (!(flags & EXT4_FREE_BLOCKS_NO_QUOT_UPDATE))
1890 +@@ -5033,7 +5053,8 @@ int ext4_group_add_blocks(handle_t *handle, struct super_block *sb,
1891 + if (sbi->s_log_groups_per_flex) {
1892 + ext4_group_t flex_group = ext4_flex_group(sbi, block_group);
1893 + atomic64_add(EXT4_NUM_B2C(sbi, blocks_freed),
1894 +- &sbi->s_flex_groups[flex_group].free_clusters);
1895 ++ &sbi_array_rcu_deref(sbi, s_flex_groups,
1896 ++ flex_group)->free_clusters);
1897 + }
1898 +
1899 + ext4_mb_unload_buddy(&e4b);
1900 +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
1901 +index aef2a24dc9f9..845d9841c91c 100644
1902 +--- a/fs/ext4/resize.c
1903 ++++ b/fs/ext4/resize.c
1904 +@@ -16,6 +16,33 @@
1905 +
1906 + #include "ext4_jbd2.h"
1907 +
1908 ++struct ext4_rcu_ptr {
1909 ++ struct rcu_head rcu;
1910 ++ void *ptr;
1911 ++};
1912 ++
1913 ++static void ext4_rcu_ptr_callback(struct rcu_head *head)
1914 ++{
1915 ++ struct ext4_rcu_ptr *ptr;
1916 ++
1917 ++ ptr = container_of(head, struct ext4_rcu_ptr, rcu);
1918 ++ kvfree(ptr->ptr);
1919 ++ kfree(ptr);
1920 ++}
1921 ++
1922 ++void ext4_kvfree_array_rcu(void *to_free)
1923 ++{
1924 ++ struct ext4_rcu_ptr *ptr = kzalloc(sizeof(*ptr), GFP_KERNEL);
1925 ++
1926 ++ if (ptr) {
1927 ++ ptr->ptr = to_free;
1928 ++ call_rcu(&ptr->rcu, ext4_rcu_ptr_callback);
1929 ++ return;
1930 ++ }
1931 ++ synchronize_rcu();
1932 ++ kvfree(to_free);
1933 ++}
1934 ++
1935 + int ext4_resize_begin(struct super_block *sb)
1936 + {
1937 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1938 +@@ -541,8 +568,8 @@ static int setup_new_flex_group_blocks(struct super_block *sb,
1939 + brelse(gdb);
1940 + goto out;
1941 + }
1942 +- memcpy(gdb->b_data, sbi->s_group_desc[j]->b_data,
1943 +- gdb->b_size);
1944 ++ memcpy(gdb->b_data, sbi_array_rcu_deref(sbi,
1945 ++ s_group_desc, j)->b_data, gdb->b_size);
1946 + set_buffer_uptodate(gdb);
1947 +
1948 + err = ext4_handle_dirty_metadata(handle, NULL, gdb);
1949 +@@ -849,13 +876,15 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
1950 + }
1951 + brelse(dind);
1952 +
1953 +- o_group_desc = EXT4_SB(sb)->s_group_desc;
1954 ++ rcu_read_lock();
1955 ++ o_group_desc = rcu_dereference(EXT4_SB(sb)->s_group_desc);
1956 + memcpy(n_group_desc, o_group_desc,
1957 + EXT4_SB(sb)->s_gdb_count * sizeof(struct buffer_head *));
1958 ++ rcu_read_unlock();
1959 + n_group_desc[gdb_num] = gdb_bh;
1960 +- EXT4_SB(sb)->s_group_desc = n_group_desc;
1961 ++ rcu_assign_pointer(EXT4_SB(sb)->s_group_desc, n_group_desc);
1962 + EXT4_SB(sb)->s_gdb_count++;
1963 +- kvfree(o_group_desc);
1964 ++ ext4_kvfree_array_rcu(o_group_desc);
1965 +
1966 + le16_add_cpu(&es->s_reserved_gdt_blocks, -1);
1967 + err = ext4_handle_dirty_super(handle, sb);
1968 +@@ -903,9 +932,11 @@ static int add_new_gdb_meta_bg(struct super_block *sb,
1969 + return err;
1970 + }
1971 +
1972 +- o_group_desc = EXT4_SB(sb)->s_group_desc;
1973 ++ rcu_read_lock();
1974 ++ o_group_desc = rcu_dereference(EXT4_SB(sb)->s_group_desc);
1975 + memcpy(n_group_desc, o_group_desc,
1976 + EXT4_SB(sb)->s_gdb_count * sizeof(struct buffer_head *));
1977 ++ rcu_read_unlock();
1978 + n_group_desc[gdb_num] = gdb_bh;
1979 +
1980 + BUFFER_TRACE(gdb_bh, "get_write_access");
1981 +@@ -916,9 +947,9 @@ static int add_new_gdb_meta_bg(struct super_block *sb,
1982 + return err;
1983 + }
1984 +
1985 +- EXT4_SB(sb)->s_group_desc = n_group_desc;
1986 ++ rcu_assign_pointer(EXT4_SB(sb)->s_group_desc, n_group_desc);
1987 + EXT4_SB(sb)->s_gdb_count++;
1988 +- kvfree(o_group_desc);
1989 ++ ext4_kvfree_array_rcu(o_group_desc);
1990 + return err;
1991 + }
1992 +
1993 +@@ -1180,7 +1211,8 @@ static int ext4_add_new_descs(handle_t *handle, struct super_block *sb,
1994 + * use non-sparse filesystems anymore. This is already checked above.
1995 + */
1996 + if (gdb_off) {
1997 +- gdb_bh = sbi->s_group_desc[gdb_num];
1998 ++ gdb_bh = sbi_array_rcu_deref(sbi, s_group_desc,
1999 ++ gdb_num);
2000 + BUFFER_TRACE(gdb_bh, "get_write_access");
2001 + err = ext4_journal_get_write_access(handle, gdb_bh);
2002 +
2003 +@@ -1262,7 +1294,7 @@ static int ext4_setup_new_descs(handle_t *handle, struct super_block *sb,
2004 + /*
2005 + * get_write_access() has been called on gdb_bh by ext4_add_new_desc().
2006 + */
2007 +- gdb_bh = sbi->s_group_desc[gdb_num];
2008 ++ gdb_bh = sbi_array_rcu_deref(sbi, s_group_desc, gdb_num);
2009 + /* Update group descriptor block for new group */
2010 + gdp = (struct ext4_group_desc *)(gdb_bh->b_data +
2011 + gdb_off * EXT4_DESC_SIZE(sb));
2012 +@@ -1390,11 +1422,14 @@ static void ext4_update_super(struct super_block *sb,
2013 + percpu_counter_read(&sbi->s_freeclusters_counter));
2014 + if (ext4_has_feature_flex_bg(sb) && sbi->s_log_groups_per_flex) {
2015 + ext4_group_t flex_group;
2016 ++ struct flex_groups *fg;
2017 ++
2018 + flex_group = ext4_flex_group(sbi, group_data[0].group);
2019 ++ fg = sbi_array_rcu_deref(sbi, s_flex_groups, flex_group);
2020 + atomic64_add(EXT4_NUM_B2C(sbi, free_blocks),
2021 +- &sbi->s_flex_groups[flex_group].free_clusters);
2022 ++ &fg->free_clusters);
2023 + atomic_add(EXT4_INODES_PER_GROUP(sb) * flex_gd->count,
2024 +- &sbi->s_flex_groups[flex_group].free_inodes);
2025 ++ &fg->free_inodes);
2026 + }
2027 +
2028 + /*
2029 +@@ -1489,7 +1524,8 @@ exit_journal:
2030 + for (; gdb_num <= gdb_num_end; gdb_num++) {
2031 + struct buffer_head *gdb_bh;
2032 +
2033 +- gdb_bh = sbi->s_group_desc[gdb_num];
2034 ++ gdb_bh = sbi_array_rcu_deref(sbi, s_group_desc,
2035 ++ gdb_num);
2036 + if (old_gdb == gdb_bh->b_blocknr)
2037 + continue;
2038 + update_backups(sb, gdb_bh->b_blocknr, gdb_bh->b_data,
2039 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
2040 +index b69a78c061cb..75f71e52ffc7 100644
2041 +--- a/fs/ext4/super.c
2042 ++++ b/fs/ext4/super.c
2043 +@@ -826,6 +826,8 @@ static void ext4_put_super(struct super_block *sb)
2044 + {
2045 + struct ext4_sb_info *sbi = EXT4_SB(sb);
2046 + struct ext4_super_block *es = sbi->s_es;
2047 ++ struct buffer_head **group_desc;
2048 ++ struct flex_groups **flex_groups;
2049 + int aborted = 0;
2050 + int i, err;
2051 +
2052 +@@ -857,10 +859,18 @@ static void ext4_put_super(struct super_block *sb)
2053 + if (!(sb->s_flags & MS_RDONLY))
2054 + ext4_commit_super(sb, 1);
2055 +
2056 ++ rcu_read_lock();
2057 ++ group_desc = rcu_dereference(sbi->s_group_desc);
2058 + for (i = 0; i < sbi->s_gdb_count; i++)
2059 +- brelse(sbi->s_group_desc[i]);
2060 +- kvfree(sbi->s_group_desc);
2061 +- kvfree(sbi->s_flex_groups);
2062 ++ brelse(group_desc[i]);
2063 ++ kvfree(group_desc);
2064 ++ flex_groups = rcu_dereference(sbi->s_flex_groups);
2065 ++ if (flex_groups) {
2066 ++ for (i = 0; i < sbi->s_flex_groups_allocated; i++)
2067 ++ kvfree(flex_groups[i]);
2068 ++ kvfree(flex_groups);
2069 ++ }
2070 ++ rcu_read_unlock();
2071 + percpu_counter_destroy(&sbi->s_freeclusters_counter);
2072 + percpu_counter_destroy(&sbi->s_freeinodes_counter);
2073 + percpu_counter_destroy(&sbi->s_dirs_counter);
2074 +@@ -2109,8 +2119,8 @@ done:
2075 + int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup)
2076 + {
2077 + struct ext4_sb_info *sbi = EXT4_SB(sb);
2078 +- struct flex_groups *new_groups;
2079 +- int size;
2080 ++ struct flex_groups **old_groups, **new_groups;
2081 ++ int size, i, j;
2082 +
2083 + if (!sbi->s_log_groups_per_flex)
2084 + return 0;
2085 +@@ -2119,22 +2129,37 @@ int ext4_alloc_flex_bg_array(struct super_block *sb, ext4_group_t ngroup)
2086 + if (size <= sbi->s_flex_groups_allocated)
2087 + return 0;
2088 +
2089 +- size = roundup_pow_of_two(size * sizeof(struct flex_groups));
2090 +- new_groups = ext4_kvzalloc(size, GFP_KERNEL);
2091 ++ new_groups = ext4_kvzalloc(roundup_pow_of_two(size *
2092 ++ sizeof(*sbi->s_flex_groups)), GFP_KERNEL);
2093 + if (!new_groups) {
2094 +- ext4_msg(sb, KERN_ERR, "not enough memory for %d flex groups",
2095 +- size / (int) sizeof(struct flex_groups));
2096 ++ ext4_msg(sb, KERN_ERR,
2097 ++ "not enough memory for %d flex group pointers", size);
2098 + return -ENOMEM;
2099 + }
2100 +-
2101 +- if (sbi->s_flex_groups) {
2102 +- memcpy(new_groups, sbi->s_flex_groups,
2103 +- (sbi->s_flex_groups_allocated *
2104 +- sizeof(struct flex_groups)));
2105 +- kvfree(sbi->s_flex_groups);
2106 ++ for (i = sbi->s_flex_groups_allocated; i < size; i++) {
2107 ++ new_groups[i] = ext4_kvzalloc(roundup_pow_of_two(
2108 ++ sizeof(struct flex_groups)),
2109 ++ GFP_KERNEL);
2110 ++ if (!new_groups[i]) {
2111 ++ for (j = sbi->s_flex_groups_allocated; j < i; j++)
2112 ++ kvfree(new_groups[j]);
2113 ++ kvfree(new_groups);
2114 ++ ext4_msg(sb, KERN_ERR,
2115 ++ "not enough memory for %d flex groups", size);
2116 ++ return -ENOMEM;
2117 ++ }
2118 + }
2119 +- sbi->s_flex_groups = new_groups;
2120 +- sbi->s_flex_groups_allocated = size / sizeof(struct flex_groups);
2121 ++ rcu_read_lock();
2122 ++ old_groups = rcu_dereference(sbi->s_flex_groups);
2123 ++ if (old_groups)
2124 ++ memcpy(new_groups, old_groups,
2125 ++ (sbi->s_flex_groups_allocated *
2126 ++ sizeof(struct flex_groups *)));
2127 ++ rcu_read_unlock();
2128 ++ rcu_assign_pointer(sbi->s_flex_groups, new_groups);
2129 ++ sbi->s_flex_groups_allocated = size;
2130 ++ if (old_groups)
2131 ++ ext4_kvfree_array_rcu(old_groups);
2132 + return 0;
2133 + }
2134 +
2135 +@@ -2142,6 +2167,7 @@ static int ext4_fill_flex_info(struct super_block *sb)
2136 + {
2137 + struct ext4_sb_info *sbi = EXT4_SB(sb);
2138 + struct ext4_group_desc *gdp = NULL;
2139 ++ struct flex_groups *fg;
2140 + ext4_group_t flex_group;
2141 + int i, err;
2142 +
2143 +@@ -2159,12 +2185,11 @@ static int ext4_fill_flex_info(struct super_block *sb)
2144 + gdp = ext4_get_group_desc(sb, i, NULL);
2145 +
2146 + flex_group = ext4_flex_group(sbi, i);
2147 +- atomic_add(ext4_free_inodes_count(sb, gdp),
2148 +- &sbi->s_flex_groups[flex_group].free_inodes);
2149 ++ fg = sbi_array_rcu_deref(sbi, s_flex_groups, flex_group);
2150 ++ atomic_add(ext4_free_inodes_count(sb, gdp), &fg->free_inodes);
2151 + atomic64_add(ext4_free_group_clusters(sb, gdp),
2152 +- &sbi->s_flex_groups[flex_group].free_clusters);
2153 +- atomic_add(ext4_used_dirs_count(sb, gdp),
2154 +- &sbi->s_flex_groups[flex_group].used_dirs);
2155 ++ &fg->free_clusters);
2156 ++ atomic_add(ext4_used_dirs_count(sb, gdp), &fg->used_dirs);
2157 + }
2158 +
2159 + return 1;
2160 +@@ -3403,9 +3428,10 @@ static void ext4_set_resv_clusters(struct super_block *sb)
2161 + static int ext4_fill_super(struct super_block *sb, void *data, int silent)
2162 + {
2163 + char *orig_data = kstrdup(data, GFP_KERNEL);
2164 +- struct buffer_head *bh;
2165 ++ struct buffer_head *bh, **group_desc;
2166 + struct ext4_super_block *es = NULL;
2167 + struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
2168 ++ struct flex_groups **flex_groups;
2169 + ext4_fsblk_t block;
2170 + ext4_fsblk_t sb_block = get_sb_block(&data);
2171 + ext4_fsblk_t logical_sb_block;
2172 +@@ -3955,9 +3981,10 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
2173 + goto failed_mount;
2174 + }
2175 + }
2176 +- sbi->s_group_desc = ext4_kvmalloc(db_count *
2177 ++ rcu_assign_pointer(sbi->s_group_desc,
2178 ++ ext4_kvmalloc(db_count *
2179 + sizeof(struct buffer_head *),
2180 +- GFP_KERNEL);
2181 ++ GFP_KERNEL));
2182 + if (sbi->s_group_desc == NULL) {
2183 + ext4_msg(sb, KERN_ERR, "not enough memory");
2184 + ret = -ENOMEM;
2185 +@@ -3967,14 +3994,19 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
2186 + bgl_lock_init(sbi->s_blockgroup_lock);
2187 +
2188 + for (i = 0; i < db_count; i++) {
2189 ++ struct buffer_head *bh;
2190 ++
2191 + block = descriptor_loc(sb, logical_sb_block, i);
2192 +- sbi->s_group_desc[i] = sb_bread_unmovable(sb, block);
2193 +- if (!sbi->s_group_desc[i]) {
2194 ++ bh = sb_bread_unmovable(sb, block);
2195 ++ if (!bh) {
2196 + ext4_msg(sb, KERN_ERR,
2197 + "can't read group descriptor %d", i);
2198 + db_count = i;
2199 + goto failed_mount2;
2200 + }
2201 ++ rcu_read_lock();
2202 ++ rcu_dereference(sbi->s_group_desc)[i] = bh;
2203 ++ rcu_read_unlock();
2204 + }
2205 + sbi->s_gdb_count = db_count;
2206 + if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) {
2207 +@@ -4316,8 +4348,14 @@ failed_mount7:
2208 + ext4_unregister_li_request(sb);
2209 + failed_mount6:
2210 + ext4_mb_release(sb);
2211 +- if (sbi->s_flex_groups)
2212 +- kvfree(sbi->s_flex_groups);
2213 ++ rcu_read_lock();
2214 ++ flex_groups = rcu_dereference(sbi->s_flex_groups);
2215 ++ if (flex_groups) {
2216 ++ for (i = 0; i < sbi->s_flex_groups_allocated; i++)
2217 ++ kvfree(flex_groups[i]);
2218 ++ kvfree(flex_groups);
2219 ++ }
2220 ++ rcu_read_unlock();
2221 + percpu_counter_destroy(&sbi->s_freeclusters_counter);
2222 + percpu_counter_destroy(&sbi->s_freeinodes_counter);
2223 + percpu_counter_destroy(&sbi->s_dirs_counter);
2224 +@@ -4349,9 +4387,12 @@ failed_mount3:
2225 + if (sbi->s_mmp_tsk)
2226 + kthread_stop(sbi->s_mmp_tsk);
2227 + failed_mount2:
2228 ++ rcu_read_lock();
2229 ++ group_desc = rcu_dereference(sbi->s_group_desc);
2230 + for (i = 0; i < db_count; i++)
2231 +- brelse(sbi->s_group_desc[i]);
2232 +- kvfree(sbi->s_group_desc);
2233 ++ brelse(group_desc[i]);
2234 ++ kvfree(group_desc);
2235 ++ rcu_read_unlock();
2236 + failed_mount:
2237 + if (sbi->s_chksum_driver)
2238 + crypto_free_shash(sbi->s_chksum_driver);
2239 +diff --git a/fs/fat/inode.c b/fs/fat/inode.c
2240 +index 88720011a6eb..f0387d040331 100644
2241 +--- a/fs/fat/inode.c
2242 ++++ b/fs/fat/inode.c
2243 +@@ -736,6 +736,13 @@ static struct inode *fat_alloc_inode(struct super_block *sb)
2244 + return NULL;
2245 +
2246 + init_rwsem(&ei->truncate_lock);
2247 ++ /* Zeroing to allow iput() even if partial initialized inode. */
2248 ++ ei->mmu_private = 0;
2249 ++ ei->i_start = 0;
2250 ++ ei->i_logstart = 0;
2251 ++ ei->i_attrs = 0;
2252 ++ ei->i_pos = 0;
2253 ++
2254 + return &ei->vfs_inode;
2255 + }
2256 +
2257 +@@ -1366,16 +1373,6 @@ out:
2258 + return 0;
2259 + }
2260 +
2261 +-static void fat_dummy_inode_init(struct inode *inode)
2262 +-{
2263 +- /* Initialize this dummy inode to work as no-op. */
2264 +- MSDOS_I(inode)->mmu_private = 0;
2265 +- MSDOS_I(inode)->i_start = 0;
2266 +- MSDOS_I(inode)->i_logstart = 0;
2267 +- MSDOS_I(inode)->i_attrs = 0;
2268 +- MSDOS_I(inode)->i_pos = 0;
2269 +-}
2270 +-
2271 + static int fat_read_root(struct inode *inode)
2272 + {
2273 + struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb);
2274 +@@ -1820,13 +1817,11 @@ int fat_fill_super(struct super_block *sb, void *data, int silent, int isvfat,
2275 + fat_inode = new_inode(sb);
2276 + if (!fat_inode)
2277 + goto out_fail;
2278 +- fat_dummy_inode_init(fat_inode);
2279 + sbi->fat_inode = fat_inode;
2280 +
2281 + fsinfo_inode = new_inode(sb);
2282 + if (!fsinfo_inode)
2283 + goto out_fail;
2284 +- fat_dummy_inode_init(fsinfo_inode);
2285 + fsinfo_inode->i_ino = MSDOS_FSINFO_INO;
2286 + sbi->fsinfo_inode = fsinfo_inode;
2287 + insert_inode_hash(fsinfo_inode);
2288 +diff --git a/fs/namei.c b/fs/namei.c
2289 +index 757a50ecf0f4..0953281430b1 100644
2290 +--- a/fs/namei.c
2291 ++++ b/fs/namei.c
2292 +@@ -1370,7 +1370,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
2293 + nd->path.dentry = parent;
2294 + nd->seq = seq;
2295 + if (unlikely(!path_connected(&nd->path)))
2296 +- return -ENOENT;
2297 ++ return -ECHILD;
2298 + break;
2299 + } else {
2300 + struct mount *mnt = real_mount(nd->path.mnt);
2301 +diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h
2302 +index 1d798abae710..f502d257d494 100644
2303 +--- a/include/acpi/actypes.h
2304 ++++ b/include/acpi/actypes.h
2305 +@@ -551,6 +551,8 @@ typedef u64 acpi_integer;
2306 + #define ACPI_VALIDATE_RSDP_SIG(a) (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_SIG_RSDP, 8))
2307 + #define ACPI_MAKE_RSDP_SIG(dest) (memcpy (ACPI_CAST_PTR (char, (dest)), ACPI_SIG_RSDP, 8))
2308 +
2309 ++#define ACPI_ACCESS_BYTE_WIDTH(size) (1 << ((size) - 1))
2310 ++
2311 + /*******************************************************************************
2312 + *
2313 + * Miscellaneous constants
2314 +diff --git a/include/linux/bitops.h b/include/linux/bitops.h
2315 +index 76ad8a957ffa..cee74a52b9eb 100644
2316 +--- a/include/linux/bitops.h
2317 ++++ b/include/linux/bitops.h
2318 +@@ -3,7 +3,8 @@
2319 + #include <asm/types.h>
2320 + #include <linux/bits.h>
2321 +
2322 +-#define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, BITS_PER_BYTE * sizeof(long))
2323 ++#define BITS_PER_TYPE(type) (sizeof(type) * BITS_PER_BYTE)
2324 ++#define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, BITS_PER_TYPE(long))
2325 +
2326 + extern unsigned int __sw_hweight8(unsigned int w);
2327 + extern unsigned int __sw_hweight16(unsigned int w);
2328 +diff --git a/include/linux/hid.h b/include/linux/hid.h
2329 +index 04bdf5477ec5..eda06f7ee84a 100644
2330 +--- a/include/linux/hid.h
2331 ++++ b/include/linux/hid.h
2332 +@@ -453,7 +453,7 @@ struct hid_report_enum {
2333 + };
2334 +
2335 + #define HID_MIN_BUFFER_SIZE 64 /* make sure there is at least a packet size of space */
2336 +-#define HID_MAX_BUFFER_SIZE 4096 /* 4kb */
2337 ++#define HID_MAX_BUFFER_SIZE 8192 /* 8kb */
2338 + #define HID_CONTROL_FIFO_SIZE 256 /* to init devices with >100 reports */
2339 + #define HID_OUTPUT_FIFO_SIZE 64
2340 +
2341 +diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
2342 +index 1505cf7a4aaf..7a85a4ef6868 100644
2343 +--- a/include/net/flow_dissector.h
2344 ++++ b/include/net/flow_dissector.h
2345 +@@ -4,6 +4,7 @@
2346 + #include <linux/types.h>
2347 + #include <linux/in6.h>
2348 + #include <linux/siphash.h>
2349 ++#include <linux/string.h>
2350 + #include <uapi/linux/if_ether.h>
2351 +
2352 + /**
2353 +@@ -204,4 +205,12 @@ static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissec
2354 + return ((char *)target_container) + flow_dissector->offset[key_id];
2355 + }
2356 +
2357 ++static inline void
2358 ++flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
2359 ++ struct flow_dissector_key_basic *key_basic)
2360 ++{
2361 ++ memset(key_control, 0, sizeof(*key_control));
2362 ++ memset(key_basic, 0, sizeof(*key_basic));
2363 ++}
2364 ++
2365 + #endif
2366 +diff --git a/kernel/audit.c b/kernel/audit.c
2367 +index 3461a3d874fe..53dcaa3b67bc 100644
2368 +--- a/kernel/audit.c
2369 ++++ b/kernel/audit.c
2370 +@@ -751,13 +751,11 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
2371 + audit_log_end(ab);
2372 + }
2373 +
2374 +-static int audit_set_feature(struct sk_buff *skb)
2375 ++static int audit_set_feature(struct audit_features *uaf)
2376 + {
2377 +- struct audit_features *uaf;
2378 + int i;
2379 +
2380 + BUILD_BUG_ON(AUDIT_LAST_FEATURE + 1 > ARRAY_SIZE(audit_feature_names));
2381 +- uaf = nlmsg_data(nlmsg_hdr(skb));
2382 +
2383 + /* if there is ever a version 2 we should handle that here */
2384 +
2385 +@@ -823,6 +821,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2386 + {
2387 + u32 seq;
2388 + void *data;
2389 ++ int data_len;
2390 + int err;
2391 + struct audit_buffer *ab;
2392 + u16 msg_type = nlh->nlmsg_type;
2393 +@@ -846,6 +845,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2394 + }
2395 + seq = nlh->nlmsg_seq;
2396 + data = nlmsg_data(nlh);
2397 ++ data_len = nlmsg_len(nlh);
2398 +
2399 + switch (msg_type) {
2400 + case AUDIT_GET: {
2401 +@@ -867,7 +867,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2402 + struct audit_status s;
2403 + memset(&s, 0, sizeof(s));
2404 + /* guard against past and future API changes */
2405 +- memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
2406 ++ memcpy(&s, data, min_t(size_t, sizeof(s), data_len));
2407 + if (s.mask & AUDIT_STATUS_ENABLED) {
2408 + err = audit_set_enabled(s.enabled);
2409 + if (err < 0)
2410 +@@ -930,7 +930,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2411 + return err;
2412 + break;
2413 + case AUDIT_SET_FEATURE:
2414 +- err = audit_set_feature(skb);
2415 ++ if (data_len < sizeof(struct audit_features))
2416 ++ return -EINVAL;
2417 ++ err = audit_set_feature(data);
2418 + if (err)
2419 + return err;
2420 + break;
2421 +@@ -942,6 +944,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2422 +
2423 + err = audit_filter(msg_type, AUDIT_FILTER_USER);
2424 + if (err == 1) { /* match or error */
2425 ++ char *str = data;
2426 ++
2427 + err = 0;
2428 + if (msg_type == AUDIT_USER_TTY) {
2429 + err = tty_audit_push();
2430 +@@ -950,19 +954,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2431 + }
2432 + mutex_unlock(&audit_cmd_mutex);
2433 + audit_log_common_recv_msg(&ab, msg_type);
2434 +- if (msg_type != AUDIT_USER_TTY)
2435 ++ if (msg_type != AUDIT_USER_TTY) {
2436 ++ /* ensure NULL termination */
2437 ++ str[data_len - 1] = '\0';
2438 + audit_log_format(ab, " msg='%.*s'",
2439 + AUDIT_MESSAGE_TEXT_MAX,
2440 +- (char *)data);
2441 +- else {
2442 +- int size;
2443 +-
2444 ++ str);
2445 ++ } else {
2446 + audit_log_format(ab, " data=");
2447 +- size = nlmsg_len(nlh);
2448 +- if (size > 0 &&
2449 +- ((unsigned char *)data)[size - 1] == '\0')
2450 +- size--;
2451 +- audit_log_n_untrustedstring(ab, data, size);
2452 ++ if (data_len > 0 && str[data_len - 1] == '\0')
2453 ++ data_len--;
2454 ++ audit_log_n_untrustedstring(ab, str, data_len);
2455 + }
2456 + audit_set_portid(ab, NETLINK_CB(skb).portid);
2457 + audit_log_end(ab);
2458 +@@ -971,7 +973,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2459 + break;
2460 + case AUDIT_ADD_RULE:
2461 + case AUDIT_DEL_RULE:
2462 +- if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))
2463 ++ if (data_len < sizeof(struct audit_rule_data))
2464 + return -EINVAL;
2465 + if (audit_enabled == AUDIT_LOCKED) {
2466 + audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
2467 +@@ -980,7 +982,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2468 + return -EPERM;
2469 + }
2470 + err = audit_rule_change(msg_type, NETLINK_CB(skb).portid,
2471 +- seq, data, nlmsg_len(nlh));
2472 ++ seq, data, data_len);
2473 + break;
2474 + case AUDIT_LIST_RULES:
2475 + err = audit_list_rules_send(skb, seq);
2476 +@@ -994,7 +996,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2477 + case AUDIT_MAKE_EQUIV: {
2478 + void *bufp = data;
2479 + u32 sizes[2];
2480 +- size_t msglen = nlmsg_len(nlh);
2481 ++ size_t msglen = data_len;
2482 + char *old, *new;
2483 +
2484 + err = -EINVAL;
2485 +@@ -1070,7 +1072,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2486 +
2487 + memset(&s, 0, sizeof(s));
2488 + /* guard against past and future API changes */
2489 +- memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
2490 ++ memcpy(&s, data, min_t(size_t, sizeof(s), data_len));
2491 + /* check if new data is valid */
2492 + if ((s.enabled != 0 && s.enabled != 1) ||
2493 + (s.log_passwd != 0 && s.log_passwd != 1))
2494 +diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
2495 +index 42b7251c597f..a71ff9965cba 100644
2496 +--- a/kernel/auditfilter.c
2497 ++++ b/kernel/auditfilter.c
2498 +@@ -434,6 +434,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
2499 + bufp = data->buf;
2500 + for (i = 0; i < data->field_count; i++) {
2501 + struct audit_field *f = &entry->rule.fields[i];
2502 ++ u32 f_val;
2503 +
2504 + err = -EINVAL;
2505 +
2506 +@@ -442,12 +443,12 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
2507 + goto exit_free;
2508 +
2509 + f->type = data->fields[i];
2510 +- f->val = data->values[i];
2511 ++ f_val = data->values[i];
2512 +
2513 + /* Support legacy tests for a valid loginuid */
2514 +- if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) {
2515 ++ if ((f->type == AUDIT_LOGINUID) && (f_val == AUDIT_UID_UNSET)) {
2516 + f->type = AUDIT_LOGINUID_SET;
2517 +- f->val = 0;
2518 ++ f_val = 0;
2519 + entry->rule.pflags |= AUDIT_LOGINUID_LEGACY;
2520 + }
2521 +
2522 +@@ -463,7 +464,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
2523 + case AUDIT_SUID:
2524 + case AUDIT_FSUID:
2525 + case AUDIT_OBJ_UID:
2526 +- f->uid = make_kuid(current_user_ns(), f->val);
2527 ++ f->uid = make_kuid(current_user_ns(), f_val);
2528 + if (!uid_valid(f->uid))
2529 + goto exit_free;
2530 + break;
2531 +@@ -472,11 +473,12 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
2532 + case AUDIT_SGID:
2533 + case AUDIT_FSGID:
2534 + case AUDIT_OBJ_GID:
2535 +- f->gid = make_kgid(current_user_ns(), f->val);
2536 ++ f->gid = make_kgid(current_user_ns(), f_val);
2537 + if (!gid_valid(f->gid))
2538 + goto exit_free;
2539 + break;
2540 + case AUDIT_ARCH:
2541 ++ f->val = f_val;
2542 + entry->rule.arch_f = f;
2543 + break;
2544 + case AUDIT_SUBJ_USER:
2545 +@@ -489,11 +491,13 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
2546 + case AUDIT_OBJ_TYPE:
2547 + case AUDIT_OBJ_LEV_LOW:
2548 + case AUDIT_OBJ_LEV_HIGH:
2549 +- str = audit_unpack_string(&bufp, &remain, f->val);
2550 +- if (IS_ERR(str))
2551 ++ str = audit_unpack_string(&bufp, &remain, f_val);
2552 ++ if (IS_ERR(str)) {
2553 ++ err = PTR_ERR(str);
2554 + goto exit_free;
2555 +- entry->rule.buflen += f->val;
2556 +-
2557 ++ }
2558 ++ entry->rule.buflen += f_val;
2559 ++ f->lsm_str = str;
2560 + err = security_audit_rule_init(f->type, f->op, str,
2561 + (void **)&f->lsm_rule);
2562 + /* Keep currently invalid fields around in case they
2563 +@@ -502,68 +506,71 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
2564 + pr_warn("audit rule for LSM \'%s\' is invalid\n",
2565 + str);
2566 + err = 0;
2567 +- }
2568 +- if (err) {
2569 +- kfree(str);
2570 ++ } else if (err)
2571 + goto exit_free;
2572 +- } else
2573 +- f->lsm_str = str;
2574 + break;
2575 + case AUDIT_WATCH:
2576 +- str = audit_unpack_string(&bufp, &remain, f->val);
2577 +- if (IS_ERR(str))
2578 ++ str = audit_unpack_string(&bufp, &remain, f_val);
2579 ++ if (IS_ERR(str)) {
2580 ++ err = PTR_ERR(str);
2581 + goto exit_free;
2582 +- entry->rule.buflen += f->val;
2583 +-
2584 +- err = audit_to_watch(&entry->rule, str, f->val, f->op);
2585 ++ }
2586 ++ err = audit_to_watch(&entry->rule, str, f_val, f->op);
2587 + if (err) {
2588 + kfree(str);
2589 + goto exit_free;
2590 + }
2591 ++ entry->rule.buflen += f_val;
2592 + break;
2593 + case AUDIT_DIR:
2594 +- str = audit_unpack_string(&bufp, &remain, f->val);
2595 +- if (IS_ERR(str))
2596 ++ str = audit_unpack_string(&bufp, &remain, f_val);
2597 ++ if (IS_ERR(str)) {
2598 ++ err = PTR_ERR(str);
2599 + goto exit_free;
2600 +- entry->rule.buflen += f->val;
2601 +-
2602 ++ }
2603 + err = audit_make_tree(&entry->rule, str, f->op);
2604 + kfree(str);
2605 + if (err)
2606 + goto exit_free;
2607 ++ entry->rule.buflen += f_val;
2608 + break;
2609 + case AUDIT_INODE:
2610 ++ f->val = f_val;
2611 + err = audit_to_inode(&entry->rule, f);
2612 + if (err)
2613 + goto exit_free;
2614 + break;
2615 + case AUDIT_FILTERKEY:
2616 +- if (entry->rule.filterkey || f->val > AUDIT_MAX_KEY_LEN)
2617 ++ if (entry->rule.filterkey || f_val > AUDIT_MAX_KEY_LEN)
2618 + goto exit_free;
2619 +- str = audit_unpack_string(&bufp, &remain, f->val);
2620 +- if (IS_ERR(str))
2621 ++ str = audit_unpack_string(&bufp, &remain, f_val);
2622 ++ if (IS_ERR(str)) {
2623 ++ err = PTR_ERR(str);
2624 + goto exit_free;
2625 +- entry->rule.buflen += f->val;
2626 ++ }
2627 ++ entry->rule.buflen += f_val;
2628 + entry->rule.filterkey = str;
2629 + break;
2630 + case AUDIT_EXE:
2631 +- if (entry->rule.exe || f->val > PATH_MAX)
2632 ++ if (entry->rule.exe || f_val > PATH_MAX)
2633 + goto exit_free;
2634 +- str = audit_unpack_string(&bufp, &remain, f->val);
2635 ++ str = audit_unpack_string(&bufp, &remain, f_val);
2636 + if (IS_ERR(str)) {
2637 + err = PTR_ERR(str);
2638 + goto exit_free;
2639 + }
2640 +- entry->rule.buflen += f->val;
2641 +-
2642 +- audit_mark = audit_alloc_mark(&entry->rule, str, f->val);
2643 ++ audit_mark = audit_alloc_mark(&entry->rule, str, f_val);
2644 + if (IS_ERR(audit_mark)) {
2645 + kfree(str);
2646 + err = PTR_ERR(audit_mark);
2647 + goto exit_free;
2648 + }
2649 ++ entry->rule.buflen += f_val;
2650 + entry->rule.exe = audit_mark;
2651 + break;
2652 ++ default:
2653 ++ f->val = f_val;
2654 ++ break;
2655 + }
2656 + }
2657 +
2658 +diff --git a/mm/huge_memory.c b/mm/huge_memory.c
2659 +index f32f73fa5d3a..5fbd77d52602 100644
2660 +--- a/mm/huge_memory.c
2661 ++++ b/mm/huge_memory.c
2662 +@@ -2095,7 +2095,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)
2663 + unsigned long flags;
2664 + pgoff_t end;
2665 +
2666 +- VM_BUG_ON_PAGE(is_huge_zero_page(page), page);
2667 ++ VM_BUG_ON_PAGE(is_huge_zero_page(head), head);
2668 + VM_BUG_ON_PAGE(!PageLocked(page), page);
2669 + VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
2670 + VM_BUG_ON_PAGE(!PageCompound(page), page);
2671 +diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
2672 +index be4629c344a6..9f172906cc88 100644
2673 +--- a/net/core/fib_rules.c
2674 ++++ b/net/core/fib_rules.c
2675 +@@ -640,7 +640,7 @@ static int fib_nl_fill_rule(struct sk_buff *skb, struct fib_rule *rule,
2676 +
2677 + frh = nlmsg_data(nlh);
2678 + frh->family = ops->family;
2679 +- frh->table = rule->table;
2680 ++ frh->table = rule->table < 256 ? rule->table : RT_TABLE_COMPAT;
2681 + if (nla_put_u32(skb, FRA_TABLE, rule->table))
2682 + goto nla_put_failure;
2683 + if (nla_put_u32(skb, FRA_SUPPRESS_PREFIXLEN, rule->suppress_prefixlen))
2684 +diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
2685 +index 5da864997495..85c7e250c7a8 100644
2686 +--- a/net/ipv6/ip6_fib.c
2687 ++++ b/net/ipv6/ip6_fib.c
2688 +@@ -784,8 +784,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
2689 + found++;
2690 + break;
2691 + }
2692 +- if (rt_can_ecmp)
2693 +- fallback_ins = fallback_ins ?: ins;
2694 ++ fallback_ins = fallback_ins ?: ins;
2695 + goto next_iter;
2696 + }
2697 +
2698 +@@ -825,7 +824,9 @@ next_iter:
2699 + }
2700 +
2701 + if (fallback_ins && !found) {
2702 +- /* No ECMP-able route found, replace first non-ECMP one */
2703 ++ /* No matching route with same ecmp-able-ness found, replace
2704 ++ * first matching route
2705 ++ */
2706 + ins = fallback_ins;
2707 + iter = *ins;
2708 + found++;
2709 +diff --git a/net/ipv6/route.c b/net/ipv6/route.c
2710 +index 27c93baed708..2c4743f2d50e 100644
2711 +--- a/net/ipv6/route.c
2712 ++++ b/net/ipv6/route.c
2713 +@@ -3069,6 +3069,7 @@ static int ip6_route_multipath_add(struct fib6_config *cfg)
2714 + */
2715 + cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
2716 + NLM_F_REPLACE);
2717 ++ cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE;
2718 + nhn++;
2719 + }
2720 +
2721 +diff --git a/net/mac80211/util.c b/net/mac80211/util.c
2722 +index ca7de02e0a6e..52f9742c438a 100644
2723 +--- a/net/mac80211/util.c
2724 ++++ b/net/mac80211/util.c
2725 +@@ -943,16 +943,22 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
2726 + elem_parse_failed = true;
2727 + break;
2728 + case WLAN_EID_VHT_OPERATION:
2729 +- if (elen >= sizeof(struct ieee80211_vht_operation))
2730 ++ if (elen >= sizeof(struct ieee80211_vht_operation)) {
2731 + elems->vht_operation = (void *)pos;
2732 +- else
2733 +- elem_parse_failed = true;
2734 ++ if (calc_crc)
2735 ++ crc = crc32_be(crc, pos - 2, elen + 2);
2736 ++ break;
2737 ++ }
2738 ++ elem_parse_failed = true;
2739 + break;
2740 + case WLAN_EID_OPMODE_NOTIF:
2741 +- if (elen > 0)
2742 ++ if (elen > 0) {
2743 + elems->opmode_notif = pos;
2744 +- else
2745 +- elem_parse_failed = true;
2746 ++ if (calc_crc)
2747 ++ crc = crc32_be(crc, pos - 2, elen + 2);
2748 ++ break;
2749 ++ }
2750 ++ elem_parse_failed = true;
2751 + break;
2752 + case WLAN_EID_MESH_ID:
2753 + elems->mesh_id = pos;
2754 +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
2755 +index 025487436438..205865292ba3 100644
2756 +--- a/net/netlink/af_netlink.c
2757 ++++ b/net/netlink/af_netlink.c
2758 +@@ -1003,7 +1003,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
2759 + if (nlk->netlink_bind && groups) {
2760 + int group;
2761 +
2762 +- for (group = 0; group < nlk->ngroups; group++) {
2763 ++ /* nl_groups is a u32, so cap the maximum groups we can bind */
2764 ++ for (group = 0; group < BITS_PER_TYPE(u32); group++) {
2765 + if (!test_bit(group, &groups))
2766 + continue;
2767 + err = nlk->netlink_bind(net, group + 1);
2768 +@@ -1022,7 +1023,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
2769 + netlink_insert(sk, nladdr->nl_pid) :
2770 + netlink_autobind(sock);
2771 + if (err) {
2772 +- netlink_undo_bind(nlk->ngroups, groups, sk);
2773 ++ netlink_undo_bind(BITS_PER_TYPE(u32), groups, sk);
2774 + return err;
2775 + }
2776 + }
2777 +diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
2778 +index de03b7b49e05..18904313bd4e 100644
2779 +--- a/net/sched/cls_flower.c
2780 ++++ b/net/sched/cls_flower.c
2781 +@@ -141,6 +141,7 @@ static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
2782 + if (!atomic_read(&head->ht.nelems))
2783 + return -1;
2784 +
2785 ++ flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
2786 + fl_clear_masked_range(&skb_key, &head->mask);
2787 +
2788 + info = skb_tunnel_info(skb);
2789 +diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
2790 +index bfd068679710..1a3c75347f48 100644
2791 +--- a/net/sctp/sm_statefuns.c
2792 ++++ b/net/sctp/sm_statefuns.c
2793 +@@ -177,6 +177,16 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk,
2794 + return 1;
2795 + }
2796 +
2797 ++/* Check for format error in an ABORT chunk */
2798 ++static inline bool sctp_err_chunk_valid(struct sctp_chunk *chunk)
2799 ++{
2800 ++ struct sctp_errhdr *err;
2801 ++
2802 ++ sctp_walk_errors(err, chunk->chunk_hdr);
2803 ++
2804 ++ return (void *)err == (void *)chunk->chunk_end;
2805 ++}
2806 ++
2807 + /**********************************************************
2808 + * These are the state functions for handling chunk events.
2809 + **********************************************************/
2810 +@@ -2159,6 +2169,9 @@ sctp_disposition_t sctp_sf_shutdown_pending_abort(
2811 + sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest))
2812 + return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
2813 +
2814 ++ if (!sctp_err_chunk_valid(chunk))
2815 ++ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
2816 ++
2817 + return __sctp_sf_do_9_1_abort(net, ep, asoc, type, arg, commands);
2818 + }
2819 +
2820 +@@ -2201,6 +2214,9 @@ sctp_disposition_t sctp_sf_shutdown_sent_abort(struct net *net,
2821 + sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest))
2822 + return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
2823 +
2824 ++ if (!sctp_err_chunk_valid(chunk))
2825 ++ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
2826 ++
2827 + /* Stop the T2-shutdown timer. */
2828 + sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2829 + SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2830 +@@ -2466,6 +2482,9 @@ sctp_disposition_t sctp_sf_do_9_1_abort(struct net *net,
2831 + sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest))
2832 + return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
2833 +
2834 ++ if (!sctp_err_chunk_valid(chunk))
2835 ++ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
2836 ++
2837 + return __sctp_sf_do_9_1_abort(net, ep, asoc, type, arg, commands);
2838 + }
2839 +
2840 +@@ -2482,15 +2501,9 @@ static sctp_disposition_t __sctp_sf_do_9_1_abort(struct net *net,
2841 +
2842 + /* See if we have an error cause code in the chunk. */
2843 + len = ntohs(chunk->chunk_hdr->length);
2844 +- if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) {
2845 +-
2846 +- sctp_errhdr_t *err;
2847 +- sctp_walk_errors(err, chunk->chunk_hdr);
2848 +- if ((void *)err != (void *)chunk->chunk_end)
2849 +- return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
2850 +
2851 ++ if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2852 + error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2853 +- }
2854 +
2855 + sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET));
2856 + /* ASSOC_FAILED will DELETE_TCB. */
2857 +diff --git a/net/wireless/ethtool.c b/net/wireless/ethtool.c
2858 +index e9e91298c70d..3cedf2c2b60b 100644
2859 +--- a/net/wireless/ethtool.c
2860 ++++ b/net/wireless/ethtool.c
2861 +@@ -6,9 +6,13 @@
2862 + void cfg80211_get_drvinfo(struct net_device *dev, struct ethtool_drvinfo *info)
2863 + {
2864 + struct wireless_dev *wdev = dev->ieee80211_ptr;
2865 ++ struct device *pdev = wiphy_dev(wdev->wiphy);
2866 +
2867 +- strlcpy(info->driver, wiphy_dev(wdev->wiphy)->driver->name,
2868 +- sizeof(info->driver));
2869 ++ if (pdev->driver)
2870 ++ strlcpy(info->driver, pdev->driver->name,
2871 ++ sizeof(info->driver));
2872 ++ else
2873 ++ strlcpy(info->driver, "N/A", sizeof(info->driver));
2874 +
2875 + strlcpy(info->version, init_utsname()->release, sizeof(info->version));
2876 +
2877 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
2878 +index bb19be78aed7..9823bef65e5e 100644
2879 +--- a/net/wireless/nl80211.c
2880 ++++ b/net/wireless/nl80211.c
2881 +@@ -333,6 +333,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
2882 + [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
2883 + [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
2884 + [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
2885 ++ [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
2886 + [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
2887 + [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
2888 + [NL80211_ATTR_PID] = { .type = NLA_U32 },
2889 +diff --git a/sound/soc/codecs/pcm512x.c b/sound/soc/codecs/pcm512x.c
2890 +index 72b19e62f626..c0807b82399a 100644
2891 +--- a/sound/soc/codecs/pcm512x.c
2892 ++++ b/sound/soc/codecs/pcm512x.c
2893 +@@ -1441,13 +1441,15 @@ int pcm512x_probe(struct device *dev, struct regmap *regmap)
2894 + }
2895 +
2896 + pcm512x->sclk = devm_clk_get(dev, NULL);
2897 +- if (PTR_ERR(pcm512x->sclk) == -EPROBE_DEFER)
2898 +- return -EPROBE_DEFER;
2899 ++ if (PTR_ERR(pcm512x->sclk) == -EPROBE_DEFER) {
2900 ++ ret = -EPROBE_DEFER;
2901 ++ goto err;
2902 ++ }
2903 + if (!IS_ERR(pcm512x->sclk)) {
2904 + ret = clk_prepare_enable(pcm512x->sclk);
2905 + if (ret != 0) {
2906 + dev_err(dev, "Failed to enable SCLK: %d\n", ret);
2907 +- return ret;
2908 ++ goto err;
2909 + }
2910 + }
2911 +
2912 +diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
2913 +index 08bfc91c686f..a04672411bef 100644
2914 +--- a/sound/soc/soc-dapm.c
2915 ++++ b/sound/soc/soc-dapm.c
2916 +@@ -4363,7 +4363,7 @@ static void soc_dapm_shutdown_dapm(struct snd_soc_dapm_context *dapm)
2917 + continue;
2918 + if (w->power) {
2919 + dapm_seq_insert(w, &down_list, false);
2920 +- w->power = 0;
2921 ++ w->new_power = 0;
2922 + powerdown = 1;
2923 + }
2924 + }
2925 +diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
2926 +index 280bb5cab87f..9df0c8102dc0 100644
2927 +--- a/sound/soc/soc-pcm.c
2928 ++++ b/sound/soc/soc-pcm.c
2929 +@@ -2979,16 +2979,16 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe,
2930 + ssize_t offset = 0;
2931 +
2932 + /* FE state */
2933 +- offset += snprintf(buf + offset, size - offset,
2934 ++ offset += scnprintf(buf + offset, size - offset,
2935 + "[%s - %s]\n", fe->dai_link->name,
2936 + stream ? "Capture" : "Playback");
2937 +
2938 +- offset += snprintf(buf + offset, size - offset, "State: %s\n",
2939 ++ offset += scnprintf(buf + offset, size - offset, "State: %s\n",
2940 + dpcm_state_string(fe->dpcm[stream].state));
2941 +
2942 + if ((fe->dpcm[stream].state >= SND_SOC_DPCM_STATE_HW_PARAMS) &&
2943 + (fe->dpcm[stream].state <= SND_SOC_DPCM_STATE_STOP))
2944 +- offset += snprintf(buf + offset, size - offset,
2945 ++ offset += scnprintf(buf + offset, size - offset,
2946 + "Hardware Params: "
2947 + "Format = %s, Channels = %d, Rate = %d\n",
2948 + snd_pcm_format_name(params_format(params)),
2949 +@@ -2996,10 +2996,10 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe,
2950 + params_rate(params));
2951 +
2952 + /* BEs state */
2953 +- offset += snprintf(buf + offset, size - offset, "Backends:\n");
2954 ++ offset += scnprintf(buf + offset, size - offset, "Backends:\n");
2955 +
2956 + if (list_empty(&fe->dpcm[stream].be_clients)) {
2957 +- offset += snprintf(buf + offset, size - offset,
2958 ++ offset += scnprintf(buf + offset, size - offset,
2959 + " No active DSP links\n");
2960 + goto out;
2961 + }
2962 +@@ -3008,16 +3008,16 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe,
2963 + struct snd_soc_pcm_runtime *be = dpcm->be;
2964 + params = &dpcm->hw_params;
2965 +
2966 +- offset += snprintf(buf + offset, size - offset,
2967 ++ offset += scnprintf(buf + offset, size - offset,
2968 + "- %s\n", be->dai_link->name);
2969 +
2970 +- offset += snprintf(buf + offset, size - offset,
2971 ++ offset += scnprintf(buf + offset, size - offset,
2972 + " State: %s\n",
2973 + dpcm_state_string(be->dpcm[stream].state));
2974 +
2975 + if ((be->dpcm[stream].state >= SND_SOC_DPCM_STATE_HW_PARAMS) &&
2976 + (be->dpcm[stream].state <= SND_SOC_DPCM_STATE_STOP))
2977 +- offset += snprintf(buf + offset, size - offset,
2978 ++ offset += scnprintf(buf + offset, size - offset,
2979 + " Hardware Params: "
2980 + "Format = %s, Channels = %d, Rate = %d\n",
2981 + snd_pcm_format_name(params_format(params)),
2982 +diff --git a/tools/perf/ui/browsers/hists.c b/tools/perf/ui/browsers/hists.c
2983 +index a53fef0c673b..ade6abda9f46 100644
2984 +--- a/tools/perf/ui/browsers/hists.c
2985 ++++ b/tools/perf/ui/browsers/hists.c
2986 +@@ -2930,6 +2930,7 @@ static int perf_evsel__hists_browse(struct perf_evsel *evsel, int nr_events,
2987 +
2988 + continue;
2989 + }
2990 ++ actions->ms.map = map;
2991 + top = pstack__peek(browser->pstack);
2992 + if (top == &browser->hists->dso_filter) {
2993 + /*
2994 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
2995 +index c0dff5337a50..4e4bb5dd2dcd 100644
2996 +--- a/virt/kvm/kvm_main.c
2997 ++++ b/virt/kvm/kvm_main.c
2998 +@@ -2045,12 +2045,12 @@ int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
2999 + if (slots->generation != ghc->generation)
3000 + kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa, ghc->len);
3001 +
3002 +- if (unlikely(!ghc->memslot))
3003 +- return kvm_write_guest(kvm, ghc->gpa, data, len);
3004 +-
3005 + if (kvm_is_error_hva(ghc->hva))
3006 + return -EFAULT;
3007 +
3008 ++ if (unlikely(!ghc->memslot))
3009 ++ return kvm_write_guest(kvm, ghc->gpa, data, len);
3010 ++
3011 + r = __copy_to_user((void __user *)ghc->hva, data, len);
3012 + if (r)
3013 + return -EFAULT;
3014 +@@ -2071,12 +2071,12 @@ int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
3015 + if (slots->generation != ghc->generation)
3016 + kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa, ghc->len);
3017 +
3018 +- if (unlikely(!ghc->memslot))
3019 +- return kvm_read_guest(kvm, ghc->gpa, data, len);
3020 +-
3021 + if (kvm_is_error_hva(ghc->hva))
3022 + return -EFAULT;
3023 +
3024 ++ if (unlikely(!ghc->memslot))
3025 ++ return kvm_read_guest(kvm, ghc->gpa, data, len);
3026 ++
3027 + r = __copy_from_user(data, (void __user *)ghc->hva, len);
3028 + if (r)
3029 + return -EFAULT;