Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.3 commit in: /
Date: Fri, 19 Feb 2016 23:30:39
Message-Id: 1455924613.afdf80395cd18368043156124343e742f3cb572c.mpagano@gentoo
1 commit: afdf80395cd18368043156124343e742f3cb572c
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Feb 19 23:30:13 2016 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Fri Feb 19 23:30:13 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=afdf8039
7
8 Linux patch 4.3.6
9
10 0000_README | 4 +
11 1005_linux-4.3.6.patch | 8015 ++++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 8019 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 74a7d33..72b3e45 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -63,6 +63,10 @@ Patch: 1004_linux-4.3.5.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.3.5
21
22 +Patch: 1005_linux-4.3.6.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.3.6
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1005_linux-4.3.6.patch b/1005_linux-4.3.6.patch
31 new file mode 100644
32 index 0000000..1be422d
33 --- /dev/null
34 +++ b/1005_linux-4.3.6.patch
35 @@ -0,0 +1,8015 @@
36 +diff --git a/Makefile b/Makefile
37 +index efc7a766c470..95568cb1f5c6 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,6 +1,6 @@
41 + VERSION = 4
42 + PATCHLEVEL = 3
43 +-SUBLEVEL = 5
44 ++SUBLEVEL = 6
45 + EXTRAVERSION =
46 + NAME = Blurry Fish Butt
47 +
48 +diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
49 +index 9317974c9b8e..326564386cfa 100644
50 +--- a/arch/arm64/mm/mmu.c
51 ++++ b/arch/arm64/mm/mmu.c
52 +@@ -301,6 +301,7 @@ static void create_mapping_late(phys_addr_t phys, unsigned long virt,
53 + }
54 +
55 + #ifdef CONFIG_DEBUG_RODATA
56 ++#define SWAPPER_BLOCK_SIZE (PAGE_SHIFT == 12 ? SECTION_SIZE : PAGE_SIZE)
57 + static void __init __map_memblock(phys_addr_t start, phys_addr_t end)
58 + {
59 + /*
60 +@@ -308,8 +309,8 @@ static void __init __map_memblock(phys_addr_t start, phys_addr_t end)
61 + * for now. This will get more fine grained later once all memory
62 + * is mapped
63 + */
64 +- unsigned long kernel_x_start = round_down(__pa(_stext), SECTION_SIZE);
65 +- unsigned long kernel_x_end = round_up(__pa(__init_end), SECTION_SIZE);
66 ++ unsigned long kernel_x_start = round_down(__pa(_stext), SWAPPER_BLOCK_SIZE);
67 ++ unsigned long kernel_x_end = round_up(__pa(__init_end), SWAPPER_BLOCK_SIZE);
68 +
69 + if (end < kernel_x_start) {
70 + create_mapping(start, __phys_to_virt(start),
71 +@@ -397,18 +398,18 @@ void __init fixup_executable(void)
72 + {
73 + #ifdef CONFIG_DEBUG_RODATA
74 + /* now that we are actually fully mapped, make the start/end more fine grained */
75 +- if (!IS_ALIGNED((unsigned long)_stext, SECTION_SIZE)) {
76 ++ if (!IS_ALIGNED((unsigned long)_stext, SWAPPER_BLOCK_SIZE)) {
77 + unsigned long aligned_start = round_down(__pa(_stext),
78 +- SECTION_SIZE);
79 ++ SWAPPER_BLOCK_SIZE);
80 +
81 + create_mapping(aligned_start, __phys_to_virt(aligned_start),
82 + __pa(_stext) - aligned_start,
83 + PAGE_KERNEL);
84 + }
85 +
86 +- if (!IS_ALIGNED((unsigned long)__init_end, SECTION_SIZE)) {
87 ++ if (!IS_ALIGNED((unsigned long)__init_end, SWAPPER_BLOCK_SIZE)) {
88 + unsigned long aligned_end = round_up(__pa(__init_end),
89 +- SECTION_SIZE);
90 ++ SWAPPER_BLOCK_SIZE);
91 + create_mapping(__pa(__init_end), (unsigned long)__init_end,
92 + aligned_end - __pa(__init_end),
93 + PAGE_KERNEL);
94 +diff --git a/arch/parisc/include/asm/compat.h b/arch/parisc/include/asm/compat.h
95 +index 94710cfc1ce8..0448a2c8eafb 100644
96 +--- a/arch/parisc/include/asm/compat.h
97 ++++ b/arch/parisc/include/asm/compat.h
98 +@@ -206,10 +206,10 @@ struct compat_ipc64_perm {
99 +
100 + struct compat_semid64_ds {
101 + struct compat_ipc64_perm sem_perm;
102 +- compat_time_t sem_otime;
103 + unsigned int __unused1;
104 +- compat_time_t sem_ctime;
105 ++ compat_time_t sem_otime;
106 + unsigned int __unused2;
107 ++ compat_time_t sem_ctime;
108 + compat_ulong_t sem_nsems;
109 + compat_ulong_t __unused3;
110 + compat_ulong_t __unused4;
111 +diff --git a/arch/parisc/include/uapi/asm/ipcbuf.h b/arch/parisc/include/uapi/asm/ipcbuf.h
112 +index bd956c425785..790c4119f647 100644
113 +--- a/arch/parisc/include/uapi/asm/ipcbuf.h
114 ++++ b/arch/parisc/include/uapi/asm/ipcbuf.h
115 +@@ -1,6 +1,9 @@
116 + #ifndef __PARISC_IPCBUF_H__
117 + #define __PARISC_IPCBUF_H__
118 +
119 ++#include <asm/bitsperlong.h>
120 ++#include <linux/posix_types.h>
121 ++
122 + /*
123 + * The ipc64_perm structure for PA-RISC is almost identical to
124 + * kern_ipc_perm as we have always had 32-bit UIDs and GIDs in the kernel.
125 +@@ -10,16 +13,18 @@
126 +
127 + struct ipc64_perm
128 + {
129 +- key_t key;
130 +- uid_t uid;
131 +- gid_t gid;
132 +- uid_t cuid;
133 +- gid_t cgid;
134 ++ __kernel_key_t key;
135 ++ __kernel_uid_t uid;
136 ++ __kernel_gid_t gid;
137 ++ __kernel_uid_t cuid;
138 ++ __kernel_gid_t cgid;
139 ++#if __BITS_PER_LONG != 64
140 + unsigned short int __pad1;
141 +- mode_t mode;
142 ++#endif
143 ++ __kernel_mode_t mode;
144 + unsigned short int __pad2;
145 + unsigned short int seq;
146 +- unsigned int __pad3;
147 ++ unsigned int __pad3;
148 + unsigned long long int __unused1;
149 + unsigned long long int __unused2;
150 + };
151 +diff --git a/arch/parisc/include/uapi/asm/mman.h b/arch/parisc/include/uapi/asm/mman.h
152 +index 294d251ca7b2..2ae13ce592e8 100644
153 +--- a/arch/parisc/include/uapi/asm/mman.h
154 ++++ b/arch/parisc/include/uapi/asm/mman.h
155 +@@ -46,16 +46,6 @@
156 + #define MADV_DONTFORK 10 /* don't inherit across fork */
157 + #define MADV_DOFORK 11 /* do inherit across fork */
158 +
159 +-/* The range 12-64 is reserved for page size specification. */
160 +-#define MADV_4K_PAGES 12 /* Use 4K pages */
161 +-#define MADV_16K_PAGES 14 /* Use 16K pages */
162 +-#define MADV_64K_PAGES 16 /* Use 64K pages */
163 +-#define MADV_256K_PAGES 18 /* Use 256K pages */
164 +-#define MADV_1M_PAGES 20 /* Use 1 Megabyte pages */
165 +-#define MADV_4M_PAGES 22 /* Use 4 Megabyte pages */
166 +-#define MADV_16M_PAGES 24 /* Use 16 Megabyte pages */
167 +-#define MADV_64M_PAGES 26 /* Use 64 Megabyte pages */
168 +-
169 + #define MADV_MERGEABLE 65 /* KSM may merge identical pages */
170 + #define MADV_UNMERGEABLE 66 /* KSM may not merge identical pages */
171 +
172 +diff --git a/arch/parisc/include/uapi/asm/msgbuf.h b/arch/parisc/include/uapi/asm/msgbuf.h
173 +index 342138983914..2e83ac758e19 100644
174 +--- a/arch/parisc/include/uapi/asm/msgbuf.h
175 ++++ b/arch/parisc/include/uapi/asm/msgbuf.h
176 +@@ -27,13 +27,13 @@ struct msqid64_ds {
177 + unsigned int __pad3;
178 + #endif
179 + __kernel_time_t msg_ctime; /* last change time */
180 +- unsigned int msg_cbytes; /* current number of bytes on queue */
181 +- unsigned int msg_qnum; /* number of messages in queue */
182 +- unsigned int msg_qbytes; /* max number of bytes on queue */
183 ++ unsigned long msg_cbytes; /* current number of bytes on queue */
184 ++ unsigned long msg_qnum; /* number of messages in queue */
185 ++ unsigned long msg_qbytes; /* max number of bytes on queue */
186 + __kernel_pid_t msg_lspid; /* pid of last msgsnd */
187 + __kernel_pid_t msg_lrpid; /* last receive pid */
188 +- unsigned int __unused1;
189 +- unsigned int __unused2;
190 ++ unsigned long __unused1;
191 ++ unsigned long __unused2;
192 + };
193 +
194 + #endif /* _PARISC_MSGBUF_H */
195 +diff --git a/arch/parisc/include/uapi/asm/posix_types.h b/arch/parisc/include/uapi/asm/posix_types.h
196 +index b9344256f76b..f3b5f70b9a5f 100644
197 +--- a/arch/parisc/include/uapi/asm/posix_types.h
198 ++++ b/arch/parisc/include/uapi/asm/posix_types.h
199 +@@ -7,8 +7,10 @@
200 + * assume GCC is being used.
201 + */
202 +
203 ++#ifndef __LP64__
204 + typedef unsigned short __kernel_mode_t;
205 + #define __kernel_mode_t __kernel_mode_t
206 ++#endif
207 +
208 + typedef unsigned short __kernel_ipc_pid_t;
209 + #define __kernel_ipc_pid_t __kernel_ipc_pid_t
210 +diff --git a/arch/parisc/include/uapi/asm/sembuf.h b/arch/parisc/include/uapi/asm/sembuf.h
211 +index f01d89e30d73..c20971bf520f 100644
212 +--- a/arch/parisc/include/uapi/asm/sembuf.h
213 ++++ b/arch/parisc/include/uapi/asm/sembuf.h
214 +@@ -23,9 +23,9 @@ struct semid64_ds {
215 + unsigned int __pad2;
216 + #endif
217 + __kernel_time_t sem_ctime; /* last change time */
218 +- unsigned int sem_nsems; /* no. of semaphores in array */
219 +- unsigned int __unused1;
220 +- unsigned int __unused2;
221 ++ unsigned long sem_nsems; /* no. of semaphores in array */
222 ++ unsigned long __unused1;
223 ++ unsigned long __unused2;
224 + };
225 +
226 + #endif /* _PARISC_SEMBUF_H */
227 +diff --git a/arch/parisc/include/uapi/asm/shmbuf.h b/arch/parisc/include/uapi/asm/shmbuf.h
228 +index 8496c38560c6..750e13e77991 100644
229 +--- a/arch/parisc/include/uapi/asm/shmbuf.h
230 ++++ b/arch/parisc/include/uapi/asm/shmbuf.h
231 +@@ -30,12 +30,12 @@ struct shmid64_ds {
232 + #if __BITS_PER_LONG != 64
233 + unsigned int __pad4;
234 + #endif
235 +- size_t shm_segsz; /* size of segment (bytes) */
236 ++ __kernel_size_t shm_segsz; /* size of segment (bytes) */
237 + __kernel_pid_t shm_cpid; /* pid of creator */
238 + __kernel_pid_t shm_lpid; /* pid of last operator */
239 +- unsigned int shm_nattch; /* no. of current attaches */
240 +- unsigned int __unused1;
241 +- unsigned int __unused2;
242 ++ unsigned long shm_nattch; /* no. of current attaches */
243 ++ unsigned long __unused1;
244 ++ unsigned long __unused2;
245 + };
246 +
247 + struct shminfo64 {
248 +diff --git a/arch/parisc/include/uapi/asm/siginfo.h b/arch/parisc/include/uapi/asm/siginfo.h
249 +index d7034728f377..1c75565d984b 100644
250 +--- a/arch/parisc/include/uapi/asm/siginfo.h
251 ++++ b/arch/parisc/include/uapi/asm/siginfo.h
252 +@@ -1,6 +1,10 @@
253 + #ifndef _PARISC_SIGINFO_H
254 + #define _PARISC_SIGINFO_H
255 +
256 ++#if defined(__LP64__)
257 ++#define __ARCH_SI_PREAMBLE_SIZE (4 * sizeof(int))
258 ++#endif
259 ++
260 + #include <asm-generic/siginfo.h>
261 +
262 + #undef NSIGTRAP
263 +diff --git a/arch/parisc/kernel/signal.c b/arch/parisc/kernel/signal.c
264 +index dc1ea796fd60..2264f68f3c2f 100644
265 +--- a/arch/parisc/kernel/signal.c
266 ++++ b/arch/parisc/kernel/signal.c
267 +@@ -435,6 +435,55 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs, int in_syscall)
268 + regs->gr[28]);
269 + }
270 +
271 ++/*
272 ++ * Check how the syscall number gets loaded into %r20 within
273 ++ * the delay branch in userspace and adjust as needed.
274 ++ */
275 ++
276 ++static void check_syscallno_in_delay_branch(struct pt_regs *regs)
277 ++{
278 ++ u32 opcode, source_reg;
279 ++ u32 __user *uaddr;
280 ++ int err;
281 ++
282 ++ /* Usually we don't have to restore %r20 (the system call number)
283 ++ * because it gets loaded in the delay slot of the branch external
284 ++ * instruction via the ldi instruction.
285 ++ * In some cases a register-to-register copy instruction might have
286 ++ * been used instead, in which case we need to copy the syscall
287 ++ * number into the source register before returning to userspace.
288 ++ */
289 ++
290 ++ /* A syscall is just a branch, so all we have to do is fiddle the
291 ++ * return pointer so that the ble instruction gets executed again.
292 ++ */
293 ++ regs->gr[31] -= 8; /* delayed branching */
294 ++
295 ++ /* Get assembler opcode of code in delay branch */
296 ++ uaddr = (unsigned int *) ((regs->gr[31] & ~3) + 4);
297 ++ err = get_user(opcode, uaddr);
298 ++ if (err)
299 ++ return;
300 ++
301 ++ /* Check if delay branch uses "ldi int,%r20" */
302 ++ if ((opcode & 0xffff0000) == 0x34140000)
303 ++ return; /* everything ok, just return */
304 ++
305 ++ /* Check if delay branch uses "nop" */
306 ++ if (opcode == INSN_NOP)
307 ++ return;
308 ++
309 ++ /* Check if delay branch uses "copy %rX,%r20" */
310 ++ if ((opcode & 0xffe0ffff) == 0x08000254) {
311 ++ source_reg = (opcode >> 16) & 31;
312 ++ regs->gr[source_reg] = regs->gr[20];
313 ++ return;
314 ++ }
315 ++
316 ++ pr_warn("syscall restart: %s (pid %d): unexpected opcode 0x%08x\n",
317 ++ current->comm, task_pid_nr(current), opcode);
318 ++}
319 ++
320 + static inline void
321 + syscall_restart(struct pt_regs *regs, struct k_sigaction *ka)
322 + {
323 +@@ -457,10 +506,7 @@ syscall_restart(struct pt_regs *regs, struct k_sigaction *ka)
324 + }
325 + /* fallthrough */
326 + case -ERESTARTNOINTR:
327 +- /* A syscall is just a branch, so all
328 +- * we have to do is fiddle the return pointer.
329 +- */
330 +- regs->gr[31] -= 8; /* delayed branching */
331 ++ check_syscallno_in_delay_branch(regs);
332 + break;
333 + }
334 + }
335 +@@ -510,15 +556,9 @@ insert_restart_trampoline(struct pt_regs *regs)
336 + }
337 + case -ERESTARTNOHAND:
338 + case -ERESTARTSYS:
339 +- case -ERESTARTNOINTR: {
340 +- /* Hooray for delayed branching. We don't
341 +- * have to restore %r20 (the system call
342 +- * number) because it gets loaded in the delay
343 +- * slot of the branch external instruction.
344 +- */
345 +- regs->gr[31] -= 8;
346 ++ case -ERESTARTNOINTR:
347 ++ check_syscallno_in_delay_branch(regs);
348 + return;
349 +- }
350 + default:
351 + break;
352 + }
353 +diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c
354 +index c229427fa546..c5fec4890fdf 100644
355 +--- a/arch/parisc/mm/init.c
356 ++++ b/arch/parisc/mm/init.c
357 +@@ -23,6 +23,7 @@
358 + #include <linux/unistd.h>
359 + #include <linux/nodemask.h> /* for node_online_map */
360 + #include <linux/pagemap.h> /* for release_pages and page_cache_release */
361 ++#include <linux/compat.h>
362 +
363 + #include <asm/pgalloc.h>
364 + #include <asm/pgtable.h>
365 +@@ -30,6 +31,7 @@
366 + #include <asm/pdc_chassis.h>
367 + #include <asm/mmzone.h>
368 + #include <asm/sections.h>
369 ++#include <asm/msgbuf.h>
370 +
371 + extern int data_start;
372 + extern void parisc_kernel_start(void); /* Kernel entry point in head.S */
373 +@@ -590,6 +592,20 @@ unsigned long pcxl_dma_start __read_mostly;
374 +
375 + void __init mem_init(void)
376 + {
377 ++ /* Do sanity checks on IPC (compat) structures */
378 ++ BUILD_BUG_ON(sizeof(struct ipc64_perm) != 48);
379 ++#ifndef CONFIG_64BIT
380 ++ BUILD_BUG_ON(sizeof(struct semid64_ds) != 80);
381 ++ BUILD_BUG_ON(sizeof(struct msqid64_ds) != 104);
382 ++ BUILD_BUG_ON(sizeof(struct shmid64_ds) != 104);
383 ++#endif
384 ++#ifdef CONFIG_COMPAT
385 ++ BUILD_BUG_ON(sizeof(struct compat_ipc64_perm) != sizeof(struct ipc64_perm));
386 ++ BUILD_BUG_ON(sizeof(struct compat_semid64_ds) != 80);
387 ++ BUILD_BUG_ON(sizeof(struct compat_msqid64_ds) != 104);
388 ++ BUILD_BUG_ON(sizeof(struct compat_shmid64_ds) != 104);
389 ++#endif
390 ++
391 + /* Do sanity checks on page table constants */
392 + BUILD_BUG_ON(PTE_ENTRY_SIZE != sizeof(pte_t));
393 + BUILD_BUG_ON(PMD_ENTRY_SIZE != sizeof(pmd_t));
394 +diff --git a/arch/sh/include/uapi/asm/unistd_64.h b/arch/sh/include/uapi/asm/unistd_64.h
395 +index e6820c86e8c7..47ebd5b5ed55 100644
396 +--- a/arch/sh/include/uapi/asm/unistd_64.h
397 ++++ b/arch/sh/include/uapi/asm/unistd_64.h
398 +@@ -278,7 +278,7 @@
399 + #define __NR_fsetxattr 256
400 + #define __NR_getxattr 257
401 + #define __NR_lgetxattr 258
402 +-#define __NR_fgetxattr 269
403 ++#define __NR_fgetxattr 259
404 + #define __NR_listxattr 260
405 + #define __NR_llistxattr 261
406 + #define __NR_flistxattr 262
407 +diff --git a/arch/x86/crypto/chacha20-ssse3-x86_64.S b/arch/x86/crypto/chacha20-ssse3-x86_64.S
408 +index 712b13047b41..3a33124e9112 100644
409 +--- a/arch/x86/crypto/chacha20-ssse3-x86_64.S
410 ++++ b/arch/x86/crypto/chacha20-ssse3-x86_64.S
411 +@@ -157,7 +157,9 @@ ENTRY(chacha20_4block_xor_ssse3)
412 + # done with the slightly better performing SSSE3 byte shuffling,
413 + # 7/12-bit word rotation uses traditional shift+OR.
414 +
415 +- sub $0x40,%rsp
416 ++ mov %rsp,%r11
417 ++ sub $0x80,%rsp
418 ++ and $~63,%rsp
419 +
420 + # x0..15[0-3] = s0..3[0..3]
421 + movq 0x00(%rdi),%xmm1
422 +@@ -620,6 +622,6 @@ ENTRY(chacha20_4block_xor_ssse3)
423 + pxor %xmm1,%xmm15
424 + movdqu %xmm15,0xf0(%rsi)
425 +
426 +- add $0x40,%rsp
427 ++ mov %r11,%rsp
428 + ret
429 + ENDPROC(chacha20_4block_xor_ssse3)
430 +diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
431 +index 225be06edc80..4fe27e074194 100644
432 +--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
433 ++++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
434 +@@ -330,7 +330,7 @@ ENDPROC(crc_pcl)
435 + ## PCLMULQDQ tables
436 + ## Table is 128 entries x 2 words (8 bytes) each
437 + ################################################################
438 +-.section .rotata, "a", %progbits
439 ++.section .rodata, "a", %progbits
440 + .align 8
441 + K_table:
442 + .long 0x493c7d27, 0x00000001
443 +diff --git a/arch/xtensa/include/asm/asmmacro.h b/arch/xtensa/include/asm/asmmacro.h
444 +index 755320f6e0bc..746dcc8b5abc 100644
445 +--- a/arch/xtensa/include/asm/asmmacro.h
446 ++++ b/arch/xtensa/include/asm/asmmacro.h
447 +@@ -35,9 +35,10 @@
448 + * __loop as
449 + * restart loop. 'as' register must not have been modified!
450 + *
451 +- * __endla ar, at, incr
452 ++ * __endla ar, as, incr
453 + * ar start address (modified)
454 +- * as scratch register used by macro
455 ++ * as scratch register used by __loops/__loopi macros or
456 ++ * end address used by __loopt macro
457 + * inc increment
458 + */
459 +
460 +@@ -97,7 +98,7 @@
461 + .endm
462 +
463 + /*
464 +- * loop from ar to ax
465 ++ * loop from ar to as
466 + */
467 +
468 + .macro __loopt ar, as, at, incr_log2
469 +diff --git a/arch/xtensa/include/asm/vectors.h b/arch/xtensa/include/asm/vectors.h
470 +index a46c53f36113..986b5d0cb9e0 100644
471 +--- a/arch/xtensa/include/asm/vectors.h
472 ++++ b/arch/xtensa/include/asm/vectors.h
473 +@@ -48,6 +48,9 @@
474 + #define LOAD_MEMORY_ADDRESS 0xD0003000
475 + #endif
476 +
477 ++#define RESET_VECTOR1_VADDR (VIRTUAL_MEMORY_ADDRESS + \
478 ++ XCHAL_RESET_VECTOR1_PADDR)
479 ++
480 + #else /* !defined(CONFIG_MMU) */
481 + /* MMU Not being used - Virtual == Physical */
482 +
483 +@@ -60,6 +63,8 @@
484 + /* Loaded just above possibly live vectors */
485 + #define LOAD_MEMORY_ADDRESS (PLATFORM_DEFAULT_MEM_START + 0x3000)
486 +
487 ++#define RESET_VECTOR1_VADDR (XCHAL_RESET_VECTOR1_VADDR)
488 ++
489 + #endif /* CONFIG_MMU */
490 +
491 + #define XC_VADDR(offset) (VIRTUAL_MEMORY_ADDRESS + offset)
492 +@@ -71,10 +76,6 @@
493 + VECBASE_RESET_VADDR)
494 + #define RESET_VECTOR_VADDR XC_VADDR(RESET_VECTOR_VECOFS)
495 +
496 +-#define RESET_VECTOR1_VECOFS (XCHAL_RESET_VECTOR1_VADDR - \
497 +- VECBASE_RESET_VADDR)
498 +-#define RESET_VECTOR1_VADDR XC_VADDR(RESET_VECTOR1_VECOFS)
499 +-
500 + #if defined(XCHAL_HAVE_VECBASE) && XCHAL_HAVE_VECBASE
501 +
502 + #define USER_VECTOR_VADDR XC_VADDR(XCHAL_USER_VECOFS)
503 +diff --git a/arch/xtensa/kernel/Makefile b/arch/xtensa/kernel/Makefile
504 +index 50137bc9e150..4db730290d2d 100644
505 +--- a/arch/xtensa/kernel/Makefile
506 ++++ b/arch/xtensa/kernel/Makefile
507 +@@ -16,6 +16,7 @@ obj-$(CONFIG_SMP) += smp.o mxhead.o
508 + obj-$(CONFIG_XTENSA_VARIANT_HAVE_PERF_EVENTS) += perf_event.o
509 +
510 + AFLAGS_head.o += -mtext-section-literals
511 ++AFLAGS_mxhead.o += -mtext-section-literals
512 +
513 + # In the Xtensa architecture, assembly generates literals which must always
514 + # precede the L32R instruction with a relative offset less than 256 kB.
515 +diff --git a/arch/xtensa/kernel/entry.S b/arch/xtensa/kernel/entry.S
516 +index 504130357597..db5c1765b413 100644
517 +--- a/arch/xtensa/kernel/entry.S
518 ++++ b/arch/xtensa/kernel/entry.S
519 +@@ -367,8 +367,10 @@ common_exception:
520 + s32i a2, a1, PT_SYSCALL
521 + movi a2, 0
522 + s32i a3, a1, PT_EXCVADDR
523 ++#if XCHAL_HAVE_LOOPS
524 + xsr a2, lcount
525 + s32i a2, a1, PT_LCOUNT
526 ++#endif
527 +
528 + /* It is now save to restore the EXC_TABLE_FIXUP variable. */
529 +
530 +@@ -429,11 +431,12 @@ common_exception:
531 + rsync # PS.WOE => rsync => overflow
532 +
533 + /* Save lbeg, lend */
534 +-
535 ++#if XCHAL_HAVE_LOOPS
536 + rsr a4, lbeg
537 + rsr a3, lend
538 + s32i a4, a1, PT_LBEG
539 + s32i a3, a1, PT_LEND
540 ++#endif
541 +
542 + /* Save SCOMPARE1 */
543 +
544 +@@ -724,13 +727,14 @@ common_exception_exit:
545 + wsr a3, sar
546 +
547 + /* Restore LBEG, LEND, LCOUNT */
548 +-
549 ++#if XCHAL_HAVE_LOOPS
550 + l32i a2, a1, PT_LBEG
551 + l32i a3, a1, PT_LEND
552 + wsr a2, lbeg
553 + l32i a2, a1, PT_LCOUNT
554 + wsr a3, lend
555 + wsr a2, lcount
556 ++#endif
557 +
558 + /* We control single stepping through the ICOUNTLEVEL register. */
559 +
560 +diff --git a/arch/xtensa/kernel/head.S b/arch/xtensa/kernel/head.S
561 +index 15a461e2a0ed..9ed55649ac8e 100644
562 +--- a/arch/xtensa/kernel/head.S
563 ++++ b/arch/xtensa/kernel/head.S
564 +@@ -249,7 +249,7 @@ ENTRY(_startup)
565 +
566 + __loopt a2, a3, a4, 2
567 + s32i a0, a2, 0
568 +- __endla a2, a4, 4
569 ++ __endla a2, a3, 4
570 +
571 + #if XCHAL_DCACHE_IS_WRITEBACK
572 +
573 +diff --git a/arch/xtensa/kernel/setup.c b/arch/xtensa/kernel/setup.c
574 +index 28fc57ef5b86..4e06ec9769d1 100644
575 +--- a/arch/xtensa/kernel/setup.c
576 ++++ b/arch/xtensa/kernel/setup.c
577 +@@ -334,7 +334,10 @@ extern char _Level5InterruptVector_text_end;
578 + extern char _Level6InterruptVector_text_start;
579 + extern char _Level6InterruptVector_text_end;
580 + #endif
581 +-
582 ++#ifdef CONFIG_SMP
583 ++extern char _SecondaryResetVector_text_start;
584 ++extern char _SecondaryResetVector_text_end;
585 ++#endif
586 +
587 +
588 + #ifdef CONFIG_S32C1I_SELFTEST
589 +@@ -506,6 +509,10 @@ void __init setup_arch(char **cmdline_p)
590 + __pa(&_Level6InterruptVector_text_end), 0);
591 + #endif
592 +
593 ++#ifdef CONFIG_SMP
594 ++ mem_reserve(__pa(&_SecondaryResetVector_text_start),
595 ++ __pa(&_SecondaryResetVector_text_end), 0);
596 ++#endif
597 + parse_early_param();
598 + bootmem_init();
599 +
600 +diff --git a/arch/xtensa/kernel/vectors.S b/arch/xtensa/kernel/vectors.S
601 +index abcdb527f18a..fc25318e75ad 100644
602 +--- a/arch/xtensa/kernel/vectors.S
603 ++++ b/arch/xtensa/kernel/vectors.S
604 +@@ -478,6 +478,9 @@ _DoubleExceptionVector_handle_exception:
605 +
606 + ENDPROC(_DoubleExceptionVector)
607 +
608 ++ .end literal_prefix
609 ++
610 ++ .text
611 + /*
612 + * Fixup handler for TLB miss in double exception handler for window owerflow.
613 + * We get here with windowbase set to the window that was being spilled and
614 +@@ -587,7 +590,6 @@ ENTRY(window_overflow_restore_a0_fixup)
615 +
616 + ENDPROC(window_overflow_restore_a0_fixup)
617 +
618 +- .end literal_prefix
619 + /*
620 + * Debug interrupt vector
621 + *
622 +diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S
623 +index fc1bc2ba8d5d..d66cd408be13 100644
624 +--- a/arch/xtensa/kernel/vmlinux.lds.S
625 ++++ b/arch/xtensa/kernel/vmlinux.lds.S
626 +@@ -166,8 +166,6 @@ SECTIONS
627 + RELOCATE_ENTRY(_DebugInterruptVector_text,
628 + .DebugInterruptVector.text);
629 + #if defined(CONFIG_SMP)
630 +- RELOCATE_ENTRY(_SecondaryResetVector_literal,
631 +- .SecondaryResetVector.literal);
632 + RELOCATE_ENTRY(_SecondaryResetVector_text,
633 + .SecondaryResetVector.text);
634 + #endif
635 +@@ -282,17 +280,11 @@ SECTIONS
636 +
637 + #if defined(CONFIG_SMP)
638 +
639 +- SECTION_VECTOR (_SecondaryResetVector_literal,
640 +- .SecondaryResetVector.literal,
641 +- RESET_VECTOR1_VADDR - 4,
642 +- SIZEOF(.DoubleExceptionVector.text),
643 +- .DoubleExceptionVector.text)
644 +-
645 + SECTION_VECTOR (_SecondaryResetVector_text,
646 + .SecondaryResetVector.text,
647 + RESET_VECTOR1_VADDR,
648 +- 4,
649 +- .SecondaryResetVector.literal)
650 ++ SIZEOF(.DoubleExceptionVector.text),
651 ++ .DoubleExceptionVector.text)
652 +
653 + . = LOADADDR(.SecondaryResetVector.text)+SIZEOF(.SecondaryResetVector.text);
654 +
655 +diff --git a/arch/xtensa/lib/usercopy.S b/arch/xtensa/lib/usercopy.S
656 +index ace1892a875e..7ea4dd68893e 100644
657 +--- a/arch/xtensa/lib/usercopy.S
658 ++++ b/arch/xtensa/lib/usercopy.S
659 +@@ -222,8 +222,8 @@ __xtensa_copy_user:
660 + loopnez a7, .Loop2done
661 + #else /* !XCHAL_HAVE_LOOPS */
662 + beqz a7, .Loop2done
663 +- slli a10, a7, 4
664 +- add a10, a10, a3 # a10 = end of last 16B source chunk
665 ++ slli a12, a7, 4
666 ++ add a12, a12, a3 # a12 = end of last 16B source chunk
667 + #endif /* !XCHAL_HAVE_LOOPS */
668 + .Loop2:
669 + EX(l32i, a7, a3, 4, l_fixup)
670 +@@ -241,7 +241,7 @@ __xtensa_copy_user:
671 + EX(s32i, a9, a5, 12, s_fixup)
672 + addi a5, a5, 16
673 + #if !XCHAL_HAVE_LOOPS
674 +- blt a3, a10, .Loop2
675 ++ blt a3, a12, .Loop2
676 + #endif /* !XCHAL_HAVE_LOOPS */
677 + .Loop2done:
678 + bbci.l a4, 3, .L12
679 +diff --git a/arch/xtensa/platforms/iss/setup.c b/arch/xtensa/platforms/iss/setup.c
680 +index da7d18240866..391820539f0a 100644
681 +--- a/arch/xtensa/platforms/iss/setup.c
682 ++++ b/arch/xtensa/platforms/iss/setup.c
683 +@@ -61,7 +61,9 @@ void platform_restart(void)
684 + #if XCHAL_NUM_IBREAK > 0
685 + "wsr a2, ibreakenable\n\t"
686 + #endif
687 ++#if XCHAL_HAVE_LOOPS
688 + "wsr a2, lcount\n\t"
689 ++#endif
690 + "movi a2, 0x1f\n\t"
691 + "wsr a2, ps\n\t"
692 + "isync\n\t"
693 +diff --git a/arch/xtensa/platforms/xt2000/setup.c b/arch/xtensa/platforms/xt2000/setup.c
694 +index b90555cb8089..87678961a8c8 100644
695 +--- a/arch/xtensa/platforms/xt2000/setup.c
696 ++++ b/arch/xtensa/platforms/xt2000/setup.c
697 +@@ -72,7 +72,9 @@ void platform_restart(void)
698 + #if XCHAL_NUM_IBREAK > 0
699 + "wsr a2, ibreakenable\n\t"
700 + #endif
701 ++#if XCHAL_HAVE_LOOPS
702 + "wsr a2, lcount\n\t"
703 ++#endif
704 + "movi a2, 0x1f\n\t"
705 + "wsr a2, ps\n\t"
706 + "isync\n\t"
707 +diff --git a/arch/xtensa/platforms/xtfpga/setup.c b/arch/xtensa/platforms/xtfpga/setup.c
708 +index b4cf70e535ab..e9f65f79cf2e 100644
709 +--- a/arch/xtensa/platforms/xtfpga/setup.c
710 ++++ b/arch/xtensa/platforms/xtfpga/setup.c
711 +@@ -63,7 +63,9 @@ void platform_restart(void)
712 + #if XCHAL_NUM_IBREAK > 0
713 + "wsr a2, ibreakenable\n\t"
714 + #endif
715 ++#if XCHAL_HAVE_LOOPS
716 + "wsr a2, lcount\n\t"
717 ++#endif
718 + "movi a2, 0x1f\n\t"
719 + "wsr a2, ps\n\t"
720 + "isync\n\t"
721 +diff --git a/block/blk-core.c b/block/blk-core.c
722 +index 18e92a6645e2..b128c1609347 100644
723 +--- a/block/blk-core.c
724 ++++ b/block/blk-core.c
725 +@@ -1616,8 +1616,6 @@ static void blk_queue_bio(struct request_queue *q, struct bio *bio)
726 + struct request *req;
727 + unsigned int request_count = 0;
728 +
729 +- blk_queue_split(q, &bio, q->bio_split);
730 +-
731 + /*
732 + * low level driver can indicate that it wants pages above a
733 + * certain limit bounced to low memory (ie for highmem, or even
734 +@@ -1625,6 +1623,8 @@ static void blk_queue_bio(struct request_queue *q, struct bio *bio)
735 + */
736 + blk_queue_bounce(q, &bio);
737 +
738 ++ blk_queue_split(q, &bio, q->bio_split);
739 ++
740 + if (bio_integrity_enabled(bio) && bio_integrity_prep(bio)) {
741 + bio->bi_error = -EIO;
742 + bio_endio(bio);
743 +@@ -2023,7 +2023,8 @@ void submit_bio(int rw, struct bio *bio)
744 + EXPORT_SYMBOL(submit_bio);
745 +
746 + /**
747 +- * blk_rq_check_limits - Helper function to check a request for the queue limit
748 ++ * blk_cloned_rq_check_limits - Helper function to check a cloned request
749 ++ * for new the queue limits
750 + * @q: the queue
751 + * @rq: the request being checked
752 + *
753 +@@ -2034,20 +2035,13 @@ EXPORT_SYMBOL(submit_bio);
754 + * after it is inserted to @q, it should be checked against @q before
755 + * the insertion using this generic function.
756 + *
757 +- * This function should also be useful for request stacking drivers
758 +- * in some cases below, so export this function.
759 + * Request stacking drivers like request-based dm may change the queue
760 +- * limits while requests are in the queue (e.g. dm's table swapping).
761 +- * Such request stacking drivers should check those requests against
762 +- * the new queue limits again when they dispatch those requests,
763 +- * although such checkings are also done against the old queue limits
764 +- * when submitting requests.
765 ++ * limits when retrying requests on other queues. Those requests need
766 ++ * to be checked against the new queue limits again during dispatch.
767 + */
768 +-int blk_rq_check_limits(struct request_queue *q, struct request *rq)
769 ++static int blk_cloned_rq_check_limits(struct request_queue *q,
770 ++ struct request *rq)
771 + {
772 +- if (!rq_mergeable(rq))
773 +- return 0;
774 +-
775 + if (blk_rq_sectors(rq) > blk_queue_get_max_sectors(q, rq->cmd_flags)) {
776 + printk(KERN_ERR "%s: over max size limit.\n", __func__);
777 + return -EIO;
778 +@@ -2067,7 +2061,6 @@ int blk_rq_check_limits(struct request_queue *q, struct request *rq)
779 +
780 + return 0;
781 + }
782 +-EXPORT_SYMBOL_GPL(blk_rq_check_limits);
783 +
784 + /**
785 + * blk_insert_cloned_request - Helper for stacking drivers to submit a request
786 +@@ -2079,7 +2072,7 @@ int blk_insert_cloned_request(struct request_queue *q, struct request *rq)
787 + unsigned long flags;
788 + int where = ELEVATOR_INSERT_BACK;
789 +
790 +- if (blk_rq_check_limits(q, rq))
791 ++ if (blk_cloned_rq_check_limits(q, rq))
792 + return -EIO;
793 +
794 + if (rq->rq_disk &&
795 +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
796 +index b4ffc5be1a93..e5b5721809e2 100644
797 +--- a/crypto/ablkcipher.c
798 ++++ b/crypto/ablkcipher.c
799 +@@ -277,12 +277,12 @@ static int ablkcipher_walk_first(struct ablkcipher_request *req,
800 + if (WARN_ON_ONCE(in_irq()))
801 + return -EDEADLK;
802 +
803 ++ walk->iv = req->info;
804 + walk->nbytes = walk->total;
805 + if (unlikely(!walk->total))
806 + return 0;
807 +
808 + walk->iv_buffer = NULL;
809 +- walk->iv = req->info;
810 + if (unlikely(((unsigned long)walk->iv & alignmask))) {
811 + int err = ablkcipher_copy_iv(walk, tfm, alignmask);
812 +
813 +diff --git a/crypto/af_alg.c b/crypto/af_alg.c
814 +index a8e7aa3e257b..f5e18c2a4852 100644
815 +--- a/crypto/af_alg.c
816 ++++ b/crypto/af_alg.c
817 +@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type)
818 + goto unlock;
819 +
820 + type->ops->owner = THIS_MODULE;
821 ++ if (type->ops_nokey)
822 ++ type->ops_nokey->owner = THIS_MODULE;
823 + node->type = type;
824 + list_add(&node->list, &alg_types);
825 + err = 0;
826 +@@ -125,6 +127,26 @@ int af_alg_release(struct socket *sock)
827 + }
828 + EXPORT_SYMBOL_GPL(af_alg_release);
829 +
830 ++void af_alg_release_parent(struct sock *sk)
831 ++{
832 ++ struct alg_sock *ask = alg_sk(sk);
833 ++ unsigned int nokey = ask->nokey_refcnt;
834 ++ bool last = nokey && !ask->refcnt;
835 ++
836 ++ sk = ask->parent;
837 ++ ask = alg_sk(sk);
838 ++
839 ++ lock_sock(sk);
840 ++ ask->nokey_refcnt -= nokey;
841 ++ if (!last)
842 ++ last = !--ask->refcnt;
843 ++ release_sock(sk);
844 ++
845 ++ if (last)
846 ++ sock_put(sk);
847 ++}
848 ++EXPORT_SYMBOL_GPL(af_alg_release_parent);
849 ++
850 + static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
851 + {
852 + const u32 forbidden = CRYPTO_ALG_INTERNAL;
853 +@@ -133,6 +155,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
854 + struct sockaddr_alg *sa = (void *)uaddr;
855 + const struct af_alg_type *type;
856 + void *private;
857 ++ int err;
858 +
859 + if (sock->state == SS_CONNECTED)
860 + return -EINVAL;
861 +@@ -160,16 +183,22 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
862 + return PTR_ERR(private);
863 + }
864 +
865 ++ err = -EBUSY;
866 + lock_sock(sk);
867 ++ if (ask->refcnt | ask->nokey_refcnt)
868 ++ goto unlock;
869 +
870 + swap(ask->type, type);
871 + swap(ask->private, private);
872 +
873 ++ err = 0;
874 ++
875 ++unlock:
876 + release_sock(sk);
877 +
878 + alg_do_release(type, private);
879 +
880 +- return 0;
881 ++ return err;
882 + }
883 +
884 + static int alg_setkey(struct sock *sk, char __user *ukey,
885 +@@ -202,11 +231,15 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
886 + struct sock *sk = sock->sk;
887 + struct alg_sock *ask = alg_sk(sk);
888 + const struct af_alg_type *type;
889 +- int err = -ENOPROTOOPT;
890 ++ int err = -EBUSY;
891 +
892 + lock_sock(sk);
893 ++ if (ask->refcnt)
894 ++ goto unlock;
895 ++
896 + type = ask->type;
897 +
898 ++ err = -ENOPROTOOPT;
899 + if (level != SOL_ALG || !type)
900 + goto unlock;
901 +
902 +@@ -238,6 +271,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
903 + struct alg_sock *ask = alg_sk(sk);
904 + const struct af_alg_type *type;
905 + struct sock *sk2;
906 ++ unsigned int nokey;
907 + int err;
908 +
909 + lock_sock(sk);
910 +@@ -257,20 +291,29 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
911 + security_sk_clone(sk, sk2);
912 +
913 + err = type->accept(ask->private, sk2);
914 +- if (err) {
915 +- sk_free(sk2);
916 ++
917 ++ nokey = err == -ENOKEY;
918 ++ if (nokey && type->accept_nokey)
919 ++ err = type->accept_nokey(ask->private, sk2);
920 ++
921 ++ if (err)
922 + goto unlock;
923 +- }
924 +
925 + sk2->sk_family = PF_ALG;
926 +
927 +- sock_hold(sk);
928 ++ if (nokey || !ask->refcnt++)
929 ++ sock_hold(sk);
930 ++ ask->nokey_refcnt += nokey;
931 + alg_sk(sk2)->parent = sk;
932 + alg_sk(sk2)->type = type;
933 ++ alg_sk(sk2)->nokey_refcnt = nokey;
934 +
935 + newsock->ops = type->ops;
936 + newsock->state = SS_CONNECTED;
937 +
938 ++ if (nokey)
939 ++ newsock->ops = type->ops_nokey;
940 ++
941 + err = 0;
942 +
943 + unlock:
944 +diff --git a/crypto/ahash.c b/crypto/ahash.c
945 +index 9c1dc8d6106a..d19b52324cf5 100644
946 +--- a/crypto/ahash.c
947 ++++ b/crypto/ahash.c
948 +@@ -451,6 +451,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
949 + struct ahash_alg *alg = crypto_ahash_alg(hash);
950 +
951 + hash->setkey = ahash_nosetkey;
952 ++ hash->has_setkey = false;
953 + hash->export = ahash_no_export;
954 + hash->import = ahash_no_import;
955 +
956 +@@ -463,8 +464,10 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
957 + hash->finup = alg->finup ?: ahash_def_finup;
958 + hash->digest = alg->digest;
959 +
960 +- if (alg->setkey)
961 ++ if (alg->setkey) {
962 + hash->setkey = alg->setkey;
963 ++ hash->has_setkey = true;
964 ++ }
965 + if (alg->export)
966 + hash->export = alg->export;
967 + if (alg->import)
968 +diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
969 +index 1396ad0787fc..68a5ceaa04c8 100644
970 +--- a/crypto/algif_hash.c
971 ++++ b/crypto/algif_hash.c
972 +@@ -34,6 +34,11 @@ struct hash_ctx {
973 + struct ahash_request req;
974 + };
975 +
976 ++struct algif_hash_tfm {
977 ++ struct crypto_ahash *hash;
978 ++ bool has_key;
979 ++};
980 ++
981 + static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
982 + size_t ignored)
983 + {
984 +@@ -49,7 +54,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
985 +
986 + lock_sock(sk);
987 + if (!ctx->more) {
988 +- err = crypto_ahash_init(&ctx->req);
989 ++ err = af_alg_wait_for_completion(crypto_ahash_init(&ctx->req),
990 ++ &ctx->completion);
991 + if (err)
992 + goto unlock;
993 + }
994 +@@ -120,6 +126,7 @@ static ssize_t hash_sendpage(struct socket *sock, struct page *page,
995 + } else {
996 + if (!ctx->more) {
997 + err = crypto_ahash_init(&ctx->req);
998 ++ err = af_alg_wait_for_completion(err, &ctx->completion);
999 + if (err)
1000 + goto unlock;
1001 + }
1002 +@@ -181,9 +188,14 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags)
1003 + struct sock *sk2;
1004 + struct alg_sock *ask2;
1005 + struct hash_ctx *ctx2;
1006 ++ bool more;
1007 + int err;
1008 +
1009 +- err = crypto_ahash_export(req, state);
1010 ++ lock_sock(sk);
1011 ++ more = ctx->more;
1012 ++ err = more ? crypto_ahash_export(req, state) : 0;
1013 ++ release_sock(sk);
1014 ++
1015 + if (err)
1016 + return err;
1017 +
1018 +@@ -194,7 +206,10 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags)
1019 + sk2 = newsock->sk;
1020 + ask2 = alg_sk(sk2);
1021 + ctx2 = ask2->private;
1022 +- ctx2->more = 1;
1023 ++ ctx2->more = more;
1024 ++
1025 ++ if (!more)
1026 ++ return err;
1027 +
1028 + err = crypto_ahash_import(&ctx2->req, state);
1029 + if (err) {
1030 +@@ -227,19 +242,151 @@ static struct proto_ops algif_hash_ops = {
1031 + .accept = hash_accept,
1032 + };
1033 +
1034 ++static int hash_check_key(struct socket *sock)
1035 ++{
1036 ++ int err = 0;
1037 ++ struct sock *psk;
1038 ++ struct alg_sock *pask;
1039 ++ struct algif_hash_tfm *tfm;
1040 ++ struct sock *sk = sock->sk;
1041 ++ struct alg_sock *ask = alg_sk(sk);
1042 ++
1043 ++ lock_sock(sk);
1044 ++ if (ask->refcnt)
1045 ++ goto unlock_child;
1046 ++
1047 ++ psk = ask->parent;
1048 ++ pask = alg_sk(ask->parent);
1049 ++ tfm = pask->private;
1050 ++
1051 ++ err = -ENOKEY;
1052 ++ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
1053 ++ if (!tfm->has_key)
1054 ++ goto unlock;
1055 ++
1056 ++ if (!pask->refcnt++)
1057 ++ sock_hold(psk);
1058 ++
1059 ++ ask->refcnt = 1;
1060 ++ sock_put(psk);
1061 ++
1062 ++ err = 0;
1063 ++
1064 ++unlock:
1065 ++ release_sock(psk);
1066 ++unlock_child:
1067 ++ release_sock(sk);
1068 ++
1069 ++ return err;
1070 ++}
1071 ++
1072 ++static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
1073 ++ size_t size)
1074 ++{
1075 ++ int err;
1076 ++
1077 ++ err = hash_check_key(sock);
1078 ++ if (err)
1079 ++ return err;
1080 ++
1081 ++ return hash_sendmsg(sock, msg, size);
1082 ++}
1083 ++
1084 ++static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
1085 ++ int offset, size_t size, int flags)
1086 ++{
1087 ++ int err;
1088 ++
1089 ++ err = hash_check_key(sock);
1090 ++ if (err)
1091 ++ return err;
1092 ++
1093 ++ return hash_sendpage(sock, page, offset, size, flags);
1094 ++}
1095 ++
1096 ++static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
1097 ++ size_t ignored, int flags)
1098 ++{
1099 ++ int err;
1100 ++
1101 ++ err = hash_check_key(sock);
1102 ++ if (err)
1103 ++ return err;
1104 ++
1105 ++ return hash_recvmsg(sock, msg, ignored, flags);
1106 ++}
1107 ++
1108 ++static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
1109 ++ int flags)
1110 ++{
1111 ++ int err;
1112 ++
1113 ++ err = hash_check_key(sock);
1114 ++ if (err)
1115 ++ return err;
1116 ++
1117 ++ return hash_accept(sock, newsock, flags);
1118 ++}
1119 ++
1120 ++static struct proto_ops algif_hash_ops_nokey = {
1121 ++ .family = PF_ALG,
1122 ++
1123 ++ .connect = sock_no_connect,
1124 ++ .socketpair = sock_no_socketpair,
1125 ++ .getname = sock_no_getname,
1126 ++ .ioctl = sock_no_ioctl,
1127 ++ .listen = sock_no_listen,
1128 ++ .shutdown = sock_no_shutdown,
1129 ++ .getsockopt = sock_no_getsockopt,
1130 ++ .mmap = sock_no_mmap,
1131 ++ .bind = sock_no_bind,
1132 ++ .setsockopt = sock_no_setsockopt,
1133 ++ .poll = sock_no_poll,
1134 ++
1135 ++ .release = af_alg_release,
1136 ++ .sendmsg = hash_sendmsg_nokey,
1137 ++ .sendpage = hash_sendpage_nokey,
1138 ++ .recvmsg = hash_recvmsg_nokey,
1139 ++ .accept = hash_accept_nokey,
1140 ++};
1141 ++
1142 + static void *hash_bind(const char *name, u32 type, u32 mask)
1143 + {
1144 +- return crypto_alloc_ahash(name, type, mask);
1145 ++ struct algif_hash_tfm *tfm;
1146 ++ struct crypto_ahash *hash;
1147 ++
1148 ++ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
1149 ++ if (!tfm)
1150 ++ return ERR_PTR(-ENOMEM);
1151 ++
1152 ++ hash = crypto_alloc_ahash(name, type, mask);
1153 ++ if (IS_ERR(hash)) {
1154 ++ kfree(tfm);
1155 ++ return ERR_CAST(hash);
1156 ++ }
1157 ++
1158 ++ tfm->hash = hash;
1159 ++
1160 ++ return tfm;
1161 + }
1162 +
1163 + static void hash_release(void *private)
1164 + {
1165 +- crypto_free_ahash(private);
1166 ++ struct algif_hash_tfm *tfm = private;
1167 ++
1168 ++ crypto_free_ahash(tfm->hash);
1169 ++ kfree(tfm);
1170 + }
1171 +
1172 + static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
1173 + {
1174 +- return crypto_ahash_setkey(private, key, keylen);
1175 ++ struct algif_hash_tfm *tfm = private;
1176 ++ int err;
1177 ++
1178 ++ err = crypto_ahash_setkey(tfm->hash, key, keylen);
1179 ++ tfm->has_key = !err;
1180 ++
1181 ++ return err;
1182 + }
1183 +
1184 + static void hash_sock_destruct(struct sock *sk)
1185 +@@ -253,12 +400,14 @@ static void hash_sock_destruct(struct sock *sk)
1186 + af_alg_release_parent(sk);
1187 + }
1188 +
1189 +-static int hash_accept_parent(void *private, struct sock *sk)
1190 ++static int hash_accept_parent_nokey(void *private, struct sock *sk)
1191 + {
1192 + struct hash_ctx *ctx;
1193 + struct alg_sock *ask = alg_sk(sk);
1194 +- unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(private);
1195 +- unsigned ds = crypto_ahash_digestsize(private);
1196 ++ struct algif_hash_tfm *tfm = private;
1197 ++ struct crypto_ahash *hash = tfm->hash;
1198 ++ unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(hash);
1199 ++ unsigned ds = crypto_ahash_digestsize(hash);
1200 +
1201 + ctx = sock_kmalloc(sk, len, GFP_KERNEL);
1202 + if (!ctx)
1203 +@@ -278,7 +427,7 @@ static int hash_accept_parent(void *private, struct sock *sk)
1204 +
1205 + ask->private = ctx;
1206 +
1207 +- ahash_request_set_tfm(&ctx->req, private);
1208 ++ ahash_request_set_tfm(&ctx->req, hash);
1209 + ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1210 + af_alg_complete, &ctx->completion);
1211 +
1212 +@@ -287,12 +436,24 @@ static int hash_accept_parent(void *private, struct sock *sk)
1213 + return 0;
1214 + }
1215 +
1216 ++static int hash_accept_parent(void *private, struct sock *sk)
1217 ++{
1218 ++ struct algif_hash_tfm *tfm = private;
1219 ++
1220 ++ if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
1221 ++ return -ENOKEY;
1222 ++
1223 ++ return hash_accept_parent_nokey(private, sk);
1224 ++}
1225 ++
1226 + static const struct af_alg_type algif_type_hash = {
1227 + .bind = hash_bind,
1228 + .release = hash_release,
1229 + .setkey = hash_setkey,
1230 + .accept = hash_accept_parent,
1231 ++ .accept_nokey = hash_accept_parent_nokey,
1232 + .ops = &algif_hash_ops,
1233 ++ .ops_nokey = &algif_hash_ops_nokey,
1234 + .name = "hash",
1235 + .owner = THIS_MODULE
1236 + };
1237 +diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
1238 +index af31a0ee4057..8ea54ac958ac 100644
1239 +--- a/crypto/algif_skcipher.c
1240 ++++ b/crypto/algif_skcipher.c
1241 +@@ -31,6 +31,11 @@ struct skcipher_sg_list {
1242 + struct scatterlist sg[0];
1243 + };
1244 +
1245 ++struct skcipher_tfm {
1246 ++ struct crypto_skcipher *skcipher;
1247 ++ bool has_key;
1248 ++};
1249 ++
1250 + struct skcipher_ctx {
1251 + struct list_head tsgl;
1252 + struct af_alg_sgl rsgl;
1253 +@@ -47,7 +52,7 @@ struct skcipher_ctx {
1254 + bool merge;
1255 + bool enc;
1256 +
1257 +- struct ablkcipher_request req;
1258 ++ struct skcipher_request req;
1259 + };
1260 +
1261 + struct skcipher_async_rsgl {
1262 +@@ -60,18 +65,10 @@ struct skcipher_async_req {
1263 + struct skcipher_async_rsgl first_sgl;
1264 + struct list_head list;
1265 + struct scatterlist *tsg;
1266 +- char iv[];
1267 ++ atomic_t *inflight;
1268 ++ struct skcipher_request req;
1269 + };
1270 +
1271 +-#define GET_SREQ(areq, ctx) (struct skcipher_async_req *)((char *)areq + \
1272 +- crypto_ablkcipher_reqsize(crypto_ablkcipher_reqtfm(&ctx->req)))
1273 +-
1274 +-#define GET_REQ_SIZE(ctx) \
1275 +- crypto_ablkcipher_reqsize(crypto_ablkcipher_reqtfm(&ctx->req))
1276 +-
1277 +-#define GET_IV_SIZE(ctx) \
1278 +- crypto_ablkcipher_ivsize(crypto_ablkcipher_reqtfm(&ctx->req))
1279 +-
1280 + #define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \
1281 + sizeof(struct scatterlist) - 1)
1282 +
1283 +@@ -97,15 +94,12 @@ static void skcipher_free_async_sgls(struct skcipher_async_req *sreq)
1284 +
1285 + static void skcipher_async_cb(struct crypto_async_request *req, int err)
1286 + {
1287 +- struct sock *sk = req->data;
1288 +- struct alg_sock *ask = alg_sk(sk);
1289 +- struct skcipher_ctx *ctx = ask->private;
1290 +- struct skcipher_async_req *sreq = GET_SREQ(req, ctx);
1291 ++ struct skcipher_async_req *sreq = req->data;
1292 + struct kiocb *iocb = sreq->iocb;
1293 +
1294 +- atomic_dec(&ctx->inflight);
1295 ++ atomic_dec(sreq->inflight);
1296 + skcipher_free_async_sgls(sreq);
1297 +- kfree(req);
1298 ++ kzfree(sreq);
1299 + iocb->ki_complete(iocb, err, err);
1300 + }
1301 +
1302 +@@ -301,9 +295,12 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
1303 + {
1304 + struct sock *sk = sock->sk;
1305 + struct alg_sock *ask = alg_sk(sk);
1306 ++ struct sock *psk = ask->parent;
1307 ++ struct alg_sock *pask = alg_sk(psk);
1308 + struct skcipher_ctx *ctx = ask->private;
1309 +- struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(&ctx->req);
1310 +- unsigned ivsize = crypto_ablkcipher_ivsize(tfm);
1311 ++ struct skcipher_tfm *skc = pask->private;
1312 ++ struct crypto_skcipher *tfm = skc->skcipher;
1313 ++ unsigned ivsize = crypto_skcipher_ivsize(tfm);
1314 + struct skcipher_sg_list *sgl;
1315 + struct af_alg_control con = {};
1316 + long copied = 0;
1317 +@@ -387,7 +384,8 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
1318 +
1319 + sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
1320 + sg = sgl->sg;
1321 +- sg_unmark_end(sg + sgl->cur);
1322 ++ if (sgl->cur)
1323 ++ sg_unmark_end(sg + sgl->cur - 1);
1324 + do {
1325 + i = sgl->cur;
1326 + plen = min_t(int, len, PAGE_SIZE);
1327 +@@ -503,37 +501,43 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
1328 + {
1329 + struct sock *sk = sock->sk;
1330 + struct alg_sock *ask = alg_sk(sk);
1331 ++ struct sock *psk = ask->parent;
1332 ++ struct alg_sock *pask = alg_sk(psk);
1333 + struct skcipher_ctx *ctx = ask->private;
1334 ++ struct skcipher_tfm *skc = pask->private;
1335 ++ struct crypto_skcipher *tfm = skc->skcipher;
1336 + struct skcipher_sg_list *sgl;
1337 + struct scatterlist *sg;
1338 + struct skcipher_async_req *sreq;
1339 +- struct ablkcipher_request *req;
1340 ++ struct skcipher_request *req;
1341 + struct skcipher_async_rsgl *last_rsgl = NULL;
1342 +- unsigned int txbufs = 0, len = 0, tx_nents = skcipher_all_sg_nents(ctx);
1343 +- unsigned int reqlen = sizeof(struct skcipher_async_req) +
1344 +- GET_REQ_SIZE(ctx) + GET_IV_SIZE(ctx);
1345 ++ unsigned int txbufs = 0, len = 0, tx_nents;
1346 ++ unsigned int reqsize = crypto_skcipher_reqsize(tfm);
1347 ++ unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1348 + int err = -ENOMEM;
1349 + bool mark = false;
1350 ++ char *iv;
1351 +
1352 +- lock_sock(sk);
1353 +- req = kmalloc(reqlen, GFP_KERNEL);
1354 +- if (unlikely(!req))
1355 +- goto unlock;
1356 ++ sreq = kzalloc(sizeof(*sreq) + reqsize + ivsize, GFP_KERNEL);
1357 ++ if (unlikely(!sreq))
1358 ++ goto out;
1359 +
1360 +- sreq = GET_SREQ(req, ctx);
1361 ++ req = &sreq->req;
1362 ++ iv = (char *)(req + 1) + reqsize;
1363 + sreq->iocb = msg->msg_iocb;
1364 +- memset(&sreq->first_sgl, '\0', sizeof(struct skcipher_async_rsgl));
1365 + INIT_LIST_HEAD(&sreq->list);
1366 ++ sreq->inflight = &ctx->inflight;
1367 ++
1368 ++ lock_sock(sk);
1369 ++ tx_nents = skcipher_all_sg_nents(ctx);
1370 + sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL);
1371 +- if (unlikely(!sreq->tsg)) {
1372 +- kfree(req);
1373 ++ if (unlikely(!sreq->tsg))
1374 + goto unlock;
1375 +- }
1376 + sg_init_table(sreq->tsg, tx_nents);
1377 +- memcpy(sreq->iv, ctx->iv, GET_IV_SIZE(ctx));
1378 +- ablkcipher_request_set_tfm(req, crypto_ablkcipher_reqtfm(&ctx->req));
1379 +- ablkcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1380 +- skcipher_async_cb, sk);
1381 ++ memcpy(iv, ctx->iv, ivsize);
1382 ++ skcipher_request_set_tfm(req, tfm);
1383 ++ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
1384 ++ skcipher_async_cb, sreq);
1385 +
1386 + while (iov_iter_count(&msg->msg_iter)) {
1387 + struct skcipher_async_rsgl *rsgl;
1388 +@@ -608,21 +612,23 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
1389 + if (mark)
1390 + sg_mark_end(sreq->tsg + txbufs - 1);
1391 +
1392 +- ablkcipher_request_set_crypt(req, sreq->tsg, sreq->first_sgl.sgl.sg,
1393 +- len, sreq->iv);
1394 +- err = ctx->enc ? crypto_ablkcipher_encrypt(req) :
1395 +- crypto_ablkcipher_decrypt(req);
1396 ++ skcipher_request_set_crypt(req, sreq->tsg, sreq->first_sgl.sgl.sg,
1397 ++ len, iv);
1398 ++ err = ctx->enc ? crypto_skcipher_encrypt(req) :
1399 ++ crypto_skcipher_decrypt(req);
1400 + if (err == -EINPROGRESS) {
1401 + atomic_inc(&ctx->inflight);
1402 + err = -EIOCBQUEUED;
1403 ++ sreq = NULL;
1404 + goto unlock;
1405 + }
1406 + free:
1407 + skcipher_free_async_sgls(sreq);
1408 +- kfree(req);
1409 + unlock:
1410 + skcipher_wmem_wakeup(sk);
1411 + release_sock(sk);
1412 ++ kzfree(sreq);
1413 ++out:
1414 + return err;
1415 + }
1416 +
1417 +@@ -631,9 +637,12 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
1418 + {
1419 + struct sock *sk = sock->sk;
1420 + struct alg_sock *ask = alg_sk(sk);
1421 ++ struct sock *psk = ask->parent;
1422 ++ struct alg_sock *pask = alg_sk(psk);
1423 + struct skcipher_ctx *ctx = ask->private;
1424 +- unsigned bs = crypto_ablkcipher_blocksize(crypto_ablkcipher_reqtfm(
1425 +- &ctx->req));
1426 ++ struct skcipher_tfm *skc = pask->private;
1427 ++ struct crypto_skcipher *tfm = skc->skcipher;
1428 ++ unsigned bs = crypto_skcipher_blocksize(tfm);
1429 + struct skcipher_sg_list *sgl;
1430 + struct scatterlist *sg;
1431 + int err = -EAGAIN;
1432 +@@ -642,13 +651,6 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
1433 +
1434 + lock_sock(sk);
1435 + while (msg_data_left(msg)) {
1436 +- sgl = list_first_entry(&ctx->tsgl,
1437 +- struct skcipher_sg_list, list);
1438 +- sg = sgl->sg;
1439 +-
1440 +- while (!sg->length)
1441 +- sg++;
1442 +-
1443 + if (!ctx->used) {
1444 + err = skcipher_wait_for_data(sk, flags);
1445 + if (err)
1446 +@@ -669,14 +671,20 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg,
1447 + if (!used)
1448 + goto free;
1449 +
1450 +- ablkcipher_request_set_crypt(&ctx->req, sg,
1451 +- ctx->rsgl.sg, used,
1452 +- ctx->iv);
1453 ++ sgl = list_first_entry(&ctx->tsgl,
1454 ++ struct skcipher_sg_list, list);
1455 ++ sg = sgl->sg;
1456 ++
1457 ++ while (!sg->length)
1458 ++ sg++;
1459 ++
1460 ++ skcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used,
1461 ++ ctx->iv);
1462 +
1463 + err = af_alg_wait_for_completion(
1464 + ctx->enc ?
1465 +- crypto_ablkcipher_encrypt(&ctx->req) :
1466 +- crypto_ablkcipher_decrypt(&ctx->req),
1467 ++ crypto_skcipher_encrypt(&ctx->req) :
1468 ++ crypto_skcipher_decrypt(&ctx->req),
1469 + &ctx->completion);
1470 +
1471 + free:
1472 +@@ -749,19 +757,139 @@ static struct proto_ops algif_skcipher_ops = {
1473 + .poll = skcipher_poll,
1474 + };
1475 +
1476 ++static int skcipher_check_key(struct socket *sock)
1477 ++{
1478 ++ int err = 0;
1479 ++ struct sock *psk;
1480 ++ struct alg_sock *pask;
1481 ++ struct skcipher_tfm *tfm;
1482 ++ struct sock *sk = sock->sk;
1483 ++ struct alg_sock *ask = alg_sk(sk);
1484 ++
1485 ++ lock_sock(sk);
1486 ++ if (ask->refcnt)
1487 ++ goto unlock_child;
1488 ++
1489 ++ psk = ask->parent;
1490 ++ pask = alg_sk(ask->parent);
1491 ++ tfm = pask->private;
1492 ++
1493 ++ err = -ENOKEY;
1494 ++ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
1495 ++ if (!tfm->has_key)
1496 ++ goto unlock;
1497 ++
1498 ++ if (!pask->refcnt++)
1499 ++ sock_hold(psk);
1500 ++
1501 ++ ask->refcnt = 1;
1502 ++ sock_put(psk);
1503 ++
1504 ++ err = 0;
1505 ++
1506 ++unlock:
1507 ++ release_sock(psk);
1508 ++unlock_child:
1509 ++ release_sock(sk);
1510 ++
1511 ++ return err;
1512 ++}
1513 ++
1514 ++static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
1515 ++ size_t size)
1516 ++{
1517 ++ int err;
1518 ++
1519 ++ err = skcipher_check_key(sock);
1520 ++ if (err)
1521 ++ return err;
1522 ++
1523 ++ return skcipher_sendmsg(sock, msg, size);
1524 ++}
1525 ++
1526 ++static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
1527 ++ int offset, size_t size, int flags)
1528 ++{
1529 ++ int err;
1530 ++
1531 ++ err = skcipher_check_key(sock);
1532 ++ if (err)
1533 ++ return err;
1534 ++
1535 ++ return skcipher_sendpage(sock, page, offset, size, flags);
1536 ++}
1537 ++
1538 ++static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
1539 ++ size_t ignored, int flags)
1540 ++{
1541 ++ int err;
1542 ++
1543 ++ err = skcipher_check_key(sock);
1544 ++ if (err)
1545 ++ return err;
1546 ++
1547 ++ return skcipher_recvmsg(sock, msg, ignored, flags);
1548 ++}
1549 ++
1550 ++static struct proto_ops algif_skcipher_ops_nokey = {
1551 ++ .family = PF_ALG,
1552 ++
1553 ++ .connect = sock_no_connect,
1554 ++ .socketpair = sock_no_socketpair,
1555 ++ .getname = sock_no_getname,
1556 ++ .ioctl = sock_no_ioctl,
1557 ++ .listen = sock_no_listen,
1558 ++ .shutdown = sock_no_shutdown,
1559 ++ .getsockopt = sock_no_getsockopt,
1560 ++ .mmap = sock_no_mmap,
1561 ++ .bind = sock_no_bind,
1562 ++ .accept = sock_no_accept,
1563 ++ .setsockopt = sock_no_setsockopt,
1564 ++
1565 ++ .release = af_alg_release,
1566 ++ .sendmsg = skcipher_sendmsg_nokey,
1567 ++ .sendpage = skcipher_sendpage_nokey,
1568 ++ .recvmsg = skcipher_recvmsg_nokey,
1569 ++ .poll = skcipher_poll,
1570 ++};
1571 ++
1572 + static void *skcipher_bind(const char *name, u32 type, u32 mask)
1573 + {
1574 +- return crypto_alloc_ablkcipher(name, type, mask);
1575 ++ struct skcipher_tfm *tfm;
1576 ++ struct crypto_skcipher *skcipher;
1577 ++
1578 ++ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
1579 ++ if (!tfm)
1580 ++ return ERR_PTR(-ENOMEM);
1581 ++
1582 ++ skcipher = crypto_alloc_skcipher(name, type, mask);
1583 ++ if (IS_ERR(skcipher)) {
1584 ++ kfree(tfm);
1585 ++ return ERR_CAST(skcipher);
1586 ++ }
1587 ++
1588 ++ tfm->skcipher = skcipher;
1589 ++
1590 ++ return tfm;
1591 + }
1592 +
1593 + static void skcipher_release(void *private)
1594 + {
1595 +- crypto_free_ablkcipher(private);
1596 ++ struct skcipher_tfm *tfm = private;
1597 ++
1598 ++ crypto_free_skcipher(tfm->skcipher);
1599 ++ kfree(tfm);
1600 + }
1601 +
1602 + static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
1603 + {
1604 +- return crypto_ablkcipher_setkey(private, key, keylen);
1605 ++ struct skcipher_tfm *tfm = private;
1606 ++ int err;
1607 ++
1608 ++ err = crypto_skcipher_setkey(tfm->skcipher, key, keylen);
1609 ++ tfm->has_key = !err;
1610 ++
1611 ++ return err;
1612 + }
1613 +
1614 + static void skcipher_wait(struct sock *sk)
1615 +@@ -778,35 +906,37 @@ static void skcipher_sock_destruct(struct sock *sk)
1616 + {
1617 + struct alg_sock *ask = alg_sk(sk);
1618 + struct skcipher_ctx *ctx = ask->private;
1619 +- struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(&ctx->req);
1620 ++ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req);
1621 +
1622 + if (atomic_read(&ctx->inflight))
1623 + skcipher_wait(sk);
1624 +
1625 + skcipher_free_sgl(sk);
1626 +- sock_kzfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
1627 ++ sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
1628 + sock_kfree_s(sk, ctx, ctx->len);
1629 + af_alg_release_parent(sk);
1630 + }
1631 +
1632 +-static int skcipher_accept_parent(void *private, struct sock *sk)
1633 ++static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
1634 + {
1635 + struct skcipher_ctx *ctx;
1636 + struct alg_sock *ask = alg_sk(sk);
1637 +- unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(private);
1638 ++ struct skcipher_tfm *tfm = private;
1639 ++ struct crypto_skcipher *skcipher = tfm->skcipher;
1640 ++ unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(skcipher);
1641 +
1642 + ctx = sock_kmalloc(sk, len, GFP_KERNEL);
1643 + if (!ctx)
1644 + return -ENOMEM;
1645 +
1646 +- ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(private),
1647 ++ ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher),
1648 + GFP_KERNEL);
1649 + if (!ctx->iv) {
1650 + sock_kfree_s(sk, ctx, len);
1651 + return -ENOMEM;
1652 + }
1653 +
1654 +- memset(ctx->iv, 0, crypto_ablkcipher_ivsize(private));
1655 ++ memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher));
1656 +
1657 + INIT_LIST_HEAD(&ctx->tsgl);
1658 + ctx->len = len;
1659 +@@ -819,21 +949,34 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
1660 +
1661 + ask->private = ctx;
1662 +
1663 +- ablkcipher_request_set_tfm(&ctx->req, private);
1664 +- ablkcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1665 +- af_alg_complete, &ctx->completion);
1666 ++ skcipher_request_set_tfm(&ctx->req, skcipher);
1667 ++ skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_SLEEP |
1668 ++ CRYPTO_TFM_REQ_MAY_BACKLOG,
1669 ++ af_alg_complete, &ctx->completion);
1670 +
1671 + sk->sk_destruct = skcipher_sock_destruct;
1672 +
1673 + return 0;
1674 + }
1675 +
1676 ++static int skcipher_accept_parent(void *private, struct sock *sk)
1677 ++{
1678 ++ struct skcipher_tfm *tfm = private;
1679 ++
1680 ++ if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher))
1681 ++ return -ENOKEY;
1682 ++
1683 ++ return skcipher_accept_parent_nokey(private, sk);
1684 ++}
1685 ++
1686 + static const struct af_alg_type algif_type_skcipher = {
1687 + .bind = skcipher_bind,
1688 + .release = skcipher_release,
1689 + .setkey = skcipher_setkey,
1690 + .accept = skcipher_accept_parent,
1691 ++ .accept_nokey = skcipher_accept_parent_nokey,
1692 + .ops = &algif_skcipher_ops,
1693 ++ .ops_nokey = &algif_skcipher_ops_nokey,
1694 + .name = "skcipher",
1695 + .owner = THIS_MODULE
1696 + };
1697 +diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
1698 +index 11b981492031..8cc1622b2ee0 100644
1699 +--- a/crypto/blkcipher.c
1700 ++++ b/crypto/blkcipher.c
1701 +@@ -326,12 +326,12 @@ static int blkcipher_walk_first(struct blkcipher_desc *desc,
1702 + if (WARN_ON_ONCE(in_irq()))
1703 + return -EDEADLK;
1704 +
1705 ++ walk->iv = desc->info;
1706 + walk->nbytes = walk->total;
1707 + if (unlikely(!walk->total))
1708 + return 0;
1709 +
1710 + walk->buffer = NULL;
1711 +- walk->iv = desc->info;
1712 + if (unlikely(((unsigned long)walk->iv & walk->alignmask))) {
1713 + int err = blkcipher_copy_iv(walk);
1714 + if (err)
1715 +diff --git a/crypto/crc32c_generic.c b/crypto/crc32c_generic.c
1716 +index 06f1b60f02b2..4c0a0e271876 100644
1717 +--- a/crypto/crc32c_generic.c
1718 ++++ b/crypto/crc32c_generic.c
1719 +@@ -172,4 +172,3 @@ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
1720 + MODULE_LICENSE("GPL");
1721 + MODULE_ALIAS_CRYPTO("crc32c");
1722 + MODULE_ALIAS_CRYPTO("crc32c-generic");
1723 +-MODULE_SOFTDEP("pre: crc32c");
1724 +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
1725 +index 237f3795cfaa..43fe85f20d57 100644
1726 +--- a/crypto/crypto_user.c
1727 ++++ b/crypto/crypto_user.c
1728 +@@ -499,6 +499,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1729 + if (link->dump == NULL)
1730 + return -EINVAL;
1731 +
1732 ++ down_read(&crypto_alg_sem);
1733 + list_for_each_entry(alg, &crypto_alg_list, cra_list)
1734 + dump_alloc += CRYPTO_REPORT_MAXSIZE;
1735 +
1736 +@@ -508,8 +509,11 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1737 + .done = link->done,
1738 + .min_dump_alloc = dump_alloc,
1739 + };
1740 +- return netlink_dump_start(crypto_nlsk, skb, nlh, &c);
1741 ++ err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
1742 + }
1743 ++ up_read(&crypto_alg_sem);
1744 ++
1745 ++ return err;
1746 + }
1747 +
1748 + err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX,
1749 +diff --git a/crypto/shash.c b/crypto/shash.c
1750 +index ecb1e3d39bf0..359754591653 100644
1751 +--- a/crypto/shash.c
1752 ++++ b/crypto/shash.c
1753 +@@ -354,9 +354,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
1754 + crt->final = shash_async_final;
1755 + crt->finup = shash_async_finup;
1756 + crt->digest = shash_async_digest;
1757 ++ crt->setkey = shash_async_setkey;
1758 ++
1759 ++ crt->has_setkey = alg->setkey != shash_no_setkey;
1760 +
1761 +- if (alg->setkey)
1762 +- crt->setkey = shash_async_setkey;
1763 + if (alg->export)
1764 + crt->export = shash_async_export;
1765 + if (alg->import)
1766 +diff --git a/crypto/skcipher.c b/crypto/skcipher.c
1767 +index dd5fc1bf6447..bb7d44d2c843 100644
1768 +--- a/crypto/skcipher.c
1769 ++++ b/crypto/skcipher.c
1770 +@@ -118,6 +118,7 @@ int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm)
1771 + skcipher->decrypt = skcipher_decrypt_blkcipher;
1772 +
1773 + skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher);
1774 ++ skcipher->has_setkey = calg->cra_blkcipher.max_keysize;
1775 +
1776 + return 0;
1777 + }
1778 +@@ -210,6 +211,7 @@ int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
1779 + skcipher->ivsize = crypto_ablkcipher_ivsize(ablkcipher);
1780 + skcipher->reqsize = crypto_ablkcipher_reqsize(ablkcipher) +
1781 + sizeof(struct ablkcipher_request);
1782 ++ skcipher->has_setkey = calg->cra_ablkcipher.max_keysize;
1783 +
1784 + return 0;
1785 + }
1786 +diff --git a/crypto/testmgr.h b/crypto/testmgr.h
1787 +index 64b8a8082645..450f30e2c8e4 100644
1788 +--- a/crypto/testmgr.h
1789 ++++ b/crypto/testmgr.h
1790 +@@ -270,7 +270,7 @@ static struct akcipher_testvec rsa_tv_template[] = {
1791 + .c_size = 256,
1792 + }, {
1793 + .key =
1794 +- "\x30\x82\x01\x09" /* sequence of 265 bytes */
1795 ++ "\x30\x82\x01\x0C" /* sequence of 268 bytes */
1796 + "\x02\x82\x01\x00" /* modulus - integer of 256 bytes */
1797 + "\xDB\x10\x1A\xC2\xA3\xF1\xDC\xFF\x13\x6B\xED\x44\xDF\xF0\x02\x6D"
1798 + "\x13\xC7\x88\xDA\x70\x6B\x54\xF1\xE8\x27\xDC\xC3\x0F\x99\x6A\xFA"
1799 +@@ -288,8 +288,9 @@ static struct akcipher_testvec rsa_tv_template[] = {
1800 + "\x55\xE6\x29\x69\xD1\xC2\xE8\xB9\x78\x59\xF6\x79\x10\xC6\x4E\xEB"
1801 + "\x6A\x5E\xB9\x9A\xC7\xC4\x5B\x63\xDA\xA3\x3F\x5E\x92\x7A\x81\x5E"
1802 + "\xD6\xB0\xE2\x62\x8F\x74\x26\xC2\x0C\xD3\x9A\x17\x47\xE6\x8E\xAB"
1803 +- "\x02\x03\x01\x00\x01", /* public key - integer of 3 bytes */
1804 +- .key_len = 269,
1805 ++ "\x02\x03\x01\x00\x01" /* public key - integer of 3 bytes */
1806 ++ "\x02\x01\x00", /* private key - integer of 1 byte */
1807 ++ .key_len = 272,
1808 + .m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
1809 + .c =
1810 + "\xb2\x97\x76\xb4\xae\x3e\x38\x3c\x7e\x64\x1f\xcc\xa2\x7f\xf6\xbe"
1811 +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
1812 +index a46660204e3a..bbd472cadc98 100644
1813 +--- a/drivers/ata/ahci.c
1814 ++++ b/drivers/ata/ahci.c
1815 +@@ -264,6 +264,26 @@ static const struct pci_device_id ahci_pci_tbl[] = {
1816 + { PCI_VDEVICE(INTEL, 0x3b2b), board_ahci }, /* PCH RAID */
1817 + { PCI_VDEVICE(INTEL, 0x3b2c), board_ahci }, /* PCH RAID */
1818 + { PCI_VDEVICE(INTEL, 0x3b2f), board_ahci }, /* PCH AHCI */
1819 ++ { PCI_VDEVICE(INTEL, 0x19b0), board_ahci }, /* DNV AHCI */
1820 ++ { PCI_VDEVICE(INTEL, 0x19b1), board_ahci }, /* DNV AHCI */
1821 ++ { PCI_VDEVICE(INTEL, 0x19b2), board_ahci }, /* DNV AHCI */
1822 ++ { PCI_VDEVICE(INTEL, 0x19b3), board_ahci }, /* DNV AHCI */
1823 ++ { PCI_VDEVICE(INTEL, 0x19b4), board_ahci }, /* DNV AHCI */
1824 ++ { PCI_VDEVICE(INTEL, 0x19b5), board_ahci }, /* DNV AHCI */
1825 ++ { PCI_VDEVICE(INTEL, 0x19b6), board_ahci }, /* DNV AHCI */
1826 ++ { PCI_VDEVICE(INTEL, 0x19b7), board_ahci }, /* DNV AHCI */
1827 ++ { PCI_VDEVICE(INTEL, 0x19bE), board_ahci }, /* DNV AHCI */
1828 ++ { PCI_VDEVICE(INTEL, 0x19bF), board_ahci }, /* DNV AHCI */
1829 ++ { PCI_VDEVICE(INTEL, 0x19c0), board_ahci }, /* DNV AHCI */
1830 ++ { PCI_VDEVICE(INTEL, 0x19c1), board_ahci }, /* DNV AHCI */
1831 ++ { PCI_VDEVICE(INTEL, 0x19c2), board_ahci }, /* DNV AHCI */
1832 ++ { PCI_VDEVICE(INTEL, 0x19c3), board_ahci }, /* DNV AHCI */
1833 ++ { PCI_VDEVICE(INTEL, 0x19c4), board_ahci }, /* DNV AHCI */
1834 ++ { PCI_VDEVICE(INTEL, 0x19c5), board_ahci }, /* DNV AHCI */
1835 ++ { PCI_VDEVICE(INTEL, 0x19c6), board_ahci }, /* DNV AHCI */
1836 ++ { PCI_VDEVICE(INTEL, 0x19c7), board_ahci }, /* DNV AHCI */
1837 ++ { PCI_VDEVICE(INTEL, 0x19cE), board_ahci }, /* DNV AHCI */
1838 ++ { PCI_VDEVICE(INTEL, 0x19cF), board_ahci }, /* DNV AHCI */
1839 + { PCI_VDEVICE(INTEL, 0x1c02), board_ahci }, /* CPT AHCI */
1840 + { PCI_VDEVICE(INTEL, 0x1c03), board_ahci }, /* CPT AHCI */
1841 + { PCI_VDEVICE(INTEL, 0x1c04), board_ahci }, /* CPT RAID */
1842 +diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
1843 +index d256a66158be..317f85dfd39a 100644
1844 +--- a/drivers/ata/libahci.c
1845 ++++ b/drivers/ata/libahci.c
1846 +@@ -495,8 +495,8 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv)
1847 + }
1848 + }
1849 +
1850 +- /* fabricate port_map from cap.nr_ports */
1851 +- if (!port_map) {
1852 ++ /* fabricate port_map from cap.nr_ports for < AHCI 1.3 */
1853 ++ if (!port_map && vers < 0x10300) {
1854 + port_map = (1 << ahci_nr_ports(cap)) - 1;
1855 + dev_warn(dev, "forcing PORTS_IMPL to 0x%x\n", port_map);
1856 +
1857 +@@ -1266,6 +1266,15 @@ static int ahci_exec_polled_cmd(struct ata_port *ap, int pmp,
1858 + ata_tf_to_fis(tf, pmp, is_cmd, fis);
1859 + ahci_fill_cmd_slot(pp, 0, cmd_fis_len | flags | (pmp << 12));
1860 +
1861 ++ /* set port value for softreset of Port Multiplier */
1862 ++ if (pp->fbs_enabled && pp->fbs_last_dev != pmp) {
1863 ++ tmp = readl(port_mmio + PORT_FBS);
1864 ++ tmp &= ~(PORT_FBS_DEV_MASK | PORT_FBS_DEC);
1865 ++ tmp |= pmp << PORT_FBS_DEV_OFFSET;
1866 ++ writel(tmp, port_mmio + PORT_FBS);
1867 ++ pp->fbs_last_dev = pmp;
1868 ++ }
1869 ++
1870 + /* issue & wait */
1871 + writel(1, port_mmio + PORT_CMD_ISSUE);
1872 +
1873 +diff --git a/drivers/base/memory.c b/drivers/base/memory.c
1874 +index 2804aed3f416..25425d3f2575 100644
1875 +--- a/drivers/base/memory.c
1876 ++++ b/drivers/base/memory.c
1877 +@@ -303,6 +303,10 @@ static int memory_subsys_offline(struct device *dev)
1878 + if (mem->state == MEM_OFFLINE)
1879 + return 0;
1880 +
1881 ++ /* Can't offline block with non-present sections */
1882 ++ if (mem->section_count != sections_per_block)
1883 ++ return -EINVAL;
1884 ++
1885 + return memory_block_change_state(mem, MEM_OFFLINE, MEM_ONLINE);
1886 + }
1887 +
1888 +diff --git a/drivers/block/zram/zcomp.c b/drivers/block/zram/zcomp.c
1889 +index 5cb13ca3a3ac..c53617752b93 100644
1890 +--- a/drivers/block/zram/zcomp.c
1891 ++++ b/drivers/block/zram/zcomp.c
1892 +@@ -76,7 +76,7 @@ static void zcomp_strm_free(struct zcomp *comp, struct zcomp_strm *zstrm)
1893 + */
1894 + static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp)
1895 + {
1896 +- struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_KERNEL);
1897 ++ struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_NOIO);
1898 + if (!zstrm)
1899 + return NULL;
1900 +
1901 +@@ -85,7 +85,7 @@ static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp)
1902 + * allocate 2 pages. 1 for compressed data, plus 1 extra for the
1903 + * case when compressed size is larger than the original one
1904 + */
1905 +- zstrm->buffer = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 1);
1906 ++ zstrm->buffer = (void *)__get_free_pages(GFP_NOIO | __GFP_ZERO, 1);
1907 + if (!zstrm->private || !zstrm->buffer) {
1908 + zcomp_strm_free(comp, zstrm);
1909 + zstrm = NULL;
1910 +diff --git a/drivers/block/zram/zcomp_lz4.c b/drivers/block/zram/zcomp_lz4.c
1911 +index f2afb7e988c3..dd6083124276 100644
1912 +--- a/drivers/block/zram/zcomp_lz4.c
1913 ++++ b/drivers/block/zram/zcomp_lz4.c
1914 +@@ -10,17 +10,36 @@
1915 + #include <linux/kernel.h>
1916 + #include <linux/slab.h>
1917 + #include <linux/lz4.h>
1918 ++#include <linux/vmalloc.h>
1919 ++#include <linux/mm.h>
1920 +
1921 + #include "zcomp_lz4.h"
1922 +
1923 + static void *zcomp_lz4_create(void)
1924 + {
1925 +- return kzalloc(LZ4_MEM_COMPRESS, GFP_KERNEL);
1926 ++ void *ret;
1927 ++
1928 ++ /*
1929 ++ * This function can be called in swapout/fs write path
1930 ++ * so we can't use GFP_FS|IO. And it assumes we already
1931 ++ * have at least one stream in zram initialization so we
1932 ++ * don't do best effort to allocate more stream in here.
1933 ++ * A default stream will work well without further multiple
1934 ++ * streams. That's why we use NORETRY | NOWARN.
1935 ++ */
1936 ++ ret = kzalloc(LZ4_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY |
1937 ++ __GFP_NOWARN);
1938 ++ if (!ret)
1939 ++ ret = __vmalloc(LZ4_MEM_COMPRESS,
1940 ++ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN |
1941 ++ __GFP_ZERO | __GFP_HIGHMEM,
1942 ++ PAGE_KERNEL);
1943 ++ return ret;
1944 + }
1945 +
1946 + static void zcomp_lz4_destroy(void *private)
1947 + {
1948 +- kfree(private);
1949 ++ kvfree(private);
1950 + }
1951 +
1952 + static int zcomp_lz4_compress(const unsigned char *src, unsigned char *dst,
1953 +diff --git a/drivers/block/zram/zcomp_lzo.c b/drivers/block/zram/zcomp_lzo.c
1954 +index da1bc47d588e..edc549920fa0 100644
1955 +--- a/drivers/block/zram/zcomp_lzo.c
1956 ++++ b/drivers/block/zram/zcomp_lzo.c
1957 +@@ -10,17 +10,36 @@
1958 + #include <linux/kernel.h>
1959 + #include <linux/slab.h>
1960 + #include <linux/lzo.h>
1961 ++#include <linux/vmalloc.h>
1962 ++#include <linux/mm.h>
1963 +
1964 + #include "zcomp_lzo.h"
1965 +
1966 + static void *lzo_create(void)
1967 + {
1968 +- return kzalloc(LZO1X_MEM_COMPRESS, GFP_KERNEL);
1969 ++ void *ret;
1970 ++
1971 ++ /*
1972 ++ * This function can be called in swapout/fs write path
1973 ++ * so we can't use GFP_FS|IO. And it assumes we already
1974 ++ * have at least one stream in zram initialization so we
1975 ++ * don't do best effort to allocate more stream in here.
1976 ++ * A default stream will work well without further multiple
1977 ++ * streams. That's why we use NORETRY | NOWARN.
1978 ++ */
1979 ++ ret = kzalloc(LZO1X_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY |
1980 ++ __GFP_NOWARN);
1981 ++ if (!ret)
1982 ++ ret = __vmalloc(LZO1X_MEM_COMPRESS,
1983 ++ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN |
1984 ++ __GFP_ZERO | __GFP_HIGHMEM,
1985 ++ PAGE_KERNEL);
1986 ++ return ret;
1987 + }
1988 +
1989 + static void lzo_destroy(void *private)
1990 + {
1991 +- kfree(private);
1992 ++ kvfree(private);
1993 + }
1994 +
1995 + static int lzo_compress(const unsigned char *src, unsigned char *dst,
1996 +diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
1997 +index 9fa15bb9d118..8022c0a96b36 100644
1998 +--- a/drivers/block/zram/zram_drv.c
1999 ++++ b/drivers/block/zram/zram_drv.c
2000 +@@ -1324,7 +1324,6 @@ static int zram_remove(struct zram *zram)
2001 +
2002 + pr_info("Removed device: %s\n", zram->disk->disk_name);
2003 +
2004 +- idr_remove(&zram_index_idr, zram->disk->first_minor);
2005 + blk_cleanup_queue(zram->disk->queue);
2006 + del_gendisk(zram->disk);
2007 + put_disk(zram->disk);
2008 +@@ -1366,10 +1365,12 @@ static ssize_t hot_remove_store(struct class *class,
2009 + mutex_lock(&zram_index_mutex);
2010 +
2011 + zram = idr_find(&zram_index_idr, dev_id);
2012 +- if (zram)
2013 ++ if (zram) {
2014 + ret = zram_remove(zram);
2015 +- else
2016 ++ idr_remove(&zram_index_idr, dev_id);
2017 ++ } else {
2018 + ret = -ENODEV;
2019 ++ }
2020 +
2021 + mutex_unlock(&zram_index_mutex);
2022 + return ret ? ret : count;
2023 +diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
2024 +index 1082d4bb016a..0f8623d88b84 100644
2025 +--- a/drivers/char/tpm/tpm-chip.c
2026 ++++ b/drivers/char/tpm/tpm-chip.c
2027 +@@ -231,7 +231,7 @@ int tpm_chip_register(struct tpm_chip *chip)
2028 +
2029 + /* Make the chip available. */
2030 + spin_lock(&driver_lock);
2031 +- list_add_rcu(&chip->list, &tpm_chip_list);
2032 ++ list_add_tail_rcu(&chip->list, &tpm_chip_list);
2033 + spin_unlock(&driver_lock);
2034 +
2035 + chip->flags |= TPM_CHIP_FLAG_REGISTERED;
2036 +diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
2037 +index 2b971b3e5c1c..4bb9727c1047 100644
2038 +--- a/drivers/char/tpm/tpm_crb.c
2039 ++++ b/drivers/char/tpm/tpm_crb.c
2040 +@@ -68,7 +68,8 @@ struct crb_control_area {
2041 + u32 int_enable;
2042 + u32 int_sts;
2043 + u32 cmd_size;
2044 +- u64 cmd_pa;
2045 ++ u32 cmd_pa_low;
2046 ++ u32 cmd_pa_high;
2047 + u32 rsp_size;
2048 + u64 rsp_pa;
2049 + } __packed;
2050 +@@ -263,8 +264,8 @@ static int crb_acpi_add(struct acpi_device *device)
2051 + return -ENOMEM;
2052 + }
2053 +
2054 +- memcpy_fromio(&pa, &priv->cca->cmd_pa, 8);
2055 +- pa = le64_to_cpu(pa);
2056 ++ pa = ((u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_high)) << 32) |
2057 ++ (u64) le32_to_cpu(ioread32(&priv->cca->cmd_pa_low));
2058 + priv->cmd = devm_ioremap_nocache(dev, pa,
2059 + ioread32(&priv->cca->cmd_size));
2060 + if (!priv->cmd) {
2061 +diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
2062 +index 27ebf9511cb4..3e6a22658b63 100644
2063 +--- a/drivers/char/tpm/tpm_ibmvtpm.c
2064 ++++ b/drivers/char/tpm/tpm_ibmvtpm.c
2065 +@@ -491,7 +491,7 @@ static void ibmvtpm_crq_process(struct ibmvtpm_crq *crq,
2066 + }
2067 + ibmvtpm->rtce_size = be16_to_cpu(crq->len);
2068 + ibmvtpm->rtce_buf = kmalloc(ibmvtpm->rtce_size,
2069 +- GFP_KERNEL);
2070 ++ GFP_ATOMIC);
2071 + if (!ibmvtpm->rtce_buf) {
2072 + dev_err(ibmvtpm->dev, "Failed to allocate memory for rtce buffer\n");
2073 + return;
2074 +diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
2075 +index 696ef1d56b4f..19f9c7dc7bc0 100644
2076 +--- a/drivers/char/tpm/tpm_tis.c
2077 ++++ b/drivers/char/tpm/tpm_tis.c
2078 +@@ -805,6 +805,8 @@ static int tpm_tis_init(struct device *dev, struct tpm_info *tpm_info,
2079 + iowrite32(intmask,
2080 + chip->vendor.iobase +
2081 + TPM_INT_ENABLE(chip->vendor.locality));
2082 ++
2083 ++ devm_free_irq(dev, i, chip);
2084 + }
2085 + }
2086 + if (chip->vendor.irq) {
2087 +diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
2088 +index 94433b9fc200..3b70354b0d4b 100644
2089 +--- a/drivers/crypto/caam/caamhash.c
2090 ++++ b/drivers/crypto/caam/caamhash.c
2091 +@@ -829,7 +829,7 @@ static int ahash_update_ctx(struct ahash_request *req)
2092 + state->buf_dma = try_buf_map_to_sec4_sg(jrdev,
2093 + edesc->sec4_sg + 1,
2094 + buf, state->buf_dma,
2095 +- *next_buflen, *buflen);
2096 ++ *buflen, last_buflen);
2097 +
2098 + if (src_nents) {
2099 + src_map_to_sec4_sg(jrdev, req->src, src_nents,
2100 +diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
2101 +index 8abb4bc548cc..69d4a1326fee 100644
2102 +--- a/drivers/crypto/caam/ctrl.c
2103 ++++ b/drivers/crypto/caam/ctrl.c
2104 +@@ -534,8 +534,8 @@ static int caam_probe(struct platform_device *pdev)
2105 + * long pointers in master configuration register
2106 + */
2107 + clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK, MCFGR_AWCACHE_CACH |
2108 +- MCFGR_WDENABLE | (sizeof(dma_addr_t) == sizeof(u64) ?
2109 +- MCFGR_LONG_PTR : 0));
2110 ++ MCFGR_AWCACHE_BUFF | MCFGR_WDENABLE |
2111 ++ (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0));
2112 +
2113 + /*
2114 + * Read the Compile Time paramters and SCFGR to determine
2115 +diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c
2116 +index 0643e3366e33..c0656e7f37b5 100644
2117 +--- a/drivers/crypto/marvell/cesa.c
2118 ++++ b/drivers/crypto/marvell/cesa.c
2119 +@@ -306,7 +306,7 @@ static int mv_cesa_dev_dma_init(struct mv_cesa_dev *cesa)
2120 + return -ENOMEM;
2121 +
2122 + dma->padding_pool = dmam_pool_create("cesa_padding", dev, 72, 1, 0);
2123 +- if (!dma->cache_pool)
2124 ++ if (!dma->padding_pool)
2125 + return -ENOMEM;
2126 +
2127 + cesa->dma = dma;
2128 +diff --git a/drivers/crypto/nx/nx-aes-ccm.c b/drivers/crypto/nx/nx-aes-ccm.c
2129 +index 73ef49922788..7038f364acb5 100644
2130 +--- a/drivers/crypto/nx/nx-aes-ccm.c
2131 ++++ b/drivers/crypto/nx/nx-aes-ccm.c
2132 +@@ -409,7 +409,7 @@ static int ccm_nx_decrypt(struct aead_request *req,
2133 + processed += to_process;
2134 + } while (processed < nbytes);
2135 +
2136 +- rc = memcmp(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
2137 ++ rc = crypto_memneq(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
2138 + authsize) ? -EBADMSG : 0;
2139 + out:
2140 + spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
2141 +diff --git a/drivers/crypto/nx/nx-aes-gcm.c b/drivers/crypto/nx/nx-aes-gcm.c
2142 +index eee624f589b6..abd465f479c4 100644
2143 +--- a/drivers/crypto/nx/nx-aes-gcm.c
2144 ++++ b/drivers/crypto/nx/nx-aes-gcm.c
2145 +@@ -21,6 +21,7 @@
2146 +
2147 + #include <crypto/internal/aead.h>
2148 + #include <crypto/aes.h>
2149 ++#include <crypto/algapi.h>
2150 + #include <crypto/scatterwalk.h>
2151 + #include <linux/module.h>
2152 + #include <linux/types.h>
2153 +@@ -418,7 +419,7 @@ mac:
2154 + itag, req->src, req->assoclen + nbytes,
2155 + crypto_aead_authsize(crypto_aead_reqtfm(req)),
2156 + SCATTERWALK_FROM_SG);
2157 +- rc = memcmp(itag, otag,
2158 ++ rc = crypto_memneq(itag, otag,
2159 + crypto_aead_authsize(crypto_aead_reqtfm(req))) ?
2160 + -EBADMSG : 0;
2161 + }
2162 +diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
2163 +index cd8a12af8ec5..35bada05608a 100644
2164 +--- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
2165 ++++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
2166 +@@ -198,7 +198,7 @@ static int adf_copy_key_value_data(struct adf_accel_dev *accel_dev,
2167 + goto out_err;
2168 + }
2169 +
2170 +- params_head = section_head->params;
2171 ++ params_head = section.params;
2172 +
2173 + while (params_head) {
2174 + if (copy_from_user(&key_val, (void __user *)params_head,
2175 +diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-core.c b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
2176 +index eab6fe227fa0..107cd2a41cae 100644
2177 +--- a/drivers/crypto/sunxi-ss/sun4i-ss-core.c
2178 ++++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
2179 +@@ -39,6 +39,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
2180 + .import = sun4i_hash_import_md5,
2181 + .halg = {
2182 + .digestsize = MD5_DIGEST_SIZE,
2183 ++ .statesize = sizeof(struct md5_state),
2184 + .base = {
2185 + .cra_name = "md5",
2186 + .cra_driver_name = "md5-sun4i-ss",
2187 +@@ -66,6 +67,7 @@ static struct sun4i_ss_alg_template ss_algs[] = {
2188 + .import = sun4i_hash_import_sha1,
2189 + .halg = {
2190 + .digestsize = SHA1_DIGEST_SIZE,
2191 ++ .statesize = sizeof(struct sha1_state),
2192 + .base = {
2193 + .cra_name = "sha1",
2194 + .cra_driver_name = "sha1-sun4i-ss",
2195 +diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
2196 +index 3b20a1bce703..8b327d89a8fc 100644
2197 +--- a/drivers/crypto/talitos.c
2198 ++++ b/drivers/crypto/talitos.c
2199 +@@ -1015,7 +1015,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev,
2200 + } else
2201 + oicv = (char *)&edesc->link_tbl[0];
2202 +
2203 +- err = memcmp(oicv, icv, authsize) ? -EBADMSG : 0;
2204 ++ err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0;
2205 + }
2206 +
2207 + kfree(edesc);
2208 +diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
2209 +index 27a79c0c3888..d95eb8659d1b 100644
2210 +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
2211 ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
2212 +@@ -28,7 +28,7 @@
2213 + void
2214 + nvkm_pmu_pgob(struct nvkm_pmu *pmu, bool enable)
2215 + {
2216 +- if (pmu->func->pgob)
2217 ++ if (pmu && pmu->func->pgob)
2218 + pmu->func->pgob(pmu, enable);
2219 + }
2220 +
2221 +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
2222 +index 426b2f1a3450..33dfcea5fbc9 100644
2223 +--- a/drivers/hid/hid-multitouch.c
2224 ++++ b/drivers/hid/hid-multitouch.c
2225 +@@ -309,6 +309,41 @@ static struct attribute_group mt_attribute_group = {
2226 + .attrs = sysfs_attrs
2227 + };
2228 +
2229 ++static void mt_get_feature(struct hid_device *hdev, struct hid_report *report)
2230 ++{
2231 ++ struct mt_device *td = hid_get_drvdata(hdev);
2232 ++ int ret, size = hid_report_len(report);
2233 ++ u8 *buf;
2234 ++
2235 ++ /*
2236 ++ * Only fetch the feature report if initial reports are not already
2237 ++ * been retrieved. Currently this is only done for Windows 8 touch
2238 ++ * devices.
2239 ++ */
2240 ++ if (!(hdev->quirks & HID_QUIRK_NO_INIT_REPORTS))
2241 ++ return;
2242 ++ if (td->mtclass.name != MT_CLS_WIN_8)
2243 ++ return;
2244 ++
2245 ++ buf = hid_alloc_report_buf(report, GFP_KERNEL);
2246 ++ if (!buf)
2247 ++ return;
2248 ++
2249 ++ ret = hid_hw_raw_request(hdev, report->id, buf, size,
2250 ++ HID_FEATURE_REPORT, HID_REQ_GET_REPORT);
2251 ++ if (ret < 0) {
2252 ++ dev_warn(&hdev->dev, "failed to fetch feature %d\n",
2253 ++ report->id);
2254 ++ } else {
2255 ++ ret = hid_report_raw_event(hdev, HID_FEATURE_REPORT, buf,
2256 ++ size, 0);
2257 ++ if (ret)
2258 ++ dev_warn(&hdev->dev, "failed to report feature\n");
2259 ++ }
2260 ++
2261 ++ kfree(buf);
2262 ++}
2263 ++
2264 + static void mt_feature_mapping(struct hid_device *hdev,
2265 + struct hid_field *field, struct hid_usage *usage)
2266 + {
2267 +@@ -322,11 +357,24 @@ static void mt_feature_mapping(struct hid_device *hdev,
2268 + break;
2269 + }
2270 +
2271 +- td->inputmode = field->report->id;
2272 +- td->inputmode_index = usage->usage_index;
2273 ++ if (td->inputmode < 0) {
2274 ++ td->inputmode = field->report->id;
2275 ++ td->inputmode_index = usage->usage_index;
2276 ++ } else {
2277 ++ /*
2278 ++ * Some elan panels wrongly declare 2 input mode
2279 ++ * features, and silently ignore when we set the
2280 ++ * value in the second field. Skip the second feature
2281 ++ * and hope for the best.
2282 ++ */
2283 ++ dev_info(&hdev->dev,
2284 ++ "Ignoring the extra HID_DG_INPUTMODE\n");
2285 ++ }
2286 +
2287 + break;
2288 + case HID_DG_CONTACTMAX:
2289 ++ mt_get_feature(hdev, field->report);
2290 ++
2291 + td->maxcontact_report_id = field->report->id;
2292 + td->maxcontacts = field->value[0];
2293 + if (!td->maxcontacts &&
2294 +@@ -343,6 +391,7 @@ static void mt_feature_mapping(struct hid_device *hdev,
2295 + break;
2296 + }
2297 +
2298 ++ mt_get_feature(hdev, field->report);
2299 + if (field->value[usage->usage_index] == MT_BUTTONTYPE_CLICKPAD)
2300 + td->is_buttonpad = true;
2301 +
2302 +@@ -1026,8 +1075,13 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id)
2303 + * reports. Fortunately, the Win8 spec says that all touches
2304 + * should be sent during each report, making the initialization
2305 + * of input reports unnecessary.
2306 ++ *
2307 ++ * In addition some touchpads do not behave well if we read
2308 ++ * all feature reports from them. Instead we prevent
2309 ++ * initial report fetching and then selectively fetch each
2310 ++ * report we are interested in.
2311 + */
2312 +- hdev->quirks |= HID_QUIRK_NO_INIT_INPUT_REPORTS;
2313 ++ hdev->quirks |= HID_QUIRK_NO_INIT_REPORTS;
2314 +
2315 + td = devm_kzalloc(&hdev->dev, sizeof(struct mt_device), GFP_KERNEL);
2316 + if (!td) {
2317 +diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
2318 +index 36712e9f56c2..5dd426fee8cc 100644
2319 +--- a/drivers/hid/usbhid/hid-core.c
2320 ++++ b/drivers/hid/usbhid/hid-core.c
2321 +@@ -477,8 +477,6 @@ static void hid_ctrl(struct urb *urb)
2322 + struct usbhid_device *usbhid = hid->driver_data;
2323 + int unplug = 0, status = urb->status;
2324 +
2325 +- spin_lock(&usbhid->lock);
2326 +-
2327 + switch (status) {
2328 + case 0: /* success */
2329 + if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
2330 +@@ -498,6 +496,8 @@ static void hid_ctrl(struct urb *urb)
2331 + hid_warn(urb->dev, "ctrl urb status %d received\n", status);
2332 + }
2333 +
2334 ++ spin_lock(&usbhid->lock);
2335 ++
2336 + if (unplug) {
2337 + usbhid->ctrltail = usbhid->ctrlhead;
2338 + } else {
2339 +diff --git a/drivers/i2c/busses/i2c-at91.c b/drivers/i2c/busses/i2c-at91.c
2340 +index 1c758cd1e1ba..10835d1f559b 100644
2341 +--- a/drivers/i2c/busses/i2c-at91.c
2342 ++++ b/drivers/i2c/busses/i2c-at91.c
2343 +@@ -347,8 +347,14 @@ error:
2344 +
2345 + static void at91_twi_read_next_byte(struct at91_twi_dev *dev)
2346 + {
2347 +- if (!dev->buf_len)
2348 ++ /*
2349 ++ * If we are in this case, it means there is garbage data in RHR, so
2350 ++ * delete them.
2351 ++ */
2352 ++ if (!dev->buf_len) {
2353 ++ at91_twi_read(dev, AT91_TWI_RHR);
2354 + return;
2355 ++ }
2356 +
2357 + /* 8bit read works with and without FIFO */
2358 + *dev->buf = readb_relaxed(dev->base + AT91_TWI_RHR);
2359 +@@ -465,19 +471,73 @@ static irqreturn_t atmel_twi_interrupt(int irq, void *dev_id)
2360 +
2361 + if (!irqstatus)
2362 + return IRQ_NONE;
2363 +- else if (irqstatus & AT91_TWI_RXRDY)
2364 ++ /*
2365 ++ * In reception, the behavior of the twi device (before sama5d2) is
2366 ++ * weird. There is some magic about RXRDY flag! When a data has been
2367 ++ * almost received, the reception of a new one is anticipated if there
2368 ++ * is no stop command to send. That is the reason why ask for sending
2369 ++ * the stop command not on the last data but on the second last one.
2370 ++ *
2371 ++ * Unfortunately, we could still have the RXRDY flag set even if the
2372 ++ * transfer is done and we have read the last data. It might happen
2373 ++ * when the i2c slave device sends too quickly data after receiving the
2374 ++ * ack from the master. The data has been almost received before having
2375 ++ * the order to send stop. In this case, sending the stop command could
2376 ++ * cause a RXRDY interrupt with a TXCOMP one. It is better to manage
2377 ++ * the RXRDY interrupt first in order to not keep garbage data in the
2378 ++ * Receive Holding Register for the next transfer.
2379 ++ */
2380 ++ if (irqstatus & AT91_TWI_RXRDY)
2381 + at91_twi_read_next_byte(dev);
2382 +- else if (irqstatus & AT91_TWI_TXRDY)
2383 +- at91_twi_write_next_byte(dev);
2384 +-
2385 +- /* catch error flags */
2386 +- dev->transfer_status |= status;
2387 +
2388 ++ /*
2389 ++ * When a NACK condition is detected, the I2C controller sets the NACK,
2390 ++ * TXCOMP and TXRDY bits all together in the Status Register (SR).
2391 ++ *
2392 ++ * 1 - Handling NACK errors with CPU write transfer.
2393 ++ *
2394 ++ * In such case, we should not write the next byte into the Transmit
2395 ++ * Holding Register (THR) otherwise the I2C controller would start a new
2396 ++ * transfer and the I2C slave is likely to reply by another NACK.
2397 ++ *
2398 ++ * 2 - Handling NACK errors with DMA write transfer.
2399 ++ *
2400 ++ * By setting the TXRDY bit in the SR, the I2C controller also triggers
2401 ++ * the DMA controller to write the next data into the THR. Then the
2402 ++ * result depends on the hardware version of the I2C controller.
2403 ++ *
2404 ++ * 2a - Without support of the Alternative Command mode.
2405 ++ *
2406 ++ * This is the worst case: the DMA controller is triggered to write the
2407 ++ * next data into the THR, hence starting a new transfer: the I2C slave
2408 ++ * is likely to reply by another NACK.
2409 ++ * Concurrently, this interrupt handler is likely to be called to manage
2410 ++ * the first NACK before the I2C controller detects the second NACK and
2411 ++ * sets once again the NACK bit into the SR.
2412 ++ * When handling the first NACK, this interrupt handler disables the I2C
2413 ++ * controller interruptions, especially the NACK interrupt.
2414 ++ * Hence, the NACK bit is pending into the SR. This is why we should
2415 ++ * read the SR to clear all pending interrupts at the beginning of
2416 ++ * at91_do_twi_transfer() before actually starting a new transfer.
2417 ++ *
2418 ++ * 2b - With support of the Alternative Command mode.
2419 ++ *
2420 ++ * When a NACK condition is detected, the I2C controller also locks the
2421 ++ * THR (and sets the LOCK bit in the SR): even though the DMA controller
2422 ++ * is triggered by the TXRDY bit to write the next data into the THR,
2423 ++ * this data actually won't go on the I2C bus hence a second NACK is not
2424 ++ * generated.
2425 ++ */
2426 + if (irqstatus & (AT91_TWI_TXCOMP | AT91_TWI_NACK)) {
2427 + at91_disable_twi_interrupts(dev);
2428 + complete(&dev->cmd_complete);
2429 ++ } else if (irqstatus & AT91_TWI_TXRDY) {
2430 ++ at91_twi_write_next_byte(dev);
2431 + }
2432 +
2433 ++ /* catch error flags */
2434 ++ dev->transfer_status |= status;
2435 ++
2436 + return IRQ_HANDLED;
2437 + }
2438 +
2439 +@@ -537,6 +597,9 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
2440 + reinit_completion(&dev->cmd_complete);
2441 + dev->transfer_status = 0;
2442 +
2443 ++ /* Clear pending interrupts, such as NACK. */
2444 ++ at91_twi_read(dev, AT91_TWI_SR);
2445 ++
2446 + if (dev->fifo_size) {
2447 + unsigned fifo_mr = at91_twi_read(dev, AT91_TWI_FMR);
2448 +
2449 +@@ -558,11 +621,6 @@ static int at91_do_twi_transfer(struct at91_twi_dev *dev)
2450 + } else if (dev->msg->flags & I2C_M_RD) {
2451 + unsigned start_flags = AT91_TWI_START;
2452 +
2453 +- if (at91_twi_read(dev, AT91_TWI_SR) & AT91_TWI_RXRDY) {
2454 +- dev_err(dev->dev, "RXRDY still set!");
2455 +- at91_twi_read(dev, AT91_TWI_RHR);
2456 +- }
2457 +-
2458 + /* if only one byte is to be read, immediately stop transfer */
2459 + if (!has_alt_cmd && dev->buf_len <= 1 &&
2460 + !(dev->msg->flags & I2C_M_RECV_LEN))
2461 +diff --git a/drivers/i2c/busses/i2c-mv64xxx.c b/drivers/i2c/busses/i2c-mv64xxx.c
2462 +index 5801227b97ab..43207f52e5a3 100644
2463 +--- a/drivers/i2c/busses/i2c-mv64xxx.c
2464 ++++ b/drivers/i2c/busses/i2c-mv64xxx.c
2465 +@@ -146,6 +146,8 @@ struct mv64xxx_i2c_data {
2466 + bool errata_delay;
2467 + struct reset_control *rstc;
2468 + bool irq_clear_inverted;
2469 ++ /* Clk div is 2 to the power n, not 2 to the power n + 1 */
2470 ++ bool clk_n_base_0;
2471 + };
2472 +
2473 + static struct mv64xxx_i2c_regs mv64xxx_i2c_regs_mv64xxx = {
2474 +@@ -757,25 +759,29 @@ MODULE_DEVICE_TABLE(of, mv64xxx_i2c_of_match_table);
2475 + #ifdef CONFIG_OF
2476 + #ifdef CONFIG_HAVE_CLK
2477 + static int
2478 +-mv64xxx_calc_freq(const int tclk, const int n, const int m)
2479 ++mv64xxx_calc_freq(struct mv64xxx_i2c_data *drv_data,
2480 ++ const int tclk, const int n, const int m)
2481 + {
2482 +- return tclk / (10 * (m + 1) * (2 << n));
2483 ++ if (drv_data->clk_n_base_0)
2484 ++ return tclk / (10 * (m + 1) * (1 << n));
2485 ++ else
2486 ++ return tclk / (10 * (m + 1) * (2 << n));
2487 + }
2488 +
2489 + static bool
2490 +-mv64xxx_find_baud_factors(const u32 req_freq, const u32 tclk, u32 *best_n,
2491 +- u32 *best_m)
2492 ++mv64xxx_find_baud_factors(struct mv64xxx_i2c_data *drv_data,
2493 ++ const u32 req_freq, const u32 tclk)
2494 + {
2495 + int freq, delta, best_delta = INT_MAX;
2496 + int m, n;
2497 +
2498 + for (n = 0; n <= 7; n++)
2499 + for (m = 0; m <= 15; m++) {
2500 +- freq = mv64xxx_calc_freq(tclk, n, m);
2501 ++ freq = mv64xxx_calc_freq(drv_data, tclk, n, m);
2502 + delta = req_freq - freq;
2503 + if (delta >= 0 && delta < best_delta) {
2504 +- *best_m = m;
2505 +- *best_n = n;
2506 ++ drv_data->freq_m = m;
2507 ++ drv_data->freq_n = n;
2508 + best_delta = delta;
2509 + }
2510 + if (best_delta == 0)
2511 +@@ -813,8 +819,11 @@ mv64xxx_of_config(struct mv64xxx_i2c_data *drv_data,
2512 + if (of_property_read_u32(np, "clock-frequency", &bus_freq))
2513 + bus_freq = 100000; /* 100kHz by default */
2514 +
2515 +- if (!mv64xxx_find_baud_factors(bus_freq, tclk,
2516 +- &drv_data->freq_n, &drv_data->freq_m)) {
2517 ++ if (of_device_is_compatible(np, "allwinner,sun4i-a10-i2c") ||
2518 ++ of_device_is_compatible(np, "allwinner,sun6i-a31-i2c"))
2519 ++ drv_data->clk_n_base_0 = true;
2520 ++
2521 ++ if (!mv64xxx_find_baud_factors(drv_data, bus_freq, tclk)) {
2522 + rc = -EINVAL;
2523 + goto out;
2524 + }
2525 +diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
2526 +index d8b5a8fee1e6..3191dd9984dc 100644
2527 +--- a/drivers/i2c/busses/i2c-rcar.c
2528 ++++ b/drivers/i2c/busses/i2c-rcar.c
2529 +@@ -575,7 +575,7 @@ static int rcar_reg_slave(struct i2c_client *slave)
2530 + if (slave->flags & I2C_CLIENT_TEN)
2531 + return -EAFNOSUPPORT;
2532 +
2533 +- pm_runtime_forbid(rcar_i2c_priv_to_dev(priv));
2534 ++ pm_runtime_get_sync(rcar_i2c_priv_to_dev(priv));
2535 +
2536 + priv->slave = slave;
2537 + rcar_i2c_write(priv, ICSAR, slave->addr);
2538 +@@ -597,7 +597,7 @@ static int rcar_unreg_slave(struct i2c_client *slave)
2539 +
2540 + priv->slave = NULL;
2541 +
2542 +- pm_runtime_allow(rcar_i2c_priv_to_dev(priv));
2543 ++ pm_runtime_put(rcar_i2c_priv_to_dev(priv));
2544 +
2545 + return 0;
2546 + }
2547 +diff --git a/drivers/i2c/busses/i2c-rk3x.c b/drivers/i2c/busses/i2c-rk3x.c
2548 +index 72e97e306bd9..9c4efd308f10 100644
2549 +--- a/drivers/i2c/busses/i2c-rk3x.c
2550 ++++ b/drivers/i2c/busses/i2c-rk3x.c
2551 +@@ -907,7 +907,7 @@ static int rk3x_i2c_probe(struct platform_device *pdev)
2552 + &i2c->scl_fall_ns))
2553 + i2c->scl_fall_ns = 300;
2554 + if (of_property_read_u32(pdev->dev.of_node, "i2c-sda-falling-time-ns",
2555 +- &i2c->scl_fall_ns))
2556 ++ &i2c->sda_fall_ns))
2557 + i2c->sda_fall_ns = i2c->scl_fall_ns;
2558 +
2559 + strlcpy(i2c->adap.name, "rk3x-i2c", sizeof(i2c->adap.name));
2560 +diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
2561 +index a59c3111f7fb..a4347ba78a51 100644
2562 +--- a/drivers/i2c/i2c-core.c
2563 ++++ b/drivers/i2c/i2c-core.c
2564 +@@ -679,7 +679,7 @@ static int i2c_device_probe(struct device *dev)
2565 + if (wakeirq > 0 && wakeirq != client->irq)
2566 + status = dev_pm_set_dedicated_wake_irq(dev, wakeirq);
2567 + else if (client->irq > 0)
2568 +- status = dev_pm_set_wake_irq(dev, wakeirq);
2569 ++ status = dev_pm_set_wake_irq(dev, client->irq);
2570 + else
2571 + status = 0;
2572 +
2573 +diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
2574 +index 7df97777662d..dad768caa9c5 100644
2575 +--- a/drivers/iommu/io-pgtable-arm.c
2576 ++++ b/drivers/iommu/io-pgtable-arm.c
2577 +@@ -405,17 +405,18 @@ static void __arm_lpae_free_pgtable(struct arm_lpae_io_pgtable *data, int lvl,
2578 + arm_lpae_iopte *start, *end;
2579 + unsigned long table_size;
2580 +
2581 +- /* Only leaf entries at the last level */
2582 +- if (lvl == ARM_LPAE_MAX_LEVELS - 1)
2583 +- return;
2584 +-
2585 + if (lvl == ARM_LPAE_START_LVL(data))
2586 + table_size = data->pgd_size;
2587 + else
2588 + table_size = 1UL << data->pg_shift;
2589 +
2590 + start = ptep;
2591 +- end = (void *)ptep + table_size;
2592 ++
2593 ++ /* Only leaf entries at the last level */
2594 ++ if (lvl == ARM_LPAE_MAX_LEVELS - 1)
2595 ++ end = ptep;
2596 ++ else
2597 ++ end = (void *)ptep + table_size;
2598 +
2599 + while (ptep != end) {
2600 + arm_lpae_iopte pte = *ptep++;
2601 +diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
2602 +index 5a67671a3973..bdc96cd838b8 100644
2603 +--- a/drivers/md/dm-mpath.c
2604 ++++ b/drivers/md/dm-mpath.c
2605 +@@ -1569,11 +1569,8 @@ static int multipath_ioctl(struct dm_target *ti, unsigned int cmd,
2606 + /*
2607 + * Only pass ioctls through if the device sizes match exactly.
2608 + */
2609 +- if (!bdev || ti->len != i_size_read(bdev->bd_inode) >> SECTOR_SHIFT) {
2610 +- int err = scsi_verify_blk_ioctl(NULL, cmd);
2611 +- if (err)
2612 +- r = err;
2613 +- }
2614 ++ if (!r && ti->len != i_size_read(bdev->bd_inode) >> SECTOR_SHIFT)
2615 ++ r = scsi_verify_blk_ioctl(NULL, cmd);
2616 +
2617 + if (r == -ENOTCONN && !fatal_signal_pending(current)) {
2618 + spin_lock_irqsave(&m->lock, flags);
2619 +diff --git a/drivers/md/dm.c b/drivers/md/dm.c
2620 +index 1b5c6047e4f1..8af4750f20bf 100644
2621 +--- a/drivers/md/dm.c
2622 ++++ b/drivers/md/dm.c
2623 +@@ -2198,6 +2198,13 @@ static void dm_init_md_queue(struct mapped_device *md)
2624 + * This queue is new, so no concurrency on the queue_flags.
2625 + */
2626 + queue_flag_clear_unlocked(QUEUE_FLAG_STACKABLE, md->queue);
2627 ++
2628 ++ /*
2629 ++ * Initialize data that will only be used by a non-blk-mq DM queue
2630 ++ * - must do so here (in alloc_dev callchain) before queue is used
2631 ++ */
2632 ++ md->queue->queuedata = md;
2633 ++ md->queue->backing_dev_info.congested_data = md;
2634 + }
2635 +
2636 + static void dm_init_old_md_queue(struct mapped_device *md)
2637 +@@ -2208,10 +2215,7 @@ static void dm_init_old_md_queue(struct mapped_device *md)
2638 + /*
2639 + * Initialize aspects of queue that aren't relevant for blk-mq
2640 + */
2641 +- md->queue->queuedata = md;
2642 + md->queue->backing_dev_info.congested_fn = dm_any_congested;
2643 +- md->queue->backing_dev_info.congested_data = md;
2644 +-
2645 + blk_queue_bounce_limit(md->queue, BLK_BOUNCE_ANY);
2646 + }
2647 +
2648 +diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
2649 +index 0e09aef43998..88c287db3bde 100644
2650 +--- a/drivers/md/persistent-data/dm-btree.c
2651 ++++ b/drivers/md/persistent-data/dm-btree.c
2652 +@@ -471,8 +471,10 @@ static int btree_split_sibling(struct shadow_spine *s, unsigned parent_index,
2653 +
2654 + r = insert_at(sizeof(__le64), pn, parent_index + 1,
2655 + le64_to_cpu(rn->keys[0]), &location);
2656 +- if (r)
2657 ++ if (r) {
2658 ++ unlock_block(s->info, right);
2659 + return r;
2660 ++ }
2661 +
2662 + if (key < le64_to_cpu(rn->keys[0])) {
2663 + unlock_block(s->info, right);
2664 +diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
2665 +index 96f365968306..23bbe61f9ac0 100644
2666 +--- a/drivers/md/raid10.c
2667 ++++ b/drivers/md/raid10.c
2668 +@@ -1944,6 +1944,8 @@ static void sync_request_write(struct mddev *mddev, struct r10bio *r10_bio)
2669 +
2670 + first = i;
2671 + fbio = r10_bio->devs[i].bio;
2672 ++ fbio->bi_iter.bi_size = r10_bio->sectors << 9;
2673 ++ fbio->bi_iter.bi_idx = 0;
2674 +
2675 + vcnt = (r10_bio->sectors + (PAGE_SIZE >> 9) - 1) >> (PAGE_SHIFT - 9);
2676 + /* now find blocks with errors */
2677 +@@ -1987,7 +1989,7 @@ static void sync_request_write(struct mddev *mddev, struct r10bio *r10_bio)
2678 + bio_reset(tbio);
2679 +
2680 + tbio->bi_vcnt = vcnt;
2681 +- tbio->bi_iter.bi_size = r10_bio->sectors << 9;
2682 ++ tbio->bi_iter.bi_size = fbio->bi_iter.bi_size;
2683 + tbio->bi_rw = WRITE;
2684 + tbio->bi_private = r10_bio;
2685 + tbio->bi_iter.bi_sector = r10_bio->devs[i].addr;
2686 +diff --git a/drivers/media/i2c/ir-kbd-i2c.c b/drivers/media/i2c/ir-kbd-i2c.c
2687 +index 728d2cc8a3e7..175a76114953 100644
2688 +--- a/drivers/media/i2c/ir-kbd-i2c.c
2689 ++++ b/drivers/media/i2c/ir-kbd-i2c.c
2690 +@@ -478,7 +478,6 @@ static const struct i2c_device_id ir_kbd_id[] = {
2691 + { "ir_rx_z8f0811_hdpvr", 0 },
2692 + { }
2693 + };
2694 +-MODULE_DEVICE_TABLE(i2c, ir_kbd_id);
2695 +
2696 + static struct i2c_driver ir_kbd_driver = {
2697 + .driver = {
2698 +diff --git a/drivers/media/pci/ivtv/ivtv-driver.c b/drivers/media/pci/ivtv/ivtv-driver.c
2699 +index 8616fa8193bc..c2e60b4f292d 100644
2700 +--- a/drivers/media/pci/ivtv/ivtv-driver.c
2701 ++++ b/drivers/media/pci/ivtv/ivtv-driver.c
2702 +@@ -805,11 +805,11 @@ static void ivtv_init_struct2(struct ivtv *itv)
2703 + {
2704 + int i;
2705 +
2706 +- for (i = 0; i < IVTV_CARD_MAX_VIDEO_INPUTS - 1; i++)
2707 ++ for (i = 0; i < IVTV_CARD_MAX_VIDEO_INPUTS; i++)
2708 + if (itv->card->video_inputs[i].video_type == 0)
2709 + break;
2710 + itv->nof_inputs = i;
2711 +- for (i = 0; i < IVTV_CARD_MAX_AUDIO_INPUTS - 1; i++)
2712 ++ for (i = 0; i < IVTV_CARD_MAX_AUDIO_INPUTS; i++)
2713 + if (itv->card->audio_inputs[i].audio_type == 0)
2714 + break;
2715 + itv->nof_audio_inputs = i;
2716 +diff --git a/drivers/media/pci/saa7134/saa7134-alsa.c b/drivers/media/pci/saa7134/saa7134-alsa.c
2717 +index 1d2c310ce838..94f816244407 100644
2718 +--- a/drivers/media/pci/saa7134/saa7134-alsa.c
2719 ++++ b/drivers/media/pci/saa7134/saa7134-alsa.c
2720 +@@ -1211,6 +1211,8 @@ static int alsa_device_init(struct saa7134_dev *dev)
2721 +
2722 + static int alsa_device_exit(struct saa7134_dev *dev)
2723 + {
2724 ++ if (!snd_saa7134_cards[dev->nr])
2725 ++ return 1;
2726 +
2727 + snd_card_free(snd_saa7134_cards[dev->nr]);
2728 + snd_saa7134_cards[dev->nr] = NULL;
2729 +@@ -1260,7 +1262,8 @@ static void saa7134_alsa_exit(void)
2730 + int idx;
2731 +
2732 + for (idx = 0; idx < SNDRV_CARDS; idx++) {
2733 +- snd_card_free(snd_saa7134_cards[idx]);
2734 ++ if (snd_saa7134_cards[idx])
2735 ++ snd_card_free(snd_saa7134_cards[idx]);
2736 + }
2737 +
2738 + saa7134_dmasound_init = NULL;
2739 +diff --git a/drivers/media/platform/sti/c8sectpfe/Kconfig b/drivers/media/platform/sti/c8sectpfe/Kconfig
2740 +index 641ad8f34956..7420a50572d3 100644
2741 +--- a/drivers/media/platform/sti/c8sectpfe/Kconfig
2742 ++++ b/drivers/media/platform/sti/c8sectpfe/Kconfig
2743 +@@ -3,7 +3,6 @@ config DVB_C8SECTPFE
2744 + depends on PINCTRL && DVB_CORE && I2C
2745 + depends on ARCH_STI || ARCH_MULTIPLATFORM || COMPILE_TEST
2746 + select FW_LOADER
2747 +- select FW_LOADER_USER_HELPER_FALLBACK
2748 + select DEBUG_FS
2749 + select DVB_LNBP21 if MEDIA_SUBDRV_AUTOSELECT
2750 + select DVB_STV090x if MEDIA_SUBDRV_AUTOSELECT
2751 +diff --git a/drivers/media/platform/vivid/vivid-core.c b/drivers/media/platform/vivid/vivid-core.c
2752 +index a047b4716741..0f5e9143cc7e 100644
2753 +--- a/drivers/media/platform/vivid/vivid-core.c
2754 ++++ b/drivers/media/platform/vivid/vivid-core.c
2755 +@@ -1341,8 +1341,11 @@ static int vivid_remove(struct platform_device *pdev)
2756 + struct vivid_dev *dev;
2757 + unsigned i;
2758 +
2759 +- for (i = 0; vivid_devs[i]; i++) {
2760 ++
2761 ++ for (i = 0; i < n_devs; i++) {
2762 + dev = vivid_devs[i];
2763 ++ if (!dev)
2764 ++ continue;
2765 +
2766 + if (dev->has_vid_cap) {
2767 + v4l2_info(&dev->v4l2_dev, "unregistering %s\n",
2768 +diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
2769 +index af635430524e..788b31c91330 100644
2770 +--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
2771 ++++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
2772 +@@ -266,7 +266,7 @@ static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct v4l2_create_
2773 +
2774 + struct v4l2_standard32 {
2775 + __u32 index;
2776 +- __u32 id[2]; /* __u64 would get the alignment wrong */
2777 ++ compat_u64 id;
2778 + __u8 name[24];
2779 + struct v4l2_fract frameperiod; /* Frames, not fields */
2780 + __u32 framelines;
2781 +@@ -286,7 +286,7 @@ static int put_v4l2_standard32(struct v4l2_standard *kp, struct v4l2_standard32
2782 + {
2783 + if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_standard32)) ||
2784 + put_user(kp->index, &up->index) ||
2785 +- copy_to_user(up->id, &kp->id, sizeof(__u64)) ||
2786 ++ put_user(kp->id, &up->id) ||
2787 + copy_to_user(up->name, kp->name, 24) ||
2788 + copy_to_user(&up->frameperiod, &kp->frameperiod, sizeof(kp->frameperiod)) ||
2789 + put_user(kp->framelines, &up->framelines) ||
2790 +@@ -587,10 +587,10 @@ struct v4l2_input32 {
2791 + __u32 type; /* Type of input */
2792 + __u32 audioset; /* Associated audios (bitfield) */
2793 + __u32 tuner; /* Associated tuner */
2794 +- v4l2_std_id std;
2795 ++ compat_u64 std;
2796 + __u32 status;
2797 + __u32 reserved[4];
2798 +-} __attribute__ ((packed));
2799 ++};
2800 +
2801 + /* The 64-bit v4l2_input struct has extra padding at the end of the struct.
2802 + Otherwise it is identical to the 32-bit version. */
2803 +@@ -738,6 +738,7 @@ static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
2804 + struct v4l2_event32 {
2805 + __u32 type;
2806 + union {
2807 ++ compat_s64 value64;
2808 + __u8 data[64];
2809 + } u;
2810 + __u32 pending;
2811 +diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c
2812 +index b6b7dcc1b77d..e1e70b8694a8 100644
2813 +--- a/drivers/media/v4l2-core/v4l2-ctrls.c
2814 ++++ b/drivers/media/v4l2-core/v4l2-ctrls.c
2815 +@@ -2498,7 +2498,7 @@ int v4l2_query_ext_ctrl(struct v4l2_ctrl_handler *hdl, struct v4l2_query_ext_ctr
2816 + /* We found a control with the given ID, so just get
2817 + the next valid one in the list. */
2818 + list_for_each_entry_continue(ref, &hdl->ctrl_refs, node) {
2819 +- is_compound =
2820 ++ is_compound = ref->ctrl->is_array ||
2821 + ref->ctrl->type >= V4L2_CTRL_COMPOUND_TYPES;
2822 + if (id < ref->ctrl->id &&
2823 + (is_compound & mask) == match)
2824 +@@ -2512,7 +2512,7 @@ int v4l2_query_ext_ctrl(struct v4l2_ctrl_handler *hdl, struct v4l2_query_ext_ctr
2825 + is one, otherwise the first 'if' above would have
2826 + been true. */
2827 + list_for_each_entry(ref, &hdl->ctrl_refs, node) {
2828 +- is_compound =
2829 ++ is_compound = ref->ctrl->is_array ||
2830 + ref->ctrl->type >= V4L2_CTRL_COMPOUND_TYPES;
2831 + if (id < ref->ctrl->id &&
2832 + (is_compound & mask) == match)
2833 +@@ -2884,7 +2884,7 @@ static int get_ctrl(struct v4l2_ctrl *ctrl, struct v4l2_ext_control *c)
2834 + * cur_to_user() calls below would need to be modified not to access
2835 + * userspace memory when called from get_ctrl().
2836 + */
2837 +- if (!ctrl->is_int)
2838 ++ if (!ctrl->is_int && ctrl->type != V4L2_CTRL_TYPE_INTEGER64)
2839 + return -EINVAL;
2840 +
2841 + if (ctrl->flags & V4L2_CTRL_FLAG_WRITE_ONLY)
2842 +@@ -2942,9 +2942,9 @@ s64 v4l2_ctrl_g_ctrl_int64(struct v4l2_ctrl *ctrl)
2843 +
2844 + /* It's a driver bug if this happens. */
2845 + WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64);
2846 +- c.value = 0;
2847 ++ c.value64 = 0;
2848 + get_ctrl(ctrl, &c);
2849 +- return c.value;
2850 ++ return c.value64;
2851 + }
2852 + EXPORT_SYMBOL(v4l2_ctrl_g_ctrl_int64);
2853 +
2854 +@@ -3043,7 +3043,7 @@ static void update_from_auto_cluster(struct v4l2_ctrl *master)
2855 + {
2856 + int i;
2857 +
2858 +- for (i = 0; i < master->ncontrols; i++)
2859 ++ for (i = 1; i < master->ncontrols; i++)
2860 + cur_to_new(master->cluster[i]);
2861 + if (!call_op(master, g_volatile_ctrl))
2862 + for (i = 1; i < master->ncontrols; i++)
2863 +diff --git a/drivers/media/v4l2-core/videobuf2-dma-contig.c b/drivers/media/v4l2-core/videobuf2-dma-contig.c
2864 +index 2397ceb1dc6b..f42e66624734 100644
2865 +--- a/drivers/media/v4l2-core/videobuf2-dma-contig.c
2866 ++++ b/drivers/media/v4l2-core/videobuf2-dma-contig.c
2867 +@@ -100,7 +100,8 @@ static void vb2_dc_prepare(void *buf_priv)
2868 + if (!sgt || buf->db_attach)
2869 + return;
2870 +
2871 +- dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
2872 ++ dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->orig_nents,
2873 ++ buf->dma_dir);
2874 + }
2875 +
2876 + static void vb2_dc_finish(void *buf_priv)
2877 +@@ -112,7 +113,7 @@ static void vb2_dc_finish(void *buf_priv)
2878 + if (!sgt || buf->db_attach)
2879 + return;
2880 +
2881 +- dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
2882 ++ dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->orig_nents, buf->dma_dir);
2883 + }
2884 +
2885 + /*********************************************/
2886 +diff --git a/drivers/media/v4l2-core/videobuf2-dma-sg.c b/drivers/media/v4l2-core/videobuf2-dma-sg.c
2887 +index be7bd6535c9d..07bd2605c2b1 100644
2888 +--- a/drivers/media/v4l2-core/videobuf2-dma-sg.c
2889 ++++ b/drivers/media/v4l2-core/videobuf2-dma-sg.c
2890 +@@ -210,7 +210,8 @@ static void vb2_dma_sg_prepare(void *buf_priv)
2891 + if (buf->db_attach)
2892 + return;
2893 +
2894 +- dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
2895 ++ dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->orig_nents,
2896 ++ buf->dma_dir);
2897 + }
2898 +
2899 + static void vb2_dma_sg_finish(void *buf_priv)
2900 +@@ -222,7 +223,7 @@ static void vb2_dma_sg_finish(void *buf_priv)
2901 + if (buf->db_attach)
2902 + return;
2903 +
2904 +- dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir);
2905 ++ dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->orig_nents, buf->dma_dir);
2906 + }
2907 +
2908 + static void *vb2_dma_sg_get_userptr(void *alloc_ctx, unsigned long vaddr,
2909 +diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
2910 +index 44dc965a2f7c..e7a02ed9fba8 100644
2911 +--- a/drivers/mtd/mtd_blkdevs.c
2912 ++++ b/drivers/mtd/mtd_blkdevs.c
2913 +@@ -192,8 +192,8 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
2914 + if (!dev)
2915 + return -ERESTARTSYS; /* FIXME: busy loop! -arnd*/
2916 +
2917 +- mutex_lock(&dev->lock);
2918 + mutex_lock(&mtd_table_mutex);
2919 ++ mutex_lock(&dev->lock);
2920 +
2921 + if (dev->open)
2922 + goto unlock;
2923 +@@ -217,8 +217,8 @@ static int blktrans_open(struct block_device *bdev, fmode_t mode)
2924 +
2925 + unlock:
2926 + dev->open++;
2927 +- mutex_unlock(&mtd_table_mutex);
2928 + mutex_unlock(&dev->lock);
2929 ++ mutex_unlock(&mtd_table_mutex);
2930 + blktrans_dev_put(dev);
2931 + return ret;
2932 +
2933 +@@ -228,8 +228,8 @@ error_release:
2934 + error_put:
2935 + module_put(dev->tr->owner);
2936 + kref_put(&dev->ref, blktrans_dev_release);
2937 +- mutex_unlock(&mtd_table_mutex);
2938 + mutex_unlock(&dev->lock);
2939 ++ mutex_unlock(&mtd_table_mutex);
2940 + blktrans_dev_put(dev);
2941 + return ret;
2942 + }
2943 +@@ -241,8 +241,8 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
2944 + if (!dev)
2945 + return;
2946 +
2947 +- mutex_lock(&dev->lock);
2948 + mutex_lock(&mtd_table_mutex);
2949 ++ mutex_lock(&dev->lock);
2950 +
2951 + if (--dev->open)
2952 + goto unlock;
2953 +@@ -256,8 +256,8 @@ static void blktrans_release(struct gendisk *disk, fmode_t mode)
2954 + __put_mtd_device(dev->mtd);
2955 + }
2956 + unlock:
2957 +- mutex_unlock(&mtd_table_mutex);
2958 + mutex_unlock(&dev->lock);
2959 ++ mutex_unlock(&mtd_table_mutex);
2960 + blktrans_dev_put(dev);
2961 + }
2962 +
2963 +diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c
2964 +index cafdb8855a79..919a936abc42 100644
2965 +--- a/drivers/mtd/mtdpart.c
2966 ++++ b/drivers/mtd/mtdpart.c
2967 +@@ -664,8 +664,10 @@ int add_mtd_partitions(struct mtd_info *master,
2968 +
2969 + for (i = 0; i < nbparts; i++) {
2970 + slave = allocate_partition(master, parts + i, i, cur_offset);
2971 +- if (IS_ERR(slave))
2972 ++ if (IS_ERR(slave)) {
2973 ++ del_mtd_partitions(master);
2974 + return PTR_ERR(slave);
2975 ++ }
2976 +
2977 + mutex_lock(&mtd_partitions_mutex);
2978 + list_add(&slave->list, &mtd_partitions);
2979 +diff --git a/drivers/mtd/nand/jz4740_nand.c b/drivers/mtd/nand/jz4740_nand.c
2980 +index ebf2cce04cba..ca3270b1299c 100644
2981 +--- a/drivers/mtd/nand/jz4740_nand.c
2982 ++++ b/drivers/mtd/nand/jz4740_nand.c
2983 +@@ -25,6 +25,7 @@
2984 +
2985 + #include <linux/gpio.h>
2986 +
2987 ++#include <asm/mach-jz4740/gpio.h>
2988 + #include <asm/mach-jz4740/jz4740_nand.h>
2989 +
2990 + #define JZ_REG_NAND_CTRL 0x50
2991 +diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
2992 +index ceb68ca8277a..066f967e03b1 100644
2993 +--- a/drivers/mtd/nand/nand_base.c
2994 ++++ b/drivers/mtd/nand/nand_base.c
2995 +@@ -2964,7 +2964,7 @@ static void nand_resume(struct mtd_info *mtd)
2996 + */
2997 + static void nand_shutdown(struct mtd_info *mtd)
2998 + {
2999 +- nand_get_device(mtd, FL_SHUTDOWN);
3000 ++ nand_get_device(mtd, FL_PM_SUSPENDED);
3001 + }
3002 +
3003 + /* Set default functions */
3004 +diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
3005 +index eb4489f9082f..56065632a5b8 100644
3006 +--- a/drivers/mtd/ubi/wl.c
3007 ++++ b/drivers/mtd/ubi/wl.c
3008 +@@ -603,6 +603,7 @@ static int schedule_erase(struct ubi_device *ubi, struct ubi_wl_entry *e,
3009 + return 0;
3010 + }
3011 +
3012 ++static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk);
3013 + /**
3014 + * do_sync_erase - run the erase worker synchronously.
3015 + * @ubi: UBI device description object
3016 +@@ -615,20 +616,16 @@ static int schedule_erase(struct ubi_device *ubi, struct ubi_wl_entry *e,
3017 + static int do_sync_erase(struct ubi_device *ubi, struct ubi_wl_entry *e,
3018 + int vol_id, int lnum, int torture)
3019 + {
3020 +- struct ubi_work *wl_wrk;
3021 ++ struct ubi_work wl_wrk;
3022 +
3023 + dbg_wl("sync erase of PEB %i", e->pnum);
3024 +
3025 +- wl_wrk = kmalloc(sizeof(struct ubi_work), GFP_NOFS);
3026 +- if (!wl_wrk)
3027 +- return -ENOMEM;
3028 +-
3029 +- wl_wrk->e = e;
3030 +- wl_wrk->vol_id = vol_id;
3031 +- wl_wrk->lnum = lnum;
3032 +- wl_wrk->torture = torture;
3033 ++ wl_wrk.e = e;
3034 ++ wl_wrk.vol_id = vol_id;
3035 ++ wl_wrk.lnum = lnum;
3036 ++ wl_wrk.torture = torture;
3037 +
3038 +- return erase_worker(ubi, wl_wrk, 0);
3039 ++ return __erase_worker(ubi, &wl_wrk);
3040 + }
3041 +
3042 + /**
3043 +@@ -1014,7 +1011,7 @@ out_unlock:
3044 + }
3045 +
3046 + /**
3047 +- * erase_worker - physical eraseblock erase worker function.
3048 ++ * __erase_worker - physical eraseblock erase worker function.
3049 + * @ubi: UBI device description object
3050 + * @wl_wrk: the work object
3051 + * @shutdown: non-zero if the worker has to free memory and exit
3052 +@@ -1025,8 +1022,7 @@ out_unlock:
3053 + * needed. Returns zero in case of success and a negative error code in case of
3054 + * failure.
3055 + */
3056 +-static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
3057 +- int shutdown)
3058 ++static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk)
3059 + {
3060 + struct ubi_wl_entry *e = wl_wrk->e;
3061 + int pnum = e->pnum;
3062 +@@ -1034,21 +1030,11 @@ static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
3063 + int lnum = wl_wrk->lnum;
3064 + int err, available_consumed = 0;
3065 +
3066 +- if (shutdown) {
3067 +- dbg_wl("cancel erasure of PEB %d EC %d", pnum, e->ec);
3068 +- kfree(wl_wrk);
3069 +- wl_entry_destroy(ubi, e);
3070 +- return 0;
3071 +- }
3072 +-
3073 + dbg_wl("erase PEB %d EC %d LEB %d:%d",
3074 + pnum, e->ec, wl_wrk->vol_id, wl_wrk->lnum);
3075 +
3076 + err = sync_erase(ubi, e, wl_wrk->torture);
3077 + if (!err) {
3078 +- /* Fine, we've erased it successfully */
3079 +- kfree(wl_wrk);
3080 +-
3081 + spin_lock(&ubi->wl_lock);
3082 + wl_tree_add(e, &ubi->free);
3083 + ubi->free_count++;
3084 +@@ -1066,7 +1052,6 @@ static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
3085 + }
3086 +
3087 + ubi_err(ubi, "failed to erase PEB %d, error %d", pnum, err);
3088 +- kfree(wl_wrk);
3089 +
3090 + if (err == -EINTR || err == -ENOMEM || err == -EAGAIN ||
3091 + err == -EBUSY) {
3092 +@@ -1075,6 +1060,7 @@ static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
3093 + /* Re-schedule the LEB for erasure */
3094 + err1 = schedule_erase(ubi, e, vol_id, lnum, 0);
3095 + if (err1) {
3096 ++ wl_entry_destroy(ubi, e);
3097 + err = err1;
3098 + goto out_ro;
3099 + }
3100 +@@ -1150,6 +1136,25 @@ out_ro:
3101 + return err;
3102 + }
3103 +
3104 ++static int erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk,
3105 ++ int shutdown)
3106 ++{
3107 ++ int ret;
3108 ++
3109 ++ if (shutdown) {
3110 ++ struct ubi_wl_entry *e = wl_wrk->e;
3111 ++
3112 ++ dbg_wl("cancel erasure of PEB %d EC %d", e->pnum, e->ec);
3113 ++ kfree(wl_wrk);
3114 ++ wl_entry_destroy(ubi, e);
3115 ++ return 0;
3116 ++ }
3117 ++
3118 ++ ret = __erase_worker(ubi, wl_wrk);
3119 ++ kfree(wl_wrk);
3120 ++ return ret;
3121 ++}
3122 ++
3123 + /**
3124 + * ubi_wl_put_peb - return a PEB to the wear-leveling sub-system.
3125 + * @ubi: UBI device description object
3126 +diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
3127 +index 6e9418ed90c2..bbb789f8990b 100644
3128 +--- a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
3129 ++++ b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
3130 +@@ -2272,7 +2272,7 @@ void rtl8821ae_enable_interrupt(struct ieee80211_hw *hw)
3131 + struct rtl_priv *rtlpriv = rtl_priv(hw);
3132 + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
3133 +
3134 +- if (!rtlpci->int_clear)
3135 ++ if (rtlpci->int_clear)
3136 + rtl8821ae_clear_interrupt(hw);/*clear it here first*/
3137 +
3138 + rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF);
3139 +diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c
3140 +index 8ee141a55bc5..142bdff4ed60 100644
3141 +--- a/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c
3142 ++++ b/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c
3143 +@@ -448,7 +448,7 @@ MODULE_PARM_DESC(fwlps, "Set to 1 to use FW control power save (default 1)\n");
3144 + MODULE_PARM_DESC(msi, "Set to 1 to use MSI interrupts mode (default 1)\n");
3145 + MODULE_PARM_DESC(debug, "Set debug level (0-5) (default 0)");
3146 + MODULE_PARM_DESC(disable_watchdog, "Set to 1 to disable the watchdog (default 0)\n");
3147 +-MODULE_PARM_DESC(int_clear, "Set to 1 to disable interrupt clear before set (default 0)\n");
3148 ++MODULE_PARM_DESC(int_clear, "Set to 0 to disable interrupt clear before set (default 1)\n");
3149 +
3150 + static SIMPLE_DEV_PM_OPS(rtlwifi_pm_ops, rtl_pci_suspend, rtl_pci_resume);
3151 +
3152 +diff --git a/drivers/net/wireless/ti/wlcore/io.h b/drivers/net/wireless/ti/wlcore/io.h
3153 +index 0305729d0986..10cf3747694d 100644
3154 +--- a/drivers/net/wireless/ti/wlcore/io.h
3155 ++++ b/drivers/net/wireless/ti/wlcore/io.h
3156 +@@ -207,19 +207,23 @@ static inline int __must_check wlcore_write_reg(struct wl1271 *wl, int reg,
3157 +
3158 + static inline void wl1271_power_off(struct wl1271 *wl)
3159 + {
3160 +- int ret;
3161 ++ int ret = 0;
3162 +
3163 + if (!test_bit(WL1271_FLAG_GPIO_POWER, &wl->flags))
3164 + return;
3165 +
3166 +- ret = wl->if_ops->power(wl->dev, false);
3167 ++ if (wl->if_ops->power)
3168 ++ ret = wl->if_ops->power(wl->dev, false);
3169 + if (!ret)
3170 + clear_bit(WL1271_FLAG_GPIO_POWER, &wl->flags);
3171 + }
3172 +
3173 + static inline int wl1271_power_on(struct wl1271 *wl)
3174 + {
3175 +- int ret = wl->if_ops->power(wl->dev, true);
3176 ++ int ret = 0;
3177 ++
3178 ++ if (wl->if_ops->power)
3179 ++ ret = wl->if_ops->power(wl->dev, true);
3180 + if (ret == 0)
3181 + set_bit(WL1271_FLAG_GPIO_POWER, &wl->flags);
3182 +
3183 +diff --git a/drivers/net/wireless/ti/wlcore/spi.c b/drivers/net/wireless/ti/wlcore/spi.c
3184 +index f1ac2839d97c..720e4e4b5a3c 100644
3185 +--- a/drivers/net/wireless/ti/wlcore/spi.c
3186 ++++ b/drivers/net/wireless/ti/wlcore/spi.c
3187 +@@ -73,7 +73,10 @@
3188 + */
3189 + #define SPI_AGGR_BUFFER_SIZE (4 * PAGE_SIZE)
3190 +
3191 +-#define WSPI_MAX_NUM_OF_CHUNKS (SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE)
3192 ++/* Maximum number of SPI write chunks */
3193 ++#define WSPI_MAX_NUM_OF_CHUNKS \
3194 ++ ((SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE) + 1)
3195 ++
3196 +
3197 + struct wl12xx_spi_glue {
3198 + struct device *dev;
3199 +@@ -268,9 +271,10 @@ static int __must_check wl12xx_spi_raw_write(struct device *child, int addr,
3200 + void *buf, size_t len, bool fixed)
3201 + {
3202 + struct wl12xx_spi_glue *glue = dev_get_drvdata(child->parent);
3203 +- struct spi_transfer t[2 * (WSPI_MAX_NUM_OF_CHUNKS + 1)];
3204 ++ /* SPI write buffers - 2 for each chunk */
3205 ++ struct spi_transfer t[2 * WSPI_MAX_NUM_OF_CHUNKS];
3206 + struct spi_message m;
3207 +- u32 commands[WSPI_MAX_NUM_OF_CHUNKS];
3208 ++ u32 commands[WSPI_MAX_NUM_OF_CHUNKS]; /* 1 command per chunk */
3209 + u32 *cmd;
3210 + u32 chunk_len;
3211 + int i;
3212 +diff --git a/drivers/pci/bus.c b/drivers/pci/bus.c
3213 +index d3346d23963b..89b3befc7155 100644
3214 +--- a/drivers/pci/bus.c
3215 ++++ b/drivers/pci/bus.c
3216 +@@ -140,6 +140,8 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res,
3217 + type_mask |= IORESOURCE_TYPE_BITS;
3218 +
3219 + pci_bus_for_each_resource(bus, r, i) {
3220 ++ resource_size_t min_used = min;
3221 ++
3222 + if (!r)
3223 + continue;
3224 +
3225 +@@ -163,12 +165,12 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res,
3226 + * overrides "min".
3227 + */
3228 + if (avail.start)
3229 +- min = avail.start;
3230 ++ min_used = avail.start;
3231 +
3232 + max = avail.end;
3233 +
3234 + /* Ok, try it out.. */
3235 +- ret = allocate_resource(r, res, size, min, max,
3236 ++ ret = allocate_resource(r, res, size, min_used, max,
3237 + align, alignf, alignf_data);
3238 + if (ret == 0)
3239 + return 0;
3240 +diff --git a/drivers/pci/host/pci-dra7xx.c b/drivers/pci/host/pci-dra7xx.c
3241 +index 199e29a044cd..ee978705a6f5 100644
3242 +--- a/drivers/pci/host/pci-dra7xx.c
3243 ++++ b/drivers/pci/host/pci-dra7xx.c
3244 +@@ -295,7 +295,8 @@ static int __init dra7xx_add_pcie_port(struct dra7xx_pcie *dra7xx,
3245 + }
3246 +
3247 + ret = devm_request_irq(&pdev->dev, pp->irq,
3248 +- dra7xx_pcie_msi_irq_handler, IRQF_SHARED,
3249 ++ dra7xx_pcie_msi_irq_handler,
3250 ++ IRQF_SHARED | IRQF_NO_THREAD,
3251 + "dra7-pcie-msi", pp);
3252 + if (ret) {
3253 + dev_err(&pdev->dev, "failed to request irq\n");
3254 +diff --git a/drivers/pci/host/pci-exynos.c b/drivers/pci/host/pci-exynos.c
3255 +index f9f468d9a819..7b6be7791d33 100644
3256 +--- a/drivers/pci/host/pci-exynos.c
3257 ++++ b/drivers/pci/host/pci-exynos.c
3258 +@@ -523,7 +523,8 @@ static int __init exynos_add_pcie_port(struct pcie_port *pp,
3259 +
3260 + ret = devm_request_irq(&pdev->dev, pp->msi_irq,
3261 + exynos_pcie_msi_irq_handler,
3262 +- IRQF_SHARED, "exynos-pcie", pp);
3263 ++ IRQF_SHARED | IRQF_NO_THREAD,
3264 ++ "exynos-pcie", pp);
3265 + if (ret) {
3266 + dev_err(&pdev->dev, "failed to request msi irq\n");
3267 + return ret;
3268 +diff --git a/drivers/pci/host/pci-imx6.c b/drivers/pci/host/pci-imx6.c
3269 +index 8f3a9813c4e5..58713d57c426 100644
3270 +--- a/drivers/pci/host/pci-imx6.c
3271 ++++ b/drivers/pci/host/pci-imx6.c
3272 +@@ -536,7 +536,8 @@ static int __init imx6_add_pcie_port(struct pcie_port *pp,
3273 +
3274 + ret = devm_request_irq(&pdev->dev, pp->msi_irq,
3275 + imx6_pcie_msi_handler,
3276 +- IRQF_SHARED, "mx6-pcie-msi", pp);
3277 ++ IRQF_SHARED | IRQF_NO_THREAD,
3278 ++ "mx6-pcie-msi", pp);
3279 + if (ret) {
3280 + dev_err(&pdev->dev, "failed to request MSI irq\n");
3281 + return -ENODEV;
3282 +diff --git a/drivers/pci/host/pci-tegra.c b/drivers/pci/host/pci-tegra.c
3283 +index 81df0c1fe063..46d5e07dbdfe 100644
3284 +--- a/drivers/pci/host/pci-tegra.c
3285 ++++ b/drivers/pci/host/pci-tegra.c
3286 +@@ -1288,7 +1288,7 @@ static int tegra_pcie_enable_msi(struct tegra_pcie *pcie)
3287 +
3288 + msi->irq = err;
3289 +
3290 +- err = request_irq(msi->irq, tegra_pcie_msi_irq, 0,
3291 ++ err = request_irq(msi->irq, tegra_pcie_msi_irq, IRQF_NO_THREAD,
3292 + tegra_msi_irq_chip.name, pcie);
3293 + if (err < 0) {
3294 + dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
3295 +diff --git a/drivers/pci/host/pcie-rcar.c b/drivers/pci/host/pcie-rcar.c
3296 +index 7678fe0820d7..b86e42fcf19f 100644
3297 +--- a/drivers/pci/host/pcie-rcar.c
3298 ++++ b/drivers/pci/host/pcie-rcar.c
3299 +@@ -694,14 +694,16 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
3300 +
3301 + /* Two irqs are for MSI, but they are also used for non-MSI irqs */
3302 + err = devm_request_irq(&pdev->dev, msi->irq1, rcar_pcie_msi_irq,
3303 +- IRQF_SHARED, rcar_msi_irq_chip.name, pcie);
3304 ++ IRQF_SHARED | IRQF_NO_THREAD,
3305 ++ rcar_msi_irq_chip.name, pcie);
3306 + if (err < 0) {
3307 + dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
3308 + goto err;
3309 + }
3310 +
3311 + err = devm_request_irq(&pdev->dev, msi->irq2, rcar_pcie_msi_irq,
3312 +- IRQF_SHARED, rcar_msi_irq_chip.name, pcie);
3313 ++ IRQF_SHARED | IRQF_NO_THREAD,
3314 ++ rcar_msi_irq_chip.name, pcie);
3315 + if (err < 0) {
3316 + dev_err(&pdev->dev, "failed to request IRQ: %d\n", err);
3317 + goto err;
3318 +diff --git a/drivers/pci/host/pcie-spear13xx.c b/drivers/pci/host/pcie-spear13xx.c
3319 +index 98d2683181bc..4aca7167ed95 100644
3320 +--- a/drivers/pci/host/pcie-spear13xx.c
3321 ++++ b/drivers/pci/host/pcie-spear13xx.c
3322 +@@ -163,34 +163,36 @@ static int spear13xx_pcie_establish_link(struct pcie_port *pp)
3323 + * default value in capability register is 512 bytes. So force
3324 + * it to 128 here.
3325 + */
3326 +- dw_pcie_cfg_read(pp->dbi_base, exp_cap_off + PCI_EXP_DEVCTL, 4, &val);
3327 ++ dw_pcie_cfg_read(pp->dbi_base + exp_cap_off + PCI_EXP_DEVCTL,
3328 ++ 0, 2, &val);
3329 + val &= ~PCI_EXP_DEVCTL_READRQ;
3330 +- dw_pcie_cfg_write(pp->dbi_base, exp_cap_off + PCI_EXP_DEVCTL, 4, val);
3331 ++ dw_pcie_cfg_write(pp->dbi_base + exp_cap_off + PCI_EXP_DEVCTL,
3332 ++ 0, 2, val);
3333 +
3334 +- dw_pcie_cfg_write(pp->dbi_base, PCI_VENDOR_ID, 2, 0x104A);
3335 +- dw_pcie_cfg_write(pp->dbi_base, PCI_DEVICE_ID, 2, 0xCD80);
3336 ++ dw_pcie_cfg_write(pp->dbi_base + PCI_VENDOR_ID, 0, 2, 0x104A);
3337 ++ dw_pcie_cfg_write(pp->dbi_base + PCI_VENDOR_ID, 2, 2, 0xCD80);
3338 +
3339 + /*
3340 + * if is_gen1 is set then handle it, so that some buggy card
3341 + * also works
3342 + */
3343 + if (spear13xx_pcie->is_gen1) {
3344 +- dw_pcie_cfg_read(pp->dbi_base, exp_cap_off + PCI_EXP_LNKCAP, 4,
3345 +- &val);
3346 ++ dw_pcie_cfg_read(pp->dbi_base + exp_cap_off + PCI_EXP_LNKCAP,
3347 ++ 0, 4, &val);
3348 + if ((val & PCI_EXP_LNKCAP_SLS) != PCI_EXP_LNKCAP_SLS_2_5GB) {
3349 + val &= ~((u32)PCI_EXP_LNKCAP_SLS);
3350 + val |= PCI_EXP_LNKCAP_SLS_2_5GB;
3351 +- dw_pcie_cfg_write(pp->dbi_base, exp_cap_off +
3352 +- PCI_EXP_LNKCAP, 4, val);
3353 ++ dw_pcie_cfg_write(pp->dbi_base + exp_cap_off +
3354 ++ PCI_EXP_LNKCAP, 0, 4, val);
3355 + }
3356 +
3357 +- dw_pcie_cfg_read(pp->dbi_base, exp_cap_off + PCI_EXP_LNKCTL2, 4,
3358 +- &val);
3359 ++ dw_pcie_cfg_read(pp->dbi_base + exp_cap_off + PCI_EXP_LNKCTL2,
3360 ++ 0, 2, &val);
3361 + if ((val & PCI_EXP_LNKCAP_SLS) != PCI_EXP_LNKCAP_SLS_2_5GB) {
3362 + val &= ~((u32)PCI_EXP_LNKCAP_SLS);
3363 + val |= PCI_EXP_LNKCAP_SLS_2_5GB;
3364 +- dw_pcie_cfg_write(pp->dbi_base, exp_cap_off +
3365 +- PCI_EXP_LNKCTL2, 4, val);
3366 ++ dw_pcie_cfg_write(pp->dbi_base + exp_cap_off +
3367 ++ PCI_EXP_LNKCTL2, 0, 2, val);
3368 + }
3369 + }
3370 +
3371 +@@ -279,7 +281,8 @@ static int spear13xx_add_pcie_port(struct pcie_port *pp,
3372 + return -ENODEV;
3373 + }
3374 + ret = devm_request_irq(dev, pp->irq, spear13xx_pcie_irq_handler,
3375 +- IRQF_SHARED, "spear1340-pcie", pp);
3376 ++ IRQF_SHARED | IRQF_NO_THREAD,
3377 ++ "spear1340-pcie", pp);
3378 + if (ret) {
3379 + dev_err(dev, "failed to request irq %d\n", pp->irq);
3380 + return ret;
3381 +diff --git a/drivers/pci/host/pcie-xilinx.c b/drivers/pci/host/pcie-xilinx.c
3382 +index 3c7a0d580b1e..4cfa46360d12 100644
3383 +--- a/drivers/pci/host/pcie-xilinx.c
3384 ++++ b/drivers/pci/host/pcie-xilinx.c
3385 +@@ -781,7 +781,8 @@ static int xilinx_pcie_parse_dt(struct xilinx_pcie_port *port)
3386 +
3387 + port->irq = irq_of_parse_and_map(node, 0);
3388 + err = devm_request_irq(dev, port->irq, xilinx_pcie_intr_handler,
3389 +- IRQF_SHARED, "xilinx-pcie", port);
3390 ++ IRQF_SHARED | IRQF_NO_THREAD,
3391 ++ "xilinx-pcie", port);
3392 + if (err) {
3393 + dev_err(dev, "unable to request irq %d\n", port->irq);
3394 + return err;
3395 +diff --git a/drivers/pci/iov.c b/drivers/pci/iov.c
3396 +index ee0ebff103a4..1eadc74d88b4 100644
3397 +--- a/drivers/pci/iov.c
3398 ++++ b/drivers/pci/iov.c
3399 +@@ -54,24 +54,29 @@ static inline void pci_iov_set_numvfs(struct pci_dev *dev, int nr_virtfn)
3400 + * The PF consumes one bus number. NumVFs, First VF Offset, and VF Stride
3401 + * determine how many additional bus numbers will be consumed by VFs.
3402 + *
3403 +- * Iterate over all valid NumVFs and calculate the maximum number of bus
3404 +- * numbers that could ever be required.
3405 ++ * Iterate over all valid NumVFs, validate offset and stride, and calculate
3406 ++ * the maximum number of bus numbers that could ever be required.
3407 + */
3408 +-static inline u8 virtfn_max_buses(struct pci_dev *dev)
3409 ++static int compute_max_vf_buses(struct pci_dev *dev)
3410 + {
3411 + struct pci_sriov *iov = dev->sriov;
3412 +- int nr_virtfn;
3413 +- u8 max = 0;
3414 +- int busnr;
3415 ++ int nr_virtfn, busnr, rc = 0;
3416 +
3417 +- for (nr_virtfn = 1; nr_virtfn <= iov->total_VFs; nr_virtfn++) {
3418 ++ for (nr_virtfn = iov->total_VFs; nr_virtfn; nr_virtfn--) {
3419 + pci_iov_set_numvfs(dev, nr_virtfn);
3420 ++ if (!iov->offset || (nr_virtfn > 1 && !iov->stride)) {
3421 ++ rc = -EIO;
3422 ++ goto out;
3423 ++ }
3424 ++
3425 + busnr = pci_iov_virtfn_bus(dev, nr_virtfn - 1);
3426 +- if (busnr > max)
3427 +- max = busnr;
3428 ++ if (busnr > iov->max_VF_buses)
3429 ++ iov->max_VF_buses = busnr;
3430 + }
3431 +
3432 +- return max;
3433 ++out:
3434 ++ pci_iov_set_numvfs(dev, 0);
3435 ++ return rc;
3436 + }
3437 +
3438 + static struct pci_bus *virtfn_add_bus(struct pci_bus *bus, int busnr)
3439 +@@ -384,7 +389,7 @@ static int sriov_init(struct pci_dev *dev, int pos)
3440 + int rc;
3441 + int nres;
3442 + u32 pgsz;
3443 +- u16 ctrl, total, offset, stride;
3444 ++ u16 ctrl, total;
3445 + struct pci_sriov *iov;
3446 + struct resource *res;
3447 + struct pci_dev *pdev;
3448 +@@ -414,11 +419,6 @@ static int sriov_init(struct pci_dev *dev, int pos)
3449 +
3450 + found:
3451 + pci_write_config_word(dev, pos + PCI_SRIOV_CTRL, ctrl);
3452 +- pci_write_config_word(dev, pos + PCI_SRIOV_NUM_VF, 0);
3453 +- pci_read_config_word(dev, pos + PCI_SRIOV_VF_OFFSET, &offset);
3454 +- pci_read_config_word(dev, pos + PCI_SRIOV_VF_STRIDE, &stride);
3455 +- if (!offset || (total > 1 && !stride))
3456 +- return -EIO;
3457 +
3458 + pci_read_config_dword(dev, pos + PCI_SRIOV_SUP_PGSIZE, &pgsz);
3459 + i = PAGE_SHIFT > 12 ? PAGE_SHIFT - 12 : 0;
3460 +@@ -456,8 +456,6 @@ found:
3461 + iov->nres = nres;
3462 + iov->ctrl = ctrl;
3463 + iov->total_VFs = total;
3464 +- iov->offset = offset;
3465 +- iov->stride = stride;
3466 + iov->pgsz = pgsz;
3467 + iov->self = dev;
3468 + pci_read_config_dword(dev, pos + PCI_SRIOV_CAP, &iov->cap);
3469 +@@ -474,10 +472,15 @@ found:
3470 +
3471 + dev->sriov = iov;
3472 + dev->is_physfn = 1;
3473 +- iov->max_VF_buses = virtfn_max_buses(dev);
3474 ++ rc = compute_max_vf_buses(dev);
3475 ++ if (rc)
3476 ++ goto fail_max_buses;
3477 +
3478 + return 0;
3479 +
3480 ++fail_max_buses:
3481 ++ dev->sriov = NULL;
3482 ++ dev->is_physfn = 0;
3483 + failed:
3484 + for (i = 0; i < PCI_SRIOV_NUM_BARS; i++) {
3485 + res = &dev->resource[i + PCI_IOV_RESOURCES];
3486 +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
3487 +index 92618686604c..eead54cd01b2 100644
3488 +--- a/drivers/pci/pci-sysfs.c
3489 ++++ b/drivers/pci/pci-sysfs.c
3490 +@@ -216,7 +216,10 @@ static ssize_t numa_node_store(struct device *dev,
3491 + if (ret)
3492 + return ret;
3493 +
3494 +- if (node >= MAX_NUMNODES || !node_online(node))
3495 ++ if ((node < 0 && node != NUMA_NO_NODE) || node >= MAX_NUMNODES)
3496 ++ return -EINVAL;
3497 ++
3498 ++ if (node != NUMA_NO_NODE && !node_online(node))
3499 + return -EINVAL;
3500 +
3501 + add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK);
3502 +diff --git a/drivers/remoteproc/remoteproc_debugfs.c b/drivers/remoteproc/remoteproc_debugfs.c
3503 +index 9d30809bb407..916af5096f57 100644
3504 +--- a/drivers/remoteproc/remoteproc_debugfs.c
3505 ++++ b/drivers/remoteproc/remoteproc_debugfs.c
3506 +@@ -156,7 +156,7 @@ rproc_recovery_write(struct file *filp, const char __user *user_buf,
3507 + char buf[10];
3508 + int ret;
3509 +
3510 +- if (count > sizeof(buf))
3511 ++ if (count < 1 || count > sizeof(buf))
3512 + return count;
3513 +
3514 + ret = copy_from_user(buf, user_buf, count);
3515 +diff --git a/drivers/spi/spi-atmel.c b/drivers/spi/spi-atmel.c
3516 +index 63318e2afba1..3fff59ce065f 100644
3517 +--- a/drivers/spi/spi-atmel.c
3518 ++++ b/drivers/spi/spi-atmel.c
3519 +@@ -773,7 +773,8 @@ static int atmel_spi_next_xfer_dma_submit(struct spi_master *master,
3520 +
3521 + *plen = len;
3522 +
3523 +- if (atmel_spi_dma_slave_config(as, &slave_config, 8))
3524 ++ if (atmel_spi_dma_slave_config(as, &slave_config,
3525 ++ xfer->bits_per_word))
3526 + goto err_exit;
3527 +
3528 + /* Send both scatterlists */
3529 +diff --git a/drivers/spi/spi-omap2-mcspi.c b/drivers/spi/spi-omap2-mcspi.c
3530 +index 3d09e0b69b73..1f8903d356e5 100644
3531 +--- a/drivers/spi/spi-omap2-mcspi.c
3532 ++++ b/drivers/spi/spi-omap2-mcspi.c
3533 +@@ -1217,6 +1217,33 @@ out:
3534 + return status;
3535 + }
3536 +
3537 ++static int omap2_mcspi_prepare_message(struct spi_master *master,
3538 ++ struct spi_message *msg)
3539 ++{
3540 ++ struct omap2_mcspi *mcspi = spi_master_get_devdata(master);
3541 ++ struct omap2_mcspi_regs *ctx = &mcspi->ctx;
3542 ++ struct omap2_mcspi_cs *cs;
3543 ++
3544 ++ /* Only a single channel can have the FORCE bit enabled
3545 ++ * in its chconf0 register.
3546 ++ * Scan all channels and disable them except the current one.
3547 ++ * A FORCE can remain from a last transfer having cs_change enabled
3548 ++ */
3549 ++ list_for_each_entry(cs, &ctx->cs, node) {
3550 ++ if (msg->spi->controller_state == cs)
3551 ++ continue;
3552 ++
3553 ++ if ((cs->chconf0 & OMAP2_MCSPI_CHCONF_FORCE)) {
3554 ++ cs->chconf0 &= ~OMAP2_MCSPI_CHCONF_FORCE;
3555 ++ writel_relaxed(cs->chconf0,
3556 ++ cs->base + OMAP2_MCSPI_CHCONF0);
3557 ++ readl_relaxed(cs->base + OMAP2_MCSPI_CHCONF0);
3558 ++ }
3559 ++ }
3560 ++
3561 ++ return 0;
3562 ++}
3563 ++
3564 + static int omap2_mcspi_transfer_one(struct spi_master *master,
3565 + struct spi_device *spi, struct spi_transfer *t)
3566 + {
3567 +@@ -1344,6 +1371,7 @@ static int omap2_mcspi_probe(struct platform_device *pdev)
3568 + master->bits_per_word_mask = SPI_BPW_RANGE_MASK(4, 32);
3569 + master->setup = omap2_mcspi_setup;
3570 + master->auto_runtime_pm = true;
3571 ++ master->prepare_message = omap2_mcspi_prepare_message;
3572 + master->transfer_one = omap2_mcspi_transfer_one;
3573 + master->set_cs = omap2_mcspi_set_cs;
3574 + master->cleanup = omap2_mcspi_cleanup;
3575 +diff --git a/drivers/spi/spi-ti-qspi.c b/drivers/spi/spi-ti-qspi.c
3576 +index aa6d284131e0..81b84858cfee 100644
3577 +--- a/drivers/spi/spi-ti-qspi.c
3578 ++++ b/drivers/spi/spi-ti-qspi.c
3579 +@@ -410,11 +410,10 @@ static int ti_qspi_start_transfer_one(struct spi_master *master,
3580 +
3581 + mutex_unlock(&qspi->list_lock);
3582 +
3583 ++ ti_qspi_write(qspi, qspi->cmd | QSPI_INVAL, QSPI_SPI_CMD_REG);
3584 + m->status = status;
3585 + spi_finalize_current_message(master);
3586 +
3587 +- ti_qspi_write(qspi, qspi->cmd | QSPI_INVAL, QSPI_SPI_CMD_REG);
3588 +-
3589 + return status;
3590 + }
3591 +
3592 +diff --git a/drivers/spi/spi-xilinx.c b/drivers/spi/spi-xilinx.c
3593 +index a339c1e9997a..3009121173cd 100644
3594 +--- a/drivers/spi/spi-xilinx.c
3595 ++++ b/drivers/spi/spi-xilinx.c
3596 +@@ -270,6 +270,7 @@ static int xilinx_spi_txrx_bufs(struct spi_device *spi, struct spi_transfer *t)
3597 +
3598 + while (remaining_words) {
3599 + int n_words, tx_words, rx_words;
3600 ++ u32 sr;
3601 +
3602 + n_words = min(remaining_words, xspi->buffer_size);
3603 +
3604 +@@ -284,24 +285,33 @@ static int xilinx_spi_txrx_bufs(struct spi_device *spi, struct spi_transfer *t)
3605 + if (use_irq) {
3606 + xspi->write_fn(cr, xspi->regs + XSPI_CR_OFFSET);
3607 + wait_for_completion(&xspi->done);
3608 +- } else
3609 +- while (!(xspi->read_fn(xspi->regs + XSPI_SR_OFFSET) &
3610 +- XSPI_SR_TX_EMPTY_MASK))
3611 +- ;
3612 +-
3613 +- /* A transmit has just completed. Process received data and
3614 +- * check for more data to transmit. Always inhibit the
3615 +- * transmitter while the Isr refills the transmit register/FIFO,
3616 +- * or make sure it is stopped if we're done.
3617 +- */
3618 +- if (use_irq)
3619 ++ /* A transmit has just completed. Process received data
3620 ++ * and check for more data to transmit. Always inhibit
3621 ++ * the transmitter while the Isr refills the transmit
3622 ++ * register/FIFO, or make sure it is stopped if we're
3623 ++ * done.
3624 ++ */
3625 + xspi->write_fn(cr | XSPI_CR_TRANS_INHIBIT,
3626 +- xspi->regs + XSPI_CR_OFFSET);
3627 ++ xspi->regs + XSPI_CR_OFFSET);
3628 ++ sr = XSPI_SR_TX_EMPTY_MASK;
3629 ++ } else
3630 ++ sr = xspi->read_fn(xspi->regs + XSPI_SR_OFFSET);
3631 +
3632 + /* Read out all the data from the Rx FIFO */
3633 + rx_words = n_words;
3634 +- while (rx_words--)
3635 +- xilinx_spi_rx(xspi);
3636 ++ while (rx_words) {
3637 ++ if ((sr & XSPI_SR_TX_EMPTY_MASK) && (rx_words > 1)) {
3638 ++ xilinx_spi_rx(xspi);
3639 ++ rx_words--;
3640 ++ continue;
3641 ++ }
3642 ++
3643 ++ sr = xspi->read_fn(xspi->regs + XSPI_SR_OFFSET);
3644 ++ if (!(sr & XSPI_SR_RX_EMPTY_MASK)) {
3645 ++ xilinx_spi_rx(xspi);
3646 ++ rx_words--;
3647 ++ }
3648 ++ }
3649 +
3650 + remaining_words -= n_words;
3651 + }
3652 +diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
3653 +index a5f53de813d3..a83d9d07df58 100644
3654 +--- a/drivers/spi/spi.c
3655 ++++ b/drivers/spi/spi.c
3656 +@@ -1627,7 +1627,7 @@ struct spi_master *spi_alloc_master(struct device *dev, unsigned size)
3657 + master->bus_num = -1;
3658 + master->num_chipselect = 1;
3659 + master->dev.class = &spi_master_class;
3660 +- master->dev.parent = get_device(dev);
3661 ++ master->dev.parent = dev;
3662 + spi_master_set_devdata(master, &master[1]);
3663 +
3664 + return master;
3665 +diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
3666 +index a0285da0244c..1fc7a84a2ded 100644
3667 +--- a/drivers/tty/n_tty.c
3668 ++++ b/drivers/tty/n_tty.c
3669 +@@ -258,16 +258,13 @@ static void n_tty_check_throttle(struct tty_struct *tty)
3670 +
3671 + static void n_tty_check_unthrottle(struct tty_struct *tty)
3672 + {
3673 +- if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3674 +- tty->link->ldisc->ops->write_wakeup == n_tty_write_wakeup) {
3675 ++ if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
3676 + if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
3677 + return;
3678 + if (!tty->count)
3679 + return;
3680 + n_tty_kick_worker(tty);
3681 +- n_tty_write_wakeup(tty->link);
3682 +- if (waitqueue_active(&tty->link->write_wait))
3683 +- wake_up_interruptible_poll(&tty->link->write_wait, POLLOUT);
3684 ++ tty_wakeup(tty->link);
3685 + return;
3686 + }
3687 +
3688 +@@ -2058,13 +2055,13 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
3689 + size_t eol;
3690 + size_t tail;
3691 + int ret, found = 0;
3692 +- bool eof_push = 0;
3693 +
3694 + /* N.B. avoid overrun if nr == 0 */
3695 +- n = min(*nr, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
3696 +- if (!n)
3697 ++ if (!*nr)
3698 + return 0;
3699 +
3700 ++ n = min(*nr + 1, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
3701 ++
3702 + tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
3703 + size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
3704 +
3705 +@@ -2085,12 +2082,11 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
3706 + n = eol - tail;
3707 + if (n > N_TTY_BUF_SIZE)
3708 + n += N_TTY_BUF_SIZE;
3709 +- n += found;
3710 +- c = n;
3711 ++ c = n + found;
3712 +
3713 +- if (found && !ldata->push && read_buf(ldata, eol) == __DISABLED_CHAR) {
3714 +- n--;
3715 +- eof_push = !n && ldata->read_tail != ldata->line_start;
3716 ++ if (!found || read_buf(ldata, eol) != __DISABLED_CHAR) {
3717 ++ c = min(*nr, c);
3718 ++ n = c;
3719 + }
3720 +
3721 + n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu size:%zu more:%zu\n",
3722 +@@ -2120,7 +2116,7 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
3723 + ldata->push = 0;
3724 + tty_audit_push(tty);
3725 + }
3726 +- return eof_push ? -EAGAIN : 0;
3727 ++ return 0;
3728 + }
3729 +
3730 + extern ssize_t redirected_tty_write(struct file *, const char __user *,
3731 +@@ -2299,10 +2295,7 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
3732 +
3733 + if (ldata->icanon && !L_EXTPROC(tty)) {
3734 + retval = canon_copy_from_read_buf(tty, &b, &nr);
3735 +- if (retval == -EAGAIN) {
3736 +- retval = 0;
3737 +- continue;
3738 +- } else if (retval)
3739 ++ if (retval)
3740 + break;
3741 + } else {
3742 + int uncopied;
3743 +diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c
3744 +index a660ab181cca..bcf2de080471 100644
3745 +--- a/drivers/tty/tty_buffer.c
3746 ++++ b/drivers/tty/tty_buffer.c
3747 +@@ -450,7 +450,7 @@ receive_buf(struct tty_struct *tty, struct tty_buffer *head, int count)
3748 + count = disc->ops->receive_buf2(tty, p, f, count);
3749 + else {
3750 + count = min_t(int, count, tty->receive_room);
3751 +- if (count)
3752 ++ if (count && disc->ops->receive_buf)
3753 + disc->ops->receive_buf(tty, p, f, count);
3754 + }
3755 + return count;
3756 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
3757 +index f435977de740..ff7f15f0f1fb 100644
3758 +--- a/drivers/tty/tty_io.c
3759 ++++ b/drivers/tty/tty_io.c
3760 +@@ -1462,13 +1462,13 @@ static int tty_reopen(struct tty_struct *tty)
3761 + {
3762 + struct tty_driver *driver = tty->driver;
3763 +
3764 +- if (!tty->count)
3765 +- return -EIO;
3766 +-
3767 + if (driver->type == TTY_DRIVER_TYPE_PTY &&
3768 + driver->subtype == PTY_TYPE_MASTER)
3769 + return -EIO;
3770 +
3771 ++ if (!tty->count)
3772 ++ return -EAGAIN;
3773 ++
3774 + if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
3775 + return -EBUSY;
3776 +
3777 +@@ -2087,7 +2087,11 @@ retry_open:
3778 +
3779 + if (IS_ERR(tty)) {
3780 + retval = PTR_ERR(tty);
3781 +- goto err_file;
3782 ++ if (retval != -EAGAIN || signal_pending(current))
3783 ++ goto err_file;
3784 ++ tty_free_file(filp);
3785 ++ schedule();
3786 ++ goto retry_open;
3787 + }
3788 +
3789 + tty_add_file(tty, filp);
3790 +@@ -2654,6 +2658,28 @@ static int tiocsetd(struct tty_struct *tty, int __user *p)
3791 + }
3792 +
3793 + /**
3794 ++ * tiocgetd - get line discipline
3795 ++ * @tty: tty device
3796 ++ * @p: pointer to user data
3797 ++ *
3798 ++ * Retrieves the line discipline id directly from the ldisc.
3799 ++ *
3800 ++ * Locking: waits for ldisc reference (in case the line discipline
3801 ++ * is changing or the tty is being hungup)
3802 ++ */
3803 ++
3804 ++static int tiocgetd(struct tty_struct *tty, int __user *p)
3805 ++{
3806 ++ struct tty_ldisc *ld;
3807 ++ int ret;
3808 ++
3809 ++ ld = tty_ldisc_ref_wait(tty);
3810 ++ ret = put_user(ld->ops->num, p);
3811 ++ tty_ldisc_deref(ld);
3812 ++ return ret;
3813 ++}
3814 ++
3815 ++/**
3816 + * send_break - performed time break
3817 + * @tty: device to break on
3818 + * @duration: timeout in mS
3819 +@@ -2879,7 +2905,7 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3820 + case TIOCGSID:
3821 + return tiocgsid(tty, real_tty, p);
3822 + case TIOCGETD:
3823 +- return put_user(tty->ldisc->ops->num, (int __user *)p);
3824 ++ return tiocgetd(tty, p);
3825 + case TIOCSETD:
3826 + return tiocsetd(tty, p);
3827 + case TIOCVHANGUP:
3828 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
3829 +index 26ca4f910cb0..e4c70dce3e7c 100644
3830 +--- a/drivers/usb/class/cdc-acm.c
3831 ++++ b/drivers/usb/class/cdc-acm.c
3832 +@@ -428,7 +428,8 @@ static void acm_read_bulk_callback(struct urb *urb)
3833 + set_bit(rb->index, &acm->read_urbs_free);
3834 + dev_dbg(&acm->data->dev, "%s - non-zero urb status: %d\n",
3835 + __func__, status);
3836 +- return;
3837 ++ if ((status != -ENOENT) || (urb->actual_length == 0))
3838 ++ return;
3839 + }
3840 +
3841 + usb_mark_last_busy(acm->dev);
3842 +@@ -1404,6 +1405,8 @@ made_compressed_probe:
3843 + usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress),
3844 + NULL, acm->writesize, acm_write_bulk, snd);
3845 + snd->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
3846 ++ if (quirks & SEND_ZERO_PACKET)
3847 ++ snd->urb->transfer_flags |= URB_ZERO_PACKET;
3848 + snd->instance = acm;
3849 + }
3850 +
3851 +@@ -1861,6 +1864,10 @@ static const struct usb_device_id acm_ids[] = {
3852 + { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,
3853 + USB_CDC_ACM_PROTO_AT_CDMA) },
3854 +
3855 ++ { USB_DEVICE(0x1519, 0x0452), /* Intel 7260 modem */
3856 ++ .driver_info = SEND_ZERO_PACKET,
3857 ++ },
3858 ++
3859 + { }
3860 + };
3861 +
3862 +diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
3863 +index dd9af38e7cda..ccfaba9ab4e4 100644
3864 +--- a/drivers/usb/class/cdc-acm.h
3865 ++++ b/drivers/usb/class/cdc-acm.h
3866 +@@ -134,3 +134,4 @@ struct acm {
3867 + #define IGNORE_DEVICE BIT(5)
3868 + #define QUIRK_CONTROL_LINE_STATE BIT(6)
3869 + #define CLEAR_HALT_CONDITIONS BIT(7)
3870 ++#define SEND_ZERO_PACKET BIT(8)
3871 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
3872 +index 62084335a608..a2fef797d553 100644
3873 +--- a/drivers/usb/core/hub.c
3874 ++++ b/drivers/usb/core/hub.c
3875 +@@ -5377,7 +5377,6 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
3876 + }
3877 +
3878 + bos = udev->bos;
3879 +- udev->bos = NULL;
3880 +
3881 + for (i = 0; i < SET_CONFIG_TRIES; ++i) {
3882 +
3883 +@@ -5470,8 +5469,11 @@ done:
3884 + usb_set_usb2_hardware_lpm(udev, 1);
3885 + usb_unlocked_enable_lpm(udev);
3886 + usb_enable_ltm(udev);
3887 +- usb_release_bos_descriptor(udev);
3888 +- udev->bos = bos;
3889 ++ /* release the new BOS descriptor allocated by hub_port_init() */
3890 ++ if (udev->bos != bos) {
3891 ++ usb_release_bos_descriptor(udev);
3892 ++ udev->bos = bos;
3893 ++ }
3894 + return 0;
3895 +
3896 + re_enumerate:
3897 +diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
3898 +index 78241b5550df..1018f563465b 100644
3899 +--- a/drivers/usb/host/xhci-hub.c
3900 ++++ b/drivers/usb/host/xhci-hub.c
3901 +@@ -616,8 +616,30 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd,
3902 + if ((raw_port_status & PORT_RESET) ||
3903 + !(raw_port_status & PORT_PE))
3904 + return 0xffffffff;
3905 +- if (time_after_eq(jiffies,
3906 +- bus_state->resume_done[wIndex])) {
3907 ++ /* did port event handler already start resume timing? */
3908 ++ if (!bus_state->resume_done[wIndex]) {
3909 ++ /* If not, maybe we are in a host initated resume? */
3910 ++ if (test_bit(wIndex, &bus_state->resuming_ports)) {
3911 ++ /* Host initated resume doesn't time the resume
3912 ++ * signalling using resume_done[].
3913 ++ * It manually sets RESUME state, sleeps 20ms
3914 ++ * and sets U0 state. This should probably be
3915 ++ * changed, but not right now.
3916 ++ */
3917 ++ } else {
3918 ++ /* port resume was discovered now and here,
3919 ++ * start resume timing
3920 ++ */
3921 ++ unsigned long timeout = jiffies +
3922 ++ msecs_to_jiffies(USB_RESUME_TIMEOUT);
3923 ++
3924 ++ set_bit(wIndex, &bus_state->resuming_ports);
3925 ++ bus_state->resume_done[wIndex] = timeout;
3926 ++ mod_timer(&hcd->rh_timer, timeout);
3927 ++ }
3928 ++ /* Has resume been signalled for USB_RESUME_TIME yet? */
3929 ++ } else if (time_after_eq(jiffies,
3930 ++ bus_state->resume_done[wIndex])) {
3931 + int time_left;
3932 +
3933 + xhci_dbg(xhci, "Resume USB2 port %d\n",
3934 +@@ -658,13 +680,24 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd,
3935 + } else {
3936 + /*
3937 + * The resume has been signaling for less than
3938 +- * 20ms. Report the port status as SUSPEND,
3939 +- * let the usbcore check port status again
3940 +- * and clear resume signaling later.
3941 ++ * USB_RESUME_TIME. Report the port status as SUSPEND,
3942 ++ * let the usbcore check port status again and clear
3943 ++ * resume signaling later.
3944 + */
3945 + status |= USB_PORT_STAT_SUSPEND;
3946 + }
3947 + }
3948 ++ /*
3949 ++ * Clear stale usb2 resume signalling variables in case port changed
3950 ++ * state during resume signalling. For example on error
3951 ++ */
3952 ++ if ((bus_state->resume_done[wIndex] ||
3953 ++ test_bit(wIndex, &bus_state->resuming_ports)) &&
3954 ++ (raw_port_status & PORT_PLS_MASK) != XDEV_U3 &&
3955 ++ (raw_port_status & PORT_PLS_MASK) != XDEV_RESUME) {
3956 ++ bus_state->resume_done[wIndex] = 0;
3957 ++ clear_bit(wIndex, &bus_state->resuming_ports);
3958 ++ }
3959 + if ((raw_port_status & PORT_PLS_MASK) == XDEV_U0
3960 + && (raw_port_status & PORT_POWER)
3961 + && (bus_state->suspended_ports & (1 << wIndex))) {
3962 +@@ -995,6 +1028,7 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
3963 + if ((temp & PORT_PE) == 0)
3964 + goto error;
3965 +
3966 ++ set_bit(wIndex, &bus_state->resuming_ports);
3967 + xhci_set_link_state(xhci, port_array, wIndex,
3968 + XDEV_RESUME);
3969 + spin_unlock_irqrestore(&xhci->lock, flags);
3970 +@@ -1002,6 +1036,7 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
3971 + spin_lock_irqsave(&xhci->lock, flags);
3972 + xhci_set_link_state(xhci, port_array, wIndex,
3973 + XDEV_U0);
3974 ++ clear_bit(wIndex, &bus_state->resuming_ports);
3975 + }
3976 + bus_state->port_c_suspend |= 1 << wIndex;
3977 +
3978 +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
3979 +index c47d3e480586..a22c430faea7 100644
3980 +--- a/drivers/usb/host/xhci-pci.c
3981 ++++ b/drivers/usb/host/xhci-pci.c
3982 +@@ -28,7 +28,9 @@
3983 + #include "xhci.h"
3984 + #include "xhci-trace.h"
3985 +
3986 +-#define PORT2_SSIC_CONFIG_REG2 0x883c
3987 ++#define SSIC_PORT_NUM 2
3988 ++#define SSIC_PORT_CFG2 0x880c
3989 ++#define SSIC_PORT_CFG2_OFFSET 0x30
3990 + #define PROG_DONE (1 << 30)
3991 + #define SSIC_PORT_UNUSED (1 << 31)
3992 +
3993 +@@ -45,6 +47,7 @@
3994 + #define PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI 0x22b5
3995 + #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI 0xa12f
3996 + #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI 0x9d2f
3997 ++#define PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI 0x0aa8
3998 +
3999 + static const char hcd_name[] = "xhci_hcd";
4000 +
4001 +@@ -152,7 +155,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
4002 + if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
4003 + (pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI ||
4004 + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI ||
4005 +- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI)) {
4006 ++ pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI ||
4007 ++ pdev->device == PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI)) {
4008 + xhci->quirks |= XHCI_PME_STUCK_QUIRK;
4009 + }
4010 + if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
4011 +@@ -316,28 +320,36 @@ static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend)
4012 + struct pci_dev *pdev = to_pci_dev(hcd->self.controller);
4013 + u32 val;
4014 + void __iomem *reg;
4015 ++ int i;
4016 +
4017 + if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
4018 + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) {
4019 +
4020 +- reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2;
4021 +-
4022 +- /* Notify SSIC that SSIC profile programming is not done */
4023 +- val = readl(reg) & ~PROG_DONE;
4024 +- writel(val, reg);
4025 +-
4026 +- /* Mark SSIC port as unused(suspend) or used(resume) */
4027 +- val = readl(reg);
4028 +- if (suspend)
4029 +- val |= SSIC_PORT_UNUSED;
4030 +- else
4031 +- val &= ~SSIC_PORT_UNUSED;
4032 +- writel(val, reg);
4033 +-
4034 +- /* Notify SSIC that SSIC profile programming is done */
4035 +- val = readl(reg) | PROG_DONE;
4036 +- writel(val, reg);
4037 +- readl(reg);
4038 ++ for (i = 0; i < SSIC_PORT_NUM; i++) {
4039 ++ reg = (void __iomem *) xhci->cap_regs +
4040 ++ SSIC_PORT_CFG2 +
4041 ++ i * SSIC_PORT_CFG2_OFFSET;
4042 ++
4043 ++ /*
4044 ++ * Notify SSIC that SSIC profile programming
4045 ++ * is not done.
4046 ++ */
4047 ++ val = readl(reg) & ~PROG_DONE;
4048 ++ writel(val, reg);
4049 ++
4050 ++ /* Mark SSIC port as unused(suspend) or used(resume) */
4051 ++ val = readl(reg);
4052 ++ if (suspend)
4053 ++ val |= SSIC_PORT_UNUSED;
4054 ++ else
4055 ++ val &= ~SSIC_PORT_UNUSED;
4056 ++ writel(val, reg);
4057 ++
4058 ++ /* Notify SSIC that SSIC profile programming is done */
4059 ++ val = readl(reg) | PROG_DONE;
4060 ++ writel(val, reg);
4061 ++ readl(reg);
4062 ++ }
4063 + }
4064 +
4065 + reg = (void __iomem *) xhci->cap_regs + 0x80a4;
4066 +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
4067 +index fe9e2d3a223c..23c712ec7541 100644
4068 +--- a/drivers/usb/host/xhci-ring.c
4069 ++++ b/drivers/usb/host/xhci-ring.c
4070 +@@ -1583,7 +1583,8 @@ static void handle_port_status(struct xhci_hcd *xhci,
4071 + */
4072 + bogus_port_status = true;
4073 + goto cleanup;
4074 +- } else {
4075 ++ } else if (!test_bit(faked_port_index,
4076 ++ &bus_state->resuming_ports)) {
4077 + xhci_dbg(xhci, "resume HS port %d\n", port_id);
4078 + bus_state->resume_done[faked_port_index] = jiffies +
4079 + msecs_to_jiffies(USB_RESUME_TIMEOUT);
4080 +diff --git a/drivers/usb/phy/phy-msm-usb.c b/drivers/usb/phy/phy-msm-usb.c
4081 +index c58c3c0dbe35..260e510578e7 100644
4082 +--- a/drivers/usb/phy/phy-msm-usb.c
4083 ++++ b/drivers/usb/phy/phy-msm-usb.c
4084 +@@ -1599,6 +1599,8 @@ static int msm_otg_read_dt(struct platform_device *pdev, struct msm_otg *motg)
4085 + &motg->id.nb);
4086 + if (ret < 0) {
4087 + dev_err(&pdev->dev, "register ID notifier failed\n");
4088 ++ extcon_unregister_notifier(motg->vbus.extcon,
4089 ++ EXTCON_USB, &motg->vbus.nb);
4090 + return ret;
4091 + }
4092 +
4093 +@@ -1660,15 +1662,6 @@ static int msm_otg_probe(struct platform_device *pdev)
4094 + if (!motg)
4095 + return -ENOMEM;
4096 +
4097 +- pdata = dev_get_platdata(&pdev->dev);
4098 +- if (!pdata) {
4099 +- if (!np)
4100 +- return -ENXIO;
4101 +- ret = msm_otg_read_dt(pdev, motg);
4102 +- if (ret)
4103 +- return ret;
4104 +- }
4105 +-
4106 + motg->phy.otg = devm_kzalloc(&pdev->dev, sizeof(struct usb_otg),
4107 + GFP_KERNEL);
4108 + if (!motg->phy.otg)
4109 +@@ -1710,6 +1703,15 @@ static int msm_otg_probe(struct platform_device *pdev)
4110 + if (!motg->regs)
4111 + return -ENOMEM;
4112 +
4113 ++ pdata = dev_get_platdata(&pdev->dev);
4114 ++ if (!pdata) {
4115 ++ if (!np)
4116 ++ return -ENXIO;
4117 ++ ret = msm_otg_read_dt(pdev, motg);
4118 ++ if (ret)
4119 ++ return ret;
4120 ++ }
4121 ++
4122 + /*
4123 + * NOTE: The PHYs can be multiplexed between the chipidea controller
4124 + * and the dwc3 controller, using a single bit. It is important that
4125 +@@ -1717,8 +1719,10 @@ static int msm_otg_probe(struct platform_device *pdev)
4126 + */
4127 + if (motg->phy_number) {
4128 + phy_select = devm_ioremap_nocache(&pdev->dev, USB2_PHY_SEL, 4);
4129 +- if (!phy_select)
4130 +- return -ENOMEM;
4131 ++ if (!phy_select) {
4132 ++ ret = -ENOMEM;
4133 ++ goto unregister_extcon;
4134 ++ }
4135 + /* Enable second PHY with the OTG port */
4136 + writel(0x1, phy_select);
4137 + }
4138 +@@ -1728,7 +1732,8 @@ static int msm_otg_probe(struct platform_device *pdev)
4139 + motg->irq = platform_get_irq(pdev, 0);
4140 + if (motg->irq < 0) {
4141 + dev_err(&pdev->dev, "platform_get_irq failed\n");
4142 +- return motg->irq;
4143 ++ ret = motg->irq;
4144 ++ goto unregister_extcon;
4145 + }
4146 +
4147 + regs[0].supply = "vddcx";
4148 +@@ -1737,7 +1742,7 @@ static int msm_otg_probe(struct platform_device *pdev)
4149 +
4150 + ret = devm_regulator_bulk_get(motg->phy.dev, ARRAY_SIZE(regs), regs);
4151 + if (ret)
4152 +- return ret;
4153 ++ goto unregister_extcon;
4154 +
4155 + motg->vddcx = regs[0].consumer;
4156 + motg->v3p3 = regs[1].consumer;
4157 +@@ -1834,6 +1839,12 @@ disable_clks:
4158 + clk_disable_unprepare(motg->clk);
4159 + if (!IS_ERR(motg->core_clk))
4160 + clk_disable_unprepare(motg->core_clk);
4161 ++unregister_extcon:
4162 ++ extcon_unregister_notifier(motg->id.extcon,
4163 ++ EXTCON_USB_HOST, &motg->id.nb);
4164 ++ extcon_unregister_notifier(motg->vbus.extcon,
4165 ++ EXTCON_USB, &motg->vbus.nb);
4166 ++
4167 + return ret;
4168 + }
4169 +
4170 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
4171 +index 59b2126b21a3..1dd9919081f8 100644
4172 +--- a/drivers/usb/serial/cp210x.c
4173 ++++ b/drivers/usb/serial/cp210x.c
4174 +@@ -98,6 +98,7 @@ static const struct usb_device_id id_table[] = {
4175 + { USB_DEVICE(0x10C4, 0x81AC) }, /* MSD Dash Hawk */
4176 + { USB_DEVICE(0x10C4, 0x81AD) }, /* INSYS USB Modem */
4177 + { USB_DEVICE(0x10C4, 0x81C8) }, /* Lipowsky Industrie Elektronik GmbH, Baby-JTAG */
4178 ++ { USB_DEVICE(0x10C4, 0x81D7) }, /* IAI Corp. RCB-CV-USB USB to RS485 Adaptor */
4179 + { USB_DEVICE(0x10C4, 0x81E2) }, /* Lipowsky Industrie Elektronik GmbH, Baby-LIN */
4180 + { USB_DEVICE(0x10C4, 0x81E7) }, /* Aerocomm Radio */
4181 + { USB_DEVICE(0x10C4, 0x81E8) }, /* Zephyr Bioharness */
4182 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
4183 +index a5a0376bbd48..8c660ae401d8 100644
4184 +--- a/drivers/usb/serial/ftdi_sio.c
4185 ++++ b/drivers/usb/serial/ftdi_sio.c
4186 +@@ -824,6 +824,7 @@ static const struct usb_device_id id_table_combined[] = {
4187 + { USB_DEVICE(FTDI_VID, FTDI_TURTELIZER_PID),
4188 + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
4189 + { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) },
4190 ++ { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_SCU18) },
4191 + { USB_DEVICE(FTDI_VID, FTDI_REU_TINY_PID) },
4192 +
4193 + /* Papouch devices based on FTDI chip */
4194 +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
4195 +index 67c6d4469730..a84df2513994 100644
4196 +--- a/drivers/usb/serial/ftdi_sio_ids.h
4197 ++++ b/drivers/usb/serial/ftdi_sio_ids.h
4198 +@@ -615,6 +615,7 @@
4199 + */
4200 + #define RATOC_VENDOR_ID 0x0584
4201 + #define RATOC_PRODUCT_ID_USB60F 0xb020
4202 ++#define RATOC_PRODUCT_ID_SCU18 0xb03a
4203 +
4204 + /*
4205 + * Infineon Technologies
4206 +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
4207 +index e945b5195258..35622fba4305 100644
4208 +--- a/drivers/usb/serial/option.c
4209 ++++ b/drivers/usb/serial/option.c
4210 +@@ -271,6 +271,8 @@ static void option_instat_callback(struct urb *urb);
4211 + #define TELIT_PRODUCT_CC864_SINGLE 0x1006
4212 + #define TELIT_PRODUCT_DE910_DUAL 0x1010
4213 + #define TELIT_PRODUCT_UE910_V2 0x1012
4214 ++#define TELIT_PRODUCT_LE922_USBCFG0 0x1042
4215 ++#define TELIT_PRODUCT_LE922_USBCFG3 0x1043
4216 + #define TELIT_PRODUCT_LE920 0x1200
4217 + #define TELIT_PRODUCT_LE910 0x1201
4218 +
4219 +@@ -623,6 +625,16 @@ static const struct option_blacklist_info sierra_mc73xx_blacklist = {
4220 + .reserved = BIT(8) | BIT(10) | BIT(11),
4221 + };
4222 +
4223 ++static const struct option_blacklist_info telit_le922_blacklist_usbcfg0 = {
4224 ++ .sendsetup = BIT(2),
4225 ++ .reserved = BIT(0) | BIT(1) | BIT(3),
4226 ++};
4227 ++
4228 ++static const struct option_blacklist_info telit_le922_blacklist_usbcfg3 = {
4229 ++ .sendsetup = BIT(0),
4230 ++ .reserved = BIT(1) | BIT(2) | BIT(3),
4231 ++};
4232 ++
4233 + static const struct usb_device_id option_ids[] = {
4234 + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) },
4235 + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) },
4236 +@@ -1172,6 +1184,10 @@ static const struct usb_device_id option_ids[] = {
4237 + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) },
4238 + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) },
4239 + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_UE910_V2) },
4240 ++ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0),
4241 ++ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
4242 ++ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG3),
4243 ++ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
4244 + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
4245 + .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
4246 + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
4247 +@@ -1691,7 +1707,7 @@ static const struct usb_device_id option_ids[] = {
4248 + { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_EU3_P) },
4249 + { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PH8),
4250 + .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
4251 +- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX) },
4252 ++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX, 0xff) },
4253 + { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PLXX),
4254 + .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
4255 + { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) },
4256 +diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c
4257 +index 60afb39eb73c..337a0be89fcf 100644
4258 +--- a/drivers/usb/serial/visor.c
4259 ++++ b/drivers/usb/serial/visor.c
4260 +@@ -544,6 +544,11 @@ static int treo_attach(struct usb_serial *serial)
4261 + (serial->num_interrupt_in == 0))
4262 + return 0;
4263 +
4264 ++ if (serial->num_bulk_in < 2 || serial->num_interrupt_in < 2) {
4265 ++ dev_err(&serial->interface->dev, "missing endpoints\n");
4266 ++ return -ENODEV;
4267 ++ }
4268 ++
4269 + /*
4270 + * It appears that Treos and Kyoceras want to use the
4271 + * 1st bulk in endpoint to communicate with the 2nd bulk out endpoint,
4272 +@@ -597,8 +602,10 @@ static int clie_5_attach(struct usb_serial *serial)
4273 + */
4274 +
4275 + /* some sanity check */
4276 +- if (serial->num_ports < 2)
4277 +- return -1;
4278 ++ if (serial->num_bulk_out < 2) {
4279 ++ dev_err(&serial->interface->dev, "missing bulk out endpoints\n");
4280 ++ return -ENODEV;
4281 ++ }
4282 +
4283 + /* port 0 now uses the modified endpoint Address */
4284 + port = serial->port[0];
4285 +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
4286 +index 6b659967898e..e6572a665b2e 100644
4287 +--- a/fs/binfmt_elf.c
4288 ++++ b/fs/binfmt_elf.c
4289 +@@ -759,16 +759,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
4290 + */
4291 + would_dump(bprm, interpreter);
4292 +
4293 +- retval = kernel_read(interpreter, 0, bprm->buf,
4294 +- BINPRM_BUF_SIZE);
4295 +- if (retval != BINPRM_BUF_SIZE) {
4296 ++ /* Get the exec headers */
4297 ++ retval = kernel_read(interpreter, 0,
4298 ++ (void *)&loc->interp_elf_ex,
4299 ++ sizeof(loc->interp_elf_ex));
4300 ++ if (retval != sizeof(loc->interp_elf_ex)) {
4301 + if (retval >= 0)
4302 + retval = -EIO;
4303 + goto out_free_dentry;
4304 + }
4305 +
4306 +- /* Get the exec headers */
4307 +- loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
4308 + break;
4309 + }
4310 + elf_ppnt++;
4311 +diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
4312 +index 3cbb0e834694..3ce646792c7e 100644
4313 +--- a/fs/cachefiles/rdwr.c
4314 ++++ b/fs/cachefiles/rdwr.c
4315 +@@ -885,7 +885,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
4316 + loff_t pos, eof;
4317 + size_t len;
4318 + void *data;
4319 +- int ret;
4320 ++ int ret = -ENOBUFS;
4321 +
4322 + ASSERT(op != NULL);
4323 + ASSERT(page != NULL);
4324 +@@ -905,6 +905,15 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
4325 + cache = container_of(object->fscache.cache,
4326 + struct cachefiles_cache, cache);
4327 +
4328 ++ pos = (loff_t)page->index << PAGE_SHIFT;
4329 ++
4330 ++ /* We mustn't write more data than we have, so we have to beware of a
4331 ++ * partial page at EOF.
4332 ++ */
4333 ++ eof = object->fscache.store_limit_l;
4334 ++ if (pos >= eof)
4335 ++ goto error;
4336 ++
4337 + /* write the page to the backing filesystem and let it store it in its
4338 + * own time */
4339 + path.mnt = cache->mnt;
4340 +@@ -912,40 +921,38 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
4341 + file = dentry_open(&path, O_RDWR | O_LARGEFILE, cache->cache_cred);
4342 + if (IS_ERR(file)) {
4343 + ret = PTR_ERR(file);
4344 +- } else {
4345 +- pos = (loff_t) page->index << PAGE_SHIFT;
4346 +-
4347 +- /* we mustn't write more data than we have, so we have
4348 +- * to beware of a partial page at EOF */
4349 +- eof = object->fscache.store_limit_l;
4350 +- len = PAGE_SIZE;
4351 +- if (eof & ~PAGE_MASK) {
4352 +- ASSERTCMP(pos, <, eof);
4353 +- if (eof - pos < PAGE_SIZE) {
4354 +- _debug("cut short %llx to %llx",
4355 +- pos, eof);
4356 +- len = eof - pos;
4357 +- ASSERTCMP(pos + len, ==, eof);
4358 +- }
4359 +- }
4360 +-
4361 +- data = kmap(page);
4362 +- ret = __kernel_write(file, data, len, &pos);
4363 +- kunmap(page);
4364 +- if (ret != len)
4365 +- ret = -EIO;
4366 +- fput(file);
4367 ++ goto error_2;
4368 + }
4369 +
4370 +- if (ret < 0) {
4371 +- if (ret == -EIO)
4372 +- cachefiles_io_error_obj(
4373 +- object, "Write page to backing file failed");
4374 +- ret = -ENOBUFS;
4375 ++ len = PAGE_SIZE;
4376 ++ if (eof & ~PAGE_MASK) {
4377 ++ if (eof - pos < PAGE_SIZE) {
4378 ++ _debug("cut short %llx to %llx",
4379 ++ pos, eof);
4380 ++ len = eof - pos;
4381 ++ ASSERTCMP(pos + len, ==, eof);
4382 ++ }
4383 + }
4384 +
4385 +- _leave(" = %d", ret);
4386 +- return ret;
4387 ++ data = kmap(page);
4388 ++ ret = __kernel_write(file, data, len, &pos);
4389 ++ kunmap(page);
4390 ++ fput(file);
4391 ++ if (ret != len)
4392 ++ goto error_eio;
4393 ++
4394 ++ _leave(" = 0");
4395 ++ return 0;
4396 ++
4397 ++error_eio:
4398 ++ ret = -EIO;
4399 ++error_2:
4400 ++ if (ret == -EIO)
4401 ++ cachefiles_io_error_obj(object,
4402 ++ "Write page to backing file failed");
4403 ++error:
4404 ++ _leave(" = -ENOBUFS [%d]", ret);
4405 ++ return -ENOBUFS;
4406 + }
4407 +
4408 + /*
4409 +diff --git a/fs/ext2/super.c b/fs/ext2/super.c
4410 +index 900e19cf9ef6..2597b0663bf2 100644
4411 +--- a/fs/ext2/super.c
4412 ++++ b/fs/ext2/super.c
4413 +@@ -566,6 +566,8 @@ static int parse_options(char *options, struct super_block *sb)
4414 + /* Fall through */
4415 + case Opt_dax:
4416 + #ifdef CONFIG_FS_DAX
4417 ++ ext2_msg(sb, KERN_WARNING,
4418 ++ "DAX enabled. Warning: EXPERIMENTAL, use at your own risk");
4419 + set_opt(sbi->s_mount_opt, DAX);
4420 + #else
4421 + ext2_msg(sb, KERN_INFO, "dax option not supported");
4422 +diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
4423 +index 2fab243a4c9e..7d6cda4738a4 100644
4424 +--- a/fs/ext4/crypto.c
4425 ++++ b/fs/ext4/crypto.c
4426 +@@ -408,7 +408,7 @@ int ext4_encrypted_zeroout(struct inode *inode, struct ext4_extent *ex)
4427 + struct ext4_crypto_ctx *ctx;
4428 + struct page *ciphertext_page = NULL;
4429 + struct bio *bio;
4430 +- ext4_lblk_t lblk = ex->ee_block;
4431 ++ ext4_lblk_t lblk = le32_to_cpu(ex->ee_block);
4432 + ext4_fsblk_t pblk = ext4_ext_pblock(ex);
4433 + unsigned int len = ext4_ext_get_actual_len(ex);
4434 + int ret, err = 0;
4435 +diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
4436 +index fd1f28be5296..eb897089fbd0 100644
4437 +--- a/fs/ext4/ext4.h
4438 ++++ b/fs/ext4/ext4.h
4439 +@@ -26,6 +26,7 @@
4440 + #include <linux/seqlock.h>
4441 + #include <linux/mutex.h>
4442 + #include <linux/timer.h>
4443 ++#include <linux/version.h>
4444 + #include <linux/wait.h>
4445 + #include <linux/blockgroup_lock.h>
4446 + #include <linux/percpu_counter.h>
4447 +@@ -723,19 +724,55 @@ struct move_extent {
4448 + <= (EXT4_GOOD_OLD_INODE_SIZE + \
4449 + (einode)->i_extra_isize)) \
4450 +
4451 ++/*
4452 ++ * We use an encoding that preserves the times for extra epoch "00":
4453 ++ *
4454 ++ * extra msb of adjust for signed
4455 ++ * epoch 32-bit 32-bit tv_sec to
4456 ++ * bits time decoded 64-bit tv_sec 64-bit tv_sec valid time range
4457 ++ * 0 0 1 -0x80000000..-0x00000001 0x000000000 1901-12-13..1969-12-31
4458 ++ * 0 0 0 0x000000000..0x07fffffff 0x000000000 1970-01-01..2038-01-19
4459 ++ * 0 1 1 0x080000000..0x0ffffffff 0x100000000 2038-01-19..2106-02-07
4460 ++ * 0 1 0 0x100000000..0x17fffffff 0x100000000 2106-02-07..2174-02-25
4461 ++ * 1 0 1 0x180000000..0x1ffffffff 0x200000000 2174-02-25..2242-03-16
4462 ++ * 1 0 0 0x200000000..0x27fffffff 0x200000000 2242-03-16..2310-04-04
4463 ++ * 1 1 1 0x280000000..0x2ffffffff 0x300000000 2310-04-04..2378-04-22
4464 ++ * 1 1 0 0x300000000..0x37fffffff 0x300000000 2378-04-22..2446-05-10
4465 ++ *
4466 ++ * Note that previous versions of the kernel on 64-bit systems would
4467 ++ * incorrectly use extra epoch bits 1,1 for dates between 1901 and
4468 ++ * 1970. e2fsck will correct this, assuming that it is run on the
4469 ++ * affected filesystem before 2242.
4470 ++ */
4471 ++
4472 + static inline __le32 ext4_encode_extra_time(struct timespec *time)
4473 + {
4474 +- return cpu_to_le32((sizeof(time->tv_sec) > 4 ?
4475 +- (time->tv_sec >> 32) & EXT4_EPOCH_MASK : 0) |
4476 +- ((time->tv_nsec << EXT4_EPOCH_BITS) & EXT4_NSEC_MASK));
4477 ++ u32 extra = sizeof(time->tv_sec) > 4 ?
4478 ++ ((time->tv_sec - (s32)time->tv_sec) >> 32) & EXT4_EPOCH_MASK : 0;
4479 ++ return cpu_to_le32(extra | (time->tv_nsec << EXT4_EPOCH_BITS));
4480 + }
4481 +
4482 + static inline void ext4_decode_extra_time(struct timespec *time, __le32 extra)
4483 + {
4484 +- if (sizeof(time->tv_sec) > 4)
4485 +- time->tv_sec |= (__u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK)
4486 +- << 32;
4487 +- time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> EXT4_EPOCH_BITS;
4488 ++ if (unlikely(sizeof(time->tv_sec) > 4 &&
4489 ++ (extra & cpu_to_le32(EXT4_EPOCH_MASK)))) {
4490 ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,20,0)
4491 ++ /* Handle legacy encoding of pre-1970 dates with epoch
4492 ++ * bits 1,1. We assume that by kernel version 4.20,
4493 ++ * everyone will have run fsck over the affected
4494 ++ * filesystems to correct the problem. (This
4495 ++ * backwards compatibility may be removed before this
4496 ++ * time, at the discretion of the ext4 developers.)
4497 ++ */
4498 ++ u64 extra_bits = le32_to_cpu(extra) & EXT4_EPOCH_MASK;
4499 ++ if (extra_bits == 3 && ((time->tv_sec) & 0x80000000) != 0)
4500 ++ extra_bits = 0;
4501 ++ time->tv_sec += extra_bits << 32;
4502 ++#else
4503 ++ time->tv_sec += (u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK) << 32;
4504 ++#endif
4505 ++ }
4506 ++ time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> EXT4_EPOCH_BITS;
4507 + }
4508 +
4509 + #define EXT4_INODE_SET_XTIME(xtime, inode, raw_inode) \
4510 +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
4511 +index cf0c472047e3..c7c53fd46a41 100644
4512 +--- a/fs/ext4/resize.c
4513 ++++ b/fs/ext4/resize.c
4514 +@@ -1040,7 +1040,7 @@ exit_free:
4515 + * do not copy the full number of backups at this time. The resize
4516 + * which changed s_groups_count will backup again.
4517 + */
4518 +-static void update_backups(struct super_block *sb, int blk_off, char *data,
4519 ++static void update_backups(struct super_block *sb, sector_t blk_off, char *data,
4520 + int size, int meta_bg)
4521 + {
4522 + struct ext4_sb_info *sbi = EXT4_SB(sb);
4523 +@@ -1065,7 +1065,7 @@ static void update_backups(struct super_block *sb, int blk_off, char *data,
4524 + group = ext4_list_backups(sb, &three, &five, &seven);
4525 + last = sbi->s_groups_count;
4526 + } else {
4527 +- group = ext4_meta_bg_first_group(sb, group) + 1;
4528 ++ group = ext4_get_group_number(sb, blk_off) + 1;
4529 + last = (ext4_group_t)(group + EXT4_DESC_PER_BLOCK(sb) - 2);
4530 + }
4531 +
4532 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
4533 +index df84bd256c9f..7683892d855c 100644
4534 +--- a/fs/ext4/super.c
4535 ++++ b/fs/ext4/super.c
4536 +@@ -1664,8 +1664,12 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
4537 + }
4538 + sbi->s_jquota_fmt = m->mount_opt;
4539 + #endif
4540 +-#ifndef CONFIG_FS_DAX
4541 + } else if (token == Opt_dax) {
4542 ++#ifdef CONFIG_FS_DAX
4543 ++ ext4_msg(sb, KERN_WARNING,
4544 ++ "DAX enabled. Warning: EXPERIMENTAL, use at your own risk");
4545 ++ sbi->s_mount_opt |= m->mount_opt;
4546 ++#else
4547 + ext4_msg(sb, KERN_INFO, "dax option not supported");
4548 + return -1;
4549 + #endif
4550 +diff --git a/fs/ext4/symlink.c b/fs/ext4/symlink.c
4551 +index c677f2c1044b..3627fd7cf4a0 100644
4552 +--- a/fs/ext4/symlink.c
4553 ++++ b/fs/ext4/symlink.c
4554 +@@ -52,7 +52,7 @@ static const char *ext4_encrypted_follow_link(struct dentry *dentry, void **cook
4555 + /* Symlink is encrypted */
4556 + sd = (struct ext4_encrypted_symlink_data *)caddr;
4557 + cstr.name = sd->encrypted_path;
4558 +- cstr.len = le32_to_cpu(sd->len);
4559 ++ cstr.len = le16_to_cpu(sd->len);
4560 + if ((cstr.len +
4561 + sizeof(struct ext4_encrypted_symlink_data) - 1) >
4562 + max_size) {
4563 +diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
4564 +index 8f15fc134040..6726c4a5efa2 100644
4565 +--- a/fs/f2fs/dir.c
4566 ++++ b/fs/f2fs/dir.c
4567 +@@ -787,7 +787,6 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
4568 + else
4569 + d_type = DT_UNKNOWN;
4570 +
4571 +- /* encrypted case */
4572 + de_name.name = d->filename[bit_pos];
4573 + de_name.len = le16_to_cpu(de->name_len);
4574 +
4575 +@@ -795,12 +794,20 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
4576 + int save_len = fstr->len;
4577 + int ret;
4578 +
4579 ++ de_name.name = kmalloc(de_name.len, GFP_NOFS);
4580 ++ if (!de_name.name)
4581 ++ return false;
4582 ++
4583 ++ memcpy(de_name.name, d->filename[bit_pos], de_name.len);
4584 ++
4585 + ret = f2fs_fname_disk_to_usr(d->inode, &de->hash_code,
4586 + &de_name, fstr);
4587 +- de_name = *fstr;
4588 +- fstr->len = save_len;
4589 ++ kfree(de_name.name);
4590 + if (ret < 0)
4591 + return true;
4592 ++
4593 ++ de_name = *fstr;
4594 ++ fstr->len = save_len;
4595 + }
4596 +
4597 + if (!dir_emit(ctx, de_name.name, de_name.len,
4598 +diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
4599 +index a680bf38e4f0..dfa01c88b34b 100644
4600 +--- a/fs/f2fs/namei.c
4601 ++++ b/fs/f2fs/namei.c
4602 +@@ -947,8 +947,13 @@ static const char *f2fs_encrypted_follow_link(struct dentry *dentry, void **cook
4603 +
4604 + /* Symlink is encrypted */
4605 + sd = (struct f2fs_encrypted_symlink_data *)caddr;
4606 +- cstr.name = sd->encrypted_path;
4607 + cstr.len = le16_to_cpu(sd->len);
4608 ++ cstr.name = kmalloc(cstr.len, GFP_NOFS);
4609 ++ if (!cstr.name) {
4610 ++ res = -ENOMEM;
4611 ++ goto errout;
4612 ++ }
4613 ++ memcpy(cstr.name, sd->encrypted_path, cstr.len);
4614 +
4615 + /* this is broken symlink case */
4616 + if (cstr.name[0] == 0 && cstr.len == 0) {
4617 +@@ -970,6 +975,8 @@ static const char *f2fs_encrypted_follow_link(struct dentry *dentry, void **cook
4618 + if (res < 0)
4619 + goto errout;
4620 +
4621 ++ kfree(cstr.name);
4622 ++
4623 + paddr = pstr.name;
4624 +
4625 + /* Null-terminate the name */
4626 +@@ -979,6 +986,7 @@ static const char *f2fs_encrypted_follow_link(struct dentry *dentry, void **cook
4627 + page_cache_release(cpage);
4628 + return *cookie = paddr;
4629 + errout:
4630 ++ kfree(cstr.name);
4631 + f2fs_fname_crypto_free_buffer(&pstr);
4632 + kunmap(cpage);
4633 + page_cache_release(cpage);
4634 +diff --git a/fs/fat/dir.c b/fs/fat/dir.c
4635 +index 4afc4d9d2e41..8b2127ffb226 100644
4636 +--- a/fs/fat/dir.c
4637 ++++ b/fs/fat/dir.c
4638 +@@ -610,9 +610,9 @@ parse_record:
4639 + int status = fat_parse_long(inode, &cpos, &bh, &de,
4640 + &unicode, &nr_slots);
4641 + if (status < 0) {
4642 +- ctx->pos = cpos;
4643 ++ bh = NULL;
4644 + ret = status;
4645 +- goto out;
4646 ++ goto end_of_dir;
4647 + } else if (status == PARSE_INVALID)
4648 + goto record_end;
4649 + else if (status == PARSE_NOT_LONGNAME)
4650 +@@ -654,8 +654,9 @@ parse_record:
4651 + fill_len = short_len;
4652 +
4653 + start_filldir:
4654 +- if (!fake_offset)
4655 +- ctx->pos = cpos - (nr_slots + 1) * sizeof(struct msdos_dir_entry);
4656 ++ ctx->pos = cpos - (nr_slots + 1) * sizeof(struct msdos_dir_entry);
4657 ++ if (fake_offset && ctx->pos < 2)
4658 ++ ctx->pos = 2;
4659 +
4660 + if (!memcmp(de->name, MSDOS_DOT, MSDOS_NAME)) {
4661 + if (!dir_emit_dot(file, ctx))
4662 +@@ -681,14 +682,19 @@ record_end:
4663 + fake_offset = 0;
4664 + ctx->pos = cpos;
4665 + goto get_new;
4666 ++
4667 + end_of_dir:
4668 +- ctx->pos = cpos;
4669 ++ if (fake_offset && cpos < 2)
4670 ++ ctx->pos = 2;
4671 ++ else
4672 ++ ctx->pos = cpos;
4673 + fill_failed:
4674 + brelse(bh);
4675 + if (unicode)
4676 + __putname(unicode);
4677 + out:
4678 + mutex_unlock(&sbi->s_lock);
4679 ++
4680 + return ret;
4681 + }
4682 +
4683 +diff --git a/fs/fscache/netfs.c b/fs/fscache/netfs.c
4684 +index 6d941f56faf4..9b28649df3a1 100644
4685 +--- a/fs/fscache/netfs.c
4686 ++++ b/fs/fscache/netfs.c
4687 +@@ -22,6 +22,7 @@ static LIST_HEAD(fscache_netfs_list);
4688 + int __fscache_register_netfs(struct fscache_netfs *netfs)
4689 + {
4690 + struct fscache_netfs *ptr;
4691 ++ struct fscache_cookie *cookie;
4692 + int ret;
4693 +
4694 + _enter("{%s}", netfs->name);
4695 +@@ -29,29 +30,25 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
4696 + INIT_LIST_HEAD(&netfs->link);
4697 +
4698 + /* allocate a cookie for the primary index */
4699 +- netfs->primary_index =
4700 +- kmem_cache_zalloc(fscache_cookie_jar, GFP_KERNEL);
4701 ++ cookie = kmem_cache_zalloc(fscache_cookie_jar, GFP_KERNEL);
4702 +
4703 +- if (!netfs->primary_index) {
4704 ++ if (!cookie) {
4705 + _leave(" = -ENOMEM");
4706 + return -ENOMEM;
4707 + }
4708 +
4709 + /* initialise the primary index cookie */
4710 +- atomic_set(&netfs->primary_index->usage, 1);
4711 +- atomic_set(&netfs->primary_index->n_children, 0);
4712 +- atomic_set(&netfs->primary_index->n_active, 1);
4713 ++ atomic_set(&cookie->usage, 1);
4714 ++ atomic_set(&cookie->n_children, 0);
4715 ++ atomic_set(&cookie->n_active, 1);
4716 +
4717 +- netfs->primary_index->def = &fscache_fsdef_netfs_def;
4718 +- netfs->primary_index->parent = &fscache_fsdef_index;
4719 +- netfs->primary_index->netfs_data = netfs;
4720 +- netfs->primary_index->flags = 1 << FSCACHE_COOKIE_ENABLED;
4721 ++ cookie->def = &fscache_fsdef_netfs_def;
4722 ++ cookie->parent = &fscache_fsdef_index;
4723 ++ cookie->netfs_data = netfs;
4724 ++ cookie->flags = 1 << FSCACHE_COOKIE_ENABLED;
4725 +
4726 +- atomic_inc(&netfs->primary_index->parent->usage);
4727 +- atomic_inc(&netfs->primary_index->parent->n_children);
4728 +-
4729 +- spin_lock_init(&netfs->primary_index->lock);
4730 +- INIT_HLIST_HEAD(&netfs->primary_index->backing_objects);
4731 ++ spin_lock_init(&cookie->lock);
4732 ++ INIT_HLIST_HEAD(&cookie->backing_objects);
4733 +
4734 + /* check the netfs type is not already present */
4735 + down_write(&fscache_addremove_sem);
4736 +@@ -62,6 +59,10 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
4737 + goto already_registered;
4738 + }
4739 +
4740 ++ atomic_inc(&cookie->parent->usage);
4741 ++ atomic_inc(&cookie->parent->n_children);
4742 ++
4743 ++ netfs->primary_index = cookie;
4744 + list_add(&netfs->link, &fscache_netfs_list);
4745 + ret = 0;
4746 +
4747 +@@ -70,11 +71,8 @@ int __fscache_register_netfs(struct fscache_netfs *netfs)
4748 + already_registered:
4749 + up_write(&fscache_addremove_sem);
4750 +
4751 +- if (ret < 0) {
4752 +- netfs->primary_index->parent = NULL;
4753 +- __fscache_cookie_put(netfs->primary_index);
4754 +- netfs->primary_index = NULL;
4755 +- }
4756 ++ if (ret < 0)
4757 ++ kmem_cache_free(fscache_cookie_jar, cookie);
4758 +
4759 + _leave(" = %d", ret);
4760 + return ret;
4761 +diff --git a/fs/fscache/page.c b/fs/fscache/page.c
4762 +index 483bbc613bf0..ca916af5a7c4 100644
4763 +--- a/fs/fscache/page.c
4764 ++++ b/fs/fscache/page.c
4765 +@@ -816,7 +816,7 @@ static void fscache_write_op(struct fscache_operation *_op)
4766 + goto superseded;
4767 + page = results[0];
4768 + _debug("gang %d [%lx]", n, page->index);
4769 +- if (page->index > op->store_limit) {
4770 ++ if (page->index >= op->store_limit) {
4771 + fscache_stat(&fscache_n_store_pages_over_limit);
4772 + goto superseded;
4773 + }
4774 +diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
4775 +index 316adb968b65..de4bdfac0cec 100644
4776 +--- a/fs/hugetlbfs/inode.c
4777 ++++ b/fs/hugetlbfs/inode.c
4778 +@@ -332,12 +332,17 @@ static void remove_huge_page(struct page *page)
4779 + * truncation is indicated by end of range being LLONG_MAX
4780 + * In this case, we first scan the range and release found pages.
4781 + * After releasing pages, hugetlb_unreserve_pages cleans up region/reserv
4782 +- * maps and global counts.
4783 ++ * maps and global counts. Page faults can not race with truncation
4784 ++ * in this routine. hugetlb_no_page() prevents page faults in the
4785 ++ * truncated range. It checks i_size before allocation, and again after
4786 ++ * with the page table lock for the page held. The same lock must be
4787 ++ * acquired to unmap a page.
4788 + * hole punch is indicated if end is not LLONG_MAX
4789 + * In the hole punch case we scan the range and release found pages.
4790 + * Only when releasing a page is the associated region/reserv map
4791 + * deleted. The region/reserv map for ranges without associated
4792 +- * pages are not modified.
4793 ++ * pages are not modified. Page faults can race with hole punch.
4794 ++ * This is indicated if we find a mapped page.
4795 + * Note: If the passed end of range value is beyond the end of file, but
4796 + * not LLONG_MAX this routine still performs a hole punch operation.
4797 + */
4798 +@@ -361,46 +366,37 @@ static void remove_inode_hugepages(struct inode *inode, loff_t lstart,
4799 + next = start;
4800 + while (next < end) {
4801 + /*
4802 +- * Make sure to never grab more pages that we
4803 +- * might possibly need.
4804 ++ * Don't grab more pages than the number left in the range.
4805 + */
4806 + if (end - next < lookup_nr)
4807 + lookup_nr = end - next;
4808 +
4809 + /*
4810 +- * This pagevec_lookup() may return pages past 'end',
4811 +- * so we must check for page->index > end.
4812 ++ * When no more pages are found, we are done.
4813 + */
4814 +- if (!pagevec_lookup(&pvec, mapping, next, lookup_nr)) {
4815 +- if (next == start)
4816 +- break;
4817 +- next = start;
4818 +- continue;
4819 +- }
4820 ++ if (!pagevec_lookup(&pvec, mapping, next, lookup_nr))
4821 ++ break;
4822 +
4823 + for (i = 0; i < pagevec_count(&pvec); ++i) {
4824 + struct page *page = pvec.pages[i];
4825 + u32 hash;
4826 +
4827 ++ /*
4828 ++ * The page (index) could be beyond end. This is
4829 ++ * only possible in the punch hole case as end is
4830 ++ * max page offset in the truncate case.
4831 ++ */
4832 ++ next = page->index;
4833 ++ if (next >= end)
4834 ++ break;
4835 ++
4836 + hash = hugetlb_fault_mutex_hash(h, current->mm,
4837 + &pseudo_vma,
4838 + mapping, next, 0);
4839 + mutex_lock(&hugetlb_fault_mutex_table[hash]);
4840 +
4841 + lock_page(page);
4842 +- if (page->index >= end) {
4843 +- unlock_page(page);
4844 +- mutex_unlock(&hugetlb_fault_mutex_table[hash]);
4845 +- next = end; /* we are done */
4846 +- break;
4847 +- }
4848 +-
4849 +- /*
4850 +- * If page is mapped, it was faulted in after being
4851 +- * unmapped. Do nothing in this race case. In the
4852 +- * normal case page is not mapped.
4853 +- */
4854 +- if (!page_mapped(page)) {
4855 ++ if (likely(!page_mapped(page))) {
4856 + bool rsv_on_error = !PagePrivate(page);
4857 + /*
4858 + * We must free the huge page and remove
4859 +@@ -421,17 +417,23 @@ static void remove_inode_hugepages(struct inode *inode, loff_t lstart,
4860 + hugetlb_fix_reserve_counts(
4861 + inode, rsv_on_error);
4862 + }
4863 ++ } else {
4864 ++ /*
4865 ++ * If page is mapped, it was faulted in after
4866 ++ * being unmapped. It indicates a race between
4867 ++ * hole punch and page fault. Do nothing in
4868 ++ * this case. Getting here in a truncate
4869 ++ * operation is a bug.
4870 ++ */
4871 ++ BUG_ON(truncate_op);
4872 + }
4873 +
4874 +- if (page->index > next)
4875 +- next = page->index;
4876 +-
4877 +- ++next;
4878 + unlock_page(page);
4879 +-
4880 + mutex_unlock(&hugetlb_fault_mutex_table[hash]);
4881 + }
4882 ++ ++next;
4883 + huge_pagevec_release(&pvec);
4884 ++ cond_resched();
4885 + }
4886 +
4887 + if (truncate_op)
4888 +@@ -647,9 +649,6 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset,
4889 + if (!(mode & FALLOC_FL_KEEP_SIZE) && offset + len > inode->i_size)
4890 + i_size_write(inode, offset + len);
4891 + inode->i_ctime = CURRENT_TIME;
4892 +- spin_lock(&inode->i_lock);
4893 +- inode->i_private = NULL;
4894 +- spin_unlock(&inode->i_lock);
4895 + out:
4896 + mutex_unlock(&inode->i_mutex);
4897 + return error;
4898 +diff --git a/fs/jbd2/checkpoint.c b/fs/jbd2/checkpoint.c
4899 +index 8c44654ce274..684996c8a3a4 100644
4900 +--- a/fs/jbd2/checkpoint.c
4901 ++++ b/fs/jbd2/checkpoint.c
4902 +@@ -427,7 +427,6 @@ static int journal_clean_one_cp_list(struct journal_head *jh, bool destroy)
4903 + struct journal_head *last_jh;
4904 + struct journal_head *next_jh = jh;
4905 + int ret;
4906 +- int freed = 0;
4907 +
4908 + if (!jh)
4909 + return 0;
4910 +@@ -441,10 +440,9 @@ static int journal_clean_one_cp_list(struct journal_head *jh, bool destroy)
4911 + else
4912 + ret = __jbd2_journal_remove_checkpoint(jh) + 1;
4913 + if (!ret)
4914 +- return freed;
4915 ++ return 0;
4916 + if (ret == 2)
4917 + return 1;
4918 +- freed = 1;
4919 + /*
4920 + * This function only frees up some memory
4921 + * if possible so we dont have an obligation
4922 +@@ -452,10 +450,10 @@ static int journal_clean_one_cp_list(struct journal_head *jh, bool destroy)
4923 + * requested:
4924 + */
4925 + if (need_resched())
4926 +- return freed;
4927 ++ return 0;
4928 + } while (jh != last_jh);
4929 +
4930 +- return freed;
4931 ++ return 0;
4932 + }
4933 +
4934 + /*
4935 +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
4936 +index 6b8338ec2464..1498ad9f731a 100644
4937 +--- a/fs/jbd2/transaction.c
4938 ++++ b/fs/jbd2/transaction.c
4939 +@@ -1009,7 +1009,8 @@ out:
4940 + }
4941 +
4942 + /* Fast check whether buffer is already attached to the required transaction */
4943 +-static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh)
4944 ++static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh,
4945 ++ bool undo)
4946 + {
4947 + struct journal_head *jh;
4948 + bool ret = false;
4949 +@@ -1036,6 +1037,9 @@ static bool jbd2_write_access_granted(handle_t *handle, struct buffer_head *bh)
4950 + jh = READ_ONCE(bh->b_private);
4951 + if (!jh)
4952 + goto out;
4953 ++ /* For undo access buffer must have data copied */
4954 ++ if (undo && !jh->b_committed_data)
4955 ++ goto out;
4956 + if (jh->b_transaction != handle->h_transaction &&
4957 + jh->b_next_transaction != handle->h_transaction)
4958 + goto out;
4959 +@@ -1073,7 +1077,7 @@ int jbd2_journal_get_write_access(handle_t *handle, struct buffer_head *bh)
4960 + struct journal_head *jh;
4961 + int rc;
4962 +
4963 +- if (jbd2_write_access_granted(handle, bh))
4964 ++ if (jbd2_write_access_granted(handle, bh, false))
4965 + return 0;
4966 +
4967 + jh = jbd2_journal_add_journal_head(bh);
4968 +@@ -1210,7 +1214,7 @@ int jbd2_journal_get_undo_access(handle_t *handle, struct buffer_head *bh)
4969 + char *committed_data = NULL;
4970 +
4971 + JBUFFER_TRACE(jh, "entry");
4972 +- if (jbd2_write_access_granted(handle, bh))
4973 ++ if (jbd2_write_access_granted(handle, bh, true))
4974 + return 0;
4975 +
4976 + jh = jbd2_journal_add_journal_head(bh);
4977 +@@ -2152,6 +2156,7 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
4978 +
4979 + if (!buffer_dirty(bh)) {
4980 + /* bdflush has written it. We can drop it now */
4981 ++ __jbd2_journal_remove_checkpoint(jh);
4982 + goto zap_buffer;
4983 + }
4984 +
4985 +@@ -2181,6 +2186,7 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
4986 + /* The orphan record's transaction has
4987 + * committed. We can cleanse this buffer */
4988 + clear_buffer_jbddirty(bh);
4989 ++ __jbd2_journal_remove_checkpoint(jh);
4990 + goto zap_buffer;
4991 + }
4992 + }
4993 +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
4994 +index 5133bb18830e..c8bd1ddb7df8 100644
4995 +--- a/fs/nfs/nfs4proc.c
4996 ++++ b/fs/nfs/nfs4proc.c
4997 +@@ -8060,7 +8060,6 @@ static void nfs4_layoutreturn_release(void *calldata)
4998 + pnfs_set_layout_stateid(lo, &lrp->res.stateid, true);
4999 + pnfs_mark_matching_lsegs_invalid(lo, &freeme, &lrp->args.range);
5000 + pnfs_clear_layoutreturn_waitbit(lo);
5001 +- lo->plh_block_lgets--;
5002 + spin_unlock(&lo->plh_inode->i_lock);
5003 + pnfs_free_lseg_list(&freeme);
5004 + pnfs_put_layout_hdr(lrp->args.layout);
5005 +diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
5006 +index ce38b4ccc9ab..5e355650eea0 100644
5007 +--- a/fs/ocfs2/dlm/dlmmaster.c
5008 ++++ b/fs/ocfs2/dlm/dlmmaster.c
5009 +@@ -2519,6 +2519,11 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm,
5010 + spin_lock(&dlm->master_lock);
5011 + ret = dlm_add_migration_mle(dlm, res, mle, &oldmle, name,
5012 + namelen, target, dlm->node_num);
5013 ++ /* get an extra reference on the mle.
5014 ++ * otherwise the assert_master from the new
5015 ++ * master will destroy this.
5016 ++ */
5017 ++ dlm_get_mle_inuse(mle);
5018 + spin_unlock(&dlm->master_lock);
5019 + spin_unlock(&dlm->spinlock);
5020 +
5021 +@@ -2554,6 +2559,7 @@ fail:
5022 + if (mle_added) {
5023 + dlm_mle_detach_hb_events(dlm, mle);
5024 + dlm_put_mle(mle);
5025 ++ dlm_put_mle_inuse(mle);
5026 + } else if (mle) {
5027 + kmem_cache_free(dlm_mle_cache, mle);
5028 + mle = NULL;
5029 +@@ -2571,17 +2577,6 @@ fail:
5030 + * ensure that all assert_master work is flushed. */
5031 + flush_workqueue(dlm->dlm_worker);
5032 +
5033 +- /* get an extra reference on the mle.
5034 +- * otherwise the assert_master from the new
5035 +- * master will destroy this.
5036 +- * also, make sure that all callers of dlm_get_mle
5037 +- * take both dlm->spinlock and dlm->master_lock */
5038 +- spin_lock(&dlm->spinlock);
5039 +- spin_lock(&dlm->master_lock);
5040 +- dlm_get_mle_inuse(mle);
5041 +- spin_unlock(&dlm->master_lock);
5042 +- spin_unlock(&dlm->spinlock);
5043 +-
5044 + /* notify new node and send all lock state */
5045 + /* call send_one_lockres with migration flag.
5046 + * this serves as notice to the target node that a
5047 +@@ -3310,6 +3305,15 @@ top:
5048 + mle->new_master != dead_node)
5049 + continue;
5050 +
5051 ++ if (mle->new_master == dead_node && mle->inuse) {
5052 ++ mlog(ML_NOTICE, "%s: target %u died during "
5053 ++ "migration from %u, the MLE is "
5054 ++ "still keep used, ignore it!\n",
5055 ++ dlm->name, dead_node,
5056 ++ mle->master);
5057 ++ continue;
5058 ++ }
5059 ++
5060 + /* If we have reached this point, this mle needs to be
5061 + * removed from the list and freed. */
5062 + dlm_clean_migration_mle(dlm, mle);
5063 +diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
5064 +index 58eaa5c0d387..572a3dc4861f 100644
5065 +--- a/fs/ocfs2/dlm/dlmrecovery.c
5066 ++++ b/fs/ocfs2/dlm/dlmrecovery.c
5067 +@@ -2360,6 +2360,8 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node)
5068 + break;
5069 + }
5070 + }
5071 ++ dlm_lockres_clear_refmap_bit(dlm, res,
5072 ++ dead_node);
5073 + spin_unlock(&res->spinlock);
5074 + continue;
5075 + }
5076 +diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
5077 +index 1c91103c1333..9a894aecc960 100644
5078 +--- a/fs/ocfs2/dlmglue.c
5079 ++++ b/fs/ocfs2/dlmglue.c
5080 +@@ -1390,6 +1390,7 @@ static int __ocfs2_cluster_lock(struct ocfs2_super *osb,
5081 + unsigned int gen;
5082 + int noqueue_attempted = 0;
5083 + int dlm_locked = 0;
5084 ++ int kick_dc = 0;
5085 +
5086 + if (!(lockres->l_flags & OCFS2_LOCK_INITIALIZED)) {
5087 + mlog_errno(-EINVAL);
5088 +@@ -1524,7 +1525,12 @@ update_holders:
5089 + unlock:
5090 + lockres_clear_flags(lockres, OCFS2_LOCK_UPCONVERT_FINISHING);
5091 +
5092 ++ /* ocfs2_unblock_lock reques on seeing OCFS2_LOCK_UPCONVERT_FINISHING */
5093 ++ kick_dc = (lockres->l_flags & OCFS2_LOCK_BLOCKED);
5094 ++
5095 + spin_unlock_irqrestore(&lockres->l_lock, flags);
5096 ++ if (kick_dc)
5097 ++ ocfs2_wake_downconvert_thread(osb);
5098 + out:
5099 + /*
5100 + * This is helping work around a lock inversion between the page lock
5101 +diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
5102 +index 12bfa9ca5583..c0356c18cdf5 100644
5103 +--- a/fs/ocfs2/namei.c
5104 ++++ b/fs/ocfs2/namei.c
5105 +@@ -369,13 +369,11 @@ static int ocfs2_mknod(struct inode *dir,
5106 + goto leave;
5107 + }
5108 +
5109 +- status = posix_acl_create(dir, &mode, &default_acl, &acl);
5110 ++ status = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl);
5111 + if (status) {
5112 + mlog_errno(status);
5113 + goto leave;
5114 + }
5115 +- /* update inode->i_mode after mask with "umask". */
5116 +- inode->i_mode = mode;
5117 +
5118 + handle = ocfs2_start_trans(osb, ocfs2_mknod_credits(osb->sb,
5119 + S_ISDIR(mode),
5120 +diff --git a/fs/ocfs2/resize.c b/fs/ocfs2/resize.c
5121 +index d5da6f624142..79b8021302b3 100644
5122 +--- a/fs/ocfs2/resize.c
5123 ++++ b/fs/ocfs2/resize.c
5124 +@@ -54,11 +54,12 @@
5125 + static u16 ocfs2_calc_new_backup_super(struct inode *inode,
5126 + struct ocfs2_group_desc *gd,
5127 + u16 cl_cpg,
5128 ++ u16 old_bg_clusters,
5129 + int set)
5130 + {
5131 + int i;
5132 + u16 backups = 0;
5133 +- u32 cluster;
5134 ++ u32 cluster, lgd_cluster;
5135 + u64 blkno, gd_blkno, lgd_blkno = le64_to_cpu(gd->bg_blkno);
5136 +
5137 + for (i = 0; i < OCFS2_MAX_BACKUP_SUPERBLOCKS; i++) {
5138 +@@ -71,6 +72,12 @@ static u16 ocfs2_calc_new_backup_super(struct inode *inode,
5139 + else if (gd_blkno > lgd_blkno)
5140 + break;
5141 +
5142 ++ /* check if already done backup super */
5143 ++ lgd_cluster = ocfs2_blocks_to_clusters(inode->i_sb, lgd_blkno);
5144 ++ lgd_cluster += old_bg_clusters;
5145 ++ if (lgd_cluster >= cluster)
5146 ++ continue;
5147 ++
5148 + if (set)
5149 + ocfs2_set_bit(cluster % cl_cpg,
5150 + (unsigned long *)gd->bg_bitmap);
5151 +@@ -99,6 +106,7 @@ static int ocfs2_update_last_group_and_inode(handle_t *handle,
5152 + u16 chain, num_bits, backups = 0;
5153 + u16 cl_bpc = le16_to_cpu(cl->cl_bpc);
5154 + u16 cl_cpg = le16_to_cpu(cl->cl_cpg);
5155 ++ u16 old_bg_clusters;
5156 +
5157 + trace_ocfs2_update_last_group_and_inode(new_clusters,
5158 + first_new_cluster);
5159 +@@ -112,6 +120,7 @@ static int ocfs2_update_last_group_and_inode(handle_t *handle,
5160 +
5161 + group = (struct ocfs2_group_desc *)group_bh->b_data;
5162 +
5163 ++ old_bg_clusters = le16_to_cpu(group->bg_bits) / cl_bpc;
5164 + /* update the group first. */
5165 + num_bits = new_clusters * cl_bpc;
5166 + le16_add_cpu(&group->bg_bits, num_bits);
5167 +@@ -125,7 +134,7 @@ static int ocfs2_update_last_group_and_inode(handle_t *handle,
5168 + OCFS2_FEATURE_COMPAT_BACKUP_SB)) {
5169 + backups = ocfs2_calc_new_backup_super(bm_inode,
5170 + group,
5171 +- cl_cpg, 1);
5172 ++ cl_cpg, old_bg_clusters, 1);
5173 + le16_add_cpu(&group->bg_free_bits_count, -1 * backups);
5174 + }
5175 +
5176 +@@ -163,7 +172,7 @@ out_rollback:
5177 + if (ret < 0) {
5178 + ocfs2_calc_new_backup_super(bm_inode,
5179 + group,
5180 +- cl_cpg, 0);
5181 ++ cl_cpg, old_bg_clusters, 0);
5182 + le16_add_cpu(&group->bg_free_bits_count, backups);
5183 + le16_add_cpu(&group->bg_bits, -1 * num_bits);
5184 + le16_add_cpu(&group->bg_free_bits_count, -1 * num_bits);
5185 +diff --git a/fs/pipe.c b/fs/pipe.c
5186 +index 8865f7963700..14788ddcd3f3 100644
5187 +--- a/fs/pipe.c
5188 ++++ b/fs/pipe.c
5189 +@@ -366,18 +366,17 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
5190 + int offset = buf->offset + buf->len;
5191 +
5192 + if (ops->can_merge && offset + chars <= PAGE_SIZE) {
5193 +- int error = ops->confirm(pipe, buf);
5194 +- if (error)
5195 ++ ret = ops->confirm(pipe, buf);
5196 ++ if (ret)
5197 + goto out;
5198 +
5199 + ret = copy_page_from_iter(buf->page, offset, chars, from);
5200 + if (unlikely(ret < chars)) {
5201 +- error = -EFAULT;
5202 ++ ret = -EFAULT;
5203 + goto out;
5204 + }
5205 + do_wakeup = 1;
5206 +- buf->len += chars;
5207 +- ret = chars;
5208 ++ buf->len += ret;
5209 + if (!iov_iter_count(from))
5210 + goto out;
5211 + }
5212 +diff --git a/fs/proc/base.c b/fs/proc/base.c
5213 +index 29595af32866..4b6fb2cbd928 100644
5214 +--- a/fs/proc/base.c
5215 ++++ b/fs/proc/base.c
5216 +@@ -2484,6 +2484,7 @@ static ssize_t proc_coredump_filter_write(struct file *file,
5217 + mm = get_task_mm(task);
5218 + if (!mm)
5219 + goto out_no_mm;
5220 ++ ret = 0;
5221 +
5222 + for (i = 0, mask = 1; i < MMF_DUMP_FILTER_BITS; i++, mask <<= 1) {
5223 + if (val & mask)
5224 +diff --git a/fs/proc/fd.c b/fs/proc/fd.c
5225 +index 6e5fcd00733e..3c2a915c695a 100644
5226 +--- a/fs/proc/fd.c
5227 ++++ b/fs/proc/fd.c
5228 +@@ -291,11 +291,19 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry,
5229 + */
5230 + int proc_fd_permission(struct inode *inode, int mask)
5231 + {
5232 +- int rv = generic_permission(inode, mask);
5233 ++ struct task_struct *p;
5234 ++ int rv;
5235 ++
5236 ++ rv = generic_permission(inode, mask);
5237 + if (rv == 0)
5238 +- return 0;
5239 +- if (task_tgid(current) == proc_pid(inode))
5240 ++ return rv;
5241 ++
5242 ++ rcu_read_lock();
5243 ++ p = pid_task(proc_pid(inode), PIDTYPE_PID);
5244 ++ if (p && same_thread_group(p, current))
5245 + rv = 0;
5246 ++ rcu_read_unlock();
5247 ++
5248 + return rv;
5249 + }
5250 +
5251 +diff --git a/fs/seq_file.c b/fs/seq_file.c
5252 +index 225586e141ca..a8e288755f24 100644
5253 +--- a/fs/seq_file.c
5254 ++++ b/fs/seq_file.c
5255 +@@ -25,12 +25,17 @@ static void seq_set_overflow(struct seq_file *m)
5256 + static void *seq_buf_alloc(unsigned long size)
5257 + {
5258 + void *buf;
5259 ++ gfp_t gfp = GFP_KERNEL;
5260 +
5261 + /*
5262 +- * __GFP_NORETRY to avoid oom-killings with high-order allocations -
5263 +- * it's better to fall back to vmalloc() than to kill things.
5264 ++ * For high order allocations, use __GFP_NORETRY to avoid oom-killing -
5265 ++ * it's better to fall back to vmalloc() than to kill things. For small
5266 ++ * allocations, just use GFP_KERNEL which will oom kill, thus no need
5267 ++ * for vmalloc fallback.
5268 + */
5269 +- buf = kmalloc(size, GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
5270 ++ if (size > PAGE_SIZE)
5271 ++ gfp |= __GFP_NORETRY | __GFP_NOWARN;
5272 ++ buf = kmalloc(size, gfp);
5273 + if (!buf && size > PAGE_SIZE)
5274 + buf = vmalloc(size);
5275 + return buf;
5276 +diff --git a/fs/sysv/inode.c b/fs/sysv/inode.c
5277 +index 590ad9206e3f..02fa1dcc5969 100644
5278 +--- a/fs/sysv/inode.c
5279 ++++ b/fs/sysv/inode.c
5280 +@@ -162,15 +162,8 @@ void sysv_set_inode(struct inode *inode, dev_t rdev)
5281 + inode->i_fop = &sysv_dir_operations;
5282 + inode->i_mapping->a_ops = &sysv_aops;
5283 + } else if (S_ISLNK(inode->i_mode)) {
5284 +- if (inode->i_blocks) {
5285 +- inode->i_op = &sysv_symlink_inode_operations;
5286 +- inode->i_mapping->a_ops = &sysv_aops;
5287 +- } else {
5288 +- inode->i_op = &simple_symlink_inode_operations;
5289 +- inode->i_link = (char *)SYSV_I(inode)->i_data;
5290 +- nd_terminate_link(inode->i_link, inode->i_size,
5291 +- sizeof(SYSV_I(inode)->i_data) - 1);
5292 +- }
5293 ++ inode->i_op = &sysv_symlink_inode_operations;
5294 ++ inode->i_mapping->a_ops = &sysv_aops;
5295 + } else
5296 + init_special_inode(inode, inode->i_mode, rdev);
5297 + }
5298 +diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
5299 +index cbc8d5d2755a..c66f2423e1f5 100644
5300 +--- a/fs/tracefs/inode.c
5301 ++++ b/fs/tracefs/inode.c
5302 +@@ -340,8 +340,12 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
5303 + dput(dentry);
5304 + dentry = ERR_PTR(-EEXIST);
5305 + }
5306 +- if (IS_ERR(dentry))
5307 ++
5308 ++ if (IS_ERR(dentry)) {
5309 + mutex_unlock(&parent->d_inode->i_mutex);
5310 ++ simple_release_fs(&tracefs_mount, &tracefs_mount_count);
5311 ++ }
5312 ++
5313 + return dentry;
5314 + }
5315 +
5316 +diff --git a/include/crypto/hash.h b/include/crypto/hash.h
5317 +index 8e920b44c0ac..da791ac52f13 100644
5318 +--- a/include/crypto/hash.h
5319 ++++ b/include/crypto/hash.h
5320 +@@ -204,6 +204,7 @@ struct crypto_ahash {
5321 + unsigned int keylen);
5322 +
5323 + unsigned int reqsize;
5324 ++ bool has_setkey;
5325 + struct crypto_tfm base;
5326 + };
5327 +
5328 +@@ -361,6 +362,11 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
5329 + int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
5330 + unsigned int keylen);
5331 +
5332 ++static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
5333 ++{
5334 ++ return tfm->has_setkey;
5335 ++}
5336 ++
5337 + /**
5338 + * crypto_ahash_finup() - update and finalize message digest
5339 + * @req: reference to the ahash_request handle that holds all information
5340 +diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
5341 +index 018afb264ac2..a2bfd7843f18 100644
5342 +--- a/include/crypto/if_alg.h
5343 ++++ b/include/crypto/if_alg.h
5344 +@@ -30,6 +30,9 @@ struct alg_sock {
5345 +
5346 + struct sock *parent;
5347 +
5348 ++ unsigned int refcnt;
5349 ++ unsigned int nokey_refcnt;
5350 ++
5351 + const struct af_alg_type *type;
5352 + void *private;
5353 + };
5354 +@@ -50,9 +53,11 @@ struct af_alg_type {
5355 + void (*release)(void *private);
5356 + int (*setkey)(void *private, const u8 *key, unsigned int keylen);
5357 + int (*accept)(void *private, struct sock *sk);
5358 ++ int (*accept_nokey)(void *private, struct sock *sk);
5359 + int (*setauthsize)(void *private, unsigned int authsize);
5360 +
5361 + struct proto_ops *ops;
5362 ++ struct proto_ops *ops_nokey;
5363 + struct module *owner;
5364 + char name[14];
5365 + };
5366 +@@ -67,6 +72,7 @@ int af_alg_register_type(const struct af_alg_type *type);
5367 + int af_alg_unregister_type(const struct af_alg_type *type);
5368 +
5369 + int af_alg_release(struct socket *sock);
5370 ++void af_alg_release_parent(struct sock *sk);
5371 + int af_alg_accept(struct sock *sk, struct socket *newsock);
5372 +
5373 + int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len);
5374 +@@ -83,11 +89,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk)
5375 + return (struct alg_sock *)sk;
5376 + }
5377 +
5378 +-static inline void af_alg_release_parent(struct sock *sk)
5379 +-{
5380 +- sock_put(alg_sk(sk)->parent);
5381 +-}
5382 +-
5383 + static inline void af_alg_init_completion(struct af_alg_completion *completion)
5384 + {
5385 + init_completion(&completion->completion);
5386 +diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
5387 +index d8dd41fb034f..fd8742a40ff3 100644
5388 +--- a/include/crypto/skcipher.h
5389 ++++ b/include/crypto/skcipher.h
5390 +@@ -61,6 +61,8 @@ struct crypto_skcipher {
5391 + unsigned int ivsize;
5392 + unsigned int reqsize;
5393 +
5394 ++ bool has_setkey;
5395 ++
5396 + struct crypto_tfm base;
5397 + };
5398 +
5399 +@@ -305,6 +307,11 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
5400 + return tfm->setkey(tfm, key, keylen);
5401 + }
5402 +
5403 ++static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm)
5404 ++{
5405 ++ return tfm->has_setkey;
5406 ++}
5407 ++
5408 + /**
5409 + * crypto_skcipher_reqtfm() - obtain cipher handle from request
5410 + * @req: skcipher_request out of which the cipher handle is to be obtained
5411 +diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
5412 +index 19c2e947d4d1..3a3ff074782f 100644
5413 +--- a/include/linux/blkdev.h
5414 ++++ b/include/linux/blkdev.h
5415 +@@ -767,7 +767,6 @@ extern void blk_rq_set_block_pc(struct request *);
5416 + extern void blk_requeue_request(struct request_queue *, struct request *);
5417 + extern void blk_add_request_payload(struct request *rq, struct page *page,
5418 + unsigned int len);
5419 +-extern int blk_rq_check_limits(struct request_queue *q, struct request *rq);
5420 + extern int blk_lld_busy(struct request_queue *q);
5421 + extern int blk_rq_prep_clone(struct request *rq, struct request *rq_src,
5422 + struct bio_set *bs, gfp_t gfp_mask,
5423 +diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h
5424 +index 76dd4f0da5ca..2ead22dd74a0 100644
5425 +--- a/include/linux/hrtimer.h
5426 ++++ b/include/linux/hrtimer.h
5427 +@@ -87,7 +87,8 @@ enum hrtimer_restart {
5428 + * @function: timer expiry callback function
5429 + * @base: pointer to the timer base (per cpu and per clock)
5430 + * @state: state information (See bit values above)
5431 +- * @start_pid: timer statistics field to store the pid of the task which
5432 ++ * @is_rel: Set if the timer was armed relative
5433 ++ * @start_pid: timer statistics field to store the pid of the task which
5434 + * started the timer
5435 + * @start_site: timer statistics field to store the site where the timer
5436 + * was started
5437 +@@ -101,7 +102,8 @@ struct hrtimer {
5438 + ktime_t _softexpires;
5439 + enum hrtimer_restart (*function)(struct hrtimer *);
5440 + struct hrtimer_clock_base *base;
5441 +- unsigned long state;
5442 ++ u8 state;
5443 ++ u8 is_rel;
5444 + #ifdef CONFIG_TIMER_STATS
5445 + int start_pid;
5446 + void *start_site;
5447 +@@ -321,6 +323,27 @@ static inline void clock_was_set_delayed(void) { }
5448 +
5449 + #endif
5450 +
5451 ++static inline ktime_t
5452 ++__hrtimer_expires_remaining_adjusted(const struct hrtimer *timer, ktime_t now)
5453 ++{
5454 ++ ktime_t rem = ktime_sub(timer->node.expires, now);
5455 ++
5456 ++ /*
5457 ++ * Adjust relative timers for the extra we added in
5458 ++ * hrtimer_start_range_ns() to prevent short timeouts.
5459 ++ */
5460 ++ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && timer->is_rel)
5461 ++ rem.tv64 -= hrtimer_resolution;
5462 ++ return rem;
5463 ++}
5464 ++
5465 ++static inline ktime_t
5466 ++hrtimer_expires_remaining_adjusted(const struct hrtimer *timer)
5467 ++{
5468 ++ return __hrtimer_expires_remaining_adjusted(timer,
5469 ++ timer->base->get_time());
5470 ++}
5471 ++
5472 + extern void clock_was_set(void);
5473 + #ifdef CONFIG_TIMERFD
5474 + extern void timerfd_clock_was_set(void);
5475 +@@ -390,7 +413,12 @@ static inline void hrtimer_restart(struct hrtimer *timer)
5476 + }
5477 +
5478 + /* Query timers: */
5479 +-extern ktime_t hrtimer_get_remaining(const struct hrtimer *timer);
5480 ++extern ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust);
5481 ++
5482 ++static inline ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
5483 ++{
5484 ++ return __hrtimer_get_remaining(timer, false);
5485 ++}
5486 +
5487 + extern u64 hrtimer_get_next_event(void);
5488 +
5489 +diff --git a/include/linux/signal.h b/include/linux/signal.h
5490 +index ab1e0392b5ac..92557bbce7e7 100644
5491 +--- a/include/linux/signal.h
5492 ++++ b/include/linux/signal.h
5493 +@@ -239,7 +239,6 @@ extern int sigprocmask(int, sigset_t *, sigset_t *);
5494 + extern void set_current_blocked(sigset_t *);
5495 + extern void __set_current_blocked(const sigset_t *);
5496 + extern int show_unhandled_signals;
5497 +-extern int sigsuspend(sigset_t *);
5498 +
5499 + struct sigaction {
5500 + #ifndef __ARCH_HAS_IRIX_SIGACTION
5501 +diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h
5502 +index f6cbef78db62..3b91ad5d5115 100644
5503 +--- a/include/sound/rawmidi.h
5504 ++++ b/include/sound/rawmidi.h
5505 +@@ -167,6 +167,10 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
5506 + int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count);
5507 + int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream,
5508 + unsigned char *buffer, int count);
5509 ++int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
5510 ++ unsigned char *buffer, int count);
5511 ++int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream,
5512 ++ int count);
5513 +
5514 + /* main midi functions */
5515 +
5516 +diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
5517 +index 8f0324ef72ab..9982616ce712 100644
5518 +--- a/kernel/printk/printk.c
5519 ++++ b/kernel/printk/printk.c
5520 +@@ -269,6 +269,9 @@ static u32 clear_idx;
5521 + #define PREFIX_MAX 32
5522 + #define LOG_LINE_MAX (1024 - PREFIX_MAX)
5523 +
5524 ++#define LOG_LEVEL(v) ((v) & 0x07)
5525 ++#define LOG_FACILITY(v) ((v) >> 3 & 0xff)
5526 ++
5527 + /* record buffer */
5528 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
5529 + #define LOG_ALIGN 4
5530 +@@ -611,7 +614,6 @@ struct devkmsg_user {
5531 + static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from)
5532 + {
5533 + char *buf, *line;
5534 +- int i;
5535 + int level = default_message_loglevel;
5536 + int facility = 1; /* LOG_USER */
5537 + size_t len = iov_iter_count(from);
5538 +@@ -641,12 +643,13 @@ static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from)
5539 + line = buf;
5540 + if (line[0] == '<') {
5541 + char *endp = NULL;
5542 ++ unsigned int u;
5543 +
5544 +- i = simple_strtoul(line+1, &endp, 10);
5545 ++ u = simple_strtoul(line + 1, &endp, 10);
5546 + if (endp && endp[0] == '>') {
5547 +- level = i & 7;
5548 +- if (i >> 3)
5549 +- facility = i >> 3;
5550 ++ level = LOG_LEVEL(u);
5551 ++ if (LOG_FACILITY(u) != 0)
5552 ++ facility = LOG_FACILITY(u);
5553 + endp++;
5554 + len -= endp - line;
5555 + line = endp;
5556 +diff --git a/kernel/sched/core.c b/kernel/sched/core.c
5557 +index bcd214e4b4d6..9a584b204e85 100644
5558 +--- a/kernel/sched/core.c
5559 ++++ b/kernel/sched/core.c
5560 +@@ -6678,7 +6678,7 @@ static void sched_init_numa(void)
5561 +
5562 + sched_domains_numa_masks[i][j] = mask;
5563 +
5564 +- for (k = 0; k < nr_node_ids; k++) {
5565 ++ for_each_node(k) {
5566 + if (node_distance(j, k) > sched_domains_numa_distance[i])
5567 + continue;
5568 +
5569 +diff --git a/kernel/signal.c b/kernel/signal.c
5570 +index 0f6bbbe77b46..6c863ca42a76 100644
5571 +--- a/kernel/signal.c
5572 ++++ b/kernel/signal.c
5573 +@@ -3552,7 +3552,7 @@ SYSCALL_DEFINE0(pause)
5574 +
5575 + #endif
5576 +
5577 +-int sigsuspend(sigset_t *set)
5578 ++static int sigsuspend(sigset_t *set)
5579 + {
5580 + current->saved_sigmask = current->blocked;
5581 + set_current_blocked(set);
5582 +diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
5583 +index 457a373e2181..8be98288dcbc 100644
5584 +--- a/kernel/time/hrtimer.c
5585 ++++ b/kernel/time/hrtimer.c
5586 +@@ -897,10 +897,10 @@ static int enqueue_hrtimer(struct hrtimer *timer,
5587 + */
5588 + static void __remove_hrtimer(struct hrtimer *timer,
5589 + struct hrtimer_clock_base *base,
5590 +- unsigned long newstate, int reprogram)
5591 ++ u8 newstate, int reprogram)
5592 + {
5593 + struct hrtimer_cpu_base *cpu_base = base->cpu_base;
5594 +- unsigned int state = timer->state;
5595 ++ u8 state = timer->state;
5596 +
5597 + timer->state = newstate;
5598 + if (!(state & HRTIMER_STATE_ENQUEUED))
5599 +@@ -930,7 +930,7 @@ static inline int
5600 + remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool restart)
5601 + {
5602 + if (hrtimer_is_queued(timer)) {
5603 +- unsigned long state = timer->state;
5604 ++ u8 state = timer->state;
5605 + int reprogram;
5606 +
5607 + /*
5608 +@@ -954,6 +954,22 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool rest
5609 + return 0;
5610 + }
5611 +
5612 ++static inline ktime_t hrtimer_update_lowres(struct hrtimer *timer, ktime_t tim,
5613 ++ const enum hrtimer_mode mode)
5614 ++{
5615 ++#ifdef CONFIG_TIME_LOW_RES
5616 ++ /*
5617 ++ * CONFIG_TIME_LOW_RES indicates that the system has no way to return
5618 ++ * granular time values. For relative timers we add hrtimer_resolution
5619 ++ * (i.e. one jiffie) to prevent short timeouts.
5620 ++ */
5621 ++ timer->is_rel = mode & HRTIMER_MODE_REL;
5622 ++ if (timer->is_rel)
5623 ++ tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution));
5624 ++#endif
5625 ++ return tim;
5626 ++}
5627 ++
5628 + /**
5629 + * hrtimer_start_range_ns - (re)start an hrtimer on the current CPU
5630 + * @timer: the timer to be added
5631 +@@ -974,19 +990,10 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim,
5632 + /* Remove an active timer from the queue: */
5633 + remove_hrtimer(timer, base, true);
5634 +
5635 +- if (mode & HRTIMER_MODE_REL) {
5636 ++ if (mode & HRTIMER_MODE_REL)
5637 + tim = ktime_add_safe(tim, base->get_time());
5638 +- /*
5639 +- * CONFIG_TIME_LOW_RES is a temporary way for architectures
5640 +- * to signal that they simply return xtime in
5641 +- * do_gettimeoffset(). In this case we want to round up by
5642 +- * resolution when starting a relative timer, to avoid short
5643 +- * timeouts. This will go away with the GTOD framework.
5644 +- */
5645 +-#ifdef CONFIG_TIME_LOW_RES
5646 +- tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution));
5647 +-#endif
5648 +- }
5649 ++
5650 ++ tim = hrtimer_update_lowres(timer, tim, mode);
5651 +
5652 + hrtimer_set_expires_range_ns(timer, tim, delta_ns);
5653 +
5654 +@@ -1074,19 +1081,23 @@ EXPORT_SYMBOL_GPL(hrtimer_cancel);
5655 + /**
5656 + * hrtimer_get_remaining - get remaining time for the timer
5657 + * @timer: the timer to read
5658 ++ * @adjust: adjust relative timers when CONFIG_TIME_LOW_RES=y
5659 + */
5660 +-ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
5661 ++ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust)
5662 + {
5663 + unsigned long flags;
5664 + ktime_t rem;
5665 +
5666 + lock_hrtimer_base(timer, &flags);
5667 +- rem = hrtimer_expires_remaining(timer);
5668 ++ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && adjust)
5669 ++ rem = hrtimer_expires_remaining_adjusted(timer);
5670 ++ else
5671 ++ rem = hrtimer_expires_remaining(timer);
5672 + unlock_hrtimer_base(timer, &flags);
5673 +
5674 + return rem;
5675 + }
5676 +-EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
5677 ++EXPORT_SYMBOL_GPL(__hrtimer_get_remaining);
5678 +
5679 + #ifdef CONFIG_NO_HZ_COMMON
5680 + /**
5681 +@@ -1220,6 +1231,14 @@ static void __run_hrtimer(struct hrtimer_cpu_base *cpu_base,
5682 + fn = timer->function;
5683 +
5684 + /*
5685 ++ * Clear the 'is relative' flag for the TIME_LOW_RES case. If the
5686 ++ * timer is restarted with a period then it becomes an absolute
5687 ++ * timer. If its not restarted it does not matter.
5688 ++ */
5689 ++ if (IS_ENABLED(CONFIG_TIME_LOW_RES))
5690 ++ timer->is_rel = false;
5691 ++
5692 ++ /*
5693 + * Because we run timers from hardirq context, there is no chance
5694 + * they get migrated to another cpu, therefore its safe to unlock
5695 + * the timer base.
5696 +diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
5697 +index f75e35b60149..ba7d8b288bb3 100644
5698 +--- a/kernel/time/timer_list.c
5699 ++++ b/kernel/time/timer_list.c
5700 +@@ -69,7 +69,7 @@ print_timer(struct seq_file *m, struct hrtimer *taddr, struct hrtimer *timer,
5701 + print_name_offset(m, taddr);
5702 + SEQ_printf(m, ", ");
5703 + print_name_offset(m, timer->function);
5704 +- SEQ_printf(m, ", S:%02lx", timer->state);
5705 ++ SEQ_printf(m, ", S:%02x", timer->state);
5706 + #ifdef CONFIG_TIMER_STATS
5707 + SEQ_printf(m, ", ");
5708 + print_name_offset(m, timer->start_site);
5709 +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
5710 +index 6e79408674aa..69f97541ce6e 100644
5711 +--- a/kernel/trace/trace.c
5712 ++++ b/kernel/trace/trace.c
5713 +@@ -6602,7 +6602,7 @@ static int instance_rmdir(const char *name)
5714 + tracing_set_nop(tr);
5715 + event_trace_del_tracer(tr);
5716 + ftrace_destroy_function_files(tr);
5717 +- debugfs_remove_recursive(tr->dir);
5718 ++ tracefs_remove_recursive(tr->dir);
5719 + free_trace_buffers(tr);
5720 +
5721 + kfree(tr->name);
5722 +diff --git a/kernel/trace/trace_printk.c b/kernel/trace/trace_printk.c
5723 +index 36c1455b7567..2dbffe22cbcf 100644
5724 +--- a/kernel/trace/trace_printk.c
5725 ++++ b/kernel/trace/trace_printk.c
5726 +@@ -267,6 +267,7 @@ static const char **find_next(void *v, loff_t *pos)
5727 + if (*pos < last_index + start_index)
5728 + return __start___tracepoint_str + (*pos - last_index);
5729 +
5730 ++ start_index += last_index;
5731 + return find_next_mod_format(start_index, v, fmt, pos);
5732 + }
5733 +
5734 +diff --git a/lib/hexdump.c b/lib/hexdump.c
5735 +index 8d74c20d8595..992457b1284c 100644
5736 +--- a/lib/hexdump.c
5737 ++++ b/lib/hexdump.c
5738 +@@ -169,11 +169,15 @@ int hex_dump_to_buffer(const void *buf, size_t len, int rowsize, int groupsize,
5739 + }
5740 + } else {
5741 + for (j = 0; j < len; j++) {
5742 +- if (linebuflen < lx + 3)
5743 ++ if (linebuflen < lx + 2)
5744 + goto overflow2;
5745 + ch = ptr[j];
5746 + linebuf[lx++] = hex_asc_hi(ch);
5747 ++ if (linebuflen < lx + 2)
5748 ++ goto overflow2;
5749 + linebuf[lx++] = hex_asc_lo(ch);
5750 ++ if (linebuflen < lx + 2)
5751 ++ goto overflow2;
5752 + linebuf[lx++] = ' ';
5753 + }
5754 + if (j)
5755 +diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c
5756 +index 6a08ce7d6adc..acf9da449f81 100644
5757 +--- a/lib/libcrc32c.c
5758 ++++ b/lib/libcrc32c.c
5759 +@@ -74,3 +74,4 @@ module_exit(libcrc32c_mod_fini);
5760 + MODULE_AUTHOR("Clay Haapala <chaapala@×××××.com>");
5761 + MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations");
5762 + MODULE_LICENSE("GPL");
5763 ++MODULE_SOFTDEP("pre: crc32c");
5764 +diff --git a/mm/backing-dev.c b/mm/backing-dev.c
5765 +index 619984fc07ec..4cf30e1ca163 100644
5766 +--- a/mm/backing-dev.c
5767 ++++ b/mm/backing-dev.c
5768 +@@ -957,8 +957,9 @@ EXPORT_SYMBOL(congestion_wait);
5769 + * jiffies for either a BDI to exit congestion of the given @sync queue
5770 + * or a write to complete.
5771 + *
5772 +- * In the absence of zone congestion, cond_resched() is called to yield
5773 +- * the processor if necessary but otherwise does not sleep.
5774 ++ * In the absence of zone congestion, a short sleep or a cond_resched is
5775 ++ * performed to yield the processor and to allow other subsystems to make
5776 ++ * a forward progress.
5777 + *
5778 + * The return value is 0 if the sleep is for the full timeout. Otherwise,
5779 + * it is the number of jiffies that were still remaining when the function
5780 +@@ -978,7 +979,19 @@ long wait_iff_congested(struct zone *zone, int sync, long timeout)
5781 + */
5782 + if (atomic_read(&nr_wb_congested[sync]) == 0 ||
5783 + !test_bit(ZONE_CONGESTED, &zone->flags)) {
5784 +- cond_resched();
5785 ++
5786 ++ /*
5787 ++ * Memory allocation/reclaim might be called from a WQ
5788 ++ * context and the current implementation of the WQ
5789 ++ * concurrency control doesn't recognize that a particular
5790 ++ * WQ is congested if the worker thread is looping without
5791 ++ * ever sleeping. Therefore we have to do a short sleep
5792 ++ * here rather than calling cond_resched().
5793 ++ */
5794 ++ if (current->flags & PF_WQ_WORKER)
5795 ++ schedule_timeout_uninterruptible(1);
5796 ++ else
5797 ++ cond_resched();
5798 +
5799 + /* In case we scheduled, work out time remaining */
5800 + ret = timeout - (jiffies - start);
5801 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
5802 +index 9cc773483624..960f0ace6824 100644
5803 +--- a/mm/hugetlb.c
5804 ++++ b/mm/hugetlb.c
5805 +@@ -372,8 +372,10 @@ retry_locked:
5806 + spin_unlock(&resv->lock);
5807 +
5808 + trg = kmalloc(sizeof(*trg), GFP_KERNEL);
5809 +- if (!trg)
5810 ++ if (!trg) {
5811 ++ kfree(nrg);
5812 + return -ENOMEM;
5813 ++ }
5814 +
5815 + spin_lock(&resv->lock);
5816 + list_add(&trg->link, &resv->region_cache);
5817 +@@ -483,8 +485,16 @@ static long region_del(struct resv_map *resv, long f, long t)
5818 + retry:
5819 + spin_lock(&resv->lock);
5820 + list_for_each_entry_safe(rg, trg, head, link) {
5821 +- if (rg->to <= f)
5822 ++ /*
5823 ++ * Skip regions before the range to be deleted. file_region
5824 ++ * ranges are normally of the form [from, to). However, there
5825 ++ * may be a "placeholder" entry in the map which is of the form
5826 ++ * (from, to) with from == to. Check for placeholder entries
5827 ++ * at the beginning of the range to be deleted.
5828 ++ */
5829 ++ if (rg->to <= f && (rg->to != rg->from || rg->to != f))
5830 + continue;
5831 ++
5832 + if (rg->from >= t)
5833 + break;
5834 +
5835 +@@ -1790,7 +1800,10 @@ struct page *alloc_huge_page(struct vm_area_struct *vma,
5836 + page = alloc_buddy_huge_page(h, NUMA_NO_NODE);
5837 + if (!page)
5838 + goto out_uncharge_cgroup;
5839 +-
5840 ++ if (!avoid_reserve && vma_has_reserves(vma, gbl_chg)) {
5841 ++ SetPagePrivate(page);
5842 ++ h->resv_huge_pages--;
5843 ++ }
5844 + spin_lock(&hugetlb_lock);
5845 + list_move(&page->lru, &h->hugepage_activelist);
5846 + /* Fall through */
5847 +@@ -3587,12 +3600,12 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
5848 + } else if (unlikely(is_hugetlb_entry_hwpoisoned(entry)))
5849 + return VM_FAULT_HWPOISON_LARGE |
5850 + VM_FAULT_SET_HINDEX(hstate_index(h));
5851 ++ } else {
5852 ++ ptep = huge_pte_alloc(mm, address, huge_page_size(h));
5853 ++ if (!ptep)
5854 ++ return VM_FAULT_OOM;
5855 + }
5856 +
5857 +- ptep = huge_pte_alloc(mm, address, huge_page_size(h));
5858 +- if (!ptep)
5859 +- return VM_FAULT_OOM;
5860 +-
5861 + mapping = vma->vm_file->f_mapping;
5862 + idx = vma_hugecache_offset(h, vma, address);
5863 +
5864 +diff --git a/mm/memcontrol.c b/mm/memcontrol.c
5865 +index c57c4423c688..2233233282c6 100644
5866 +--- a/mm/memcontrol.c
5867 ++++ b/mm/memcontrol.c
5868 +@@ -902,14 +902,20 @@ struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
5869 + if (prev && reclaim->generation != iter->generation)
5870 + goto out_unlock;
5871 +
5872 +- do {
5873 ++ while (1) {
5874 + pos = READ_ONCE(iter->position);
5875 ++ if (!pos || css_tryget(&pos->css))
5876 ++ break;
5877 + /*
5878 +- * A racing update may change the position and
5879 +- * put the last reference, hence css_tryget(),
5880 +- * or retry to see the updated position.
5881 ++ * css reference reached zero, so iter->position will
5882 ++ * be cleared by ->css_released. However, we should not
5883 ++ * rely on this happening soon, because ->css_released
5884 ++ * is called from a work queue, and by busy-waiting we
5885 ++ * might block it. So we clear iter->position right
5886 ++ * away.
5887 + */
5888 +- } while (pos && !css_tryget(&pos->css));
5889 ++ (void)cmpxchg(&iter->position, pos, NULL);
5890 ++ }
5891 + }
5892 +
5893 + if (pos)
5894 +@@ -955,17 +961,13 @@ struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
5895 + }
5896 +
5897 + if (reclaim) {
5898 +- if (cmpxchg(&iter->position, pos, memcg) == pos) {
5899 +- if (memcg)
5900 +- css_get(&memcg->css);
5901 +- if (pos)
5902 +- css_put(&pos->css);
5903 +- }
5904 +-
5905 + /*
5906 +- * pairs with css_tryget when dereferencing iter->position
5907 +- * above.
5908 ++ * The position could have already been updated by a competing
5909 ++ * thread, so check that the value hasn't changed since we read
5910 ++ * it to avoid reclaiming from the same cgroup twice.
5911 + */
5912 ++ (void)cmpxchg(&iter->position, pos, memcg);
5913 ++
5914 + if (pos)
5915 + css_put(&pos->css);
5916 +
5917 +@@ -998,6 +1000,28 @@ void mem_cgroup_iter_break(struct mem_cgroup *root,
5918 + css_put(&prev->css);
5919 + }
5920 +
5921 ++static void invalidate_reclaim_iterators(struct mem_cgroup *dead_memcg)
5922 ++{
5923 ++ struct mem_cgroup *memcg = dead_memcg;
5924 ++ struct mem_cgroup_reclaim_iter *iter;
5925 ++ struct mem_cgroup_per_zone *mz;
5926 ++ int nid, zid;
5927 ++ int i;
5928 ++
5929 ++ while ((memcg = parent_mem_cgroup(memcg))) {
5930 ++ for_each_node(nid) {
5931 ++ for (zid = 0; zid < MAX_NR_ZONES; zid++) {
5932 ++ mz = &memcg->nodeinfo[nid]->zoneinfo[zid];
5933 ++ for (i = 0; i <= DEF_PRIORITY; i++) {
5934 ++ iter = &mz->iter[i];
5935 ++ cmpxchg(&iter->position,
5936 ++ dead_memcg, NULL);
5937 ++ }
5938 ++ }
5939 ++ }
5940 ++ }
5941 ++}
5942 ++
5943 + /*
5944 + * Iteration constructs for visiting all cgroups (under a tree). If
5945 + * loops are exited prematurely (break), mem_cgroup_iter_break() must
5946 +@@ -2836,9 +2860,9 @@ static unsigned long tree_stat(struct mem_cgroup *memcg,
5947 + return val;
5948 + }
5949 +
5950 +-static inline u64 mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
5951 ++static inline unsigned long mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
5952 + {
5953 +- u64 val;
5954 ++ unsigned long val;
5955 +
5956 + if (mem_cgroup_is_root(memcg)) {
5957 + val = tree_stat(memcg, MEM_CGROUP_STAT_CACHE);
5958 +@@ -2851,7 +2875,7 @@ static inline u64 mem_cgroup_usage(struct mem_cgroup *memcg, bool swap)
5959 + else
5960 + val = page_counter_read(&memcg->memsw);
5961 + }
5962 +- return val << PAGE_SHIFT;
5963 ++ return val;
5964 + }
5965 +
5966 + enum {
5967 +@@ -2885,9 +2909,9 @@ static u64 mem_cgroup_read_u64(struct cgroup_subsys_state *css,
5968 + switch (MEMFILE_ATTR(cft->private)) {
5969 + case RES_USAGE:
5970 + if (counter == &memcg->memory)
5971 +- return mem_cgroup_usage(memcg, false);
5972 ++ return (u64)mem_cgroup_usage(memcg, false) * PAGE_SIZE;
5973 + if (counter == &memcg->memsw)
5974 +- return mem_cgroup_usage(memcg, true);
5975 ++ return (u64)mem_cgroup_usage(memcg, true) * PAGE_SIZE;
5976 + return (u64)page_counter_read(counter) * PAGE_SIZE;
5977 + case RES_LIMIT:
5978 + return (u64)counter->limit * PAGE_SIZE;
5979 +@@ -3387,7 +3411,6 @@ static int __mem_cgroup_usage_register_event(struct mem_cgroup *memcg,
5980 + ret = page_counter_memparse(args, "-1", &threshold);
5981 + if (ret)
5982 + return ret;
5983 +- threshold <<= PAGE_SHIFT;
5984 +
5985 + mutex_lock(&memcg->thresholds_lock);
5986 +
5987 +@@ -4361,6 +4384,13 @@ static void mem_cgroup_css_offline(struct cgroup_subsys_state *css)
5988 + wb_memcg_offline(memcg);
5989 + }
5990 +
5991 ++static void mem_cgroup_css_released(struct cgroup_subsys_state *css)
5992 ++{
5993 ++ struct mem_cgroup *memcg = mem_cgroup_from_css(css);
5994 ++
5995 ++ invalidate_reclaim_iterators(memcg);
5996 ++}
5997 ++
5998 + static void mem_cgroup_css_free(struct cgroup_subsys_state *css)
5999 + {
6000 + struct mem_cgroup *memcg = mem_cgroup_from_css(css);
6001 +@@ -5217,6 +5247,7 @@ struct cgroup_subsys memory_cgrp_subsys = {
6002 + .css_alloc = mem_cgroup_css_alloc,
6003 + .css_online = mem_cgroup_css_online,
6004 + .css_offline = mem_cgroup_css_offline,
6005 ++ .css_released = mem_cgroup_css_released,
6006 + .css_free = mem_cgroup_css_free,
6007 + .css_reset = mem_cgroup_css_reset,
6008 + .can_attach = mem_cgroup_can_attach,
6009 +diff --git a/mm/oom_kill.c b/mm/oom_kill.c
6010 +index 1ecc0bcaecc5..8ad35aa45436 100644
6011 +--- a/mm/oom_kill.c
6012 ++++ b/mm/oom_kill.c
6013 +@@ -554,6 +554,12 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p,
6014 +
6015 + /* mm cannot safely be dereferenced after task_unlock(victim) */
6016 + mm = victim->mm;
6017 ++ /*
6018 ++ * We should send SIGKILL before setting TIF_MEMDIE in order to prevent
6019 ++ * the OOM victim from depleting the memory reserves from the user
6020 ++ * space under its control.
6021 ++ */
6022 ++ do_send_sig_info(SIGKILL, SEND_SIG_FORCED, victim, true);
6023 + mark_oom_victim(victim);
6024 + pr_err("Killed process %d (%s) total-vm:%lukB, anon-rss:%lukB, file-rss:%lukB\n",
6025 + task_pid_nr(victim), victim->comm, K(victim->mm->total_vm),
6026 +@@ -585,7 +591,6 @@ void oom_kill_process(struct oom_control *oc, struct task_struct *p,
6027 + }
6028 + rcu_read_unlock();
6029 +
6030 +- do_send_sig_info(SIGKILL, SEND_SIG_FORCED, victim, true);
6031 + put_task_struct(victim);
6032 + }
6033 + #undef K
6034 +diff --git a/mm/slab.c b/mm/slab.c
6035 +index 4fcc5dd8d5a6..461935bab9ef 100644
6036 +--- a/mm/slab.c
6037 ++++ b/mm/slab.c
6038 +@@ -282,6 +282,7 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
6039 +
6040 + #define CFLGS_OFF_SLAB (0x80000000UL)
6041 + #define OFF_SLAB(x) ((x)->flags & CFLGS_OFF_SLAB)
6042 ++#define OFF_SLAB_MIN_SIZE (max_t(size_t, PAGE_SIZE >> 5, KMALLOC_MIN_SIZE + 1))
6043 +
6044 + #define BATCHREFILL_LIMIT 16
6045 + /*
6046 +@@ -2212,7 +2213,7 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
6047 + * it too early on. Always use on-slab management when
6048 + * SLAB_NOLEAKTRACE to avoid recursive calls into kmemleak)
6049 + */
6050 +- if ((size >= (PAGE_SIZE >> 5)) && !slab_early_init &&
6051 ++ if (size >= OFF_SLAB_MIN_SIZE && !slab_early_init &&
6052 + !(flags & SLAB_NOLEAKTRACE))
6053 + /*
6054 + * Size is large, assume best to place the slab management obj
6055 +@@ -2276,7 +2277,7 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
6056 + /*
6057 + * This is a possibility for one of the kmalloc_{dma,}_caches.
6058 + * But since we go off slab only for object size greater than
6059 +- * PAGE_SIZE/8, and kmalloc_{dma,}_caches get created
6060 ++ * OFF_SLAB_MIN_SIZE, and kmalloc_{dma,}_caches get created
6061 + * in ascending order,this should not happen at all.
6062 + * But leave a BUG_ON for some lucky dude.
6063 + */
6064 +diff --git a/mm/vmstat.c b/mm/vmstat.c
6065 +index fbf14485a049..34444706a3a7 100644
6066 +--- a/mm/vmstat.c
6067 ++++ b/mm/vmstat.c
6068 +@@ -1357,6 +1357,7 @@ static const struct file_operations proc_vmstat_file_operations = {
6069 + #endif /* CONFIG_PROC_FS */
6070 +
6071 + #ifdef CONFIG_SMP
6072 ++static struct workqueue_struct *vmstat_wq;
6073 + static DEFINE_PER_CPU(struct delayed_work, vmstat_work);
6074 + int sysctl_stat_interval __read_mostly = HZ;
6075 + static cpumask_var_t cpu_stat_off;
6076 +@@ -1369,7 +1370,7 @@ static void vmstat_update(struct work_struct *w)
6077 + * to occur in the future. Keep on running the
6078 + * update worker thread.
6079 + */
6080 +- schedule_delayed_work_on(smp_processor_id(),
6081 ++ queue_delayed_work_on(smp_processor_id(), vmstat_wq,
6082 + this_cpu_ptr(&vmstat_work),
6083 + round_jiffies_relative(sysctl_stat_interval));
6084 + } else {
6085 +@@ -1438,7 +1439,7 @@ static void vmstat_shepherd(struct work_struct *w)
6086 + if (need_update(cpu) &&
6087 + cpumask_test_and_clear_cpu(cpu, cpu_stat_off))
6088 +
6089 +- schedule_delayed_work_on(cpu,
6090 ++ queue_delayed_work_on(cpu, vmstat_wq,
6091 + &per_cpu(vmstat_work, cpu), 0);
6092 +
6093 + put_online_cpus();
6094 +@@ -1527,6 +1528,7 @@ static int __init setup_vmstat(void)
6095 +
6096 + start_shepherd_timer();
6097 + cpu_notifier_register_done();
6098 ++ vmstat_wq = alloc_workqueue("vmstat", WQ_FREEZABLE|WQ_MEM_RECLAIM, 0);
6099 + #endif
6100 + #ifdef CONFIG_PROC_FS
6101 + proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
6102 +diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
6103 +index f135b1b6fcdc..3734fc4d2e74 100644
6104 +--- a/mm/zsmalloc.c
6105 ++++ b/mm/zsmalloc.c
6106 +@@ -304,7 +304,12 @@ static void free_handle(struct zs_pool *pool, unsigned long handle)
6107 +
6108 + static void record_obj(unsigned long handle, unsigned long obj)
6109 + {
6110 +- *(unsigned long *)handle = obj;
6111 ++ /*
6112 ++ * lsb of @obj represents handle lock while other bits
6113 ++ * represent object value the handle is pointing so
6114 ++ * updating shouldn't do store tearing.
6115 ++ */
6116 ++ WRITE_ONCE(*(unsigned long *)handle, obj);
6117 + }
6118 +
6119 + /* zpool driver */
6120 +@@ -1629,6 +1634,13 @@ static int migrate_zspage(struct zs_pool *pool, struct size_class *class,
6121 + free_obj = obj_malloc(d_page, class, handle);
6122 + zs_object_copy(free_obj, used_obj, class);
6123 + index++;
6124 ++ /*
6125 ++ * record_obj updates handle's value to free_obj and it will
6126 ++ * invalidate lock bit(ie, HANDLE_PIN_BIT) of handle, which
6127 ++ * breaks synchronization using pin_tag(e,g, zs_free) so
6128 ++ * let's keep the lock bit.
6129 ++ */
6130 ++ free_obj |= BIT(HANDLE_PIN_BIT);
6131 + record_obj(handle, free_obj);
6132 + unpin_tag(handle);
6133 + obj_free(pool, class, used_obj);
6134 +diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
6135 +index 36fb6b527829..5be9ffbe90ba 100644
6136 +--- a/security/integrity/digsig.c
6137 ++++ b/security/integrity/digsig.c
6138 +@@ -105,7 +105,7 @@ int __init integrity_load_x509(const unsigned int id, const char *path)
6139 + rc,
6140 + ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
6141 + KEY_USR_VIEW | KEY_USR_READ),
6142 +- KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_TRUSTED);
6143 ++ KEY_ALLOC_NOT_IN_QUOTA);
6144 + if (IS_ERR(key)) {
6145 + rc = PTR_ERR(key);
6146 + pr_err("Problem loading X.509 certificate (%d): %s\n",
6147 +diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
6148 +index 1334e02ae8f4..3d145a3ffccf 100644
6149 +--- a/security/integrity/evm/evm_main.c
6150 ++++ b/security/integrity/evm/evm_main.c
6151 +@@ -23,6 +23,7 @@
6152 + #include <linux/integrity.h>
6153 + #include <linux/evm.h>
6154 + #include <crypto/hash.h>
6155 ++#include <crypto/algapi.h>
6156 + #include "evm.h"
6157 +
6158 + int evm_initialized;
6159 +@@ -148,7 +149,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
6160 + xattr_value_len, calc.digest);
6161 + if (rc)
6162 + break;
6163 +- rc = memcmp(xattr_data->digest, calc.digest,
6164 ++ rc = crypto_memneq(xattr_data->digest, calc.digest,
6165 + sizeof(calc.digest));
6166 + if (rc)
6167 + rc = -EINVAL;
6168 +diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
6169 +index b123c42e7dc8..b554d7f9e3be 100644
6170 +--- a/sound/core/compress_offload.c
6171 ++++ b/sound/core/compress_offload.c
6172 +@@ -44,6 +44,13 @@
6173 + #include <sound/compress_offload.h>
6174 + #include <sound/compress_driver.h>
6175 +
6176 ++/* struct snd_compr_codec_caps overflows the ioctl bit size for some
6177 ++ * architectures, so we need to disable the relevant ioctls.
6178 ++ */
6179 ++#if _IOC_SIZEBITS < 14
6180 ++#define COMPR_CODEC_CAPS_OVERFLOW
6181 ++#endif
6182 ++
6183 + /* TODO:
6184 + * - add substream support for multiple devices in case of
6185 + * SND_DYNAMIC_MINORS is not used
6186 +@@ -438,6 +445,7 @@ out:
6187 + return retval;
6188 + }
6189 +
6190 ++#ifndef COMPR_CODEC_CAPS_OVERFLOW
6191 + static int
6192 + snd_compr_get_codec_caps(struct snd_compr_stream *stream, unsigned long arg)
6193 + {
6194 +@@ -461,6 +469,7 @@ out:
6195 + kfree(caps);
6196 + return retval;
6197 + }
6198 ++#endif /* !COMPR_CODEC_CAPS_OVERFLOW */
6199 +
6200 + /* revisit this with snd_pcm_preallocate_xxx */
6201 + static int snd_compr_allocate_buffer(struct snd_compr_stream *stream,
6202 +@@ -799,9 +808,11 @@ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
6203 + case _IOC_NR(SNDRV_COMPRESS_GET_CAPS):
6204 + retval = snd_compr_get_caps(stream, arg);
6205 + break;
6206 ++#ifndef COMPR_CODEC_CAPS_OVERFLOW
6207 + case _IOC_NR(SNDRV_COMPRESS_GET_CODEC_CAPS):
6208 + retval = snd_compr_get_codec_caps(stream, arg);
6209 + break;
6210 ++#endif
6211 + case _IOC_NR(SNDRV_COMPRESS_SET_PARAMS):
6212 + retval = snd_compr_set_params(stream, arg);
6213 + break;
6214 +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
6215 +index 58550cc93f28..33e72c809e50 100644
6216 +--- a/sound/core/oss/pcm_oss.c
6217 ++++ b/sound/core/oss/pcm_oss.c
6218 +@@ -834,7 +834,8 @@ static int choose_rate(struct snd_pcm_substream *substream,
6219 + return snd_pcm_hw_param_near(substream, params, SNDRV_PCM_HW_PARAM_RATE, best_rate, NULL);
6220 + }
6221 +
6222 +-static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream)
6223 ++static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream,
6224 ++ bool trylock)
6225 + {
6226 + struct snd_pcm_runtime *runtime = substream->runtime;
6227 + struct snd_pcm_hw_params *params, *sparams;
6228 +@@ -848,7 +849,10 @@ static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream)
6229 + struct snd_mask sformat_mask;
6230 + struct snd_mask mask;
6231 +
6232 +- if (mutex_lock_interruptible(&runtime->oss.params_lock))
6233 ++ if (trylock) {
6234 ++ if (!(mutex_trylock(&runtime->oss.params_lock)))
6235 ++ return -EAGAIN;
6236 ++ } else if (mutex_lock_interruptible(&runtime->oss.params_lock))
6237 + return -EINTR;
6238 + sw_params = kmalloc(sizeof(*sw_params), GFP_KERNEL);
6239 + params = kmalloc(sizeof(*params), GFP_KERNEL);
6240 +@@ -1092,7 +1096,7 @@ static int snd_pcm_oss_get_active_substream(struct snd_pcm_oss_file *pcm_oss_fil
6241 + if (asubstream == NULL)
6242 + asubstream = substream;
6243 + if (substream->runtime->oss.params) {
6244 +- err = snd_pcm_oss_change_params(substream);
6245 ++ err = snd_pcm_oss_change_params(substream, false);
6246 + if (err < 0)
6247 + return err;
6248 + }
6249 +@@ -1132,7 +1136,7 @@ static int snd_pcm_oss_make_ready(struct snd_pcm_substream *substream)
6250 + return 0;
6251 + runtime = substream->runtime;
6252 + if (runtime->oss.params) {
6253 +- err = snd_pcm_oss_change_params(substream);
6254 ++ err = snd_pcm_oss_change_params(substream, false);
6255 + if (err < 0)
6256 + return err;
6257 + }
6258 +@@ -2163,7 +2167,7 @@ static int snd_pcm_oss_get_space(struct snd_pcm_oss_file *pcm_oss_file, int stre
6259 + runtime = substream->runtime;
6260 +
6261 + if (runtime->oss.params &&
6262 +- (err = snd_pcm_oss_change_params(substream)) < 0)
6263 ++ (err = snd_pcm_oss_change_params(substream, false)) < 0)
6264 + return err;
6265 +
6266 + info.fragsize = runtime->oss.period_bytes;
6267 +@@ -2800,7 +2804,12 @@ static int snd_pcm_oss_mmap(struct file *file, struct vm_area_struct *area)
6268 + return -EIO;
6269 +
6270 + if (runtime->oss.params) {
6271 +- if ((err = snd_pcm_oss_change_params(substream)) < 0)
6272 ++ /* use mutex_trylock() for params_lock for avoiding a deadlock
6273 ++ * between mmap_sem and params_lock taken by
6274 ++ * copy_from/to_user() in snd_pcm_oss_write/read()
6275 ++ */
6276 ++ err = snd_pcm_oss_change_params(substream, true);
6277 ++ if (err < 0)
6278 + return err;
6279 + }
6280 + #ifdef CONFIG_SND_PCM_OSS_PLUGINS
6281 +diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
6282 +index a7759846fbaa..795437b10082 100644
6283 +--- a/sound/core/rawmidi.c
6284 ++++ b/sound/core/rawmidi.c
6285 +@@ -942,31 +942,36 @@ static long snd_rawmidi_kernel_read1(struct snd_rawmidi_substream *substream,
6286 + unsigned long flags;
6287 + long result = 0, count1;
6288 + struct snd_rawmidi_runtime *runtime = substream->runtime;
6289 ++ unsigned long appl_ptr;
6290 +
6291 ++ spin_lock_irqsave(&runtime->lock, flags);
6292 + while (count > 0 && runtime->avail) {
6293 + count1 = runtime->buffer_size - runtime->appl_ptr;
6294 + if (count1 > count)
6295 + count1 = count;
6296 +- spin_lock_irqsave(&runtime->lock, flags);
6297 + if (count1 > (int)runtime->avail)
6298 + count1 = runtime->avail;
6299 ++
6300 ++ /* update runtime->appl_ptr before unlocking for userbuf */
6301 ++ appl_ptr = runtime->appl_ptr;
6302 ++ runtime->appl_ptr += count1;
6303 ++ runtime->appl_ptr %= runtime->buffer_size;
6304 ++ runtime->avail -= count1;
6305 ++
6306 + if (kernelbuf)
6307 +- memcpy(kernelbuf + result, runtime->buffer + runtime->appl_ptr, count1);
6308 ++ memcpy(kernelbuf + result, runtime->buffer + appl_ptr, count1);
6309 + if (userbuf) {
6310 + spin_unlock_irqrestore(&runtime->lock, flags);
6311 + if (copy_to_user(userbuf + result,
6312 +- runtime->buffer + runtime->appl_ptr, count1)) {
6313 ++ runtime->buffer + appl_ptr, count1)) {
6314 + return result > 0 ? result : -EFAULT;
6315 + }
6316 + spin_lock_irqsave(&runtime->lock, flags);
6317 + }
6318 +- runtime->appl_ptr += count1;
6319 +- runtime->appl_ptr %= runtime->buffer_size;
6320 +- runtime->avail -= count1;
6321 +- spin_unlock_irqrestore(&runtime->lock, flags);
6322 + result += count1;
6323 + count -= count1;
6324 + }
6325 ++ spin_unlock_irqrestore(&runtime->lock, flags);
6326 + return result;
6327 + }
6328 +
6329 +@@ -1055,23 +1060,16 @@ int snd_rawmidi_transmit_empty(struct snd_rawmidi_substream *substream)
6330 + EXPORT_SYMBOL(snd_rawmidi_transmit_empty);
6331 +
6332 + /**
6333 +- * snd_rawmidi_transmit_peek - copy data from the internal buffer
6334 ++ * __snd_rawmidi_transmit_peek - copy data from the internal buffer
6335 + * @substream: the rawmidi substream
6336 + * @buffer: the buffer pointer
6337 + * @count: data size to transfer
6338 + *
6339 +- * Copies data from the internal output buffer to the given buffer.
6340 +- *
6341 +- * Call this in the interrupt handler when the midi output is ready,
6342 +- * and call snd_rawmidi_transmit_ack() after the transmission is
6343 +- * finished.
6344 +- *
6345 +- * Return: The size of copied data, or a negative error code on failure.
6346 ++ * This is a variant of snd_rawmidi_transmit_peek() without spinlock.
6347 + */
6348 +-int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
6349 ++int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
6350 + unsigned char *buffer, int count)
6351 + {
6352 +- unsigned long flags;
6353 + int result, count1;
6354 + struct snd_rawmidi_runtime *runtime = substream->runtime;
6355 +
6356 +@@ -1081,7 +1079,6 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
6357 + return -EINVAL;
6358 + }
6359 + result = 0;
6360 +- spin_lock_irqsave(&runtime->lock, flags);
6361 + if (runtime->avail >= runtime->buffer_size) {
6362 + /* warning: lowlevel layer MUST trigger down the hardware */
6363 + goto __skip;
6364 +@@ -1106,25 +1103,47 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
6365 + }
6366 + }
6367 + __skip:
6368 ++ return result;
6369 ++}
6370 ++EXPORT_SYMBOL(__snd_rawmidi_transmit_peek);
6371 ++
6372 ++/**
6373 ++ * snd_rawmidi_transmit_peek - copy data from the internal buffer
6374 ++ * @substream: the rawmidi substream
6375 ++ * @buffer: the buffer pointer
6376 ++ * @count: data size to transfer
6377 ++ *
6378 ++ * Copies data from the internal output buffer to the given buffer.
6379 ++ *
6380 ++ * Call this in the interrupt handler when the midi output is ready,
6381 ++ * and call snd_rawmidi_transmit_ack() after the transmission is
6382 ++ * finished.
6383 ++ *
6384 ++ * Return: The size of copied data, or a negative error code on failure.
6385 ++ */
6386 ++int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
6387 ++ unsigned char *buffer, int count)
6388 ++{
6389 ++ struct snd_rawmidi_runtime *runtime = substream->runtime;
6390 ++ int result;
6391 ++ unsigned long flags;
6392 ++
6393 ++ spin_lock_irqsave(&runtime->lock, flags);
6394 ++ result = __snd_rawmidi_transmit_peek(substream, buffer, count);
6395 + spin_unlock_irqrestore(&runtime->lock, flags);
6396 + return result;
6397 + }
6398 + EXPORT_SYMBOL(snd_rawmidi_transmit_peek);
6399 +
6400 + /**
6401 +- * snd_rawmidi_transmit_ack - acknowledge the transmission
6402 ++ * __snd_rawmidi_transmit_ack - acknowledge the transmission
6403 + * @substream: the rawmidi substream
6404 + * @count: the transferred count
6405 + *
6406 +- * Advances the hardware pointer for the internal output buffer with
6407 +- * the given size and updates the condition.
6408 +- * Call after the transmission is finished.
6409 +- *
6410 +- * Return: The advanced size if successful, or a negative error code on failure.
6411 ++ * This is a variant of __snd_rawmidi_transmit_ack() without spinlock.
6412 + */
6413 +-int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
6414 ++int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
6415 + {
6416 +- unsigned long flags;
6417 + struct snd_rawmidi_runtime *runtime = substream->runtime;
6418 +
6419 + if (runtime->buffer == NULL) {
6420 +@@ -1132,7 +1151,6 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
6421 + "snd_rawmidi_transmit_ack: output is not active!!!\n");
6422 + return -EINVAL;
6423 + }
6424 +- spin_lock_irqsave(&runtime->lock, flags);
6425 + snd_BUG_ON(runtime->avail + count > runtime->buffer_size);
6426 + runtime->hw_ptr += count;
6427 + runtime->hw_ptr %= runtime->buffer_size;
6428 +@@ -1142,9 +1160,32 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
6429 + if (runtime->drain || snd_rawmidi_ready(substream))
6430 + wake_up(&runtime->sleep);
6431 + }
6432 +- spin_unlock_irqrestore(&runtime->lock, flags);
6433 + return count;
6434 + }
6435 ++EXPORT_SYMBOL(__snd_rawmidi_transmit_ack);
6436 ++
6437 ++/**
6438 ++ * snd_rawmidi_transmit_ack - acknowledge the transmission
6439 ++ * @substream: the rawmidi substream
6440 ++ * @count: the transferred count
6441 ++ *
6442 ++ * Advances the hardware pointer for the internal output buffer with
6443 ++ * the given size and updates the condition.
6444 ++ * Call after the transmission is finished.
6445 ++ *
6446 ++ * Return: The advanced size if successful, or a negative error code on failure.
6447 ++ */
6448 ++int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count)
6449 ++{
6450 ++ struct snd_rawmidi_runtime *runtime = substream->runtime;
6451 ++ int result;
6452 ++ unsigned long flags;
6453 ++
6454 ++ spin_lock_irqsave(&runtime->lock, flags);
6455 ++ result = __snd_rawmidi_transmit_ack(substream, count);
6456 ++ spin_unlock_irqrestore(&runtime->lock, flags);
6457 ++ return result;
6458 ++}
6459 + EXPORT_SYMBOL(snd_rawmidi_transmit_ack);
6460 +
6461 + /**
6462 +@@ -1160,12 +1201,22 @@ EXPORT_SYMBOL(snd_rawmidi_transmit_ack);
6463 + int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream,
6464 + unsigned char *buffer, int count)
6465 + {
6466 ++ struct snd_rawmidi_runtime *runtime = substream->runtime;
6467 ++ int result;
6468 ++ unsigned long flags;
6469 ++
6470 ++ spin_lock_irqsave(&runtime->lock, flags);
6471 + if (!substream->opened)
6472 +- return -EBADFD;
6473 +- count = snd_rawmidi_transmit_peek(substream, buffer, count);
6474 +- if (count < 0)
6475 +- return count;
6476 +- return snd_rawmidi_transmit_ack(substream, count);
6477 ++ result = -EBADFD;
6478 ++ else {
6479 ++ count = __snd_rawmidi_transmit_peek(substream, buffer, count);
6480 ++ if (count <= 0)
6481 ++ result = count;
6482 ++ else
6483 ++ result = __snd_rawmidi_transmit_ack(substream, count);
6484 ++ }
6485 ++ spin_unlock_irqrestore(&runtime->lock, flags);
6486 ++ return result;
6487 + }
6488 + EXPORT_SYMBOL(snd_rawmidi_transmit);
6489 +
6490 +@@ -1177,8 +1228,9 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
6491 + unsigned long flags;
6492 + long count1, result;
6493 + struct snd_rawmidi_runtime *runtime = substream->runtime;
6494 ++ unsigned long appl_ptr;
6495 +
6496 +- if (snd_BUG_ON(!kernelbuf && !userbuf))
6497 ++ if (!kernelbuf && !userbuf)
6498 + return -EINVAL;
6499 + if (snd_BUG_ON(!runtime->buffer))
6500 + return -EINVAL;
6501 +@@ -1197,12 +1249,19 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
6502 + count1 = count;
6503 + if (count1 > (long)runtime->avail)
6504 + count1 = runtime->avail;
6505 ++
6506 ++ /* update runtime->appl_ptr before unlocking for userbuf */
6507 ++ appl_ptr = runtime->appl_ptr;
6508 ++ runtime->appl_ptr += count1;
6509 ++ runtime->appl_ptr %= runtime->buffer_size;
6510 ++ runtime->avail -= count1;
6511 ++
6512 + if (kernelbuf)
6513 +- memcpy(runtime->buffer + runtime->appl_ptr,
6514 ++ memcpy(runtime->buffer + appl_ptr,
6515 + kernelbuf + result, count1);
6516 + else if (userbuf) {
6517 + spin_unlock_irqrestore(&runtime->lock, flags);
6518 +- if (copy_from_user(runtime->buffer + runtime->appl_ptr,
6519 ++ if (copy_from_user(runtime->buffer + appl_ptr,
6520 + userbuf + result, count1)) {
6521 + spin_lock_irqsave(&runtime->lock, flags);
6522 + result = result > 0 ? result : -EFAULT;
6523 +@@ -1210,9 +1269,6 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream,
6524 + }
6525 + spin_lock_irqsave(&runtime->lock, flags);
6526 + }
6527 +- runtime->appl_ptr += count1;
6528 +- runtime->appl_ptr %= runtime->buffer_size;
6529 +- runtime->avail -= count1;
6530 + result += count1;
6531 + count -= count1;
6532 + }
6533 +diff --git a/sound/core/seq/oss/seq_oss_init.c b/sound/core/seq/oss/seq_oss_init.c
6534 +index b1221b29728e..6779e82b46dd 100644
6535 +--- a/sound/core/seq/oss/seq_oss_init.c
6536 ++++ b/sound/core/seq/oss/seq_oss_init.c
6537 +@@ -202,7 +202,7 @@ snd_seq_oss_open(struct file *file, int level)
6538 +
6539 + dp->index = i;
6540 + if (i >= SNDRV_SEQ_OSS_MAX_CLIENTS) {
6541 +- pr_err("ALSA: seq_oss: too many applications\n");
6542 ++ pr_debug("ALSA: seq_oss: too many applications\n");
6543 + rc = -ENOMEM;
6544 + goto _error;
6545 + }
6546 +diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
6547 +index 0f3b38184fe5..b16dbef04174 100644
6548 +--- a/sound/core/seq/oss/seq_oss_synth.c
6549 ++++ b/sound/core/seq/oss/seq_oss_synth.c
6550 +@@ -308,7 +308,7 @@ snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp)
6551 + struct seq_oss_synth *rec;
6552 + struct seq_oss_synthinfo *info;
6553 +
6554 +- if (snd_BUG_ON(dp->max_synthdev >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS))
6555 ++ if (snd_BUG_ON(dp->max_synthdev > SNDRV_SEQ_OSS_MAX_SYNTH_DEVS))
6556 + return;
6557 + for (i = 0; i < dp->max_synthdev; i++) {
6558 + info = &dp->synths[i];
6559 +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
6560 +index 13cfa815732d..58e79e02f217 100644
6561 +--- a/sound/core/seq/seq_clientmgr.c
6562 ++++ b/sound/core/seq/seq_clientmgr.c
6563 +@@ -678,6 +678,9 @@ static int deliver_to_subscribers(struct snd_seq_client *client,
6564 + else
6565 + down_read(&grp->list_mutex);
6566 + list_for_each_entry(subs, &grp->list_head, src_list) {
6567 ++ /* both ports ready? */
6568 ++ if (atomic_read(&subs->ref_count) != 2)
6569 ++ continue;
6570 + event->dest = subs->info.dest;
6571 + if (subs->info.flags & SNDRV_SEQ_PORT_SUBS_TIMESTAMP)
6572 + /* convert time according to flag with subscription */
6573 +diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c
6574 +index 55170a20ae72..921fb2bd8fad 100644
6575 +--- a/sound/core/seq/seq_ports.c
6576 ++++ b/sound/core/seq/seq_ports.c
6577 +@@ -173,10 +173,6 @@ struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client,
6578 + }
6579 +
6580 + /* */
6581 +-enum group_type {
6582 +- SRC_LIST, DEST_LIST
6583 +-};
6584 +-
6585 + static int subscribe_port(struct snd_seq_client *client,
6586 + struct snd_seq_client_port *port,
6587 + struct snd_seq_port_subs_info *grp,
6588 +@@ -203,6 +199,20 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr,
6589 + return NULL;
6590 + }
6591 +
6592 ++static void delete_and_unsubscribe_port(struct snd_seq_client *client,
6593 ++ struct snd_seq_client_port *port,
6594 ++ struct snd_seq_subscribers *subs,
6595 ++ bool is_src, bool ack);
6596 ++
6597 ++static inline struct snd_seq_subscribers *
6598 ++get_subscriber(struct list_head *p, bool is_src)
6599 ++{
6600 ++ if (is_src)
6601 ++ return list_entry(p, struct snd_seq_subscribers, src_list);
6602 ++ else
6603 ++ return list_entry(p, struct snd_seq_subscribers, dest_list);
6604 ++}
6605 ++
6606 + /*
6607 + * remove all subscribers on the list
6608 + * this is called from port_delete, for each src and dest list.
6609 +@@ -210,7 +220,7 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr,
6610 + static void clear_subscriber_list(struct snd_seq_client *client,
6611 + struct snd_seq_client_port *port,
6612 + struct snd_seq_port_subs_info *grp,
6613 +- int grptype)
6614 ++ int is_src)
6615 + {
6616 + struct list_head *p, *n;
6617 +
6618 +@@ -219,15 +229,13 @@ static void clear_subscriber_list(struct snd_seq_client *client,
6619 + struct snd_seq_client *c;
6620 + struct snd_seq_client_port *aport;
6621 +
6622 +- if (grptype == SRC_LIST) {
6623 +- subs = list_entry(p, struct snd_seq_subscribers, src_list);
6624 ++ subs = get_subscriber(p, is_src);
6625 ++ if (is_src)
6626 + aport = get_client_port(&subs->info.dest, &c);
6627 +- } else {
6628 +- subs = list_entry(p, struct snd_seq_subscribers, dest_list);
6629 ++ else
6630 + aport = get_client_port(&subs->info.sender, &c);
6631 +- }
6632 +- list_del(p);
6633 +- unsubscribe_port(client, port, grp, &subs->info, 0);
6634 ++ delete_and_unsubscribe_port(client, port, subs, is_src, false);
6635 ++
6636 + if (!aport) {
6637 + /* looks like the connected port is being deleted.
6638 + * we decrease the counter, and when both ports are deleted
6639 +@@ -235,21 +243,14 @@ static void clear_subscriber_list(struct snd_seq_client *client,
6640 + */
6641 + if (atomic_dec_and_test(&subs->ref_count))
6642 + kfree(subs);
6643 +- } else {
6644 +- /* ok we got the connected port */
6645 +- struct snd_seq_port_subs_info *agrp;
6646 +- agrp = (grptype == SRC_LIST) ? &aport->c_dest : &aport->c_src;
6647 +- down_write(&agrp->list_mutex);
6648 +- if (grptype == SRC_LIST)
6649 +- list_del(&subs->dest_list);
6650 +- else
6651 +- list_del(&subs->src_list);
6652 +- up_write(&agrp->list_mutex);
6653 +- unsubscribe_port(c, aport, agrp, &subs->info, 1);
6654 +- kfree(subs);
6655 +- snd_seq_port_unlock(aport);
6656 +- snd_seq_client_unlock(c);
6657 ++ continue;
6658 + }
6659 ++
6660 ++ /* ok we got the connected port */
6661 ++ delete_and_unsubscribe_port(c, aport, subs, !is_src, true);
6662 ++ kfree(subs);
6663 ++ snd_seq_port_unlock(aport);
6664 ++ snd_seq_client_unlock(c);
6665 + }
6666 + }
6667 +
6668 +@@ -262,8 +263,8 @@ static int port_delete(struct snd_seq_client *client,
6669 + snd_use_lock_sync(&port->use_lock);
6670 +
6671 + /* clear subscribers info */
6672 +- clear_subscriber_list(client, port, &port->c_src, SRC_LIST);
6673 +- clear_subscriber_list(client, port, &port->c_dest, DEST_LIST);
6674 ++ clear_subscriber_list(client, port, &port->c_src, true);
6675 ++ clear_subscriber_list(client, port, &port->c_dest, false);
6676 +
6677 + if (port->private_free)
6678 + port->private_free(port->private_data);
6679 +@@ -479,85 +480,120 @@ static int match_subs_info(struct snd_seq_port_subscribe *r,
6680 + return 0;
6681 + }
6682 +
6683 +-
6684 +-/* connect two ports */
6685 +-int snd_seq_port_connect(struct snd_seq_client *connector,
6686 +- struct snd_seq_client *src_client,
6687 +- struct snd_seq_client_port *src_port,
6688 +- struct snd_seq_client *dest_client,
6689 +- struct snd_seq_client_port *dest_port,
6690 +- struct snd_seq_port_subscribe *info)
6691 ++static int check_and_subscribe_port(struct snd_seq_client *client,
6692 ++ struct snd_seq_client_port *port,
6693 ++ struct snd_seq_subscribers *subs,
6694 ++ bool is_src, bool exclusive, bool ack)
6695 + {
6696 +- struct snd_seq_port_subs_info *src = &src_port->c_src;
6697 +- struct snd_seq_port_subs_info *dest = &dest_port->c_dest;
6698 +- struct snd_seq_subscribers *subs, *s;
6699 +- int err, src_called = 0;
6700 +- unsigned long flags;
6701 +- int exclusive;
6702 ++ struct snd_seq_port_subs_info *grp;
6703 ++ struct list_head *p;
6704 ++ struct snd_seq_subscribers *s;
6705 ++ int err;
6706 +
6707 +- subs = kzalloc(sizeof(*subs), GFP_KERNEL);
6708 +- if (! subs)
6709 +- return -ENOMEM;
6710 +-
6711 +- subs->info = *info;
6712 +- atomic_set(&subs->ref_count, 2);
6713 +-
6714 +- down_write(&src->list_mutex);
6715 +- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING);
6716 +-
6717 +- exclusive = info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE ? 1 : 0;
6718 ++ grp = is_src ? &port->c_src : &port->c_dest;
6719 + err = -EBUSY;
6720 ++ down_write(&grp->list_mutex);
6721 + if (exclusive) {
6722 +- if (! list_empty(&src->list_head) || ! list_empty(&dest->list_head))
6723 ++ if (!list_empty(&grp->list_head))
6724 + goto __error;
6725 + } else {
6726 +- if (src->exclusive || dest->exclusive)
6727 ++ if (grp->exclusive)
6728 + goto __error;
6729 + /* check whether already exists */
6730 +- list_for_each_entry(s, &src->list_head, src_list) {
6731 +- if (match_subs_info(info, &s->info))
6732 +- goto __error;
6733 +- }
6734 +- list_for_each_entry(s, &dest->list_head, dest_list) {
6735 +- if (match_subs_info(info, &s->info))
6736 ++ list_for_each(p, &grp->list_head) {
6737 ++ s = get_subscriber(p, is_src);
6738 ++ if (match_subs_info(&subs->info, &s->info))
6739 + goto __error;
6740 + }
6741 + }
6742 +
6743 +- if ((err = subscribe_port(src_client, src_port, src, info,
6744 +- connector->number != src_client->number)) < 0)
6745 +- goto __error;
6746 +- src_called = 1;
6747 +-
6748 +- if ((err = subscribe_port(dest_client, dest_port, dest, info,
6749 +- connector->number != dest_client->number)) < 0)
6750 ++ err = subscribe_port(client, port, grp, &subs->info, ack);
6751 ++ if (err < 0) {
6752 ++ grp->exclusive = 0;
6753 + goto __error;
6754 ++ }
6755 +
6756 + /* add to list */
6757 +- write_lock_irqsave(&src->list_lock, flags);
6758 +- // write_lock(&dest->list_lock); // no other lock yet
6759 +- list_add_tail(&subs->src_list, &src->list_head);
6760 +- list_add_tail(&subs->dest_list, &dest->list_head);
6761 +- // write_unlock(&dest->list_lock); // no other lock yet
6762 +- write_unlock_irqrestore(&src->list_lock, flags);
6763 ++ write_lock_irq(&grp->list_lock);
6764 ++ if (is_src)
6765 ++ list_add_tail(&subs->src_list, &grp->list_head);
6766 ++ else
6767 ++ list_add_tail(&subs->dest_list, &grp->list_head);
6768 ++ grp->exclusive = exclusive;
6769 ++ atomic_inc(&subs->ref_count);
6770 ++ write_unlock_irq(&grp->list_lock);
6771 ++ err = 0;
6772 ++
6773 ++ __error:
6774 ++ up_write(&grp->list_mutex);
6775 ++ return err;
6776 ++}
6777 +
6778 +- src->exclusive = dest->exclusive = exclusive;
6779 ++static void delete_and_unsubscribe_port(struct snd_seq_client *client,
6780 ++ struct snd_seq_client_port *port,
6781 ++ struct snd_seq_subscribers *subs,
6782 ++ bool is_src, bool ack)
6783 ++{
6784 ++ struct snd_seq_port_subs_info *grp;
6785 ++
6786 ++ grp = is_src ? &port->c_src : &port->c_dest;
6787 ++ down_write(&grp->list_mutex);
6788 ++ write_lock_irq(&grp->list_lock);
6789 ++ if (is_src)
6790 ++ list_del(&subs->src_list);
6791 ++ else
6792 ++ list_del(&subs->dest_list);
6793 ++ grp->exclusive = 0;
6794 ++ write_unlock_irq(&grp->list_lock);
6795 ++ up_write(&grp->list_mutex);
6796 ++
6797 ++ unsubscribe_port(client, port, grp, &subs->info, ack);
6798 ++}
6799 ++
6800 ++/* connect two ports */
6801 ++int snd_seq_port_connect(struct snd_seq_client *connector,
6802 ++ struct snd_seq_client *src_client,
6803 ++ struct snd_seq_client_port *src_port,
6804 ++ struct snd_seq_client *dest_client,
6805 ++ struct snd_seq_client_port *dest_port,
6806 ++ struct snd_seq_port_subscribe *info)
6807 ++{
6808 ++ struct snd_seq_subscribers *subs;
6809 ++ bool exclusive;
6810 ++ int err;
6811 ++
6812 ++ subs = kzalloc(sizeof(*subs), GFP_KERNEL);
6813 ++ if (!subs)
6814 ++ return -ENOMEM;
6815 ++
6816 ++ subs->info = *info;
6817 ++ atomic_set(&subs->ref_count, 0);
6818 ++ INIT_LIST_HEAD(&subs->src_list);
6819 ++ INIT_LIST_HEAD(&subs->dest_list);
6820 ++
6821 ++ exclusive = !!(info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE);
6822 ++
6823 ++ err = check_and_subscribe_port(src_client, src_port, subs, true,
6824 ++ exclusive,
6825 ++ connector->number != src_client->number);
6826 ++ if (err < 0)
6827 ++ goto error;
6828 ++ err = check_and_subscribe_port(dest_client, dest_port, subs, false,
6829 ++ exclusive,
6830 ++ connector->number != dest_client->number);
6831 ++ if (err < 0)
6832 ++ goto error_dest;
6833 +
6834 +- up_write(&dest->list_mutex);
6835 +- up_write(&src->list_mutex);
6836 + return 0;
6837 +
6838 +- __error:
6839 +- if (src_called)
6840 +- unsubscribe_port(src_client, src_port, src, info,
6841 +- connector->number != src_client->number);
6842 ++ error_dest:
6843 ++ delete_and_unsubscribe_port(src_client, src_port, subs, true,
6844 ++ connector->number != src_client->number);
6845 ++ error:
6846 + kfree(subs);
6847 +- up_write(&dest->list_mutex);
6848 +- up_write(&src->list_mutex);
6849 + return err;
6850 + }
6851 +
6852 +-
6853 + /* remove the connection */
6854 + int snd_seq_port_disconnect(struct snd_seq_client *connector,
6855 + struct snd_seq_client *src_client,
6856 +@@ -567,37 +603,28 @@ int snd_seq_port_disconnect(struct snd_seq_client *connector,
6857 + struct snd_seq_port_subscribe *info)
6858 + {
6859 + struct snd_seq_port_subs_info *src = &src_port->c_src;
6860 +- struct snd_seq_port_subs_info *dest = &dest_port->c_dest;
6861 + struct snd_seq_subscribers *subs;
6862 + int err = -ENOENT;
6863 +- unsigned long flags;
6864 +
6865 + down_write(&src->list_mutex);
6866 +- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING);
6867 +-
6868 + /* look for the connection */
6869 + list_for_each_entry(subs, &src->list_head, src_list) {
6870 + if (match_subs_info(info, &subs->info)) {
6871 +- write_lock_irqsave(&src->list_lock, flags);
6872 +- // write_lock(&dest->list_lock); // no lock yet
6873 +- list_del(&subs->src_list);
6874 +- list_del(&subs->dest_list);
6875 +- // write_unlock(&dest->list_lock);
6876 +- write_unlock_irqrestore(&src->list_lock, flags);
6877 +- src->exclusive = dest->exclusive = 0;
6878 +- unsubscribe_port(src_client, src_port, src, info,
6879 +- connector->number != src_client->number);
6880 +- unsubscribe_port(dest_client, dest_port, dest, info,
6881 +- connector->number != dest_client->number);
6882 +- kfree(subs);
6883 ++ atomic_dec(&subs->ref_count); /* mark as not ready */
6884 + err = 0;
6885 + break;
6886 + }
6887 + }
6888 +-
6889 +- up_write(&dest->list_mutex);
6890 + up_write(&src->list_mutex);
6891 +- return err;
6892 ++ if (err < 0)
6893 ++ return err;
6894 ++
6895 ++ delete_and_unsubscribe_port(src_client, src_port, subs, true,
6896 ++ connector->number != src_client->number);
6897 ++ delete_and_unsubscribe_port(dest_client, dest_port, subs, false,
6898 ++ connector->number != dest_client->number);
6899 ++ kfree(subs);
6900 ++ return 0;
6901 + }
6902 +
6903 +
6904 +diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c
6905 +index 82b220c769c1..293104926098 100644
6906 +--- a/sound/core/seq/seq_timer.c
6907 ++++ b/sound/core/seq/seq_timer.c
6908 +@@ -90,6 +90,9 @@ void snd_seq_timer_delete(struct snd_seq_timer **tmr)
6909 +
6910 + void snd_seq_timer_defaults(struct snd_seq_timer * tmr)
6911 + {
6912 ++ unsigned long flags;
6913 ++
6914 ++ spin_lock_irqsave(&tmr->lock, flags);
6915 + /* setup defaults */
6916 + tmr->ppq = 96; /* 96 PPQ */
6917 + tmr->tempo = 500000; /* 120 BPM */
6918 +@@ -105,21 +108,25 @@ void snd_seq_timer_defaults(struct snd_seq_timer * tmr)
6919 + tmr->preferred_resolution = seq_default_timer_resolution;
6920 +
6921 + tmr->skew = tmr->skew_base = SKEW_BASE;
6922 ++ spin_unlock_irqrestore(&tmr->lock, flags);
6923 + }
6924 +
6925 +-void snd_seq_timer_reset(struct snd_seq_timer * tmr)
6926 ++static void seq_timer_reset(struct snd_seq_timer *tmr)
6927 + {
6928 +- unsigned long flags;
6929 +-
6930 +- spin_lock_irqsave(&tmr->lock, flags);
6931 +-
6932 + /* reset time & songposition */
6933 + tmr->cur_time.tv_sec = 0;
6934 + tmr->cur_time.tv_nsec = 0;
6935 +
6936 + tmr->tick.cur_tick = 0;
6937 + tmr->tick.fraction = 0;
6938 ++}
6939 ++
6940 ++void snd_seq_timer_reset(struct snd_seq_timer *tmr)
6941 ++{
6942 ++ unsigned long flags;
6943 +
6944 ++ spin_lock_irqsave(&tmr->lock, flags);
6945 ++ seq_timer_reset(tmr);
6946 + spin_unlock_irqrestore(&tmr->lock, flags);
6947 + }
6948 +
6949 +@@ -138,8 +145,11 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri,
6950 + tmr = q->timer;
6951 + if (tmr == NULL)
6952 + return;
6953 +- if (!tmr->running)
6954 ++ spin_lock_irqsave(&tmr->lock, flags);
6955 ++ if (!tmr->running) {
6956 ++ spin_unlock_irqrestore(&tmr->lock, flags);
6957 + return;
6958 ++ }
6959 +
6960 + resolution *= ticks;
6961 + if (tmr->skew != tmr->skew_base) {
6962 +@@ -148,8 +158,6 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri,
6963 + (((resolution & 0xffff) * tmr->skew) >> 16);
6964 + }
6965 +
6966 +- spin_lock_irqsave(&tmr->lock, flags);
6967 +-
6968 + /* update timer */
6969 + snd_seq_inc_time_nsec(&tmr->cur_time, resolution);
6970 +
6971 +@@ -296,26 +304,30 @@ int snd_seq_timer_open(struct snd_seq_queue *q)
6972 + t->callback = snd_seq_timer_interrupt;
6973 + t->callback_data = q;
6974 + t->flags |= SNDRV_TIMER_IFLG_AUTO;
6975 ++ spin_lock_irq(&tmr->lock);
6976 + tmr->timeri = t;
6977 ++ spin_unlock_irq(&tmr->lock);
6978 + return 0;
6979 + }
6980 +
6981 + int snd_seq_timer_close(struct snd_seq_queue *q)
6982 + {
6983 + struct snd_seq_timer *tmr;
6984 ++ struct snd_timer_instance *t;
6985 +
6986 + tmr = q->timer;
6987 + if (snd_BUG_ON(!tmr))
6988 + return -EINVAL;
6989 +- if (tmr->timeri) {
6990 +- snd_timer_stop(tmr->timeri);
6991 +- snd_timer_close(tmr->timeri);
6992 +- tmr->timeri = NULL;
6993 +- }
6994 ++ spin_lock_irq(&tmr->lock);
6995 ++ t = tmr->timeri;
6996 ++ tmr->timeri = NULL;
6997 ++ spin_unlock_irq(&tmr->lock);
6998 ++ if (t)
6999 ++ snd_timer_close(t);
7000 + return 0;
7001 + }
7002 +
7003 +-int snd_seq_timer_stop(struct snd_seq_timer * tmr)
7004 ++static int seq_timer_stop(struct snd_seq_timer *tmr)
7005 + {
7006 + if (! tmr->timeri)
7007 + return -EINVAL;
7008 +@@ -326,6 +338,17 @@ int snd_seq_timer_stop(struct snd_seq_timer * tmr)
7009 + return 0;
7010 + }
7011 +
7012 ++int snd_seq_timer_stop(struct snd_seq_timer *tmr)
7013 ++{
7014 ++ unsigned long flags;
7015 ++ int err;
7016 ++
7017 ++ spin_lock_irqsave(&tmr->lock, flags);
7018 ++ err = seq_timer_stop(tmr);
7019 ++ spin_unlock_irqrestore(&tmr->lock, flags);
7020 ++ return err;
7021 ++}
7022 ++
7023 + static int initialize_timer(struct snd_seq_timer *tmr)
7024 + {
7025 + struct snd_timer *t;
7026 +@@ -358,13 +381,13 @@ static int initialize_timer(struct snd_seq_timer *tmr)
7027 + return 0;
7028 + }
7029 +
7030 +-int snd_seq_timer_start(struct snd_seq_timer * tmr)
7031 ++static int seq_timer_start(struct snd_seq_timer *tmr)
7032 + {
7033 + if (! tmr->timeri)
7034 + return -EINVAL;
7035 + if (tmr->running)
7036 +- snd_seq_timer_stop(tmr);
7037 +- snd_seq_timer_reset(tmr);
7038 ++ seq_timer_stop(tmr);
7039 ++ seq_timer_reset(tmr);
7040 + if (initialize_timer(tmr) < 0)
7041 + return -EINVAL;
7042 + snd_timer_start(tmr->timeri, tmr->ticks);
7043 +@@ -373,14 +396,25 @@ int snd_seq_timer_start(struct snd_seq_timer * tmr)
7044 + return 0;
7045 + }
7046 +
7047 +-int snd_seq_timer_continue(struct snd_seq_timer * tmr)
7048 ++int snd_seq_timer_start(struct snd_seq_timer *tmr)
7049 ++{
7050 ++ unsigned long flags;
7051 ++ int err;
7052 ++
7053 ++ spin_lock_irqsave(&tmr->lock, flags);
7054 ++ err = seq_timer_start(tmr);
7055 ++ spin_unlock_irqrestore(&tmr->lock, flags);
7056 ++ return err;
7057 ++}
7058 ++
7059 ++static int seq_timer_continue(struct snd_seq_timer *tmr)
7060 + {
7061 + if (! tmr->timeri)
7062 + return -EINVAL;
7063 + if (tmr->running)
7064 + return -EBUSY;
7065 + if (! tmr->initialized) {
7066 +- snd_seq_timer_reset(tmr);
7067 ++ seq_timer_reset(tmr);
7068 + if (initialize_timer(tmr) < 0)
7069 + return -EINVAL;
7070 + }
7071 +@@ -390,11 +424,24 @@ int snd_seq_timer_continue(struct snd_seq_timer * tmr)
7072 + return 0;
7073 + }
7074 +
7075 ++int snd_seq_timer_continue(struct snd_seq_timer *tmr)
7076 ++{
7077 ++ unsigned long flags;
7078 ++ int err;
7079 ++
7080 ++ spin_lock_irqsave(&tmr->lock, flags);
7081 ++ err = seq_timer_continue(tmr);
7082 ++ spin_unlock_irqrestore(&tmr->lock, flags);
7083 ++ return err;
7084 ++}
7085 ++
7086 + /* return current 'real' time. use timeofday() to get better granularity. */
7087 + snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr)
7088 + {
7089 + snd_seq_real_time_t cur_time;
7090 ++ unsigned long flags;
7091 +
7092 ++ spin_lock_irqsave(&tmr->lock, flags);
7093 + cur_time = tmr->cur_time;
7094 + if (tmr->running) {
7095 + struct timeval tm;
7096 +@@ -410,7 +457,7 @@ snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr)
7097 + }
7098 + snd_seq_sanity_real_time(&cur_time);
7099 + }
7100 +-
7101 ++ spin_unlock_irqrestore(&tmr->lock, flags);
7102 + return cur_time;
7103 + }
7104 +
7105 +diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c
7106 +index 56e0f4cd3f82..81134e067184 100644
7107 +--- a/sound/core/seq/seq_virmidi.c
7108 ++++ b/sound/core/seq/seq_virmidi.c
7109 +@@ -155,21 +155,26 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream,
7110 + struct snd_virmidi *vmidi = substream->runtime->private_data;
7111 + int count, res;
7112 + unsigned char buf[32], *pbuf;
7113 ++ unsigned long flags;
7114 +
7115 + if (up) {
7116 + vmidi->trigger = 1;
7117 + if (vmidi->seq_mode == SNDRV_VIRMIDI_SEQ_DISPATCH &&
7118 + !(vmidi->rdev->flags & SNDRV_VIRMIDI_SUBSCRIBE)) {
7119 +- snd_rawmidi_transmit_ack(substream, substream->runtime->buffer_size - substream->runtime->avail);
7120 +- return; /* ignored */
7121 ++ while (snd_rawmidi_transmit(substream, buf,
7122 ++ sizeof(buf)) > 0) {
7123 ++ /* ignored */
7124 ++ }
7125 ++ return;
7126 + }
7127 + if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) {
7128 + if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0)
7129 + return;
7130 + vmidi->event.type = SNDRV_SEQ_EVENT_NONE;
7131 + }
7132 ++ spin_lock_irqsave(&substream->runtime->lock, flags);
7133 + while (1) {
7134 +- count = snd_rawmidi_transmit_peek(substream, buf, sizeof(buf));
7135 ++ count = __snd_rawmidi_transmit_peek(substream, buf, sizeof(buf));
7136 + if (count <= 0)
7137 + break;
7138 + pbuf = buf;
7139 +@@ -179,16 +184,18 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream,
7140 + snd_midi_event_reset_encode(vmidi->parser);
7141 + continue;
7142 + }
7143 +- snd_rawmidi_transmit_ack(substream, res);
7144 ++ __snd_rawmidi_transmit_ack(substream, res);
7145 + pbuf += res;
7146 + count -= res;
7147 + if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) {
7148 + if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0)
7149 +- return;
7150 ++ goto out;
7151 + vmidi->event.type = SNDRV_SEQ_EVENT_NONE;
7152 + }
7153 + }
7154 + }
7155 ++ out:
7156 ++ spin_unlock_irqrestore(&substream->runtime->lock, flags);
7157 + } else {
7158 + vmidi->trigger = 0;
7159 + }
7160 +@@ -254,9 +261,13 @@ static int snd_virmidi_output_open(struct snd_rawmidi_substream *substream)
7161 + */
7162 + static int snd_virmidi_input_close(struct snd_rawmidi_substream *substream)
7163 + {
7164 ++ struct snd_virmidi_dev *rdev = substream->rmidi->private_data;
7165 + struct snd_virmidi *vmidi = substream->runtime->private_data;
7166 +- snd_midi_event_free(vmidi->parser);
7167 ++
7168 ++ write_lock_irq(&rdev->filelist_lock);
7169 + list_del(&vmidi->list);
7170 ++ write_unlock_irq(&rdev->filelist_lock);
7171 ++ snd_midi_event_free(vmidi->parser);
7172 + substream->runtime->private_data = NULL;
7173 + kfree(vmidi);
7174 + return 0;
7175 +diff --git a/sound/core/timer.c b/sound/core/timer.c
7176 +index 0a049c4578f1..f24c9fccf008 100644
7177 +--- a/sound/core/timer.c
7178 ++++ b/sound/core/timer.c
7179 +@@ -305,8 +305,7 @@ int snd_timer_open(struct snd_timer_instance **ti,
7180 + return 0;
7181 + }
7182 +
7183 +-static int _snd_timer_stop(struct snd_timer_instance *timeri,
7184 +- int keep_flag, int event);
7185 ++static int _snd_timer_stop(struct snd_timer_instance *timeri, int event);
7186 +
7187 + /*
7188 + * close a timer instance
7189 +@@ -348,7 +347,7 @@ int snd_timer_close(struct snd_timer_instance *timeri)
7190 + spin_unlock_irq(&timer->lock);
7191 + mutex_lock(&register_mutex);
7192 + list_del(&timeri->open_list);
7193 +- if (timer && list_empty(&timer->open_list_head) &&
7194 ++ if (list_empty(&timer->open_list_head) &&
7195 + timer->hw.close)
7196 + timer->hw.close(timer);
7197 + /* remove slave links */
7198 +@@ -423,7 +422,7 @@ static void snd_timer_notify1(struct snd_timer_instance *ti, int event)
7199 + spin_lock_irqsave(&timer->lock, flags);
7200 + list_for_each_entry(ts, &ti->slave_active_head, active_list)
7201 + if (ts->ccallback)
7202 +- ts->ccallback(ti, event + 100, &tstamp, resolution);
7203 ++ ts->ccallback(ts, event + 100, &tstamp, resolution);
7204 + spin_unlock_irqrestore(&timer->lock, flags);
7205 + }
7206 +
7207 +@@ -452,6 +451,10 @@ static int snd_timer_start_slave(struct snd_timer_instance *timeri)
7208 + unsigned long flags;
7209 +
7210 + spin_lock_irqsave(&slave_active_lock, flags);
7211 ++ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) {
7212 ++ spin_unlock_irqrestore(&slave_active_lock, flags);
7213 ++ return -EBUSY;
7214 ++ }
7215 + timeri->flags |= SNDRV_TIMER_IFLG_RUNNING;
7216 + if (timeri->master && timeri->timer) {
7217 + spin_lock(&timeri->timer->lock);
7218 +@@ -476,7 +479,8 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks)
7219 + return -EINVAL;
7220 + if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) {
7221 + result = snd_timer_start_slave(timeri);
7222 +- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
7223 ++ if (result >= 0)
7224 ++ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
7225 + return result;
7226 + }
7227 + timer = timeri->timer;
7228 +@@ -485,16 +489,22 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks)
7229 + if (timer->card && timer->card->shutdown)
7230 + return -ENODEV;
7231 + spin_lock_irqsave(&timer->lock, flags);
7232 ++ if (timeri->flags & (SNDRV_TIMER_IFLG_RUNNING |
7233 ++ SNDRV_TIMER_IFLG_START)) {
7234 ++ result = -EBUSY;
7235 ++ goto unlock;
7236 ++ }
7237 + timeri->ticks = timeri->cticks = ticks;
7238 + timeri->pticks = 0;
7239 + result = snd_timer_start1(timer, timeri, ticks);
7240 ++ unlock:
7241 + spin_unlock_irqrestore(&timer->lock, flags);
7242 +- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
7243 ++ if (result >= 0)
7244 ++ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START);
7245 + return result;
7246 + }
7247 +
7248 +-static int _snd_timer_stop(struct snd_timer_instance * timeri,
7249 +- int keep_flag, int event)
7250 ++static int _snd_timer_stop(struct snd_timer_instance *timeri, int event)
7251 + {
7252 + struct snd_timer *timer;
7253 + unsigned long flags;
7254 +@@ -503,19 +513,30 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri,
7255 + return -ENXIO;
7256 +
7257 + if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) {
7258 +- if (!keep_flag) {
7259 +- spin_lock_irqsave(&slave_active_lock, flags);
7260 +- timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
7261 +- list_del_init(&timeri->ack_list);
7262 +- list_del_init(&timeri->active_list);
7263 ++ spin_lock_irqsave(&slave_active_lock, flags);
7264 ++ if (!(timeri->flags & SNDRV_TIMER_IFLG_RUNNING)) {
7265 + spin_unlock_irqrestore(&slave_active_lock, flags);
7266 ++ return -EBUSY;
7267 + }
7268 ++ if (timeri->timer)
7269 ++ spin_lock(&timeri->timer->lock);
7270 ++ timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
7271 ++ list_del_init(&timeri->ack_list);
7272 ++ list_del_init(&timeri->active_list);
7273 ++ if (timeri->timer)
7274 ++ spin_unlock(&timeri->timer->lock);
7275 ++ spin_unlock_irqrestore(&slave_active_lock, flags);
7276 + goto __end;
7277 + }
7278 + timer = timeri->timer;
7279 + if (!timer)
7280 + return -EINVAL;
7281 + spin_lock_irqsave(&timer->lock, flags);
7282 ++ if (!(timeri->flags & (SNDRV_TIMER_IFLG_RUNNING |
7283 ++ SNDRV_TIMER_IFLG_START))) {
7284 ++ spin_unlock_irqrestore(&timer->lock, flags);
7285 ++ return -EBUSY;
7286 ++ }
7287 + list_del_init(&timeri->ack_list);
7288 + list_del_init(&timeri->active_list);
7289 + if (timer->card && timer->card->shutdown) {
7290 +@@ -534,9 +555,7 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri,
7291 + }
7292 + }
7293 + }
7294 +- if (!keep_flag)
7295 +- timeri->flags &=
7296 +- ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
7297 ++ timeri->flags &= ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START);
7298 + spin_unlock_irqrestore(&timer->lock, flags);
7299 + __end:
7300 + if (event != SNDRV_TIMER_EVENT_RESOLUTION)
7301 +@@ -555,7 +574,7 @@ int snd_timer_stop(struct snd_timer_instance *timeri)
7302 + unsigned long flags;
7303 + int err;
7304 +
7305 +- err = _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_STOP);
7306 ++ err = _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_STOP);
7307 + if (err < 0)
7308 + return err;
7309 + timer = timeri->timer;
7310 +@@ -587,10 +606,15 @@ int snd_timer_continue(struct snd_timer_instance *timeri)
7311 + if (timer->card && timer->card->shutdown)
7312 + return -ENODEV;
7313 + spin_lock_irqsave(&timer->lock, flags);
7314 ++ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) {
7315 ++ result = -EBUSY;
7316 ++ goto unlock;
7317 ++ }
7318 + if (!timeri->cticks)
7319 + timeri->cticks = 1;
7320 + timeri->pticks = 0;
7321 + result = snd_timer_start1(timer, timeri, timer->sticks);
7322 ++ unlock:
7323 + spin_unlock_irqrestore(&timer->lock, flags);
7324 + snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_CONTINUE);
7325 + return result;
7326 +@@ -601,7 +625,7 @@ int snd_timer_continue(struct snd_timer_instance *timeri)
7327 + */
7328 + int snd_timer_pause(struct snd_timer_instance * timeri)
7329 + {
7330 +- return _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_PAUSE);
7331 ++ return _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_PAUSE);
7332 + }
7333 +
7334 + /*
7335 +@@ -724,8 +748,8 @@ void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left)
7336 + ti->cticks = ti->ticks;
7337 + } else {
7338 + ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING;
7339 +- if (--timer->running)
7340 +- list_del_init(&ti->active_list);
7341 ++ --timer->running;
7342 ++ list_del_init(&ti->active_list);
7343 + }
7344 + if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) ||
7345 + (ti->flags & SNDRV_TIMER_IFLG_FAST))
7346 +@@ -1900,6 +1924,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
7347 + {
7348 + struct snd_timer_user *tu;
7349 + long result = 0, unit;
7350 ++ int qhead;
7351 + int err = 0;
7352 +
7353 + tu = file->private_data;
7354 +@@ -1911,7 +1936,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
7355 +
7356 + if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) {
7357 + err = -EAGAIN;
7358 +- break;
7359 ++ goto _error;
7360 + }
7361 +
7362 + set_current_state(TASK_INTERRUPTIBLE);
7363 +@@ -1926,42 +1951,37 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
7364 +
7365 + if (tu->disconnected) {
7366 + err = -ENODEV;
7367 +- break;
7368 ++ goto _error;
7369 + }
7370 + if (signal_pending(current)) {
7371 + err = -ERESTARTSYS;
7372 +- break;
7373 ++ goto _error;
7374 + }
7375 + }
7376 +
7377 ++ qhead = tu->qhead++;
7378 ++ tu->qhead %= tu->queue_size;
7379 + spin_unlock_irq(&tu->qlock);
7380 +- if (err < 0)
7381 +- goto _error;
7382 +
7383 + if (tu->tread) {
7384 +- if (copy_to_user(buffer, &tu->tqueue[tu->qhead++],
7385 +- sizeof(struct snd_timer_tread))) {
7386 ++ if (copy_to_user(buffer, &tu->tqueue[qhead],
7387 ++ sizeof(struct snd_timer_tread)))
7388 + err = -EFAULT;
7389 +- goto _error;
7390 +- }
7391 + } else {
7392 +- if (copy_to_user(buffer, &tu->queue[tu->qhead++],
7393 +- sizeof(struct snd_timer_read))) {
7394 ++ if (copy_to_user(buffer, &tu->queue[qhead],
7395 ++ sizeof(struct snd_timer_read)))
7396 + err = -EFAULT;
7397 +- goto _error;
7398 +- }
7399 + }
7400 +
7401 +- tu->qhead %= tu->queue_size;
7402 +-
7403 +- result += unit;
7404 +- buffer += unit;
7405 +-
7406 + spin_lock_irq(&tu->qlock);
7407 + tu->qused--;
7408 ++ if (err < 0)
7409 ++ goto _error;
7410 ++ result += unit;
7411 ++ buffer += unit;
7412 + }
7413 +- spin_unlock_irq(&tu->qlock);
7414 + _error:
7415 ++ spin_unlock_irq(&tu->qlock);
7416 + return result > 0 ? result : err;
7417 + }
7418 +
7419 +diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c
7420 +index 016e451ed506..a9f7a75702d2 100644
7421 +--- a/sound/drivers/dummy.c
7422 ++++ b/sound/drivers/dummy.c
7423 +@@ -109,6 +109,9 @@ struct dummy_timer_ops {
7424 + snd_pcm_uframes_t (*pointer)(struct snd_pcm_substream *);
7425 + };
7426 +
7427 ++#define get_dummy_ops(substream) \
7428 ++ (*(const struct dummy_timer_ops **)(substream)->runtime->private_data)
7429 ++
7430 + struct dummy_model {
7431 + const char *name;
7432 + int (*playback_constraints)(struct snd_pcm_runtime *runtime);
7433 +@@ -137,7 +140,6 @@ struct snd_dummy {
7434 + int iobox;
7435 + struct snd_kcontrol *cd_volume_ctl;
7436 + struct snd_kcontrol *cd_switch_ctl;
7437 +- const struct dummy_timer_ops *timer_ops;
7438 + };
7439 +
7440 + /*
7441 +@@ -231,6 +233,8 @@ static struct dummy_model *dummy_models[] = {
7442 + */
7443 +
7444 + struct dummy_systimer_pcm {
7445 ++ /* ops must be the first item */
7446 ++ const struct dummy_timer_ops *timer_ops;
7447 + spinlock_t lock;
7448 + struct timer_list timer;
7449 + unsigned long base_time;
7450 +@@ -366,6 +370,8 @@ static struct dummy_timer_ops dummy_systimer_ops = {
7451 + */
7452 +
7453 + struct dummy_hrtimer_pcm {
7454 ++ /* ops must be the first item */
7455 ++ const struct dummy_timer_ops *timer_ops;
7456 + ktime_t base_time;
7457 + ktime_t period_time;
7458 + atomic_t running;
7459 +@@ -492,31 +498,25 @@ static struct dummy_timer_ops dummy_hrtimer_ops = {
7460 +
7461 + static int dummy_pcm_trigger(struct snd_pcm_substream *substream, int cmd)
7462 + {
7463 +- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
7464 +-
7465 + switch (cmd) {
7466 + case SNDRV_PCM_TRIGGER_START:
7467 + case SNDRV_PCM_TRIGGER_RESUME:
7468 +- return dummy->timer_ops->start(substream);
7469 ++ return get_dummy_ops(substream)->start(substream);
7470 + case SNDRV_PCM_TRIGGER_STOP:
7471 + case SNDRV_PCM_TRIGGER_SUSPEND:
7472 +- return dummy->timer_ops->stop(substream);
7473 ++ return get_dummy_ops(substream)->stop(substream);
7474 + }
7475 + return -EINVAL;
7476 + }
7477 +
7478 + static int dummy_pcm_prepare(struct snd_pcm_substream *substream)
7479 + {
7480 +- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
7481 +-
7482 +- return dummy->timer_ops->prepare(substream);
7483 ++ return get_dummy_ops(substream)->prepare(substream);
7484 + }
7485 +
7486 + static snd_pcm_uframes_t dummy_pcm_pointer(struct snd_pcm_substream *substream)
7487 + {
7488 +- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
7489 +-
7490 +- return dummy->timer_ops->pointer(substream);
7491 ++ return get_dummy_ops(substream)->pointer(substream);
7492 + }
7493 +
7494 + static struct snd_pcm_hardware dummy_pcm_hardware = {
7495 +@@ -562,17 +562,19 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
7496 + struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
7497 + struct dummy_model *model = dummy->model;
7498 + struct snd_pcm_runtime *runtime = substream->runtime;
7499 ++ const struct dummy_timer_ops *ops;
7500 + int err;
7501 +
7502 +- dummy->timer_ops = &dummy_systimer_ops;
7503 ++ ops = &dummy_systimer_ops;
7504 + #ifdef CONFIG_HIGH_RES_TIMERS
7505 + if (hrtimer)
7506 +- dummy->timer_ops = &dummy_hrtimer_ops;
7507 ++ ops = &dummy_hrtimer_ops;
7508 + #endif
7509 +
7510 +- err = dummy->timer_ops->create(substream);
7511 ++ err = ops->create(substream);
7512 + if (err < 0)
7513 + return err;
7514 ++ get_dummy_ops(substream) = ops;
7515 +
7516 + runtime->hw = dummy->pcm_hw;
7517 + if (substream->pcm->device & 1) {
7518 +@@ -594,7 +596,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
7519 + err = model->capture_constraints(substream->runtime);
7520 + }
7521 + if (err < 0) {
7522 +- dummy->timer_ops->free(substream);
7523 ++ get_dummy_ops(substream)->free(substream);
7524 + return err;
7525 + }
7526 + return 0;
7527 +@@ -602,8 +604,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream)
7528 +
7529 + static int dummy_pcm_close(struct snd_pcm_substream *substream)
7530 + {
7531 +- struct snd_dummy *dummy = snd_pcm_substream_chip(substream);
7532 +- dummy->timer_ops->free(substream);
7533 ++ get_dummy_ops(substream)->free(substream);
7534 + return 0;
7535 + }
7536 +
7537 +diff --git a/sound/firewire/bebob/bebob_stream.c b/sound/firewire/bebob/bebob_stream.c
7538 +index 5be5242e1ed8..7fdf34e80d5e 100644
7539 +--- a/sound/firewire/bebob/bebob_stream.c
7540 ++++ b/sound/firewire/bebob/bebob_stream.c
7541 +@@ -47,14 +47,16 @@ static const unsigned int bridgeco_freq_table[] = {
7542 + [6] = 0x07,
7543 + };
7544 +
7545 +-static unsigned int
7546 +-get_formation_index(unsigned int rate)
7547 ++static int
7548 ++get_formation_index(unsigned int rate, unsigned int *index)
7549 + {
7550 + unsigned int i;
7551 +
7552 + for (i = 0; i < ARRAY_SIZE(snd_bebob_rate_table); i++) {
7553 +- if (snd_bebob_rate_table[i] == rate)
7554 +- return i;
7555 ++ if (snd_bebob_rate_table[i] == rate) {
7556 ++ *index = i;
7557 ++ return 0;
7558 ++ }
7559 + }
7560 + return -EINVAL;
7561 + }
7562 +@@ -424,7 +426,9 @@ make_both_connections(struct snd_bebob *bebob, unsigned int rate)
7563 + goto end;
7564 +
7565 + /* confirm params for both streams */
7566 +- index = get_formation_index(rate);
7567 ++ err = get_formation_index(rate, &index);
7568 ++ if (err < 0)
7569 ++ goto end;
7570 + pcm_channels = bebob->tx_stream_formations[index].pcm;
7571 + midi_channels = bebob->tx_stream_formations[index].midi;
7572 + amdtp_stream_set_parameters(&bebob->tx_stream,
7573 +diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
7574 +index 24f91114a32c..98fe629c1f86 100644
7575 +--- a/sound/pci/hda/hda_generic.c
7576 ++++ b/sound/pci/hda/hda_generic.c
7577 +@@ -771,9 +771,6 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir,
7578 + unsigned int caps;
7579 + unsigned int mask, val;
7580 +
7581 +- if (!enable && is_active_nid(codec, nid, dir, idx_to_check))
7582 +- return;
7583 +-
7584 + caps = query_amp_caps(codec, nid, dir);
7585 + val = get_amp_val_to_activate(codec, nid, dir, caps, enable);
7586 + mask = get_amp_mask_to_modify(codec, nid, dir, idx_to_check, caps);
7587 +@@ -784,12 +781,22 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir,
7588 + update_amp(codec, nid, dir, idx, mask, val);
7589 + }
7590 +
7591 ++static void check_and_activate_amp(struct hda_codec *codec, hda_nid_t nid,
7592 ++ int dir, int idx, int idx_to_check,
7593 ++ bool enable)
7594 ++{
7595 ++ /* check whether the given amp is still used by others */
7596 ++ if (!enable && is_active_nid(codec, nid, dir, idx_to_check))
7597 ++ return;
7598 ++ activate_amp(codec, nid, dir, idx, idx_to_check, enable);
7599 ++}
7600 ++
7601 + static void activate_amp_out(struct hda_codec *codec, struct nid_path *path,
7602 + int i, bool enable)
7603 + {
7604 + hda_nid_t nid = path->path[i];
7605 + init_amp(codec, nid, HDA_OUTPUT, 0);
7606 +- activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable);
7607 ++ check_and_activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable);
7608 + }
7609 +
7610 + static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
7611 +@@ -817,9 +824,16 @@ static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
7612 + * when aa-mixer is available, we need to enable the path as well
7613 + */
7614 + for (n = 0; n < nums; n++) {
7615 +- if (n != idx && (!add_aamix || conn[n] != spec->mixer_merge_nid))
7616 +- continue;
7617 +- activate_amp(codec, nid, HDA_INPUT, n, idx, enable);
7618 ++ if (n != idx) {
7619 ++ if (conn[n] != spec->mixer_merge_nid)
7620 ++ continue;
7621 ++ /* when aamix is disabled, force to off */
7622 ++ if (!add_aamix) {
7623 ++ activate_amp(codec, nid, HDA_INPUT, n, n, false);
7624 ++ continue;
7625 ++ }
7626 ++ }
7627 ++ check_and_activate_amp(codec, nid, HDA_INPUT, n, idx, enable);
7628 + }
7629 + }
7630 +
7631 +@@ -1580,6 +1594,12 @@ static bool map_singles(struct hda_codec *codec, int outs,
7632 + return found;
7633 + }
7634 +
7635 ++static inline bool has_aamix_out_paths(struct hda_gen_spec *spec)
7636 ++{
7637 ++ return spec->aamix_out_paths[0] || spec->aamix_out_paths[1] ||
7638 ++ spec->aamix_out_paths[2];
7639 ++}
7640 ++
7641 + /* create a new path including aamix if available, and return its index */
7642 + static int check_aamix_out_path(struct hda_codec *codec, int path_idx)
7643 + {
7644 +@@ -2422,25 +2442,51 @@ static void update_aamix_paths(struct hda_codec *codec, bool do_mix,
7645 + }
7646 + }
7647 +
7648 ++/* re-initialize the output paths; only called from loopback_mixing_put() */
7649 ++static void update_output_paths(struct hda_codec *codec, int num_outs,
7650 ++ const int *paths)
7651 ++{
7652 ++ struct hda_gen_spec *spec = codec->spec;
7653 ++ struct nid_path *path;
7654 ++ int i;
7655 ++
7656 ++ for (i = 0; i < num_outs; i++) {
7657 ++ path = snd_hda_get_path_from_idx(codec, paths[i]);
7658 ++ if (path)
7659 ++ snd_hda_activate_path(codec, path, path->active,
7660 ++ spec->aamix_mode);
7661 ++ }
7662 ++}
7663 ++
7664 + static int loopback_mixing_put(struct snd_kcontrol *kcontrol,
7665 + struct snd_ctl_elem_value *ucontrol)
7666 + {
7667 + struct hda_codec *codec = snd_kcontrol_chip(kcontrol);
7668 + struct hda_gen_spec *spec = codec->spec;
7669 ++ const struct auto_pin_cfg *cfg = &spec->autocfg;
7670 + unsigned int val = ucontrol->value.enumerated.item[0];
7671 +
7672 + if (val == spec->aamix_mode)
7673 + return 0;
7674 + spec->aamix_mode = val;
7675 +- update_aamix_paths(codec, val, spec->out_paths[0],
7676 +- spec->aamix_out_paths[0],
7677 +- spec->autocfg.line_out_type);
7678 +- update_aamix_paths(codec, val, spec->hp_paths[0],
7679 +- spec->aamix_out_paths[1],
7680 +- AUTO_PIN_HP_OUT);
7681 +- update_aamix_paths(codec, val, spec->speaker_paths[0],
7682 +- spec->aamix_out_paths[2],
7683 +- AUTO_PIN_SPEAKER_OUT);
7684 ++ if (has_aamix_out_paths(spec)) {
7685 ++ update_aamix_paths(codec, val, spec->out_paths[0],
7686 ++ spec->aamix_out_paths[0],
7687 ++ cfg->line_out_type);
7688 ++ update_aamix_paths(codec, val, spec->hp_paths[0],
7689 ++ spec->aamix_out_paths[1],
7690 ++ AUTO_PIN_HP_OUT);
7691 ++ update_aamix_paths(codec, val, spec->speaker_paths[0],
7692 ++ spec->aamix_out_paths[2],
7693 ++ AUTO_PIN_SPEAKER_OUT);
7694 ++ } else {
7695 ++ update_output_paths(codec, cfg->line_outs, spec->out_paths);
7696 ++ if (cfg->line_out_type != AUTO_PIN_HP_OUT)
7697 ++ update_output_paths(codec, cfg->hp_outs, spec->hp_paths);
7698 ++ if (cfg->line_out_type != AUTO_PIN_SPEAKER_OUT)
7699 ++ update_output_paths(codec, cfg->speaker_outs,
7700 ++ spec->speaker_paths);
7701 ++ }
7702 + return 1;
7703 + }
7704 +
7705 +@@ -2458,12 +2504,13 @@ static int create_loopback_mixing_ctl(struct hda_codec *codec)
7706 +
7707 + if (!spec->mixer_nid)
7708 + return 0;
7709 +- if (!(spec->aamix_out_paths[0] || spec->aamix_out_paths[1] ||
7710 +- spec->aamix_out_paths[2]))
7711 +- return 0;
7712 + if (!snd_hda_gen_add_kctl(spec, NULL, &loopback_mixing_enum))
7713 + return -ENOMEM;
7714 + spec->have_aamix_ctl = 1;
7715 ++ /* if no explicit aamix path is present (e.g. for Realtek codecs),
7716 ++ * enable aamix as default -- just for compatibility
7717 ++ */
7718 ++ spec->aamix_mode = !has_aamix_out_paths(spec);
7719 + return 0;
7720 + }
7721 +
7722 +@@ -3998,9 +4045,9 @@ static void pin_power_callback(struct hda_codec *codec,
7723 + struct hda_jack_callback *jack,
7724 + bool on)
7725 + {
7726 +- if (jack && jack->tbl->nid)
7727 ++ if (jack && jack->nid)
7728 + sync_power_state_change(codec,
7729 +- set_pin_power_jack(codec, jack->tbl->nid, on));
7730 ++ set_pin_power_jack(codec, jack->nid, on));
7731 + }
7732 +
7733 + /* callback only doing power up -- called at first */
7734 +@@ -5664,6 +5711,8 @@ static void init_aamix_paths(struct hda_codec *codec)
7735 +
7736 + if (!spec->have_aamix_ctl)
7737 + return;
7738 ++ if (!has_aamix_out_paths(spec))
7739 ++ return;
7740 + update_aamix_paths(codec, spec->aamix_mode, spec->out_paths[0],
7741 + spec->aamix_out_paths[0],
7742 + spec->autocfg.line_out_type);
7743 +diff --git a/sound/pci/hda/hda_jack.c b/sound/pci/hda/hda_jack.c
7744 +index 366efbf87d41..b6dbe653b74f 100644
7745 +--- a/sound/pci/hda/hda_jack.c
7746 ++++ b/sound/pci/hda/hda_jack.c
7747 +@@ -259,7 +259,7 @@ snd_hda_jack_detect_enable_callback(struct hda_codec *codec, hda_nid_t nid,
7748 + if (!callback)
7749 + return ERR_PTR(-ENOMEM);
7750 + callback->func = func;
7751 +- callback->tbl = jack;
7752 ++ callback->nid = jack->nid;
7753 + callback->next = jack->callback;
7754 + jack->callback = callback;
7755 + }
7756 +diff --git a/sound/pci/hda/hda_jack.h b/sound/pci/hda/hda_jack.h
7757 +index 387d30984dfe..1009909ea158 100644
7758 +--- a/sound/pci/hda/hda_jack.h
7759 ++++ b/sound/pci/hda/hda_jack.h
7760 +@@ -21,7 +21,7 @@ struct hda_jack_callback;
7761 + typedef void (*hda_jack_callback_fn) (struct hda_codec *, struct hda_jack_callback *);
7762 +
7763 + struct hda_jack_callback {
7764 +- struct hda_jack_tbl *tbl;
7765 ++ hda_nid_t nid;
7766 + hda_jack_callback_fn func;
7767 + unsigned int private_data; /* arbitrary data */
7768 + struct hda_jack_callback *next;
7769 +diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
7770 +index 5b8a5b84a03c..304a0d7a6481 100644
7771 +--- a/sound/pci/hda/patch_ca0132.c
7772 ++++ b/sound/pci/hda/patch_ca0132.c
7773 +@@ -4427,13 +4427,16 @@ static void ca0132_process_dsp_response(struct hda_codec *codec,
7774 + static void hp_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
7775 + {
7776 + struct ca0132_spec *spec = codec->spec;
7777 ++ struct hda_jack_tbl *tbl;
7778 +
7779 + /* Delay enabling the HP amp, to let the mic-detection
7780 + * state machine run.
7781 + */
7782 + cancel_delayed_work_sync(&spec->unsol_hp_work);
7783 + schedule_delayed_work(&spec->unsol_hp_work, msecs_to_jiffies(500));
7784 +- cb->tbl->block_report = 1;
7785 ++ tbl = snd_hda_jack_tbl_get(codec, cb->nid);
7786 ++ if (tbl)
7787 ++ tbl->block_report = 1;
7788 + }
7789 +
7790 + static void amic_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
7791 +diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
7792 +index 85813de26da8..ac38222cce49 100644
7793 +--- a/sound/pci/hda/patch_cirrus.c
7794 ++++ b/sound/pci/hda/patch_cirrus.c
7795 +@@ -613,6 +613,7 @@ enum {
7796 + CS4208_MAC_AUTO,
7797 + CS4208_MBA6,
7798 + CS4208_MBP11,
7799 ++ CS4208_MACMINI,
7800 + CS4208_GPIO0,
7801 + };
7802 +
7803 +@@ -620,6 +621,7 @@ static const struct hda_model_fixup cs4208_models[] = {
7804 + { .id = CS4208_GPIO0, .name = "gpio0" },
7805 + { .id = CS4208_MBA6, .name = "mba6" },
7806 + { .id = CS4208_MBP11, .name = "mbp11" },
7807 ++ { .id = CS4208_MACMINI, .name = "macmini" },
7808 + {}
7809 + };
7810 +
7811 +@@ -631,6 +633,7 @@ static const struct snd_pci_quirk cs4208_fixup_tbl[] = {
7812 + /* codec SSID matching */
7813 + static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
7814 + SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11),
7815 ++ SND_PCI_QUIRK(0x106b, 0x6c00, "MacMini 7,1", CS4208_MACMINI),
7816 + SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
7817 + SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
7818 + SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11),
7819 +@@ -665,6 +668,24 @@ static void cs4208_fixup_mac(struct hda_codec *codec,
7820 + snd_hda_apply_fixup(codec, action);
7821 + }
7822 +
7823 ++/* MacMini 7,1 has the inverted jack detection */
7824 ++static void cs4208_fixup_macmini(struct hda_codec *codec,
7825 ++ const struct hda_fixup *fix, int action)
7826 ++{
7827 ++ static const struct hda_pintbl pincfgs[] = {
7828 ++ { 0x18, 0x00ab9150 }, /* mic (audio-in) jack: disable detect */
7829 ++ { 0x21, 0x004be140 }, /* SPDIF: disable detect */
7830 ++ { }
7831 ++ };
7832 ++
7833 ++ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
7834 ++ /* HP pin (0x10) has an inverted detection */
7835 ++ codec->inv_jack_detect = 1;
7836 ++ /* disable the bogus Mic and SPDIF jack detections */
7837 ++ snd_hda_apply_pincfgs(codec, pincfgs);
7838 ++ }
7839 ++}
7840 ++
7841 + static int cs4208_spdif_sw_put(struct snd_kcontrol *kcontrol,
7842 + struct snd_ctl_elem_value *ucontrol)
7843 + {
7844 +@@ -708,6 +729,12 @@ static const struct hda_fixup cs4208_fixups[] = {
7845 + .chained = true,
7846 + .chain_id = CS4208_GPIO0,
7847 + },
7848 ++ [CS4208_MACMINI] = {
7849 ++ .type = HDA_FIXUP_FUNC,
7850 ++ .v.func = cs4208_fixup_macmini,
7851 ++ .chained = true,
7852 ++ .chain_id = CS4208_GPIO0,
7853 ++ },
7854 + [CS4208_GPIO0] = {
7855 + .type = HDA_FIXUP_FUNC,
7856 + .v.func = cs4208_fixup_gpio0,
7857 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
7858 +index d1c74295a362..57d4cce06ab6 100644
7859 +--- a/sound/pci/hda/patch_hdmi.c
7860 ++++ b/sound/pci/hda/patch_hdmi.c
7861 +@@ -438,7 +438,8 @@ static int hdmi_eld_ctl_get(struct snd_kcontrol *kcontrol,
7862 + eld = &per_pin->sink_eld;
7863 +
7864 + mutex_lock(&per_pin->lock);
7865 +- if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data)) {
7866 ++ if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data) ||
7867 ++ eld->eld_size > ELD_MAX_SIZE) {
7868 + mutex_unlock(&per_pin->lock);
7869 + snd_BUG();
7870 + return -EINVAL;
7871 +@@ -1183,7 +1184,7 @@ static void check_presence_and_report(struct hda_codec *codec, hda_nid_t nid)
7872 + static void jack_callback(struct hda_codec *codec,
7873 + struct hda_jack_callback *jack)
7874 + {
7875 +- check_presence_and_report(codec, jack->tbl->nid);
7876 ++ check_presence_and_report(codec, jack->nid);
7877 + }
7878 +
7879 + static void hdmi_intrinsic_event(struct hda_codec *codec, unsigned int res)
7880 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
7881 +index 887f37761f18..f33c58d3850e 100644
7882 +--- a/sound/pci/hda/patch_realtek.c
7883 ++++ b/sound/pci/hda/patch_realtek.c
7884 +@@ -282,7 +282,7 @@ static void alc_update_knob_master(struct hda_codec *codec,
7885 + uctl = kzalloc(sizeof(*uctl), GFP_KERNEL);
7886 + if (!uctl)
7887 + return;
7888 +- val = snd_hda_codec_read(codec, jack->tbl->nid, 0,
7889 ++ val = snd_hda_codec_read(codec, jack->nid, 0,
7890 + AC_VERB_GET_VOLUME_KNOB_CONTROL, 0);
7891 + val &= HDA_AMP_VOLMASK;
7892 + uctl->value.integer.value[0] = val;
7893 +@@ -1795,7 +1795,6 @@ enum {
7894 + ALC882_FIXUP_NO_PRIMARY_HP,
7895 + ALC887_FIXUP_ASUS_BASS,
7896 + ALC887_FIXUP_BASS_CHMAP,
7897 +- ALC882_FIXUP_DISABLE_AAMIX,
7898 + };
7899 +
7900 + static void alc889_fixup_coef(struct hda_codec *codec,
7901 +@@ -1957,8 +1956,6 @@ static void alc882_fixup_no_primary_hp(struct hda_codec *codec,
7902 +
7903 + static void alc_fixup_bass_chmap(struct hda_codec *codec,
7904 + const struct hda_fixup *fix, int action);
7905 +-static void alc_fixup_disable_aamix(struct hda_codec *codec,
7906 +- const struct hda_fixup *fix, int action);
7907 +
7908 + static const struct hda_fixup alc882_fixups[] = {
7909 + [ALC882_FIXUP_ABIT_AW9D_MAX] = {
7910 +@@ -2196,10 +2193,6 @@ static const struct hda_fixup alc882_fixups[] = {
7911 + .type = HDA_FIXUP_FUNC,
7912 + .v.func = alc_fixup_bass_chmap,
7913 + },
7914 +- [ALC882_FIXUP_DISABLE_AAMIX] = {
7915 +- .type = HDA_FIXUP_FUNC,
7916 +- .v.func = alc_fixup_disable_aamix,
7917 +- },
7918 + };
7919 +
7920 + static const struct snd_pci_quirk alc882_fixup_tbl[] = {
7921 +@@ -2238,6 +2231,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
7922 + SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
7923 + SND_PCI_QUIRK(0x104d, 0x905a, "Sony Vaio Z", ALC882_FIXUP_NO_PRIMARY_HP),
7924 + SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
7925 ++ SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
7926 +
7927 + /* All Apple entries are in codec SSIDs */
7928 + SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF),
7929 +@@ -2267,7 +2261,6 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
7930 + SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD),
7931 + SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3),
7932 + SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE),
7933 +- SND_PCI_QUIRK(0x1458, 0xa182, "Gigabyte Z170X-UD3", ALC882_FIXUP_DISABLE_AAMIX),
7934 + SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX),
7935 + SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
7936 + SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
7937 +diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
7938 +index 14a62b8117fd..79f78989a7b6 100644
7939 +--- a/sound/pci/hda/patch_sigmatel.c
7940 ++++ b/sound/pci/hda/patch_sigmatel.c
7941 +@@ -493,9 +493,9 @@ static void jack_update_power(struct hda_codec *codec,
7942 + if (!spec->num_pwrs)
7943 + return;
7944 +
7945 +- if (jack && jack->tbl->nid) {
7946 +- stac_toggle_power_map(codec, jack->tbl->nid,
7947 +- snd_hda_jack_detect(codec, jack->tbl->nid),
7948 ++ if (jack && jack->nid) {
7949 ++ stac_toggle_power_map(codec, jack->nid,
7950 ++ snd_hda_jack_detect(codec, jack->nid),
7951 + true);
7952 + return;
7953 + }
7954 +diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
7955 +index 5c101af0ac63..a06cdcfffd2a 100644
7956 +--- a/sound/soc/codecs/rt5645.c
7957 ++++ b/sound/soc/codecs/rt5645.c
7958 +@@ -500,7 +500,7 @@ static const struct snd_kcontrol_new rt5645_snd_controls[] = {
7959 +
7960 + /* IN1/IN2 Control */
7961 + SOC_SINGLE_TLV("IN1 Boost", RT5645_IN1_CTRL1,
7962 +- RT5645_BST_SFT1, 8, 0, bst_tlv),
7963 ++ RT5645_BST_SFT1, 12, 0, bst_tlv),
7964 + SOC_SINGLE_TLV("IN2 Boost", RT5645_IN2_CTRL,
7965 + RT5645_BST_SFT2, 8, 0, bst_tlv),
7966 +
7967 +diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
7968 +index 70e4b9d8bdcd..81133fe5f2d0 100644
7969 +--- a/sound/soc/soc-pcm.c
7970 ++++ b/sound/soc/soc-pcm.c
7971 +@@ -1696,7 +1696,8 @@ int dpcm_be_dai_hw_free(struct snd_soc_pcm_runtime *fe, int stream)
7972 + (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PREPARE) &&
7973 + (be->dpcm[stream].state != SND_SOC_DPCM_STATE_HW_FREE) &&
7974 + (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PAUSED) &&
7975 +- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP))
7976 ++ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP) &&
7977 ++ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_SUSPEND))
7978 + continue;
7979 +
7980 + dev_dbg(be->dev, "ASoC: hw_free BE %s\n",
7981 +diff --git a/sound/usb/midi.c b/sound/usb/midi.c
7982 +index bec63e0d2605..f059326a4914 100644
7983 +--- a/sound/usb/midi.c
7984 ++++ b/sound/usb/midi.c
7985 +@@ -2451,7 +2451,6 @@ int snd_usbmidi_create(struct snd_card *card,
7986 + else
7987 + err = snd_usbmidi_create_endpoints(umidi, endpoints);
7988 + if (err < 0) {
7989 +- snd_usbmidi_free(umidi);
7990 + return err;
7991 + }
7992 +
7993 +diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
7994 +index fb9a8a5787a6..37d8ababfc04 100644
7995 +--- a/sound/usb/quirks.c
7996 ++++ b/sound/usb/quirks.c
7997 +@@ -1118,6 +1118,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
7998 + switch (chip->usb_id) {
7999 + case USB_ID(0x045E, 0x075D): /* MS Lifecam Cinema */
8000 + case USB_ID(0x045E, 0x076D): /* MS Lifecam HD-5000 */
8001 ++ case USB_ID(0x045E, 0x076F): /* MS Lifecam HD-6000 */
8002 + case USB_ID(0x045E, 0x0772): /* MS Lifecam Studio */
8003 + case USB_ID(0x045E, 0x0779): /* MS Lifecam HD-3000 */
8004 + case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */
8005 +@@ -1202,8 +1203,12 @@ void snd_usb_set_interface_quirk(struct usb_device *dev)
8006 + * "Playback Design" products need a 50ms delay after setting the
8007 + * USB interface.
8008 + */
8009 +- if (le16_to_cpu(dev->descriptor.idVendor) == 0x23ba)
8010 ++ switch (le16_to_cpu(dev->descriptor.idVendor)) {
8011 ++ case 0x23ba: /* Playback Design */
8012 ++ case 0x0644: /* TEAC Corp. */
8013 + mdelay(50);
8014 ++ break;
8015 ++ }
8016 + }
8017 +
8018 + void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
8019 +@@ -1218,6 +1223,14 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe,
8020 + (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS)
8021 + mdelay(20);
8022 +
8023 ++ /*
8024 ++ * "TEAC Corp." products need a 20ms delay after each
8025 ++ * class compliant request
8026 ++ */
8027 ++ if ((le16_to_cpu(dev->descriptor.idVendor) == 0x0644) &&
8028 ++ (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS)
8029 ++ mdelay(20);
8030 ++
8031 + /* Marantz/Denon devices with USB DAC functionality need a delay
8032 + * after each class compliant request
8033 + */
8034 +@@ -1266,7 +1279,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
8035 + case USB_ID(0x20b1, 0x3008): /* iFi Audio micro/nano iDSD */
8036 + case USB_ID(0x20b1, 0x2008): /* Matrix Audio X-Sabre */
8037 + case USB_ID(0x20b1, 0x300a): /* Matrix Audio Mini-i Pro */
8038 +- case USB_ID(0x22d8, 0x0416): /* OPPO HA-1*/
8039 ++ case USB_ID(0x22d9, 0x0416): /* OPPO HA-1 */
8040 + if (fp->altsetting == 2)
8041 + return SNDRV_PCM_FMTBIT_DSD_U32_BE;
8042 + break;
8043 +@@ -1275,6 +1288,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip,
8044 + case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */
8045 + case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */
8046 + case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */
8047 ++ case USB_ID(0x2616, 0x0106): /* PS Audio NuWave DAC */
8048 + if (fp->altsetting == 3)
8049 + return SNDRV_PCM_FMTBIT_DSD_U32_BE;
8050 + break;
Report Message
Find on MARC Find on Google Groups