Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Wed, 12 Apr 2017 17:59:56
Message-Id: 1492019979.5dc3041f3bac29d77549d3e6c30940707f468149.mpagano@gentoo
1 commit: 5dc3041f3bac29d77549d3e6c30940707f468149
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Apr 12 17:59:39 2017 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Apr 12 17:59:39 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5dc3041f
7
8 Linux patch 4.4.61
9
10 0000_README | 4 +
11 1060_linux-4.4.61.patch | 1527 +++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 1531 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 6cc653c..84c1648 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -283,6 +283,10 @@ Patch: 1059_linux-4.4.60.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.4.60
21
22 +Patch: 1060_linux-4.4.61.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.4.61
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1060_linux-4.4.61.patch b/1060_linux-4.4.61.patch
31 new file mode 100644
32 index 0000000..642a5bd
33 --- /dev/null
34 +++ b/1060_linux-4.4.61.patch
35 @@ -0,0 +1,1527 @@
36 +diff --git a/Makefile b/Makefile
37 +index fb7c2b40753d..ef5045b8201d 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,6 +1,6 @@
41 + VERSION = 4
42 + PATCHLEVEL = 4
43 +-SUBLEVEL = 60
44 ++SUBLEVEL = 61
45 + EXTRAVERSION =
46 + NAME = Blurry Fish Butt
47 +
48 +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
49 +index 11b6595c2672..f91ee2f27b41 100644
50 +--- a/arch/arm/kvm/mmu.c
51 ++++ b/arch/arm/kvm/mmu.c
52 +@@ -796,6 +796,7 @@ void stage2_unmap_vm(struct kvm *kvm)
53 + int idx;
54 +
55 + idx = srcu_read_lock(&kvm->srcu);
56 ++ down_read(&current->mm->mmap_sem);
57 + spin_lock(&kvm->mmu_lock);
58 +
59 + slots = kvm_memslots(kvm);
60 +@@ -803,6 +804,7 @@ void stage2_unmap_vm(struct kvm *kvm)
61 + stage2_unmap_memslot(kvm, memslot);
62 +
63 + spin_unlock(&kvm->mmu_lock);
64 ++ up_read(&current->mm->mmap_sem);
65 + srcu_read_unlock(&kvm->srcu, idx);
66 + }
67 +
68 +@@ -1759,6 +1761,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
69 + (KVM_PHYS_SIZE >> PAGE_SHIFT))
70 + return -EFAULT;
71 +
72 ++ down_read(&current->mm->mmap_sem);
73 + /*
74 + * A memory region could potentially cover multiple VMAs, and any holes
75 + * between them, so iterate over all of them to find out if we can map
76 +@@ -1802,8 +1805,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
77 + pa += vm_start - vma->vm_start;
78 +
79 + /* IO region dirty page logging not allowed */
80 +- if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES)
81 +- return -EINVAL;
82 ++ if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) {
83 ++ ret = -EINVAL;
84 ++ goto out;
85 ++ }
86 +
87 + ret = kvm_phys_addr_ioremap(kvm, gpa, pa,
88 + vm_end - vm_start,
89 +@@ -1815,7 +1820,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
90 + } while (hva < reg_end);
91 +
92 + if (change == KVM_MR_FLAGS_ONLY)
93 +- return ret;
94 ++ goto out;
95 +
96 + spin_lock(&kvm->mmu_lock);
97 + if (ret)
98 +@@ -1823,6 +1828,8 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
99 + else
100 + stage2_flush_memslot(kvm, memslot);
101 + spin_unlock(&kvm->mmu_lock);
102 ++out:
103 ++ up_read(&current->mm->mmap_sem);
104 + return ret;
105 + }
106 +
107 +diff --git a/arch/metag/include/asm/uaccess.h b/arch/metag/include/asm/uaccess.h
108 +index 273e61225c27..07238b39638c 100644
109 +--- a/arch/metag/include/asm/uaccess.h
110 ++++ b/arch/metag/include/asm/uaccess.h
111 +@@ -197,20 +197,21 @@ extern long __must_check strnlen_user(const char __user *src, long count);
112 +
113 + #define strlen_user(str) strnlen_user(str, 32767)
114 +
115 +-extern unsigned long __must_check __copy_user_zeroing(void *to,
116 +- const void __user *from,
117 +- unsigned long n);
118 ++extern unsigned long raw_copy_from_user(void *to, const void __user *from,
119 ++ unsigned long n);
120 +
121 + static inline unsigned long
122 + copy_from_user(void *to, const void __user *from, unsigned long n)
123 + {
124 ++ unsigned long res = n;
125 + if (likely(access_ok(VERIFY_READ, from, n)))
126 +- return __copy_user_zeroing(to, from, n);
127 +- memset(to, 0, n);
128 +- return n;
129 ++ res = raw_copy_from_user(to, from, n);
130 ++ if (unlikely(res))
131 ++ memset(to + (n - res), 0, res);
132 ++ return res;
133 + }
134 +
135 +-#define __copy_from_user(to, from, n) __copy_user_zeroing(to, from, n)
136 ++#define __copy_from_user(to, from, n) raw_copy_from_user(to, from, n)
137 + #define __copy_from_user_inatomic __copy_from_user
138 +
139 + extern unsigned long __must_check __copy_user(void __user *to,
140 +diff --git a/arch/metag/lib/usercopy.c b/arch/metag/lib/usercopy.c
141 +index b3ebfe9c8e88..2792fc621088 100644
142 +--- a/arch/metag/lib/usercopy.c
143 ++++ b/arch/metag/lib/usercopy.c
144 +@@ -29,7 +29,6 @@
145 + COPY \
146 + "1:\n" \
147 + " .section .fixup,\"ax\"\n" \
148 +- " MOV D1Ar1,#0\n" \
149 + FIXUP \
150 + " MOVT D1Ar1,#HI(1b)\n" \
151 + " JUMP D1Ar1,#LO(1b)\n" \
152 +@@ -260,27 +259,31 @@
153 + "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
154 + "22:\n" \
155 + "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
156 +- "SUB %3, %3, #32\n" \
157 + "23:\n" \
158 +- "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
159 ++ "SUB %3, %3, #32\n" \
160 + "24:\n" \
161 ++ "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
162 ++ "25:\n" \
163 + "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
164 ++ "26:\n" \
165 + "SUB %3, %3, #32\n" \
166 + "DCACHE [%1+#-64], D0Ar6\n" \
167 + "BR $Lloop"id"\n" \
168 + \
169 + "MOV RAPF, %1\n" \
170 +- "25:\n" \
171 ++ "27:\n" \
172 + "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
173 +- "26:\n" \
174 ++ "28:\n" \
175 + "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
176 ++ "29:\n" \
177 + "SUB %3, %3, #32\n" \
178 +- "27:\n" \
179 ++ "30:\n" \
180 + "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
181 +- "28:\n" \
182 ++ "31:\n" \
183 + "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
184 ++ "32:\n" \
185 + "SUB %0, %0, #8\n" \
186 +- "29:\n" \
187 ++ "33:\n" \
188 + "SETL [%0++], D0.7, D1.7\n" \
189 + "SUB %3, %3, #32\n" \
190 + "1:" \
191 +@@ -312,11 +315,15 @@
192 + " .long 26b,3b\n" \
193 + " .long 27b,3b\n" \
194 + " .long 28b,3b\n" \
195 +- " .long 29b,4b\n" \
196 ++ " .long 29b,3b\n" \
197 ++ " .long 30b,3b\n" \
198 ++ " .long 31b,3b\n" \
199 ++ " .long 32b,3b\n" \
200 ++ " .long 33b,4b\n" \
201 + " .previous\n" \
202 + : "=r" (to), "=r" (from), "=r" (ret), "=d" (n) \
203 + : "0" (to), "1" (from), "2" (ret), "3" (n) \
204 +- : "D1Ar1", "D0Ar2", "memory")
205 ++ : "D1Ar1", "D0Ar2", "cc", "memory")
206 +
207 + /* rewind 'to' and 'from' pointers when a fault occurs
208 + *
209 +@@ -342,7 +349,7 @@
210 + #define __asm_copy_to_user_64bit_rapf_loop(to, from, ret, n, id)\
211 + __asm_copy_user_64bit_rapf_loop(to, from, ret, n, id, \
212 + "LSR D0Ar2, D0Ar2, #8\n" \
213 +- "AND D0Ar2, D0Ar2, #0x7\n" \
214 ++ "ANDS D0Ar2, D0Ar2, #0x7\n" \
215 + "ADDZ D0Ar2, D0Ar2, #4\n" \
216 + "SUB D0Ar2, D0Ar2, #1\n" \
217 + "MOV D1Ar1, #4\n" \
218 +@@ -403,47 +410,55 @@
219 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
220 + "22:\n" \
221 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
222 +- "SUB %3, %3, #16\n" \
223 + "23:\n" \
224 +- "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
225 +- "24:\n" \
226 +- "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
227 + "SUB %3, %3, #16\n" \
228 +- "25:\n" \
229 ++ "24:\n" \
230 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
231 +- "26:\n" \
232 ++ "25:\n" \
233 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
234 ++ "26:\n" \
235 + "SUB %3, %3, #16\n" \
236 + "27:\n" \
237 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
238 + "28:\n" \
239 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
240 ++ "29:\n" \
241 ++ "SUB %3, %3, #16\n" \
242 ++ "30:\n" \
243 ++ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
244 ++ "31:\n" \
245 ++ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
246 ++ "32:\n" \
247 + "SUB %3, %3, #16\n" \
248 + "DCACHE [%1+#-64], D0Ar6\n" \
249 + "BR $Lloop"id"\n" \
250 + \
251 + "MOV RAPF, %1\n" \
252 +- "29:\n" \
253 ++ "33:\n" \
254 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
255 +- "30:\n" \
256 ++ "34:\n" \
257 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
258 ++ "35:\n" \
259 + "SUB %3, %3, #16\n" \
260 +- "31:\n" \
261 ++ "36:\n" \
262 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
263 +- "32:\n" \
264 ++ "37:\n" \
265 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
266 ++ "38:\n" \
267 + "SUB %3, %3, #16\n" \
268 +- "33:\n" \
269 ++ "39:\n" \
270 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
271 +- "34:\n" \
272 ++ "40:\n" \
273 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
274 ++ "41:\n" \
275 + "SUB %3, %3, #16\n" \
276 +- "35:\n" \
277 ++ "42:\n" \
278 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \
279 +- "36:\n" \
280 ++ "43:\n" \
281 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \
282 ++ "44:\n" \
283 + "SUB %0, %0, #4\n" \
284 +- "37:\n" \
285 ++ "45:\n" \
286 + "SETD [%0++], D0.7\n" \
287 + "SUB %3, %3, #16\n" \
288 + "1:" \
289 +@@ -483,11 +498,19 @@
290 + " .long 34b,3b\n" \
291 + " .long 35b,3b\n" \
292 + " .long 36b,3b\n" \
293 +- " .long 37b,4b\n" \
294 ++ " .long 37b,3b\n" \
295 ++ " .long 38b,3b\n" \
296 ++ " .long 39b,3b\n" \
297 ++ " .long 40b,3b\n" \
298 ++ " .long 41b,3b\n" \
299 ++ " .long 42b,3b\n" \
300 ++ " .long 43b,3b\n" \
301 ++ " .long 44b,3b\n" \
302 ++ " .long 45b,4b\n" \
303 + " .previous\n" \
304 + : "=r" (to), "=r" (from), "=r" (ret), "=d" (n) \
305 + : "0" (to), "1" (from), "2" (ret), "3" (n) \
306 +- : "D1Ar1", "D0Ar2", "memory")
307 ++ : "D1Ar1", "D0Ar2", "cc", "memory")
308 +
309 + /* rewind 'to' and 'from' pointers when a fault occurs
310 + *
311 +@@ -513,7 +536,7 @@
312 + #define __asm_copy_to_user_32bit_rapf_loop(to, from, ret, n, id)\
313 + __asm_copy_user_32bit_rapf_loop(to, from, ret, n, id, \
314 + "LSR D0Ar2, D0Ar2, #8\n" \
315 +- "AND D0Ar2, D0Ar2, #0x7\n" \
316 ++ "ANDS D0Ar2, D0Ar2, #0x7\n" \
317 + "ADDZ D0Ar2, D0Ar2, #4\n" \
318 + "SUB D0Ar2, D0Ar2, #1\n" \
319 + "MOV D1Ar1, #4\n" \
320 +@@ -538,23 +561,31 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
321 + if ((unsigned long) src & 1) {
322 + __asm_copy_to_user_1(dst, src, retn);
323 + n--;
324 ++ if (retn)
325 ++ return retn + n;
326 + }
327 + if ((unsigned long) dst & 1) {
328 + /* Worst case - byte copy */
329 + while (n > 0) {
330 + __asm_copy_to_user_1(dst, src, retn);
331 + n--;
332 ++ if (retn)
333 ++ return retn + n;
334 + }
335 + }
336 + if (((unsigned long) src & 2) && n >= 2) {
337 + __asm_copy_to_user_2(dst, src, retn);
338 + n -= 2;
339 ++ if (retn)
340 ++ return retn + n;
341 + }
342 + if ((unsigned long) dst & 2) {
343 + /* Second worst case - word copy */
344 + while (n >= 2) {
345 + __asm_copy_to_user_2(dst, src, retn);
346 + n -= 2;
347 ++ if (retn)
348 ++ return retn + n;
349 + }
350 + }
351 +
352 +@@ -569,6 +600,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
353 + while (n >= 8) {
354 + __asm_copy_to_user_8x64(dst, src, retn);
355 + n -= 8;
356 ++ if (retn)
357 ++ return retn + n;
358 + }
359 + }
360 + if (n >= RAPF_MIN_BUF_SIZE) {
361 +@@ -581,6 +614,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
362 + while (n >= 8) {
363 + __asm_copy_to_user_8x64(dst, src, retn);
364 + n -= 8;
365 ++ if (retn)
366 ++ return retn + n;
367 + }
368 + }
369 + #endif
370 +@@ -588,11 +623,15 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
371 + while (n >= 16) {
372 + __asm_copy_to_user_16(dst, src, retn);
373 + n -= 16;
374 ++ if (retn)
375 ++ return retn + n;
376 + }
377 +
378 + while (n >= 4) {
379 + __asm_copy_to_user_4(dst, src, retn);
380 + n -= 4;
381 ++ if (retn)
382 ++ return retn + n;
383 + }
384 +
385 + switch (n) {
386 +@@ -609,6 +648,10 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
387 + break;
388 + }
389 +
390 ++ /*
391 ++ * If we get here, retn correctly reflects the number of failing
392 ++ * bytes.
393 ++ */
394 + return retn;
395 + }
396 + EXPORT_SYMBOL(__copy_user);
397 +@@ -617,16 +660,14 @@ EXPORT_SYMBOL(__copy_user);
398 + __asm_copy_user_cont(to, from, ret, \
399 + " GETB D1Ar1,[%1++]\n" \
400 + "2: SETB [%0++],D1Ar1\n", \
401 +- "3: ADD %2,%2,#1\n" \
402 +- " SETB [%0++],D1Ar1\n", \
403 ++ "3: ADD %2,%2,#1\n", \
404 + " .long 2b,3b\n")
405 +
406 + #define __asm_copy_from_user_2x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
407 + __asm_copy_user_cont(to, from, ret, \
408 + " GETW D1Ar1,[%1++]\n" \
409 + "2: SETW [%0++],D1Ar1\n" COPY, \
410 +- "3: ADD %2,%2,#2\n" \
411 +- " SETW [%0++],D1Ar1\n" FIXUP, \
412 ++ "3: ADD %2,%2,#2\n" FIXUP, \
413 + " .long 2b,3b\n" TENTRY)
414 +
415 + #define __asm_copy_from_user_2(to, from, ret) \
416 +@@ -636,145 +677,26 @@ EXPORT_SYMBOL(__copy_user);
417 + __asm_copy_from_user_2x_cont(to, from, ret, \
418 + " GETB D1Ar1,[%1++]\n" \
419 + "4: SETB [%0++],D1Ar1\n", \
420 +- "5: ADD %2,%2,#1\n" \
421 +- " SETB [%0++],D1Ar1\n", \
422 ++ "5: ADD %2,%2,#1\n", \
423 + " .long 4b,5b\n")
424 +
425 + #define __asm_copy_from_user_4x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
426 + __asm_copy_user_cont(to, from, ret, \
427 + " GETD D1Ar1,[%1++]\n" \
428 + "2: SETD [%0++],D1Ar1\n" COPY, \
429 +- "3: ADD %2,%2,#4\n" \
430 +- " SETD [%0++],D1Ar1\n" FIXUP, \
431 ++ "3: ADD %2,%2,#4\n" FIXUP, \
432 + " .long 2b,3b\n" TENTRY)
433 +
434 + #define __asm_copy_from_user_4(to, from, ret) \
435 + __asm_copy_from_user_4x_cont(to, from, ret, "", "", "")
436 +
437 +-#define __asm_copy_from_user_5(to, from, ret) \
438 +- __asm_copy_from_user_4x_cont(to, from, ret, \
439 +- " GETB D1Ar1,[%1++]\n" \
440 +- "4: SETB [%0++],D1Ar1\n", \
441 +- "5: ADD %2,%2,#1\n" \
442 +- " SETB [%0++],D1Ar1\n", \
443 +- " .long 4b,5b\n")
444 +-
445 +-#define __asm_copy_from_user_6x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
446 +- __asm_copy_from_user_4x_cont(to, from, ret, \
447 +- " GETW D1Ar1,[%1++]\n" \
448 +- "4: SETW [%0++],D1Ar1\n" COPY, \
449 +- "5: ADD %2,%2,#2\n" \
450 +- " SETW [%0++],D1Ar1\n" FIXUP, \
451 +- " .long 4b,5b\n" TENTRY)
452 +-
453 +-#define __asm_copy_from_user_6(to, from, ret) \
454 +- __asm_copy_from_user_6x_cont(to, from, ret, "", "", "")
455 +-
456 +-#define __asm_copy_from_user_7(to, from, ret) \
457 +- __asm_copy_from_user_6x_cont(to, from, ret, \
458 +- " GETB D1Ar1,[%1++]\n" \
459 +- "6: SETB [%0++],D1Ar1\n", \
460 +- "7: ADD %2,%2,#1\n" \
461 +- " SETB [%0++],D1Ar1\n", \
462 +- " .long 6b,7b\n")
463 +-
464 +-#define __asm_copy_from_user_8x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
465 +- __asm_copy_from_user_4x_cont(to, from, ret, \
466 +- " GETD D1Ar1,[%1++]\n" \
467 +- "4: SETD [%0++],D1Ar1\n" COPY, \
468 +- "5: ADD %2,%2,#4\n" \
469 +- " SETD [%0++],D1Ar1\n" FIXUP, \
470 +- " .long 4b,5b\n" TENTRY)
471 +-
472 +-#define __asm_copy_from_user_8(to, from, ret) \
473 +- __asm_copy_from_user_8x_cont(to, from, ret, "", "", "")
474 +-
475 +-#define __asm_copy_from_user_9(to, from, ret) \
476 +- __asm_copy_from_user_8x_cont(to, from, ret, \
477 +- " GETB D1Ar1,[%1++]\n" \
478 +- "6: SETB [%0++],D1Ar1\n", \
479 +- "7: ADD %2,%2,#1\n" \
480 +- " SETB [%0++],D1Ar1\n", \
481 +- " .long 6b,7b\n")
482 +-
483 +-#define __asm_copy_from_user_10x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
484 +- __asm_copy_from_user_8x_cont(to, from, ret, \
485 +- " GETW D1Ar1,[%1++]\n" \
486 +- "6: SETW [%0++],D1Ar1\n" COPY, \
487 +- "7: ADD %2,%2,#2\n" \
488 +- " SETW [%0++],D1Ar1\n" FIXUP, \
489 +- " .long 6b,7b\n" TENTRY)
490 +-
491 +-#define __asm_copy_from_user_10(to, from, ret) \
492 +- __asm_copy_from_user_10x_cont(to, from, ret, "", "", "")
493 +-
494 +-#define __asm_copy_from_user_11(to, from, ret) \
495 +- __asm_copy_from_user_10x_cont(to, from, ret, \
496 +- " GETB D1Ar1,[%1++]\n" \
497 +- "8: SETB [%0++],D1Ar1\n", \
498 +- "9: ADD %2,%2,#1\n" \
499 +- " SETB [%0++],D1Ar1\n", \
500 +- " .long 8b,9b\n")
501 +-
502 +-#define __asm_copy_from_user_12x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
503 +- __asm_copy_from_user_8x_cont(to, from, ret, \
504 +- " GETD D1Ar1,[%1++]\n" \
505 +- "6: SETD [%0++],D1Ar1\n" COPY, \
506 +- "7: ADD %2,%2,#4\n" \
507 +- " SETD [%0++],D1Ar1\n" FIXUP, \
508 +- " .long 6b,7b\n" TENTRY)
509 +-
510 +-#define __asm_copy_from_user_12(to, from, ret) \
511 +- __asm_copy_from_user_12x_cont(to, from, ret, "", "", "")
512 +-
513 +-#define __asm_copy_from_user_13(to, from, ret) \
514 +- __asm_copy_from_user_12x_cont(to, from, ret, \
515 +- " GETB D1Ar1,[%1++]\n" \
516 +- "8: SETB [%0++],D1Ar1\n", \
517 +- "9: ADD %2,%2,#1\n" \
518 +- " SETB [%0++],D1Ar1\n", \
519 +- " .long 8b,9b\n")
520 +-
521 +-#define __asm_copy_from_user_14x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
522 +- __asm_copy_from_user_12x_cont(to, from, ret, \
523 +- " GETW D1Ar1,[%1++]\n" \
524 +- "8: SETW [%0++],D1Ar1\n" COPY, \
525 +- "9: ADD %2,%2,#2\n" \
526 +- " SETW [%0++],D1Ar1\n" FIXUP, \
527 +- " .long 8b,9b\n" TENTRY)
528 +-
529 +-#define __asm_copy_from_user_14(to, from, ret) \
530 +- __asm_copy_from_user_14x_cont(to, from, ret, "", "", "")
531 +-
532 +-#define __asm_copy_from_user_15(to, from, ret) \
533 +- __asm_copy_from_user_14x_cont(to, from, ret, \
534 +- " GETB D1Ar1,[%1++]\n" \
535 +- "10: SETB [%0++],D1Ar1\n", \
536 +- "11: ADD %2,%2,#1\n" \
537 +- " SETB [%0++],D1Ar1\n", \
538 +- " .long 10b,11b\n")
539 +-
540 +-#define __asm_copy_from_user_16x_cont(to, from, ret, COPY, FIXUP, TENTRY) \
541 +- __asm_copy_from_user_12x_cont(to, from, ret, \
542 +- " GETD D1Ar1,[%1++]\n" \
543 +- "8: SETD [%0++],D1Ar1\n" COPY, \
544 +- "9: ADD %2,%2,#4\n" \
545 +- " SETD [%0++],D1Ar1\n" FIXUP, \
546 +- " .long 8b,9b\n" TENTRY)
547 +-
548 +-#define __asm_copy_from_user_16(to, from, ret) \
549 +- __asm_copy_from_user_16x_cont(to, from, ret, "", "", "")
550 +-
551 + #define __asm_copy_from_user_8x64(to, from, ret) \
552 + asm volatile ( \
553 + " GETL D0Ar2,D1Ar1,[%1++]\n" \
554 + "2: SETL [%0++],D0Ar2,D1Ar1\n" \
555 + "1:\n" \
556 + " .section .fixup,\"ax\"\n" \
557 +- " MOV D1Ar1,#0\n" \
558 +- " MOV D0Ar2,#0\n" \
559 + "3: ADD %2,%2,#8\n" \
560 +- " SETL [%0++],D0Ar2,D1Ar1\n" \
561 + " MOVT D0Ar2,#HI(1b)\n" \
562 + " JUMP D0Ar2,#LO(1b)\n" \
563 + " .previous\n" \
564 +@@ -789,36 +711,57 @@ EXPORT_SYMBOL(__copy_user);
565 + *
566 + * Rationale:
567 + * A fault occurs while reading from user buffer, which is the
568 +- * source. Since the fault is at a single address, we only
569 +- * need to rewind by 8 bytes.
570 ++ * source.
571 + * Since we don't write to kernel buffer until we read first,
572 + * the kernel buffer is at the right state and needn't be
573 +- * corrected.
574 ++ * corrected, but the source must be rewound to the beginning of
575 ++ * the block, which is LSM_STEP*8 bytes.
576 ++ * LSM_STEP is bits 10:8 in TXSTATUS which is already read
577 ++ * and stored in D0Ar2
578 ++ *
579 ++ * NOTE: If a fault occurs at the last operation in M{G,S}ETL
580 ++ * LSM_STEP will be 0. ie: we do 4 writes in our case, if
581 ++ * a fault happens at the 4th write, LSM_STEP will be 0
582 ++ * instead of 4. The code copes with that.
583 + */
584 + #define __asm_copy_from_user_64bit_rapf_loop(to, from, ret, n, id) \
585 + __asm_copy_user_64bit_rapf_loop(to, from, ret, n, id, \
586 +- "SUB %1, %1, #8\n")
587 ++ "LSR D0Ar2, D0Ar2, #5\n" \
588 ++ "ANDS D0Ar2, D0Ar2, #0x38\n" \
589 ++ "ADDZ D0Ar2, D0Ar2, #32\n" \
590 ++ "SUB %1, %1, D0Ar2\n")
591 +
592 + /* rewind 'from' pointer when a fault occurs
593 + *
594 + * Rationale:
595 + * A fault occurs while reading from user buffer, which is the
596 +- * source. Since the fault is at a single address, we only
597 +- * need to rewind by 4 bytes.
598 ++ * source.
599 + * Since we don't write to kernel buffer until we read first,
600 + * the kernel buffer is at the right state and needn't be
601 +- * corrected.
602 ++ * corrected, but the source must be rewound to the beginning of
603 ++ * the block, which is LSM_STEP*4 bytes.
604 ++ * LSM_STEP is bits 10:8 in TXSTATUS which is already read
605 ++ * and stored in D0Ar2
606 ++ *
607 ++ * NOTE: If a fault occurs at the last operation in M{G,S}ETL
608 ++ * LSM_STEP will be 0. ie: we do 4 writes in our case, if
609 ++ * a fault happens at the 4th write, LSM_STEP will be 0
610 ++ * instead of 4. The code copes with that.
611 + */
612 + #define __asm_copy_from_user_32bit_rapf_loop(to, from, ret, n, id) \
613 + __asm_copy_user_32bit_rapf_loop(to, from, ret, n, id, \
614 +- "SUB %1, %1, #4\n")
615 ++ "LSR D0Ar2, D0Ar2, #6\n" \
616 ++ "ANDS D0Ar2, D0Ar2, #0x1c\n" \
617 ++ "ADDZ D0Ar2, D0Ar2, #16\n" \
618 ++ "SUB %1, %1, D0Ar2\n")
619 +
620 +
621 +-/* Copy from user to kernel, zeroing the bytes that were inaccessible in
622 +- userland. The return-value is the number of bytes that were
623 +- inaccessible. */
624 +-unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
625 +- unsigned long n)
626 ++/*
627 ++ * Copy from user to kernel. The return-value is the number of bytes that were
628 ++ * inaccessible.
629 ++ */
630 ++unsigned long raw_copy_from_user(void *pdst, const void __user *psrc,
631 ++ unsigned long n)
632 + {
633 + register char *dst asm ("A0.2") = pdst;
634 + register const char __user *src asm ("A1.2") = psrc;
635 +@@ -830,6 +773,8 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
636 + if ((unsigned long) src & 1) {
637 + __asm_copy_from_user_1(dst, src, retn);
638 + n--;
639 ++ if (retn)
640 ++ return retn + n;
641 + }
642 + if ((unsigned long) dst & 1) {
643 + /* Worst case - byte copy */
644 +@@ -837,12 +782,14 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
645 + __asm_copy_from_user_1(dst, src, retn);
646 + n--;
647 + if (retn)
648 +- goto copy_exception_bytes;
649 ++ return retn + n;
650 + }
651 + }
652 + if (((unsigned long) src & 2) && n >= 2) {
653 + __asm_copy_from_user_2(dst, src, retn);
654 + n -= 2;
655 ++ if (retn)
656 ++ return retn + n;
657 + }
658 + if ((unsigned long) dst & 2) {
659 + /* Second worst case - word copy */
660 +@@ -850,16 +797,10 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
661 + __asm_copy_from_user_2(dst, src, retn);
662 + n -= 2;
663 + if (retn)
664 +- goto copy_exception_bytes;
665 ++ return retn + n;
666 + }
667 + }
668 +
669 +- /* We only need one check after the unalignment-adjustments,
670 +- because if both adjustments were done, either both or
671 +- neither reference had an exception. */
672 +- if (retn != 0)
673 +- goto copy_exception_bytes;
674 +-
675 + #ifdef USE_RAPF
676 + /* 64 bit copy loop */
677 + if (!(((unsigned long) src | (unsigned long) dst) & 7)) {
678 +@@ -872,7 +813,7 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
679 + __asm_copy_from_user_8x64(dst, src, retn);
680 + n -= 8;
681 + if (retn)
682 +- goto copy_exception_bytes;
683 ++ return retn + n;
684 + }
685 + }
686 +
687 +@@ -888,7 +829,7 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
688 + __asm_copy_from_user_8x64(dst, src, retn);
689 + n -= 8;
690 + if (retn)
691 +- goto copy_exception_bytes;
692 ++ return retn + n;
693 + }
694 + }
695 + #endif
696 +@@ -898,7 +839,7 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
697 + n -= 4;
698 +
699 + if (retn)
700 +- goto copy_exception_bytes;
701 ++ return retn + n;
702 + }
703 +
704 + /* If we get here, there were no memory read faults. */
705 +@@ -924,21 +865,8 @@ unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc,
706 + /* If we get here, retn correctly reflects the number of failing
707 + bytes. */
708 + return retn;
709 +-
710 +- copy_exception_bytes:
711 +- /* We already have "retn" bytes cleared, and need to clear the
712 +- remaining "n" bytes. A non-optimized simple byte-for-byte in-line
713 +- memset is preferred here, since this isn't speed-critical code and
714 +- we'd rather have this a leaf-function than calling memset. */
715 +- {
716 +- char *endp;
717 +- for (endp = dst + n; dst < endp; dst++)
718 +- *dst = 0;
719 +- }
720 +-
721 +- return retn + n;
722 + }
723 +-EXPORT_SYMBOL(__copy_user_zeroing);
724 ++EXPORT_SYMBOL(raw_copy_from_user);
725 +
726 + #define __asm_clear_8x64(to, ret) \
727 + asm volatile ( \
728 +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
729 +index db459612de44..75bfca69e418 100644
730 +--- a/arch/mips/Kconfig
731 ++++ b/arch/mips/Kconfig
732 +@@ -1412,7 +1412,7 @@ config CPU_MIPS32_R6
733 + select CPU_SUPPORTS_MSA
734 + select GENERIC_CSUM
735 + select HAVE_KVM
736 +- select MIPS_O32_FP64_SUPPORT
737 ++ select MIPS_O32_FP64_SUPPORT if 32BIT
738 + help
739 + Choose this option to build a kernel for release 6 or later of the
740 + MIPS32 architecture. New MIPS processors, starting with the Warrior
741 +diff --git a/arch/mips/include/asm/spinlock.h b/arch/mips/include/asm/spinlock.h
742 +index 40196bebe849..2365ce0ad8f2 100644
743 +--- a/arch/mips/include/asm/spinlock.h
744 ++++ b/arch/mips/include/asm/spinlock.h
745 +@@ -112,7 +112,7 @@ static inline void arch_spin_lock(arch_spinlock_t *lock)
746 + " andi %[ticket], %[ticket], 0xffff \n"
747 + " bne %[ticket], %[my_ticket], 4f \n"
748 + " subu %[ticket], %[my_ticket], %[ticket] \n"
749 +- "2: \n"
750 ++ "2: .insn \n"
751 + " .subsection 2 \n"
752 + "4: andi %[ticket], %[ticket], 0xffff \n"
753 + " sll %[ticket], 5 \n"
754 +@@ -187,7 +187,7 @@ static inline unsigned int arch_spin_trylock(arch_spinlock_t *lock)
755 + " sc %[ticket], %[ticket_ptr] \n"
756 + " beqz %[ticket], 1b \n"
757 + " li %[ticket], 1 \n"
758 +- "2: \n"
759 ++ "2: .insn \n"
760 + " .subsection 2 \n"
761 + "3: b 2b \n"
762 + " li %[ticket], 0 \n"
763 +@@ -367,7 +367,7 @@ static inline int arch_read_trylock(arch_rwlock_t *rw)
764 + " .set reorder \n"
765 + __WEAK_LLSC_MB
766 + " li %2, 1 \n"
767 +- "2: \n"
768 ++ "2: .insn \n"
769 + : "=" GCC_OFF_SMALL_ASM() (rw->lock), "=&r" (tmp), "=&r" (ret)
770 + : GCC_OFF_SMALL_ASM() (rw->lock)
771 + : "memory");
772 +@@ -407,7 +407,7 @@ static inline int arch_write_trylock(arch_rwlock_t *rw)
773 + " lui %1, 0x8000 \n"
774 + " sc %1, %0 \n"
775 + " li %2, 1 \n"
776 +- "2: \n"
777 ++ "2: .insn \n"
778 + : "=" GCC_OFF_SMALL_ASM() (rw->lock), "=&r" (tmp),
779 + "=&r" (ret)
780 + : GCC_OFF_SMALL_ASM() (rw->lock)
781 +diff --git a/arch/mips/lantiq/xway/sysctrl.c b/arch/mips/lantiq/xway/sysctrl.c
782 +index 3e390a4e3897..daf580ce5ca2 100644
783 +--- a/arch/mips/lantiq/xway/sysctrl.c
784 ++++ b/arch/mips/lantiq/xway/sysctrl.c
785 +@@ -467,7 +467,7 @@ void __init ltq_soc_init(void)
786 +
787 + if (!np_xbar)
788 + panic("Failed to load xbar nodes from devicetree");
789 +- if (of_address_to_resource(np_pmu, 0, &res_xbar))
790 ++ if (of_address_to_resource(np_xbar, 0, &res_xbar))
791 + panic("Failed to get xbar resources");
792 + if (request_mem_region(res_xbar.start, resource_size(&res_xbar),
793 + res_xbar.name) < 0)
794 +diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
795 +index 29f73e00253d..63b7d6f82d24 100644
796 +--- a/arch/mips/mm/tlbex.c
797 ++++ b/arch/mips/mm/tlbex.c
798 +@@ -757,7 +757,8 @@ static void build_huge_update_entries(u32 **p, unsigned int pte,
799 + static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
800 + struct uasm_label **l,
801 + unsigned int pte,
802 +- unsigned int ptr)
803 ++ unsigned int ptr,
804 ++ unsigned int flush)
805 + {
806 + #ifdef CONFIG_SMP
807 + UASM_i_SC(p, pte, 0, ptr);
808 +@@ -766,6 +767,22 @@ static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
809 + #else
810 + UASM_i_SW(p, pte, 0, ptr);
811 + #endif
812 ++ if (cpu_has_ftlb && flush) {
813 ++ BUG_ON(!cpu_has_tlbinv);
814 ++
815 ++ UASM_i_MFC0(p, ptr, C0_ENTRYHI);
816 ++ uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
817 ++ UASM_i_MTC0(p, ptr, C0_ENTRYHI);
818 ++ build_tlb_write_entry(p, l, r, tlb_indexed);
819 ++
820 ++ uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
821 ++ UASM_i_MTC0(p, ptr, C0_ENTRYHI);
822 ++ build_huge_update_entries(p, pte, ptr);
823 ++ build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
824 ++
825 ++ return;
826 ++ }
827 ++
828 + build_huge_update_entries(p, pte, ptr);
829 + build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
830 + }
831 +@@ -2082,7 +2099,7 @@ static void build_r4000_tlb_load_handler(void)
832 + uasm_l_tlbl_goaround2(&l, p);
833 + }
834 + uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
835 +- build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
836 ++ build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
837 + #endif
838 +
839 + uasm_l_nopage_tlbl(&l, p);
840 +@@ -2137,7 +2154,7 @@ static void build_r4000_tlb_store_handler(void)
841 + build_tlb_probe_entry(&p);
842 + uasm_i_ori(&p, wr.r1, wr.r1,
843 + _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
844 +- build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
845 ++ build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
846 + #endif
847 +
848 + uasm_l_nopage_tlbs(&l, p);
849 +@@ -2193,7 +2210,7 @@ static void build_r4000_tlb_modify_handler(void)
850 + build_tlb_probe_entry(&p);
851 + uasm_i_ori(&p, wr.r1, wr.r1,
852 + _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
853 +- build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
854 ++ build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
855 + #endif
856 +
857 + uasm_l_nopage_tlbm(&l, p);
858 +diff --git a/arch/mips/ralink/rt3883.c b/arch/mips/ralink/rt3883.c
859 +index f42834c7f007..3c575093f8f1 100644
860 +--- a/arch/mips/ralink/rt3883.c
861 ++++ b/arch/mips/ralink/rt3883.c
862 +@@ -36,7 +36,7 @@ static struct rt2880_pmx_func uartlite_func[] = { FUNC("uartlite", 0, 15, 2) };
863 + static struct rt2880_pmx_func jtag_func[] = { FUNC("jtag", 0, 17, 5) };
864 + static struct rt2880_pmx_func mdio_func[] = { FUNC("mdio", 0, 22, 2) };
865 + static struct rt2880_pmx_func lna_a_func[] = { FUNC("lna a", 0, 32, 3) };
866 +-static struct rt2880_pmx_func lna_g_func[] = { FUNC("lna a", 0, 35, 3) };
867 ++static struct rt2880_pmx_func lna_g_func[] = { FUNC("lna g", 0, 35, 3) };
868 + static struct rt2880_pmx_func pci_func[] = {
869 + FUNC("pci-dev", 0, 40, 32),
870 + FUNC("pci-host2", 1, 40, 32),
871 +@@ -44,7 +44,7 @@ static struct rt2880_pmx_func pci_func[] = {
872 + FUNC("pci-fnc", 3, 40, 32)
873 + };
874 + static struct rt2880_pmx_func ge1_func[] = { FUNC("ge1", 0, 72, 12) };
875 +-static struct rt2880_pmx_func ge2_func[] = { FUNC("ge1", 0, 84, 12) };
876 ++static struct rt2880_pmx_func ge2_func[] = { FUNC("ge2", 0, 84, 12) };
877 +
878 + static struct rt2880_pmx_group rt3883_pinmux_data[] = {
879 + GRP("i2c", i2c_func, 1, RT3883_GPIO_MODE_I2C),
880 +diff --git a/arch/nios2/kernel/prom.c b/arch/nios2/kernel/prom.c
881 +index 718dd197909f..de73beb36910 100644
882 +--- a/arch/nios2/kernel/prom.c
883 ++++ b/arch/nios2/kernel/prom.c
884 +@@ -48,6 +48,13 @@ void * __init early_init_dt_alloc_memory_arch(u64 size, u64 align)
885 + return alloc_bootmem_align(size, align);
886 + }
887 +
888 ++int __init early_init_dt_reserve_memory_arch(phys_addr_t base, phys_addr_t size,
889 ++ bool nomap)
890 ++{
891 ++ reserve_bootmem(base, size, BOOTMEM_DEFAULT);
892 ++ return 0;
893 ++}
894 ++
895 + void __init early_init_devtree(void *params)
896 + {
897 + __be32 *dtb = (u32 *)__dtb_start;
898 +diff --git a/arch/nios2/kernel/setup.c b/arch/nios2/kernel/setup.c
899 +index a4ff86d58d5c..6c4e351a7930 100644
900 +--- a/arch/nios2/kernel/setup.c
901 ++++ b/arch/nios2/kernel/setup.c
902 +@@ -195,6 +195,9 @@ void __init setup_arch(char **cmdline_p)
903 + }
904 + #endif /* CONFIG_BLK_DEV_INITRD */
905 +
906 ++ early_init_fdt_reserve_self();
907 ++ early_init_fdt_scan_reserved_mem();
908 ++
909 + unflatten_and_copy_device_tree();
910 +
911 + setup_cpuinfo();
912 +diff --git a/arch/powerpc/kernel/align.c b/arch/powerpc/kernel/align.c
913 +index 86150fbb42c3..91e5c1758b5c 100644
914 +--- a/arch/powerpc/kernel/align.c
915 ++++ b/arch/powerpc/kernel/align.c
916 +@@ -808,14 +808,25 @@ int fix_alignment(struct pt_regs *regs)
917 + nb = aligninfo[instr].len;
918 + flags = aligninfo[instr].flags;
919 +
920 +- /* ldbrx/stdbrx overlap lfs/stfs in the DSISR unfortunately */
921 +- if (IS_XFORM(instruction) && ((instruction >> 1) & 0x3ff) == 532) {
922 +- nb = 8;
923 +- flags = LD+SW;
924 +- } else if (IS_XFORM(instruction) &&
925 +- ((instruction >> 1) & 0x3ff) == 660) {
926 +- nb = 8;
927 +- flags = ST+SW;
928 ++ /*
929 ++ * Handle some cases which give overlaps in the DSISR values.
930 ++ */
931 ++ if (IS_XFORM(instruction)) {
932 ++ switch (get_xop(instruction)) {
933 ++ case 532: /* ldbrx */
934 ++ nb = 8;
935 ++ flags = LD+SW;
936 ++ break;
937 ++ case 660: /* stdbrx */
938 ++ nb = 8;
939 ++ flags = ST+SW;
940 ++ break;
941 ++ case 20: /* lwarx */
942 ++ case 84: /* ldarx */
943 ++ case 116: /* lharx */
944 ++ case 276: /* lqarx */
945 ++ return 0; /* not emulated ever */
946 ++ }
947 + }
948 +
949 + /* Byteswap little endian loads and stores */
950 +diff --git a/arch/powerpc/mm/hash_native_64.c b/arch/powerpc/mm/hash_native_64.c
951 +index c8822af10a58..19d9b2d2d212 100644
952 +--- a/arch/powerpc/mm/hash_native_64.c
953 ++++ b/arch/powerpc/mm/hash_native_64.c
954 +@@ -645,6 +645,10 @@ static void native_flush_hash_range(unsigned long number, int local)
955 + unsigned long psize = batch->psize;
956 + int ssize = batch->ssize;
957 + int i;
958 ++ unsigned int use_local;
959 ++
960 ++ use_local = local && mmu_has_feature(MMU_FTR_TLBIEL) &&
961 ++ mmu_psize_defs[psize].tlbiel && !cxl_ctx_in_use();
962 +
963 + local_irq_save(flags);
964 +
965 +@@ -671,8 +675,7 @@ static void native_flush_hash_range(unsigned long number, int local)
966 + } pte_iterate_hashed_end();
967 + }
968 +
969 +- if (mmu_has_feature(MMU_FTR_TLBIEL) &&
970 +- mmu_psize_defs[psize].tlbiel && local) {
971 ++ if (use_local) {
972 + asm volatile("ptesync":::"memory");
973 + for (i = 0; i < number; i++) {
974 + vpn = batch->vpn[i];
975 +diff --git a/arch/s390/boot/compressed/misc.c b/arch/s390/boot/compressed/misc.c
976 +index 4da604ebf6fd..ca15613eaaa4 100644
977 +--- a/arch/s390/boot/compressed/misc.c
978 ++++ b/arch/s390/boot/compressed/misc.c
979 +@@ -141,31 +141,34 @@ static void check_ipl_parmblock(void *start, unsigned long size)
980 +
981 + unsigned long decompress_kernel(void)
982 + {
983 +- unsigned long output_addr;
984 +- unsigned char *output;
985 ++ void *output, *kernel_end;
986 +
987 +- output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL;
988 +- check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start);
989 +- memset(&_bss, 0, &_ebss - &_bss);
990 +- free_mem_ptr = (unsigned long)&_end;
991 +- free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;
992 +- output = (unsigned char *) output_addr;
993 ++ output = (void *) ALIGN((unsigned long) &_end + HEAP_SIZE, PAGE_SIZE);
994 ++ kernel_end = output + SZ__bss_start;
995 ++ check_ipl_parmblock((void *) 0, (unsigned long) kernel_end);
996 +
997 + #ifdef CONFIG_BLK_DEV_INITRD
998 + /*
999 + * Move the initrd right behind the end of the decompressed
1000 +- * kernel image.
1001 ++ * kernel image. This also prevents initrd corruption caused by
1002 ++ * bss clearing since kernel_end will always be located behind the
1003 ++ * current bss section..
1004 + */
1005 +- if (INITRD_START && INITRD_SIZE &&
1006 +- INITRD_START < (unsigned long) output + SZ__bss_start) {
1007 +- check_ipl_parmblock(output + SZ__bss_start,
1008 +- INITRD_START + INITRD_SIZE);
1009 +- memmove(output + SZ__bss_start,
1010 +- (void *) INITRD_START, INITRD_SIZE);
1011 +- INITRD_START = (unsigned long) output + SZ__bss_start;
1012 ++ if (INITRD_START && INITRD_SIZE && kernel_end > (void *) INITRD_START) {
1013 ++ check_ipl_parmblock(kernel_end, INITRD_SIZE);
1014 ++ memmove(kernel_end, (void *) INITRD_START, INITRD_SIZE);
1015 ++ INITRD_START = (unsigned long) kernel_end;
1016 + }
1017 + #endif
1018 +
1019 ++ /*
1020 ++ * Clear bss section. free_mem_ptr and free_mem_end_ptr need to be
1021 ++ * initialized afterwards since they reside in bss.
1022 ++ */
1023 ++ memset(&_bss, 0, &_ebss - &_bss);
1024 ++ free_mem_ptr = (unsigned long) &_end;
1025 ++ free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;
1026 ++
1027 + puts("Uncompressing Linux... ");
1028 + __decompress(input_data, input_len, NULL, NULL, output, 0, NULL, error);
1029 + puts("Ok, booting the kernel.\n");
1030 +diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
1031 +index 5c7381c5ad7f..c8d837f0fbbc 100644
1032 +--- a/arch/s390/include/asm/uaccess.h
1033 ++++ b/arch/s390/include/asm/uaccess.h
1034 +@@ -150,7 +150,7 @@ unsigned long __must_check __copy_to_user(void __user *to, const void *from,
1035 + " jg 2b\n" \
1036 + ".popsection\n" \
1037 + EX_TABLE(0b,3b) EX_TABLE(1b,3b) \
1038 +- : "=d" (__rc), "=Q" (*(to)) \
1039 ++ : "=d" (__rc), "+Q" (*(to)) \
1040 + : "d" (size), "Q" (*(from)), \
1041 + "d" (__reg0), "K" (-EFAULT) \
1042 + : "cc"); \
1043 +diff --git a/drivers/gpu/drm/ttm/ttm_object.c b/drivers/gpu/drm/ttm/ttm_object.c
1044 +index 4f5fa8d65fe9..144367c0c28f 100644
1045 +--- a/drivers/gpu/drm/ttm/ttm_object.c
1046 ++++ b/drivers/gpu/drm/ttm/ttm_object.c
1047 +@@ -179,7 +179,7 @@ int ttm_base_object_init(struct ttm_object_file *tfile,
1048 + if (unlikely(ret != 0))
1049 + goto out_err0;
1050 +
1051 +- ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL);
1052 ++ ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false);
1053 + if (unlikely(ret != 0))
1054 + goto out_err1;
1055 +
1056 +@@ -318,7 +318,8 @@ EXPORT_SYMBOL(ttm_ref_object_exists);
1057 +
1058 + int ttm_ref_object_add(struct ttm_object_file *tfile,
1059 + struct ttm_base_object *base,
1060 +- enum ttm_ref_type ref_type, bool *existed)
1061 ++ enum ttm_ref_type ref_type, bool *existed,
1062 ++ bool require_existed)
1063 + {
1064 + struct drm_open_hash *ht = &tfile->ref_hash[ref_type];
1065 + struct ttm_ref_object *ref;
1066 +@@ -345,6 +346,9 @@ int ttm_ref_object_add(struct ttm_object_file *tfile,
1067 + }
1068 +
1069 + rcu_read_unlock();
1070 ++ if (require_existed)
1071 ++ return -EPERM;
1072 ++
1073 + ret = ttm_mem_global_alloc(mem_glob, sizeof(*ref),
1074 + false, false);
1075 + if (unlikely(ret != 0))
1076 +@@ -635,7 +639,7 @@ int ttm_prime_fd_to_handle(struct ttm_object_file *tfile,
1077 + prime = (struct ttm_prime_object *) dma_buf->priv;
1078 + base = &prime->base;
1079 + *handle = base->hash.key;
1080 +- ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL);
1081 ++ ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false);
1082 +
1083 + dma_buf_put(dma_buf);
1084 +
1085 +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c
1086 +index 8e689b439890..6c649f7b5929 100644
1087 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c
1088 ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c
1089 +@@ -539,7 +539,7 @@ int vmw_fence_create(struct vmw_fence_manager *fman,
1090 + struct vmw_fence_obj **p_fence)
1091 + {
1092 + struct vmw_fence_obj *fence;
1093 +- int ret;
1094 ++ int ret;
1095 +
1096 + fence = kzalloc(sizeof(*fence), GFP_KERNEL);
1097 + if (unlikely(fence == NULL))
1098 +@@ -702,6 +702,41 @@ void vmw_fence_fifo_up(struct vmw_fence_manager *fman)
1099 + }
1100 +
1101 +
1102 ++/**
1103 ++ * vmw_fence_obj_lookup - Look up a user-space fence object
1104 ++ *
1105 ++ * @tfile: A struct ttm_object_file identifying the caller.
1106 ++ * @handle: A handle identifying the fence object.
1107 ++ * @return: A struct vmw_user_fence base ttm object on success or
1108 ++ * an error pointer on failure.
1109 ++ *
1110 ++ * The fence object is looked up and type-checked. The caller needs
1111 ++ * to have opened the fence object first, but since that happens on
1112 ++ * creation and fence objects aren't shareable, that's not an
1113 ++ * issue currently.
1114 ++ */
1115 ++static struct ttm_base_object *
1116 ++vmw_fence_obj_lookup(struct ttm_object_file *tfile, u32 handle)
1117 ++{
1118 ++ struct ttm_base_object *base = ttm_base_object_lookup(tfile, handle);
1119 ++
1120 ++ if (!base) {
1121 ++ pr_err("Invalid fence object handle 0x%08lx.\n",
1122 ++ (unsigned long)handle);
1123 ++ return ERR_PTR(-EINVAL);
1124 ++ }
1125 ++
1126 ++ if (base->refcount_release != vmw_user_fence_base_release) {
1127 ++ pr_err("Invalid fence object handle 0x%08lx.\n",
1128 ++ (unsigned long)handle);
1129 ++ ttm_base_object_unref(&base);
1130 ++ return ERR_PTR(-EINVAL);
1131 ++ }
1132 ++
1133 ++ return base;
1134 ++}
1135 ++
1136 ++
1137 + int vmw_fence_obj_wait_ioctl(struct drm_device *dev, void *data,
1138 + struct drm_file *file_priv)
1139 + {
1140 +@@ -727,13 +762,9 @@ int vmw_fence_obj_wait_ioctl(struct drm_device *dev, void *data,
1141 + arg->kernel_cookie = jiffies + wait_timeout;
1142 + }
1143 +
1144 +- base = ttm_base_object_lookup(tfile, arg->handle);
1145 +- if (unlikely(base == NULL)) {
1146 +- printk(KERN_ERR "Wait invalid fence object handle "
1147 +- "0x%08lx.\n",
1148 +- (unsigned long)arg->handle);
1149 +- return -EINVAL;
1150 +- }
1151 ++ base = vmw_fence_obj_lookup(tfile, arg->handle);
1152 ++ if (IS_ERR(base))
1153 ++ return PTR_ERR(base);
1154 +
1155 + fence = &(container_of(base, struct vmw_user_fence, base)->fence);
1156 +
1157 +@@ -772,13 +803,9 @@ int vmw_fence_obj_signaled_ioctl(struct drm_device *dev, void *data,
1158 + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile;
1159 + struct vmw_private *dev_priv = vmw_priv(dev);
1160 +
1161 +- base = ttm_base_object_lookup(tfile, arg->handle);
1162 +- if (unlikely(base == NULL)) {
1163 +- printk(KERN_ERR "Fence signaled invalid fence object handle "
1164 +- "0x%08lx.\n",
1165 +- (unsigned long)arg->handle);
1166 +- return -EINVAL;
1167 +- }
1168 ++ base = vmw_fence_obj_lookup(tfile, arg->handle);
1169 ++ if (IS_ERR(base))
1170 ++ return PTR_ERR(base);
1171 +
1172 + fence = &(container_of(base, struct vmw_user_fence, base)->fence);
1173 + fman = fman_from_fence(fence);
1174 +@@ -1093,6 +1120,7 @@ int vmw_fence_event_ioctl(struct drm_device *dev, void *data,
1175 + (struct drm_vmw_fence_event_arg *) data;
1176 + struct vmw_fence_obj *fence = NULL;
1177 + struct vmw_fpriv *vmw_fp = vmw_fpriv(file_priv);
1178 ++ struct ttm_object_file *tfile = vmw_fp->tfile;
1179 + struct drm_vmw_fence_rep __user *user_fence_rep =
1180 + (struct drm_vmw_fence_rep __user *)(unsigned long)
1181 + arg->fence_rep;
1182 +@@ -1106,24 +1134,18 @@ int vmw_fence_event_ioctl(struct drm_device *dev, void *data,
1183 + */
1184 + if (arg->handle) {
1185 + struct ttm_base_object *base =
1186 +- ttm_base_object_lookup_for_ref(dev_priv->tdev,
1187 +- arg->handle);
1188 +-
1189 +- if (unlikely(base == NULL)) {
1190 +- DRM_ERROR("Fence event invalid fence object handle "
1191 +- "0x%08lx.\n",
1192 +- (unsigned long)arg->handle);
1193 +- return -EINVAL;
1194 +- }
1195 ++ vmw_fence_obj_lookup(tfile, arg->handle);
1196 ++
1197 ++ if (IS_ERR(base))
1198 ++ return PTR_ERR(base);
1199 ++
1200 + fence = &(container_of(base, struct vmw_user_fence,
1201 + base)->fence);
1202 + (void) vmw_fence_obj_reference(fence);
1203 +
1204 + if (user_fence_rep != NULL) {
1205 +- bool existed;
1206 +-
1207 + ret = ttm_ref_object_add(vmw_fp->tfile, base,
1208 +- TTM_REF_USAGE, &existed);
1209 ++ TTM_REF_USAGE, NULL, false);
1210 + if (unlikely(ret != 0)) {
1211 + DRM_ERROR("Failed to reference a fence "
1212 + "object.\n");
1213 +@@ -1166,8 +1188,7 @@ int vmw_fence_event_ioctl(struct drm_device *dev, void *data,
1214 + return 0;
1215 + out_no_create:
1216 + if (user_fence_rep != NULL)
1217 +- ttm_ref_object_base_unref(vmw_fpriv(file_priv)->tfile,
1218 +- handle, TTM_REF_USAGE);
1219 ++ ttm_ref_object_base_unref(tfile, handle, TTM_REF_USAGE);
1220 + out_no_ref_obj:
1221 + vmw_fence_obj_unreference(&fence);
1222 + return ret;
1223 +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
1224 +index b8c6a03c8c54..5ec24fd801cd 100644
1225 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
1226 ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
1227 +@@ -114,8 +114,6 @@ int vmw_getparam_ioctl(struct drm_device *dev, void *data,
1228 + param->value = dev_priv->has_dx;
1229 + break;
1230 + default:
1231 +- DRM_ERROR("Illegal vmwgfx get param request: %d\n",
1232 +- param->param);
1233 + return -EINVAL;
1234 + }
1235 +
1236 +@@ -186,7 +184,7 @@ int vmw_get_cap_3d_ioctl(struct drm_device *dev, void *data,
1237 + bool gb_objects = !!(dev_priv->capabilities & SVGA_CAP_GBOBJECTS);
1238 + struct vmw_fpriv *vmw_fp = vmw_fpriv(file_priv);
1239 +
1240 +- if (unlikely(arg->pad64 != 0)) {
1241 ++ if (unlikely(arg->pad64 != 0 || arg->max_size == 0)) {
1242 + DRM_ERROR("Illegal GET_3D_CAP argument.\n");
1243 + return -EINVAL;
1244 + }
1245 +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
1246 +index e57667ca7557..dbca128a9aa6 100644
1247 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
1248 ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
1249 +@@ -591,7 +591,7 @@ static int vmw_user_dmabuf_synccpu_grab(struct vmw_user_dma_buffer *user_bo,
1250 + return ret;
1251 +
1252 + ret = ttm_ref_object_add(tfile, &user_bo->prime.base,
1253 +- TTM_REF_SYNCCPU_WRITE, &existed);
1254 ++ TTM_REF_SYNCCPU_WRITE, &existed, false);
1255 + if (ret != 0 || existed)
1256 + ttm_bo_synccpu_write_release(&user_bo->dma.base);
1257 +
1258 +@@ -775,7 +775,7 @@ int vmw_user_dmabuf_reference(struct ttm_object_file *tfile,
1259 +
1260 + *handle = user_bo->prime.base.hash.key;
1261 + return ttm_ref_object_add(tfile, &user_bo->prime.base,
1262 +- TTM_REF_USAGE, NULL);
1263 ++ TTM_REF_USAGE, NULL, false);
1264 + }
1265 +
1266 + /*
1267 +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
1268 +index 7d620e82e000..c9c04ccccdd9 100644
1269 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
1270 ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
1271 +@@ -715,11 +715,14 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data,
1272 + 128;
1273 +
1274 + num_sizes = 0;
1275 +- for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i)
1276 ++ for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) {
1277 ++ if (req->mip_levels[i] > DRM_VMW_MAX_MIP_LEVELS)
1278 ++ return -EINVAL;
1279 + num_sizes += req->mip_levels[i];
1280 ++ }
1281 +
1282 +- if (num_sizes > DRM_VMW_MAX_SURFACE_FACES *
1283 +- DRM_VMW_MAX_MIP_LEVELS)
1284 ++ if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS ||
1285 ++ num_sizes == 0)
1286 + return -EINVAL;
1287 +
1288 + size = vmw_user_surface_size + 128 +
1289 +@@ -904,17 +907,16 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv,
1290 + uint32_t handle;
1291 + struct ttm_base_object *base;
1292 + int ret;
1293 ++ bool require_exist = false;
1294 +
1295 + if (handle_type == DRM_VMW_HANDLE_PRIME) {
1296 + ret = ttm_prime_fd_to_handle(tfile, u_handle, &handle);
1297 + if (unlikely(ret != 0))
1298 + return ret;
1299 + } else {
1300 +- if (unlikely(drm_is_render_client(file_priv))) {
1301 +- DRM_ERROR("Render client refused legacy "
1302 +- "surface reference.\n");
1303 +- return -EACCES;
1304 +- }
1305 ++ if (unlikely(drm_is_render_client(file_priv)))
1306 ++ require_exist = true;
1307 ++
1308 + if (ACCESS_ONCE(vmw_fpriv(file_priv)->locked_master)) {
1309 + DRM_ERROR("Locked master refused legacy "
1310 + "surface reference.\n");
1311 +@@ -942,17 +944,14 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv,
1312 +
1313 + /*
1314 + * Make sure the surface creator has the same
1315 +- * authenticating master.
1316 ++ * authenticating master, or is already registered with us.
1317 + */
1318 + if (drm_is_primary_client(file_priv) &&
1319 +- user_srf->master != file_priv->master) {
1320 +- DRM_ERROR("Trying to reference surface outside of"
1321 +- " master domain.\n");
1322 +- ret = -EACCES;
1323 +- goto out_bad_resource;
1324 +- }
1325 ++ user_srf->master != file_priv->master)
1326 ++ require_exist = true;
1327 +
1328 +- ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL);
1329 ++ ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL,
1330 ++ require_exist);
1331 + if (unlikely(ret != 0)) {
1332 + DRM_ERROR("Could not add a reference to a surface.\n");
1333 + goto out_bad_resource;
1334 +diff --git a/drivers/iio/gyro/bmg160_core.c b/drivers/iio/gyro/bmg160_core.c
1335 +index acb3b303d800..90841abd3ce4 100644
1336 +--- a/drivers/iio/gyro/bmg160_core.c
1337 ++++ b/drivers/iio/gyro/bmg160_core.c
1338 +@@ -28,6 +28,7 @@
1339 + #include <linux/iio/trigger_consumer.h>
1340 + #include <linux/iio/triggered_buffer.h>
1341 + #include <linux/regmap.h>
1342 ++#include <linux/delay.h>
1343 + #include "bmg160.h"
1344 +
1345 + #define BMG160_IRQ_NAME "bmg160_event"
1346 +@@ -53,6 +54,9 @@
1347 + #define BMG160_NO_FILTER 0
1348 + #define BMG160_DEF_BW 100
1349 +
1350 ++#define BMG160_GYRO_REG_RESET 0x14
1351 ++#define BMG160_GYRO_RESET_VAL 0xb6
1352 ++
1353 + #define BMG160_REG_INT_MAP_0 0x17
1354 + #define BMG160_INT_MAP_0_BIT_ANY BIT(1)
1355 +
1356 +@@ -186,6 +190,14 @@ static int bmg160_chip_init(struct bmg160_data *data)
1357 + int ret;
1358 + unsigned int val;
1359 +
1360 ++ /*
1361 ++ * Reset chip to get it in a known good state. A delay of 30ms after
1362 ++ * reset is required according to the datasheet.
1363 ++ */
1364 ++ regmap_write(data->regmap, BMG160_GYRO_REG_RESET,
1365 ++ BMG160_GYRO_RESET_VAL);
1366 ++ usleep_range(30000, 30700);
1367 ++
1368 + ret = regmap_read(data->regmap, BMG160_REG_CHIP_ID, &val);
1369 + if (ret < 0) {
1370 + dev_err(data->dev, "Error reading reg_chip_id\n");
1371 +diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
1372 +index 3f2a3d611e4b..9c6357c03905 100644
1373 +--- a/drivers/staging/android/ashmem.c
1374 ++++ b/drivers/staging/android/ashmem.c
1375 +@@ -392,6 +392,7 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma)
1376 + ret = PTR_ERR(vmfile);
1377 + goto out;
1378 + }
1379 ++ vmfile->f_mode |= FMODE_LSEEK;
1380 + asma->file = vmfile;
1381 + }
1382 + get_file(asma->file);
1383 +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
1384 +index 2fa754c5fd62..6cb5c4b30e78 100644
1385 +--- a/fs/cifs/smb2pdu.c
1386 ++++ b/fs/cifs/smb2pdu.c
1387 +@@ -952,6 +952,10 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
1388 + return -EINVAL;
1389 + }
1390 +
1391 ++ /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */
1392 ++ if (tcon)
1393 ++ tcon->tid = 0;
1394 ++
1395 + rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req);
1396 + if (rc) {
1397 + kfree(unc_path);
1398 +diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
1399 +index b803213d1307..39c75a86c67f 100644
1400 +--- a/fs/sysfs/file.c
1401 ++++ b/fs/sysfs/file.c
1402 +@@ -108,7 +108,7 @@ static ssize_t sysfs_kf_read(struct kernfs_open_file *of, char *buf,
1403 + {
1404 + const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
1405 + struct kobject *kobj = of->kn->parent->priv;
1406 +- size_t len;
1407 ++ ssize_t len;
1408 +
1409 + /*
1410 + * If buf != of->prealloc_buf, we don't know how
1411 +@@ -117,13 +117,15 @@ static ssize_t sysfs_kf_read(struct kernfs_open_file *of, char *buf,
1412 + if (WARN_ON_ONCE(buf != of->prealloc_buf))
1413 + return 0;
1414 + len = ops->show(kobj, of->kn->priv, buf);
1415 ++ if (len < 0)
1416 ++ return len;
1417 + if (pos) {
1418 + if (len <= pos)
1419 + return 0;
1420 + len -= pos;
1421 + memmove(buf, buf + pos, len);
1422 + }
1423 +- return min(count, len);
1424 ++ return min_t(ssize_t, count, len);
1425 + }
1426 +
1427 + /* kernfs write callback for regular sysfs files */
1428 +diff --git a/include/drm/ttm/ttm_object.h b/include/drm/ttm/ttm_object.h
1429 +index ed953f98f0e1..1487011fe057 100644
1430 +--- a/include/drm/ttm/ttm_object.h
1431 ++++ b/include/drm/ttm/ttm_object.h
1432 +@@ -229,6 +229,8 @@ extern void ttm_base_object_unref(struct ttm_base_object **p_base);
1433 + * @ref_type: The type of reference.
1434 + * @existed: Upon completion, indicates that an identical reference object
1435 + * already existed, and the refcount was upped on that object instead.
1436 ++ * @require_existed: Fail with -EPERM if an identical ref object didn't
1437 ++ * already exist.
1438 + *
1439 + * Checks that the base object is shareable and adds a ref object to it.
1440 + *
1441 +@@ -243,7 +245,8 @@ extern void ttm_base_object_unref(struct ttm_base_object **p_base);
1442 + */
1443 + extern int ttm_ref_object_add(struct ttm_object_file *tfile,
1444 + struct ttm_base_object *base,
1445 +- enum ttm_ref_type ref_type, bool *existed);
1446 ++ enum ttm_ref_type ref_type, bool *existed,
1447 ++ bool require_existed);
1448 +
1449 + extern bool ttm_ref_object_exists(struct ttm_object_file *tfile,
1450 + struct ttm_base_object *base);
1451 +diff --git a/kernel/ptrace.c b/kernel/ptrace.c
1452 +index a46c40bfb5f6..c7e8ed99c953 100644
1453 +--- a/kernel/ptrace.c
1454 ++++ b/kernel/ptrace.c
1455 +@@ -151,11 +151,17 @@ static void ptrace_unfreeze_traced(struct task_struct *task)
1456 +
1457 + WARN_ON(!task->ptrace || task->parent != current);
1458 +
1459 ++ /*
1460 ++ * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up remotely.
1461 ++ * Recheck state under the lock to close this race.
1462 ++ */
1463 + spin_lock_irq(&task->sighand->siglock);
1464 +- if (__fatal_signal_pending(task))
1465 +- wake_up_state(task, __TASK_TRACED);
1466 +- else
1467 +- task->state = TASK_TRACED;
1468 ++ if (task->state == __TASK_TRACED) {
1469 ++ if (__fatal_signal_pending(task))
1470 ++ wake_up_state(task, __TASK_TRACED);
1471 ++ else
1472 ++ task->state = TASK_TRACED;
1473 ++ }
1474 + spin_unlock_irq(&task->sighand->siglock);
1475 + }
1476 +
1477 +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
1478 +index acbb0e73d3a2..7d7f99b0db47 100644
1479 +--- a/kernel/trace/ring_buffer.c
1480 ++++ b/kernel/trace/ring_buffer.c
1481 +@@ -4875,9 +4875,9 @@ static __init int test_ringbuffer(void)
1482 + rb_data[cpu].cnt = cpu;
1483 + rb_threads[cpu] = kthread_create(rb_test, &rb_data[cpu],
1484 + "rbtester/%d", cpu);
1485 +- if (WARN_ON(!rb_threads[cpu])) {
1486 ++ if (WARN_ON(IS_ERR(rb_threads[cpu]))) {
1487 + pr_cont("FAILED\n");
1488 +- ret = -1;
1489 ++ ret = PTR_ERR(rb_threads[cpu]);
1490 + goto out_free;
1491 + }
1492 +
1493 +@@ -4887,9 +4887,9 @@ static __init int test_ringbuffer(void)
1494 +
1495 + /* Now create the rb hammer! */
1496 + rb_hammer = kthread_run(rb_hammer_test, NULL, "rbhammer");
1497 +- if (WARN_ON(!rb_hammer)) {
1498 ++ if (WARN_ON(IS_ERR(rb_hammer))) {
1499 + pr_cont("FAILED\n");
1500 +- ret = -1;
1501 ++ ret = PTR_ERR(rb_hammer);
1502 + goto out_free;
1503 + }
1504 +
1505 +diff --git a/mm/mempolicy.c b/mm/mempolicy.c
1506 +index a4217fe60dff..e09b1a0e2cfe 100644
1507 +--- a/mm/mempolicy.c
1508 ++++ b/mm/mempolicy.c
1509 +@@ -1492,7 +1492,6 @@ COMPAT_SYSCALL_DEFINE5(get_mempolicy, int __user *, policy,
1510 + COMPAT_SYSCALL_DEFINE3(set_mempolicy, int, mode, compat_ulong_t __user *, nmask,
1511 + compat_ulong_t, maxnode)
1512 + {
1513 +- long err = 0;
1514 + unsigned long __user *nm = NULL;
1515 + unsigned long nr_bits, alloc_size;
1516 + DECLARE_BITMAP(bm, MAX_NUMNODES);
1517 +@@ -1501,14 +1500,13 @@ COMPAT_SYSCALL_DEFINE3(set_mempolicy, int, mode, compat_ulong_t __user *, nmask,
1518 + alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
1519 +
1520 + if (nmask) {
1521 +- err = compat_get_bitmap(bm, nmask, nr_bits);
1522 ++ if (compat_get_bitmap(bm, nmask, nr_bits))
1523 ++ return -EFAULT;
1524 + nm = compat_alloc_user_space(alloc_size);
1525 +- err |= copy_to_user(nm, bm, alloc_size);
1526 ++ if (copy_to_user(nm, bm, alloc_size))
1527 ++ return -EFAULT;
1528 + }
1529 +
1530 +- if (err)
1531 +- return -EFAULT;
1532 +-
1533 + return sys_set_mempolicy(mode, nm, nr_bits+1);
1534 + }
1535 +
1536 +@@ -1516,7 +1514,6 @@ COMPAT_SYSCALL_DEFINE6(mbind, compat_ulong_t, start, compat_ulong_t, len,
1537 + compat_ulong_t, mode, compat_ulong_t __user *, nmask,
1538 + compat_ulong_t, maxnode, compat_ulong_t, flags)
1539 + {
1540 +- long err = 0;
1541 + unsigned long __user *nm = NULL;
1542 + unsigned long nr_bits, alloc_size;
1543 + nodemask_t bm;
1544 +@@ -1525,14 +1522,13 @@ COMPAT_SYSCALL_DEFINE6(mbind, compat_ulong_t, start, compat_ulong_t, len,
1545 + alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8;
1546 +
1547 + if (nmask) {
1548 +- err = compat_get_bitmap(nodes_addr(bm), nmask, nr_bits);
1549 ++ if (compat_get_bitmap(nodes_addr(bm), nmask, nr_bits))
1550 ++ return -EFAULT;
1551 + nm = compat_alloc_user_space(alloc_size);
1552 +- err |= copy_to_user(nm, nodes_addr(bm), alloc_size);
1553 ++ if (copy_to_user(nm, nodes_addr(bm), alloc_size))
1554 ++ return -EFAULT;
1555 + }
1556 +
1557 +- if (err)
1558 +- return -EFAULT;
1559 +-
1560 + return sys_mbind(start, len, mode, nm, nr_bits+1, flags);
1561 + }
1562 +
Report Message
Find on MARC Find on Google Groups