Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:3.18 commit in: /
Date: Fri, 30 Oct 2015 18:39:05
Message-Id: 1446230315.3fcf680a3582b9ec58290902948953cd55bbc916.mpagano@gentoo
1 commit: 3fcf680a3582b9ec58290902948953cd55bbc916
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Oct 30 18:38:35 2015 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Fri Oct 30 18:38:35 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3fcf680a
7
8 Linux patch 3.18.23
9
10 0000_README | 4 +
11 1022_linux-3.18.23.patch | 10069 +++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 10073 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 7e934be..84e11a6 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -131,6 +131,10 @@ Patch: 1021_linux-3.18.22.patch
19 From: http://www.kernel.org
20 Desc: Linux 3.18.22
21
22 +Patch: 1022_linux-3.18.23.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 3.18.23
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1022_linux-3.18.23.patch b/1022_linux-3.18.23.patch
31 new file mode 100644
32 index 0000000..2acbfc9
33 --- /dev/null
34 +++ b/1022_linux-3.18.23.patch
35 @@ -0,0 +1,10069 @@
36 +diff --git a/Documentation/ABI/testing/configfs-usb-gadget-loopback b/Documentation/ABI/testing/configfs-usb-gadget-loopback
37 +index 9aae5bfb9908..06beefbcf061 100644
38 +--- a/Documentation/ABI/testing/configfs-usb-gadget-loopback
39 ++++ b/Documentation/ABI/testing/configfs-usb-gadget-loopback
40 +@@ -5,4 +5,4 @@ Description:
41 + The attributes:
42 +
43 + qlen - depth of loopback queue
44 +- bulk_buflen - buffer length
45 ++ buflen - buffer length
46 +diff --git a/Documentation/ABI/testing/configfs-usb-gadget-sourcesink b/Documentation/ABI/testing/configfs-usb-gadget-sourcesink
47 +index 29477c319f61..bc7ff731aa0c 100644
48 +--- a/Documentation/ABI/testing/configfs-usb-gadget-sourcesink
49 ++++ b/Documentation/ABI/testing/configfs-usb-gadget-sourcesink
50 +@@ -9,4 +9,4 @@ Description:
51 + isoc_maxpacket - 0 - 1023 (fs), 0 - 1024 (hs/ss)
52 + isoc_mult - 0..2 (hs/ss only)
53 + isoc_maxburst - 0..15 (ss only)
54 +- qlen - buffer length
55 ++ buflen - buffer length
56 +diff --git a/Documentation/HOWTO b/Documentation/HOWTO
57 +index 93aa8604630e..21152d397b88 100644
58 +--- a/Documentation/HOWTO
59 ++++ b/Documentation/HOWTO
60 +@@ -218,16 +218,16 @@ The development process
61 + Linux kernel development process currently consists of a few different
62 + main kernel "branches" and lots of different subsystem-specific kernel
63 + branches. These different branches are:
64 +- - main 3.x kernel tree
65 +- - 3.x.y -stable kernel tree
66 +- - 3.x -git kernel patches
67 ++ - main 4.x kernel tree
68 ++ - 4.x.y -stable kernel tree
69 ++ - 4.x -git kernel patches
70 + - subsystem specific kernel trees and patches
71 +- - the 3.x -next kernel tree for integration tests
72 ++ - the 4.x -next kernel tree for integration tests
73 +
74 +-3.x kernel tree
75 ++4.x kernel tree
76 + -----------------
77 +-3.x kernels are maintained by Linus Torvalds, and can be found on
78 +-kernel.org in the pub/linux/kernel/v3.x/ directory. Its development
79 ++4.x kernels are maintained by Linus Torvalds, and can be found on
80 ++kernel.org in the pub/linux/kernel/v4.x/ directory. Its development
81 + process is as follows:
82 + - As soon as a new kernel is released a two weeks window is open,
83 + during this period of time maintainers can submit big diffs to
84 +@@ -262,20 +262,20 @@ mailing list about kernel releases:
85 + released according to perceived bug status, not according to a
86 + preconceived timeline."
87 +
88 +-3.x.y -stable kernel tree
89 ++4.x.y -stable kernel tree
90 + ---------------------------
91 + Kernels with 3-part versions are -stable kernels. They contain
92 + relatively small and critical fixes for security problems or significant
93 +-regressions discovered in a given 3.x kernel.
94 ++regressions discovered in a given 4.x kernel.
95 +
96 + This is the recommended branch for users who want the most recent stable
97 + kernel and are not interested in helping test development/experimental
98 + versions.
99 +
100 +-If no 3.x.y kernel is available, then the highest numbered 3.x
101 ++If no 4.x.y kernel is available, then the highest numbered 4.x
102 + kernel is the current stable kernel.
103 +
104 +-3.x.y are maintained by the "stable" team <stable@×××××××××××.org>, and
105 ++4.x.y are maintained by the "stable" team <stable@×××××××××××.org>, and
106 + are released as needs dictate. The normal release period is approximately
107 + two weeks, but it can be longer if there are no pressing problems. A
108 + security-related problem, instead, can cause a release to happen almost
109 +@@ -285,7 +285,7 @@ The file Documentation/stable_kernel_rules.txt in the kernel tree
110 + documents what kinds of changes are acceptable for the -stable tree, and
111 + how the release process works.
112 +
113 +-3.x -git patches
114 ++4.x -git patches
115 + ------------------
116 + These are daily snapshots of Linus' kernel tree which are managed in a
117 + git repository (hence the name.) These patches are usually released
118 +@@ -317,9 +317,9 @@ revisions to it, and maintainers can mark patches as under review,
119 + accepted, or rejected. Most of these patchwork sites are listed at
120 + http://patchwork.kernel.org/.
121 +
122 +-3.x -next kernel tree for integration tests
123 ++4.x -next kernel tree for integration tests
124 + ---------------------------------------------
125 +-Before updates from subsystem trees are merged into the mainline 3.x
126 ++Before updates from subsystem trees are merged into the mainline 4.x
127 + tree, they need to be integration-tested. For this purpose, a special
128 + testing repository exists into which virtually all subsystem trees are
129 + pulled on an almost daily basis:
130 +diff --git a/Documentation/devicetree/bindings/net/ethernet.txt b/Documentation/devicetree/bindings/net/ethernet.txt
131 +index 3fc360523bc9..cb115a3b7e00 100644
132 +--- a/Documentation/devicetree/bindings/net/ethernet.txt
133 ++++ b/Documentation/devicetree/bindings/net/ethernet.txt
134 +@@ -19,7 +19,11 @@ The following properties are common to the Ethernet controllers:
135 + - phy: the same as "phy-handle" property, not recommended for new bindings.
136 + - phy-device: the same as "phy-handle" property, not recommended for new
137 + bindings.
138 ++- managed: string, specifies the PHY management type. Supported values are:
139 ++ "auto", "in-band-status". "auto" is the default, it usess MDIO for
140 ++ management if fixed-link is not specified.
141 +
142 + Child nodes of the Ethernet controller are typically the individual PHY devices
143 + connected via the MDIO bus (sometimes the MDIO bus controller is separate).
144 + They are described in the phy.txt file in this same directory.
145 ++For non-MDIO PHY management see fixed-link.txt.
146 +diff --git a/Makefile b/Makefile
147 +index 7adbbbeeb421..2ebc49903d33 100644
148 +--- a/Makefile
149 ++++ b/Makefile
150 +@@ -1,6 +1,6 @@
151 + VERSION = 3
152 + PATCHLEVEL = 18
153 +-SUBLEVEL = 22
154 ++SUBLEVEL = 23
155 + EXTRAVERSION =
156 + NAME = Diseased Newt
157 +
158 +diff --git a/arch/arm/Makefile b/arch/arm/Makefile
159 +index 034a94904d69..b5d79884b2af 100644
160 +--- a/arch/arm/Makefile
161 ++++ b/arch/arm/Makefile
162 +@@ -50,6 +50,14 @@ AS += -EL
163 + LD += -EL
164 + endif
165 +
166 ++#
167 ++# The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and
168 ++# later may result in code being generated that handles signed short and signed
169 ++# char struct members incorrectly. So disable it.
170 ++# (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65932)
171 ++#
172 ++KBUILD_CFLAGS += $(call cc-option,-fno-ipa-sra)
173 ++
174 + # This selects which instruction set is used.
175 + # Note that GCC does not numerically define an architecture version
176 + # macro, but instead defines a whole series of macros which makes
177 +diff --git a/arch/arm/boot/dts/imx25-pdk.dts b/arch/arm/boot/dts/imx25-pdk.dts
178 +index 9c21b1583762..300507fc722f 100644
179 +--- a/arch/arm/boot/dts/imx25-pdk.dts
180 ++++ b/arch/arm/boot/dts/imx25-pdk.dts
181 +@@ -10,6 +10,7 @@
182 + */
183 +
184 + /dts-v1/;
185 ++#include <dt-bindings/gpio/gpio.h>
186 + #include <dt-bindings/input/input.h>
187 + #include "imx25.dtsi"
188 +
189 +@@ -93,8 +94,8 @@
190 + &esdhc1 {
191 + pinctrl-names = "default";
192 + pinctrl-0 = <&pinctrl_esdhc1>;
193 +- cd-gpios = <&gpio2 1 0>;
194 +- wp-gpios = <&gpio2 0 0>;
195 ++ cd-gpios = <&gpio2 1 GPIO_ACTIVE_LOW>;
196 ++ wp-gpios = <&gpio2 0 GPIO_ACTIVE_HIGH>;
197 + status = "okay";
198 + };
199 +
200 +diff --git a/arch/arm/boot/dts/imx51-apf51dev.dts b/arch/arm/boot/dts/imx51-apf51dev.dts
201 +index c5a9a24c280a..cdd72e0eb4d4 100644
202 +--- a/arch/arm/boot/dts/imx51-apf51dev.dts
203 ++++ b/arch/arm/boot/dts/imx51-apf51dev.dts
204 +@@ -90,7 +90,7 @@
205 + &esdhc1 {
206 + pinctrl-names = "default";
207 + pinctrl-0 = <&pinctrl_esdhc1>;
208 +- cd-gpios = <&gpio2 29 GPIO_ACTIVE_HIGH>;
209 ++ cd-gpios = <&gpio2 29 GPIO_ACTIVE_LOW>;
210 + bus-width = <4>;
211 + status = "okay";
212 + };
213 +diff --git a/arch/arm/boot/dts/imx53-ard.dts b/arch/arm/boot/dts/imx53-ard.dts
214 +index e9337ad52f59..3bc18835fb4b 100644
215 +--- a/arch/arm/boot/dts/imx53-ard.dts
216 ++++ b/arch/arm/boot/dts/imx53-ard.dts
217 +@@ -103,8 +103,8 @@
218 + &esdhc1 {
219 + pinctrl-names = "default";
220 + pinctrl-0 = <&pinctrl_esdhc1>;
221 +- cd-gpios = <&gpio1 1 0>;
222 +- wp-gpios = <&gpio1 9 0>;
223 ++ cd-gpios = <&gpio1 1 GPIO_ACTIVE_LOW>;
224 ++ wp-gpios = <&gpio1 9 GPIO_ACTIVE_HIGH>;
225 + status = "okay";
226 + };
227 +
228 +diff --git a/arch/arm/boot/dts/imx53-m53evk.dts b/arch/arm/boot/dts/imx53-m53evk.dts
229 +index d0e0f57eb432..53f40885c530 100644
230 +--- a/arch/arm/boot/dts/imx53-m53evk.dts
231 ++++ b/arch/arm/boot/dts/imx53-m53evk.dts
232 +@@ -124,8 +124,8 @@
233 + &esdhc1 {
234 + pinctrl-names = "default";
235 + pinctrl-0 = <&pinctrl_esdhc1>;
236 +- cd-gpios = <&gpio1 1 0>;
237 +- wp-gpios = <&gpio1 9 0>;
238 ++ cd-gpios = <&gpio1 1 GPIO_ACTIVE_LOW>;
239 ++ wp-gpios = <&gpio1 9 GPIO_ACTIVE_HIGH>;
240 + status = "okay";
241 + };
242 +
243 +diff --git a/arch/arm/boot/dts/imx53-qsb-common.dtsi b/arch/arm/boot/dts/imx53-qsb-common.dtsi
244 +index 181ae5ebf23f..1f55187ed9ce 100644
245 +--- a/arch/arm/boot/dts/imx53-qsb-common.dtsi
246 ++++ b/arch/arm/boot/dts/imx53-qsb-common.dtsi
247 +@@ -147,8 +147,8 @@
248 + &esdhc3 {
249 + pinctrl-names = "default";
250 + pinctrl-0 = <&pinctrl_esdhc3>;
251 +- cd-gpios = <&gpio3 11 0>;
252 +- wp-gpios = <&gpio3 12 0>;
253 ++ cd-gpios = <&gpio3 11 GPIO_ACTIVE_LOW>;
254 ++ wp-gpios = <&gpio3 12 GPIO_ACTIVE_HIGH>;
255 + bus-width = <8>;
256 + status = "okay";
257 + };
258 +diff --git a/arch/arm/boot/dts/imx53-smd.dts b/arch/arm/boot/dts/imx53-smd.dts
259 +index 1d325576bcc0..fc89ce1e5763 100644
260 +--- a/arch/arm/boot/dts/imx53-smd.dts
261 ++++ b/arch/arm/boot/dts/imx53-smd.dts
262 +@@ -41,8 +41,8 @@
263 + &esdhc1 {
264 + pinctrl-names = "default";
265 + pinctrl-0 = <&pinctrl_esdhc1>;
266 +- cd-gpios = <&gpio3 13 0>;
267 +- wp-gpios = <&gpio4 11 0>;
268 ++ cd-gpios = <&gpio3 13 GPIO_ACTIVE_LOW>;
269 ++ wp-gpios = <&gpio4 11 GPIO_ACTIVE_HIGH>;
270 + status = "okay";
271 + };
272 +
273 +diff --git a/arch/arm/boot/dts/imx53-tqma53.dtsi b/arch/arm/boot/dts/imx53-tqma53.dtsi
274 +index 4f1f0e2868bf..e03373a58760 100644
275 +--- a/arch/arm/boot/dts/imx53-tqma53.dtsi
276 ++++ b/arch/arm/boot/dts/imx53-tqma53.dtsi
277 +@@ -41,8 +41,8 @@
278 + pinctrl-0 = <&pinctrl_esdhc2>,
279 + <&pinctrl_esdhc2_cdwp>;
280 + vmmc-supply = <&reg_3p3v>;
281 +- wp-gpios = <&gpio1 2 0>;
282 +- cd-gpios = <&gpio1 4 0>;
283 ++ wp-gpios = <&gpio1 2 GPIO_ACTIVE_HIGH>;
284 ++ cd-gpios = <&gpio1 4 GPIO_ACTIVE_LOW>;
285 + status = "disabled";
286 + };
287 +
288 +diff --git a/arch/arm/boot/dts/imx53-tx53.dtsi b/arch/arm/boot/dts/imx53-tx53.dtsi
289 +index 704bd72cbfec..d3e50b22064f 100644
290 +--- a/arch/arm/boot/dts/imx53-tx53.dtsi
291 ++++ b/arch/arm/boot/dts/imx53-tx53.dtsi
292 +@@ -183,7 +183,7 @@
293 + };
294 +
295 + &esdhc1 {
296 +- cd-gpios = <&gpio3 24 GPIO_ACTIVE_HIGH>;
297 ++ cd-gpios = <&gpio3 24 GPIO_ACTIVE_LOW>;
298 + fsl,wp-controller;
299 + pinctrl-names = "default";
300 + pinctrl-0 = <&pinctrl_esdhc1>;
301 +@@ -191,7 +191,7 @@
302 + };
303 +
304 + &esdhc2 {
305 +- cd-gpios = <&gpio3 25 GPIO_ACTIVE_HIGH>;
306 ++ cd-gpios = <&gpio3 25 GPIO_ACTIVE_LOW>;
307 + fsl,wp-controller;
308 + pinctrl-names = "default";
309 + pinctrl-0 = <&pinctrl_esdhc2>;
310 +diff --git a/arch/arm/boot/dts/imx53-voipac-bsb.dts b/arch/arm/boot/dts/imx53-voipac-bsb.dts
311 +index c17d3ad6dba5..fc51b87ad208 100644
312 +--- a/arch/arm/boot/dts/imx53-voipac-bsb.dts
313 ++++ b/arch/arm/boot/dts/imx53-voipac-bsb.dts
314 +@@ -119,8 +119,8 @@
315 + &esdhc2 {
316 + pinctrl-names = "default";
317 + pinctrl-0 = <&pinctrl_esdhc2>;
318 +- cd-gpios = <&gpio3 25 0>;
319 +- wp-gpios = <&gpio2 19 0>;
320 ++ cd-gpios = <&gpio3 25 GPIO_ACTIVE_LOW>;
321 ++ wp-gpios = <&gpio2 19 GPIO_ACTIVE_HIGH>;
322 + vmmc-supply = <&reg_3p3v>;
323 + status = "okay";
324 + };
325 +diff --git a/arch/arm/boot/dts/imx6qdl-rex.dtsi b/arch/arm/boot/dts/imx6qdl-rex.dtsi
326 +index df7bcf86c156..4b5e8c87e53f 100644
327 +--- a/arch/arm/boot/dts/imx6qdl-rex.dtsi
328 ++++ b/arch/arm/boot/dts/imx6qdl-rex.dtsi
329 +@@ -35,7 +35,6 @@
330 + compatible = "regulator-fixed";
331 + reg = <1>;
332 + pinctrl-names = "default";
333 +- pinctrl-0 = <&pinctrl_usbh1>;
334 + regulator-name = "usbh1_vbus";
335 + regulator-min-microvolt = <5000000>;
336 + regulator-max-microvolt = <5000000>;
337 +@@ -47,7 +46,6 @@
338 + compatible = "regulator-fixed";
339 + reg = <2>;
340 + pinctrl-names = "default";
341 +- pinctrl-0 = <&pinctrl_usbotg>;
342 + regulator-name = "usb_otg_vbus";
343 + regulator-min-microvolt = <5000000>;
344 + regulator-max-microvolt = <5000000>;
345 +diff --git a/arch/arm/boot/dts/omap3-beagle.dts b/arch/arm/boot/dts/omap3-beagle.dts
346 +index a9aae88b74f5..bd603aa2cd82 100644
347 +--- a/arch/arm/boot/dts/omap3-beagle.dts
348 ++++ b/arch/arm/boot/dts/omap3-beagle.dts
349 +@@ -176,7 +176,7 @@
350 +
351 + tfp410_pins: pinmux_tfp410_pins {
352 + pinctrl-single,pins = <
353 +- 0x194 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */
354 ++ 0x196 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */
355 + >;
356 + };
357 +
358 +diff --git a/arch/arm/boot/dts/omap5-uevm.dts b/arch/arm/boot/dts/omap5-uevm.dts
359 +index 159720d6c956..ec23e86e7e4f 100644
360 +--- a/arch/arm/boot/dts/omap5-uevm.dts
361 ++++ b/arch/arm/boot/dts/omap5-uevm.dts
362 +@@ -174,8 +174,8 @@
363 +
364 + i2c5_pins: pinmux_i2c5_pins {
365 + pinctrl-single,pins = <
366 +- 0x184 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */
367 +- 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */
368 ++ 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */
369 ++ 0x188 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */
370 + >;
371 + };
372 +
373 +diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
374 +index bd1983437205..ea6d69125dde 100644
375 +--- a/arch/arm/kernel/signal.c
376 ++++ b/arch/arm/kernel/signal.c
377 +@@ -354,12 +354,17 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
378 + */
379 + thumb = handler & 1;
380 +
381 +-#if __LINUX_ARM_ARCH__ >= 7
382 ++#if __LINUX_ARM_ARCH__ >= 6
383 + /*
384 +- * Clear the If-Then Thumb-2 execution state
385 +- * ARM spec requires this to be all 000s in ARM mode
386 +- * Snapdragon S4/Krait misbehaves on a Thumb=>ARM
387 +- * signal transition without this.
388 ++ * Clear the If-Then Thumb-2 execution state. ARM spec
389 ++ * requires this to be all 000s in ARM mode. Snapdragon
390 ++ * S4/Krait misbehaves on a Thumb=>ARM signal transition
391 ++ * without this.
392 ++ *
393 ++ * We must do this whenever we are running on a Thumb-2
394 ++ * capable CPU, which includes ARMv6T2. However, we elect
395 ++ * to do this whenever we're on an ARMv6 or later CPU for
396 ++ * simplicity.
397 + */
398 + cpsr &= ~PSR_IT_MASK;
399 + #endif
400 +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
401 +index cba52cf6ed3f..3535480e0e6b 100644
402 +--- a/arch/arm/kvm/mmu.c
403 ++++ b/arch/arm/kvm/mmu.c
404 +@@ -1439,8 +1439,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
405 + if (vma->vm_flags & VM_PFNMAP) {
406 + gpa_t gpa = mem->guest_phys_addr +
407 + (vm_start - mem->userspace_addr);
408 +- phys_addr_t pa = (vma->vm_pgoff << PAGE_SHIFT) +
409 +- vm_start - vma->vm_start;
410 ++ phys_addr_t pa;
411 ++
412 ++ pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
413 ++ pa += vm_start - vma->vm_start;
414 +
415 + ret = kvm_phys_addr_ioremap(kvm, gpa, pa,
416 + vm_end - vm_start,
417 +diff --git a/arch/arm/mach-omap2/clockdomains7xx_data.c b/arch/arm/mach-omap2/clockdomains7xx_data.c
418 +index 57d5df0c1fbd..7581e036bda6 100644
419 +--- a/arch/arm/mach-omap2/clockdomains7xx_data.c
420 ++++ b/arch/arm/mach-omap2/clockdomains7xx_data.c
421 +@@ -331,7 +331,7 @@ static struct clockdomain l4per2_7xx_clkdm = {
422 + .dep_bit = DRA7XX_L4PER2_STATDEP_SHIFT,
423 + .wkdep_srcs = l4per2_wkup_sleep_deps,
424 + .sleepdep_srcs = l4per2_wkup_sleep_deps,
425 +- .flags = CLKDM_CAN_HWSUP_SWSUP,
426 ++ .flags = CLKDM_CAN_SWSUP,
427 + };
428 +
429 + static struct clockdomain mpu0_7xx_clkdm = {
430 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
431 +index dc2d66cdf311..00b9c4870230 100644
432 +--- a/arch/arm64/Kconfig
433 ++++ b/arch/arm64/Kconfig
434 +@@ -91,6 +91,10 @@ config NO_IOPORT_MAP
435 + config STACKTRACE_SUPPORT
436 + def_bool y
437 +
438 ++config ILLEGAL_POINTER_VALUE
439 ++ hex
440 ++ default 0xdead000000000000
441 ++
442 + config LOCKDEP_SUPPORT
443 + def_bool y
444 +
445 +@@ -575,6 +579,22 @@ source "drivers/cpuidle/Kconfig"
446 +
447 + source "drivers/cpufreq/Kconfig"
448 +
449 ++config ARM64_ERRATUM_843419
450 ++ bool "Cortex-A53: 843419: A load or store might access an incorrect address"
451 ++ depends on MODULES
452 ++ default y
453 ++ help
454 ++ This option builds kernel modules using the large memory model in
455 ++ order to avoid the use of the ADRP instruction, which can cause
456 ++ a subsequent memory access to use an incorrect address on Cortex-A53
457 ++ parts up to r0p4.
458 ++
459 ++ Note that the kernel itself must be linked with a version of ld
460 ++ which fixes potentially affected ADRP instructions through the
461 ++ use of veneers.
462 ++
463 ++ If unsure, say Y.
464 ++
465 + endmenu
466 +
467 + source "net/Kconfig"
468 +diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
469 +index 20901ffed182..e7391aef5433 100644
470 +--- a/arch/arm64/Makefile
471 ++++ b/arch/arm64/Makefile
472 +@@ -32,6 +32,10 @@ endif
473 +
474 + CHECKFLAGS += -D__aarch64__
475 +
476 ++ifeq ($(CONFIG_ARM64_ERRATUM_843419), y)
477 ++CFLAGS_MODULE += -mcmodel=large
478 ++endif
479 ++
480 + # Default value
481 + head-y := arch/arm64/kernel/head.o
482 +
483 +diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S
484 +index 38e704e597f7..c85a02b6cca0 100644
485 +--- a/arch/arm64/kernel/entry-ftrace.S
486 ++++ b/arch/arm64/kernel/entry-ftrace.S
487 +@@ -177,6 +177,24 @@ ENTRY(ftrace_stub)
488 + ENDPROC(ftrace_stub)
489 +
490 + #ifdef CONFIG_FUNCTION_GRAPH_TRACER
491 ++ /* save return value regs*/
492 ++ .macro save_return_regs
493 ++ sub sp, sp, #64
494 ++ stp x0, x1, [sp]
495 ++ stp x2, x3, [sp, #16]
496 ++ stp x4, x5, [sp, #32]
497 ++ stp x6, x7, [sp, #48]
498 ++ .endm
499 ++
500 ++ /* restore return value regs*/
501 ++ .macro restore_return_regs
502 ++ ldp x0, x1, [sp]
503 ++ ldp x2, x3, [sp, #16]
504 ++ ldp x4, x5, [sp, #32]
505 ++ ldp x6, x7, [sp, #48]
506 ++ add sp, sp, #64
507 ++ .endm
508 ++
509 + /*
510 + * void ftrace_graph_caller(void)
511 + *
512 +@@ -203,11 +221,11 @@ ENDPROC(ftrace_graph_caller)
513 + * only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled.
514 + */
515 + ENTRY(return_to_handler)
516 +- str x0, [sp, #-16]!
517 ++ save_return_regs
518 + mov x0, x29 // parent's fp
519 + bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp);
520 + mov x30, x0 // restore the original return address
521 +- ldr x0, [sp], #16
522 ++ restore_return_regs
523 + ret
524 + END(return_to_handler)
525 + #endif /* CONFIG_FUNCTION_GRAPH_TRACER */
526 +diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
527 +index 0a6e4f924df8..2877dd818977 100644
528 +--- a/arch/arm64/kernel/head.S
529 ++++ b/arch/arm64/kernel/head.S
530 +@@ -327,6 +327,11 @@ CPU_LE( movk x0, #0x30d0, lsl #16 ) // Clear EE and E0E on LE systems
531 + msr hstr_el2, xzr // Disable CP15 traps to EL2
532 + #endif
533 +
534 ++ /* EL2 debug */
535 ++ mrs x0, pmcr_el0 // Disable debug access traps
536 ++ ubfx x0, x0, #11, #5 // to EL2 and allow access to
537 ++ msr mdcr_el2, x0 // all PMU counters from EL1
538 ++
539 + /* Stage-2 translation */
540 + msr vttbr_el2, xzr
541 +
542 +diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
543 +index 1eb1cc955139..e366329d96d8 100644
544 +--- a/arch/arm64/kernel/module.c
545 ++++ b/arch/arm64/kernel/module.c
546 +@@ -330,12 +330,14 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
547 + ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 0, 21,
548 + AARCH64_INSN_IMM_ADR);
549 + break;
550 ++#ifndef CONFIG_ARM64_ERRATUM_843419
551 + case R_AARCH64_ADR_PREL_PG_HI21_NC:
552 + overflow_check = false;
553 + case R_AARCH64_ADR_PREL_PG_HI21:
554 + ovf = reloc_insn_imm(RELOC_OP_PAGE, loc, val, 12, 21,
555 + AARCH64_INSN_IMM_ADR);
556 + break;
557 ++#endif
558 + case R_AARCH64_ADD_ABS_LO12_NC:
559 + case R_AARCH64_LDST8_ABS_LO12_NC:
560 + overflow_check = false;
561 +diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c
562 +index b4efc2e38336..15dd021b0025 100644
563 +--- a/arch/arm64/kernel/signal32.c
564 ++++ b/arch/arm64/kernel/signal32.c
565 +@@ -206,14 +206,32 @@ int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
566 +
567 + /*
568 + * VFP save/restore code.
569 ++ *
570 ++ * We have to be careful with endianness, since the fpsimd context-switch
571 ++ * code operates on 128-bit (Q) register values whereas the compat ABI
572 ++ * uses an array of 64-bit (D) registers. Consequently, we need to swap
573 ++ * the two halves of each Q register when running on a big-endian CPU.
574 + */
575 ++union __fpsimd_vreg {
576 ++ __uint128_t raw;
577 ++ struct {
578 ++#ifdef __AARCH64EB__
579 ++ u64 hi;
580 ++ u64 lo;
581 ++#else
582 ++ u64 lo;
583 ++ u64 hi;
584 ++#endif
585 ++ };
586 ++};
587 ++
588 + static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame)
589 + {
590 + struct fpsimd_state *fpsimd = &current->thread.fpsimd_state;
591 + compat_ulong_t magic = VFP_MAGIC;
592 + compat_ulong_t size = VFP_STORAGE_SIZE;
593 + compat_ulong_t fpscr, fpexc;
594 +- int err = 0;
595 ++ int i, err = 0;
596 +
597 + /*
598 + * Save the hardware registers to the fpsimd_state structure.
599 +@@ -229,10 +247,15 @@ static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame)
600 + /*
601 + * Now copy the FP registers. Since the registers are packed,
602 + * we can copy the prefix we want (V0-V15) as it is.
603 +- * FIXME: Won't work if big endian.
604 + */
605 +- err |= __copy_to_user(&frame->ufp.fpregs, fpsimd->vregs,
606 +- sizeof(frame->ufp.fpregs));
607 ++ for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) {
608 ++ union __fpsimd_vreg vreg = {
609 ++ .raw = fpsimd->vregs[i >> 1],
610 ++ };
611 ++
612 ++ __put_user_error(vreg.lo, &frame->ufp.fpregs[i], err);
613 ++ __put_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err);
614 ++ }
615 +
616 + /* Create an AArch32 fpscr from the fpsr and the fpcr. */
617 + fpscr = (fpsimd->fpsr & VFP_FPSCR_STAT_MASK) |
618 +@@ -257,7 +280,7 @@ static int compat_restore_vfp_context(struct compat_vfp_sigframe __user *frame)
619 + compat_ulong_t magic = VFP_MAGIC;
620 + compat_ulong_t size = VFP_STORAGE_SIZE;
621 + compat_ulong_t fpscr;
622 +- int err = 0;
623 ++ int i, err = 0;
624 +
625 + __get_user_error(magic, &frame->magic, err);
626 + __get_user_error(size, &frame->size, err);
627 +@@ -267,12 +290,14 @@ static int compat_restore_vfp_context(struct compat_vfp_sigframe __user *frame)
628 + if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE)
629 + return -EINVAL;
630 +
631 +- /*
632 +- * Copy the FP registers into the start of the fpsimd_state.
633 +- * FIXME: Won't work if big endian.
634 +- */
635 +- err |= __copy_from_user(fpsimd.vregs, frame->ufp.fpregs,
636 +- sizeof(frame->ufp.fpregs));
637 ++ /* Copy the FP registers into the start of the fpsimd_state. */
638 ++ for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) {
639 ++ union __fpsimd_vreg vreg;
640 ++
641 ++ __get_user_error(vreg.lo, &frame->ufp.fpregs[i], err);
642 ++ __get_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err);
643 ++ fpsimd.vregs[i >> 1] = vreg.raw;
644 ++ }
645 +
646 + /* Extract the fpsr and the fpcr from the fpscr */
647 + __get_user_error(fpscr, &frame->ufp.fpscr, err);
648 +diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S
649 +index a767f6a4ce54..566a457d1803 100644
650 +--- a/arch/arm64/kvm/hyp.S
651 ++++ b/arch/arm64/kvm/hyp.S
652 +@@ -843,8 +843,6 @@
653 + mrs x3, cntv_ctl_el0
654 + and x3, x3, #3
655 + str w3, [x0, #VCPU_TIMER_CNTV_CTL]
656 +- bic x3, x3, #1 // Clear Enable
657 +- msr cntv_ctl_el0, x3
658 +
659 + isb
660 +
661 +@@ -852,6 +850,9 @@
662 + str x3, [x0, #VCPU_TIMER_CNTV_CVAL]
663 +
664 + 1:
665 ++ // Disable the virtual timer
666 ++ msr cntv_ctl_el0, xzr
667 ++
668 + // Allow physical timer/counter access for the host
669 + mrs x2, cnthctl_el2
670 + orr x2, x2, #3
671 +diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
672 +index 41cb6d3d6075..6094c64b3380 100644
673 +--- a/arch/arm64/mm/fault.c
674 ++++ b/arch/arm64/mm/fault.c
675 +@@ -279,6 +279,7 @@ retry:
676 + * starvation.
677 + */
678 + mm_flags &= ~FAULT_FLAG_ALLOW_RETRY;
679 ++ mm_flags |= FAULT_FLAG_TRIED;
680 + goto retry;
681 + }
682 + }
683 +diff --git a/arch/m68k/include/asm/linkage.h b/arch/m68k/include/asm/linkage.h
684 +index 5a822bb790f7..066e74f666ae 100644
685 +--- a/arch/m68k/include/asm/linkage.h
686 ++++ b/arch/m68k/include/asm/linkage.h
687 +@@ -4,4 +4,34 @@
688 + #define __ALIGN .align 4
689 + #define __ALIGN_STR ".align 4"
690 +
691 ++/*
692 ++ * Make sure the compiler doesn't do anything stupid with the
693 ++ * arguments on the stack - they are owned by the *caller*, not
694 ++ * the callee. This just fools gcc into not spilling into them,
695 ++ * and keeps it from doing tailcall recursion and/or using the
696 ++ * stack slots for temporaries, since they are live and "used"
697 ++ * all the way to the end of the function.
698 ++ */
699 ++#define asmlinkage_protect(n, ret, args...) \
700 ++ __asmlinkage_protect##n(ret, ##args)
701 ++#define __asmlinkage_protect_n(ret, args...) \
702 ++ __asm__ __volatile__ ("" : "=r" (ret) : "0" (ret), ##args)
703 ++#define __asmlinkage_protect0(ret) \
704 ++ __asmlinkage_protect_n(ret)
705 ++#define __asmlinkage_protect1(ret, arg1) \
706 ++ __asmlinkage_protect_n(ret, "m" (arg1))
707 ++#define __asmlinkage_protect2(ret, arg1, arg2) \
708 ++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2))
709 ++#define __asmlinkage_protect3(ret, arg1, arg2, arg3) \
710 ++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3))
711 ++#define __asmlinkage_protect4(ret, arg1, arg2, arg3, arg4) \
712 ++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
713 ++ "m" (arg4))
714 ++#define __asmlinkage_protect5(ret, arg1, arg2, arg3, arg4, arg5) \
715 ++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
716 ++ "m" (arg4), "m" (arg5))
717 ++#define __asmlinkage_protect6(ret, arg1, arg2, arg3, arg4, arg5, arg6) \
718 ++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \
719 ++ "m" (arg4), "m" (arg5), "m" (arg6))
720 ++
721 + #endif
722 +diff --git a/arch/mips/mm/dma-default.c b/arch/mips/mm/dma-default.c
723 +index 33ba3c558fe4..027ad1f24e32 100644
724 +--- a/arch/mips/mm/dma-default.c
725 ++++ b/arch/mips/mm/dma-default.c
726 +@@ -95,7 +95,7 @@ static gfp_t massage_gfp_flags(const struct device *dev, gfp_t gfp)
727 + else
728 + #endif
729 + #if defined(CONFIG_ZONE_DMA) && !defined(CONFIG_ZONE_DMA32)
730 +- if (dev->coherent_dma_mask < DMA_BIT_MASK(64))
731 ++ if (dev->coherent_dma_mask < DMA_BIT_MASK(sizeof(phys_addr_t) * 8))
732 + dma_flag = __GFP_DMA;
733 + else
734 + #endif
735 +diff --git a/arch/parisc/kernel/irq.c b/arch/parisc/kernel/irq.c
736 +index cfe056fe7f5c..34f06be569d9 100644
737 +--- a/arch/parisc/kernel/irq.c
738 ++++ b/arch/parisc/kernel/irq.c
739 +@@ -507,8 +507,8 @@ void do_cpu_irq_mask(struct pt_regs *regs)
740 + struct pt_regs *old_regs;
741 + unsigned long eirr_val;
742 + int irq, cpu = smp_processor_id();
743 +-#ifdef CONFIG_SMP
744 + struct irq_desc *desc;
745 ++#ifdef CONFIG_SMP
746 + cpumask_t dest;
747 + #endif
748 +
749 +@@ -521,8 +521,12 @@ void do_cpu_irq_mask(struct pt_regs *regs)
750 + goto set_out;
751 + irq = eirr_to_irq(eirr_val);
752 +
753 +-#ifdef CONFIG_SMP
754 ++ /* Filter out spurious interrupts, mostly from serial port at bootup */
755 + desc = irq_to_desc(irq);
756 ++ if (unlikely(!desc->action))
757 ++ goto set_out;
758 ++
759 ++#ifdef CONFIG_SMP
760 + cpumask_copy(&dest, desc->irq_data.affinity);
761 + if (irqd_is_per_cpu(&desc->irq_data) &&
762 + !cpu_isset(smp_processor_id(), dest)) {
763 +diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S
764 +index 7ef22e3387e0..0b8d26d3ba43 100644
765 +--- a/arch/parisc/kernel/syscall.S
766 ++++ b/arch/parisc/kernel/syscall.S
767 +@@ -821,7 +821,7 @@ cas2_action:
768 + /* 64bit CAS */
769 + #ifdef CONFIG_64BIT
770 + 19: ldd,ma 0(%sr3,%r26), %r29
771 +- sub,= %r29, %r25, %r0
772 ++ sub,*= %r29, %r25, %r0
773 + b,n cas2_end
774 + 20: std,ma %r24, 0(%sr3,%r26)
775 + copy %r0, %r28
776 +diff --git a/arch/powerpc/include/asm/pgtable-ppc64.h b/arch/powerpc/include/asm/pgtable-ppc64.h
777 +index ae153c40ab7c..daf4add50743 100644
778 +--- a/arch/powerpc/include/asm/pgtable-ppc64.h
779 ++++ b/arch/powerpc/include/asm/pgtable-ppc64.h
780 +@@ -135,7 +135,19 @@
781 + #define pte_iterate_hashed_end() } while(0)
782 +
783 + #ifdef CONFIG_PPC_HAS_HASH_64K
784 +-#define pte_pagesize_index(mm, addr, pte) get_slice_psize(mm, addr)
785 ++/*
786 ++ * We expect this to be called only for user addresses or kernel virtual
787 ++ * addresses other than the linear mapping.
788 ++ */
789 ++#define pte_pagesize_index(mm, addr, pte) \
790 ++ ({ \
791 ++ unsigned int psize; \
792 ++ if (is_kernel_addr(addr)) \
793 ++ psize = MMU_PAGE_4K; \
794 ++ else \
795 ++ psize = get_slice_psize(mm, addr); \
796 ++ psize; \
797 ++ })
798 + #else
799 + #define pte_pagesize_index(mm, addr, pte) MMU_PAGE_4K
800 + #endif
801 +diff --git a/arch/powerpc/include/asm/rtas.h b/arch/powerpc/include/asm/rtas.h
802 +index b390f55b0df1..af37e69b3b74 100644
803 +--- a/arch/powerpc/include/asm/rtas.h
804 ++++ b/arch/powerpc/include/asm/rtas.h
805 +@@ -316,6 +316,7 @@ extern void rtas_power_off(void);
806 + extern void rtas_halt(void);
807 + extern void rtas_os_term(char *str);
808 + extern int rtas_get_sensor(int sensor, int index, int *state);
809 ++extern int rtas_get_sensor_fast(int sensor, int index, int *state);
810 + extern int rtas_get_power_level(int powerdomain, int *level);
811 + extern int rtas_set_power_level(int powerdomain, int level, int *setlevel);
812 + extern bool rtas_indicator_present(int token, int *maxindex);
813 +diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
814 +index 8b4c857c1421..af0dafab5807 100644
815 +--- a/arch/powerpc/kernel/rtas.c
816 ++++ b/arch/powerpc/kernel/rtas.c
817 +@@ -584,6 +584,23 @@ int rtas_get_sensor(int sensor, int index, int *state)
818 + }
819 + EXPORT_SYMBOL(rtas_get_sensor);
820 +
821 ++int rtas_get_sensor_fast(int sensor, int index, int *state)
822 ++{
823 ++ int token = rtas_token("get-sensor-state");
824 ++ int rc;
825 ++
826 ++ if (token == RTAS_UNKNOWN_SERVICE)
827 ++ return -ENOENT;
828 ++
829 ++ rc = rtas_call(token, 2, 2, state, sensor, index);
830 ++ WARN_ON(rc == RTAS_BUSY || (rc >= RTAS_EXTENDED_DELAY_MIN &&
831 ++ rc <= RTAS_EXTENDED_DELAY_MAX));
832 ++
833 ++ if (rc < 0)
834 ++ return rtas_error_rc(rc);
835 ++ return rc;
836 ++}
837 ++
838 + bool rtas_indicator_present(int token, int *maxindex)
839 + {
840 + int proplen, count, i;
841 +diff --git a/arch/powerpc/mm/hugepage-hash64.c b/arch/powerpc/mm/hugepage-hash64.c
842 +index 5f5e6328c21c..5061c6f676da 100644
843 +--- a/arch/powerpc/mm/hugepage-hash64.c
844 ++++ b/arch/powerpc/mm/hugepage-hash64.c
845 +@@ -136,7 +136,6 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
846 + BUG_ON(index >= 4096);
847 +
848 + vpn = hpt_vpn(ea, vsid, ssize);
849 +- hash = hpt_hash(vpn, shift, ssize);
850 + hpte_slot_array = get_hpte_slot_array(pmdp);
851 + if (psize == MMU_PAGE_4K) {
852 + /*
853 +@@ -151,6 +150,7 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
854 + valid = hpte_valid(hpte_slot_array, index);
855 + if (valid) {
856 + /* update the hpte bits */
857 ++ hash = hpt_hash(vpn, shift, ssize);
858 + hidx = hpte_hash_index(hpte_slot_array, index);
859 + if (hidx & _PTEIDX_SECONDARY)
860 + hash = ~hash;
861 +@@ -176,6 +176,7 @@ int __hash_page_thp(unsigned long ea, unsigned long access, unsigned long vsid,
862 + if (!valid) {
863 + unsigned long hpte_group;
864 +
865 ++ hash = hpt_hash(vpn, shift, ssize);
866 + /* insert new entry */
867 + pa = pmd_pfn(__pmd(old_pmd)) << PAGE_SHIFT;
868 + new_pmd |= _PAGE_HASHPTE;
869 +diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c
870 +index 4b20f2c6b3b2..9ff55d59ac76 100644
871 +--- a/arch/powerpc/platforms/powernv/pci.c
872 ++++ b/arch/powerpc/platforms/powernv/pci.c
873 +@@ -100,6 +100,7 @@ static void pnv_teardown_msi_irqs(struct pci_dev *pdev)
874 + struct pci_controller *hose = pci_bus_to_host(pdev->bus);
875 + struct pnv_phb *phb = hose->private_data;
876 + struct msi_desc *entry;
877 ++ irq_hw_number_t hwirq;
878 +
879 + if (WARN_ON(!phb))
880 + return;
881 +@@ -107,10 +108,10 @@ static void pnv_teardown_msi_irqs(struct pci_dev *pdev)
882 + list_for_each_entry(entry, &pdev->msi_list, list) {
883 + if (entry->irq == NO_IRQ)
884 + continue;
885 ++ hwirq = virq_to_hw(entry->irq);
886 + irq_set_msi_desc(entry->irq, NULL);
887 +- msi_bitmap_free_hwirqs(&phb->msi_bmp,
888 +- virq_to_hw(entry->irq) - phb->msi_base, 1);
889 + irq_dispose_mapping(entry->irq);
890 ++ msi_bitmap_free_hwirqs(&phb->msi_bmp, hwirq - phb->msi_base, 1);
891 + }
892 + }
893 + #endif /* CONFIG_PCI_MSI */
894 +diff --git a/arch/powerpc/platforms/pseries/ras.c b/arch/powerpc/platforms/pseries/ras.c
895 +index 5a4d0fc03b03..d263f7bc80fc 100644
896 +--- a/arch/powerpc/platforms/pseries/ras.c
897 ++++ b/arch/powerpc/platforms/pseries/ras.c
898 +@@ -187,7 +187,8 @@ static irqreturn_t ras_epow_interrupt(int irq, void *dev_id)
899 + int state;
900 + int critical;
901 +
902 +- status = rtas_get_sensor(EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX, &state);
903 ++ status = rtas_get_sensor_fast(EPOW_SENSOR_TOKEN, EPOW_SENSOR_INDEX,
904 ++ &state);
905 +
906 + if (state > 3)
907 + critical = 1; /* Time Critical */
908 +diff --git a/arch/powerpc/sysdev/fsl_msi.c b/arch/powerpc/sysdev/fsl_msi.c
909 +index da08ed088157..ea6b3a1c79d8 100644
910 +--- a/arch/powerpc/sysdev/fsl_msi.c
911 ++++ b/arch/powerpc/sysdev/fsl_msi.c
912 +@@ -129,15 +129,16 @@ static void fsl_teardown_msi_irqs(struct pci_dev *pdev)
913 + {
914 + struct msi_desc *entry;
915 + struct fsl_msi *msi_data;
916 ++ irq_hw_number_t hwirq;
917 +
918 + list_for_each_entry(entry, &pdev->msi_list, list) {
919 + if (entry->irq == NO_IRQ)
920 + continue;
921 ++ hwirq = virq_to_hw(entry->irq);
922 + msi_data = irq_get_chip_data(entry->irq);
923 + irq_set_msi_desc(entry->irq, NULL);
924 +- msi_bitmap_free_hwirqs(&msi_data->bitmap,
925 +- virq_to_hw(entry->irq), 1);
926 + irq_dispose_mapping(entry->irq);
927 ++ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1);
928 + }
929 +
930 + return;
931 +diff --git a/arch/powerpc/sysdev/mpic_pasemi_msi.c b/arch/powerpc/sysdev/mpic_pasemi_msi.c
932 +index 15dccd35fa11..a6add4ae6c5a 100644
933 +--- a/arch/powerpc/sysdev/mpic_pasemi_msi.c
934 ++++ b/arch/powerpc/sysdev/mpic_pasemi_msi.c
935 +@@ -66,6 +66,7 @@ static struct irq_chip mpic_pasemi_msi_chip = {
936 + static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev)
937 + {
938 + struct msi_desc *entry;
939 ++ irq_hw_number_t hwirq;
940 +
941 + pr_debug("pasemi_msi_teardown_msi_irqs, pdev %p\n", pdev);
942 +
943 +@@ -73,10 +74,11 @@ static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev)
944 + if (entry->irq == NO_IRQ)
945 + continue;
946 +
947 ++ hwirq = virq_to_hw(entry->irq);
948 + irq_set_msi_desc(entry->irq, NULL);
949 +- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
950 +- virq_to_hw(entry->irq), ALLOC_CHUNK);
951 + irq_dispose_mapping(entry->irq);
952 ++ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
953 ++ hwirq, ALLOC_CHUNK);
954 + }
955 +
956 + return;
957 +diff --git a/arch/powerpc/sysdev/mpic_u3msi.c b/arch/powerpc/sysdev/mpic_u3msi.c
958 +index 623d7fba15b4..db35a4073127 100644
959 +--- a/arch/powerpc/sysdev/mpic_u3msi.c
960 ++++ b/arch/powerpc/sysdev/mpic_u3msi.c
961 +@@ -108,15 +108,16 @@ static u64 find_u4_magic_addr(struct pci_dev *pdev, unsigned int hwirq)
962 + static void u3msi_teardown_msi_irqs(struct pci_dev *pdev)
963 + {
964 + struct msi_desc *entry;
965 ++ irq_hw_number_t hwirq;
966 +
967 + list_for_each_entry(entry, &pdev->msi_list, list) {
968 + if (entry->irq == NO_IRQ)
969 + continue;
970 +
971 ++ hwirq = virq_to_hw(entry->irq);
972 + irq_set_msi_desc(entry->irq, NULL);
973 +- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap,
974 +- virq_to_hw(entry->irq), 1);
975 + irq_dispose_mapping(entry->irq);
976 ++ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, hwirq, 1);
977 + }
978 +
979 + return;
980 +diff --git a/arch/powerpc/sysdev/ppc4xx_msi.c b/arch/powerpc/sysdev/ppc4xx_msi.c
981 +index 22b5200636e7..85d9c1852d19 100644
982 +--- a/arch/powerpc/sysdev/ppc4xx_msi.c
983 ++++ b/arch/powerpc/sysdev/ppc4xx_msi.c
984 +@@ -125,16 +125,17 @@ void ppc4xx_teardown_msi_irqs(struct pci_dev *dev)
985 + {
986 + struct msi_desc *entry;
987 + struct ppc4xx_msi *msi_data = &ppc4xx_msi;
988 ++ irq_hw_number_t hwirq;
989 +
990 + dev_dbg(&dev->dev, "PCIE-MSI: tearing down msi irqs\n");
991 +
992 + list_for_each_entry(entry, &dev->msi_list, list) {
993 + if (entry->irq == NO_IRQ)
994 + continue;
995 ++ hwirq = virq_to_hw(entry->irq);
996 + irq_set_msi_desc(entry->irq, NULL);
997 +- msi_bitmap_free_hwirqs(&msi_data->bitmap,
998 +- virq_to_hw(entry->irq), 1);
999 + irq_dispose_mapping(entry->irq);
1000 ++ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1);
1001 + }
1002 + }
1003 +
1004 +diff --git a/arch/s390/boot/compressed/Makefile b/arch/s390/boot/compressed/Makefile
1005 +index f90d1fc6d603..f70b2321071e 100644
1006 +--- a/arch/s390/boot/compressed/Makefile
1007 ++++ b/arch/s390/boot/compressed/Makefile
1008 +@@ -12,7 +12,7 @@ targets += misc.o piggy.o sizes.h head$(BITS).o
1009 +
1010 + KBUILD_CFLAGS := -m$(BITS) -D__KERNEL__ $(LINUX_INCLUDE) -O2
1011 + KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
1012 +-KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks
1013 ++KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks -msoft-float
1014 + KBUILD_CFLAGS += $(call cc-option,-mpacked-stack)
1015 + KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
1016 +
1017 +diff --git a/arch/s390/kernel/compat_signal.c b/arch/s390/kernel/compat_signal.c
1018 +index 009f5eb11125..14c3e80e003a 100644
1019 +--- a/arch/s390/kernel/compat_signal.c
1020 ++++ b/arch/s390/kernel/compat_signal.c
1021 +@@ -48,6 +48,19 @@ typedef struct
1022 + struct ucontext32 uc;
1023 + } rt_sigframe32;
1024 +
1025 ++static inline void sigset_to_sigset32(unsigned long *set64,
1026 ++ compat_sigset_word *set32)
1027 ++{
1028 ++ set32[0] = (compat_sigset_word) set64[0];
1029 ++ set32[1] = (compat_sigset_word)(set64[0] >> 32);
1030 ++}
1031 ++
1032 ++static inline void sigset32_to_sigset(compat_sigset_word *set32,
1033 ++ unsigned long *set64)
1034 ++{
1035 ++ set64[0] = (unsigned long) set32[0] | ((unsigned long) set32[1] << 32);
1036 ++}
1037 ++
1038 + int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
1039 + {
1040 + int err;
1041 +@@ -303,10 +316,12 @@ COMPAT_SYSCALL_DEFINE0(sigreturn)
1042 + {
1043 + struct pt_regs *regs = task_pt_regs(current);
1044 + sigframe32 __user *frame = (sigframe32 __user *)regs->gprs[15];
1045 ++ compat_sigset_t cset;
1046 + sigset_t set;
1047 +
1048 +- if (__copy_from_user(&set.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
1049 ++ if (__copy_from_user(&cset.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32))
1050 + goto badframe;
1051 ++ sigset32_to_sigset(cset.sig, set.sig);
1052 + set_current_blocked(&set);
1053 + if (restore_sigregs32(regs, &frame->sregs))
1054 + goto badframe;
1055 +@@ -323,10 +338,12 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
1056 + {
1057 + struct pt_regs *regs = task_pt_regs(current);
1058 + rt_sigframe32 __user *frame = (rt_sigframe32 __user *)regs->gprs[15];
1059 ++ compat_sigset_t cset;
1060 + sigset_t set;
1061 +
1062 +- if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
1063 ++ if (__copy_from_user(&cset, &frame->uc.uc_sigmask, sizeof(cset)))
1064 + goto badframe;
1065 ++ sigset32_to_sigset(cset.sig, set.sig);
1066 + set_current_blocked(&set);
1067 + if (compat_restore_altstack(&frame->uc.uc_stack))
1068 + goto badframe;
1069 +@@ -407,7 +424,7 @@ static int setup_frame32(struct ksignal *ksig, sigset_t *set,
1070 + return -EFAULT;
1071 +
1072 + /* Create struct sigcontext32 on the signal stack */
1073 +- memcpy(&sc.oldmask, &set->sig, _SIGMASK_COPY_SIZE32);
1074 ++ sigset_to_sigset32(set->sig, sc.oldmask);
1075 + sc.sregs = (__u32)(unsigned long __force) &frame->sregs;
1076 + if (__copy_to_user(&frame->sc, &sc, sizeof(frame->sc)))
1077 + return -EFAULT;
1078 +@@ -468,6 +485,7 @@ static int setup_frame32(struct ksignal *ksig, sigset_t *set,
1079 + static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set,
1080 + struct pt_regs *regs)
1081 + {
1082 ++ compat_sigset_t cset;
1083 + rt_sigframe32 __user *frame;
1084 + unsigned long restorer;
1085 + size_t frame_size;
1086 +@@ -515,11 +533,12 @@ static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set,
1087 + store_sigregs();
1088 +
1089 + /* Create ucontext on the signal stack. */
1090 ++ sigset_to_sigset32(set->sig, cset.sig);
1091 + if (__put_user(uc_flags, &frame->uc.uc_flags) ||
1092 + __put_user(0, &frame->uc.uc_link) ||
1093 + __compat_save_altstack(&frame->uc.uc_stack, regs->gprs[15]) ||
1094 + save_sigregs32(regs, &frame->uc.uc_mcontext) ||
1095 +- __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)) ||
1096 ++ __copy_to_user(&frame->uc.uc_sigmask, &cset, sizeof(cset)) ||
1097 + save_sigregs_ext32(regs, &frame->uc.uc_mcontext_ext))
1098 + return -EFAULT;
1099 +
1100 +diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
1101 +index 8253d85aa165..de1d72e3ec59 100644
1102 +--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
1103 ++++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
1104 +@@ -291,6 +291,7 @@ static struct ahash_alg ghash_async_alg = {
1105 + .cra_name = "ghash",
1106 + .cra_driver_name = "ghash-clmulni",
1107 + .cra_priority = 400,
1108 ++ .cra_ctxsize = sizeof(struct ghash_async_ctx),
1109 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
1110 + .cra_blocksize = GHASH_BLOCK_SIZE,
1111 + .cra_type = &crypto_ahash_type,
1112 +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
1113 +index ddd8d13a010f..26d5e05a7def 100644
1114 +--- a/arch/x86/include/asm/processor.h
1115 ++++ b/arch/x86/include/asm/processor.h
1116 +@@ -852,7 +852,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
1117 + #define task_pt_regs(task) \
1118 + ({ \
1119 + struct pt_regs *__regs__; \
1120 +- __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \
1121 ++ __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task)) - \
1122 ++ TOP_OF_KERNEL_STACK_PADDING); \
1123 + __regs__ - 1; \
1124 + })
1125 +
1126 +diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
1127 +index 547e344a6dc6..c4d96943e666 100644
1128 +--- a/arch/x86/include/asm/thread_info.h
1129 ++++ b/arch/x86/include/asm/thread_info.h
1130 +@@ -13,6 +13,33 @@
1131 + #include <asm/types.h>
1132 +
1133 + /*
1134 ++ * TOP_OF_KERNEL_STACK_PADDING is a number of unused bytes that we
1135 ++ * reserve at the top of the kernel stack. We do it because of a nasty
1136 ++ * 32-bit corner case. On x86_32, the hardware stack frame is
1137 ++ * variable-length. Except for vm86 mode, struct pt_regs assumes a
1138 ++ * maximum-length frame. If we enter from CPL 0, the top 8 bytes of
1139 ++ * pt_regs don't actually exist. Ordinarily this doesn't matter, but it
1140 ++ * does in at least one case:
1141 ++ *
1142 ++ * If we take an NMI early enough in SYSENTER, then we can end up with
1143 ++ * pt_regs that extends above sp0. On the way out, in the espfix code,
1144 ++ * we can read the saved SS value, but that value will be above sp0.
1145 ++ * Without this offset, that can result in a page fault. (We are
1146 ++ * careful that, in this case, the value we read doesn't matter.)
1147 ++ *
1148 ++ * In vm86 mode, the hardware frame is much longer still, but we neither
1149 ++ * access the extra members from NMI context, nor do we write such a
1150 ++ * frame at sp0 at all.
1151 ++ *
1152 ++ * x86_64 has a fixed-length stack frame.
1153 ++ */
1154 ++#ifdef CONFIG_X86_32
1155 ++# define TOP_OF_KERNEL_STACK_PADDING 8
1156 ++#else
1157 ++# define TOP_OF_KERNEL_STACK_PADDING 0
1158 ++#endif
1159 ++
1160 ++/*
1161 + * low level task data that entry.S needs immediate access to
1162 + * - this struct should fit entirely inside of one cache line
1163 + * - this struct shares the supervisor stack pages
1164 +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
1165 +index ba6cc041edb1..f7eef03fd4b3 100644
1166 +--- a/arch/x86/kernel/apic/apic.c
1167 ++++ b/arch/x86/kernel/apic/apic.c
1168 +@@ -366,6 +366,13 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
1169 + apic_write(APIC_LVTT, lvtt_value);
1170 +
1171 + if (lvtt_value & APIC_LVT_TIMER_TSCDEADLINE) {
1172 ++ /*
1173 ++ * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode,
1174 ++ * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized.
1175 ++ * According to Intel, MFENCE can do the serialization here.
1176 ++ */
1177 ++ asm volatile("mfence" : : : "memory");
1178 ++
1179 + printk_once(KERN_DEBUG "TSC deadline timer enabled\n");
1180 + return;
1181 + }
1182 +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
1183 +index e757fcbe90db..88635b301694 100644
1184 +--- a/arch/x86/kernel/cpu/common.c
1185 ++++ b/arch/x86/kernel/cpu/common.c
1186 +@@ -1405,6 +1405,12 @@ void cpu_init(void)
1187 +
1188 + wait_for_master_cpu(cpu);
1189 +
1190 ++ /*
1191 ++ * Initialize the CR4 shadow before doing anything that could
1192 ++ * try to read it.
1193 ++ */
1194 ++ cr4_init_shadow();
1195 ++
1196 + show_ucode_info_early();
1197 +
1198 + printk(KERN_INFO "Initializing CPU#%d\n", cpu);
1199 +diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
1200 +index f5ab56d14287..3af40315a127 100644
1201 +--- a/arch/x86/kernel/crash.c
1202 ++++ b/arch/x86/kernel/crash.c
1203 +@@ -183,10 +183,9 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
1204 + }
1205 +
1206 + #ifdef CONFIG_KEXEC_FILE
1207 +-static int get_nr_ram_ranges_callback(unsigned long start_pfn,
1208 +- unsigned long nr_pfn, void *arg)
1209 ++static int get_nr_ram_ranges_callback(u64 start, u64 end, void *arg)
1210 + {
1211 +- int *nr_ranges = arg;
1212 ++ unsigned int *nr_ranges = arg;
1213 +
1214 + (*nr_ranges)++;
1215 + return 0;
1216 +@@ -212,7 +211,7 @@ static void fill_up_crash_elf_data(struct crash_elf_data *ced,
1217 +
1218 + ced->image = image;
1219 +
1220 +- walk_system_ram_range(0, -1, &nr_ranges,
1221 ++ walk_system_ram_res(0, -1, &nr_ranges,
1222 + get_nr_ram_ranges_callback);
1223 +
1224 + ced->max_nr_ranges = nr_ranges;
1225 +diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
1226 +index 3dddb89ba320..fe611c4ae3ff 100644
1227 +--- a/arch/x86/kernel/entry_32.S
1228 ++++ b/arch/x86/kernel/entry_32.S
1229 +@@ -398,7 +398,7 @@ sysenter_past_esp:
1230 + * A tiny bit of offset fixup is necessary - 4*4 means the 4 words
1231 + * pushed above; +8 corresponds to copy_thread's esp0 setting.
1232 + */
1233 +- pushl_cfi ((TI_sysenter_return)-THREAD_SIZE+8+4*4)(%esp)
1234 ++ pushl_cfi ((TI_sysenter_return)-THREAD_SIZE+TOP_OF_KERNEL_STACK_PADDING+4*4)(%esp)
1235 + CFI_REL_OFFSET eip, 0
1236 +
1237 + pushl_cfi %eax
1238 +diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
1239 +index fad5cd9d7c4b..a3255ca219ea 100644
1240 +--- a/arch/x86/kernel/entry_64.S
1241 ++++ b/arch/x86/kernel/entry_64.S
1242 +@@ -1428,7 +1428,18 @@ END(error_exit)
1243 + /* runs on exception stack */
1244 + ENTRY(nmi)
1245 + INTR_FRAME
1246 ++ /*
1247 ++ * Fix up the exception frame if we're on Xen.
1248 ++ * PARAVIRT_ADJUST_EXCEPTION_FRAME is guaranteed to push at most
1249 ++ * one value to the stack on native, so it may clobber the rdx
1250 ++ * scratch slot, but it won't clobber any of the important
1251 ++ * slots past it.
1252 ++ *
1253 ++ * Xen is a different story, because the Xen frame itself overlaps
1254 ++ * the "NMI executing" variable.
1255 ++ */
1256 + PARAVIRT_ADJUST_EXCEPTION_FRAME
1257 ++
1258 + /*
1259 + * We allow breakpoints in NMIs. If a breakpoint occurs, then
1260 + * the iretq it performs will take us out of NMI context.
1261 +@@ -1446,11 +1457,12 @@ ENTRY(nmi)
1262 + * If the variable is not set and the stack is not the NMI
1263 + * stack then:
1264 + * o Set the special variable on the stack
1265 +- * o Copy the interrupt frame into a "saved" location on the stack
1266 +- * o Copy the interrupt frame into a "copy" location on the stack
1267 ++ * o Copy the interrupt frame into an "outermost" location on the
1268 ++ * stack
1269 ++ * o Copy the interrupt frame into an "iret" location on the stack
1270 + * o Continue processing the NMI
1271 + * If the variable is set or the previous stack is the NMI stack:
1272 +- * o Modify the "copy" location to jump to the repeate_nmi
1273 ++ * o Modify the "iret" location to jump to the repeat_nmi
1274 + * o return back to the first NMI
1275 + *
1276 + * Now on exit of the first NMI, we first clear the stack variable
1277 +@@ -1479,9 +1491,11 @@ ENTRY(nmi)
1278 + * we don't want to enable interrupts, because then we'll end
1279 + * up in an awkward situation in which IRQs are on but NMIs
1280 + * are off.
1281 ++ *
1282 ++ * We also must not push anything to the stack before switching
1283 ++ * stacks lest we corrupt the "NMI executing" variable.
1284 + */
1285 +-
1286 +- SWAPGS
1287 ++ SWAPGS_UNSAFE_STACK
1288 + cld
1289 + movq %rsp, %rdx
1290 + movq PER_CPU_VAR(kernel_stack), %rsp
1291 +@@ -1530,38 +1544,101 @@ ENTRY(nmi)
1292 +
1293 + .Lnmi_from_kernel:
1294 + /*
1295 +- * Check the special variable on the stack to see if NMIs are
1296 +- * executing.
1297 ++ * Here's what our stack frame will look like:
1298 ++ * +---------------------------------------------------------+
1299 ++ * | original SS |
1300 ++ * | original Return RSP |
1301 ++ * | original RFLAGS |
1302 ++ * | original CS |
1303 ++ * | original RIP |
1304 ++ * +---------------------------------------------------------+
1305 ++ * | temp storage for rdx |
1306 ++ * +---------------------------------------------------------+
1307 ++ * | "NMI executing" variable |
1308 ++ * +---------------------------------------------------------+
1309 ++ * | iret SS } Copied from "outermost" frame |
1310 ++ * | iret Return RSP } on each loop iteration; overwritten |
1311 ++ * | iret RFLAGS } by a nested NMI to force another |
1312 ++ * | iret CS } iteration if needed. |
1313 ++ * | iret RIP } |
1314 ++ * +---------------------------------------------------------+
1315 ++ * | outermost SS } initialized in first_nmi; |
1316 ++ * | outermost Return RSP } will not be changed before |
1317 ++ * | outermost RFLAGS } NMI processing is done. |
1318 ++ * | outermost CS } Copied to "iret" frame on each |
1319 ++ * | outermost RIP } iteration. |
1320 ++ * +---------------------------------------------------------+
1321 ++ * | pt_regs |
1322 ++ * +---------------------------------------------------------+
1323 ++ *
1324 ++ * The "original" frame is used by hardware. Before re-enabling
1325 ++ * NMIs, we need to be done with it, and we need to leave enough
1326 ++ * space for the asm code here.
1327 ++ *
1328 ++ * We return by executing IRET while RSP points to the "iret" frame.
1329 ++ * That will either return for real or it will loop back into NMI
1330 ++ * processing.
1331 ++ *
1332 ++ * The "outermost" frame is copied to the "iret" frame on each
1333 ++ * iteration of the loop, so each iteration starts with the "iret"
1334 ++ * frame pointing to the final return target.
1335 ++ */
1336 ++
1337 ++ /*
1338 ++ * Determine whether we're a nested NMI.
1339 ++ *
1340 ++ * If we interrupted kernel code between repeat_nmi and
1341 ++ * end_repeat_nmi, then we are a nested NMI. We must not
1342 ++ * modify the "iret" frame because it's being written by
1343 ++ * the outer NMI. That's okay; the outer NMI handler is
1344 ++ * about to about to call do_nmi anyway, so we can just
1345 ++ * resume the outer NMI.
1346 ++ */
1347 ++ movq $repeat_nmi, %rdx
1348 ++ cmpq 8(%rsp), %rdx
1349 ++ ja 1f
1350 ++ movq $end_repeat_nmi, %rdx
1351 ++ cmpq 8(%rsp), %rdx
1352 ++ ja nested_nmi_out
1353 ++1:
1354 ++
1355 ++ /*
1356 ++ * Now check "NMI executing". If it's set, then we're nested.
1357 ++ * This will not detect if we interrupted an outer NMI just
1358 ++ * before IRET.
1359 + */
1360 + cmpl $1, -8(%rsp)
1361 + je nested_nmi
1362 +
1363 + /*
1364 +- * Now test if the previous stack was an NMI stack.
1365 +- * We need the double check. We check the NMI stack to satisfy the
1366 +- * race when the first NMI clears the variable before returning.
1367 +- * We check the variable because the first NMI could be in a
1368 +- * breakpoint routine using a breakpoint stack.
1369 ++ * Now test if the previous stack was an NMI stack. This covers
1370 ++ * the case where we interrupt an outer NMI after it clears
1371 ++ * "NMI executing" but before IRET. We need to be careful, though:
1372 ++ * there is one case in which RSP could point to the NMI stack
1373 ++ * despite there being no NMI active: naughty userspace controls
1374 ++ * RSP at the very beginning of the SYSCALL targets. We can
1375 ++ * pull a fast one on naughty userspace, though: we program
1376 ++ * SYSCALL to mask DF, so userspace cannot cause DF to be set
1377 ++ * if it controls the kernel's RSP. We set DF before we clear
1378 ++ * "NMI executing".
1379 + */
1380 + lea 6*8(%rsp), %rdx
1381 + test_in_nmi rdx, 4*8(%rsp), nested_nmi, first_nmi
1382 ++
1383 ++ /* Ah, it is within the NMI stack. */
1384 ++
1385 ++ testb $(X86_EFLAGS_DF >> 8), (3*8 + 1)(%rsp)
1386 ++ jz first_nmi /* RSP was user controlled. */
1387 ++
1388 ++ /* This is a nested NMI. */
1389 ++
1390 + CFI_REMEMBER_STATE
1391 +
1392 + nested_nmi:
1393 + /*
1394 +- * Do nothing if we interrupted the fixup in repeat_nmi.
1395 +- * It's about to repeat the NMI handler, so we are fine
1396 +- * with ignoring this one.
1397 ++ * Modify the "iret" frame to point to repeat_nmi, forcing another
1398 ++ * iteration of NMI handling.
1399 + */
1400 +- movq $repeat_nmi, %rdx
1401 +- cmpq 8(%rsp), %rdx
1402 +- ja 1f
1403 +- movq $end_repeat_nmi, %rdx
1404 +- cmpq 8(%rsp), %rdx
1405 +- ja nested_nmi_out
1406 +-
1407 +-1:
1408 +- /* Set up the interrupted NMIs stack to jump to repeat_nmi */
1409 + leaq -1*8(%rsp), %rdx
1410 + movq %rdx, %rsp
1411 + CFI_ADJUST_CFA_OFFSET 1*8
1412 +@@ -1580,60 +1657,23 @@ nested_nmi_out:
1413 + popq_cfi %rdx
1414 + CFI_RESTORE rdx
1415 +
1416 +- /* No need to check faults here */
1417 ++ /* We are returning to kernel mode, so this cannot result in a fault. */
1418 + INTERRUPT_RETURN
1419 +
1420 + CFI_RESTORE_STATE
1421 + first_nmi:
1422 +- /*
1423 +- * Because nested NMIs will use the pushed location that we
1424 +- * stored in rdx, we must keep that space available.
1425 +- * Here's what our stack frame will look like:
1426 +- * +-------------------------+
1427 +- * | original SS |
1428 +- * | original Return RSP |
1429 +- * | original RFLAGS |
1430 +- * | original CS |
1431 +- * | original RIP |
1432 +- * +-------------------------+
1433 +- * | temp storage for rdx |
1434 +- * +-------------------------+
1435 +- * | NMI executing variable |
1436 +- * +-------------------------+
1437 +- * | copied SS |
1438 +- * | copied Return RSP |
1439 +- * | copied RFLAGS |
1440 +- * | copied CS |
1441 +- * | copied RIP |
1442 +- * +-------------------------+
1443 +- * | Saved SS |
1444 +- * | Saved Return RSP |
1445 +- * | Saved RFLAGS |
1446 +- * | Saved CS |
1447 +- * | Saved RIP |
1448 +- * +-------------------------+
1449 +- * | pt_regs |
1450 +- * +-------------------------+
1451 +- *
1452 +- * The saved stack frame is used to fix up the copied stack frame
1453 +- * that a nested NMI may change to make the interrupted NMI iret jump
1454 +- * to the repeat_nmi. The original stack frame and the temp storage
1455 +- * is also used by nested NMIs and can not be trusted on exit.
1456 +- */
1457 +- /* Do not pop rdx, nested NMIs will corrupt that part of the stack */
1458 ++ /* Restore rdx. */
1459 + movq (%rsp), %rdx
1460 + CFI_RESTORE rdx
1461 +
1462 +- /* Set the NMI executing variable on the stack. */
1463 ++ /* Set "NMI executing" on the stack. */
1464 + pushq_cfi $1
1465 +
1466 +- /*
1467 +- * Leave room for the "copied" frame
1468 +- */
1469 ++ /* Leave room for the "iret" frame */
1470 + subq $(5*8), %rsp
1471 + CFI_ADJUST_CFA_OFFSET 5*8
1472 +
1473 +- /* Copy the stack frame to the Saved frame */
1474 ++ /* Copy the "original" frame to the "outermost" frame */
1475 + .rept 5
1476 + pushq_cfi 11*8(%rsp)
1477 + .endr
1478 +@@ -1641,6 +1681,7 @@ first_nmi:
1479 +
1480 + /* Everything up to here is safe from nested NMIs */
1481 +
1482 ++repeat_nmi:
1483 + /*
1484 + * If there was a nested NMI, the first NMI's iret will return
1485 + * here. But NMIs are still enabled and we can take another
1486 +@@ -1649,16 +1690,21 @@ first_nmi:
1487 + * it will just return, as we are about to repeat an NMI anyway.
1488 + * This makes it safe to copy to the stack frame that a nested
1489 + * NMI will update.
1490 +- */
1491 +-repeat_nmi:
1492 +- /*
1493 +- * Update the stack variable to say we are still in NMI (the update
1494 +- * is benign for the non-repeat case, where 1 was pushed just above
1495 +- * to this very stack slot).
1496 ++ *
1497 ++ * RSP is pointing to "outermost RIP". gsbase is unknown, but, if
1498 ++ * we're repeating an NMI, gsbase has the same value that it had on
1499 ++ * the first iteration. paranoid_entry will load the kernel
1500 ++ * gsbase if needed before we call do_nmi.
1501 ++ *
1502 ++ * Set "NMI executing" in case we came back here via IRET.
1503 + */
1504 + movq $1, 10*8(%rsp)
1505 +
1506 +- /* Make another copy, this one may be modified by nested NMIs */
1507 ++ /*
1508 ++ * Copy the "outermost" frame to the "iret" frame. NMIs that nest
1509 ++ * here must not modify the "iret" frame while we're writing to
1510 ++ * it or it will end up containing garbage.
1511 ++ */
1512 + addq $(10*8), %rsp
1513 + CFI_ADJUST_CFA_OFFSET -10*8
1514 + .rept 5
1515 +@@ -1669,9 +1715,9 @@ repeat_nmi:
1516 + end_repeat_nmi:
1517 +
1518 + /*
1519 +- * Everything below this point can be preempted by a nested
1520 +- * NMI if the first NMI took an exception and reset our iret stack
1521 +- * so that we repeat another NMI.
1522 ++ * Everything below this point can be preempted by a nested NMI.
1523 ++ * If this happens, then the inner NMI will change the "iret"
1524 ++ * frame to point back to repeat_nmi.
1525 + */
1526 + pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */
1527 + subq $ORIG_RAX-R15, %rsp
1528 +@@ -1699,9 +1745,23 @@ nmi_restore:
1529 + /* Pop the extra iret frame at once */
1530 + RESTORE_ALL 6*8
1531 +
1532 +- /* Clear the NMI executing stack variable */
1533 +- movq $0, 5*8(%rsp)
1534 +- jmp irq_return
1535 ++ /*
1536 ++ * Clear "NMI executing". Set DF first so that we can easily
1537 ++ * distinguish the remaining code between here and IRET from
1538 ++ * the SYSCALL entry and exit paths. On a native kernel, we
1539 ++ * could just inspect RIP, but, on paravirt kernels,
1540 ++ * INTERRUPT_RETURN can translate into a jump into a
1541 ++ * hypercall page.
1542 ++ */
1543 ++ std
1544 ++ movq $0, 5*8(%rsp) /* clear "NMI executing" */
1545 ++
1546 ++ /*
1547 ++ * INTERRUPT_RETURN reads the "iret" frame and exits the NMI
1548 ++ * stack in a single instruction. We are returning to kernel
1549 ++ * mode, so this cannot result in a fault.
1550 ++ */
1551 ++ INTERRUPT_RETURN
1552 + CFI_ENDPROC
1553 + END(nmi)
1554 +
1555 +diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
1556 +index 5c5ec7d28d9b..a701b49e8c87 100644
1557 +--- a/arch/x86/kernel/nmi.c
1558 ++++ b/arch/x86/kernel/nmi.c
1559 +@@ -408,8 +408,8 @@ static void default_do_nmi(struct pt_regs *regs)
1560 + NOKPROBE_SYMBOL(default_do_nmi);
1561 +
1562 + /*
1563 +- * NMIs can hit breakpoints which will cause it to lose its NMI context
1564 +- * with the CPU when the breakpoint or page fault does an IRET.
1565 ++ * NMIs can page fault or hit breakpoints which will cause it to lose
1566 ++ * its NMI context with the CPU when the breakpoint or page fault does an IRET.
1567 + *
1568 + * As a result, NMIs can nest if NMIs get unmasked due an IRET during
1569 + * NMI processing. On x86_64, the asm glue protects us from nested NMIs
1570 +diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
1571 +index 548d25f00c90..8d12f0546dfc 100644
1572 +--- a/arch/x86/kernel/paravirt.c
1573 ++++ b/arch/x86/kernel/paravirt.c
1574 +@@ -41,10 +41,18 @@
1575 + #include <asm/timer.h>
1576 + #include <asm/special_insns.h>
1577 +
1578 +-/* nop stub */
1579 +-void _paravirt_nop(void)
1580 +-{
1581 +-}
1582 ++/*
1583 ++ * nop stub, which must not clobber anything *including the stack* to
1584 ++ * avoid confusing the entry prologues.
1585 ++ */
1586 ++extern void _paravirt_nop(void);
1587 ++asm (".pushsection .entry.text, \"ax\"\n"
1588 ++ ".global _paravirt_nop\n"
1589 ++ "_paravirt_nop:\n\t"
1590 ++ "ret\n\t"
1591 ++ ".size _paravirt_nop, . - _paravirt_nop\n\t"
1592 ++ ".type _paravirt_nop, @function\n\t"
1593 ++ ".popsection");
1594 +
1595 + /* identity function, which can be inlined */
1596 + u32 _paravirt_ident_32(u32 x)
1597 +diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
1598 +index 63a4b5092203..54cfd5ebd96c 100644
1599 +--- a/arch/x86/kernel/process_64.c
1600 ++++ b/arch/x86/kernel/process_64.c
1601 +@@ -476,27 +476,59 @@ void set_personality_ia32(bool x32)
1602 + }
1603 + EXPORT_SYMBOL_GPL(set_personality_ia32);
1604 +
1605 ++/*
1606 ++ * Called from fs/proc with a reference on @p to find the function
1607 ++ * which called into schedule(). This needs to be done carefully
1608 ++ * because the task might wake up and we might look at a stack
1609 ++ * changing under us.
1610 ++ */
1611 + unsigned long get_wchan(struct task_struct *p)
1612 + {
1613 +- unsigned long stack;
1614 +- u64 fp, ip;
1615 ++ unsigned long start, bottom, top, sp, fp, ip;
1616 + int count = 0;
1617 +
1618 + if (!p || p == current || p->state == TASK_RUNNING)
1619 + return 0;
1620 +- stack = (unsigned long)task_stack_page(p);
1621 +- if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
1622 ++
1623 ++ start = (unsigned long)task_stack_page(p);
1624 ++ if (!start)
1625 ++ return 0;
1626 ++
1627 ++ /*
1628 ++ * Layout of the stack page:
1629 ++ *
1630 ++ * ----------- topmax = start + THREAD_SIZE - sizeof(unsigned long)
1631 ++ * PADDING
1632 ++ * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING
1633 ++ * stack
1634 ++ * ----------- bottom = start + sizeof(thread_info)
1635 ++ * thread_info
1636 ++ * ----------- start
1637 ++ *
1638 ++ * The tasks stack pointer points at the location where the
1639 ++ * framepointer is stored. The data on the stack is:
1640 ++ * ... IP FP ... IP FP
1641 ++ *
1642 ++ * We need to read FP and IP, so we need to adjust the upper
1643 ++ * bound by another unsigned long.
1644 ++ */
1645 ++ top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
1646 ++ top -= 2 * sizeof(unsigned long);
1647 ++ bottom = start + sizeof(struct thread_info);
1648 ++
1649 ++ sp = READ_ONCE(p->thread.sp);
1650 ++ if (sp < bottom || sp > top)
1651 + return 0;
1652 +- fp = *(u64 *)(p->thread.sp);
1653 ++
1654 ++ fp = READ_ONCE(*(unsigned long *)sp);
1655 + do {
1656 +- if (fp < (unsigned long)stack ||
1657 +- fp >= (unsigned long)stack+THREAD_SIZE)
1658 ++ if (fp < bottom || fp > top)
1659 + return 0;
1660 +- ip = *(u64 *)(fp+8);
1661 ++ ip = READ_ONCE(*(unsigned long *)(fp + sizeof(unsigned long)));
1662 + if (!in_sched_functions(ip))
1663 + return ip;
1664 +- fp = *(u64 *)fp;
1665 +- } while (count++ < 16);
1666 ++ fp = READ_ONCE(*(unsigned long *)fp);
1667 ++ } while (count++ < 16 && p->state != TASK_RUNNING);
1668 + return 0;
1669 + }
1670 +
1671 +diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
1672 +index 505449700e0c..21187ebee7d0 100644
1673 +--- a/arch/x86/kernel/tsc.c
1674 ++++ b/arch/x86/kernel/tsc.c
1675 +@@ -21,6 +21,7 @@
1676 + #include <asm/hypervisor.h>
1677 + #include <asm/nmi.h>
1678 + #include <asm/x86_init.h>
1679 ++#include <asm/geode.h>
1680 +
1681 + unsigned int __read_mostly cpu_khz; /* TSC clocks / usec, not used here */
1682 + EXPORT_SYMBOL(cpu_khz);
1683 +@@ -1004,15 +1005,17 @@ EXPORT_SYMBOL_GPL(mark_tsc_unstable);
1684 +
1685 + static void __init check_system_tsc_reliable(void)
1686 + {
1687 +-#ifdef CONFIG_MGEODE_LX
1688 +- /* RTSC counts during suspend */
1689 ++#if defined(CONFIG_MGEODEGX1) || defined(CONFIG_MGEODE_LX) || defined(CONFIG_X86_GENERIC)
1690 ++ if (is_geode_lx()) {
1691 ++ /* RTSC counts during suspend */
1692 + #define RTSC_SUSP 0x100
1693 +- unsigned long res_low, res_high;
1694 ++ unsigned long res_low, res_high;
1695 +
1696 +- rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
1697 +- /* Geode_LX - the OLPC CPU has a very reliable TSC */
1698 +- if (res_low & RTSC_SUSP)
1699 +- tsc_clocksource_reliable = 1;
1700 ++ rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
1701 ++ /* Geode_LX - the OLPC CPU has a very reliable TSC */
1702 ++ if (res_low & RTSC_SUSP)
1703 ++ tsc_clocksource_reliable = 1;
1704 ++ }
1705 + #endif
1706 + if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE))
1707 + tsc_clocksource_reliable = 1;
1708 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
1709 +index f696dedb0fa7..23875c26fb34 100644
1710 +--- a/arch/x86/kvm/mmu.c
1711 ++++ b/arch/x86/kvm/mmu.c
1712 +@@ -372,12 +372,6 @@ static u64 __get_spte_lockless(u64 *sptep)
1713 + {
1714 + return ACCESS_ONCE(*sptep);
1715 + }
1716 +-
1717 +-static bool __check_direct_spte_mmio_pf(u64 spte)
1718 +-{
1719 +- /* It is valid if the spte is zapped. */
1720 +- return spte == 0ull;
1721 +-}
1722 + #else
1723 + union split_spte {
1724 + struct {
1725 +@@ -493,23 +487,6 @@ retry:
1726 +
1727 + return spte.spte;
1728 + }
1729 +-
1730 +-static bool __check_direct_spte_mmio_pf(u64 spte)
1731 +-{
1732 +- union split_spte sspte = (union split_spte)spte;
1733 +- u32 high_mmio_mask = shadow_mmio_mask >> 32;
1734 +-
1735 +- /* It is valid if the spte is zapped. */
1736 +- if (spte == 0ull)
1737 +- return true;
1738 +-
1739 +- /* It is valid if the spte is being zapped. */
1740 +- if (sspte.spte_low == 0ull &&
1741 +- (sspte.spte_high & high_mmio_mask) == high_mmio_mask)
1742 +- return true;
1743 +-
1744 +- return false;
1745 +-}
1746 + #endif
1747 +
1748 + static bool spte_is_locklessly_modifiable(u64 spte)
1749 +@@ -3230,21 +3207,6 @@ static bool quickly_check_mmio_pf(struct kvm_vcpu *vcpu, u64 addr, bool direct)
1750 + return vcpu_match_mmio_gva(vcpu, addr);
1751 + }
1752 +
1753 +-
1754 +-/*
1755 +- * On direct hosts, the last spte is only allows two states
1756 +- * for mmio page fault:
1757 +- * - It is the mmio spte
1758 +- * - It is zapped or it is being zapped.
1759 +- *
1760 +- * This function completely checks the spte when the last spte
1761 +- * is not the mmio spte.
1762 +- */
1763 +-static bool check_direct_spte_mmio_pf(u64 spte)
1764 +-{
1765 +- return __check_direct_spte_mmio_pf(spte);
1766 +-}
1767 +-
1768 + static u64 walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr)
1769 + {
1770 + struct kvm_shadow_walk_iterator iterator;
1771 +@@ -3287,13 +3249,6 @@ int handle_mmio_page_fault_common(struct kvm_vcpu *vcpu, u64 addr, bool direct)
1772 + }
1773 +
1774 + /*
1775 +- * It's ok if the gva is remapped by other cpus on shadow guest,
1776 +- * it's a BUG if the gfn is not a mmio page.
1777 +- */
1778 +- if (direct && !check_direct_spte_mmio_pf(spte))
1779 +- return RET_MMIO_PF_BUG;
1780 +-
1781 +- /*
1782 + * If the page table is zapped by other cpus, let CPU fault again on
1783 + * the address.
1784 + */
1785 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
1786 +index b83bff87408f..f98baebfa9a7 100644
1787 +--- a/arch/x86/kvm/svm.c
1788 ++++ b/arch/x86/kvm/svm.c
1789 +@@ -512,7 +512,7 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
1790 + struct vcpu_svm *svm = to_svm(vcpu);
1791 +
1792 + if (svm->vmcb->control.next_rip != 0) {
1793 +- WARN_ON(!static_cpu_has(X86_FEATURE_NRIPS));
1794 ++ WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS));
1795 + svm->next_rip = svm->vmcb->control.next_rip;
1796 + }
1797 +
1798 +diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
1799 +index c8140e12816a..c23ab1ee3a9a 100644
1800 +--- a/arch/x86/mm/init_32.c
1801 ++++ b/arch/x86/mm/init_32.c
1802 +@@ -137,6 +137,7 @@ page_table_range_init_count(unsigned long start, unsigned long end)
1803 +
1804 + vaddr = start;
1805 + pgd_idx = pgd_index(vaddr);
1806 ++ pmd_idx = pmd_index(vaddr);
1807 +
1808 + for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd_idx++) {
1809 + for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
1810 +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
1811 +index 4e5dfec750fc..fa77995b62a4 100644
1812 +--- a/arch/x86/mm/init_64.c
1813 ++++ b/arch/x86/mm/init_64.c
1814 +@@ -1144,7 +1144,7 @@ void mark_rodata_ro(void)
1815 + * has been zapped already via cleanup_highmem().
1816 + */
1817 + all_end = roundup((unsigned long)_brk_end, PMD_SIZE);
1818 +- set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT);
1819 ++ set_memory_nx(text_end, (all_end - text_end) >> PAGE_SHIFT);
1820 +
1821 + rodata_test();
1822 +
1823 +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
1824 +index dbc8627a5cdf..6d6080f3fa35 100644
1825 +--- a/arch/x86/platform/efi/efi.c
1826 ++++ b/arch/x86/platform/efi/efi.c
1827 +@@ -670,6 +670,70 @@ out:
1828 + }
1829 +
1830 + /*
1831 ++ * Iterate the EFI memory map in reverse order because the regions
1832 ++ * will be mapped top-down. The end result is the same as if we had
1833 ++ * mapped things forward, but doesn't require us to change the
1834 ++ * existing implementation of efi_map_region().
1835 ++ */
1836 ++static inline void *efi_map_next_entry_reverse(void *entry)
1837 ++{
1838 ++ /* Initial call */
1839 ++ if (!entry)
1840 ++ return memmap.map_end - memmap.desc_size;
1841 ++
1842 ++ entry -= memmap.desc_size;
1843 ++ if (entry < memmap.map)
1844 ++ return NULL;
1845 ++
1846 ++ return entry;
1847 ++}
1848 ++
1849 ++/*
1850 ++ * efi_map_next_entry - Return the next EFI memory map descriptor
1851 ++ * @entry: Previous EFI memory map descriptor
1852 ++ *
1853 ++ * This is a helper function to iterate over the EFI memory map, which
1854 ++ * we do in different orders depending on the current configuration.
1855 ++ *
1856 ++ * To begin traversing the memory map @entry must be %NULL.
1857 ++ *
1858 ++ * Returns %NULL when we reach the end of the memory map.
1859 ++ */
1860 ++static void *efi_map_next_entry(void *entry)
1861 ++{
1862 ++ if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) {
1863 ++ /*
1864 ++ * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE
1865 ++ * config table feature requires us to map all entries
1866 ++ * in the same order as they appear in the EFI memory
1867 ++ * map. That is to say, entry N must have a lower
1868 ++ * virtual address than entry N+1. This is because the
1869 ++ * firmware toolchain leaves relative references in
1870 ++ * the code/data sections, which are split and become
1871 ++ * separate EFI memory regions. Mapping things
1872 ++ * out-of-order leads to the firmware accessing
1873 ++ * unmapped addresses.
1874 ++ *
1875 ++ * Since we need to map things this way whether or not
1876 ++ * the kernel actually makes use of
1877 ++ * EFI_PROPERTIES_TABLE, let's just switch to this
1878 ++ * scheme by default for 64-bit.
1879 ++ */
1880 ++ return efi_map_next_entry_reverse(entry);
1881 ++ }
1882 ++
1883 ++ /* Initial call */
1884 ++ if (!entry)
1885 ++ return memmap.map;
1886 ++
1887 ++ entry += memmap.desc_size;
1888 ++ if (entry >= memmap.map_end)
1889 ++ return NULL;
1890 ++
1891 ++ return entry;
1892 ++}
1893 ++
1894 ++/*
1895 + * Map the efi memory ranges of the runtime services and update new_mmap with
1896 + * virtual addresses.
1897 + */
1898 +@@ -679,7 +743,8 @@ static void * __init efi_map_regions(int *count, int *pg_shift)
1899 + unsigned long left = 0;
1900 + efi_memory_desc_t *md;
1901 +
1902 +- for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) {
1903 ++ p = NULL;
1904 ++ while ((p = efi_map_next_entry(p))) {
1905 + md = p;
1906 + if (!(md->attribute & EFI_MEMORY_RUNTIME)) {
1907 + #ifdef CONFIG_X86_64
1908 +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
1909 +index d8d81d1aa1d5..7e365d231a93 100644
1910 +--- a/arch/x86/xen/enlighten.c
1911 ++++ b/arch/x86/xen/enlighten.c
1912 +@@ -33,6 +33,10 @@
1913 + #include <linux/memblock.h>
1914 + #include <linux/edd.h>
1915 +
1916 ++#ifdef CONFIG_KEXEC_CORE
1917 ++#include <linux/kexec.h>
1918 ++#endif
1919 ++
1920 + #include <xen/xen.h>
1921 + #include <xen/events.h>
1922 + #include <xen/interface/xen.h>
1923 +@@ -1859,6 +1863,21 @@ static struct notifier_block xen_hvm_cpu_notifier = {
1924 + .notifier_call = xen_hvm_cpu_notify,
1925 + };
1926 +
1927 ++#ifdef CONFIG_KEXEC_CORE
1928 ++static void xen_hvm_shutdown(void)
1929 ++{
1930 ++ native_machine_shutdown();
1931 ++ if (kexec_in_progress)
1932 ++ xen_reboot(SHUTDOWN_soft_reset);
1933 ++}
1934 ++
1935 ++static void xen_hvm_crash_shutdown(struct pt_regs *regs)
1936 ++{
1937 ++ native_machine_crash_shutdown(regs);
1938 ++ xen_reboot(SHUTDOWN_soft_reset);
1939 ++}
1940 ++#endif
1941 ++
1942 + static void __init xen_hvm_guest_init(void)
1943 + {
1944 + init_hvm_pv_info();
1945 +@@ -1875,6 +1894,10 @@ static void __init xen_hvm_guest_init(void)
1946 + x86_init.irqs.intr_init = xen_init_IRQ;
1947 + xen_hvm_init_time_ops();
1948 + xen_hvm_init_mmu_ops();
1949 ++#ifdef CONFIG_KEXEC_CORE
1950 ++ machine_ops.shutdown = xen_hvm_shutdown;
1951 ++ machine_ops.crash_shutdown = xen_hvm_crash_shutdown;
1952 ++#endif
1953 + }
1954 +
1955 + static bool xen_nopv = false;
1956 +diff --git a/arch/xtensa/include/asm/traps.h b/arch/xtensa/include/asm/traps.h
1957 +index 677bfcf4ee5d..28f33a8b7f5f 100644
1958 +--- a/arch/xtensa/include/asm/traps.h
1959 ++++ b/arch/xtensa/include/asm/traps.h
1960 +@@ -25,30 +25,39 @@ static inline void spill_registers(void)
1961 + {
1962 + #if XCHAL_NUM_AREGS > 16
1963 + __asm__ __volatile__ (
1964 +- " call12 1f\n"
1965 ++ " call8 1f\n"
1966 + " _j 2f\n"
1967 + " retw\n"
1968 + " .align 4\n"
1969 + "1:\n"
1970 ++#if XCHAL_NUM_AREGS == 32
1971 ++ " _entry a1, 32\n"
1972 ++ " addi a8, a0, 3\n"
1973 ++ " _entry a1, 16\n"
1974 ++ " mov a12, a12\n"
1975 ++ " retw\n"
1976 ++#else
1977 + " _entry a1, 48\n"
1978 +- " addi a12, a0, 3\n"
1979 +-#if XCHAL_NUM_AREGS > 32
1980 +- " .rept (" __stringify(XCHAL_NUM_AREGS) " - 32) / 12\n"
1981 ++ " call12 1f\n"
1982 ++ " retw\n"
1983 ++ " .align 4\n"
1984 ++ "1:\n"
1985 ++ " .rept (" __stringify(XCHAL_NUM_AREGS) " - 16) / 12\n"
1986 + " _entry a1, 48\n"
1987 + " mov a12, a0\n"
1988 + " .endr\n"
1989 +-#endif
1990 +- " _entry a1, 48\n"
1991 ++ " _entry a1, 16\n"
1992 + #if XCHAL_NUM_AREGS % 12 == 0
1993 +- " mov a8, a8\n"
1994 +-#elif XCHAL_NUM_AREGS % 12 == 4
1995 + " mov a12, a12\n"
1996 +-#elif XCHAL_NUM_AREGS % 12 == 8
1997 ++#elif XCHAL_NUM_AREGS % 12 == 4
1998 + " mov a4, a4\n"
1999 ++#elif XCHAL_NUM_AREGS % 12 == 8
2000 ++ " mov a8, a8\n"
2001 + #endif
2002 + " retw\n"
2003 ++#endif
2004 + "2:\n"
2005 +- : : : "a12", "a13", "memory");
2006 ++ : : : "a8", "a9", "memory");
2007 + #else
2008 + __asm__ __volatile__ (
2009 + " mov a12, a12\n"
2010 +diff --git a/arch/xtensa/kernel/entry.S b/arch/xtensa/kernel/entry.S
2011 +index 82bbfa5a05b3..a2a902140c4e 100644
2012 +--- a/arch/xtensa/kernel/entry.S
2013 ++++ b/arch/xtensa/kernel/entry.S
2014 +@@ -568,12 +568,13 @@ user_exception_exit:
2015 + * (if we have restored WSBITS-1 frames).
2016 + */
2017 +
2018 ++2:
2019 + #if XCHAL_HAVE_THREADPTR
2020 + l32i a3, a1, PT_THREADPTR
2021 + wur a3, threadptr
2022 + #endif
2023 +
2024 +-2: j common_exception_exit
2025 ++ j common_exception_exit
2026 +
2027 + /* This is the kernel exception exit.
2028 + * We avoided to do a MOVSP when we entered the exception, but we
2029 +@@ -1820,7 +1821,7 @@ ENDPROC(system_call)
2030 + mov a12, a0
2031 + .endr
2032 + #endif
2033 +- _entry a1, 48
2034 ++ _entry a1, 16
2035 + #if XCHAL_NUM_AREGS % 12 == 0
2036 + mov a8, a8
2037 + #elif XCHAL_NUM_AREGS % 12 == 4
2038 +@@ -1844,7 +1845,7 @@ ENDPROC(system_call)
2039 +
2040 + ENTRY(_switch_to)
2041 +
2042 +- entry a1, 16
2043 ++ entry a1, 48
2044 +
2045 + mov a11, a3 # and 'next' (a3)
2046 +
2047 +diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
2048 +index 1630a20d5dcf..d477f83f29bf 100644
2049 +--- a/block/blk-mq-sysfs.c
2050 ++++ b/block/blk-mq-sysfs.c
2051 +@@ -141,15 +141,26 @@ static ssize_t blk_mq_sysfs_completed_show(struct blk_mq_ctx *ctx, char *page)
2052 +
2053 + static ssize_t sysfs_list_show(char *page, struct list_head *list, char *msg)
2054 + {
2055 +- char *start_page = page;
2056 + struct request *rq;
2057 ++ int len = snprintf(page, PAGE_SIZE - 1, "%s:\n", msg);
2058 ++
2059 ++ list_for_each_entry(rq, list, queuelist) {
2060 ++ const int rq_len = 2 * sizeof(rq) + 2;
2061 ++
2062 ++ /* if the output will be truncated */
2063 ++ if (PAGE_SIZE - 1 < len + rq_len) {
2064 ++ /* backspacing if it can't hold '\t...\n' */
2065 ++ if (PAGE_SIZE - 1 < len + 5)
2066 ++ len -= rq_len;
2067 ++ len += snprintf(page + len, PAGE_SIZE - 1 - len,
2068 ++ "\t...\n");
2069 ++ break;
2070 ++ }
2071 ++ len += snprintf(page + len, PAGE_SIZE - 1 - len,
2072 ++ "\t%p\n", rq);
2073 ++ }
2074 +
2075 +- page += sprintf(page, "%s:\n", msg);
2076 +-
2077 +- list_for_each_entry(rq, list, queuelist)
2078 +- page += sprintf(page, "\t%p\n", rq);
2079 +-
2080 +- return page - start_page;
2081 ++ return len;
2082 + }
2083 +
2084 + static ssize_t blk_mq_sysfs_rq_list_show(struct blk_mq_ctx *ctx, char *page)
2085 +diff --git a/drivers/auxdisplay/ks0108.c b/drivers/auxdisplay/ks0108.c
2086 +index 5b93852392b8..0d752851a1ee 100644
2087 +--- a/drivers/auxdisplay/ks0108.c
2088 ++++ b/drivers/auxdisplay/ks0108.c
2089 +@@ -139,6 +139,7 @@ static int __init ks0108_init(void)
2090 +
2091 + ks0108_pardevice = parport_register_device(ks0108_parport, KS0108_NAME,
2092 + NULL, NULL, NULL, PARPORT_DEV_EXCL, NULL);
2093 ++ parport_put_port(ks0108_parport);
2094 + if (ks0108_pardevice == NULL) {
2095 + printk(KERN_ERR KS0108_NAME ": ERROR: "
2096 + "parport didn't register new device\n");
2097 +diff --git a/drivers/base/devres.c b/drivers/base/devres.c
2098 +index c8a53d1e019f..875464690117 100644
2099 +--- a/drivers/base/devres.c
2100 ++++ b/drivers/base/devres.c
2101 +@@ -297,10 +297,10 @@ void * devres_get(struct device *dev, void *new_res,
2102 + if (!dr) {
2103 + add_dr(dev, &new_dr->node);
2104 + dr = new_dr;
2105 +- new_dr = NULL;
2106 ++ new_res = NULL;
2107 + }
2108 + spin_unlock_irqrestore(&dev->devres_lock, flags);
2109 +- devres_free(new_dr);
2110 ++ devres_free(new_res);
2111 +
2112 + return dr->data;
2113 + }
2114 +diff --git a/drivers/base/node.c b/drivers/base/node.c
2115 +index 472168cd0c97..74d45823890b 100644
2116 +--- a/drivers/base/node.c
2117 ++++ b/drivers/base/node.c
2118 +@@ -396,6 +396,16 @@ int register_mem_sect_under_node(struct memory_block *mem_blk, int nid)
2119 + for (pfn = sect_start_pfn; pfn <= sect_end_pfn; pfn++) {
2120 + int page_nid;
2121 +
2122 ++ /*
2123 ++ * memory block could have several absent sections from start.
2124 ++ * skip pfn range from absent section
2125 ++ */
2126 ++ if (!pfn_present(pfn)) {
2127 ++ pfn = round_down(pfn + PAGES_PER_SECTION,
2128 ++ PAGES_PER_SECTION) - 1;
2129 ++ continue;
2130 ++ }
2131 ++
2132 + page_nid = get_nid_for_pfn(pfn);
2133 + if (page_nid < 0)
2134 + continue;
2135 +diff --git a/drivers/base/platform.c b/drivers/base/platform.c
2136 +index 360272cd4549..317e0e491ea0 100644
2137 +--- a/drivers/base/platform.c
2138 ++++ b/drivers/base/platform.c
2139 +@@ -375,9 +375,7 @@ int platform_device_add(struct platform_device *pdev)
2140 +
2141 + while (--i >= 0) {
2142 + struct resource *r = &pdev->resource[i];
2143 +- unsigned long type = resource_type(r);
2144 +-
2145 +- if (type == IORESOURCE_MEM || type == IORESOURCE_IO)
2146 ++ if (r->parent)
2147 + release_resource(r);
2148 + }
2149 +
2150 +@@ -408,9 +406,7 @@ void platform_device_del(struct platform_device *pdev)
2151 +
2152 + for (i = 0; i < pdev->num_resources; i++) {
2153 + struct resource *r = &pdev->resource[i];
2154 +- unsigned long type = resource_type(r);
2155 +-
2156 +- if (type == IORESOURCE_MEM || type == IORESOURCE_IO)
2157 ++ if (r->parent)
2158 + release_resource(r);
2159 + }
2160 + }
2161 +diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
2162 +index 5799a0b9e6cc..c8941f39c919 100644
2163 +--- a/drivers/base/regmap/regmap-debugfs.c
2164 ++++ b/drivers/base/regmap/regmap-debugfs.c
2165 +@@ -32,8 +32,7 @@ static DEFINE_MUTEX(regmap_debugfs_early_lock);
2166 + /* Calculate the length of a fixed format */
2167 + static size_t regmap_calc_reg_len(int max_val, char *buf, size_t buf_size)
2168 + {
2169 +- snprintf(buf, buf_size, "%x", max_val);
2170 +- return strlen(buf);
2171 ++ return snprintf(NULL, 0, "%x", max_val);
2172 + }
2173 +
2174 + static ssize_t regmap_name_read_file(struct file *file,
2175 +@@ -432,7 +431,7 @@ static ssize_t regmap_access_read_file(struct file *file,
2176 + /* If we're in the region the user is trying to read */
2177 + if (p >= *ppos) {
2178 + /* ...but not beyond it */
2179 +- if (buf_pos >= count - 1 - tot_len)
2180 ++ if (buf_pos + tot_len + 1 >= count)
2181 + break;
2182 +
2183 + /* Format the register */
2184 +diff --git a/drivers/block/zram/zcomp.c b/drivers/block/zram/zcomp.c
2185 +index f1ff39a3d1c1..54d946a9eee6 100644
2186 +--- a/drivers/block/zram/zcomp.c
2187 ++++ b/drivers/block/zram/zcomp.c
2188 +@@ -325,12 +325,14 @@ void zcomp_destroy(struct zcomp *comp)
2189 + * allocate new zcomp and initialize it. return compressing
2190 + * backend pointer or ERR_PTR if things went bad. ERR_PTR(-EINVAL)
2191 + * if requested algorithm is not supported, ERR_PTR(-ENOMEM) in
2192 +- * case of allocation error.
2193 ++ * case of allocation error, or any other error potentially
2194 ++ * returned by functions zcomp_strm_{multi,single}_create.
2195 + */
2196 + struct zcomp *zcomp_create(const char *compress, int max_strm)
2197 + {
2198 + struct zcomp *comp;
2199 + struct zcomp_backend *backend;
2200 ++ int error;
2201 +
2202 + backend = find_backend(compress);
2203 + if (!backend)
2204 +@@ -342,12 +344,12 @@ struct zcomp *zcomp_create(const char *compress, int max_strm)
2205 +
2206 + comp->backend = backend;
2207 + if (max_strm > 1)
2208 +- zcomp_strm_multi_create(comp, max_strm);
2209 ++ error = zcomp_strm_multi_create(comp, max_strm);
2210 + else
2211 +- zcomp_strm_single_create(comp);
2212 +- if (!comp->stream) {
2213 ++ error = zcomp_strm_single_create(comp);
2214 ++ if (error) {
2215 + kfree(comp);
2216 +- return ERR_PTR(-ENOMEM);
2217 ++ return ERR_PTR(error);
2218 + }
2219 + return comp;
2220 + }
2221 +diff --git a/drivers/clk/ti/clk-3xxx.c b/drivers/clk/ti/clk-3xxx.c
2222 +index 0d1750a8aea4..088930c3ee4b 100644
2223 +--- a/drivers/clk/ti/clk-3xxx.c
2224 ++++ b/drivers/clk/ti/clk-3xxx.c
2225 +@@ -170,7 +170,6 @@ static struct ti_dt_clk omap3xxx_clks[] = {
2226 + DT_CLK(NULL, "gpio2_ick", "gpio2_ick"),
2227 + DT_CLK(NULL, "wdt3_ick", "wdt3_ick"),
2228 + DT_CLK(NULL, "uart3_ick", "uart3_ick"),
2229 +- DT_CLK(NULL, "uart4_ick", "uart4_ick"),
2230 + DT_CLK(NULL, "gpt9_ick", "gpt9_ick"),
2231 + DT_CLK(NULL, "gpt8_ick", "gpt8_ick"),
2232 + DT_CLK(NULL, "gpt7_ick", "gpt7_ick"),
2233 +@@ -313,6 +312,7 @@ static struct ti_dt_clk am35xx_clks[] = {
2234 + static struct ti_dt_clk omap36xx_clks[] = {
2235 + DT_CLK(NULL, "omap_192m_alwon_fck", "omap_192m_alwon_fck"),
2236 + DT_CLK(NULL, "uart4_fck", "uart4_fck"),
2237 ++ DT_CLK(NULL, "uart4_ick", "uart4_ick"),
2238 + { .node_name = NULL },
2239 + };
2240 +
2241 +diff --git a/drivers/clk/versatile/clk-sp810.c b/drivers/clk/versatile/clk-sp810.c
2242 +index c6e86a9a2aa3..5122ef25f595 100644
2243 +--- a/drivers/clk/versatile/clk-sp810.c
2244 ++++ b/drivers/clk/versatile/clk-sp810.c
2245 +@@ -128,8 +128,8 @@ static struct clk *clk_sp810_timerclken_of_get(struct of_phandle_args *clkspec,
2246 + {
2247 + struct clk_sp810 *sp810 = data;
2248 +
2249 +- if (WARN_ON(clkspec->args_count != 1 || clkspec->args[0] >
2250 +- ARRAY_SIZE(sp810->timerclken)))
2251 ++ if (WARN_ON(clkspec->args_count != 1 ||
2252 ++ clkspec->args[0] >= ARRAY_SIZE(sp810->timerclken)))
2253 + return NULL;
2254 +
2255 + return sp810->timerclken[clkspec->args[0]].clk;
2256 +diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
2257 +index f657c571b18e..bdb6951d0978 100644
2258 +--- a/drivers/cpufreq/cpufreq-dt.c
2259 ++++ b/drivers/cpufreq/cpufreq-dt.c
2260 +@@ -240,7 +240,8 @@ static int cpufreq_init(struct cpufreq_policy *policy)
2261 + rcu_read_unlock();
2262 +
2263 + tol_uV = opp_uV * priv->voltage_tolerance / 100;
2264 +- if (regulator_is_supported_voltage(cpu_reg, opp_uV,
2265 ++ if (regulator_is_supported_voltage(cpu_reg,
2266 ++ opp_uV - tol_uV,
2267 + opp_uV + tol_uV)) {
2268 + if (opp_uV < min_uV)
2269 + min_uV = opp_uV;
2270 +diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
2271 +index d0d21363c63f..c1da6e121a67 100644
2272 +--- a/drivers/cpufreq/intel_pstate.c
2273 ++++ b/drivers/cpufreq/intel_pstate.c
2274 +@@ -47,9 +47,9 @@ static inline int32_t mul_fp(int32_t x, int32_t y)
2275 + return ((int64_t)x * (int64_t)y) >> FRAC_BITS;
2276 + }
2277 +
2278 +-static inline int32_t div_fp(int32_t x, int32_t y)
2279 ++static inline int32_t div_fp(s64 x, s64 y)
2280 + {
2281 +- return div_s64((int64_t)x << FRAC_BITS, y);
2282 ++ return div64_s64((int64_t)x << FRAC_BITS, y);
2283 + }
2284 +
2285 + static inline int ceiling_fp(int32_t x)
2286 +@@ -659,7 +659,7 @@ static inline void intel_pstate_set_sample_time(struct cpudata *cpu)
2287 + static inline int32_t intel_pstate_get_scaled_busy(struct cpudata *cpu)
2288 + {
2289 + int32_t core_busy, max_pstate, current_pstate, sample_ratio;
2290 +- u32 duration_us;
2291 ++ s64 duration_us;
2292 + u32 sample_time;
2293 +
2294 + core_busy = cpu->sample.core_pct_busy;
2295 +@@ -668,8 +668,8 @@ static inline int32_t intel_pstate_get_scaled_busy(struct cpudata *cpu)
2296 + core_busy = mul_fp(core_busy, div_fp(max_pstate, current_pstate));
2297 +
2298 + sample_time = pid_params.sample_rate_ms * USEC_PER_MSEC;
2299 +- duration_us = (u32) ktime_us_delta(cpu->sample.time,
2300 +- cpu->last_sample_time);
2301 ++ duration_us = ktime_us_delta(cpu->sample.time,
2302 ++ cpu->last_sample_time);
2303 + if (duration_us > sample_time * 3) {
2304 + sample_ratio = div_fp(int_tofp(sample_time),
2305 + int_tofp(duration_us));
2306 +diff --git a/drivers/dma/dw/core.c b/drivers/dma/dw/core.c
2307 +index 244722170410..9da24a5e1561 100644
2308 +--- a/drivers/dma/dw/core.c
2309 ++++ b/drivers/dma/dw/core.c
2310 +@@ -1579,7 +1579,6 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata)
2311 + INIT_LIST_HEAD(&dw->dma.channels);
2312 + for (i = 0; i < nr_channels; i++) {
2313 + struct dw_dma_chan *dwc = &dw->chan[i];
2314 +- int r = nr_channels - i - 1;
2315 +
2316 + dwc->chan.device = &dw->dma;
2317 + dma_cookie_init(&dwc->chan);
2318 +@@ -1591,7 +1590,7 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata)
2319 +
2320 + /* 7 is highest priority & 0 is lowest. */
2321 + if (pdata->chan_priority == CHAN_PRIORITY_ASCENDING)
2322 +- dwc->priority = r;
2323 ++ dwc->priority = nr_channels - i - 1;
2324 + else
2325 + dwc->priority = i;
2326 +
2327 +@@ -1610,6 +1609,7 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata)
2328 + /* Hardware configuration */
2329 + if (autocfg) {
2330 + unsigned int dwc_params;
2331 ++ unsigned int r = DW_DMA_MAX_NR_CHANNELS - i - 1;
2332 + void __iomem *addr = chip->regs + r * sizeof(u32);
2333 +
2334 + dwc_params = dma_read_byaddr(addr, DWC_PARAMS);
2335 +diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
2336 +index f861361a635e..4924d381b664 100644
2337 +--- a/drivers/gpu/drm/drm_lock.c
2338 ++++ b/drivers/gpu/drm/drm_lock.c
2339 +@@ -61,6 +61,9 @@ int drm_legacy_lock(struct drm_device *dev, void *data,
2340 + struct drm_master *master = file_priv->master;
2341 + int ret = 0;
2342 +
2343 ++ if (drm_core_check_feature(dev, DRIVER_MODESET))
2344 ++ return -EINVAL;
2345 ++
2346 + ++file_priv->lock_count;
2347 +
2348 + if (lock->context == DRM_KERNEL_CONTEXT) {
2349 +@@ -153,6 +156,9 @@ int drm_legacy_unlock(struct drm_device *dev, void *data, struct drm_file *file_
2350 + struct drm_lock *lock = data;
2351 + struct drm_master *master = file_priv->master;
2352 +
2353 ++ if (drm_core_check_feature(dev, DRIVER_MODESET))
2354 ++ return -EINVAL;
2355 ++
2356 + if (lock->context == DRM_KERNEL_CONTEXT) {
2357 + DRM_ERROR("Process %d using kernel context %d\n",
2358 + task_pid_nr(current), lock->context);
2359 +diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c
2360 +index a4bd90f36a03..d96b152a6e04 100644
2361 +--- a/drivers/gpu/drm/i915/intel_bios.c
2362 ++++ b/drivers/gpu/drm/i915/intel_bios.c
2363 +@@ -41,7 +41,7 @@ find_section(struct bdb_header *bdb, int section_id)
2364 + {
2365 + u8 *base = (u8 *)bdb;
2366 + int index = 0;
2367 +- u16 total, current_size;
2368 ++ u32 total, current_size;
2369 + u8 current_id;
2370 +
2371 + /* skip to first section */
2372 +@@ -56,6 +56,10 @@ find_section(struct bdb_header *bdb, int section_id)
2373 + current_size = *((u16 *)(base + index));
2374 + index += 2;
2375 +
2376 ++ /* The MIPI Sequence Block v3+ has a separate size field. */
2377 ++ if (current_id == BDB_MIPI_SEQUENCE && *(base + index) >= 3)
2378 ++ current_size = *((const u32 *)(base + index + 1));
2379 ++
2380 + if (index + current_size > total)
2381 + return NULL;
2382 +
2383 +@@ -794,6 +798,12 @@ parse_mipi(struct drm_i915_private *dev_priv, struct bdb_header *bdb)
2384 + return;
2385 + }
2386 +
2387 ++ /* Fail gracefully for forward incompatible sequence block. */
2388 ++ if (sequence->version >= 3) {
2389 ++ DRM_ERROR("Unable to parse MIPI Sequence Block v3+\n");
2390 ++ return;
2391 ++ }
2392 ++
2393 + DRM_DEBUG_DRIVER("Found MIPI sequence block\n");
2394 +
2395 + block_size = get_blocksize(sequence);
2396 +diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c
2397 +index 0d1396266857..011b22836fd6 100644
2398 +--- a/drivers/gpu/drm/qxl/qxl_display.c
2399 ++++ b/drivers/gpu/drm/qxl/qxl_display.c
2400 +@@ -136,9 +136,35 @@ static int qxl_add_monitors_config_modes(struct drm_connector *connector,
2401 + *pwidth = head->width;
2402 + *pheight = head->height;
2403 + drm_mode_probed_add(connector, mode);
2404 ++ /* remember the last custom size for mode validation */
2405 ++ qdev->monitors_config_width = mode->hdisplay;
2406 ++ qdev->monitors_config_height = mode->vdisplay;
2407 + return 1;
2408 + }
2409 +
2410 ++static struct mode_size {
2411 ++ int w;
2412 ++ int h;
2413 ++} common_modes[] = {
2414 ++ { 640, 480},
2415 ++ { 720, 480},
2416 ++ { 800, 600},
2417 ++ { 848, 480},
2418 ++ {1024, 768},
2419 ++ {1152, 768},
2420 ++ {1280, 720},
2421 ++ {1280, 800},
2422 ++ {1280, 854},
2423 ++ {1280, 960},
2424 ++ {1280, 1024},
2425 ++ {1440, 900},
2426 ++ {1400, 1050},
2427 ++ {1680, 1050},
2428 ++ {1600, 1200},
2429 ++ {1920, 1080},
2430 ++ {1920, 1200}
2431 ++};
2432 ++
2433 + static int qxl_add_common_modes(struct drm_connector *connector,
2434 + unsigned pwidth,
2435 + unsigned pheight)
2436 +@@ -146,29 +172,6 @@ static int qxl_add_common_modes(struct drm_connector *connector,
2437 + struct drm_device *dev = connector->dev;
2438 + struct drm_display_mode *mode = NULL;
2439 + int i;
2440 +- struct mode_size {
2441 +- int w;
2442 +- int h;
2443 +- } common_modes[] = {
2444 +- { 640, 480},
2445 +- { 720, 480},
2446 +- { 800, 600},
2447 +- { 848, 480},
2448 +- {1024, 768},
2449 +- {1152, 768},
2450 +- {1280, 720},
2451 +- {1280, 800},
2452 +- {1280, 854},
2453 +- {1280, 960},
2454 +- {1280, 1024},
2455 +- {1440, 900},
2456 +- {1400, 1050},
2457 +- {1680, 1050},
2458 +- {1600, 1200},
2459 +- {1920, 1080},
2460 +- {1920, 1200}
2461 +- };
2462 +-
2463 + for (i = 0; i < ARRAY_SIZE(common_modes); i++) {
2464 + mode = drm_cvt_mode(dev, common_modes[i].w, common_modes[i].h,
2465 + 60, false, false, false);
2466 +@@ -598,7 +601,7 @@ static int qxl_crtc_mode_set(struct drm_crtc *crtc,
2467 + adjusted_mode->hdisplay,
2468 + adjusted_mode->vdisplay);
2469 +
2470 +- if (qcrtc->index == 0)
2471 ++ if (bo->is_primary == false)
2472 + recreate_primary = true;
2473 +
2474 + if (bo->surf.stride * bo->surf.height > qdev->vram_size) {
2475 +@@ -806,11 +809,22 @@ static int qxl_conn_get_modes(struct drm_connector *connector)
2476 + static int qxl_conn_mode_valid(struct drm_connector *connector,
2477 + struct drm_display_mode *mode)
2478 + {
2479 ++ struct drm_device *ddev = connector->dev;
2480 ++ struct qxl_device *qdev = ddev->dev_private;
2481 ++ int i;
2482 ++
2483 + /* TODO: is this called for user defined modes? (xrandr --add-mode)
2484 + * TODO: check that the mode fits in the framebuffer */
2485 +- DRM_DEBUG("%s: %dx%d status=%d\n", mode->name, mode->hdisplay,
2486 +- mode->vdisplay, mode->status);
2487 +- return MODE_OK;
2488 ++
2489 ++ if(qdev->monitors_config_width == mode->hdisplay &&
2490 ++ qdev->monitors_config_height == mode->vdisplay)
2491 ++ return MODE_OK;
2492 ++
2493 ++ for (i = 0; i < ARRAY_SIZE(common_modes); i++) {
2494 ++ if (common_modes[i].w == mode->hdisplay && common_modes[i].h == mode->vdisplay)
2495 ++ return MODE_OK;
2496 ++ }
2497 ++ return MODE_BAD;
2498 + }
2499 +
2500 + static struct drm_encoder *qxl_best_encoder(struct drm_connector *connector)
2501 +@@ -855,13 +869,15 @@ static enum drm_connector_status qxl_conn_detect(
2502 + drm_connector_to_qxl_output(connector);
2503 + struct drm_device *ddev = connector->dev;
2504 + struct qxl_device *qdev = ddev->dev_private;
2505 +- int connected;
2506 ++ bool connected = false;
2507 +
2508 + /* The first monitor is always connected */
2509 +- connected = (output->index == 0) ||
2510 +- (qdev->client_monitors_config &&
2511 +- qdev->client_monitors_config->count > output->index &&
2512 +- qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]));
2513 ++ if (!qdev->client_monitors_config) {
2514 ++ if (output->index == 0)
2515 ++ connected = true;
2516 ++ } else
2517 ++ connected = qdev->client_monitors_config->count > output->index &&
2518 ++ qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]);
2519 +
2520 + DRM_DEBUG("#%d connected: %d\n", output->index, connected);
2521 + if (!connected)
2522 +diff --git a/drivers/gpu/drm/qxl/qxl_drv.h b/drivers/gpu/drm/qxl/qxl_drv.h
2523 +index 7c6cafe21f5f..e66143cc1a7a 100644
2524 +--- a/drivers/gpu/drm/qxl/qxl_drv.h
2525 ++++ b/drivers/gpu/drm/qxl/qxl_drv.h
2526 +@@ -325,6 +325,8 @@ struct qxl_device {
2527 + struct work_struct fb_work;
2528 +
2529 + struct drm_property *hotplug_mode_update_property;
2530 ++ int monitors_config_width;
2531 ++ int monitors_config_height;
2532 + };
2533 +
2534 + /* forward declaration for QXL_INFO_IO */
2535 +diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
2536 +index b8cd7975f797..d8a5db204a81 100644
2537 +--- a/drivers/gpu/drm/radeon/atombios_encoders.c
2538 ++++ b/drivers/gpu/drm/radeon/atombios_encoders.c
2539 +@@ -1586,8 +1586,9 @@ radeon_atom_encoder_dpms_avivo(struct drm_encoder *encoder, int mode)
2540 + } else
2541 + atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
2542 + if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) {
2543 +- args.ucAction = ATOM_LCD_BLON;
2544 +- atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args);
2545 ++ struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv;
2546 ++
2547 ++ atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
2548 + }
2549 + break;
2550 + case DRM_MODE_DPMS_STANDBY:
2551 +@@ -1668,8 +1669,7 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode)
2552 + atombios_dig_encoder_setup(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0);
2553 + }
2554 + if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT))
2555 +- atombios_dig_transmitter_setup(encoder,
2556 +- ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0);
2557 ++ atombios_set_backlight_level(radeon_encoder, dig->backlight_level);
2558 + if (ext_encoder)
2559 + atombios_external_encoder_setup(encoder, ext_encoder, ATOM_ENABLE);
2560 + break;
2561 +diff --git a/drivers/gpu/drm/radeon/radeon_combios.c b/drivers/gpu/drm/radeon/radeon_combios.c
2562 +index c097d3a82bda..a9b01bcf7d0a 100644
2563 +--- a/drivers/gpu/drm/radeon/radeon_combios.c
2564 ++++ b/drivers/gpu/drm/radeon/radeon_combios.c
2565 +@@ -3387,6 +3387,14 @@ void radeon_combios_asic_init(struct drm_device *dev)
2566 + rdev->pdev->subsystem_device == 0x30ae)
2567 + return;
2568 +
2569 ++ /* quirk for rs4xx HP Compaq dc5750 Small Form Factor to make it resume
2570 ++ * - it hangs on resume inside the dynclk 1 table.
2571 ++ */
2572 ++ if (rdev->family == CHIP_RS480 &&
2573 ++ rdev->pdev->subsystem_vendor == 0x103c &&
2574 ++ rdev->pdev->subsystem_device == 0x280a)
2575 ++ return;
2576 ++
2577 + /* DYN CLK 1 */
2578 + table = combios_get_table_offset(dev, COMBIOS_DYN_CLK_1_TABLE);
2579 + if (table)
2580 +diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
2581 +index 26baa9c05f6c..15f09068ac00 100644
2582 +--- a/drivers/gpu/drm/radeon/radeon_connectors.c
2583 ++++ b/drivers/gpu/drm/radeon/radeon_connectors.c
2584 +@@ -72,6 +72,11 @@ void radeon_connector_hotplug(struct drm_connector *connector)
2585 + if (!radeon_hpd_sense(rdev, radeon_connector->hpd.hpd)) {
2586 + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF);
2587 + } else if (radeon_dp_needs_link_train(radeon_connector)) {
2588 ++ /* Don't try to start link training before we
2589 ++ * have the dpcd */
2590 ++ if (!radeon_dp_getdpcd(radeon_connector))
2591 ++ return;
2592 ++
2593 + /* set it to OFF so that drm_helper_connector_dpms()
2594 + * won't return immediately since the current state
2595 + * is ON at this point.
2596 +diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
2597 +index ca6849a0121e..97342ebc7de7 100644
2598 +--- a/drivers/hid/usbhid/hid-core.c
2599 ++++ b/drivers/hid/usbhid/hid-core.c
2600 +@@ -164,7 +164,7 @@ static void hid_io_error(struct hid_device *hid)
2601 + if (time_after(jiffies, usbhid->stop_retry)) {
2602 +
2603 + /* Retries failed, so do a port reset unless we lack bandwidth*/
2604 +- if (test_bit(HID_NO_BANDWIDTH, &usbhid->iofl)
2605 ++ if (!test_bit(HID_NO_BANDWIDTH, &usbhid->iofl)
2606 + && !test_and_set_bit(HID_RESET_PENDING, &usbhid->iofl)) {
2607 +
2608 + schedule_work(&usbhid->reset_work);
2609 +diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c
2610 +index 6461964f49a8..3aa958b5d45d 100644
2611 +--- a/drivers/hwmon/nct6775.c
2612 ++++ b/drivers/hwmon/nct6775.c
2613 +@@ -350,6 +350,10 @@ static const u16 NCT6775_REG_TEMP_CRIT[ARRAY_SIZE(nct6775_temp_label) - 1]
2614 +
2615 + /* NCT6776 specific data */
2616 +
2617 ++/* STEP_UP_TIME and STEP_DOWN_TIME regs are swapped for all chips but NCT6775 */
2618 ++#define NCT6776_REG_FAN_STEP_UP_TIME NCT6775_REG_FAN_STEP_DOWN_TIME
2619 ++#define NCT6776_REG_FAN_STEP_DOWN_TIME NCT6775_REG_FAN_STEP_UP_TIME
2620 ++
2621 + static const s8 NCT6776_ALARM_BITS[] = {
2622 + 0, 1, 2, 3, 8, 21, 20, 16, /* in0.. in7 */
2623 + 17, -1, -1, -1, -1, -1, -1, /* in8..in14 */
2624 +@@ -3476,8 +3480,8 @@ static int nct6775_probe(struct platform_device *pdev)
2625 + data->REG_FAN_PULSES = NCT6776_REG_FAN_PULSES;
2626 + data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
2627 + data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
2628 +- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
2629 +- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
2630 ++ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
2631 ++ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
2632 + data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
2633 + data->REG_PWM[0] = NCT6775_REG_PWM;
2634 + data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
2635 +@@ -3548,8 +3552,8 @@ static int nct6775_probe(struct platform_device *pdev)
2636 + data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES;
2637 + data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
2638 + data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
2639 +- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
2640 +- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
2641 ++ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
2642 ++ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
2643 + data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
2644 + data->REG_PWM[0] = NCT6775_REG_PWM;
2645 + data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
2646 +@@ -3624,8 +3628,8 @@ static int nct6775_probe(struct platform_device *pdev)
2647 + data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES;
2648 + data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT;
2649 + data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME;
2650 +- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME;
2651 +- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME;
2652 ++ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME;
2653 ++ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME;
2654 + data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H;
2655 + data->REG_PWM[0] = NCT6775_REG_PWM;
2656 + data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT;
2657 +diff --git a/drivers/iio/imu/adis16480.c b/drivers/iio/imu/adis16480.c
2658 +index 989605dd6f78..b94bfd3f595b 100644
2659 +--- a/drivers/iio/imu/adis16480.c
2660 ++++ b/drivers/iio/imu/adis16480.c
2661 +@@ -110,6 +110,10 @@
2662 + struct adis16480_chip_info {
2663 + unsigned int num_channels;
2664 + const struct iio_chan_spec *channels;
2665 ++ unsigned int gyro_max_val;
2666 ++ unsigned int gyro_max_scale;
2667 ++ unsigned int accel_max_val;
2668 ++ unsigned int accel_max_scale;
2669 + };
2670 +
2671 + struct adis16480 {
2672 +@@ -497,19 +501,21 @@ static int adis16480_set_filter_freq(struct iio_dev *indio_dev,
2673 + static int adis16480_read_raw(struct iio_dev *indio_dev,
2674 + const struct iio_chan_spec *chan, int *val, int *val2, long info)
2675 + {
2676 ++ struct adis16480 *st = iio_priv(indio_dev);
2677 ++
2678 + switch (info) {
2679 + case IIO_CHAN_INFO_RAW:
2680 + return adis_single_conversion(indio_dev, chan, 0, val);
2681 + case IIO_CHAN_INFO_SCALE:
2682 + switch (chan->type) {
2683 + case IIO_ANGL_VEL:
2684 +- *val = 0;
2685 +- *val2 = IIO_DEGREE_TO_RAD(20000); /* 0.02 degree/sec */
2686 +- return IIO_VAL_INT_PLUS_MICRO;
2687 ++ *val = st->chip_info->gyro_max_scale;
2688 ++ *val2 = st->chip_info->gyro_max_val;
2689 ++ return IIO_VAL_FRACTIONAL;
2690 + case IIO_ACCEL:
2691 +- *val = 0;
2692 +- *val2 = IIO_G_TO_M_S_2(800); /* 0.8 mg */
2693 +- return IIO_VAL_INT_PLUS_MICRO;
2694 ++ *val = st->chip_info->accel_max_scale;
2695 ++ *val2 = st->chip_info->accel_max_val;
2696 ++ return IIO_VAL_FRACTIONAL;
2697 + case IIO_MAGN:
2698 + *val = 0;
2699 + *val2 = 100; /* 0.0001 gauss */
2700 +@@ -674,18 +680,39 @@ static const struct adis16480_chip_info adis16480_chip_info[] = {
2701 + [ADIS16375] = {
2702 + .channels = adis16485_channels,
2703 + .num_channels = ARRAY_SIZE(adis16485_channels),
2704 ++ /*
2705 ++ * storing the value in rad/degree and the scale in degree
2706 ++ * gives us the result in rad and better precession than
2707 ++ * storing the scale directly in rad.
2708 ++ */
2709 ++ .gyro_max_val = IIO_RAD_TO_DEGREE(22887),
2710 ++ .gyro_max_scale = 300,
2711 ++ .accel_max_val = IIO_M_S_2_TO_G(21973),
2712 ++ .accel_max_scale = 18,
2713 + },
2714 + [ADIS16480] = {
2715 + .channels = adis16480_channels,
2716 + .num_channels = ARRAY_SIZE(adis16480_channels),
2717 ++ .gyro_max_val = IIO_RAD_TO_DEGREE(22500),
2718 ++ .gyro_max_scale = 450,
2719 ++ .accel_max_val = IIO_M_S_2_TO_G(12500),
2720 ++ .accel_max_scale = 5,
2721 + },
2722 + [ADIS16485] = {
2723 + .channels = adis16485_channels,
2724 + .num_channels = ARRAY_SIZE(adis16485_channels),
2725 ++ .gyro_max_val = IIO_RAD_TO_DEGREE(22500),
2726 ++ .gyro_max_scale = 450,
2727 ++ .accel_max_val = IIO_M_S_2_TO_G(20000),
2728 ++ .accel_max_scale = 5,
2729 + },
2730 + [ADIS16488] = {
2731 + .channels = adis16480_channels,
2732 + .num_channels = ARRAY_SIZE(adis16480_channels),
2733 ++ .gyro_max_val = IIO_RAD_TO_DEGREE(22500),
2734 ++ .gyro_max_scale = 450,
2735 ++ .accel_max_val = IIO_M_S_2_TO_G(22500),
2736 ++ .accel_max_scale = 18,
2737 + },
2738 + };
2739 +
2740 +diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c
2741 +index f971f79103ec..25c68de393ad 100644
2742 +--- a/drivers/iio/industrialio-buffer.c
2743 ++++ b/drivers/iio/industrialio-buffer.c
2744 +@@ -93,7 +93,7 @@ unsigned int iio_buffer_poll(struct file *filp,
2745 + struct iio_buffer *rb = indio_dev->buffer;
2746 +
2747 + if (!indio_dev->info)
2748 +- return -ENODEV;
2749 ++ return 0;
2750 +
2751 + poll_wait(filp, &rb->pollq, wait);
2752 + if (iio_buffer_data_available(rb))
2753 +diff --git a/drivers/iio/industrialio-event.c b/drivers/iio/industrialio-event.c
2754 +index 35c02aeec75e..158a760ada12 100644
2755 +--- a/drivers/iio/industrialio-event.c
2756 ++++ b/drivers/iio/industrialio-event.c
2757 +@@ -84,7 +84,7 @@ static unsigned int iio_event_poll(struct file *filep,
2758 + unsigned int events = 0;
2759 +
2760 + if (!indio_dev->info)
2761 +- return -ENODEV;
2762 ++ return events;
2763 +
2764 + poll_wait(filep, &ev_int->wait, wait);
2765 +
2766 +diff --git a/drivers/infiniband/core/uverbs.h b/drivers/infiniband/core/uverbs.h
2767 +index 643c08a025a5..1c74d89fd2ad 100644
2768 +--- a/drivers/infiniband/core/uverbs.h
2769 ++++ b/drivers/infiniband/core/uverbs.h
2770 +@@ -85,7 +85,7 @@
2771 + */
2772 +
2773 + struct ib_uverbs_device {
2774 +- struct kref ref;
2775 ++ atomic_t refcount;
2776 + int num_comp_vectors;
2777 + struct completion comp;
2778 + struct device *dev;
2779 +@@ -94,6 +94,7 @@ struct ib_uverbs_device {
2780 + struct cdev cdev;
2781 + struct rb_root xrcd_tree;
2782 + struct mutex xrcd_tree_mutex;
2783 ++ struct kobject kobj;
2784 + };
2785 +
2786 + struct ib_uverbs_event_file {
2787 +diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
2788 +index 63a9f04bdb6c..f3748311d79b 100644
2789 +--- a/drivers/infiniband/core/uverbs_cmd.c
2790 ++++ b/drivers/infiniband/core/uverbs_cmd.c
2791 +@@ -2204,6 +2204,12 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2792 + next->send_flags = user_wr->send_flags;
2793 +
2794 + if (is_ud) {
2795 ++ if (next->opcode != IB_WR_SEND &&
2796 ++ next->opcode != IB_WR_SEND_WITH_IMM) {
2797 ++ ret = -EINVAL;
2798 ++ goto out_put;
2799 ++ }
2800 ++
2801 + next->wr.ud.ah = idr_read_ah(user_wr->wr.ud.ah,
2802 + file->ucontext);
2803 + if (!next->wr.ud.ah) {
2804 +@@ -2243,9 +2249,11 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2805 + user_wr->wr.atomic.compare_add;
2806 + next->wr.atomic.swap = user_wr->wr.atomic.swap;
2807 + next->wr.atomic.rkey = user_wr->wr.atomic.rkey;
2808 ++ case IB_WR_SEND:
2809 + break;
2810 + default:
2811 +- break;
2812 ++ ret = -EINVAL;
2813 ++ goto out_put;
2814 + }
2815 + }
2816 +
2817 +diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
2818 +index 71ab83fde472..d3abb7ea2dee 100644
2819 +--- a/drivers/infiniband/core/uverbs_main.c
2820 ++++ b/drivers/infiniband/core/uverbs_main.c
2821 +@@ -128,14 +128,18 @@ static int (*uverbs_ex_cmd_table[])(struct ib_uverbs_file *file,
2822 + static void ib_uverbs_add_one(struct ib_device *device);
2823 + static void ib_uverbs_remove_one(struct ib_device *device);
2824 +
2825 +-static void ib_uverbs_release_dev(struct kref *ref)
2826 ++static void ib_uverbs_release_dev(struct kobject *kobj)
2827 + {
2828 + struct ib_uverbs_device *dev =
2829 +- container_of(ref, struct ib_uverbs_device, ref);
2830 ++ container_of(kobj, struct ib_uverbs_device, kobj);
2831 +
2832 +- complete(&dev->comp);
2833 ++ kfree(dev);
2834 + }
2835 +
2836 ++static struct kobj_type ib_uverbs_dev_ktype = {
2837 ++ .release = ib_uverbs_release_dev,
2838 ++};
2839 ++
2840 + static void ib_uverbs_release_event_file(struct kref *ref)
2841 + {
2842 + struct ib_uverbs_event_file *file =
2843 +@@ -299,13 +303,19 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
2844 + return context->device->dealloc_ucontext(context);
2845 + }
2846 +
2847 ++static void ib_uverbs_comp_dev(struct ib_uverbs_device *dev)
2848 ++{
2849 ++ complete(&dev->comp);
2850 ++}
2851 ++
2852 + static void ib_uverbs_release_file(struct kref *ref)
2853 + {
2854 + struct ib_uverbs_file *file =
2855 + container_of(ref, struct ib_uverbs_file, ref);
2856 +
2857 + module_put(file->device->ib_dev->owner);
2858 +- kref_put(&file->device->ref, ib_uverbs_release_dev);
2859 ++ if (atomic_dec_and_test(&file->device->refcount))
2860 ++ ib_uverbs_comp_dev(file->device);
2861 +
2862 + kfree(file);
2863 + }
2864 +@@ -739,9 +749,7 @@ static int ib_uverbs_open(struct inode *inode, struct file *filp)
2865 + int ret;
2866 +
2867 + dev = container_of(inode->i_cdev, struct ib_uverbs_device, cdev);
2868 +- if (dev)
2869 +- kref_get(&dev->ref);
2870 +- else
2871 ++ if (!atomic_inc_not_zero(&dev->refcount))
2872 + return -ENXIO;
2873 +
2874 + if (!try_module_get(dev->ib_dev->owner)) {
2875 +@@ -762,6 +770,7 @@ static int ib_uverbs_open(struct inode *inode, struct file *filp)
2876 + mutex_init(&file->mutex);
2877 +
2878 + filp->private_data = file;
2879 ++ kobject_get(&dev->kobj);
2880 +
2881 + return nonseekable_open(inode, filp);
2882 +
2883 +@@ -769,13 +778,16 @@ err_module:
2884 + module_put(dev->ib_dev->owner);
2885 +
2886 + err:
2887 +- kref_put(&dev->ref, ib_uverbs_release_dev);
2888 ++ if (atomic_dec_and_test(&dev->refcount))
2889 ++ ib_uverbs_comp_dev(dev);
2890 ++
2891 + return ret;
2892 + }
2893 +
2894 + static int ib_uverbs_close(struct inode *inode, struct file *filp)
2895 + {
2896 + struct ib_uverbs_file *file = filp->private_data;
2897 ++ struct ib_uverbs_device *dev = file->device;
2898 +
2899 + ib_uverbs_cleanup_ucontext(file, file->ucontext);
2900 +
2901 +@@ -783,6 +795,7 @@ static int ib_uverbs_close(struct inode *inode, struct file *filp)
2902 + kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
2903 +
2904 + kref_put(&file->ref, ib_uverbs_release_file);
2905 ++ kobject_put(&dev->kobj);
2906 +
2907 + return 0;
2908 + }
2909 +@@ -878,10 +891,11 @@ static void ib_uverbs_add_one(struct ib_device *device)
2910 + if (!uverbs_dev)
2911 + return;
2912 +
2913 +- kref_init(&uverbs_dev->ref);
2914 ++ atomic_set(&uverbs_dev->refcount, 1);
2915 + init_completion(&uverbs_dev->comp);
2916 + uverbs_dev->xrcd_tree = RB_ROOT;
2917 + mutex_init(&uverbs_dev->xrcd_tree_mutex);
2918 ++ kobject_init(&uverbs_dev->kobj, &ib_uverbs_dev_ktype);
2919 +
2920 + spin_lock(&map_lock);
2921 + devnum = find_first_zero_bit(dev_map, IB_UVERBS_MAX_DEVICES);
2922 +@@ -908,6 +922,7 @@ static void ib_uverbs_add_one(struct ib_device *device)
2923 + cdev_init(&uverbs_dev->cdev, NULL);
2924 + uverbs_dev->cdev.owner = THIS_MODULE;
2925 + uverbs_dev->cdev.ops = device->mmap ? &uverbs_mmap_fops : &uverbs_fops;
2926 ++ uverbs_dev->cdev.kobj.parent = &uverbs_dev->kobj;
2927 + kobject_set_name(&uverbs_dev->cdev.kobj, "uverbs%d", uverbs_dev->devnum);
2928 + if (cdev_add(&uverbs_dev->cdev, base, 1))
2929 + goto err_cdev;
2930 +@@ -938,9 +953,10 @@ err_cdev:
2931 + clear_bit(devnum, overflow_map);
2932 +
2933 + err:
2934 +- kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
2935 ++ if (atomic_dec_and_test(&uverbs_dev->refcount))
2936 ++ ib_uverbs_comp_dev(uverbs_dev);
2937 + wait_for_completion(&uverbs_dev->comp);
2938 +- kfree(uverbs_dev);
2939 ++ kobject_put(&uverbs_dev->kobj);
2940 + return;
2941 + }
2942 +
2943 +@@ -960,9 +976,10 @@ static void ib_uverbs_remove_one(struct ib_device *device)
2944 + else
2945 + clear_bit(uverbs_dev->devnum - IB_UVERBS_MAX_DEVICES, overflow_map);
2946 +
2947 +- kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
2948 ++ if (atomic_dec_and_test(&uverbs_dev->refcount))
2949 ++ ib_uverbs_comp_dev(uverbs_dev);
2950 + wait_for_completion(&uverbs_dev->comp);
2951 +- kfree(uverbs_dev);
2952 ++ kobject_put(&uverbs_dev->kobj);
2953 + }
2954 +
2955 + static char *uverbs_devnode(struct device *dev, umode_t *mode)
2956 +diff --git a/drivers/infiniband/hw/mlx4/ah.c b/drivers/infiniband/hw/mlx4/ah.c
2957 +index 2d8c3397774f..e65ee1947279 100644
2958 +--- a/drivers/infiniband/hw/mlx4/ah.c
2959 ++++ b/drivers/infiniband/hw/mlx4/ah.c
2960 +@@ -147,9 +147,13 @@ int mlx4_ib_query_ah(struct ib_ah *ibah, struct ib_ah_attr *ah_attr)
2961 + enum rdma_link_layer ll;
2962 +
2963 + memset(ah_attr, 0, sizeof *ah_attr);
2964 +- ah_attr->sl = be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 28;
2965 + ah_attr->port_num = be32_to_cpu(ah->av.ib.port_pd) >> 24;
2966 + ll = rdma_port_get_link_layer(ibah->device, ah_attr->port_num);
2967 ++ if (ll == IB_LINK_LAYER_ETHERNET)
2968 ++ ah_attr->sl = be32_to_cpu(ah->av.eth.sl_tclass_flowlabel) >> 29;
2969 ++ else
2970 ++ ah_attr->sl = be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 28;
2971 ++
2972 + ah_attr->dlid = ll == IB_LINK_LAYER_INFINIBAND ? be16_to_cpu(ah->av.ib.dlid) : 0;
2973 + if (ah->av.ib.stat_rate)
2974 + ah_attr->static_rate = ah->av.ib.stat_rate - MLX4_STAT_RATE_OFFSET;
2975 +diff --git a/drivers/infiniband/hw/mlx4/sysfs.c b/drivers/infiniband/hw/mlx4/sysfs.c
2976 +index cb4c66e723b5..89b43da1978d 100644
2977 +--- a/drivers/infiniband/hw/mlx4/sysfs.c
2978 ++++ b/drivers/infiniband/hw/mlx4/sysfs.c
2979 +@@ -660,6 +660,8 @@ static int add_port(struct mlx4_ib_dev *dev, int port_num, int slave)
2980 + struct mlx4_port *p;
2981 + int i;
2982 + int ret;
2983 ++ int is_eth = rdma_port_get_link_layer(&dev->ib_dev, port_num) ==
2984 ++ IB_LINK_LAYER_ETHERNET;
2985 +
2986 + p = kzalloc(sizeof *p, GFP_KERNEL);
2987 + if (!p)
2988 +@@ -677,7 +679,8 @@ static int add_port(struct mlx4_ib_dev *dev, int port_num, int slave)
2989 +
2990 + p->pkey_group.name = "pkey_idx";
2991 + p->pkey_group.attrs =
2992 +- alloc_group_attrs(show_port_pkey, store_port_pkey,
2993 ++ alloc_group_attrs(show_port_pkey,
2994 ++ is_eth ? NULL : store_port_pkey,
2995 + dev->dev->caps.pkey_table_len[port_num]);
2996 + if (!p->pkey_group.attrs) {
2997 + ret = -ENOMEM;
2998 +diff --git a/drivers/infiniband/hw/qib/qib_keys.c b/drivers/infiniband/hw/qib/qib_keys.c
2999 +index 3b9afccaaade..eabe54738be6 100644
3000 +--- a/drivers/infiniband/hw/qib/qib_keys.c
3001 ++++ b/drivers/infiniband/hw/qib/qib_keys.c
3002 +@@ -86,6 +86,10 @@ int qib_alloc_lkey(struct qib_mregion *mr, int dma_region)
3003 + * unrestricted LKEY.
3004 + */
3005 + rkt->gen++;
3006 ++ /*
3007 ++ * bits are capped in qib_verbs.c to insure enough bits
3008 ++ * for generation number
3009 ++ */
3010 + mr->lkey = (r << (32 - ib_qib_lkey_table_size)) |
3011 + ((((1 << (24 - ib_qib_lkey_table_size)) - 1) & rkt->gen)
3012 + << 8);
3013 +diff --git a/drivers/infiniband/hw/qib/qib_verbs.c b/drivers/infiniband/hw/qib/qib_verbs.c
3014 +index 9bcfbd842980..40afdfce2fbc 100644
3015 +--- a/drivers/infiniband/hw/qib/qib_verbs.c
3016 ++++ b/drivers/infiniband/hw/qib/qib_verbs.c
3017 +@@ -40,6 +40,7 @@
3018 + #include <linux/rculist.h>
3019 + #include <linux/mm.h>
3020 + #include <linux/random.h>
3021 ++#include <linux/vmalloc.h>
3022 +
3023 + #include "qib.h"
3024 + #include "qib_common.h"
3025 +@@ -2086,10 +2087,16 @@ int qib_register_ib_device(struct qib_devdata *dd)
3026 + * the LKEY). The remaining bits act as a generation number or tag.
3027 + */
3028 + spin_lock_init(&dev->lk_table.lock);
3029 ++ /* insure generation is at least 4 bits see keys.c */
3030 ++ if (ib_qib_lkey_table_size > MAX_LKEY_TABLE_BITS) {
3031 ++ qib_dev_warn(dd, "lkey bits %u too large, reduced to %u\n",
3032 ++ ib_qib_lkey_table_size, MAX_LKEY_TABLE_BITS);
3033 ++ ib_qib_lkey_table_size = MAX_LKEY_TABLE_BITS;
3034 ++ }
3035 + dev->lk_table.max = 1 << ib_qib_lkey_table_size;
3036 + lk_tab_size = dev->lk_table.max * sizeof(*dev->lk_table.table);
3037 + dev->lk_table.table = (struct qib_mregion __rcu **)
3038 +- __get_free_pages(GFP_KERNEL, get_order(lk_tab_size));
3039 ++ vmalloc(lk_tab_size);
3040 + if (dev->lk_table.table == NULL) {
3041 + ret = -ENOMEM;
3042 + goto err_lk;
3043 +@@ -2262,7 +2269,7 @@ err_tx:
3044 + sizeof(struct qib_pio_header),
3045 + dev->pio_hdrs, dev->pio_hdrs_phys);
3046 + err_hdrs:
3047 +- free_pages((unsigned long) dev->lk_table.table, get_order(lk_tab_size));
3048 ++ vfree(dev->lk_table.table);
3049 + err_lk:
3050 + kfree(dev->qp_table);
3051 + err_qpt:
3052 +@@ -2316,8 +2323,7 @@ void qib_unregister_ib_device(struct qib_devdata *dd)
3053 + sizeof(struct qib_pio_header),
3054 + dev->pio_hdrs, dev->pio_hdrs_phys);
3055 + lk_tab_size = dev->lk_table.max * sizeof(*dev->lk_table.table);
3056 +- free_pages((unsigned long) dev->lk_table.table,
3057 +- get_order(lk_tab_size));
3058 ++ vfree(dev->lk_table.table);
3059 + kfree(dev->qp_table);
3060 + }
3061 +
3062 +diff --git a/drivers/infiniband/hw/qib/qib_verbs.h b/drivers/infiniband/hw/qib/qib_verbs.h
3063 +index bfc8948fdd35..44ca28c83fe6 100644
3064 +--- a/drivers/infiniband/hw/qib/qib_verbs.h
3065 ++++ b/drivers/infiniband/hw/qib/qib_verbs.h
3066 +@@ -647,6 +647,8 @@ struct qib_qpn_table {
3067 + struct qpn_map map[QPNMAP_ENTRIES];
3068 + };
3069 +
3070 ++#define MAX_LKEY_TABLE_BITS 23
3071 ++
3072 + struct qib_lkey_table {
3073 + spinlock_t lock; /* protect changes in this struct */
3074 + u32 next; /* next unused index (speeds search) */
3075 +diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
3076 +index 7b8c29b295ac..357206a20017 100644
3077 +--- a/drivers/infiniband/ulp/isert/ib_isert.c
3078 ++++ b/drivers/infiniband/ulp/isert/ib_isert.c
3079 +@@ -3110,9 +3110,16 @@ isert_get_dataout(struct iscsi_conn *conn, struct iscsi_cmd *cmd, bool recovery)
3080 + static int
3081 + isert_immediate_queue(struct iscsi_conn *conn, struct iscsi_cmd *cmd, int state)
3082 + {
3083 +- int ret;
3084 ++ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd);
3085 ++ int ret = 0;
3086 +
3087 + switch (state) {
3088 ++ case ISTATE_REMOVE:
3089 ++ spin_lock_bh(&conn->cmd_lock);
3090 ++ list_del_init(&cmd->i_conn_node);
3091 ++ spin_unlock_bh(&conn->cmd_lock);
3092 ++ isert_put_cmd(isert_cmd, true);
3093 ++ break;
3094 + case ISTATE_SEND_NOPIN_WANT_RESPONSE:
3095 + ret = isert_put_nopin(cmd, conn, false);
3096 + break;
3097 +diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
3098 +index 8afa28e4570e..928dec311c2b 100644
3099 +--- a/drivers/input/evdev.c
3100 ++++ b/drivers/input/evdev.c
3101 +@@ -239,19 +239,14 @@ static int evdev_flush(struct file *file, fl_owner_t id)
3102 + {
3103 + struct evdev_client *client = file->private_data;
3104 + struct evdev *evdev = client->evdev;
3105 +- int retval;
3106 +
3107 +- retval = mutex_lock_interruptible(&evdev->mutex);
3108 +- if (retval)
3109 +- return retval;
3110 ++ mutex_lock(&evdev->mutex);
3111 +
3112 +- if (!evdev->exist || client->revoked)
3113 +- retval = -ENODEV;
3114 +- else
3115 +- retval = input_flush_device(&evdev->handle, file);
3116 ++ if (evdev->exist && !client->revoked)
3117 ++ input_flush_device(&evdev->handle, file);
3118 +
3119 + mutex_unlock(&evdev->mutex);
3120 +- return retval;
3121 ++ return 0;
3122 + }
3123 +
3124 + static void evdev_free(struct device *dev)
3125 +diff --git a/drivers/macintosh/windfarm_core.c b/drivers/macintosh/windfarm_core.c
3126 +index 3ee198b65843..cc7ece1712b5 100644
3127 +--- a/drivers/macintosh/windfarm_core.c
3128 ++++ b/drivers/macintosh/windfarm_core.c
3129 +@@ -435,7 +435,7 @@ int wf_unregister_client(struct notifier_block *nb)
3130 + {
3131 + mutex_lock(&wf_lock);
3132 + blocking_notifier_chain_unregister(&wf_client_list, nb);
3133 +- wf_client_count++;
3134 ++ wf_client_count--;
3135 + if (wf_client_count == 0)
3136 + wf_stop_thread();
3137 + mutex_unlock(&wf_lock);
3138 +diff --git a/drivers/md/dm-cache-policy-cleaner.c b/drivers/md/dm-cache-policy-cleaner.c
3139 +index b04d1f904d07..2eca9084defe 100644
3140 +--- a/drivers/md/dm-cache-policy-cleaner.c
3141 ++++ b/drivers/md/dm-cache-policy-cleaner.c
3142 +@@ -434,7 +434,7 @@ static struct dm_cache_policy *wb_create(dm_cblock_t cache_size,
3143 + static struct dm_cache_policy_type wb_policy_type = {
3144 + .name = "cleaner",
3145 + .version = {1, 0, 0},
3146 +- .hint_size = 0,
3147 ++ .hint_size = 4,
3148 + .owner = THIS_MODULE,
3149 + .create = wb_create
3150 + };
3151 +diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
3152 +index 07c0fa0fa284..e5d97da5f41e 100644
3153 +--- a/drivers/md/dm-raid.c
3154 ++++ b/drivers/md/dm-raid.c
3155 +@@ -327,8 +327,7 @@ static int validate_region_size(struct raid_set *rs, unsigned long region_size)
3156 + */
3157 + if (min_region_size > (1 << 13)) {
3158 + /* If not a power of 2, make it the next power of 2 */
3159 +- if (min_region_size & (min_region_size - 1))
3160 +- region_size = 1 << fls(region_size);
3161 ++ region_size = roundup_pow_of_two(min_region_size);
3162 + DMINFO("Choosing default region size of %lu sectors",
3163 + region_size);
3164 + } else {
3165 +diff --git a/drivers/md/md.c b/drivers/md/md.c
3166 +index dd7a3701b99c..9c5d53f3e4c6 100644
3167 +--- a/drivers/md/md.c
3168 ++++ b/drivers/md/md.c
3169 +@@ -5073,6 +5073,8 @@ EXPORT_SYMBOL_GPL(md_stop_writes);
3170 + static void __md_stop(struct mddev *mddev)
3171 + {
3172 + mddev->ready = 0;
3173 ++ /* Ensure ->event_work is done */
3174 ++ flush_workqueue(md_misc_wq);
3175 + mddev->pers->stop(mddev);
3176 + if (mddev->pers->sync_request && mddev->to_remove == NULL)
3177 + mddev->to_remove = &md_redundancy_group;
3178 +diff --git a/drivers/md/persistent-data/dm-btree-internal.h b/drivers/md/persistent-data/dm-btree-internal.h
3179 +index bf2b80d5c470..8731b6ea026b 100644
3180 +--- a/drivers/md/persistent-data/dm-btree-internal.h
3181 ++++ b/drivers/md/persistent-data/dm-btree-internal.h
3182 +@@ -138,4 +138,10 @@ int lower_bound(struct btree_node *n, uint64_t key);
3183 +
3184 + extern struct dm_block_validator btree_node_validator;
3185 +
3186 ++/*
3187 ++ * Value type for upper levels of multi-level btrees.
3188 ++ */
3189 ++extern void init_le64_type(struct dm_transaction_manager *tm,
3190 ++ struct dm_btree_value_type *vt);
3191 ++
3192 + #endif /* DM_BTREE_INTERNAL_H */
3193 +diff --git a/drivers/md/persistent-data/dm-btree-remove.c b/drivers/md/persistent-data/dm-btree-remove.c
3194 +index a03178e91a79..7c0d75547ccf 100644
3195 +--- a/drivers/md/persistent-data/dm-btree-remove.c
3196 ++++ b/drivers/md/persistent-data/dm-btree-remove.c
3197 +@@ -544,14 +544,6 @@ static int remove_raw(struct shadow_spine *s, struct dm_btree_info *info,
3198 + return r;
3199 + }
3200 +
3201 +-static struct dm_btree_value_type le64_type = {
3202 +- .context = NULL,
3203 +- .size = sizeof(__le64),
3204 +- .inc = NULL,
3205 +- .dec = NULL,
3206 +- .equal = NULL
3207 +-};
3208 +-
3209 + int dm_btree_remove(struct dm_btree_info *info, dm_block_t root,
3210 + uint64_t *keys, dm_block_t *new_root)
3211 + {
3212 +@@ -559,12 +551,14 @@ int dm_btree_remove(struct dm_btree_info *info, dm_block_t root,
3213 + int index = 0, r = 0;
3214 + struct shadow_spine spine;
3215 + struct btree_node *n;
3216 ++ struct dm_btree_value_type le64_vt;
3217 +
3218 ++ init_le64_type(info->tm, &le64_vt);
3219 + init_shadow_spine(&spine, info);
3220 + for (level = 0; level < info->levels; level++) {
3221 + r = remove_raw(&spine, info,
3222 + (level == last_level ?
3223 +- &info->value_type : &le64_type),
3224 ++ &info->value_type : &le64_vt),
3225 + root, keys[level], (unsigned *)&index);
3226 + if (r < 0)
3227 + break;
3228 +diff --git a/drivers/md/persistent-data/dm-btree-spine.c b/drivers/md/persistent-data/dm-btree-spine.c
3229 +index 1b5e13ec7f96..0dee514ba4c5 100644
3230 +--- a/drivers/md/persistent-data/dm-btree-spine.c
3231 ++++ b/drivers/md/persistent-data/dm-btree-spine.c
3232 +@@ -249,3 +249,40 @@ int shadow_root(struct shadow_spine *s)
3233 + {
3234 + return s->root;
3235 + }
3236 ++
3237 ++static void le64_inc(void *context, const void *value_le)
3238 ++{
3239 ++ struct dm_transaction_manager *tm = context;
3240 ++ __le64 v_le;
3241 ++
3242 ++ memcpy(&v_le, value_le, sizeof(v_le));
3243 ++ dm_tm_inc(tm, le64_to_cpu(v_le));
3244 ++}
3245 ++
3246 ++static void le64_dec(void *context, const void *value_le)
3247 ++{
3248 ++ struct dm_transaction_manager *tm = context;
3249 ++ __le64 v_le;
3250 ++
3251 ++ memcpy(&v_le, value_le, sizeof(v_le));
3252 ++ dm_tm_dec(tm, le64_to_cpu(v_le));
3253 ++}
3254 ++
3255 ++static int le64_equal(void *context, const void *value1_le, const void *value2_le)
3256 ++{
3257 ++ __le64 v1_le, v2_le;
3258 ++
3259 ++ memcpy(&v1_le, value1_le, sizeof(v1_le));
3260 ++ memcpy(&v2_le, value2_le, sizeof(v2_le));
3261 ++ return v1_le == v2_le;
3262 ++}
3263 ++
3264 ++void init_le64_type(struct dm_transaction_manager *tm,
3265 ++ struct dm_btree_value_type *vt)
3266 ++{
3267 ++ vt->context = tm;
3268 ++ vt->size = sizeof(__le64);
3269 ++ vt->inc = le64_inc;
3270 ++ vt->dec = le64_dec;
3271 ++ vt->equal = le64_equal;
3272 ++}
3273 +diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
3274 +index fdd3793e22f9..c7726cebc495 100644
3275 +--- a/drivers/md/persistent-data/dm-btree.c
3276 ++++ b/drivers/md/persistent-data/dm-btree.c
3277 +@@ -667,12 +667,7 @@ static int insert(struct dm_btree_info *info, dm_block_t root,
3278 + struct btree_node *n;
3279 + struct dm_btree_value_type le64_type;
3280 +
3281 +- le64_type.context = NULL;
3282 +- le64_type.size = sizeof(__le64);
3283 +- le64_type.inc = NULL;
3284 +- le64_type.dec = NULL;
3285 +- le64_type.equal = NULL;
3286 +-
3287 ++ init_le64_type(info->tm, &le64_type);
3288 + init_shadow_spine(&spine, info);
3289 +
3290 + for (level = 0; level < (info->levels - 1); level++) {
3291 +diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
3292 +index 32e282f4c83c..17eb76760bf5 100644
3293 +--- a/drivers/md/raid10.c
3294 ++++ b/drivers/md/raid10.c
3295 +@@ -3581,6 +3581,7 @@ static struct r10conf *setup_conf(struct mddev *mddev)
3296 + /* far_copies must be 1 */
3297 + conf->prev.stride = conf->dev_sectors;
3298 + }
3299 ++ conf->reshape_safe = conf->reshape_progress;
3300 + spin_lock_init(&conf->device_lock);
3301 + INIT_LIST_HEAD(&conf->retry_list);
3302 +
3303 +@@ -3788,7 +3789,6 @@ static int run(struct mddev *mddev)
3304 + }
3305 + conf->offset_diff = min_offset_diff;
3306 +
3307 +- conf->reshape_safe = conf->reshape_progress;
3308 + clear_bit(MD_RECOVERY_SYNC, &mddev->recovery);
3309 + clear_bit(MD_RECOVERY_CHECK, &mddev->recovery);
3310 + set_bit(MD_RECOVERY_RESHAPE, &mddev->recovery);
3311 +@@ -4135,6 +4135,7 @@ static int raid10_start_reshape(struct mddev *mddev)
3312 + conf->reshape_progress = size;
3313 + } else
3314 + conf->reshape_progress = 0;
3315 ++ conf->reshape_safe = conf->reshape_progress;
3316 + spin_unlock_irq(&conf->device_lock);
3317 +
3318 + if (mddev->delta_disks && mddev->bitmap) {
3319 +@@ -4201,6 +4202,7 @@ abort:
3320 + rdev->new_data_offset = rdev->data_offset;
3321 + smp_wmb();
3322 + conf->reshape_progress = MaxSector;
3323 ++ conf->reshape_safe = MaxSector;
3324 + mddev->reshape_position = MaxSector;
3325 + spin_unlock_irq(&conf->device_lock);
3326 + return ret;
3327 +@@ -4555,6 +4557,7 @@ static void end_reshape(struct r10conf *conf)
3328 + md_finish_reshape(conf->mddev);
3329 + smp_wmb();
3330 + conf->reshape_progress = MaxSector;
3331 ++ conf->reshape_safe = MaxSector;
3332 + spin_unlock_irq(&conf->device_lock);
3333 +
3334 + /* read-ahead size must cover two whole stripes, which is
3335 +diff --git a/drivers/media/platform/omap3isp/isp.c b/drivers/media/platform/omap3isp/isp.c
3336 +index 72265e58ca60..233eccc5c33e 100644
3337 +--- a/drivers/media/platform/omap3isp/isp.c
3338 ++++ b/drivers/media/platform/omap3isp/isp.c
3339 +@@ -813,14 +813,14 @@ static int isp_pipeline_link_notify(struct media_link *link, u32 flags,
3340 + int ret;
3341 +
3342 + if (notification == MEDIA_DEV_NOTIFY_POST_LINK_CH &&
3343 +- !(link->flags & MEDIA_LNK_FL_ENABLED)) {
3344 ++ !(flags & MEDIA_LNK_FL_ENABLED)) {
3345 + /* Powering off entities is assumed to never fail. */
3346 + isp_pipeline_pm_power(source, -sink_use);
3347 + isp_pipeline_pm_power(sink, -source_use);
3348 + return 0;
3349 + }
3350 +
3351 +- if (notification == MEDIA_DEV_NOTIFY_POST_LINK_CH &&
3352 ++ if (notification == MEDIA_DEV_NOTIFY_PRE_LINK_CH &&
3353 + (flags & MEDIA_LNK_FL_ENABLED)) {
3354 +
3355 + ret = isp_pipeline_pm_power(source, sink_use);
3356 +diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
3357 +index fc369b033484..b4ceda856939 100644
3358 +--- a/drivers/media/rc/rc-main.c
3359 ++++ b/drivers/media/rc/rc-main.c
3360 +@@ -1191,9 +1191,6 @@ static int rc_dev_uevent(struct device *device, struct kobj_uevent_env *env)
3361 + {
3362 + struct rc_dev *dev = to_rc_dev(device);
3363 +
3364 +- if (!dev || !dev->input_dev)
3365 +- return -ENODEV;
3366 +-
3367 + if (dev->rc_map.name)
3368 + ADD_HOTPLUG_VAR("NAME=%s", dev->rc_map.name);
3369 + if (dev->driver_name)
3370 +diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c
3371 +index eee4fd606dc1..cc55691dbea6 100644
3372 +--- a/drivers/misc/cxl/pci.c
3373 ++++ b/drivers/misc/cxl/pci.c
3374 +@@ -987,8 +987,6 @@ static int cxl_probe(struct pci_dev *dev, const struct pci_device_id *id)
3375 + int slice;
3376 + int rc;
3377 +
3378 +- pci_dev_get(dev);
3379 +-
3380 + if (cxl_verbose)
3381 + dump_cxl_config_space(dev);
3382 +
3383 +diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
3384 +index 297b4f912c2d..9a8cb9cd852d 100644
3385 +--- a/drivers/mmc/core/core.c
3386 ++++ b/drivers/mmc/core/core.c
3387 +@@ -314,8 +314,10 @@ EXPORT_SYMBOL(mmc_start_bkops);
3388 + */
3389 + static void mmc_wait_data_done(struct mmc_request *mrq)
3390 + {
3391 +- mrq->host->context_info.is_done_rcv = true;
3392 +- wake_up_interruptible(&mrq->host->context_info.wait);
3393 ++ struct mmc_context_info *context_info = &mrq->host->context_info;
3394 ++
3395 ++ context_info->is_done_rcv = true;
3396 ++ wake_up_interruptible(&context_info->wait);
3397 + }
3398 +
3399 + static void mmc_wait_done(struct mmc_request *mrq)
3400 +diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
3401 +index bc677362bc73..eac876732f97 100644
3402 +--- a/drivers/mtd/nand/pxa3xx_nand.c
3403 ++++ b/drivers/mtd/nand/pxa3xx_nand.c
3404 +@@ -1465,6 +1465,9 @@ static int pxa3xx_nand_scan(struct mtd_info *mtd)
3405 + if (pdata->keep_config && !pxa3xx_nand_detect_config(info))
3406 + goto KEEP_CONFIG;
3407 +
3408 ++ /* Set a default chunk size */
3409 ++ info->chunk_size = 512;
3410 ++
3411 + ret = pxa3xx_nand_sensing(info);
3412 + if (ret) {
3413 + dev_info(&info->pdev->dev, "There is no chip on cs %d!\n",
3414 +diff --git a/drivers/mtd/ubi/io.c b/drivers/mtd/ubi/io.c
3415 +index d36134925d31..db657f2168d7 100644
3416 +--- a/drivers/mtd/ubi/io.c
3417 ++++ b/drivers/mtd/ubi/io.c
3418 +@@ -921,6 +921,11 @@ static int validate_vid_hdr(const struct ubi_device *ubi,
3419 + goto bad;
3420 + }
3421 +
3422 ++ if (data_size > ubi->leb_size) {
3423 ++ ubi_err("bad data_size");
3424 ++ goto bad;
3425 ++ }
3426 ++
3427 + if (vol_type == UBI_VID_STATIC) {
3428 + /*
3429 + * Although from high-level point of view static volumes may
3430 +diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c
3431 +index 07cac5f9ffb8..ec1009407fec 100644
3432 +--- a/drivers/mtd/ubi/vtbl.c
3433 ++++ b/drivers/mtd/ubi/vtbl.c
3434 +@@ -651,6 +651,7 @@ static int init_volumes(struct ubi_device *ubi,
3435 + if (ubi->corr_peb_count)
3436 + ubi_err("%d PEBs are corrupted and not used",
3437 + ubi->corr_peb_count);
3438 ++ return -ENOSPC;
3439 + }
3440 + ubi->rsvd_pebs += reserved_pebs;
3441 + ubi->avail_pebs -= reserved_pebs;
3442 +diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
3443 +index ef670560971e..21d03130d8a7 100644
3444 +--- a/drivers/mtd/ubi/wl.c
3445 ++++ b/drivers/mtd/ubi/wl.c
3446 +@@ -1982,6 +1982,7 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
3447 + if (ubi->corr_peb_count)
3448 + ubi_err("%d PEBs are corrupted and not used",
3449 + ubi->corr_peb_count);
3450 ++ err = -ENOSPC;
3451 + goto out_free;
3452 + }
3453 + ubi->avail_pebs -= reserved_pebs;
3454 +diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
3455 +index 4f4c2a7888e5..ea26483833f5 100644
3456 +--- a/drivers/net/dsa/bcm_sf2.c
3457 ++++ b/drivers/net/dsa/bcm_sf2.c
3458 +@@ -684,16 +684,12 @@ static void bcm_sf2_sw_fixed_link_update(struct dsa_switch *ds, int port,
3459 + struct fixed_phy_status *status)
3460 + {
3461 + struct bcm_sf2_priv *priv = ds_to_priv(ds);
3462 +- u32 link, duplex, pause, speed;
3463 ++ u32 link, duplex, pause;
3464 + u32 reg;
3465 +
3466 + link = core_readl(priv, CORE_LNKSTS);
3467 + duplex = core_readl(priv, CORE_DUPSTS);
3468 + pause = core_readl(priv, CORE_PAUSESTS);
3469 +- speed = core_readl(priv, CORE_SPDSTS);
3470 +-
3471 +- speed >>= (port * SPDSTS_SHIFT);
3472 +- speed &= SPDSTS_MASK;
3473 +
3474 + status->link = 0;
3475 +
3476 +@@ -717,18 +713,6 @@ static void bcm_sf2_sw_fixed_link_update(struct dsa_switch *ds, int port,
3477 + status->duplex = !!(duplex & (1 << port));
3478 + }
3479 +
3480 +- switch (speed) {
3481 +- case SPDSTS_10:
3482 +- status->speed = SPEED_10;
3483 +- break;
3484 +- case SPDSTS_100:
3485 +- status->speed = SPEED_100;
3486 +- break;
3487 +- case SPDSTS_1000:
3488 +- status->speed = SPEED_1000;
3489 +- break;
3490 +- }
3491 +-
3492 + if ((pause & (1 << port)) &&
3493 + (pause & (1 << (port + PAUSESTS_TX_PAUSE_SHIFT)))) {
3494 + status->asym_pause = 1;
3495 +diff --git a/drivers/net/dsa/bcm_sf2.h b/drivers/net/dsa/bcm_sf2.h
3496 +index ee9f650d5026..3ecfda86366e 100644
3497 +--- a/drivers/net/dsa/bcm_sf2.h
3498 ++++ b/drivers/net/dsa/bcm_sf2.h
3499 +@@ -110,8 +110,8 @@ static inline u64 name##_readq(struct bcm_sf2_priv *priv, u32 off) \
3500 + spin_unlock(&priv->indir_lock); \
3501 + return (u64)indir << 32 | dir; \
3502 + } \
3503 +-static inline void name##_writeq(struct bcm_sf2_priv *priv, u32 off, \
3504 +- u64 val) \
3505 ++static inline void name##_writeq(struct bcm_sf2_priv *priv, u64 val, \
3506 ++ u32 off) \
3507 + { \
3508 + spin_lock(&priv->indir_lock); \
3509 + reg_writel(priv, upper_32_bits(val), REG_DIR_DATA_WRITE); \
3510 +diff --git a/drivers/net/ethernet/altera/altera_tse_main.c b/drivers/net/ethernet/altera/altera_tse_main.c
3511 +index 4efc4355d345..2eb6404755b1 100644
3512 +--- a/drivers/net/ethernet/altera/altera_tse_main.c
3513 ++++ b/drivers/net/ethernet/altera/altera_tse_main.c
3514 +@@ -501,8 +501,7 @@ static int tse_poll(struct napi_struct *napi, int budget)
3515 + if (rxcomplete >= budget || txcomplete > 0)
3516 + return rxcomplete;
3517 +
3518 +- napi_gro_flush(napi, false);
3519 +- __napi_complete(napi);
3520 ++ napi_complete(napi);
3521 +
3522 + netdev_dbg(priv->dev,
3523 + "NAPI Complete, did %d packets with budget %d\n",
3524 +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
3525 +index a37800ecb27c..6fa8272c8f31 100644
3526 +--- a/drivers/net/ethernet/broadcom/tg3.c
3527 ++++ b/drivers/net/ethernet/broadcom/tg3.c
3528 +@@ -10752,7 +10752,7 @@ static ssize_t tg3_show_temp(struct device *dev,
3529 + tg3_ape_scratchpad_read(tp, &temperature, attr->index,
3530 + sizeof(temperature));
3531 + spin_unlock_bh(&tp->lock);
3532 +- return sprintf(buf, "%u\n", temperature);
3533 ++ return sprintf(buf, "%u\n", temperature * 1000);
3534 + }
3535 +
3536 +
3537 +diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c
3538 +index c3861de9dc81..d864614f1255 100644
3539 +--- a/drivers/net/ethernet/brocade/bna/bnad.c
3540 ++++ b/drivers/net/ethernet/brocade/bna/bnad.c
3541 +@@ -674,6 +674,7 @@ bnad_cq_process(struct bnad *bnad, struct bna_ccb *ccb, int budget)
3542 + if (!next_cmpl->valid)
3543 + break;
3544 + }
3545 ++ packets++;
3546 +
3547 + /* TODO: BNA_CQ_EF_LOCAL ? */
3548 + if (unlikely(flags & (BNA_CQ_EF_MAC_ERROR |
3549 +@@ -690,7 +691,6 @@ bnad_cq_process(struct bnad *bnad, struct bna_ccb *ccb, int budget)
3550 + else
3551 + bnad_cq_setup_skb_frags(rcb, skb, sop_ci, nvecs, len);
3552 +
3553 +- packets++;
3554 + rcb->rxq->rx_packets++;
3555 + rcb->rxq->rx_bytes += totlen;
3556 + ccb->bytes_per_intr += totlen;
3557 +diff --git a/drivers/net/ethernet/intel/igb/igb.h b/drivers/net/ethernet/intel/igb/igb.h
3558 +index 82d891e183b1..95f47b9f50d4 100644
3559 +--- a/drivers/net/ethernet/intel/igb/igb.h
3560 ++++ b/drivers/net/ethernet/intel/igb/igb.h
3561 +@@ -531,6 +531,7 @@ void igb_ptp_rx_pktstamp(struct igb_q_vector *q_vector, unsigned char *va,
3562 + struct sk_buff *skb);
3563 + int igb_ptp_set_ts_config(struct net_device *netdev, struct ifreq *ifr);
3564 + int igb_ptp_get_ts_config(struct net_device *netdev, struct ifreq *ifr);
3565 ++void igb_set_flag_queue_pairs(struct igb_adapter *, const u32);
3566 + #ifdef CONFIG_IGB_HWMON
3567 + void igb_sysfs_exit(struct igb_adapter *adapter);
3568 + int igb_sysfs_init(struct igb_adapter *adapter);
3569 +diff --git a/drivers/net/ethernet/intel/igb/igb_ethtool.c b/drivers/net/ethernet/intel/igb/igb_ethtool.c
3570 +index 02cfd3b14762..aa176cea5a41 100644
3571 +--- a/drivers/net/ethernet/intel/igb/igb_ethtool.c
3572 ++++ b/drivers/net/ethernet/intel/igb/igb_ethtool.c
3573 +@@ -2979,6 +2979,7 @@ static int igb_set_channels(struct net_device *netdev,
3574 + {
3575 + struct igb_adapter *adapter = netdev_priv(netdev);
3576 + unsigned int count = ch->combined_count;
3577 ++ unsigned int max_combined = 0;
3578 +
3579 + /* Verify they are not requesting separate vectors */
3580 + if (!count || ch->rx_count || ch->tx_count)
3581 +@@ -2989,11 +2990,13 @@ static int igb_set_channels(struct net_device *netdev,
3582 + return -EINVAL;
3583 +
3584 + /* Verify the number of channels doesn't exceed hw limits */
3585 +- if (count > igb_max_channels(adapter))
3586 ++ max_combined = igb_max_channels(adapter);
3587 ++ if (count > max_combined)
3588 + return -EINVAL;
3589 +
3590 + if (count != adapter->rss_queues) {
3591 + adapter->rss_queues = count;
3592 ++ igb_set_flag_queue_pairs(adapter, max_combined);
3593 +
3594 + /* Hardware has to reinitialize queues and interrupts to
3595 + * match the new configuration.
3596 +diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
3597 +index 487cd9c4ac0d..e0f36647d3dd 100644
3598 +--- a/drivers/net/ethernet/intel/igb/igb_main.c
3599 ++++ b/drivers/net/ethernet/intel/igb/igb_main.c
3600 +@@ -1207,8 +1207,14 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
3601 +
3602 + /* allocate q_vector and rings */
3603 + q_vector = adapter->q_vector[v_idx];
3604 +- if (!q_vector)
3605 ++ if (!q_vector) {
3606 ++ q_vector = kzalloc(size, GFP_KERNEL);
3607 ++ } else if (size > ksize(q_vector)) {
3608 ++ kfree_rcu(q_vector, rcu);
3609 + q_vector = kzalloc(size, GFP_KERNEL);
3610 ++ } else {
3611 ++ memset(q_vector, 0, size);
3612 ++ }
3613 + if (!q_vector)
3614 + return -ENOMEM;
3615 +
3616 +@@ -2861,7 +2867,7 @@ static void igb_probe_vfs(struct igb_adapter *adapter)
3617 + return;
3618 +
3619 + pci_sriov_set_totalvfs(pdev, 7);
3620 +- igb_pci_enable_sriov(pdev, max_vfs);
3621 ++ igb_enable_sriov(pdev, max_vfs);
3622 +
3623 + #endif /* CONFIG_PCI_IOV */
3624 + }
3625 +@@ -2902,6 +2908,14 @@ static void igb_init_queue_configuration(struct igb_adapter *adapter)
3626 +
3627 + adapter->rss_queues = min_t(u32, max_rss_queues, num_online_cpus());
3628 +
3629 ++ igb_set_flag_queue_pairs(adapter, max_rss_queues);
3630 ++}
3631 ++
3632 ++void igb_set_flag_queue_pairs(struct igb_adapter *adapter,
3633 ++ const u32 max_rss_queues)
3634 ++{
3635 ++ struct e1000_hw *hw = &adapter->hw;
3636 ++
3637 + /* Determine if we need to pair queues. */
3638 + switch (hw->mac.type) {
3639 + case e1000_82575:
3640 +diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
3641 +index e7ed2513b1d1..7a598932f922 100644
3642 +--- a/drivers/net/usb/usbnet.c
3643 ++++ b/drivers/net/usb/usbnet.c
3644 +@@ -779,7 +779,7 @@ int usbnet_stop (struct net_device *net)
3645 + {
3646 + struct usbnet *dev = netdev_priv(net);
3647 + struct driver_info *info = dev->driver_info;
3648 +- int retval, pm;
3649 ++ int retval, pm, mpn;
3650 +
3651 + clear_bit(EVENT_DEV_OPEN, &dev->flags);
3652 + netif_stop_queue (net);
3653 +@@ -810,6 +810,8 @@ int usbnet_stop (struct net_device *net)
3654 +
3655 + usbnet_purge_paused_rxq(dev);
3656 +
3657 ++ mpn = !test_and_clear_bit(EVENT_NO_RUNTIME_PM, &dev->flags);
3658 ++
3659 + /* deferred work (task, timer, softirq) must also stop.
3660 + * can't flush_scheduled_work() until we drop rtnl (later),
3661 + * else workers could deadlock; so make workers a NOP.
3662 +@@ -820,8 +822,7 @@ int usbnet_stop (struct net_device *net)
3663 + if (!pm)
3664 + usb_autopm_put_interface(dev->intf);
3665 +
3666 +- if (info->manage_power &&
3667 +- !test_and_clear_bit(EVENT_NO_RUNTIME_PM, &dev->flags))
3668 ++ if (info->manage_power && mpn)
3669 + info->manage_power(dev, 0);
3670 + else
3671 + usb_autopm_put_interface(dev->intf);
3672 +diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c
3673 +index 676bd4ed969b..32003e682351 100644
3674 +--- a/drivers/net/wireless/ath/ath10k/htc.c
3675 ++++ b/drivers/net/wireless/ath/ath10k/htc.c
3676 +@@ -162,8 +162,10 @@ int ath10k_htc_send(struct ath10k_htc *htc,
3677 +
3678 + skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE);
3679 + ret = dma_mapping_error(dev, skb_cb->paddr);
3680 +- if (ret)
3681 ++ if (ret) {
3682 ++ ret = -EIO;
3683 + goto err_credits;
3684 ++ }
3685 +
3686 + sg_item.transfer_id = ep->eid;
3687 + sg_item.transfer_context = skb;
3688 +diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c
3689 +index bd87a35201d8..55c60783c129 100644
3690 +--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
3691 ++++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
3692 +@@ -402,8 +402,10 @@ int ath10k_htt_mgmt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
3693 + skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
3694 + DMA_TO_DEVICE);
3695 + res = dma_mapping_error(dev, skb_cb->paddr);
3696 +- if (res)
3697 ++ if (res) {
3698 ++ res = -EIO;
3699 + goto err_free_txdesc;
3700 ++ }
3701 +
3702 + skb_put(txdesc, len);
3703 + cmd = (struct htt_cmd *)txdesc->data;
3704 +@@ -488,8 +490,10 @@ int ath10k_htt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
3705 + skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
3706 + DMA_TO_DEVICE);
3707 + res = dma_mapping_error(dev, skb_cb->paddr);
3708 +- if (res)
3709 ++ if (res) {
3710 ++ res = -EIO;
3711 + goto err_free_txbuf;
3712 ++ }
3713 +
3714 + if (likely(use_frags)) {
3715 + frags = skb_cb->htt.txbuf->frags;
3716 +diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c
3717 +index 59e0ea83be50..06620657cc19 100644
3718 +--- a/drivers/net/wireless/ath/ath10k/pci.c
3719 ++++ b/drivers/net/wireless/ath/ath10k/pci.c
3720 +@@ -1298,8 +1298,10 @@ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar,
3721 +
3722 + req_paddr = dma_map_single(ar->dev, treq, req_len, DMA_TO_DEVICE);
3723 + ret = dma_mapping_error(ar->dev, req_paddr);
3724 +- if (ret)
3725 ++ if (ret) {
3726 ++ ret = -EIO;
3727 + goto err_dma;
3728 ++ }
3729 +
3730 + if (resp && resp_len) {
3731 + tresp = kzalloc(*resp_len, GFP_KERNEL);
3732 +@@ -1311,8 +1313,10 @@ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar,
3733 + resp_paddr = dma_map_single(ar->dev, tresp, *resp_len,
3734 + DMA_FROM_DEVICE);
3735 + ret = dma_mapping_error(ar->dev, resp_paddr);
3736 +- if (ret)
3737 ++ if (ret) {
3738 ++ ret = EIO;
3739 + goto err_req;
3740 ++ }
3741 +
3742 + xfer.wait_for_resp = true;
3743 + xfer.resp_len = 0;
3744 +diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c
3745 +index 2c42bd504b79..8a091485960d 100644
3746 +--- a/drivers/net/wireless/ath/ath10k/wmi.c
3747 ++++ b/drivers/net/wireless/ath/ath10k/wmi.c
3748 +@@ -1661,6 +1661,7 @@ static void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb)
3749 + ATH10K_SKB_CB(bcn)->paddr);
3750 + if (ret) {
3751 + ath10k_warn(ar, "failed to map beacon: %d\n", ret);
3752 ++ ret = -EIO;
3753 + dev_kfree_skb_any(bcn);
3754 + goto skip;
3755 + }
3756 +diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
3757 +index 43c14d4da563..e17b728a21aa 100644
3758 +--- a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
3759 ++++ b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
3760 +@@ -2180,7 +2180,7 @@ static int _rtl8821ae_set_media_status(struct ieee80211_hw *hw,
3761 +
3762 + rtl_write_byte(rtlpriv, (MSR), bt_msr);
3763 + rtlpriv->cfg->ops->led_control(hw, ledaction);
3764 +- if ((bt_msr & 0xfc) == MSR_AP)
3765 ++ if ((bt_msr & MSR_MASK) == MSR_AP)
3766 + rtl_write_byte(rtlpriv, REG_BCNTCFG + 1, 0x00);
3767 + else
3768 + rtl_write_byte(rtlpriv, REG_BCNTCFG + 1, 0x66);
3769 +diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/reg.h b/drivers/net/wireless/rtlwifi/rtl8821ae/reg.h
3770 +index 53668fc8f23e..1d6110f9c1fb 100644
3771 +--- a/drivers/net/wireless/rtlwifi/rtl8821ae/reg.h
3772 ++++ b/drivers/net/wireless/rtlwifi/rtl8821ae/reg.h
3773 +@@ -429,6 +429,7 @@
3774 + #define MSR_ADHOC 0x01
3775 + #define MSR_INFRA 0x02
3776 + #define MSR_AP 0x03
3777 ++#define MSR_MASK 0x03
3778 +
3779 + #define RRSR_RSC_OFFSET 21
3780 + #define RRSR_SHORT_OFFSET 23
3781 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
3782 +index 2b0b4e62f171..2a64f28b2dad 100644
3783 +--- a/drivers/net/xen-netfront.c
3784 ++++ b/drivers/net/xen-netfront.c
3785 +@@ -1432,7 +1432,8 @@ static void xennet_disconnect_backend(struct netfront_info *info)
3786 + queue->tx_evtchn = queue->rx_evtchn = 0;
3787 + queue->tx_irq = queue->rx_irq = 0;
3788 +
3789 +- napi_synchronize(&queue->napi);
3790 ++ if (netif_running(info->netdev))
3791 ++ napi_synchronize(&queue->napi);
3792 +
3793 + xennet_release_tx_bufs(queue);
3794 + xennet_release_rx_bufs(queue);
3795 +diff --git a/drivers/of/address.c b/drivers/of/address.c
3796 +index 1dba1a9c1fcf..9e77614391a0 100644
3797 +--- a/drivers/of/address.c
3798 ++++ b/drivers/of/address.c
3799 +@@ -845,10 +845,10 @@ struct device_node *of_find_matching_node_by_address(struct device_node *from,
3800 + struct resource res;
3801 +
3802 + while (dn) {
3803 +- if (of_address_to_resource(dn, 0, &res))
3804 +- continue;
3805 +- if (res.start == base_address)
3806 ++ if (!of_address_to_resource(dn, 0, &res) &&
3807 ++ res.start == base_address)
3808 + return dn;
3809 ++
3810 + dn = of_find_matching_node(dn, matches);
3811 + }
3812 +
3813 +diff --git a/drivers/of/of_mdio.c b/drivers/of/of_mdio.c
3814 +index 1bd43053b8c7..5dc1ef955a0f 100644
3815 +--- a/drivers/of/of_mdio.c
3816 ++++ b/drivers/of/of_mdio.c
3817 +@@ -262,7 +262,8 @@ EXPORT_SYMBOL(of_phy_attach);
3818 + bool of_phy_is_fixed_link(struct device_node *np)
3819 + {
3820 + struct device_node *dn;
3821 +- int len;
3822 ++ int len, err;
3823 ++ const char *managed;
3824 +
3825 + /* New binding */
3826 + dn = of_get_child_by_name(np, "fixed-link");
3827 +@@ -271,6 +272,10 @@ bool of_phy_is_fixed_link(struct device_node *np)
3828 + return true;
3829 + }
3830 +
3831 ++ err = of_property_read_string(np, "managed", &managed);
3832 ++ if (err == 0 && strcmp(managed, "auto") != 0)
3833 ++ return true;
3834 ++
3835 + /* Old binding */
3836 + if (of_get_property(np, "fixed-link", &len) &&
3837 + len == (5 * sizeof(__be32)))
3838 +@@ -285,8 +290,18 @@ int of_phy_register_fixed_link(struct device_node *np)
3839 + struct fixed_phy_status status = {};
3840 + struct device_node *fixed_link_node;
3841 + const __be32 *fixed_link_prop;
3842 +- int len;
3843 ++ int len, err;
3844 + struct phy_device *phy;
3845 ++ const char *managed;
3846 ++
3847 ++ err = of_property_read_string(np, "managed", &managed);
3848 ++ if (err == 0) {
3849 ++ if (strcmp(managed, "in-band-status") == 0) {
3850 ++ /* status is zeroed, namely its .link member */
3851 ++ phy = fixed_phy_register(PHY_POLL, &status, np);
3852 ++ return IS_ERR(phy) ? PTR_ERR(phy) : 0;
3853 ++ }
3854 ++ }
3855 +
3856 + /* New binding */
3857 + fixed_link_node = of_get_child_by_name(np, "fixed-link");
3858 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
3859 +index 04ea682ab2aa..00b1cd32a4b1 100644
3860 +--- a/drivers/pci/quirks.c
3861 ++++ b/drivers/pci/quirks.c
3862 +@@ -2818,12 +2818,15 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x3c28, vtd_mask_spec_errors);
3863 +
3864 + static void fixup_ti816x_class(struct pci_dev *dev)
3865 + {
3866 ++ u32 class = dev->class;
3867 ++
3868 + /* TI 816x devices do not have class code set when in PCIe boot mode */
3869 +- dev_info(&dev->dev, "Setting PCI class for 816x PCIe device\n");
3870 +- dev->class = PCI_CLASS_MULTIMEDIA_VIDEO;
3871 ++ dev->class = PCI_CLASS_MULTIMEDIA_VIDEO << 8;
3872 ++ dev_info(&dev->dev, "PCI class overridden (%#08x -> %#08x)\n",
3873 ++ class, dev->class);
3874 + }
3875 + DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_TI, 0xb800,
3876 +- PCI_CLASS_NOT_DEFINED, 0, fixup_ti816x_class);
3877 ++ PCI_CLASS_NOT_DEFINED, 0, fixup_ti816x_class);
3878 +
3879 + /* Some PCIe devices do not work reliably with the claimed maximum
3880 + * payload size supported.
3881 +diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
3882 +index 4c559640dcba..301386c4d85b 100644
3883 +--- a/drivers/platform/x86/hp-wmi.c
3884 ++++ b/drivers/platform/x86/hp-wmi.c
3885 +@@ -54,8 +54,9 @@ MODULE_ALIAS("wmi:5FB7F034-2C63-45e9-BE91-3D44E2C707E4");
3886 + #define HPWMI_HARDWARE_QUERY 0x4
3887 + #define HPWMI_WIRELESS_QUERY 0x5
3888 + #define HPWMI_BIOS_QUERY 0x9
3889 ++#define HPWMI_FEATURE_QUERY 0xb
3890 + #define HPWMI_HOTKEY_QUERY 0xc
3891 +-#define HPWMI_FEATURE_QUERY 0xd
3892 ++#define HPWMI_FEATURE2_QUERY 0xd
3893 + #define HPWMI_WIRELESS2_QUERY 0x1b
3894 + #define HPWMI_POSTCODEERROR_QUERY 0x2a
3895 +
3896 +@@ -295,25 +296,33 @@ static int hp_wmi_tablet_state(void)
3897 + return (state & 0x4) ? 1 : 0;
3898 + }
3899 +
3900 +-static int __init hp_wmi_bios_2009_later(void)
3901 ++static int __init hp_wmi_bios_2008_later(void)
3902 + {
3903 + int state = 0;
3904 + int ret = hp_wmi_perform_query(HPWMI_FEATURE_QUERY, 0, &state,
3905 + sizeof(state), sizeof(state));
3906 +- if (ret)
3907 +- return ret;
3908 ++ if (!ret)
3909 ++ return 1;
3910 +
3911 +- return (state & 0x10) ? 1 : 0;
3912 ++ return (ret == HPWMI_RET_UNKNOWN_CMDTYPE) ? 0 : -ENXIO;
3913 + }
3914 +
3915 +-static int hp_wmi_enable_hotkeys(void)
3916 ++static int __init hp_wmi_bios_2009_later(void)
3917 + {
3918 +- int ret;
3919 +- int query = 0x6e;
3920 ++ int state = 0;
3921 ++ int ret = hp_wmi_perform_query(HPWMI_FEATURE2_QUERY, 0, &state,
3922 ++ sizeof(state), sizeof(state));
3923 ++ if (!ret)
3924 ++ return 1;
3925 +
3926 +- ret = hp_wmi_perform_query(HPWMI_BIOS_QUERY, 1, &query, sizeof(query),
3927 +- 0);
3928 ++ return (ret == HPWMI_RET_UNKNOWN_CMDTYPE) ? 0 : -ENXIO;
3929 ++}
3930 +
3931 ++static int __init hp_wmi_enable_hotkeys(void)
3932 ++{
3933 ++ int value = 0x6e;
3934 ++ int ret = hp_wmi_perform_query(HPWMI_BIOS_QUERY, 1, &value,
3935 ++ sizeof(value), 0);
3936 + if (ret)
3937 + return -EINVAL;
3938 + return 0;
3939 +@@ -663,7 +672,7 @@ static int __init hp_wmi_input_setup(void)
3940 + hp_wmi_tablet_state());
3941 + input_sync(hp_wmi_input_dev);
3942 +
3943 +- if (hp_wmi_bios_2009_later() == 4)
3944 ++ if (!hp_wmi_bios_2009_later() && hp_wmi_bios_2008_later())
3945 + hp_wmi_enable_hotkeys();
3946 +
3947 + status = wmi_install_notify_handler(HPWMI_EVENT_GUID, hp_wmi_notify, NULL);
3948 +diff --git a/drivers/power/avs/Kconfig b/drivers/power/avs/Kconfig
3949 +index 7f3d389bd601..a67eeace6a89 100644
3950 +--- a/drivers/power/avs/Kconfig
3951 ++++ b/drivers/power/avs/Kconfig
3952 +@@ -13,7 +13,7 @@ menuconfig POWER_AVS
3953 +
3954 + config ROCKCHIP_IODOMAIN
3955 + tristate "Rockchip IO domain support"
3956 +- depends on ARCH_ROCKCHIP && OF
3957 ++ depends on POWER_AVS && ARCH_ROCKCHIP && OF
3958 + help
3959 + Say y here to enable support io domains on Rockchip SoCs. It is
3960 + necessary for the io domain setting of the SoC to match the
3961 +diff --git a/drivers/s390/char/sclp_early.c b/drivers/s390/char/sclp_early.c
3962 +index 5bd6cb145a87..efc9a13bf457 100644
3963 +--- a/drivers/s390/char/sclp_early.c
3964 ++++ b/drivers/s390/char/sclp_early.c
3965 +@@ -7,6 +7,7 @@
3966 + #define KMSG_COMPONENT "sclp_early"
3967 + #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
3968 +
3969 ++#include <linux/errno.h>
3970 + #include <asm/ctl_reg.h>
3971 + #include <asm/sclp.h>
3972 + #include <asm/ipl.h>
3973 +diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
3974 +index 5f57e3d35e26..6adf9abdf955 100644
3975 +--- a/drivers/scsi/3w-9xxx.c
3976 ++++ b/drivers/scsi/3w-9xxx.c
3977 +@@ -225,6 +225,17 @@ static const struct file_operations twa_fops = {
3978 + .llseek = noop_llseek,
3979 + };
3980 +
3981 ++/*
3982 ++ * The controllers use an inline buffer instead of a mapped SGL for small,
3983 ++ * single entry buffers. Note that we treat a zero-length transfer like
3984 ++ * a mapped SGL.
3985 ++ */
3986 ++static bool twa_command_mapped(struct scsi_cmnd *cmd)
3987 ++{
3988 ++ return scsi_sg_count(cmd) != 1 ||
3989 ++ scsi_bufflen(cmd) >= TW_MIN_SGL_LENGTH;
3990 ++}
3991 ++
3992 + /* This function will complete an aen request from the isr */
3993 + static int twa_aen_complete(TW_Device_Extension *tw_dev, int request_id)
3994 + {
3995 +@@ -1351,7 +1362,8 @@ static irqreturn_t twa_interrupt(int irq, void *dev_instance)
3996 + }
3997 +
3998 + /* Now complete the io */
3999 +- scsi_dma_unmap(cmd);
4000 ++ if (twa_command_mapped(cmd))
4001 ++ scsi_dma_unmap(cmd);
4002 + cmd->scsi_done(cmd);
4003 + tw_dev->state[request_id] = TW_S_COMPLETED;
4004 + twa_free_request_id(tw_dev, request_id);
4005 +@@ -1594,7 +1606,8 @@ static int twa_reset_device_extension(TW_Device_Extension *tw_dev)
4006 + struct scsi_cmnd *cmd = tw_dev->srb[i];
4007 +
4008 + cmd->result = (DID_RESET << 16);
4009 +- scsi_dma_unmap(cmd);
4010 ++ if (twa_command_mapped(cmd))
4011 ++ scsi_dma_unmap(cmd);
4012 + cmd->scsi_done(cmd);
4013 + }
4014 + }
4015 +@@ -1777,12 +1790,14 @@ static int twa_scsi_queue_lck(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_
4016 + retval = twa_scsiop_execute_scsi(tw_dev, request_id, NULL, 0, NULL);
4017 + switch (retval) {
4018 + case SCSI_MLQUEUE_HOST_BUSY:
4019 +- scsi_dma_unmap(SCpnt);
4020 ++ if (twa_command_mapped(SCpnt))
4021 ++ scsi_dma_unmap(SCpnt);
4022 + twa_free_request_id(tw_dev, request_id);
4023 + break;
4024 + case 1:
4025 + SCpnt->result = (DID_ERROR << 16);
4026 +- scsi_dma_unmap(SCpnt);
4027 ++ if (twa_command_mapped(SCpnt))
4028 ++ scsi_dma_unmap(SCpnt);
4029 + done(SCpnt);
4030 + tw_dev->state[request_id] = TW_S_COMPLETED;
4031 + twa_free_request_id(tw_dev, request_id);
4032 +@@ -1843,8 +1858,7 @@ static int twa_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id,
4033 + /* Map sglist from scsi layer to cmd packet */
4034 +
4035 + if (scsi_sg_count(srb)) {
4036 +- if ((scsi_sg_count(srb) == 1) &&
4037 +- (scsi_bufflen(srb) < TW_MIN_SGL_LENGTH)) {
4038 ++ if (!twa_command_mapped(srb)) {
4039 + if (srb->sc_data_direction == DMA_TO_DEVICE ||
4040 + srb->sc_data_direction == DMA_BIDIRECTIONAL)
4041 + scsi_sg_copy_to_buffer(srb,
4042 +@@ -1917,7 +1931,7 @@ static void twa_scsiop_execute_scsi_complete(TW_Device_Extension *tw_dev, int re
4043 + {
4044 + struct scsi_cmnd *cmd = tw_dev->srb[request_id];
4045 +
4046 +- if (scsi_bufflen(cmd) < TW_MIN_SGL_LENGTH &&
4047 ++ if (!twa_command_mapped(cmd) &&
4048 + (cmd->sc_data_direction == DMA_FROM_DEVICE ||
4049 + cmd->sc_data_direction == DMA_BIDIRECTIONAL)) {
4050 + if (scsi_sg_count(cmd) == 1) {
4051 +diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
4052 +index 01a79473350a..3d12c52c3f81 100644
4053 +--- a/drivers/scsi/scsi_error.c
4054 ++++ b/drivers/scsi/scsi_error.c
4055 +@@ -2166,8 +2166,17 @@ int scsi_error_handler(void *data)
4056 + * We never actually get interrupted because kthread_run
4057 + * disables signal delivery for the created thread.
4058 + */
4059 +- while (!kthread_should_stop()) {
4060 ++ while (true) {
4061 ++ /*
4062 ++ * The sequence in kthread_stop() sets the stop flag first
4063 ++ * then wakes the process. To avoid missed wakeups, the task
4064 ++ * should always be in a non running state before the stop
4065 ++ * flag is checked
4066 ++ */
4067 + set_current_state(TASK_INTERRUPTIBLE);
4068 ++ if (kthread_should_stop())
4069 ++ break;
4070 ++
4071 + if ((shost->host_failed == 0 && shost->host_eh_scheduled == 0) ||
4072 + shost->host_failed != atomic_read(&shost->host_busy)) {
4073 + SCSI_LOG_ERROR_RECOVERY(1,
4074 +diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
4075 +index d95656d05eb6..e56802d85ff9 100644
4076 +--- a/drivers/spi/spi-pxa2xx.c
4077 ++++ b/drivers/spi/spi-pxa2xx.c
4078 +@@ -564,6 +564,10 @@ static irqreturn_t ssp_int(int irq, void *dev_id)
4079 + if (!(sccr1_reg & SSCR1_TIE))
4080 + mask &= ~SSSR_TFS;
4081 +
4082 ++ /* Ignore RX timeout interrupt if it is disabled */
4083 ++ if (!(sccr1_reg & SSCR1_TINTE))
4084 ++ mask &= ~SSSR_TINT;
4085 ++
4086 + if (!(status & mask))
4087 + return IRQ_NONE;
4088 +
4089 +diff --git a/drivers/spi/spi-xtensa-xtfpga.c b/drivers/spi/spi-xtensa-xtfpga.c
4090 +index 0dc5df5233a9..cb030389a265 100644
4091 +--- a/drivers/spi/spi-xtensa-xtfpga.c
4092 ++++ b/drivers/spi/spi-xtensa-xtfpga.c
4093 +@@ -34,13 +34,13 @@ struct xtfpga_spi {
4094 + static inline void xtfpga_spi_write32(const struct xtfpga_spi *spi,
4095 + unsigned addr, u32 val)
4096 + {
4097 +- iowrite32(val, spi->regs + addr);
4098 ++ __raw_writel(val, spi->regs + addr);
4099 + }
4100 +
4101 + static inline unsigned int xtfpga_spi_read32(const struct xtfpga_spi *spi,
4102 + unsigned addr)
4103 + {
4104 +- return ioread32(spi->regs + addr);
4105 ++ return __raw_readl(spi->regs + addr);
4106 + }
4107 +
4108 + static inline void xtfpga_spi_wait_busy(struct xtfpga_spi *xspi)
4109 +diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
4110 +index 115ad5dbc7c5..85a6da81723a 100644
4111 +--- a/drivers/spi/spi.c
4112 ++++ b/drivers/spi/spi.c
4113 +@@ -1478,8 +1478,7 @@ static struct class spi_master_class = {
4114 + *
4115 + * The caller is responsible for assigning the bus number and initializing
4116 + * the master's methods before calling spi_register_master(); and (after errors
4117 +- * adding the device) calling spi_master_put() and kfree() to prevent a memory
4118 +- * leak.
4119 ++ * adding the device) calling spi_master_put() to prevent a memory leak.
4120 + */
4121 + struct spi_master *spi_alloc_master(struct device *dev, unsigned size)
4122 + {
4123 +diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c
4124 +index 56604f41ec48..ce3808a868e7 100644
4125 +--- a/drivers/staging/android/ion/ion.c
4126 ++++ b/drivers/staging/android/ion/ion.c
4127 +@@ -1176,13 +1176,13 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd)
4128 + mutex_unlock(&client->lock);
4129 + goto end;
4130 + }
4131 +- mutex_unlock(&client->lock);
4132 +
4133 + handle = ion_handle_create(client, buffer);
4134 +- if (IS_ERR(handle))
4135 ++ if (IS_ERR(handle)) {
4136 ++ mutex_unlock(&client->lock);
4137 + goto end;
4138 ++ }
4139 +
4140 +- mutex_lock(&client->lock);
4141 + ret = ion_handle_add(client, handle);
4142 + mutex_unlock(&client->lock);
4143 + if (ret) {
4144 +diff --git a/drivers/staging/comedi/drivers/adl_pci7x3x.c b/drivers/staging/comedi/drivers/adl_pci7x3x.c
4145 +index fb8e5f582496..3346c0753d7e 100644
4146 +--- a/drivers/staging/comedi/drivers/adl_pci7x3x.c
4147 ++++ b/drivers/staging/comedi/drivers/adl_pci7x3x.c
4148 +@@ -113,8 +113,20 @@ static int adl_pci7x3x_do_insn_bits(struct comedi_device *dev,
4149 + {
4150 + unsigned long reg = (unsigned long)s->private;
4151 +
4152 +- if (comedi_dio_update_state(s, data))
4153 +- outl(s->state, dev->iobase + reg);
4154 ++ if (comedi_dio_update_state(s, data)) {
4155 ++ unsigned int val = s->state;
4156 ++
4157 ++ if (s->n_chan == 16) {
4158 ++ /*
4159 ++ * It seems the PCI-7230 needs the 16-bit DO state
4160 ++ * to be shifted left by 16 bits before being written
4161 ++ * to the 32-bit register. Set the value in both
4162 ++ * halves of the register to be sure.
4163 ++ */
4164 ++ val |= val << 16;
4165 ++ }
4166 ++ outl(val, dev->iobase + reg);
4167 ++ }
4168 +
4169 + data[1] = s->state;
4170 +
4171 +diff --git a/drivers/staging/speakup/fakekey.c b/drivers/staging/speakup/fakekey.c
4172 +index 4299cf45f947..5e1f16c36b49 100644
4173 +--- a/drivers/staging/speakup/fakekey.c
4174 ++++ b/drivers/staging/speakup/fakekey.c
4175 +@@ -81,6 +81,7 @@ void speakup_fake_down_arrow(void)
4176 + __this_cpu_write(reporting_keystroke, true);
4177 + input_report_key(virt_keyboard, KEY_DOWN, PRESSED);
4178 + input_report_key(virt_keyboard, KEY_DOWN, RELEASED);
4179 ++ input_sync(virt_keyboard);
4180 + __this_cpu_write(reporting_keystroke, false);
4181 +
4182 + /* reenable preemption */
4183 +diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
4184 +index 06ea1a113e45..062633295bc2 100644
4185 +--- a/drivers/target/iscsi/iscsi_target.c
4186 ++++ b/drivers/target/iscsi/iscsi_target.c
4187 +@@ -343,7 +343,6 @@ static struct iscsi_np *iscsit_get_np(
4188 +
4189 + struct iscsi_np *iscsit_add_np(
4190 + struct __kernel_sockaddr_storage *sockaddr,
4191 +- char *ip_str,
4192 + int network_transport)
4193 + {
4194 + struct sockaddr_in *sock_in;
4195 +@@ -372,11 +371,9 @@ struct iscsi_np *iscsit_add_np(
4196 + np->np_flags |= NPF_IP_NETWORK;
4197 + if (sockaddr->ss_family == AF_INET6) {
4198 + sock_in6 = (struct sockaddr_in6 *)sockaddr;
4199 +- snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str);
4200 + np->np_port = ntohs(sock_in6->sin6_port);
4201 + } else {
4202 + sock_in = (struct sockaddr_in *)sockaddr;
4203 +- sprintf(np->np_ip, "%s", ip_str);
4204 + np->np_port = ntohs(sock_in->sin_port);
4205 + }
4206 +
4207 +@@ -413,8 +410,8 @@ struct iscsi_np *iscsit_add_np(
4208 + list_add_tail(&np->np_list, &g_np_list);
4209 + mutex_unlock(&np_lock);
4210 +
4211 +- pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n",
4212 +- np->np_ip, np->np_port, np->np_transport->name);
4213 ++ pr_debug("CORE[0] - Added Network Portal: %pISc:%hu on %s\n",
4214 ++ &np->np_sockaddr, np->np_port, np->np_transport->name);
4215 +
4216 + return np;
4217 + }
4218 +@@ -483,8 +480,8 @@ int iscsit_del_np(struct iscsi_np *np)
4219 + list_del(&np->np_list);
4220 + mutex_unlock(&np_lock);
4221 +
4222 +- pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n",
4223 +- np->np_ip, np->np_port, np->np_transport->name);
4224 ++ pr_debug("CORE[0] - Removed Network Portal: %pISc:%hu on %s\n",
4225 ++ &np->np_sockaddr, np->np_port, np->np_transport->name);
4226 +
4227 + iscsit_put_transport(np->np_transport);
4228 + kfree(np);
4229 +@@ -3482,11 +3479,18 @@ iscsit_build_sendtargets_response(struct iscsi_cmd *cmd,
4230 + target_name_printed = 1;
4231 + }
4232 +
4233 +- len = sprintf(buf, "TargetAddress="
4234 +- "%s:%hu,%hu",
4235 +- inaddr_any ? conn->local_ip : np->np_ip,
4236 +- np->np_port,
4237 +- tpg->tpgt);
4238 ++ if (inaddr_any) {
4239 ++ len = sprintf(buf, "TargetAddress="
4240 ++ "%s:%hu,%hu",
4241 ++ conn->local_ip,
4242 ++ np->np_port,
4243 ++ tpg->tpgt);
4244 ++ } else {
4245 ++ len = sprintf(buf, "TargetAddress="
4246 ++ "%pISpc,%hu",
4247 ++ &np->np_sockaddr,
4248 ++ tpg->tpgt);
4249 ++ }
4250 + len += 1;
4251 +
4252 + if ((len + payload_len) > buffer_len) {
4253 +diff --git a/drivers/target/iscsi/iscsi_target.h b/drivers/target/iscsi/iscsi_target.h
4254 +index e936d56fb523..3ef6ef582b10 100644
4255 +--- a/drivers/target/iscsi/iscsi_target.h
4256 ++++ b/drivers/target/iscsi/iscsi_target.h
4257 +@@ -13,7 +13,7 @@ extern int iscsit_deaccess_np(struct iscsi_np *, struct iscsi_portal_group *,
4258 + extern bool iscsit_check_np_match(struct __kernel_sockaddr_storage *,
4259 + struct iscsi_np *, int);
4260 + extern struct iscsi_np *iscsit_add_np(struct __kernel_sockaddr_storage *,
4261 +- char *, int);
4262 ++ int);
4263 + extern int iscsit_reset_np_thread(struct iscsi_np *, struct iscsi_tpg_np *,
4264 + struct iscsi_portal_group *, bool);
4265 + extern int iscsit_del_np(struct iscsi_np *);
4266 +diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c
4267 +index 9059c1e0b26e..49b34655e57a 100644
4268 +--- a/drivers/target/iscsi/iscsi_target_configfs.c
4269 ++++ b/drivers/target/iscsi/iscsi_target_configfs.c
4270 +@@ -103,7 +103,7 @@ static ssize_t lio_target_np_store_sctp(
4271 + * Use existing np->np_sockaddr for SCTP network portal reference
4272 + */
4273 + tpg_np_sctp = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr,
4274 +- np->np_ip, tpg_np, ISCSI_SCTP_TCP);
4275 ++ tpg_np, ISCSI_SCTP_TCP);
4276 + if (!tpg_np_sctp || IS_ERR(tpg_np_sctp))
4277 + goto out;
4278 + } else {
4279 +@@ -181,7 +181,7 @@ static ssize_t lio_target_np_store_iser(
4280 + }
4281 +
4282 + tpg_np_iser = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr,
4283 +- np->np_ip, tpg_np, ISCSI_INFINIBAND);
4284 ++ tpg_np, ISCSI_INFINIBAND);
4285 + if (IS_ERR(tpg_np_iser)) {
4286 + rc = PTR_ERR(tpg_np_iser);
4287 + goto out;
4288 +@@ -252,8 +252,8 @@ static struct se_tpg_np *lio_target_call_addnptotpg(
4289 + return ERR_PTR(-EINVAL);
4290 + }
4291 + str++; /* Skip over leading "[" */
4292 +- *str2 = '\0'; /* Terminate the IPv6 address */
4293 +- str2++; /* Skip over the "]" */
4294 ++ *str2 = '\0'; /* Terminate the unbracketed IPv6 address */
4295 ++ str2++; /* Skip over the \0 */
4296 + port_str = strstr(str2, ":");
4297 + if (!port_str) {
4298 + pr_err("Unable to locate \":port\""
4299 +@@ -320,7 +320,7 @@ static struct se_tpg_np *lio_target_call_addnptotpg(
4300 + * sys/kernel/config/iscsi/$IQN/$TPG/np/$IP:$PORT/
4301 + *
4302 + */
4303 +- tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, str, NULL,
4304 ++ tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, NULL,
4305 + ISCSI_TCP);
4306 + if (IS_ERR(tpg_np)) {
4307 + iscsit_put_tpg(tpg);
4308 +@@ -348,8 +348,8 @@ static void lio_target_call_delnpfromtpg(
4309 +
4310 + se_tpg = &tpg->tpg_se_tpg;
4311 + pr_debug("LIO_Target_ConfigFS: DEREGISTER -> %s TPGT: %hu"
4312 +- " PORTAL: %s:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item),
4313 +- tpg->tpgt, tpg_np->tpg_np->np_ip, tpg_np->tpg_np->np_port);
4314 ++ " PORTAL: %pISc:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item),
4315 ++ tpg->tpgt, &tpg_np->tpg_np->np_sockaddr, tpg_np->tpg_np->np_port);
4316 +
4317 + ret = iscsit_tpg_del_network_portal(tpg, tpg_np);
4318 + if (ret < 0)
4319 +diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
4320 +index 719ec300cd24..eb320e6eb93d 100644
4321 +--- a/drivers/target/iscsi/iscsi_target_login.c
4322 ++++ b/drivers/target/iscsi/iscsi_target_login.c
4323 +@@ -879,8 +879,8 @@ static void iscsi_handle_login_thread_timeout(unsigned long data)
4324 + struct iscsi_np *np = (struct iscsi_np *) data;
4325 +
4326 + spin_lock_bh(&np->np_thread_lock);
4327 +- pr_err("iSCSI Login timeout on Network Portal %s:%hu\n",
4328 +- np->np_ip, np->np_port);
4329 ++ pr_err("iSCSI Login timeout on Network Portal %pISc:%hu\n",
4330 ++ &np->np_sockaddr, np->np_port);
4331 +
4332 + if (np->np_login_timer_flags & ISCSI_TF_STOP) {
4333 + spin_unlock_bh(&np->np_thread_lock);
4334 +@@ -1357,8 +1357,8 @@ static int __iscsi_target_login_thread(struct iscsi_np *np)
4335 + spin_lock_bh(&np->np_thread_lock);
4336 + if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
4337 + spin_unlock_bh(&np->np_thread_lock);
4338 +- pr_err("iSCSI Network Portal on %s:%hu currently not"
4339 +- " active.\n", np->np_ip, np->np_port);
4340 ++ pr_err("iSCSI Network Portal on %pISc:%hu currently not"
4341 ++ " active.\n", &np->np_sockaddr, np->np_port);
4342 + iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
4343 + ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
4344 + goto new_sess_out;
4345 +diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c
4346 +index c3cb5c15efda..5530321c44f2 100644
4347 +--- a/drivers/target/iscsi/iscsi_target_tpg.c
4348 ++++ b/drivers/target/iscsi/iscsi_target_tpg.c
4349 +@@ -464,7 +464,6 @@ static bool iscsit_tpg_check_network_portal(
4350 + struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4351 + struct iscsi_portal_group *tpg,
4352 + struct __kernel_sockaddr_storage *sockaddr,
4353 +- char *ip_str,
4354 + struct iscsi_tpg_np *tpg_np_parent,
4355 + int network_transport)
4356 + {
4357 +@@ -474,8 +473,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4358 + if (!tpg_np_parent) {
4359 + if (iscsit_tpg_check_network_portal(tpg->tpg_tiqn, sockaddr,
4360 + network_transport)) {
4361 +- pr_err("Network Portal: %s already exists on a"
4362 +- " different TPG on %s\n", ip_str,
4363 ++ pr_err("Network Portal: %pISc already exists on a"
4364 ++ " different TPG on %s\n", sockaddr,
4365 + tpg->tpg_tiqn->tiqn);
4366 + return ERR_PTR(-EEXIST);
4367 + }
4368 +@@ -488,7 +487,7 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4369 + return ERR_PTR(-ENOMEM);
4370 + }
4371 +
4372 +- np = iscsit_add_np(sockaddr, ip_str, network_transport);
4373 ++ np = iscsit_add_np(sockaddr, network_transport);
4374 + if (IS_ERR(np)) {
4375 + kfree(tpg_np);
4376 + return ERR_CAST(np);
4377 +@@ -519,8 +518,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal(
4378 + spin_unlock(&tpg_np_parent->tpg_np_parent_lock);
4379 + }
4380 +
4381 +- pr_debug("CORE[%s] - Added Network Portal: %s:%hu,%hu on %s\n",
4382 +- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
4383 ++ pr_debug("CORE[%s] - Added Network Portal: %pISc:%hu,%hu on %s\n",
4384 ++ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt,
4385 + np->np_transport->name);
4386 +
4387 + return tpg_np;
4388 +@@ -533,8 +532,8 @@ static int iscsit_tpg_release_np(
4389 + {
4390 + iscsit_clear_tpg_np_login_thread(tpg_np, tpg, true);
4391 +
4392 +- pr_debug("CORE[%s] - Removed Network Portal: %s:%hu,%hu on %s\n",
4393 +- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt,
4394 ++ pr_debug("CORE[%s] - Removed Network Portal: %pISc:%hu,%hu on %s\n",
4395 ++ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt,
4396 + np->np_transport->name);
4397 +
4398 + tpg_np->tpg_np = NULL;
4399 +diff --git a/drivers/target/iscsi/iscsi_target_tpg.h b/drivers/target/iscsi/iscsi_target_tpg.h
4400 +index e7265337bc43..e216128b5a98 100644
4401 +--- a/drivers/target/iscsi/iscsi_target_tpg.h
4402 ++++ b/drivers/target/iscsi/iscsi_target_tpg.h
4403 +@@ -22,7 +22,7 @@ extern struct iscsi_node_attrib *iscsit_tpg_get_node_attrib(struct iscsi_session
4404 + extern void iscsit_tpg_del_external_nps(struct iscsi_tpg_np *);
4405 + extern struct iscsi_tpg_np *iscsit_tpg_locate_child_np(struct iscsi_tpg_np *, int);
4406 + extern struct iscsi_tpg_np *iscsit_tpg_add_network_portal(struct iscsi_portal_group *,
4407 +- struct __kernel_sockaddr_storage *, char *, struct iscsi_tpg_np *,
4408 ++ struct __kernel_sockaddr_storage *, struct iscsi_tpg_np *,
4409 + int);
4410 + extern int iscsit_tpg_del_network_portal(struct iscsi_portal_group *,
4411 + struct iscsi_tpg_np *);
4412 +diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
4413 +index e3ebb674a693..fea7d905e77c 100644
4414 +--- a/drivers/tty/n_tty.c
4415 ++++ b/drivers/tty/n_tty.c
4416 +@@ -364,8 +364,8 @@ static void n_tty_packet_mode_flush(struct tty_struct *tty)
4417 + spin_lock_irqsave(&tty->ctrl_lock, flags);
4418 + if (tty->link->packet) {
4419 + tty->ctrl_status |= TIOCPKT_FLUSHREAD;
4420 +- if (waitqueue_active(&tty->link->read_wait))
4421 +- wake_up_interruptible(&tty->link->read_wait);
4422 ++ spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4423 ++ wake_up_interruptible(&tty->link->read_wait);
4424 + }
4425 + spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4426 + }
4427 +@@ -1387,8 +1387,7 @@ handle_newline:
4428 + put_tty_queue(c, ldata);
4429 + ldata->canon_head = ldata->read_head;
4430 + kill_fasync(&tty->fasync, SIGIO, POLL_IN);
4431 +- if (waitqueue_active(&tty->read_wait))
4432 +- wake_up_interruptible_poll(&tty->read_wait, POLLIN);
4433 ++ wake_up_interruptible_poll(&tty->read_wait, POLLIN);
4434 + return 0;
4435 + }
4436 + }
4437 +@@ -1671,8 +1670,7 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
4438 + if ((!ldata->icanon && (read_cnt(ldata) >= ldata->minimum_to_wake)) ||
4439 + L_EXTPROC(tty)) {
4440 + kill_fasync(&tty->fasync, SIGIO, POLL_IN);
4441 +- if (waitqueue_active(&tty->read_wait))
4442 +- wake_up_interruptible_poll(&tty->read_wait, POLLIN);
4443 ++ wake_up_interruptible_poll(&tty->read_wait, POLLIN);
4444 + }
4445 + }
4446 +
4447 +@@ -1891,10 +1889,8 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
4448 + }
4449 +
4450 + /* The termios change make the tty ready for I/O */
4451 +- if (waitqueue_active(&tty->write_wait))
4452 +- wake_up_interruptible(&tty->write_wait);
4453 +- if (waitqueue_active(&tty->read_wait))
4454 +- wake_up_interruptible(&tty->read_wait);
4455 ++ wake_up_interruptible(&tty->write_wait);
4456 ++ wake_up_interruptible(&tty->read_wait);
4457 + }
4458 +
4459 + /**
4460 +diff --git a/drivers/tty/serial/8250/8250_pnp.c b/drivers/tty/serial/8250/8250_pnp.c
4461 +index 682a2fbe5c06..2b22cc1e57a2 100644
4462 +--- a/drivers/tty/serial/8250/8250_pnp.c
4463 ++++ b/drivers/tty/serial/8250/8250_pnp.c
4464 +@@ -364,6 +364,11 @@ static const struct pnp_device_id pnp_dev_table[] = {
4465 + /* Winbond CIR port, should not be probed. We should keep track
4466 + of it to prevent the legacy serial driver from probing it */
4467 + { "WEC1022", CIR_PORT },
4468 ++ /*
4469 ++ * SMSC IrCC SIR/FIR port, should not be probed by serial driver
4470 ++ * as well so its own driver can bind to it.
4471 ++ */
4472 ++ { "SMCF010", CIR_PORT },
4473 + { "", 0 }
4474 + };
4475 +
4476 +diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
4477 +index c42bf8da56db..7b362870277e 100644
4478 +--- a/drivers/usb/chipidea/udc.c
4479 ++++ b/drivers/usb/chipidea/udc.c
4480 +@@ -638,6 +638,44 @@ __acquires(hwep->lock)
4481 + return 0;
4482 + }
4483 +
4484 ++static int _ep_set_halt(struct usb_ep *ep, int value, bool check_transfer)
4485 ++{
4486 ++ struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
4487 ++ int direction, retval = 0;
4488 ++ unsigned long flags;
4489 ++
4490 ++ if (ep == NULL || hwep->ep.desc == NULL)
4491 ++ return -EINVAL;
4492 ++
4493 ++ if (usb_endpoint_xfer_isoc(hwep->ep.desc))
4494 ++ return -EOPNOTSUPP;
4495 ++
4496 ++ spin_lock_irqsave(hwep->lock, flags);
4497 ++
4498 ++ if (value && hwep->dir == TX && check_transfer &&
4499 ++ !list_empty(&hwep->qh.queue) &&
4500 ++ !usb_endpoint_xfer_control(hwep->ep.desc)) {
4501 ++ spin_unlock_irqrestore(hwep->lock, flags);
4502 ++ return -EAGAIN;
4503 ++ }
4504 ++
4505 ++ direction = hwep->dir;
4506 ++ do {
4507 ++ retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
4508 ++
4509 ++ if (!value)
4510 ++ hwep->wedge = 0;
4511 ++
4512 ++ if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
4513 ++ hwep->dir = (hwep->dir == TX) ? RX : TX;
4514 ++
4515 ++ } while (hwep->dir != direction);
4516 ++
4517 ++ spin_unlock_irqrestore(hwep->lock, flags);
4518 ++ return retval;
4519 ++}
4520 ++
4521 ++
4522 + /**
4523 + * _gadget_stop_activity: stops all USB activity, flushes & disables all endpts
4524 + * @gadget: gadget
4525 +@@ -1037,7 +1075,7 @@ __acquires(ci->lock)
4526 + num += ci->hw_ep_max / 2;
4527 +
4528 + spin_unlock(&ci->lock);
4529 +- err = usb_ep_set_halt(&ci->ci_hw_ep[num].ep);
4530 ++ err = _ep_set_halt(&ci->ci_hw_ep[num].ep, 1, false);
4531 + spin_lock(&ci->lock);
4532 + if (!err)
4533 + isr_setup_status_phase(ci);
4534 +@@ -1096,8 +1134,8 @@ delegate:
4535 +
4536 + if (err < 0) {
4537 + spin_unlock(&ci->lock);
4538 +- if (usb_ep_set_halt(&hwep->ep))
4539 +- dev_err(ci->dev, "error: ep_set_halt\n");
4540 ++ if (_ep_set_halt(&hwep->ep, 1, false))
4541 ++ dev_err(ci->dev, "error: _ep_set_halt\n");
4542 + spin_lock(&ci->lock);
4543 + }
4544 + }
4545 +@@ -1128,9 +1166,9 @@ __acquires(ci->lock)
4546 + err = isr_setup_status_phase(ci);
4547 + if (err < 0) {
4548 + spin_unlock(&ci->lock);
4549 +- if (usb_ep_set_halt(&hwep->ep))
4550 ++ if (_ep_set_halt(&hwep->ep, 1, false))
4551 + dev_err(ci->dev,
4552 +- "error: ep_set_halt\n");
4553 ++ "error: _ep_set_halt\n");
4554 + spin_lock(&ci->lock);
4555 + }
4556 + }
4557 +@@ -1373,41 +1411,7 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req)
4558 + */
4559 + static int ep_set_halt(struct usb_ep *ep, int value)
4560 + {
4561 +- struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
4562 +- int direction, retval = 0;
4563 +- unsigned long flags;
4564 +-
4565 +- if (ep == NULL || hwep->ep.desc == NULL)
4566 +- return -EINVAL;
4567 +-
4568 +- if (usb_endpoint_xfer_isoc(hwep->ep.desc))
4569 +- return -EOPNOTSUPP;
4570 +-
4571 +- spin_lock_irqsave(hwep->lock, flags);
4572 +-
4573 +-#ifndef STALL_IN
4574 +- /* g_file_storage MS compliant but g_zero fails chapter 9 compliance */
4575 +- if (value && hwep->type == USB_ENDPOINT_XFER_BULK && hwep->dir == TX &&
4576 +- !list_empty(&hwep->qh.queue)) {
4577 +- spin_unlock_irqrestore(hwep->lock, flags);
4578 +- return -EAGAIN;
4579 +- }
4580 +-#endif
4581 +-
4582 +- direction = hwep->dir;
4583 +- do {
4584 +- retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
4585 +-
4586 +- if (!value)
4587 +- hwep->wedge = 0;
4588 +-
4589 +- if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
4590 +- hwep->dir = (hwep->dir == TX) ? RX : TX;
4591 +-
4592 +- } while (hwep->dir != direction);
4593 +-
4594 +- spin_unlock_irqrestore(hwep->lock, flags);
4595 +- return retval;
4596 ++ return _ep_set_halt(ep, value, true);
4597 + }
4598 +
4599 + /**
4600 +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
4601 +index b2a540b43f97..b9ddf0c1ffe5 100644
4602 +--- a/drivers/usb/core/config.c
4603 ++++ b/drivers/usb/core/config.c
4604 +@@ -112,7 +112,7 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
4605 + cfgno, inum, asnum, ep->desc.bEndpointAddress);
4606 + ep->ss_ep_comp.bmAttributes = 16;
4607 + } else if (usb_endpoint_xfer_isoc(&ep->desc) &&
4608 +- desc->bmAttributes > 2) {
4609 ++ USB_SS_MULT(desc->bmAttributes) > 3) {
4610 + dev_warn(ddev, "Isoc endpoint has Mult of %d in "
4611 + "config %d interface %d altsetting %d ep %d: "
4612 + "setting to 3\n", desc->bmAttributes + 1,
4613 +@@ -121,7 +121,8 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno,
4614 + }
4615 +
4616 + if (usb_endpoint_xfer_isoc(&ep->desc))
4617 +- max_tx = (desc->bMaxBurst + 1) * (desc->bmAttributes + 1) *
4618 ++ max_tx = (desc->bMaxBurst + 1) *
4619 ++ (USB_SS_MULT(desc->bmAttributes)) *
4620 + usb_endpoint_maxp(&ep->desc);
4621 + else if (usb_endpoint_xfer_int(&ep->desc))
4622 + max_tx = usb_endpoint_maxp(&ep->desc) *
4623 +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
4624 +index 41e510ae8c83..8a77a417ccfd 100644
4625 +--- a/drivers/usb/core/quirks.c
4626 ++++ b/drivers/usb/core/quirks.c
4627 +@@ -54,6 +54,13 @@ static const struct usb_device_id usb_quirk_list[] = {
4628 + { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT },
4629 + { USB_DEVICE(0x046d, 0x0843), .driver_info = USB_QUIRK_DELAY_INIT },
4630 +
4631 ++ /* Logitech ConferenceCam CC3000e */
4632 ++ { USB_DEVICE(0x046d, 0x0847), .driver_info = USB_QUIRK_DELAY_INIT },
4633 ++ { USB_DEVICE(0x046d, 0x0848), .driver_info = USB_QUIRK_DELAY_INIT },
4634 ++
4635 ++ /* Logitech PTZ Pro Camera */
4636 ++ { USB_DEVICE(0x046d, 0x0853), .driver_info = USB_QUIRK_DELAY_INIT },
4637 ++
4638 + /* Logitech Quickcam Fusion */
4639 + { USB_DEVICE(0x046d, 0x08c1), .driver_info = USB_QUIRK_RESET_RESUME },
4640 +
4641 +@@ -78,6 +85,12 @@ static const struct usb_device_id usb_quirk_list[] = {
4642 + /* Philips PSC805 audio device */
4643 + { USB_DEVICE(0x0471, 0x0155), .driver_info = USB_QUIRK_RESET_RESUME },
4644 +
4645 ++ /* Plantronic Audio 655 DSP */
4646 ++ { USB_DEVICE(0x047f, 0xc008), .driver_info = USB_QUIRK_RESET_RESUME },
4647 ++
4648 ++ /* Plantronic Audio 648 USB */
4649 ++ { USB_DEVICE(0x047f, 0xc013), .driver_info = USB_QUIRK_RESET_RESUME },
4650 ++
4651 + /* Artisman Watchdog Dongle */
4652 + { USB_DEVICE(0x04b4, 0x0526), .driver_info =
4653 + USB_QUIRK_CONFIG_INTF_STRINGS },
4654 +diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c
4655 +index bdc995da3420..1c1525b0a1fb 100644
4656 +--- a/drivers/usb/dwc3/ep0.c
4657 ++++ b/drivers/usb/dwc3/ep0.c
4658 +@@ -818,6 +818,11 @@ static void dwc3_ep0_complete_data(struct dwc3 *dwc,
4659 + unsigned maxp = ep0->endpoint.maxpacket;
4660 +
4661 + transfer_size += (maxp - (transfer_size % maxp));
4662 ++
4663 ++ /* Maximum of DWC3_EP0_BOUNCE_SIZE can only be received */
4664 ++ if (transfer_size > DWC3_EP0_BOUNCE_SIZE)
4665 ++ transfer_size = DWC3_EP0_BOUNCE_SIZE;
4666 ++
4667 + transferred = min_t(u32, ur->length,
4668 + transfer_size - length);
4669 + memcpy(ur->buf, dwc->ep0_bounce, transferred);
4670 +@@ -937,11 +942,14 @@ static void __dwc3_ep0_do_control_data(struct dwc3 *dwc,
4671 + return;
4672 + }
4673 +
4674 +- WARN_ON(req->request.length > DWC3_EP0_BOUNCE_SIZE);
4675 +-
4676 + maxpacket = dep->endpoint.maxpacket;
4677 + transfer_size = roundup(req->request.length, maxpacket);
4678 +
4679 ++ if (transfer_size > DWC3_EP0_BOUNCE_SIZE) {
4680 ++ dev_WARN(dwc->dev, "bounce buf can't handle req len\n");
4681 ++ transfer_size = DWC3_EP0_BOUNCE_SIZE;
4682 ++ }
4683 ++
4684 + dwc->ep0_bounced = true;
4685 +
4686 + /*
4687 +diff --git a/drivers/usb/host/ehci-sysfs.c b/drivers/usb/host/ehci-sysfs.c
4688 +index f6459dfb6f54..94054dad7710 100644
4689 +--- a/drivers/usb/host/ehci-sysfs.c
4690 ++++ b/drivers/usb/host/ehci-sysfs.c
4691 +@@ -29,7 +29,7 @@ static ssize_t show_companion(struct device *dev,
4692 + int count = PAGE_SIZE;
4693 + char *ptr = buf;
4694 +
4695 +- ehci = hcd_to_ehci(bus_to_hcd(dev_get_drvdata(dev)));
4696 ++ ehci = hcd_to_ehci(dev_get_drvdata(dev));
4697 + nports = HCS_N_PORTS(ehci->hcs_params);
4698 +
4699 + for (index = 0; index < nports; ++index) {
4700 +@@ -54,7 +54,7 @@ static ssize_t store_companion(struct device *dev,
4701 + struct ehci_hcd *ehci;
4702 + int portnum, new_owner;
4703 +
4704 +- ehci = hcd_to_ehci(bus_to_hcd(dev_get_drvdata(dev)));
4705 ++ ehci = hcd_to_ehci(dev_get_drvdata(dev));
4706 + new_owner = PORT_OWNER; /* Owned by companion */
4707 + if (sscanf(buf, "%d", &portnum) != 1)
4708 + return -EINVAL;
4709 +@@ -85,7 +85,7 @@ static ssize_t show_uframe_periodic_max(struct device *dev,
4710 + struct ehci_hcd *ehci;
4711 + int n;
4712 +
4713 +- ehci = hcd_to_ehci(bus_to_hcd(dev_get_drvdata(dev)));
4714 ++ ehci = hcd_to_ehci(dev_get_drvdata(dev));
4715 + n = scnprintf(buf, PAGE_SIZE, "%d\n", ehci->uframe_periodic_max);
4716 + return n;
4717 + }
4718 +@@ -101,7 +101,7 @@ static ssize_t store_uframe_periodic_max(struct device *dev,
4719 + unsigned long flags;
4720 + ssize_t ret;
4721 +
4722 +- ehci = hcd_to_ehci(bus_to_hcd(dev_get_drvdata(dev)));
4723 ++ ehci = hcd_to_ehci(dev_get_drvdata(dev));
4724 + if (kstrtouint(buf, 0, &uframe_periodic_max) < 0)
4725 + return -EINVAL;
4726 +
4727 +diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
4728 +index d44c904df055..ce3087bd95d2 100644
4729 +--- a/drivers/usb/host/xhci-mem.c
4730 ++++ b/drivers/usb/host/xhci-mem.c
4731 +@@ -1502,10 +1502,10 @@ int xhci_endpoint_init(struct xhci_hcd *xhci,
4732 + * use Event Data TRBs, and we don't chain in a link TRB on short
4733 + * transfers, we're basically dividing by 1.
4734 + *
4735 +- * xHCI 1.0 specification indicates that the Average TRB Length should
4736 +- * be set to 8 for control endpoints.
4737 ++ * xHCI 1.0 and 1.1 specification indicates that the Average TRB Length
4738 ++ * should be set to 8 for control endpoints.
4739 + */
4740 +- if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version == 0x100)
4741 ++ if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version >= 0x100)
4742 + ep_ctx->tx_info |= cpu_to_le32(AVG_TRB_LENGTH_FOR_EP(8));
4743 + else
4744 + ep_ctx->tx_info |=
4745 +@@ -1796,8 +1796,7 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci)
4746 + int size;
4747 + int i, j, num_ports;
4748 +
4749 +- if (timer_pending(&xhci->cmd_timer))
4750 +- del_timer_sync(&xhci->cmd_timer);
4751 ++ del_timer_sync(&xhci->cmd_timer);
4752 +
4753 + /* Free the Event Ring Segment Table and the actual Event Ring */
4754 + size = sizeof(struct xhci_erst_entry)*(xhci->erst.num_entries);
4755 +@@ -2325,6 +2324,10 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
4756 +
4757 + INIT_LIST_HEAD(&xhci->cmd_list);
4758 +
4759 ++ /* init command timeout timer */
4760 ++ setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout,
4761 ++ (unsigned long)xhci);
4762 ++
4763 + page_size = readl(&xhci->op_regs->page_size);
4764 + xhci_dbg_trace(xhci, trace_xhci_dbg_init,
4765 + "Supported page size register = 0x%x", page_size);
4766 +@@ -2509,11 +2512,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
4767 + "Wrote ERST address to ir_set 0.");
4768 + xhci_print_ir_set(xhci, 0);
4769 +
4770 +- /* init command timeout timer */
4771 +- init_timer(&xhci->cmd_timer);
4772 +- xhci->cmd_timer.data = (unsigned long) xhci;
4773 +- xhci->cmd_timer.function = xhci_handle_command_timeout;
4774 +-
4775 + /*
4776 + * XXX: Might need to set the Interrupter Moderation Register to
4777 + * something other than the default (~1ms minimum between interrupts).
4778 +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
4779 +index c70291cffc27..136259bc93b8 100644
4780 +--- a/drivers/usb/host/xhci-ring.c
4781 ++++ b/drivers/usb/host/xhci-ring.c
4782 +@@ -3049,9 +3049,11 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4783 + struct xhci_td *td;
4784 + struct scatterlist *sg;
4785 + int num_sgs;
4786 +- int trb_buff_len, this_sg_len, running_total;
4787 ++ int trb_buff_len, this_sg_len, running_total, ret;
4788 + unsigned int total_packet_count;
4789 ++ bool zero_length_needed;
4790 + bool first_trb;
4791 ++ int last_trb_num;
4792 + u64 addr;
4793 + bool more_trbs_coming;
4794 +
4795 +@@ -3067,13 +3069,27 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4796 + total_packet_count = DIV_ROUND_UP(urb->transfer_buffer_length,
4797 + usb_endpoint_maxp(&urb->ep->desc));
4798 +
4799 +- trb_buff_len = prepare_transfer(xhci, xhci->devs[slot_id],
4800 ++ ret = prepare_transfer(xhci, xhci->devs[slot_id],
4801 + ep_index, urb->stream_id,
4802 + num_trbs, urb, 0, mem_flags);
4803 +- if (trb_buff_len < 0)
4804 +- return trb_buff_len;
4805 ++ if (ret < 0)
4806 ++ return ret;
4807 +
4808 + urb_priv = urb->hcpriv;
4809 ++
4810 ++ /* Deal with URB_ZERO_PACKET - need one more td/trb */
4811 ++ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET &&
4812 ++ urb_priv->length == 2;
4813 ++ if (zero_length_needed) {
4814 ++ num_trbs++;
4815 ++ xhci_dbg(xhci, "Creating zero length td.\n");
4816 ++ ret = prepare_transfer(xhci, xhci->devs[slot_id],
4817 ++ ep_index, urb->stream_id,
4818 ++ 1, urb, 1, mem_flags);
4819 ++ if (ret < 0)
4820 ++ return ret;
4821 ++ }
4822 ++
4823 + td = urb_priv->td[0];
4824 +
4825 + /*
4826 +@@ -3103,6 +3119,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4827 + trb_buff_len = urb->transfer_buffer_length;
4828 +
4829 + first_trb = true;
4830 ++ last_trb_num = zero_length_needed ? 2 : 1;
4831 + /* Queue the first TRB, even if it's zero-length */
4832 + do {
4833 + u32 field = 0;
4834 +@@ -3120,12 +3137,15 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4835 + /* Chain all the TRBs together; clear the chain bit in the last
4836 + * TRB to indicate it's the last TRB in the chain.
4837 + */
4838 +- if (num_trbs > 1) {
4839 ++ if (num_trbs > last_trb_num) {
4840 + field |= TRB_CHAIN;
4841 +- } else {
4842 +- /* FIXME - add check for ZERO_PACKET flag before this */
4843 ++ } else if (num_trbs == last_trb_num) {
4844 + td->last_trb = ep_ring->enqueue;
4845 + field |= TRB_IOC;
4846 ++ } else if (zero_length_needed && num_trbs == 1) {
4847 ++ trb_buff_len = 0;
4848 ++ urb_priv->td[1]->last_trb = ep_ring->enqueue;
4849 ++ field |= TRB_IOC;
4850 + }
4851 +
4852 + /* Only set interrupt on short packet for IN endpoints */
4853 +@@ -3187,7 +3207,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4854 + if (running_total + trb_buff_len > urb->transfer_buffer_length)
4855 + trb_buff_len =
4856 + urb->transfer_buffer_length - running_total;
4857 +- } while (running_total < urb->transfer_buffer_length);
4858 ++ } while (num_trbs > 0);
4859 +
4860 + check_trb_math(urb, num_trbs, running_total);
4861 + giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id,
4862 +@@ -3205,7 +3225,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4863 + int num_trbs;
4864 + struct xhci_generic_trb *start_trb;
4865 + bool first_trb;
4866 ++ int last_trb_num;
4867 + bool more_trbs_coming;
4868 ++ bool zero_length_needed;
4869 + int start_cycle;
4870 + u32 field, length_field;
4871 +
4872 +@@ -3236,7 +3258,6 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4873 + num_trbs++;
4874 + running_total += TRB_MAX_BUFF_SIZE;
4875 + }
4876 +- /* FIXME: this doesn't deal with URB_ZERO_PACKET - need one more */
4877 +
4878 + ret = prepare_transfer(xhci, xhci->devs[slot_id],
4879 + ep_index, urb->stream_id,
4880 +@@ -3245,6 +3266,20 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4881 + return ret;
4882 +
4883 + urb_priv = urb->hcpriv;
4884 ++
4885 ++ /* Deal with URB_ZERO_PACKET - need one more td/trb */
4886 ++ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET &&
4887 ++ urb_priv->length == 2;
4888 ++ if (zero_length_needed) {
4889 ++ num_trbs++;
4890 ++ xhci_dbg(xhci, "Creating zero length td.\n");
4891 ++ ret = prepare_transfer(xhci, xhci->devs[slot_id],
4892 ++ ep_index, urb->stream_id,
4893 ++ 1, urb, 1, mem_flags);
4894 ++ if (ret < 0)
4895 ++ return ret;
4896 ++ }
4897 ++
4898 + td = urb_priv->td[0];
4899 +
4900 + /*
4901 +@@ -3266,7 +3301,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4902 + trb_buff_len = urb->transfer_buffer_length;
4903 +
4904 + first_trb = true;
4905 +-
4906 ++ last_trb_num = zero_length_needed ? 2 : 1;
4907 + /* Queue the first TRB, even if it's zero-length */
4908 + do {
4909 + u32 remainder = 0;
4910 +@@ -3283,12 +3318,15 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4911 + /* Chain all the TRBs together; clear the chain bit in the last
4912 + * TRB to indicate it's the last TRB in the chain.
4913 + */
4914 +- if (num_trbs > 1) {
4915 ++ if (num_trbs > last_trb_num) {
4916 + field |= TRB_CHAIN;
4917 +- } else {
4918 +- /* FIXME - add check for ZERO_PACKET flag before this */
4919 ++ } else if (num_trbs == last_trb_num) {
4920 + td->last_trb = ep_ring->enqueue;
4921 + field |= TRB_IOC;
4922 ++ } else if (zero_length_needed && num_trbs == 1) {
4923 ++ trb_buff_len = 0;
4924 ++ urb_priv->td[1]->last_trb = ep_ring->enqueue;
4925 ++ field |= TRB_IOC;
4926 + }
4927 +
4928 + /* Only set interrupt on short packet for IN endpoints */
4929 +@@ -3326,7 +3364,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4930 + trb_buff_len = urb->transfer_buffer_length - running_total;
4931 + if (trb_buff_len > TRB_MAX_BUFF_SIZE)
4932 + trb_buff_len = TRB_MAX_BUFF_SIZE;
4933 +- } while (running_total < urb->transfer_buffer_length);
4934 ++ } while (num_trbs > 0);
4935 +
4936 + check_trb_math(urb, num_trbs, running_total);
4937 + giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id,
4938 +@@ -3393,8 +3431,8 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
4939 + if (start_cycle == 0)
4940 + field |= 0x1;
4941 +
4942 +- /* xHCI 1.0 6.4.1.2.1: Transfer Type field */
4943 +- if (xhci->hci_version == 0x100) {
4944 ++ /* xHCI 1.0/1.1 6.4.1.2.1: Transfer Type field */
4945 ++ if (xhci->hci_version >= 0x100) {
4946 + if (urb->transfer_buffer_length > 0) {
4947 + if (setup->bRequestType & USB_DIR_IN)
4948 + field |= TRB_TX_TYPE(TRB_DATA_IN);
4949 +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
4950 +index 8e5f46082316..98380fa68fbf 100644
4951 +--- a/drivers/usb/host/xhci.c
4952 ++++ b/drivers/usb/host/xhci.c
4953 +@@ -147,7 +147,8 @@ static int xhci_start(struct xhci_hcd *xhci)
4954 + "waited %u microseconds.\n",
4955 + XHCI_MAX_HALT_USEC);
4956 + if (!ret)
4957 +- xhci->xhc_state &= ~XHCI_STATE_HALTED;
4958 ++ xhci->xhc_state &= ~(XHCI_STATE_HALTED | XHCI_STATE_DYING);
4959 ++
4960 + return ret;
4961 + }
4962 +
4963 +@@ -1343,6 +1344,11 @@ int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flags)
4964 +
4965 + if (usb_endpoint_xfer_isoc(&urb->ep->desc))
4966 + size = urb->number_of_packets;
4967 ++ else if (usb_endpoint_is_bulk_out(&urb->ep->desc) &&
4968 ++ urb->transfer_buffer_length > 0 &&
4969 ++ urb->transfer_flags & URB_ZERO_PACKET &&
4970 ++ !(urb->transfer_buffer_length % usb_endpoint_maxp(&urb->ep->desc)))
4971 ++ size = 2;
4972 + else
4973 + size = 1;
4974 +
4975 +@@ -3787,6 +3793,9 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
4976 + u64 temp_64;
4977 + struct xhci_command *command;
4978 +
4979 ++ if (xhci->xhc_state) /* dying or halted */
4980 ++ return -EINVAL;
4981 ++
4982 + if (!udev->slot_id) {
4983 + xhci_dbg_trace(xhci, trace_xhci_dbg_address,
4984 + "Bad Slot ID %d", udev->slot_id);
4985 +diff --git a/drivers/usb/musb/musb_cppi41.c b/drivers/usb/musb/musb_cppi41.c
4986 +index 5a9b977fbc19..d59b232614d5 100644
4987 +--- a/drivers/usb/musb/musb_cppi41.c
4988 ++++ b/drivers/usb/musb/musb_cppi41.c
4989 +@@ -600,7 +600,7 @@ static int cppi41_dma_controller_start(struct cppi41_dma_controller *controller)
4990 + {
4991 + struct musb *musb = controller->musb;
4992 + struct device *dev = musb->controller;
4993 +- struct device_node *np = dev->of_node;
4994 ++ struct device_node *np = dev->parent->of_node;
4995 + struct cppi41_dma_channel *cppi41_channel;
4996 + int count;
4997 + int i;
4998 +@@ -650,7 +650,7 @@ static int cppi41_dma_controller_start(struct cppi41_dma_controller *controller)
4999 + musb_dma->status = MUSB_DMA_STATUS_FREE;
5000 + musb_dma->max_len = SZ_4M;
5001 +
5002 +- dc = dma_request_slave_channel(dev, str);
5003 ++ dc = dma_request_slave_channel(dev->parent, str);
5004 + if (!dc) {
5005 + dev_err(dev, "Failed to request %s.\n", str);
5006 + ret = -EPROBE_DEFER;
5007 +@@ -680,7 +680,7 @@ struct dma_controller *dma_controller_create(struct musb *musb,
5008 + struct cppi41_dma_controller *controller;
5009 + int ret = 0;
5010 +
5011 +- if (!musb->controller->of_node) {
5012 ++ if (!musb->controller->parent->of_node) {
5013 + dev_err(musb->controller, "Need DT for the DMA engine.\n");
5014 + return NULL;
5015 + }
5016 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
5017 +index 4c8b3b82103d..a5a0376bbd48 100644
5018 +--- a/drivers/usb/serial/ftdi_sio.c
5019 ++++ b/drivers/usb/serial/ftdi_sio.c
5020 +@@ -605,6 +605,10 @@ static const struct usb_device_id id_table_combined[] = {
5021 + { USB_DEVICE(FTDI_VID, FTDI_NT_ORIONLXM_PID),
5022 + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
5023 + { USB_DEVICE(FTDI_VID, FTDI_SYNAPSE_SS200_PID) },
5024 ++ { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX_PID) },
5025 ++ { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX2_PID) },
5026 ++ { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX2WI_PID) },
5027 ++ { USB_DEVICE(FTDI_VID, FTDI_CUSTOMWARE_MINIPLEX3_PID) },
5028 + /*
5029 + * ELV devices:
5030 + */
5031 +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
5032 +index 792e054126de..2943b97b2a83 100644
5033 +--- a/drivers/usb/serial/ftdi_sio_ids.h
5034 ++++ b/drivers/usb/serial/ftdi_sio_ids.h
5035 +@@ -568,6 +568,14 @@
5036 + */
5037 + #define FTDI_SYNAPSE_SS200_PID 0x9090 /* SS200 - SNAP Stick 200 */
5038 +
5039 ++/*
5040 ++ * CustomWare / ShipModul NMEA multiplexers product ids (FTDI_VID)
5041 ++ */
5042 ++#define FTDI_CUSTOMWARE_MINIPLEX_PID 0xfd48 /* MiniPlex first generation NMEA Multiplexer */
5043 ++#define FTDI_CUSTOMWARE_MINIPLEX2_PID 0xfd49 /* MiniPlex-USB and MiniPlex-2 series */
5044 ++#define FTDI_CUSTOMWARE_MINIPLEX2WI_PID 0xfd4a /* MiniPlex-2Wi */
5045 ++#define FTDI_CUSTOMWARE_MINIPLEX3_PID 0xfd4b /* MiniPlex-3 series */
5046 ++
5047 +
5048 + /********************************/
5049 + /** third-party VID/PID combos **/
5050 +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
5051 +index 463feb836f20..17d04d98358c 100644
5052 +--- a/drivers/usb/serial/option.c
5053 ++++ b/drivers/usb/serial/option.c
5054 +@@ -278,6 +278,10 @@ static void option_instat_callback(struct urb *urb);
5055 + #define ZTE_PRODUCT_MF622 0x0001
5056 + #define ZTE_PRODUCT_MF628 0x0015
5057 + #define ZTE_PRODUCT_MF626 0x0031
5058 ++#define ZTE_PRODUCT_ZM8620_X 0x0396
5059 ++#define ZTE_PRODUCT_ME3620_MBIM 0x0426
5060 ++#define ZTE_PRODUCT_ME3620_X 0x1432
5061 ++#define ZTE_PRODUCT_ME3620_L 0x1433
5062 + #define ZTE_PRODUCT_AC2726 0xfff1
5063 + #define ZTE_PRODUCT_MG880 0xfffd
5064 + #define ZTE_PRODUCT_CDMA_TECH 0xfffe
5065 +@@ -552,6 +556,18 @@ static const struct option_blacklist_info zte_mc2716_z_blacklist = {
5066 + .sendsetup = BIT(1) | BIT(2) | BIT(3),
5067 + };
5068 +
5069 ++static const struct option_blacklist_info zte_me3620_mbim_blacklist = {
5070 ++ .reserved = BIT(2) | BIT(3) | BIT(4),
5071 ++};
5072 ++
5073 ++static const struct option_blacklist_info zte_me3620_xl_blacklist = {
5074 ++ .reserved = BIT(3) | BIT(4) | BIT(5),
5075 ++};
5076 ++
5077 ++static const struct option_blacklist_info zte_zm8620_x_blacklist = {
5078 ++ .reserved = BIT(3) | BIT(4) | BIT(5),
5079 ++};
5080 ++
5081 + static const struct option_blacklist_info huawei_cdc12_blacklist = {
5082 + .reserved = BIT(1) | BIT(2),
5083 + };
5084 +@@ -1599,6 +1615,14 @@ static const struct usb_device_id option_ids[] = {
5085 + .driver_info = (kernel_ulong_t)&zte_ad3812_z_blacklist },
5086 + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MC2716, 0xff, 0xff, 0xff),
5087 + .driver_info = (kernel_ulong_t)&zte_mc2716_z_blacklist },
5088 ++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_L),
5089 ++ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist },
5090 ++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_MBIM),
5091 ++ .driver_info = (kernel_ulong_t)&zte_me3620_mbim_blacklist },
5092 ++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_X),
5093 ++ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist },
5094 ++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ZM8620_X),
5095 ++ .driver_info = (kernel_ulong_t)&zte_zm8620_x_blacklist },
5096 + { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x01) },
5097 + { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x05) },
5098 + { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x86, 0x10) },
5099 +diff --git a/drivers/usb/serial/symbolserial.c b/drivers/usb/serial/symbolserial.c
5100 +index 8fceec7298e0..6ed804450a5a 100644
5101 +--- a/drivers/usb/serial/symbolserial.c
5102 ++++ b/drivers/usb/serial/symbolserial.c
5103 +@@ -94,7 +94,7 @@ exit:
5104 +
5105 + static int symbol_open(struct tty_struct *tty, struct usb_serial_port *port)
5106 + {
5107 +- struct symbol_private *priv = usb_get_serial_data(port->serial);
5108 ++ struct symbol_private *priv = usb_get_serial_port_data(port);
5109 + unsigned long flags;
5110 + int result = 0;
5111 +
5112 +@@ -120,7 +120,7 @@ static void symbol_close(struct usb_serial_port *port)
5113 + static void symbol_throttle(struct tty_struct *tty)
5114 + {
5115 + struct usb_serial_port *port = tty->driver_data;
5116 +- struct symbol_private *priv = usb_get_serial_data(port->serial);
5117 ++ struct symbol_private *priv = usb_get_serial_port_data(port);
5118 +
5119 + spin_lock_irq(&priv->lock);
5120 + priv->throttled = true;
5121 +@@ -130,7 +130,7 @@ static void symbol_throttle(struct tty_struct *tty)
5122 + static void symbol_unthrottle(struct tty_struct *tty)
5123 + {
5124 + struct usb_serial_port *port = tty->driver_data;
5125 +- struct symbol_private *priv = usb_get_serial_data(port->serial);
5126 ++ struct symbol_private *priv = usb_get_serial_port_data(port);
5127 + int result;
5128 + bool was_throttled;
5129 +
5130 +diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
5131 +index 6c3734d2b45a..d3ea90bef84d 100644
5132 +--- a/drivers/usb/serial/whiteheat.c
5133 ++++ b/drivers/usb/serial/whiteheat.c
5134 +@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(struct usb_serial *serial,
5135 + static int whiteheat_firmware_attach(struct usb_serial *serial);
5136 +
5137 + /* function prototypes for the Connect Tech WhiteHEAT serial converter */
5138 ++static int whiteheat_probe(struct usb_serial *serial,
5139 ++ const struct usb_device_id *id);
5140 + static int whiteheat_attach(struct usb_serial *serial);
5141 + static void whiteheat_release(struct usb_serial *serial);
5142 + static int whiteheat_port_probe(struct usb_serial_port *port);
5143 +@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = {
5144 + .description = "Connect Tech - WhiteHEAT",
5145 + .id_table = id_table_std,
5146 + .num_ports = 4,
5147 ++ .probe = whiteheat_probe,
5148 + .attach = whiteheat_attach,
5149 + .release = whiteheat_release,
5150 + .port_probe = whiteheat_port_probe,
5151 +@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
5152 + /*****************************************************************************
5153 + * Connect Tech's White Heat serial driver functions
5154 + *****************************************************************************/
5155 ++
5156 ++static int whiteheat_probe(struct usb_serial *serial,
5157 ++ const struct usb_device_id *id)
5158 ++{
5159 ++ struct usb_host_interface *iface_desc;
5160 ++ struct usb_endpoint_descriptor *endpoint;
5161 ++ size_t num_bulk_in = 0;
5162 ++ size_t num_bulk_out = 0;
5163 ++ size_t min_num_bulk;
5164 ++ unsigned int i;
5165 ++
5166 ++ iface_desc = serial->interface->cur_altsetting;
5167 ++
5168 ++ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
5169 ++ endpoint = &iface_desc->endpoint[i].desc;
5170 ++ if (usb_endpoint_is_bulk_in(endpoint))
5171 ++ ++num_bulk_in;
5172 ++ if (usb_endpoint_is_bulk_out(endpoint))
5173 ++ ++num_bulk_out;
5174 ++ }
5175 ++
5176 ++ min_num_bulk = COMMAND_PORT + 1;
5177 ++ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
5178 ++ return -ENODEV;
5179 ++
5180 ++ return 0;
5181 ++}
5182 ++
5183 + static int whiteheat_attach(struct usb_serial *serial)
5184 + {
5185 + struct usb_serial_port *command_port;
5186 +diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
5187 +index c7bf606a8706..a5f88377cec5 100644
5188 +--- a/drivers/video/fbdev/Kconfig
5189 ++++ b/drivers/video/fbdev/Kconfig
5190 +@@ -298,7 +298,7 @@ config FB_ARMCLCD
5191 +
5192 + # Helper logic selected only by the ARM Versatile platform family.
5193 + config PLAT_VERSATILE_CLCD
5194 +- def_bool ARCH_VERSATILE || ARCH_REALVIEW || ARCH_VEXPRESS
5195 ++ def_bool ARCH_VERSATILE || ARCH_REALVIEW || ARCH_VEXPRESS || ARCH_INTEGRATOR
5196 + depends on ARM
5197 + depends on FB_ARMCLCD && FB=y
5198 +
5199 +diff --git a/drivers/watchdog/sunxi_wdt.c b/drivers/watchdog/sunxi_wdt.c
5200 +index b62301e74e5f..a9b37bdac5d3 100644
5201 +--- a/drivers/watchdog/sunxi_wdt.c
5202 ++++ b/drivers/watchdog/sunxi_wdt.c
5203 +@@ -184,7 +184,7 @@ static int sunxi_wdt_start(struct watchdog_device *wdt_dev)
5204 + /* Set system reset function */
5205 + reg = readl(wdt_base + regs->wdt_cfg);
5206 + reg &= ~(regs->wdt_reset_mask);
5207 +- reg |= ~(regs->wdt_reset_val);
5208 ++ reg |= regs->wdt_reset_val;
5209 + writel(reg, wdt_base + regs->wdt_cfg);
5210 +
5211 + /* Enable watchdog */
5212 +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
5213 +index 02391f3eb9b0..cb239ddae5c9 100644
5214 +--- a/fs/btrfs/extent_io.c
5215 ++++ b/fs/btrfs/extent_io.c
5216 +@@ -2767,7 +2767,8 @@ static int submit_extent_page(int rw, struct extent_io_tree *tree,
5217 + bio_end_io_t end_io_func,
5218 + int mirror_num,
5219 + unsigned long prev_bio_flags,
5220 +- unsigned long bio_flags)
5221 ++ unsigned long bio_flags,
5222 ++ bool force_bio_submit)
5223 + {
5224 + int ret = 0;
5225 + struct bio *bio;
5226 +@@ -2785,6 +2786,7 @@ static int submit_extent_page(int rw, struct extent_io_tree *tree,
5227 + contig = bio_end_sector(bio) == sector;
5228 +
5229 + if (prev_bio_flags != bio_flags || !contig ||
5230 ++ force_bio_submit ||
5231 + merge_bio(rw, tree, page, offset, page_size, bio, bio_flags) ||
5232 + bio_add_page(bio, page, page_size, offset) < page_size) {
5233 + ret = submit_one_bio(rw, bio, mirror_num,
5234 +@@ -2876,7 +2878,8 @@ static int __do_readpage(struct extent_io_tree *tree,
5235 + get_extent_t *get_extent,
5236 + struct extent_map **em_cached,
5237 + struct bio **bio, int mirror_num,
5238 +- unsigned long *bio_flags, int rw)
5239 ++ unsigned long *bio_flags, int rw,
5240 ++ u64 *prev_em_start)
5241 + {
5242 + struct inode *inode = page->mapping->host;
5243 + u64 start = page_offset(page);
5244 +@@ -2924,6 +2927,7 @@ static int __do_readpage(struct extent_io_tree *tree,
5245 + }
5246 + while (cur <= end) {
5247 + unsigned long pnr = (last_byte >> PAGE_CACHE_SHIFT) + 1;
5248 ++ bool force_bio_submit = false;
5249 +
5250 + if (cur >= last_byte) {
5251 + char *userpage;
5252 +@@ -2974,6 +2978,49 @@ static int __do_readpage(struct extent_io_tree *tree,
5253 + block_start = em->block_start;
5254 + if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags))
5255 + block_start = EXTENT_MAP_HOLE;
5256 ++
5257 ++ /*
5258 ++ * If we have a file range that points to a compressed extent
5259 ++ * and it's followed by a consecutive file range that points to
5260 ++ * to the same compressed extent (possibly with a different
5261 ++ * offset and/or length, so it either points to the whole extent
5262 ++ * or only part of it), we must make sure we do not submit a
5263 ++ * single bio to populate the pages for the 2 ranges because
5264 ++ * this makes the compressed extent read zero out the pages
5265 ++ * belonging to the 2nd range. Imagine the following scenario:
5266 ++ *
5267 ++ * File layout
5268 ++ * [0 - 8K] [8K - 24K]
5269 ++ * | |
5270 ++ * | |
5271 ++ * points to extent X, points to extent X,
5272 ++ * offset 4K, length of 8K offset 0, length 16K
5273 ++ *
5274 ++ * [extent X, compressed length = 4K uncompressed length = 16K]
5275 ++ *
5276 ++ * If the bio to read the compressed extent covers both ranges,
5277 ++ * it will decompress extent X into the pages belonging to the
5278 ++ * first range and then it will stop, zeroing out the remaining
5279 ++ * pages that belong to the other range that points to extent X.
5280 ++ * So here we make sure we submit 2 bios, one for the first
5281 ++ * range and another one for the third range. Both will target
5282 ++ * the same physical extent from disk, but we can't currently
5283 ++ * make the compressed bio endio callback populate the pages
5284 ++ * for both ranges because each compressed bio is tightly
5285 ++ * coupled with a single extent map, and each range can have
5286 ++ * an extent map with a different offset value relative to the
5287 ++ * uncompressed data of our extent and different lengths. This
5288 ++ * is a corner case so we prioritize correctness over
5289 ++ * non-optimal behavior (submitting 2 bios for the same extent).
5290 ++ */
5291 ++ if (test_bit(EXTENT_FLAG_COMPRESSED, &em->flags) &&
5292 ++ prev_em_start && *prev_em_start != (u64)-1 &&
5293 ++ *prev_em_start != em->orig_start)
5294 ++ force_bio_submit = true;
5295 ++
5296 ++ if (prev_em_start)
5297 ++ *prev_em_start = em->orig_start;
5298 ++
5299 + free_extent_map(em);
5300 + em = NULL;
5301 +
5302 +@@ -3023,7 +3070,8 @@ static int __do_readpage(struct extent_io_tree *tree,
5303 + bdev, bio, pnr,
5304 + end_bio_extent_readpage, mirror_num,
5305 + *bio_flags,
5306 +- this_bio_flag);
5307 ++ this_bio_flag,
5308 ++ force_bio_submit);
5309 + if (!ret) {
5310 + nr++;
5311 + *bio_flags = this_bio_flag;
5312 +@@ -3050,7 +3098,8 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree,
5313 + get_extent_t *get_extent,
5314 + struct extent_map **em_cached,
5315 + struct bio **bio, int mirror_num,
5316 +- unsigned long *bio_flags, int rw)
5317 ++ unsigned long *bio_flags, int rw,
5318 ++ u64 *prev_em_start)
5319 + {
5320 + struct inode *inode;
5321 + struct btrfs_ordered_extent *ordered;
5322 +@@ -3070,7 +3119,7 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree,
5323 +
5324 + for (index = 0; index < nr_pages; index++) {
5325 + __do_readpage(tree, pages[index], get_extent, em_cached, bio,
5326 +- mirror_num, bio_flags, rw);
5327 ++ mirror_num, bio_flags, rw, prev_em_start);
5328 + page_cache_release(pages[index]);
5329 + }
5330 + }
5331 +@@ -3080,7 +3129,8 @@ static void __extent_readpages(struct extent_io_tree *tree,
5332 + int nr_pages, get_extent_t *get_extent,
5333 + struct extent_map **em_cached,
5334 + struct bio **bio, int mirror_num,
5335 +- unsigned long *bio_flags, int rw)
5336 ++ unsigned long *bio_flags, int rw,
5337 ++ u64 *prev_em_start)
5338 + {
5339 + u64 start = 0;
5340 + u64 end = 0;
5341 +@@ -3101,7 +3151,7 @@ static void __extent_readpages(struct extent_io_tree *tree,
5342 + index - first_index, start,
5343 + end, get_extent, em_cached,
5344 + bio, mirror_num, bio_flags,
5345 +- rw);
5346 ++ rw, prev_em_start);
5347 + start = page_start;
5348 + end = start + PAGE_CACHE_SIZE - 1;
5349 + first_index = index;
5350 +@@ -3112,7 +3162,8 @@ static void __extent_readpages(struct extent_io_tree *tree,
5351 + __do_contiguous_readpages(tree, &pages[first_index],
5352 + index - first_index, start,
5353 + end, get_extent, em_cached, bio,
5354 +- mirror_num, bio_flags, rw);
5355 ++ mirror_num, bio_flags, rw,
5356 ++ prev_em_start);
5357 + }
5358 +
5359 + static int __extent_read_full_page(struct extent_io_tree *tree,
5360 +@@ -3138,7 +3189,7 @@ static int __extent_read_full_page(struct extent_io_tree *tree,
5361 + }
5362 +
5363 + ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num,
5364 +- bio_flags, rw);
5365 ++ bio_flags, rw, NULL);
5366 + return ret;
5367 + }
5368 +
5369 +@@ -3164,7 +3215,7 @@ int extent_read_full_page_nolock(struct extent_io_tree *tree, struct page *page,
5370 + int ret;
5371 +
5372 + ret = __do_readpage(tree, page, get_extent, NULL, &bio, mirror_num,
5373 +- &bio_flags, READ);
5374 ++ &bio_flags, READ, NULL);
5375 + if (bio)
5376 + ret = submit_one_bio(READ, bio, mirror_num, bio_flags);
5377 + return ret;
5378 +@@ -3417,7 +3468,7 @@ static noinline_for_stack int __extent_writepage_io(struct inode *inode,
5379 + sector, iosize, pg_offset,
5380 + bdev, &epd->bio, max_nr,
5381 + end_bio_extent_writepage,
5382 +- 0, 0, 0);
5383 ++ 0, 0, 0, false);
5384 + if (ret)
5385 + SetPageError(page);
5386 + }
5387 +@@ -3719,7 +3770,7 @@ static noinline_for_stack int write_one_eb(struct extent_buffer *eb,
5388 + ret = submit_extent_page(rw, tree, p, offset >> 9,
5389 + PAGE_CACHE_SIZE, 0, bdev, &epd->bio,
5390 + -1, end_bio_extent_buffer_writepage,
5391 +- 0, epd->bio_flags, bio_flags);
5392 ++ 0, epd->bio_flags, bio_flags, false);
5393 + epd->bio_flags = bio_flags;
5394 + if (ret) {
5395 + set_btree_ioerr(p);
5396 +@@ -4123,6 +4174,7 @@ int extent_readpages(struct extent_io_tree *tree,
5397 + struct page *page;
5398 + struct extent_map *em_cached = NULL;
5399 + int nr = 0;
5400 ++ u64 prev_em_start = (u64)-1;
5401 +
5402 + for (page_idx = 0; page_idx < nr_pages; page_idx++) {
5403 + page = list_entry(pages->prev, struct page, lru);
5404 +@@ -4139,12 +4191,12 @@ int extent_readpages(struct extent_io_tree *tree,
5405 + if (nr < ARRAY_SIZE(pagepool))
5406 + continue;
5407 + __extent_readpages(tree, pagepool, nr, get_extent, &em_cached,
5408 +- &bio, 0, &bio_flags, READ);
5409 ++ &bio, 0, &bio_flags, READ, &prev_em_start);
5410 + nr = 0;
5411 + }
5412 + if (nr)
5413 + __extent_readpages(tree, pagepool, nr, get_extent, &em_cached,
5414 +- &bio, 0, &bio_flags, READ);
5415 ++ &bio, 0, &bio_flags, READ, &prev_em_start);
5416 +
5417 + if (em_cached)
5418 + free_extent_map(em_cached);
5419 +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
5420 +index edaa6178b4ec..0be09bb34b75 100644
5421 +--- a/fs/btrfs/inode.c
5422 ++++ b/fs/btrfs/inode.c
5423 +@@ -4802,7 +4802,8 @@ void btrfs_evict_inode(struct inode *inode)
5424 + goto no_delete;
5425 + }
5426 + /* do we really want it for ->i_nlink > 0 and zero btrfs_root_refs? */
5427 +- btrfs_wait_ordered_range(inode, 0, (u64)-1);
5428 ++ if (!special_file(inode->i_mode))
5429 ++ btrfs_wait_ordered_range(inode, 0, (u64)-1);
5430 +
5431 + btrfs_free_io_failure_record(inode, 0, (u64)-1);
5432 +
5433 +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
5434 +index 63c6d05950f2..7dce00b91a71 100644
5435 +--- a/fs/btrfs/transaction.c
5436 ++++ b/fs/btrfs/transaction.c
5437 +@@ -1756,8 +1756,11 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans,
5438 + spin_unlock(&root->fs_info->trans_lock);
5439 +
5440 + wait_for_commit(root, prev_trans);
5441 ++ ret = prev_trans->aborted;
5442 +
5443 + btrfs_put_transaction(prev_trans);
5444 ++ if (ret)
5445 ++ goto cleanup_transaction;
5446 + } else {
5447 + spin_unlock(&root->fs_info->trans_lock);
5448 + }
5449 +diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
5450 +index 4ac7445e6ec7..da7fbfaa60b4 100644
5451 +--- a/fs/cifs/cifsencrypt.c
5452 ++++ b/fs/cifs/cifsencrypt.c
5453 +@@ -441,6 +441,48 @@ find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp)
5454 + return 0;
5455 + }
5456 +
5457 ++/* Server has provided av pairs/target info in the type 2 challenge
5458 ++ * packet and we have plucked it and stored within smb session.
5459 ++ * We parse that blob here to find the server given timestamp
5460 ++ * as part of ntlmv2 authentication (or local current time as
5461 ++ * default in case of failure)
5462 ++ */
5463 ++static __le64
5464 ++find_timestamp(struct cifs_ses *ses)
5465 ++{
5466 ++ unsigned int attrsize;
5467 ++ unsigned int type;
5468 ++ unsigned int onesize = sizeof(struct ntlmssp2_name);
5469 ++ unsigned char *blobptr;
5470 ++ unsigned char *blobend;
5471 ++ struct ntlmssp2_name *attrptr;
5472 ++
5473 ++ if (!ses->auth_key.len || !ses->auth_key.response)
5474 ++ return 0;
5475 ++
5476 ++ blobptr = ses->auth_key.response;
5477 ++ blobend = blobptr + ses->auth_key.len;
5478 ++
5479 ++ while (blobptr + onesize < blobend) {
5480 ++ attrptr = (struct ntlmssp2_name *) blobptr;
5481 ++ type = le16_to_cpu(attrptr->type);
5482 ++ if (type == NTLMSSP_AV_EOL)
5483 ++ break;
5484 ++ blobptr += 2; /* advance attr type */
5485 ++ attrsize = le16_to_cpu(attrptr->length);
5486 ++ blobptr += 2; /* advance attr size */
5487 ++ if (blobptr + attrsize > blobend)
5488 ++ break;
5489 ++ if (type == NTLMSSP_AV_TIMESTAMP) {
5490 ++ if (attrsize == sizeof(u64))
5491 ++ return *((__le64 *)blobptr);
5492 ++ }
5493 ++ blobptr += attrsize; /* advance attr value */
5494 ++ }
5495 ++
5496 ++ return cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
5497 ++}
5498 ++
5499 + static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash,
5500 + const struct nls_table *nls_cp)
5501 + {
5502 +@@ -637,6 +679,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
5503 + struct ntlmv2_resp *ntlmv2;
5504 + char ntlmv2_hash[16];
5505 + unsigned char *tiblob = NULL; /* target info blob */
5506 ++ __le64 rsp_timestamp;
5507 +
5508 + if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) {
5509 + if (!ses->domainName) {
5510 +@@ -655,6 +698,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
5511 + }
5512 + }
5513 +
5514 ++ /* Must be within 5 minutes of the server (or in range +/-2h
5515 ++ * in case of Mac OS X), so simply carry over server timestamp
5516 ++ * (as Windows 7 does)
5517 ++ */
5518 ++ rsp_timestamp = find_timestamp(ses);
5519 ++
5520 + baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp);
5521 + tilen = ses->auth_key.len;
5522 + tiblob = ses->auth_key.response;
5523 +@@ -671,8 +720,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
5524 + (ses->auth_key.response + CIFS_SESS_KEY_SIZE);
5525 + ntlmv2->blob_signature = cpu_to_le32(0x00000101);
5526 + ntlmv2->reserved = 0;
5527 +- /* Must be within 5 minutes of the server */
5528 +- ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
5529 ++ ntlmv2->time = rsp_timestamp;
5530 ++
5531 + get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
5532 + ntlmv2->reserved2 = 0;
5533 +
5534 +diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
5535 +index 0c3ce464cae4..c88a8279e532 100644
5536 +--- a/fs/cifs/inode.c
5537 ++++ b/fs/cifs/inode.c
5538 +@@ -2010,7 +2010,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
5539 + struct tcon_link *tlink = NULL;
5540 + struct cifs_tcon *tcon = NULL;
5541 + struct TCP_Server_Info *server;
5542 +- struct cifs_io_parms io_parms;
5543 +
5544 + /*
5545 + * To avoid spurious oplock breaks from server, in the case of
5546 +@@ -2032,18 +2031,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
5547 + rc = -ENOSYS;
5548 + cifsFileInfo_put(open_file);
5549 + cifs_dbg(FYI, "SetFSize for attrs rc = %d\n", rc);
5550 +- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) {
5551 +- unsigned int bytes_written;
5552 +-
5553 +- io_parms.netfid = open_file->fid.netfid;
5554 +- io_parms.pid = open_file->pid;
5555 +- io_parms.tcon = tcon;
5556 +- io_parms.offset = 0;
5557 +- io_parms.length = attrs->ia_size;
5558 +- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written,
5559 +- NULL, NULL, 1);
5560 +- cifs_dbg(FYI, "Wrt seteof rc %d\n", rc);
5561 +- }
5562 + } else
5563 + rc = -EINVAL;
5564 +
5565 +@@ -2069,28 +2056,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs,
5566 + else
5567 + rc = -ENOSYS;
5568 + cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc);
5569 +- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) {
5570 +- __u16 netfid;
5571 +- int oplock = 0;
5572 +
5573 +- rc = SMBLegacyOpen(xid, tcon, full_path, FILE_OPEN,
5574 +- GENERIC_WRITE, CREATE_NOT_DIR, &netfid,
5575 +- &oplock, NULL, cifs_sb->local_nls,
5576 +- cifs_remap(cifs_sb));
5577 +- if (rc == 0) {
5578 +- unsigned int bytes_written;
5579 +-
5580 +- io_parms.netfid = netfid;
5581 +- io_parms.pid = current->tgid;
5582 +- io_parms.tcon = tcon;
5583 +- io_parms.offset = 0;
5584 +- io_parms.length = attrs->ia_size;
5585 +- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, NULL,
5586 +- NULL, 1);
5587 +- cifs_dbg(FYI, "wrt seteof rc %d\n", rc);
5588 +- CIFSSMBClose(xid, tcon, netfid);
5589 +- }
5590 +- }
5591 + if (tlink)
5592 + cifs_put_tlink(tlink);
5593 +
5594 +diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c
5595 +index 8b7898b7670f..64a9bca976d0 100644
5596 +--- a/fs/cifs/ioctl.c
5597 ++++ b/fs/cifs/ioctl.c
5598 +@@ -67,6 +67,12 @@ static long cifs_ioctl_clone(unsigned int xid, struct file *dst_file,
5599 + goto out_drop_write;
5600 + }
5601 +
5602 ++ if (src_file.file->f_op->unlocked_ioctl != cifs_ioctl) {
5603 ++ rc = -EBADF;
5604 ++ cifs_dbg(VFS, "src file seems to be from a different filesystem type\n");
5605 ++ goto out_fput;
5606 ++ }
5607 ++
5608 + if ((!src_file.file->private_data) || (!dst_file->private_data)) {
5609 + rc = -EBADF;
5610 + cifs_dbg(VFS, "missing cifsFileInfo on copy range src file\n");
5611 +diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
5612 +index cc93a7ffe8e4..51f5251d7db5 100644
5613 +--- a/fs/cifs/smb2ops.c
5614 ++++ b/fs/cifs/smb2ops.c
5615 +@@ -50,9 +50,13 @@ change_conf(struct TCP_Server_Info *server)
5616 + break;
5617 + default:
5618 + server->echoes = true;
5619 +- server->oplocks = true;
5620 ++ if (enable_oplocks) {
5621 ++ server->oplocks = true;
5622 ++ server->oplock_credits = 1;
5623 ++ } else
5624 ++ server->oplocks = false;
5625 ++
5626 + server->echo_credits = 1;
5627 +- server->oplock_credits = 1;
5628 + }
5629 + server->credits -= server->echo_credits + server->oplock_credits;
5630 + return 0;
5631 +diff --git a/fs/coredump.c b/fs/coredump.c
5632 +index 4c5866b948e7..00d75e82f6f2 100644
5633 +--- a/fs/coredump.c
5634 ++++ b/fs/coredump.c
5635 +@@ -506,10 +506,10 @@ void do_coredump(const siginfo_t *siginfo)
5636 + const struct cred *old_cred;
5637 + struct cred *cred;
5638 + int retval = 0;
5639 +- int flag = 0;
5640 + int ispipe;
5641 + struct files_struct *displaced;
5642 +- bool need_nonrelative = false;
5643 ++ /* require nonrelative corefile path and be extra careful */
5644 ++ bool need_suid_safe = false;
5645 + bool core_dumped = false;
5646 + static atomic_t core_dump_count = ATOMIC_INIT(0);
5647 + struct coredump_params cprm = {
5648 +@@ -543,9 +543,8 @@ void do_coredump(const siginfo_t *siginfo)
5649 + */
5650 + if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) {
5651 + /* Setuid core dump mode */
5652 +- flag = O_EXCL; /* Stop rewrite attacks */
5653 + cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */
5654 +- need_nonrelative = true;
5655 ++ need_suid_safe = true;
5656 + }
5657 +
5658 + retval = coredump_wait(siginfo->si_signo, &core_state);
5659 +@@ -626,7 +625,7 @@ void do_coredump(const siginfo_t *siginfo)
5660 + if (cprm.limit < binfmt->min_coredump)
5661 + goto fail_unlock;
5662 +
5663 +- if (need_nonrelative && cn.corename[0] != '/') {
5664 ++ if (need_suid_safe && cn.corename[0] != '/') {
5665 + printk(KERN_WARNING "Pid %d(%s) can only dump core "\
5666 + "to fully qualified path!\n",
5667 + task_tgid_vnr(current), current->comm);
5668 +@@ -634,8 +633,35 @@ void do_coredump(const siginfo_t *siginfo)
5669 + goto fail_unlock;
5670 + }
5671 +
5672 ++ /*
5673 ++ * Unlink the file if it exists unless this is a SUID
5674 ++ * binary - in that case, we're running around with root
5675 ++ * privs and don't want to unlink another user's coredump.
5676 ++ */
5677 ++ if (!need_suid_safe) {
5678 ++ mm_segment_t old_fs;
5679 ++
5680 ++ old_fs = get_fs();
5681 ++ set_fs(KERNEL_DS);
5682 ++ /*
5683 ++ * If it doesn't exist, that's fine. If there's some
5684 ++ * other problem, we'll catch it at the filp_open().
5685 ++ */
5686 ++ (void) sys_unlink((const char __user *)cn.corename);
5687 ++ set_fs(old_fs);
5688 ++ }
5689 ++
5690 ++ /*
5691 ++ * There is a race between unlinking and creating the
5692 ++ * file, but if that causes an EEXIST here, that's
5693 ++ * fine - another process raced with us while creating
5694 ++ * the corefile, and the other process won. To userspace,
5695 ++ * what matters is that at least one of the two processes
5696 ++ * writes its coredump successfully, not which one.
5697 ++ */
5698 + cprm.file = filp_open(cn.corename,
5699 +- O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
5700 ++ O_CREAT | 2 | O_NOFOLLOW |
5701 ++ O_LARGEFILE | O_EXCL,
5702 + 0600);
5703 + if (IS_ERR(cprm.file))
5704 + goto fail_unlock;
5705 +diff --git a/fs/dcache.c b/fs/dcache.c
5706 +index a66d6d80e2d9..d25f8fdcd397 100644
5707 +--- a/fs/dcache.c
5708 ++++ b/fs/dcache.c
5709 +@@ -1528,7 +1528,8 @@ void d_set_d_op(struct dentry *dentry, const struct dentry_operations *op)
5710 + DCACHE_OP_COMPARE |
5711 + DCACHE_OP_REVALIDATE |
5712 + DCACHE_OP_WEAK_REVALIDATE |
5713 +- DCACHE_OP_DELETE ));
5714 ++ DCACHE_OP_DELETE |
5715 ++ DCACHE_OP_SELECT_INODE));
5716 + dentry->d_op = op;
5717 + if (!op)
5718 + return;
5719 +@@ -1544,6 +1545,8 @@ void d_set_d_op(struct dentry *dentry, const struct dentry_operations *op)
5720 + dentry->d_flags |= DCACHE_OP_DELETE;
5721 + if (op->d_prune)
5722 + dentry->d_flags |= DCACHE_OP_PRUNE;
5723 ++ if (op->d_select_inode)
5724 ++ dentry->d_flags |= DCACHE_OP_SELECT_INODE;
5725 +
5726 + }
5727 + EXPORT_SYMBOL(d_set_d_op);
5728 +@@ -2889,6 +2892,13 @@ restart:
5729 +
5730 + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
5731 + struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
5732 ++ /* Escaped? */
5733 ++ if (dentry != vfsmnt->mnt_root) {
5734 ++ bptr = *buffer;
5735 ++ blen = *buflen;
5736 ++ error = 3;
5737 ++ break;
5738 ++ }
5739 + /* Global root? */
5740 + if (mnt != parent) {
5741 + dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
5742 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
5743 +index bf038468d752..b5a2c29a8db8 100644
5744 +--- a/fs/ext4/super.c
5745 ++++ b/fs/ext4/super.c
5746 +@@ -4754,10 +4754,11 @@ static int ext4_freeze(struct super_block *sb)
5747 + error = jbd2_journal_flush(journal);
5748 + if (error < 0)
5749 + goto out;
5750 ++
5751 ++ /* Journal blocked and flushed, clear needs_recovery flag. */
5752 ++ EXT4_CLEAR_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER);
5753 + }
5754 +
5755 +- /* Journal blocked and flushed, clear needs_recovery flag. */
5756 +- EXT4_CLEAR_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER);
5757 + error = ext4_commit_super(sb, 1);
5758 + out:
5759 + if (journal)
5760 +@@ -4775,8 +4776,11 @@ static int ext4_unfreeze(struct super_block *sb)
5761 + if (sb->s_flags & MS_RDONLY)
5762 + return 0;
5763 +
5764 +- /* Reset the needs_recovery flag before the fs is unlocked. */
5765 +- EXT4_SET_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER);
5766 ++ if (EXT4_SB(sb)->s_journal) {
5767 ++ /* Reset the needs_recovery flag before the fs is unlocked. */
5768 ++ EXT4_SET_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER);
5769 ++ }
5770 ++
5771 + ext4_commit_super(sb, 1);
5772 + return 0;
5773 + }
5774 +diff --git a/fs/hfs/bnode.c b/fs/hfs/bnode.c
5775 +index d3fa6bd9503e..221719eac5de 100644
5776 +--- a/fs/hfs/bnode.c
5777 ++++ b/fs/hfs/bnode.c
5778 +@@ -288,7 +288,6 @@ static struct hfs_bnode *__hfs_bnode_create(struct hfs_btree *tree, u32 cnid)
5779 + page_cache_release(page);
5780 + goto fail;
5781 + }
5782 +- page_cache_release(page);
5783 + node->page[i] = page;
5784 + }
5785 +
5786 +@@ -398,11 +397,11 @@ node_error:
5787 +
5788 + void hfs_bnode_free(struct hfs_bnode *node)
5789 + {
5790 +- //int i;
5791 ++ int i;
5792 +
5793 +- //for (i = 0; i < node->tree->pages_per_bnode; i++)
5794 +- // if (node->page[i])
5795 +- // page_cache_release(node->page[i]);
5796 ++ for (i = 0; i < node->tree->pages_per_bnode; i++)
5797 ++ if (node->page[i])
5798 ++ page_cache_release(node->page[i]);
5799 + kfree(node);
5800 + }
5801 +
5802 +diff --git a/fs/hfs/brec.c b/fs/hfs/brec.c
5803 +index 9f4ee7f52026..6fc766df0461 100644
5804 +--- a/fs/hfs/brec.c
5805 ++++ b/fs/hfs/brec.c
5806 +@@ -131,13 +131,16 @@ skip:
5807 + hfs_bnode_write(node, entry, data_off + key_len, entry_len);
5808 + hfs_bnode_dump(node);
5809 +
5810 +- if (new_node) {
5811 +- /* update parent key if we inserted a key
5812 +- * at the start of the first node
5813 +- */
5814 +- if (!rec && new_node != node)
5815 +- hfs_brec_update_parent(fd);
5816 ++ /*
5817 ++ * update parent key if we inserted a key
5818 ++ * at the start of the node and it is not the new node
5819 ++ */
5820 ++ if (!rec && new_node != node) {
5821 ++ hfs_bnode_read_key(node, fd->search_key, data_off + size);
5822 ++ hfs_brec_update_parent(fd);
5823 ++ }
5824 +
5825 ++ if (new_node) {
5826 + hfs_bnode_put(fd->bnode);
5827 + if (!new_node->parent) {
5828 + hfs_btree_inc_height(tree);
5829 +@@ -166,9 +169,6 @@ skip:
5830 + goto again;
5831 + }
5832 +
5833 +- if (!rec)
5834 +- hfs_brec_update_parent(fd);
5835 +-
5836 + return 0;
5837 + }
5838 +
5839 +@@ -366,6 +366,8 @@ again:
5840 + if (IS_ERR(parent))
5841 + return PTR_ERR(parent);
5842 + __hfs_brec_find(parent, fd);
5843 ++ if (fd->record < 0)
5844 ++ return -ENOENT;
5845 + hfs_bnode_dump(parent);
5846 + rec = fd->record;
5847 +
5848 +diff --git a/fs/hfsplus/bnode.c b/fs/hfsplus/bnode.c
5849 +index 759708fd9331..63924662aaf3 100644
5850 +--- a/fs/hfsplus/bnode.c
5851 ++++ b/fs/hfsplus/bnode.c
5852 +@@ -454,7 +454,6 @@ static struct hfs_bnode *__hfs_bnode_create(struct hfs_btree *tree, u32 cnid)
5853 + page_cache_release(page);
5854 + goto fail;
5855 + }
5856 +- page_cache_release(page);
5857 + node->page[i] = page;
5858 + }
5859 +
5860 +@@ -566,13 +565,11 @@ node_error:
5861 +
5862 + void hfs_bnode_free(struct hfs_bnode *node)
5863 + {
5864 +-#if 0
5865 + int i;
5866 +
5867 + for (i = 0; i < node->tree->pages_per_bnode; i++)
5868 + if (node->page[i])
5869 + page_cache_release(node->page[i]);
5870 +-#endif
5871 + kfree(node);
5872 + }
5873 +
5874 +diff --git a/fs/hpfs/namei.c b/fs/hpfs/namei.c
5875 +index bdbc2c3080a4..0642cafaab34 100644
5876 +--- a/fs/hpfs/namei.c
5877 ++++ b/fs/hpfs/namei.c
5878 +@@ -8,6 +8,17 @@
5879 + #include <linux/sched.h>
5880 + #include "hpfs_fn.h"
5881 +
5882 ++static void hpfs_update_directory_times(struct inode *dir)
5883 ++{
5884 ++ time_t t = get_seconds();
5885 ++ if (t == dir->i_mtime.tv_sec &&
5886 ++ t == dir->i_ctime.tv_sec)
5887 ++ return;
5888 ++ dir->i_mtime.tv_sec = dir->i_ctime.tv_sec = t;
5889 ++ dir->i_mtime.tv_nsec = dir->i_ctime.tv_nsec = 0;
5890 ++ hpfs_write_inode_nolock(dir);
5891 ++}
5892 ++
5893 + static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
5894 + {
5895 + const unsigned char *name = dentry->d_name.name;
5896 +@@ -99,6 +110,7 @@ static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
5897 + result->i_mode = mode | S_IFDIR;
5898 + hpfs_write_inode_nolock(result);
5899 + }
5900 ++ hpfs_update_directory_times(dir);
5901 + d_instantiate(dentry, result);
5902 + hpfs_unlock(dir->i_sb);
5903 + return 0;
5904 +@@ -187,6 +199,7 @@ static int hpfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, b
5905 + result->i_mode = mode | S_IFREG;
5906 + hpfs_write_inode_nolock(result);
5907 + }
5908 ++ hpfs_update_directory_times(dir);
5909 + d_instantiate(dentry, result);
5910 + hpfs_unlock(dir->i_sb);
5911 + return 0;
5912 +@@ -262,6 +275,7 @@ static int hpfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, de
5913 + insert_inode_hash(result);
5914 +
5915 + hpfs_write_inode_nolock(result);
5916 ++ hpfs_update_directory_times(dir);
5917 + d_instantiate(dentry, result);
5918 + brelse(bh);
5919 + hpfs_unlock(dir->i_sb);
5920 +@@ -340,6 +354,7 @@ static int hpfs_symlink(struct inode *dir, struct dentry *dentry, const char *sy
5921 + insert_inode_hash(result);
5922 +
5923 + hpfs_write_inode_nolock(result);
5924 ++ hpfs_update_directory_times(dir);
5925 + d_instantiate(dentry, result);
5926 + hpfs_unlock(dir->i_sb);
5927 + return 0;
5928 +@@ -423,6 +438,8 @@ again:
5929 + out1:
5930 + hpfs_brelse4(&qbh);
5931 + out:
5932 ++ if (!err)
5933 ++ hpfs_update_directory_times(dir);
5934 + hpfs_unlock(dir->i_sb);
5935 + return err;
5936 + }
5937 +@@ -477,6 +494,8 @@ static int hpfs_rmdir(struct inode *dir, struct dentry *dentry)
5938 + out1:
5939 + hpfs_brelse4(&qbh);
5940 + out:
5941 ++ if (!err)
5942 ++ hpfs_update_directory_times(dir);
5943 + hpfs_unlock(dir->i_sb);
5944 + return err;
5945 + }
5946 +@@ -595,7 +614,7 @@ static int hpfs_rename(struct inode *old_dir, struct dentry *old_dentry,
5947 + goto end1;
5948 + }
5949 +
5950 +- end:
5951 ++end:
5952 + hpfs_i(i)->i_parent_dir = new_dir->i_ino;
5953 + if (S_ISDIR(i->i_mode)) {
5954 + inc_nlink(new_dir);
5955 +@@ -610,6 +629,10 @@ static int hpfs_rename(struct inode *old_dir, struct dentry *old_dentry,
5956 + brelse(bh);
5957 + }
5958 + end1:
5959 ++ if (!err) {
5960 ++ hpfs_update_directory_times(old_dir);
5961 ++ hpfs_update_directory_times(new_dir);
5962 ++ }
5963 + hpfs_unlock(i->i_sb);
5964 + return err;
5965 + }
5966 +diff --git a/fs/internal.h b/fs/internal.h
5967 +index 757ba2abf21e..53279bd90b72 100644
5968 +--- a/fs/internal.h
5969 ++++ b/fs/internal.h
5970 +@@ -106,6 +106,7 @@ extern struct file *do_file_open_root(struct dentry *, struct vfsmount *,
5971 + extern long do_handle_open(int mountdirfd,
5972 + struct file_handle __user *ufh, int open_flag);
5973 + extern int open_check_o_direct(struct file *f);
5974 ++extern int vfs_open(const struct path *, struct file *, const struct cred *);
5975 +
5976 + /*
5977 + * inode.c
5978 +diff --git a/fs/namei.c b/fs/namei.c
5979 +index d20f061cddd3..be3d538d56b3 100644
5980 +--- a/fs/namei.c
5981 ++++ b/fs/namei.c
5982 +@@ -487,6 +487,24 @@ void path_put(const struct path *path)
5983 + }
5984 + EXPORT_SYMBOL(path_put);
5985 +
5986 ++/**
5987 ++ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
5988 ++ * @path: nameidate to verify
5989 ++ *
5990 ++ * Rename can sometimes move a file or directory outside of a bind
5991 ++ * mount, path_connected allows those cases to be detected.
5992 ++ */
5993 ++static bool path_connected(const struct path *path)
5994 ++{
5995 ++ struct vfsmount *mnt = path->mnt;
5996 ++
5997 ++ /* Only bind mounts can have disconnected paths */
5998 ++ if (mnt->mnt_root == mnt->mnt_sb->s_root)
5999 ++ return true;
6000 ++
6001 ++ return is_subdir(path->dentry, mnt->mnt_root);
6002 ++}
6003 ++
6004 + /*
6005 + * Path walking has 2 modes, rcu-walk and ref-walk (see
6006 + * Documentation/filesystems/path-lookup.txt). In situations when we can't
6007 +@@ -1164,6 +1182,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
6008 + goto failed;
6009 + nd->path.dentry = parent;
6010 + nd->seq = seq;
6011 ++ if (unlikely(!path_connected(&nd->path)))
6012 ++ goto failed;
6013 + break;
6014 + }
6015 + if (!follow_up_rcu(&nd->path))
6016 +@@ -1260,7 +1280,7 @@ static void follow_mount(struct path *path)
6017 + }
6018 + }
6019 +
6020 +-static void follow_dotdot(struct nameidata *nd)
6021 ++static int follow_dotdot(struct nameidata *nd)
6022 + {
6023 + if (!nd->root.mnt)
6024 + set_root(nd);
6025 +@@ -1276,6 +1296,10 @@ static void follow_dotdot(struct nameidata *nd)
6026 + /* rare case of legitimate dget_parent()... */
6027 + nd->path.dentry = dget_parent(nd->path.dentry);
6028 + dput(old);
6029 ++ if (unlikely(!path_connected(&nd->path))) {
6030 ++ path_put(&nd->path);
6031 ++ return -ENOENT;
6032 ++ }
6033 + break;
6034 + }
6035 + if (!follow_up(&nd->path))
6036 +@@ -1283,6 +1307,7 @@ static void follow_dotdot(struct nameidata *nd)
6037 + }
6038 + follow_mount(&nd->path);
6039 + nd->inode = nd->path.dentry->d_inode;
6040 ++ return 0;
6041 + }
6042 +
6043 + /*
6044 +@@ -1503,7 +1528,7 @@ static inline int handle_dots(struct nameidata *nd, int type)
6045 + if (follow_dotdot_rcu(nd))
6046 + return -ECHILD;
6047 + } else
6048 +- follow_dotdot(nd);
6049 ++ return follow_dotdot(nd);
6050 + }
6051 + return 0;
6052 + }
6053 +@@ -2239,7 +2264,7 @@ mountpoint_last(struct nameidata *nd, struct path *path)
6054 + if (unlikely(nd->last_type != LAST_NORM)) {
6055 + error = handle_dots(nd, nd->last_type);
6056 + if (error)
6057 +- goto out;
6058 ++ return error;
6059 + dentry = dget(nd->path.dentry);
6060 + goto done;
6061 + }
6062 +diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c
6063 +index 7afb52f6a25a..32879965b255 100644
6064 +--- a/fs/nfs/filelayout/filelayout.c
6065 ++++ b/fs/nfs/filelayout/filelayout.c
6066 +@@ -682,23 +682,18 @@ out_put:
6067 + goto out;
6068 + }
6069 +
6070 +-static void filelayout_free_fh_array(struct nfs4_filelayout_segment *fl)
6071 ++static void _filelayout_free_lseg(struct nfs4_filelayout_segment *fl)
6072 + {
6073 + int i;
6074 +
6075 +- for (i = 0; i < fl->num_fh; i++) {
6076 +- if (!fl->fh_array[i])
6077 +- break;
6078 +- kfree(fl->fh_array[i]);
6079 ++ if (fl->fh_array) {
6080 ++ for (i = 0; i < fl->num_fh; i++) {
6081 ++ if (!fl->fh_array[i])
6082 ++ break;
6083 ++ kfree(fl->fh_array[i]);
6084 ++ }
6085 ++ kfree(fl->fh_array);
6086 + }
6087 +- kfree(fl->fh_array);
6088 +- fl->fh_array = NULL;
6089 +-}
6090 +-
6091 +-static void
6092 +-_filelayout_free_lseg(struct nfs4_filelayout_segment *fl)
6093 +-{
6094 +- filelayout_free_fh_array(fl);
6095 + kfree(fl);
6096 + }
6097 +
6098 +@@ -769,21 +764,21 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo,
6099 + /* Do we want to use a mempool here? */
6100 + fl->fh_array[i] = kmalloc(sizeof(struct nfs_fh), gfp_flags);
6101 + if (!fl->fh_array[i])
6102 +- goto out_err_free;
6103 ++ goto out_err;
6104 +
6105 + p = xdr_inline_decode(&stream, 4);
6106 + if (unlikely(!p))
6107 +- goto out_err_free;
6108 ++ goto out_err;
6109 + fl->fh_array[i]->size = be32_to_cpup(p++);
6110 + if (sizeof(struct nfs_fh) < fl->fh_array[i]->size) {
6111 + printk(KERN_ERR "NFS: Too big fh %d received %d\n",
6112 + i, fl->fh_array[i]->size);
6113 +- goto out_err_free;
6114 ++ goto out_err;
6115 + }
6116 +
6117 + p = xdr_inline_decode(&stream, fl->fh_array[i]->size);
6118 + if (unlikely(!p))
6119 +- goto out_err_free;
6120 ++ goto out_err;
6121 + memcpy(fl->fh_array[i]->data, p, fl->fh_array[i]->size);
6122 + dprintk("DEBUG: %s: fh len %d\n", __func__,
6123 + fl->fh_array[i]->size);
6124 +@@ -792,8 +787,6 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo,
6125 + __free_page(scratch);
6126 + return 0;
6127 +
6128 +-out_err_free:
6129 +- filelayout_free_fh_array(fl);
6130 + out_err:
6131 + __free_page(scratch);
6132 + return -EIO;
6133 +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
6134 +index c9ff4a176a25..123a494d018b 100644
6135 +--- a/fs/nfs/nfs4proc.c
6136 ++++ b/fs/nfs/nfs4proc.c
6137 +@@ -2346,7 +2346,7 @@ static int _nfs4_do_open(struct inode *dir,
6138 + goto err_free_label;
6139 + state = ctx->state;
6140 +
6141 +- if ((opendata->o_arg.open_flags & O_EXCL) &&
6142 ++ if ((opendata->o_arg.open_flags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL) &&
6143 + (opendata->o_arg.createmode != NFS4_CREATE_GUARDED)) {
6144 + nfs4_exclusive_attrset(opendata, sattr);
6145 +
6146 +@@ -8443,6 +8443,7 @@ static const struct nfs4_minor_version_ops nfs_v4_2_minor_ops = {
6147 + .reboot_recovery_ops = &nfs41_reboot_recovery_ops,
6148 + .nograce_recovery_ops = &nfs41_nograce_recovery_ops,
6149 + .state_renewal_ops = &nfs41_state_renewal_ops,
6150 ++ .mig_recovery_ops = &nfs41_mig_recovery_ops,
6151 + };
6152 + #endif
6153 +
6154 +diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
6155 +index ed0db61f8543..54631609d601 100644
6156 +--- a/fs/nfs/pagelist.c
6157 ++++ b/fs/nfs/pagelist.c
6158 +@@ -63,8 +63,8 @@ EXPORT_SYMBOL_GPL(nfs_pgheader_init);
6159 + void nfs_set_pgio_error(struct nfs_pgio_header *hdr, int error, loff_t pos)
6160 + {
6161 + spin_lock(&hdr->lock);
6162 +- if (pos < hdr->io_start + hdr->good_bytes) {
6163 +- set_bit(NFS_IOHDR_ERROR, &hdr->flags);
6164 ++ if (!test_and_set_bit(NFS_IOHDR_ERROR, &hdr->flags)
6165 ++ || pos < hdr->io_start + hdr->good_bytes) {
6166 + clear_bit(NFS_IOHDR_EOF, &hdr->flags);
6167 + hdr->good_bytes = pos - hdr->io_start;
6168 + hdr->error = error;
6169 +@@ -486,7 +486,7 @@ size_t nfs_generic_pg_test(struct nfs_pageio_descriptor *desc,
6170 + * for it without upsetting the slab allocator.
6171 + */
6172 + if (((desc->pg_count + req->wb_bytes) >> PAGE_SHIFT) *
6173 +- sizeof(struct page) > PAGE_SIZE)
6174 ++ sizeof(struct page *) > PAGE_SIZE)
6175 + return 0;
6176 +
6177 + return min(desc->pg_bsize - desc->pg_count, (size_t)req->wb_bytes);
6178 +diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
6179 +index 9ec1eea7c3a3..5972f5a30713 100644
6180 +--- a/fs/ocfs2/dlm/dlmmaster.c
6181 ++++ b/fs/ocfs2/dlm/dlmmaster.c
6182 +@@ -1447,6 +1447,7 @@ int dlm_master_request_handler(struct o2net_msg *msg, u32 len, void *data,
6183 + int found, ret;
6184 + int set_maybe;
6185 + int dispatch_assert = 0;
6186 ++ int dispatched = 0;
6187 +
6188 + if (!dlm_grab(dlm))
6189 + return DLM_MASTER_RESP_NO;
6190 +@@ -1653,14 +1654,17 @@ send_response:
6191 + mlog(ML_ERROR, "failed to dispatch assert master work\n");
6192 + response = DLM_MASTER_RESP_ERROR;
6193 + dlm_lockres_put(res);
6194 +- } else
6195 ++ } else {
6196 ++ dispatched = 1;
6197 + dlm_lockres_grab_inflight_worker(dlm, res);
6198 ++ }
6199 + } else {
6200 + if (res)
6201 + dlm_lockres_put(res);
6202 + }
6203 +
6204 +- dlm_put(dlm);
6205 ++ if (!dispatched)
6206 ++ dlm_put(dlm);
6207 + return response;
6208 + }
6209 +
6210 +@@ -2084,7 +2088,6 @@ int dlm_dispatch_assert_master(struct dlm_ctxt *dlm,
6211 +
6212 +
6213 + /* queue up work for dlm_assert_master_worker */
6214 +- dlm_grab(dlm); /* get an extra ref for the work item */
6215 + dlm_init_work_item(dlm, item, dlm_assert_master_worker, NULL);
6216 + item->u.am.lockres = res; /* already have a ref */
6217 + /* can optionally ignore node numbers higher than this node */
6218 +diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
6219 +index 3365839d2971..8632f9c5fb5d 100644
6220 +--- a/fs/ocfs2/dlm/dlmrecovery.c
6221 ++++ b/fs/ocfs2/dlm/dlmrecovery.c
6222 +@@ -1687,6 +1687,7 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data,
6223 + unsigned int hash;
6224 + int master = DLM_LOCK_RES_OWNER_UNKNOWN;
6225 + u32 flags = DLM_ASSERT_MASTER_REQUERY;
6226 ++ int dispatched = 0;
6227 +
6228 + if (!dlm_grab(dlm)) {
6229 + /* since the domain has gone away on this
6230 +@@ -1708,8 +1709,10 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data,
6231 + mlog_errno(-ENOMEM);
6232 + /* retry!? */
6233 + BUG();
6234 +- } else
6235 ++ } else {
6236 ++ dispatched = 1;
6237 + __dlm_lockres_grab_inflight_worker(dlm, res);
6238 ++ }
6239 + spin_unlock(&res->spinlock);
6240 + } else {
6241 + /* put.. incase we are not the master */
6242 +@@ -1719,7 +1722,8 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data,
6243 + }
6244 + spin_unlock(&dlm->spinlock);
6245 +
6246 +- dlm_put(dlm);
6247 ++ if (!dispatched)
6248 ++ dlm_put(dlm);
6249 + return master;
6250 + }
6251 +
6252 +diff --git a/fs/open.c b/fs/open.c
6253 +index 4a8a355ffab8..d058ff1b841b 100644
6254 +--- a/fs/open.c
6255 ++++ b/fs/open.c
6256 +@@ -665,18 +665,18 @@ int open_check_o_direct(struct file *f)
6257 + }
6258 +
6259 + static int do_dentry_open(struct file *f,
6260 ++ struct inode *inode,
6261 + int (*open)(struct inode *, struct file *),
6262 + const struct cred *cred)
6263 + {
6264 + static const struct file_operations empty_fops = {};
6265 +- struct inode *inode;
6266 + int error;
6267 +
6268 + f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
6269 + FMODE_PREAD | FMODE_PWRITE;
6270 +
6271 + path_get(&f->f_path);
6272 +- inode = f->f_inode = f->f_path.dentry->d_inode;
6273 ++ f->f_inode = inode;
6274 + f->f_mapping = inode->i_mapping;
6275 +
6276 + if (unlikely(f->f_flags & O_PATH)) {
6277 +@@ -780,7 +780,8 @@ int finish_open(struct file *file, struct dentry *dentry,
6278 + BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */
6279 +
6280 + file->f_path.dentry = dentry;
6281 +- error = do_dentry_open(file, open, current_cred());
6282 ++ error = do_dentry_open(file, d_backing_inode(dentry), open,
6283 ++ current_cred());
6284 + if (!error)
6285 + *opened |= FILE_OPENED;
6286 +
6287 +@@ -809,6 +810,28 @@ int finish_no_open(struct file *file, struct dentry *dentry)
6288 + }
6289 + EXPORT_SYMBOL(finish_no_open);
6290 +
6291 ++/**
6292 ++ * vfs_open - open the file at the given path
6293 ++ * @path: path to open
6294 ++ * @file: newly allocated file with f_flag initialized
6295 ++ * @cred: credentials to use
6296 ++ */
6297 ++int vfs_open(const struct path *path, struct file *file,
6298 ++ const struct cred *cred)
6299 ++{
6300 ++ struct dentry *dentry = path->dentry;
6301 ++ struct inode *inode = dentry->d_inode;
6302 ++
6303 ++ file->f_path = *path;
6304 ++ if (dentry->d_flags & DCACHE_OP_SELECT_INODE) {
6305 ++ inode = dentry->d_op->d_select_inode(dentry, file->f_flags);
6306 ++ if (IS_ERR(inode))
6307 ++ return PTR_ERR(inode);
6308 ++ }
6309 ++
6310 ++ return do_dentry_open(file, inode, NULL, cred);
6311 ++}
6312 ++
6313 + struct file *dentry_open(const struct path *path, int flags,
6314 + const struct cred *cred)
6315 + {
6316 +@@ -840,26 +863,6 @@ struct file *dentry_open(const struct path *path, int flags,
6317 + }
6318 + EXPORT_SYMBOL(dentry_open);
6319 +
6320 +-/**
6321 +- * vfs_open - open the file at the given path
6322 +- * @path: path to open
6323 +- * @filp: newly allocated file with f_flag initialized
6324 +- * @cred: credentials to use
6325 +- */
6326 +-int vfs_open(const struct path *path, struct file *filp,
6327 +- const struct cred *cred)
6328 +-{
6329 +- struct inode *inode = path->dentry->d_inode;
6330 +-
6331 +- if (inode->i_op->dentry_open)
6332 +- return inode->i_op->dentry_open(path->dentry, filp, cred);
6333 +- else {
6334 +- filp->f_path = *path;
6335 +- return do_dentry_open(filp, NULL, cred);
6336 +- }
6337 +-}
6338 +-EXPORT_SYMBOL(vfs_open);
6339 +-
6340 + static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op)
6341 + {
6342 + int lookup_flags = 0;
6343 +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
6344 +index 07d74b24913b..e3903b74a1f2 100644
6345 +--- a/fs/overlayfs/inode.c
6346 ++++ b/fs/overlayfs/inode.c
6347 +@@ -333,37 +333,33 @@ static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
6348 + return true;
6349 + }
6350 +
6351 +-static int ovl_dentry_open(struct dentry *dentry, struct file *file,
6352 +- const struct cred *cred)
6353 ++struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
6354 + {
6355 + int err;
6356 + struct path realpath;
6357 + enum ovl_path_type type;
6358 +- bool want_write = false;
6359 ++
6360 ++ if (d_is_dir(dentry))
6361 ++ return d_backing_inode(dentry);
6362 +
6363 + type = ovl_path_real(dentry, &realpath);
6364 +- if (ovl_open_need_copy_up(file->f_flags, type, realpath.dentry)) {
6365 +- want_write = true;
6366 ++ if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
6367 + err = ovl_want_write(dentry);
6368 + if (err)
6369 +- goto out;
6370 ++ return ERR_PTR(err);
6371 +
6372 +- if (file->f_flags & O_TRUNC)
6373 ++ if (file_flags & O_TRUNC)
6374 + err = ovl_copy_up_last(dentry, NULL, true);
6375 + else
6376 + err = ovl_copy_up(dentry);
6377 ++ ovl_drop_write(dentry);
6378 + if (err)
6379 +- goto out_drop_write;
6380 ++ return ERR_PTR(err);
6381 +
6382 + ovl_path_upper(dentry, &realpath);
6383 + }
6384 +
6385 +- err = vfs_open(&realpath, file, cred);
6386 +-out_drop_write:
6387 +- if (want_write)
6388 +- ovl_drop_write(dentry);
6389 +-out:
6390 +- return err;
6391 ++ return d_backing_inode(realpath.dentry);
6392 + }
6393 +
6394 + static const struct inode_operations ovl_file_inode_operations = {
6395 +@@ -374,7 +370,6 @@ static const struct inode_operations ovl_file_inode_operations = {
6396 + .getxattr = ovl_getxattr,
6397 + .listxattr = ovl_listxattr,
6398 + .removexattr = ovl_removexattr,
6399 +- .dentry_open = ovl_dentry_open,
6400 + };
6401 +
6402 + static const struct inode_operations ovl_symlink_inode_operations = {
6403 +diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
6404 +index 814bed33dd07..1714fcc7603e 100644
6405 +--- a/fs/overlayfs/overlayfs.h
6406 ++++ b/fs/overlayfs/overlayfs.h
6407 +@@ -165,6 +165,7 @@ ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
6408 + void *value, size_t size);
6409 + ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size);
6410 + int ovl_removexattr(struct dentry *dentry, const char *name);
6411 ++struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags);
6412 +
6413 + struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
6414 + struct ovl_entry *oe);
6415 +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
6416 +index f16d318b71f8..6256c8ed52c9 100644
6417 +--- a/fs/overlayfs/super.c
6418 ++++ b/fs/overlayfs/super.c
6419 +@@ -269,6 +269,7 @@ static void ovl_dentry_release(struct dentry *dentry)
6420 +
6421 + static const struct dentry_operations ovl_dentry_operations = {
6422 + .d_release = ovl_dentry_release,
6423 ++ .d_select_inode = ovl_d_select_inode,
6424 + };
6425 +
6426 + static struct ovl_entry *ovl_alloc_entry(void)
6427 +diff --git a/include/linux/dcache.h b/include/linux/dcache.h
6428 +index 1c2f1b84468b..340ee0dae93b 100644
6429 +--- a/include/linux/dcache.h
6430 ++++ b/include/linux/dcache.h
6431 +@@ -160,6 +160,7 @@ struct dentry_operations {
6432 + char *(*d_dname)(struct dentry *, char *, int);
6433 + struct vfsmount *(*d_automount)(struct path *);
6434 + int (*d_manage)(struct dentry *, bool);
6435 ++ struct inode *(*d_select_inode)(struct dentry *, unsigned);
6436 + } ____cacheline_aligned;
6437 +
6438 + /*
6439 +@@ -222,6 +223,7 @@ struct dentry_operations {
6440 + #define DCACHE_FILE_TYPE 0x00400000 /* Other file type */
6441 +
6442 + #define DCACHE_MAY_FREE 0x00800000
6443 ++#define DCACHE_OP_SELECT_INODE 0x02000000 /* Unioned entry: dcache op selects inode */
6444 +
6445 + extern seqlock_t rename_lock;
6446 +
6447 +@@ -468,4 +470,61 @@ static inline unsigned long vfs_pressure_ratio(unsigned long val)
6448 + {
6449 + return mult_frac(val, sysctl_vfs_cache_pressure, 100);
6450 + }
6451 ++
6452 ++/**
6453 ++ * d_inode - Get the actual inode of this dentry
6454 ++ * @dentry: The dentry to query
6455 ++ *
6456 ++ * This is the helper normal filesystems should use to get at their own inodes
6457 ++ * in their own dentries and ignore the layering superimposed upon them.
6458 ++ */
6459 ++static inline struct inode *d_inode(const struct dentry *dentry)
6460 ++{
6461 ++ return dentry->d_inode;
6462 ++}
6463 ++
6464 ++/**
6465 ++ * d_inode_rcu - Get the actual inode of this dentry with ACCESS_ONCE()
6466 ++ * @dentry: The dentry to query
6467 ++ *
6468 ++ * This is the helper normal filesystems should use to get at their own inodes
6469 ++ * in their own dentries and ignore the layering superimposed upon them.
6470 ++ */
6471 ++static inline struct inode *d_inode_rcu(const struct dentry *dentry)
6472 ++{
6473 ++ return ACCESS_ONCE(dentry->d_inode);
6474 ++}
6475 ++
6476 ++/**
6477 ++ * d_backing_inode - Get upper or lower inode we should be using
6478 ++ * @upper: The upper layer
6479 ++ *
6480 ++ * This is the helper that should be used to get at the inode that will be used
6481 ++ * if this dentry were to be opened as a file. The inode may be on the upper
6482 ++ * dentry or it may be on a lower dentry pinned by the upper.
6483 ++ *
6484 ++ * Normal filesystems should not use this to access their own inodes.
6485 ++ */
6486 ++static inline struct inode *d_backing_inode(const struct dentry *upper)
6487 ++{
6488 ++ struct inode *inode = upper->d_inode;
6489 ++
6490 ++ return inode;
6491 ++}
6492 ++
6493 ++/**
6494 ++ * d_backing_dentry - Get upper or lower dentry we should be using
6495 ++ * @upper: The upper layer
6496 ++ *
6497 ++ * This is the helper that should be used to get the dentry of the inode that
6498 ++ * will be used if this dentry were opened as a file. It may be the upper
6499 ++ * dentry or it may be a lower dentry pinned by the upper.
6500 ++ *
6501 ++ * Normal filesystems should not use this to access their own dentries.
6502 ++ */
6503 ++static inline struct dentry *d_backing_dentry(struct dentry *upper)
6504 ++{
6505 ++ return upper;
6506 ++}
6507 ++
6508 + #endif /* __LINUX_DCACHE_H */
6509 +diff --git a/include/linux/fs.h b/include/linux/fs.h
6510 +index 84d672914bd8..6fd017e25c0a 100644
6511 +--- a/include/linux/fs.h
6512 ++++ b/include/linux/fs.h
6513 +@@ -1552,7 +1552,6 @@ struct inode_operations {
6514 + int (*set_acl)(struct inode *, struct posix_acl *, int);
6515 +
6516 + /* WARNING: probably going away soon, do not use! */
6517 +- int (*dentry_open)(struct dentry *, struct file *, const struct cred *);
6518 + } ____cacheline_aligned;
6519 +
6520 + ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
6521 +@@ -2068,7 +2067,6 @@ extern struct file *file_open_name(struct filename *, int, umode_t);
6522 + extern struct file *filp_open(const char *, int, umode_t);
6523 + extern struct file *file_open_root(struct dentry *, struct vfsmount *,
6524 + const char *, int);
6525 +-extern int vfs_open(const struct path *, struct file *, const struct cred *);
6526 + extern struct file * dentry_open(const struct path *, int, const struct cred *);
6527 + extern int filp_close(struct file *, fl_owner_t id);
6528 +
6529 +diff --git a/include/linux/if_link.h b/include/linux/if_link.h
6530 +index 119130e9298b..da4929927f69 100644
6531 +--- a/include/linux/if_link.h
6532 ++++ b/include/linux/if_link.h
6533 +@@ -14,5 +14,6 @@ struct ifla_vf_info {
6534 + __u32 linkstate;
6535 + __u32 min_tx_rate;
6536 + __u32 max_tx_rate;
6537 ++ __u32 rss_query_en;
6538 + };
6539 + #endif /* _LINUX_IF_LINK_H */
6540 +diff --git a/include/linux/iio/iio.h b/include/linux/iio/iio.h
6541 +index 15dc6bc2bdd2..6c17af80823c 100644
6542 +--- a/include/linux/iio/iio.h
6543 ++++ b/include/linux/iio/iio.h
6544 +@@ -614,6 +614,15 @@ int iio_str_to_fixpoint(const char *str, int fract_mult, int *integer,
6545 + #define IIO_DEGREE_TO_RAD(deg) (((deg) * 314159ULL + 9000000ULL) / 18000000ULL)
6546 +
6547 + /**
6548 ++ * IIO_RAD_TO_DEGREE() - Convert rad to degree
6549 ++ * @rad: A value in rad
6550 ++ *
6551 ++ * Returns the given value converted from rad to degree
6552 ++ */
6553 ++#define IIO_RAD_TO_DEGREE(rad) \
6554 ++ (((rad) * 18000000ULL + 314159ULL / 2) / 314159ULL)
6555 ++
6556 ++/**
6557 + * IIO_G_TO_M_S_2() - Convert g to meter / second**2
6558 + * @g: A value in g
6559 + *
6560 +@@ -621,4 +630,12 @@ int iio_str_to_fixpoint(const char *str, int fract_mult, int *integer,
6561 + */
6562 + #define IIO_G_TO_M_S_2(g) ((g) * 980665ULL / 100000ULL)
6563 +
6564 ++/**
6565 ++ * IIO_M_S_2_TO_G() - Convert meter / second**2 to g
6566 ++ * @ms2: A value in meter / second**2
6567 ++ *
6568 ++ * Returns the given value converted from meter / second**2 to g
6569 ++ */
6570 ++#define IIO_M_S_2_TO_G(ms2) (((ms2) * 100000ULL + 980665ULL / 2) / 980665ULL)
6571 ++
6572 + #endif /* _INDUSTRIAL_IO_H_ */
6573 +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
6574 +index c3fd34da6c08..70fde9c5c61d 100644
6575 +--- a/include/linux/netdevice.h
6576 ++++ b/include/linux/netdevice.h
6577 +@@ -859,6 +859,11 @@ typedef u16 (*select_queue_fallback_t)(struct net_device *dev,
6578 + * int (*ndo_set_vf_link_state)(struct net_device *dev, int vf, int link_state);
6579 + * int (*ndo_set_vf_port)(struct net_device *dev, int vf,
6580 + * struct nlattr *port[]);
6581 ++ *
6582 ++ * Enable or disable the VF ability to query its RSS Redirection Table and
6583 ++ * Hash Key. This is needed since on some devices VF share this information
6584 ++ * with PF and querying it may adduce a theoretical security risk.
6585 ++ * int (*ndo_set_vf_rss_query_en)(struct net_device *dev, int vf, bool setting);
6586 + * int (*ndo_get_vf_port)(struct net_device *dev, int vf, struct sk_buff *skb);
6587 + * int (*ndo_setup_tc)(struct net_device *dev, u8 tc)
6588 + * Called to setup 'tc' number of traffic classes in the net device. This
6589 +@@ -1071,6 +1076,9 @@ struct net_device_ops {
6590 + struct nlattr *port[]);
6591 + int (*ndo_get_vf_port)(struct net_device *dev,
6592 + int vf, struct sk_buff *skb);
6593 ++ int (*ndo_set_vf_rss_query_en)(
6594 ++ struct net_device *dev,
6595 ++ int vf, bool setting);
6596 + int (*ndo_setup_tc)(struct net_device *dev, u8 tc);
6597 + #if IS_ENABLED(CONFIG_FCOE)
6598 + int (*ndo_fcoe_enable)(struct net_device *dev);
6599 +diff --git a/include/linux/security.h b/include/linux/security.h
6600 +index ba96471c11ba..ea9eda4abdd5 100644
6601 +--- a/include/linux/security.h
6602 ++++ b/include/linux/security.h
6603 +@@ -2471,7 +2471,7 @@ static inline int security_task_prctl(int option, unsigned long arg2,
6604 + unsigned long arg4,
6605 + unsigned long arg5)
6606 + {
6607 +- return cap_task_prctl(option, arg2, arg3, arg3, arg5);
6608 ++ return cap_task_prctl(option, arg2, arg3, arg4, arg5);
6609 + }
6610 +
6611 + static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
6612 +diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h
6613 +new file mode 100644
6614 +index 000000000000..7bd03f867fca
6615 +--- /dev/null
6616 ++++ b/include/target/iscsi/iscsi_target_core.h
6617 +@@ -0,0 +1,904 @@
6618 ++#ifndef ISCSI_TARGET_CORE_H
6619 ++#define ISCSI_TARGET_CORE_H
6620 ++
6621 ++#include <linux/in.h>
6622 ++#include <linux/configfs.h>
6623 ++#include <net/sock.h>
6624 ++#include <net/tcp.h>
6625 ++#include <scsi/scsi_cmnd.h>
6626 ++#include <scsi/iscsi_proto.h>
6627 ++#include <target/target_core_base.h>
6628 ++
6629 ++#define ISCSIT_VERSION "v4.1.0"
6630 ++#define ISCSI_MAX_DATASN_MISSING_COUNT 16
6631 ++#define ISCSI_TX_THREAD_TCP_TIMEOUT 2
6632 ++#define ISCSI_RX_THREAD_TCP_TIMEOUT 2
6633 ++#define SECONDS_FOR_ASYNC_LOGOUT 10
6634 ++#define SECONDS_FOR_ASYNC_TEXT 10
6635 ++#define SECONDS_FOR_LOGOUT_COMP 15
6636 ++#define WHITE_SPACE " \t\v\f\n\r"
6637 ++#define ISCSIT_MIN_TAGS 16
6638 ++#define ISCSIT_EXTRA_TAGS 8
6639 ++#define ISCSIT_TCP_BACKLOG 256
6640 ++#define ISCSI_RX_THREAD_NAME "iscsi_trx"
6641 ++#define ISCSI_TX_THREAD_NAME "iscsi_ttx"
6642 ++
6643 ++/* struct iscsi_node_attrib sanity values */
6644 ++#define NA_DATAOUT_TIMEOUT 3
6645 ++#define NA_DATAOUT_TIMEOUT_MAX 60
6646 ++#define NA_DATAOUT_TIMEOUT_MIX 2
6647 ++#define NA_DATAOUT_TIMEOUT_RETRIES 5
6648 ++#define NA_DATAOUT_TIMEOUT_RETRIES_MAX 15
6649 ++#define NA_DATAOUT_TIMEOUT_RETRIES_MIN 1
6650 ++#define NA_NOPIN_TIMEOUT 15
6651 ++#define NA_NOPIN_TIMEOUT_MAX 60
6652 ++#define NA_NOPIN_TIMEOUT_MIN 3
6653 ++#define NA_NOPIN_RESPONSE_TIMEOUT 30
6654 ++#define NA_NOPIN_RESPONSE_TIMEOUT_MAX 60
6655 ++#define NA_NOPIN_RESPONSE_TIMEOUT_MIN 3
6656 ++#define NA_RANDOM_DATAIN_PDU_OFFSETS 0
6657 ++#define NA_RANDOM_DATAIN_SEQ_OFFSETS 0
6658 ++#define NA_RANDOM_R2T_OFFSETS 0
6659 ++
6660 ++/* struct iscsi_tpg_attrib sanity values */
6661 ++#define TA_AUTHENTICATION 1
6662 ++#define TA_LOGIN_TIMEOUT 15
6663 ++#define TA_LOGIN_TIMEOUT_MAX 30
6664 ++#define TA_LOGIN_TIMEOUT_MIN 5
6665 ++#define TA_NETIF_TIMEOUT 2
6666 ++#define TA_NETIF_TIMEOUT_MAX 15
6667 ++#define TA_NETIF_TIMEOUT_MIN 2
6668 ++#define TA_GENERATE_NODE_ACLS 0
6669 ++#define TA_DEFAULT_CMDSN_DEPTH 64
6670 ++#define TA_DEFAULT_CMDSN_DEPTH_MAX 512
6671 ++#define TA_DEFAULT_CMDSN_DEPTH_MIN 1
6672 ++#define TA_CACHE_DYNAMIC_ACLS 0
6673 ++/* Enabled by default in demo mode (generic_node_acls=1) */
6674 ++#define TA_DEMO_MODE_WRITE_PROTECT 1
6675 ++/* Disabled by default in production mode w/ explict ACLs */
6676 ++#define TA_PROD_MODE_WRITE_PROTECT 0
6677 ++#define TA_DEMO_MODE_DISCOVERY 1
6678 ++#define TA_DEFAULT_ERL 0
6679 ++#define TA_CACHE_CORE_NPS 0
6680 ++/* T10 protection information disabled by default */
6681 ++#define TA_DEFAULT_T10_PI 0
6682 ++#define TA_DEFAULT_FABRIC_PROT_TYPE 0
6683 ++
6684 ++#define ISCSI_IOV_DATA_BUFFER 5
6685 ++
6686 ++enum iscsit_transport_type {
6687 ++ ISCSI_TCP = 0,
6688 ++ ISCSI_SCTP_TCP = 1,
6689 ++ ISCSI_SCTP_UDP = 2,
6690 ++ ISCSI_IWARP_TCP = 3,
6691 ++ ISCSI_IWARP_SCTP = 4,
6692 ++ ISCSI_INFINIBAND = 5,
6693 ++};
6694 ++
6695 ++/* RFC-3720 7.1.4 Standard Connection State Diagram for a Target */
6696 ++enum target_conn_state_table {
6697 ++ TARG_CONN_STATE_FREE = 0x1,
6698 ++ TARG_CONN_STATE_XPT_UP = 0x3,
6699 ++ TARG_CONN_STATE_IN_LOGIN = 0x4,
6700 ++ TARG_CONN_STATE_LOGGED_IN = 0x5,
6701 ++ TARG_CONN_STATE_IN_LOGOUT = 0x6,
6702 ++ TARG_CONN_STATE_LOGOUT_REQUESTED = 0x7,
6703 ++ TARG_CONN_STATE_CLEANUP_WAIT = 0x8,
6704 ++};
6705 ++
6706 ++/* RFC-3720 7.3.2 Session State Diagram for a Target */
6707 ++enum target_sess_state_table {
6708 ++ TARG_SESS_STATE_FREE = 0x1,
6709 ++ TARG_SESS_STATE_ACTIVE = 0x2,
6710 ++ TARG_SESS_STATE_LOGGED_IN = 0x3,
6711 ++ TARG_SESS_STATE_FAILED = 0x4,
6712 ++ TARG_SESS_STATE_IN_CONTINUE = 0x5,
6713 ++};
6714 ++
6715 ++/* struct iscsi_data_count->type */
6716 ++enum data_count_type {
6717 ++ ISCSI_RX_DATA = 1,
6718 ++ ISCSI_TX_DATA = 2,
6719 ++};
6720 ++
6721 ++/* struct iscsi_datain_req->dr_complete */
6722 ++enum datain_req_comp_table {
6723 ++ DATAIN_COMPLETE_NORMAL = 1,
6724 ++ DATAIN_COMPLETE_WITHIN_COMMAND_RECOVERY = 2,
6725 ++ DATAIN_COMPLETE_CONNECTION_RECOVERY = 3,
6726 ++};
6727 ++
6728 ++/* struct iscsi_datain_req->recovery */
6729 ++enum datain_req_rec_table {
6730 ++ DATAIN_WITHIN_COMMAND_RECOVERY = 1,
6731 ++ DATAIN_CONNECTION_RECOVERY = 2,
6732 ++};
6733 ++
6734 ++/* struct iscsi_portal_group->state */
6735 ++enum tpg_state_table {
6736 ++ TPG_STATE_FREE = 0,
6737 ++ TPG_STATE_ACTIVE = 1,
6738 ++ TPG_STATE_INACTIVE = 2,
6739 ++ TPG_STATE_COLD_RESET = 3,
6740 ++};
6741 ++
6742 ++/* struct iscsi_tiqn->tiqn_state */
6743 ++enum tiqn_state_table {
6744 ++ TIQN_STATE_ACTIVE = 1,
6745 ++ TIQN_STATE_SHUTDOWN = 2,
6746 ++};
6747 ++
6748 ++/* struct iscsi_cmd->cmd_flags */
6749 ++enum cmd_flags_table {
6750 ++ ICF_GOT_LAST_DATAOUT = 0x00000001,
6751 ++ ICF_GOT_DATACK_SNACK = 0x00000002,
6752 ++ ICF_NON_IMMEDIATE_UNSOLICITED_DATA = 0x00000004,
6753 ++ ICF_SENT_LAST_R2T = 0x00000008,
6754 ++ ICF_WITHIN_COMMAND_RECOVERY = 0x00000010,
6755 ++ ICF_CONTIG_MEMORY = 0x00000020,
6756 ++ ICF_ATTACHED_TO_RQUEUE = 0x00000040,
6757 ++ ICF_OOO_CMDSN = 0x00000080,
6758 ++ ICF_SENDTARGETS_ALL = 0x00000100,
6759 ++ ICF_SENDTARGETS_SINGLE = 0x00000200,
6760 ++};
6761 ++
6762 ++/* struct iscsi_cmd->i_state */
6763 ++enum cmd_i_state_table {
6764 ++ ISTATE_NO_STATE = 0,
6765 ++ ISTATE_NEW_CMD = 1,
6766 ++ ISTATE_DEFERRED_CMD = 2,
6767 ++ ISTATE_UNSOLICITED_DATA = 3,
6768 ++ ISTATE_RECEIVE_DATAOUT = 4,
6769 ++ ISTATE_RECEIVE_DATAOUT_RECOVERY = 5,
6770 ++ ISTATE_RECEIVED_LAST_DATAOUT = 6,
6771 ++ ISTATE_WITHIN_DATAOUT_RECOVERY = 7,
6772 ++ ISTATE_IN_CONNECTION_RECOVERY = 8,
6773 ++ ISTATE_RECEIVED_TASKMGT = 9,
6774 ++ ISTATE_SEND_ASYNCMSG = 10,
6775 ++ ISTATE_SENT_ASYNCMSG = 11,
6776 ++ ISTATE_SEND_DATAIN = 12,
6777 ++ ISTATE_SEND_LAST_DATAIN = 13,
6778 ++ ISTATE_SENT_LAST_DATAIN = 14,
6779 ++ ISTATE_SEND_LOGOUTRSP = 15,
6780 ++ ISTATE_SENT_LOGOUTRSP = 16,
6781 ++ ISTATE_SEND_NOPIN = 17,
6782 ++ ISTATE_SENT_NOPIN = 18,
6783 ++ ISTATE_SEND_REJECT = 19,
6784 ++ ISTATE_SENT_REJECT = 20,
6785 ++ ISTATE_SEND_R2T = 21,
6786 ++ ISTATE_SENT_R2T = 22,
6787 ++ ISTATE_SEND_R2T_RECOVERY = 23,
6788 ++ ISTATE_SENT_R2T_RECOVERY = 24,
6789 ++ ISTATE_SEND_LAST_R2T = 25,
6790 ++ ISTATE_SENT_LAST_R2T = 26,
6791 ++ ISTATE_SEND_LAST_R2T_RECOVERY = 27,
6792 ++ ISTATE_SENT_LAST_R2T_RECOVERY = 28,
6793 ++ ISTATE_SEND_STATUS = 29,
6794 ++ ISTATE_SEND_STATUS_BROKEN_PC = 30,
6795 ++ ISTATE_SENT_STATUS = 31,
6796 ++ ISTATE_SEND_STATUS_RECOVERY = 32,
6797 ++ ISTATE_SENT_STATUS_RECOVERY = 33,
6798 ++ ISTATE_SEND_TASKMGTRSP = 34,
6799 ++ ISTATE_SENT_TASKMGTRSP = 35,
6800 ++ ISTATE_SEND_TEXTRSP = 36,
6801 ++ ISTATE_SENT_TEXTRSP = 37,
6802 ++ ISTATE_SEND_NOPIN_WANT_RESPONSE = 38,
6803 ++ ISTATE_SENT_NOPIN_WANT_RESPONSE = 39,
6804 ++ ISTATE_SEND_NOPIN_NO_RESPONSE = 40,
6805 ++ ISTATE_REMOVE = 41,
6806 ++ ISTATE_FREE = 42,
6807 ++};
6808 ++
6809 ++/* Used for iscsi_recover_cmdsn() return values */
6810 ++enum recover_cmdsn_ret_table {
6811 ++ CMDSN_ERROR_CANNOT_RECOVER = -1,
6812 ++ CMDSN_NORMAL_OPERATION = 0,
6813 ++ CMDSN_LOWER_THAN_EXP = 1,
6814 ++ CMDSN_HIGHER_THAN_EXP = 2,
6815 ++ CMDSN_MAXCMDSN_OVERRUN = 3,
6816 ++};
6817 ++
6818 ++/* Used for iscsi_handle_immediate_data() return values */
6819 ++enum immedate_data_ret_table {
6820 ++ IMMEDIATE_DATA_CANNOT_RECOVER = -1,
6821 ++ IMMEDIATE_DATA_NORMAL_OPERATION = 0,
6822 ++ IMMEDIATE_DATA_ERL1_CRC_FAILURE = 1,
6823 ++};
6824 ++
6825 ++/* Used for iscsi_decide_dataout_action() return values */
6826 ++enum dataout_action_ret_table {
6827 ++ DATAOUT_CANNOT_RECOVER = -1,
6828 ++ DATAOUT_NORMAL = 0,
6829 ++ DATAOUT_SEND_R2T = 1,
6830 ++ DATAOUT_SEND_TO_TRANSPORT = 2,
6831 ++ DATAOUT_WITHIN_COMMAND_RECOVERY = 3,
6832 ++};
6833 ++
6834 ++/* Used for struct iscsi_node_auth->naf_flags */
6835 ++enum naf_flags_table {
6836 ++ NAF_USERID_SET = 0x01,
6837 ++ NAF_PASSWORD_SET = 0x02,
6838 ++ NAF_USERID_IN_SET = 0x04,
6839 ++ NAF_PASSWORD_IN_SET = 0x08,
6840 ++};
6841 ++
6842 ++/* Used by various struct timer_list to manage iSCSI specific state */
6843 ++enum iscsi_timer_flags_table {
6844 ++ ISCSI_TF_RUNNING = 0x01,
6845 ++ ISCSI_TF_STOP = 0x02,
6846 ++ ISCSI_TF_EXPIRED = 0x04,
6847 ++};
6848 ++
6849 ++/* Used for struct iscsi_np->np_flags */
6850 ++enum np_flags_table {
6851 ++ NPF_IP_NETWORK = 0x00,
6852 ++};
6853 ++
6854 ++/* Used for struct iscsi_np->np_thread_state */
6855 ++enum np_thread_state_table {
6856 ++ ISCSI_NP_THREAD_ACTIVE = 1,
6857 ++ ISCSI_NP_THREAD_INACTIVE = 2,
6858 ++ ISCSI_NP_THREAD_RESET = 3,
6859 ++ ISCSI_NP_THREAD_SHUTDOWN = 4,
6860 ++ ISCSI_NP_THREAD_EXIT = 5,
6861 ++};
6862 ++
6863 ++struct iscsi_conn_ops {
6864 ++ u8 HeaderDigest; /* [0,1] == [None,CRC32C] */
6865 ++ u8 DataDigest; /* [0,1] == [None,CRC32C] */
6866 ++ u32 MaxRecvDataSegmentLength; /* [512..2**24-1] */
6867 ++ u32 MaxXmitDataSegmentLength; /* [512..2**24-1] */
6868 ++ u8 OFMarker; /* [0,1] == [No,Yes] */
6869 ++ u8 IFMarker; /* [0,1] == [No,Yes] */
6870 ++ u32 OFMarkInt; /* [1..65535] */
6871 ++ u32 IFMarkInt; /* [1..65535] */
6872 ++ /*
6873 ++ * iSER specific connection parameters
6874 ++ */
6875 ++ u32 InitiatorRecvDataSegmentLength; /* [512..2**24-1] */
6876 ++ u32 TargetRecvDataSegmentLength; /* [512..2**24-1] */
6877 ++};
6878 ++
6879 ++struct iscsi_sess_ops {
6880 ++ char InitiatorName[224];
6881 ++ char InitiatorAlias[256];
6882 ++ char TargetName[224];
6883 ++ char TargetAlias[256];
6884 ++ char TargetAddress[256];
6885 ++ u16 TargetPortalGroupTag; /* [0..65535] */
6886 ++ u16 MaxConnections; /* [1..65535] */
6887 ++ u8 InitialR2T; /* [0,1] == [No,Yes] */
6888 ++ u8 ImmediateData; /* [0,1] == [No,Yes] */
6889 ++ u32 MaxBurstLength; /* [512..2**24-1] */
6890 ++ u32 FirstBurstLength; /* [512..2**24-1] */
6891 ++ u16 DefaultTime2Wait; /* [0..3600] */
6892 ++ u16 DefaultTime2Retain; /* [0..3600] */
6893 ++ u16 MaxOutstandingR2T; /* [1..65535] */
6894 ++ u8 DataPDUInOrder; /* [0,1] == [No,Yes] */
6895 ++ u8 DataSequenceInOrder; /* [0,1] == [No,Yes] */
6896 ++ u8 ErrorRecoveryLevel; /* [0..2] */
6897 ++ u8 SessionType; /* [0,1] == [Normal,Discovery]*/
6898 ++ /*
6899 ++ * iSER specific session parameters
6900 ++ */
6901 ++ u8 RDMAExtensions; /* [0,1] == [No,Yes] */
6902 ++};
6903 ++
6904 ++struct iscsi_queue_req {
6905 ++ int state;
6906 ++ struct iscsi_cmd *cmd;
6907 ++ struct list_head qr_list;
6908 ++};
6909 ++
6910 ++struct iscsi_data_count {
6911 ++ int data_length;
6912 ++ int sync_and_steering;
6913 ++ enum data_count_type type;
6914 ++ u32 iov_count;
6915 ++ u32 ss_iov_count;
6916 ++ u32 ss_marker_count;
6917 ++ struct kvec *iov;
6918 ++};
6919 ++
6920 ++struct iscsi_param_list {
6921 ++ bool iser;
6922 ++ struct list_head param_list;
6923 ++ struct list_head extra_response_list;
6924 ++};
6925 ++
6926 ++struct iscsi_datain_req {
6927 ++ enum datain_req_comp_table dr_complete;
6928 ++ int generate_recovery_values;
6929 ++ enum datain_req_rec_table recovery;
6930 ++ u32 begrun;
6931 ++ u32 runlength;
6932 ++ u32 data_length;
6933 ++ u32 data_offset;
6934 ++ u32 data_sn;
6935 ++ u32 next_burst_len;
6936 ++ u32 read_data_done;
6937 ++ u32 seq_send_order;
6938 ++ struct list_head cmd_datain_node;
6939 ++} ____cacheline_aligned;
6940 ++
6941 ++struct iscsi_ooo_cmdsn {
6942 ++ u16 cid;
6943 ++ u32 batch_count;
6944 ++ u32 cmdsn;
6945 ++ u32 exp_cmdsn;
6946 ++ struct iscsi_cmd *cmd;
6947 ++ struct list_head ooo_list;
6948 ++} ____cacheline_aligned;
6949 ++
6950 ++struct iscsi_datain {
6951 ++ u8 flags;
6952 ++ u32 data_sn;
6953 ++ u32 length;
6954 ++ u32 offset;
6955 ++} ____cacheline_aligned;
6956 ++
6957 ++struct iscsi_r2t {
6958 ++ int seq_complete;
6959 ++ int recovery_r2t;
6960 ++ int sent_r2t;
6961 ++ u32 r2t_sn;
6962 ++ u32 offset;
6963 ++ u32 targ_xfer_tag;
6964 ++ u32 xfer_len;
6965 ++ struct list_head r2t_list;
6966 ++} ____cacheline_aligned;
6967 ++
6968 ++struct iscsi_cmd {
6969 ++ enum iscsi_timer_flags_table dataout_timer_flags;
6970 ++ /* DataOUT timeout retries */
6971 ++ u8 dataout_timeout_retries;
6972 ++ /* Within command recovery count */
6973 ++ u8 error_recovery_count;
6974 ++ /* iSCSI dependent state for out or order CmdSNs */
6975 ++ enum cmd_i_state_table deferred_i_state;
6976 ++ /* iSCSI dependent state */
6977 ++ enum cmd_i_state_table i_state;
6978 ++ /* Command is an immediate command (ISCSI_OP_IMMEDIATE set) */
6979 ++ u8 immediate_cmd;
6980 ++ /* Immediate data present */
6981 ++ u8 immediate_data;
6982 ++ /* iSCSI Opcode */
6983 ++ u8 iscsi_opcode;
6984 ++ /* iSCSI Response Code */
6985 ++ u8 iscsi_response;
6986 ++ /* Logout reason when iscsi_opcode == ISCSI_INIT_LOGOUT_CMND */
6987 ++ u8 logout_reason;
6988 ++ /* Logout response code when iscsi_opcode == ISCSI_INIT_LOGOUT_CMND */
6989 ++ u8 logout_response;
6990 ++ /* MaxCmdSN has been incremented */
6991 ++ u8 maxcmdsn_inc;
6992 ++ /* Immediate Unsolicited Dataout */
6993 ++ u8 unsolicited_data;
6994 ++ /* Reject reason code */
6995 ++ u8 reject_reason;
6996 ++ /* CID contained in logout PDU when opcode == ISCSI_INIT_LOGOUT_CMND */
6997 ++ u16 logout_cid;
6998 ++ /* Command flags */
6999 ++ enum cmd_flags_table cmd_flags;
7000 ++ /* Initiator Task Tag assigned from Initiator */
7001 ++ itt_t init_task_tag;
7002 ++ /* Target Transfer Tag assigned from Target */
7003 ++ u32 targ_xfer_tag;
7004 ++ /* CmdSN assigned from Initiator */
7005 ++ u32 cmd_sn;
7006 ++ /* ExpStatSN assigned from Initiator */
7007 ++ u32 exp_stat_sn;
7008 ++ /* StatSN assigned to this ITT */
7009 ++ u32 stat_sn;
7010 ++ /* DataSN Counter */
7011 ++ u32 data_sn;
7012 ++ /* R2TSN Counter */
7013 ++ u32 r2t_sn;
7014 ++ /* Last DataSN acknowledged via DataAck SNACK */
7015 ++ u32 acked_data_sn;
7016 ++ /* Used for echoing NOPOUT ping data */
7017 ++ u32 buf_ptr_size;
7018 ++ /* Used to store DataDigest */
7019 ++ u32 data_crc;
7020 ++ /* Counter for MaxOutstandingR2T */
7021 ++ u32 outstanding_r2ts;
7022 ++ /* Next R2T Offset when DataSequenceInOrder=Yes */
7023 ++ u32 r2t_offset;
7024 ++ /* Iovec current and orig count for iscsi_cmd->iov_data */
7025 ++ u32 iov_data_count;
7026 ++ u32 orig_iov_data_count;
7027 ++ /* Number of miscellaneous iovecs used for IP stack calls */
7028 ++ u32 iov_misc_count;
7029 ++ /* Number of struct iscsi_pdu in struct iscsi_cmd->pdu_list */
7030 ++ u32 pdu_count;
7031 ++ /* Next struct iscsi_pdu to send in struct iscsi_cmd->pdu_list */
7032 ++ u32 pdu_send_order;
7033 ++ /* Current struct iscsi_pdu in struct iscsi_cmd->pdu_list */
7034 ++ u32 pdu_start;
7035 ++ /* Next struct iscsi_seq to send in struct iscsi_cmd->seq_list */
7036 ++ u32 seq_send_order;
7037 ++ /* Number of struct iscsi_seq in struct iscsi_cmd->seq_list */
7038 ++ u32 seq_count;
7039 ++ /* Current struct iscsi_seq in struct iscsi_cmd->seq_list */
7040 ++ u32 seq_no;
7041 ++ /* Lowest offset in current DataOUT sequence */
7042 ++ u32 seq_start_offset;
7043 ++ /* Highest offset in current DataOUT sequence */
7044 ++ u32 seq_end_offset;
7045 ++ /* Total size in bytes received so far of READ data */
7046 ++ u32 read_data_done;
7047 ++ /* Total size in bytes received so far of WRITE data */
7048 ++ u32 write_data_done;
7049 ++ /* Counter for FirstBurstLength key */
7050 ++ u32 first_burst_len;
7051 ++ /* Counter for MaxBurstLength key */
7052 ++ u32 next_burst_len;
7053 ++ /* Transfer size used for IP stack calls */
7054 ++ u32 tx_size;
7055 ++ /* Buffer used for various purposes */
7056 ++ void *buf_ptr;
7057 ++ /* Used by SendTargets=[iqn.,eui.] discovery */
7058 ++ void *text_in_ptr;
7059 ++ /* See include/linux/dma-mapping.h */
7060 ++ enum dma_data_direction data_direction;
7061 ++ /* iSCSI PDU Header + CRC */
7062 ++ unsigned char pdu[ISCSI_HDR_LEN + ISCSI_CRC_LEN];
7063 ++ /* Number of times struct iscsi_cmd is present in immediate queue */
7064 ++ atomic_t immed_queue_count;
7065 ++ atomic_t response_queue_count;
7066 ++ spinlock_t datain_lock;
7067 ++ spinlock_t dataout_timeout_lock;
7068 ++ /* spinlock for protecting struct iscsi_cmd->i_state */
7069 ++ spinlock_t istate_lock;
7070 ++ /* spinlock for adding within command recovery entries */
7071 ++ spinlock_t error_lock;
7072 ++ /* spinlock for adding R2Ts */
7073 ++ spinlock_t r2t_lock;
7074 ++ /* DataIN List */
7075 ++ struct list_head datain_list;
7076 ++ /* R2T List */
7077 ++ struct list_head cmd_r2t_list;
7078 ++ /* Timer for DataOUT */
7079 ++ struct timer_list dataout_timer;
7080 ++ /* Iovecs for SCSI data payload RX/TX w/ kernel level sockets */
7081 ++ struct kvec *iov_data;
7082 ++ /* Iovecs for miscellaneous purposes */
7083 ++#define ISCSI_MISC_IOVECS 5
7084 ++ struct kvec iov_misc[ISCSI_MISC_IOVECS];
7085 ++ /* Array of struct iscsi_pdu used for DataPDUInOrder=No */
7086 ++ struct iscsi_pdu *pdu_list;
7087 ++ /* Current struct iscsi_pdu used for DataPDUInOrder=No */
7088 ++ struct iscsi_pdu *pdu_ptr;
7089 ++ /* Array of struct iscsi_seq used for DataSequenceInOrder=No */
7090 ++ struct iscsi_seq *seq_list;
7091 ++ /* Current struct iscsi_seq used for DataSequenceInOrder=No */
7092 ++ struct iscsi_seq *seq_ptr;
7093 ++ /* TMR Request when iscsi_opcode == ISCSI_OP_SCSI_TMFUNC */
7094 ++ struct iscsi_tmr_req *tmr_req;
7095 ++ /* Connection this command is alligient to */
7096 ++ struct iscsi_conn *conn;
7097 ++ /* Pointer to connection recovery entry */
7098 ++ struct iscsi_conn_recovery *cr;
7099 ++ /* Session the command is part of, used for connection recovery */
7100 ++ struct iscsi_session *sess;
7101 ++ /* list_head for connection list */
7102 ++ struct list_head i_conn_node;
7103 ++ /* The TCM I/O descriptor that is accessed via container_of() */
7104 ++ struct se_cmd se_cmd;
7105 ++ /* Sense buffer that will be mapped into outgoing status */
7106 ++#define ISCSI_SENSE_BUFFER_LEN (TRANSPORT_SENSE_BUFFER + 2)
7107 ++ unsigned char sense_buffer[ISCSI_SENSE_BUFFER_LEN];
7108 ++
7109 ++ u32 padding;
7110 ++ u8 pad_bytes[4];
7111 ++
7112 ++ struct scatterlist *first_data_sg;
7113 ++ u32 first_data_sg_off;
7114 ++ u32 kmapped_nents;
7115 ++ sense_reason_t sense_reason;
7116 ++} ____cacheline_aligned;
7117 ++
7118 ++struct iscsi_tmr_req {
7119 ++ bool task_reassign:1;
7120 ++ u32 exp_data_sn;
7121 ++ struct iscsi_cmd *ref_cmd;
7122 ++ struct iscsi_conn_recovery *conn_recovery;
7123 ++ struct se_tmr_req *se_tmr_req;
7124 ++};
7125 ++
7126 ++struct iscsi_conn {
7127 ++ wait_queue_head_t queues_wq;
7128 ++ /* Authentication Successful for this connection */
7129 ++ u8 auth_complete;
7130 ++ /* State connection is currently in */
7131 ++ u8 conn_state;
7132 ++ u8 conn_logout_reason;
7133 ++ u8 network_transport;
7134 ++ enum iscsi_timer_flags_table nopin_timer_flags;
7135 ++ enum iscsi_timer_flags_table nopin_response_timer_flags;
7136 ++ /* Used to know what thread encountered a transport failure */
7137 ++ u8 which_thread;
7138 ++ /* connection id assigned by the Initiator */
7139 ++ u16 cid;
7140 ++ /* Remote TCP Port */
7141 ++ u16 login_port;
7142 ++ u16 local_port;
7143 ++ int net_size;
7144 ++ int login_family;
7145 ++ u32 auth_id;
7146 ++ u32 conn_flags;
7147 ++ /* Used for iscsi_tx_login_rsp() */
7148 ++ itt_t login_itt;
7149 ++ u32 exp_statsn;
7150 ++ /* Per connection status sequence number */
7151 ++ u32 stat_sn;
7152 ++ /* IFMarkInt's Current Value */
7153 ++ u32 if_marker;
7154 ++ /* OFMarkInt's Current Value */
7155 ++ u32 of_marker;
7156 ++ /* Used for calculating OFMarker offset to next PDU */
7157 ++ u32 of_marker_offset;
7158 ++#define IPV6_ADDRESS_SPACE 48
7159 ++ unsigned char login_ip[IPV6_ADDRESS_SPACE];
7160 ++ unsigned char local_ip[IPV6_ADDRESS_SPACE];
7161 ++ int conn_usage_count;
7162 ++ int conn_waiting_on_uc;
7163 ++ atomic_t check_immediate_queue;
7164 ++ atomic_t conn_logout_remove;
7165 ++ atomic_t connection_exit;
7166 ++ atomic_t connection_recovery;
7167 ++ atomic_t connection_reinstatement;
7168 ++ atomic_t connection_wait_rcfr;
7169 ++ atomic_t sleep_on_conn_wait_comp;
7170 ++ atomic_t transport_failed;
7171 ++ struct completion conn_post_wait_comp;
7172 ++ struct completion conn_wait_comp;
7173 ++ struct completion conn_wait_rcfr_comp;
7174 ++ struct completion conn_waiting_on_uc_comp;
7175 ++ struct completion conn_logout_comp;
7176 ++ struct completion tx_half_close_comp;
7177 ++ struct completion rx_half_close_comp;
7178 ++ /* socket used by this connection */
7179 ++ struct socket *sock;
7180 ++ void (*orig_data_ready)(struct sock *);
7181 ++ void (*orig_state_change)(struct sock *);
7182 ++#define LOGIN_FLAGS_READ_ACTIVE 1
7183 ++#define LOGIN_FLAGS_CLOSED 2
7184 ++#define LOGIN_FLAGS_READY 4
7185 ++ unsigned long login_flags;
7186 ++ struct delayed_work login_work;
7187 ++ struct delayed_work login_cleanup_work;
7188 ++ struct iscsi_login *login;
7189 ++ struct timer_list nopin_timer;
7190 ++ struct timer_list nopin_response_timer;
7191 ++ struct timer_list transport_timer;
7192 ++ struct task_struct *login_kworker;
7193 ++ /* Spinlock used for add/deleting cmd's from conn_cmd_list */
7194 ++ spinlock_t cmd_lock;
7195 ++ spinlock_t conn_usage_lock;
7196 ++ spinlock_t immed_queue_lock;
7197 ++ spinlock_t nopin_timer_lock;
7198 ++ spinlock_t response_queue_lock;
7199 ++ spinlock_t state_lock;
7200 ++ /* libcrypto RX and TX contexts for crc32c */
7201 ++ struct hash_desc conn_rx_hash;
7202 ++ struct hash_desc conn_tx_hash;
7203 ++ /* Used for scheduling TX and RX connection kthreads */
7204 ++ cpumask_var_t conn_cpumask;
7205 ++ unsigned int conn_rx_reset_cpumask:1;
7206 ++ unsigned int conn_tx_reset_cpumask:1;
7207 ++ /* list_head of struct iscsi_cmd for this connection */
7208 ++ struct list_head conn_cmd_list;
7209 ++ struct list_head immed_queue_list;
7210 ++ struct list_head response_queue_list;
7211 ++ struct iscsi_conn_ops *conn_ops;
7212 ++ struct iscsi_login *conn_login;
7213 ++ struct iscsit_transport *conn_transport;
7214 ++ struct iscsi_param_list *param_list;
7215 ++ /* Used for per connection auth state machine */
7216 ++ void *auth_protocol;
7217 ++ void *context;
7218 ++ struct iscsi_login_thread_s *login_thread;
7219 ++ struct iscsi_portal_group *tpg;
7220 ++ struct iscsi_tpg_np *tpg_np;
7221 ++ /* Pointer to parent session */
7222 ++ struct iscsi_session *sess;
7223 ++ int bitmap_id;
7224 ++ int rx_thread_active;
7225 ++ struct task_struct *rx_thread;
7226 ++ struct completion rx_login_comp;
7227 ++ int tx_thread_active;
7228 ++ struct task_struct *tx_thread;
7229 ++ /* list_head for session connection list */
7230 ++ struct list_head conn_list;
7231 ++} ____cacheline_aligned;
7232 ++
7233 ++struct iscsi_conn_recovery {
7234 ++ u16 cid;
7235 ++ u32 cmd_count;
7236 ++ u32 maxrecvdatasegmentlength;
7237 ++ u32 maxxmitdatasegmentlength;
7238 ++ int ready_for_reallegiance;
7239 ++ struct list_head conn_recovery_cmd_list;
7240 ++ spinlock_t conn_recovery_cmd_lock;
7241 ++ struct timer_list time2retain_timer;
7242 ++ struct iscsi_session *sess;
7243 ++ struct list_head cr_list;
7244 ++} ____cacheline_aligned;
7245 ++
7246 ++struct iscsi_session {
7247 ++ u8 initiator_vendor;
7248 ++ u8 isid[6];
7249 ++ enum iscsi_timer_flags_table time2retain_timer_flags;
7250 ++ u8 version_active;
7251 ++ u16 cid_called;
7252 ++ u16 conn_recovery_count;
7253 ++ u16 tsih;
7254 ++ /* state session is currently in */
7255 ++ u32 session_state;
7256 ++ /* session wide counter: initiator assigned task tag */
7257 ++ itt_t init_task_tag;
7258 ++ /* session wide counter: target assigned task tag */
7259 ++ u32 targ_xfer_tag;
7260 ++ u32 cmdsn_window;
7261 ++
7262 ++ /* protects cmdsn values */
7263 ++ struct mutex cmdsn_mutex;
7264 ++ /* session wide counter: expected command sequence number */
7265 ++ u32 exp_cmd_sn;
7266 ++ /* session wide counter: maximum allowed command sequence number */
7267 ++ u32 max_cmd_sn;
7268 ++ struct list_head sess_ooo_cmdsn_list;
7269 ++
7270 ++ /* LIO specific session ID */
7271 ++ u32 sid;
7272 ++ char auth_type[8];
7273 ++ /* unique within the target */
7274 ++ int session_index;
7275 ++ /* Used for session reference counting */
7276 ++ int session_usage_count;
7277 ++ int session_waiting_on_uc;
7278 ++ atomic_long_t cmd_pdus;
7279 ++ atomic_long_t rsp_pdus;
7280 ++ atomic_long_t tx_data_octets;
7281 ++ atomic_long_t rx_data_octets;
7282 ++ atomic_long_t conn_digest_errors;
7283 ++ atomic_long_t conn_timeout_errors;
7284 ++ u64 creation_time;
7285 ++ /* Number of active connections */
7286 ++ atomic_t nconn;
7287 ++ atomic_t session_continuation;
7288 ++ atomic_t session_fall_back_to_erl0;
7289 ++ atomic_t session_logout;
7290 ++ atomic_t session_reinstatement;
7291 ++ atomic_t session_stop_active;
7292 ++ atomic_t sleep_on_sess_wait_comp;
7293 ++ /* connection list */
7294 ++ struct list_head sess_conn_list;
7295 ++ struct list_head cr_active_list;
7296 ++ struct list_head cr_inactive_list;
7297 ++ spinlock_t conn_lock;
7298 ++ spinlock_t cr_a_lock;
7299 ++ spinlock_t cr_i_lock;
7300 ++ spinlock_t session_usage_lock;
7301 ++ spinlock_t ttt_lock;
7302 ++ struct completion async_msg_comp;
7303 ++ struct completion reinstatement_comp;
7304 ++ struct completion session_wait_comp;
7305 ++ struct completion session_waiting_on_uc_comp;
7306 ++ struct timer_list time2retain_timer;
7307 ++ struct iscsi_sess_ops *sess_ops;
7308 ++ struct se_session *se_sess;
7309 ++ struct iscsi_portal_group *tpg;
7310 ++} ____cacheline_aligned;
7311 ++
7312 ++struct iscsi_login {
7313 ++ u8 auth_complete;
7314 ++ u8 checked_for_existing;
7315 ++ u8 current_stage;
7316 ++ u8 leading_connection;
7317 ++ u8 first_request;
7318 ++ u8 version_min;
7319 ++ u8 version_max;
7320 ++ u8 login_complete;
7321 ++ u8 login_failed;
7322 ++ bool zero_tsih;
7323 ++ char isid[6];
7324 ++ u32 cmd_sn;
7325 ++ itt_t init_task_tag;
7326 ++ u32 initial_exp_statsn;
7327 ++ u32 rsp_length;
7328 ++ u16 cid;
7329 ++ u16 tsih;
7330 ++ char req[ISCSI_HDR_LEN];
7331 ++ char rsp[ISCSI_HDR_LEN];
7332 ++ char *req_buf;
7333 ++ char *rsp_buf;
7334 ++ struct iscsi_conn *conn;
7335 ++ struct iscsi_np *np;
7336 ++} ____cacheline_aligned;
7337 ++
7338 ++struct iscsi_node_attrib {
7339 ++ u32 dataout_timeout;
7340 ++ u32 dataout_timeout_retries;
7341 ++ u32 default_erl;
7342 ++ u32 nopin_timeout;
7343 ++ u32 nopin_response_timeout;
7344 ++ u32 random_datain_pdu_offsets;
7345 ++ u32 random_datain_seq_offsets;
7346 ++ u32 random_r2t_offsets;
7347 ++ u32 tmr_cold_reset;
7348 ++ u32 tmr_warm_reset;
7349 ++ struct iscsi_node_acl *nacl;
7350 ++};
7351 ++
7352 ++struct se_dev_entry_s;
7353 ++
7354 ++struct iscsi_node_auth {
7355 ++ enum naf_flags_table naf_flags;
7356 ++ int authenticate_target;
7357 ++ /* Used for iscsit_global->discovery_auth,
7358 ++ * set to zero (auth disabled) by default */
7359 ++ int enforce_discovery_auth;
7360 ++#define MAX_USER_LEN 256
7361 ++#define MAX_PASS_LEN 256
7362 ++ char userid[MAX_USER_LEN];
7363 ++ char password[MAX_PASS_LEN];
7364 ++ char userid_mutual[MAX_USER_LEN];
7365 ++ char password_mutual[MAX_PASS_LEN];
7366 ++};
7367 ++
7368 ++#include "iscsi_target_stat.h"
7369 ++
7370 ++struct iscsi_node_stat_grps {
7371 ++ struct config_group iscsi_sess_stats_group;
7372 ++ struct config_group iscsi_conn_stats_group;
7373 ++};
7374 ++
7375 ++struct iscsi_node_acl {
7376 ++ struct iscsi_node_attrib node_attrib;
7377 ++ struct iscsi_node_auth node_auth;
7378 ++ struct iscsi_node_stat_grps node_stat_grps;
7379 ++ struct se_node_acl se_node_acl;
7380 ++};
7381 ++
7382 ++struct iscsi_tpg_attrib {
7383 ++ u32 authentication;
7384 ++ u32 login_timeout;
7385 ++ u32 netif_timeout;
7386 ++ u32 generate_node_acls;
7387 ++ u32 cache_dynamic_acls;
7388 ++ u32 default_cmdsn_depth;
7389 ++ u32 demo_mode_write_protect;
7390 ++ u32 prod_mode_write_protect;
7391 ++ u32 demo_mode_discovery;
7392 ++ u32 default_erl;
7393 ++ u8 t10_pi;
7394 ++ u32 fabric_prot_type;
7395 ++ struct iscsi_portal_group *tpg;
7396 ++};
7397 ++
7398 ++struct iscsi_np {
7399 ++ int np_network_transport;
7400 ++ int np_ip_proto;
7401 ++ int np_sock_type;
7402 ++ enum np_thread_state_table np_thread_state;
7403 ++ bool enabled;
7404 ++ enum iscsi_timer_flags_table np_login_timer_flags;
7405 ++ u32 np_exports;
7406 ++ enum np_flags_table np_flags;
7407 ++ u16 np_port;
7408 ++ spinlock_t np_thread_lock;
7409 ++ struct completion np_restart_comp;
7410 ++ struct socket *np_socket;
7411 ++ struct __kernel_sockaddr_storage np_sockaddr;
7412 ++ struct task_struct *np_thread;
7413 ++ struct timer_list np_login_timer;
7414 ++ void *np_context;
7415 ++ struct iscsit_transport *np_transport;
7416 ++ struct list_head np_list;
7417 ++} ____cacheline_aligned;
7418 ++
7419 ++struct iscsi_tpg_np {
7420 ++ struct iscsi_np *tpg_np;
7421 ++ struct iscsi_portal_group *tpg;
7422 ++ struct iscsi_tpg_np *tpg_np_parent;
7423 ++ struct list_head tpg_np_list;
7424 ++ struct list_head tpg_np_child_list;
7425 ++ struct list_head tpg_np_parent_list;
7426 ++ struct se_tpg_np se_tpg_np;
7427 ++ spinlock_t tpg_np_parent_lock;
7428 ++ struct completion tpg_np_comp;
7429 ++ struct kref tpg_np_kref;
7430 ++};
7431 ++
7432 ++struct iscsi_portal_group {
7433 ++ unsigned char tpg_chap_id;
7434 ++ /* TPG State */
7435 ++ enum tpg_state_table tpg_state;
7436 ++ /* Target Portal Group Tag */
7437 ++ u16 tpgt;
7438 ++ /* Id assigned to target sessions */
7439 ++ u16 ntsih;
7440 ++ /* Number of active sessions */
7441 ++ u32 nsessions;
7442 ++ /* Number of Network Portals available for this TPG */
7443 ++ u32 num_tpg_nps;
7444 ++ /* Per TPG LIO specific session ID. */
7445 ++ u32 sid;
7446 ++ /* Spinlock for adding/removing Network Portals */
7447 ++ spinlock_t tpg_np_lock;
7448 ++ spinlock_t tpg_state_lock;
7449 ++ struct se_portal_group tpg_se_tpg;
7450 ++ struct mutex tpg_access_lock;
7451 ++ struct semaphore np_login_sem;
7452 ++ struct iscsi_tpg_attrib tpg_attrib;
7453 ++ struct iscsi_node_auth tpg_demo_auth;
7454 ++ /* Pointer to default list of iSCSI parameters for TPG */
7455 ++ struct iscsi_param_list *param_list;
7456 ++ struct iscsi_tiqn *tpg_tiqn;
7457 ++ struct list_head tpg_gnp_list;
7458 ++ struct list_head tpg_list;
7459 ++} ____cacheline_aligned;
7460 ++
7461 ++struct iscsi_wwn_stat_grps {
7462 ++ struct config_group iscsi_stat_group;
7463 ++ struct config_group iscsi_instance_group;
7464 ++ struct config_group iscsi_sess_err_group;
7465 ++ struct config_group iscsi_tgt_attr_group;
7466 ++ struct config_group iscsi_login_stats_group;
7467 ++ struct config_group iscsi_logout_stats_group;
7468 ++};
7469 ++
7470 ++struct iscsi_tiqn {
7471 ++#define ISCSI_IQN_LEN 224
7472 ++ unsigned char tiqn[ISCSI_IQN_LEN];
7473 ++ enum tiqn_state_table tiqn_state;
7474 ++ int tiqn_access_count;
7475 ++ u32 tiqn_active_tpgs;
7476 ++ u32 tiqn_ntpgs;
7477 ++ u32 tiqn_num_tpg_nps;
7478 ++ u32 tiqn_nsessions;
7479 ++ struct list_head tiqn_list;
7480 ++ struct list_head tiqn_tpg_list;
7481 ++ spinlock_t tiqn_state_lock;
7482 ++ spinlock_t tiqn_tpg_lock;
7483 ++ struct se_wwn tiqn_wwn;
7484 ++ struct iscsi_wwn_stat_grps tiqn_stat_grps;
7485 ++ int tiqn_index;
7486 ++ struct iscsi_sess_err_stats sess_err_stats;
7487 ++ struct iscsi_login_stats login_stats;
7488 ++ struct iscsi_logout_stats logout_stats;
7489 ++} ____cacheline_aligned;
7490 ++
7491 ++struct iscsit_global {
7492 ++ /* In core shutdown */
7493 ++ u32 in_shutdown;
7494 ++ u32 active_ts;
7495 ++ /* Unique identifier used for the authentication daemon */
7496 ++ u32 auth_id;
7497 ++ u32 inactive_ts;
7498 ++#define ISCSIT_BITMAP_BITS 262144
7499 ++ /* Thread Set bitmap pointer */
7500 ++ unsigned long *ts_bitmap;
7501 ++ spinlock_t ts_bitmap_lock;
7502 ++ /* Used for iSCSI discovery session authentication */
7503 ++ struct iscsi_node_acl discovery_acl;
7504 ++ struct iscsi_portal_group *discovery_tpg;
7505 ++};
7506 ++
7507 ++static inline u32 session_get_next_ttt(struct iscsi_session *session)
7508 ++{
7509 ++ u32 ttt;
7510 ++
7511 ++ spin_lock_bh(&session->ttt_lock);
7512 ++ ttt = session->targ_xfer_tag++;
7513 ++ if (ttt == 0xFFFFFFFF)
7514 ++ ttt = session->targ_xfer_tag++;
7515 ++ spin_unlock_bh(&session->ttt_lock);
7516 ++
7517 ++ return ttt;
7518 ++}
7519 ++
7520 ++extern struct iscsi_cmd *iscsit_find_cmd_from_itt(struct iscsi_conn *, itt_t);
7521 ++#endif /* ISCSI_TARGET_CORE_H */
7522 +diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
7523 +index 0bdb77e16875..fe017d125839 100644
7524 +--- a/include/uapi/linux/if_link.h
7525 ++++ b/include/uapi/linux/if_link.h
7526 +@@ -436,6 +436,9 @@ enum {
7527 + IFLA_VF_SPOOFCHK, /* Spoof Checking on/off switch */
7528 + IFLA_VF_LINK_STATE, /* link state enable/disable/auto switch */
7529 + IFLA_VF_RATE, /* Min and Max TX Bandwidth Allocation */
7530 ++ IFLA_VF_RSS_QUERY_EN, /* RSS Redirection Table and Hash Key query
7531 ++ * on/off switch
7532 ++ */
7533 + __IFLA_VF_MAX,
7534 + };
7535 +
7536 +@@ -480,6 +483,11 @@ struct ifla_vf_link_state {
7537 + __u32 link_state;
7538 + };
7539 +
7540 ++struct ifla_vf_rss_query_en {
7541 ++ __u32 vf;
7542 ++ __u32 setting;
7543 ++};
7544 ++
7545 + /* VF ports management section
7546 + *
7547 + * Nested layout of set/get msg is:
7548 +diff --git a/include/xen/interface/sched.h b/include/xen/interface/sched.h
7549 +index 9ce083960a25..f18490985fc8 100644
7550 +--- a/include/xen/interface/sched.h
7551 ++++ b/include/xen/interface/sched.h
7552 +@@ -107,5 +107,13 @@ struct sched_watchdog {
7553 + #define SHUTDOWN_suspend 2 /* Clean up, save suspend info, kill. */
7554 + #define SHUTDOWN_crash 3 /* Tell controller we've crashed. */
7555 + #define SHUTDOWN_watchdog 4 /* Restart because watchdog time expired. */
7556 ++/*
7557 ++ * Domain asked to perform 'soft reset' for it. The expected behavior is to
7558 ++ * reset internal Xen state for the domain returning it to the point where it
7559 ++ * was created but leaving the domain's memory contents and vCPU contexts
7560 ++ * intact. This will allow the domain to start over and set up all Xen specific
7561 ++ * interfaces again.
7562 ++ */
7563 ++#define SHUTDOWN_soft_reset 5
7564 +
7565 + #endif /* __XEN_PUBLIC_SCHED_H__ */
7566 +diff --git a/ipc/msg.c b/ipc/msg.c
7567 +index c5d8e3749985..cfc8b388332d 100644
7568 +--- a/ipc/msg.c
7569 ++++ b/ipc/msg.c
7570 +@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
7571 + return retval;
7572 + }
7573 +
7574 +- /* ipc_addid() locks msq upon success. */
7575 +- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
7576 +- if (id < 0) {
7577 +- ipc_rcu_putref(msq, msg_rcu_free);
7578 +- return id;
7579 +- }
7580 +-
7581 + msq->q_stime = msq->q_rtime = 0;
7582 + msq->q_ctime = get_seconds();
7583 + msq->q_cbytes = msq->q_qnum = 0;
7584 +@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
7585 + INIT_LIST_HEAD(&msq->q_receivers);
7586 + INIT_LIST_HEAD(&msq->q_senders);
7587 +
7588 ++ /* ipc_addid() locks msq upon success. */
7589 ++ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
7590 ++ if (id < 0) {
7591 ++ ipc_rcu_putref(msq, msg_rcu_free);
7592 ++ return id;
7593 ++ }
7594 ++
7595 + ipc_unlock_object(&msq->q_perm);
7596 + rcu_read_unlock();
7597 +
7598 +diff --git a/ipc/shm.c b/ipc/shm.c
7599 +index 01454796ba3c..2511771a9a07 100644
7600 +--- a/ipc/shm.c
7601 ++++ b/ipc/shm.c
7602 +@@ -549,12 +549,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
7603 + if (IS_ERR(file))
7604 + goto no_file;
7605 +
7606 +- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
7607 +- if (id < 0) {
7608 +- error = id;
7609 +- goto no_id;
7610 +- }
7611 +-
7612 + shp->shm_cprid = task_tgid_vnr(current);
7613 + shp->shm_lprid = 0;
7614 + shp->shm_atim = shp->shm_dtim = 0;
7615 +@@ -563,6 +557,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
7616 + shp->shm_nattch = 0;
7617 + shp->shm_file = file;
7618 + shp->shm_creator = current;
7619 ++
7620 ++ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
7621 ++ if (id < 0) {
7622 ++ error = id;
7623 ++ goto no_id;
7624 ++ }
7625 ++
7626 + list_add(&shp->shm_clist, &current->sysvshm.shm_clist);
7627 +
7628 + /*
7629 +diff --git a/ipc/util.c b/ipc/util.c
7630 +index 88adc329888c..bc72cbf929da 100644
7631 +--- a/ipc/util.c
7632 ++++ b/ipc/util.c
7633 +@@ -277,6 +277,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
7634 + rcu_read_lock();
7635 + spin_lock(&new->lock);
7636 +
7637 ++ current_euid_egid(&euid, &egid);
7638 ++ new->cuid = new->uid = euid;
7639 ++ new->gid = new->cgid = egid;
7640 ++
7641 + id = idr_alloc(&ids->ipcs_idr, new,
7642 + (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
7643 + GFP_NOWAIT);
7644 +@@ -289,10 +293,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
7645 +
7646 + ids->in_use++;
7647 +
7648 +- current_euid_egid(&euid, &egid);
7649 +- new->cuid = new->uid = euid;
7650 +- new->gid = new->cgid = egid;
7651 +-
7652 + if (next_id < 0) {
7653 + new->seq = ids->seq++;
7654 + if (ids->seq > IPCID_SEQ_MAX)
7655 +diff --git a/kernel/fork.c b/kernel/fork.c
7656 +index 9b7d746d6d62..0a4f601e35ab 100644
7657 +--- a/kernel/fork.c
7658 ++++ b/kernel/fork.c
7659 +@@ -1800,13 +1800,21 @@ static int check_unshare_flags(unsigned long unshare_flags)
7660 + CLONE_NEWUSER|CLONE_NEWPID))
7661 + return -EINVAL;
7662 + /*
7663 +- * Not implemented, but pretend it works if there is nothing to
7664 +- * unshare. Note that unsharing CLONE_THREAD or CLONE_SIGHAND
7665 +- * needs to unshare vm.
7666 ++ * Not implemented, but pretend it works if there is nothing
7667 ++ * to unshare. Note that unsharing the address space or the
7668 ++ * signal handlers also need to unshare the signal queues (aka
7669 ++ * CLONE_THREAD).
7670 + */
7671 + if (unshare_flags & (CLONE_THREAD | CLONE_SIGHAND | CLONE_VM)) {
7672 +- /* FIXME: get_task_mm() increments ->mm_users */
7673 +- if (atomic_read(&current->mm->mm_users) > 1)
7674 ++ if (!thread_group_empty(current))
7675 ++ return -EINVAL;
7676 ++ }
7677 ++ if (unshare_flags & (CLONE_SIGHAND | CLONE_VM)) {
7678 ++ if (atomic_read(&current->sighand->count) > 1)
7679 ++ return -EINVAL;
7680 ++ }
7681 ++ if (unshare_flags & CLONE_VM) {
7682 ++ if (!current_is_single_threaded())
7683 + return -EINVAL;
7684 + }
7685 +
7686 +@@ -1875,16 +1883,16 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
7687 + if (unshare_flags & CLONE_NEWUSER)
7688 + unshare_flags |= CLONE_THREAD | CLONE_FS;
7689 + /*
7690 +- * If unsharing a thread from a thread group, must also unshare vm.
7691 +- */
7692 +- if (unshare_flags & CLONE_THREAD)
7693 +- unshare_flags |= CLONE_VM;
7694 +- /*
7695 + * If unsharing vm, must also unshare signal handlers.
7696 + */
7697 + if (unshare_flags & CLONE_VM)
7698 + unshare_flags |= CLONE_SIGHAND;
7699 + /*
7700 ++ * If unsharing a signal handlers, must also unshare the signal queues.
7701 ++ */
7702 ++ if (unshare_flags & CLONE_SIGHAND)
7703 ++ unshare_flags |= CLONE_THREAD;
7704 ++ /*
7705 + * If unsharing namespace, must also unshare filesystem information.
7706 + */
7707 + if (unshare_flags & CLONE_NEWNS)
7708 +diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c
7709 +index 9dc9bfd8a678..9791f93dd5f2 100644
7710 +--- a/kernel/irq/proc.c
7711 ++++ b/kernel/irq/proc.c
7712 +@@ -12,6 +12,7 @@
7713 + #include <linux/seq_file.h>
7714 + #include <linux/interrupt.h>
7715 + #include <linux/kernel_stat.h>
7716 ++#include <linux/mutex.h>
7717 +
7718 + #include "internals.h"
7719 +
7720 +@@ -326,18 +327,29 @@ void register_handler_proc(unsigned int irq, struct irqaction *action)
7721 +
7722 + void register_irq_proc(unsigned int irq, struct irq_desc *desc)
7723 + {
7724 ++ static DEFINE_MUTEX(register_lock);
7725 + char name [MAX_NAMELEN];
7726 +
7727 +- if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip) || desc->dir)
7728 ++ if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip))
7729 + return;
7730 +
7731 ++ /*
7732 ++ * irq directories are registered only when a handler is
7733 ++ * added, not when the descriptor is created, so multiple
7734 ++ * tasks might try to register at the same time.
7735 ++ */
7736 ++ mutex_lock(&register_lock);
7737 ++
7738 ++ if (desc->dir)
7739 ++ goto out_unlock;
7740 ++
7741 + memset(name, 0, MAX_NAMELEN);
7742 + sprintf(name, "%d", irq);
7743 +
7744 + /* create /proc/irq/1234 */
7745 + desc->dir = proc_mkdir(name, root_irq_dir);
7746 + if (!desc->dir)
7747 +- return;
7748 ++ goto out_unlock;
7749 +
7750 + #ifdef CONFIG_SMP
7751 + /* create /proc/irq/<irq>/smp_affinity */
7752 +@@ -358,6 +370,9 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc)
7753 +
7754 + proc_create_data("spurious", 0444, desc->dir,
7755 + &irq_spurious_proc_fops, (void *)(long)irq);
7756 ++
7757 ++out_unlock:
7758 ++ mutex_unlock(&register_lock);
7759 + }
7760 +
7761 + void unregister_irq_proc(unsigned int irq, struct irq_desc *desc)
7762 +diff --git a/kernel/sched/core.c b/kernel/sched/core.c
7763 +index 6810e572eda5..a882dd91722d 100644
7764 +--- a/kernel/sched/core.c
7765 ++++ b/kernel/sched/core.c
7766 +@@ -2256,11 +2256,11 @@ static void finish_task_switch(struct rq *rq, struct task_struct *prev)
7767 + * If a task dies, then it sets TASK_DEAD in tsk->state and calls
7768 + * schedule one last time. The schedule call will never return, and
7769 + * the scheduled task must drop that reference.
7770 +- * The test for TASK_DEAD must occur while the runqueue locks are
7771 +- * still held, otherwise prev could be scheduled on another cpu, die
7772 +- * there before we look at prev->state, and then the reference would
7773 +- * be dropped twice.
7774 +- * Manfred Spraul <manfred@××××××××××××.com>
7775 ++ *
7776 ++ * We must observe prev->state before clearing prev->on_cpu (in
7777 ++ * finish_lock_switch), otherwise a concurrent wakeup can get prev
7778 ++ * running on another CPU and we could rave with its RUNNING -> DEAD
7779 ++ * transition, resulting in a double drop.
7780 + */
7781 + prev_state = prev->state;
7782 + vtime_task_switch(prev);
7783 +@@ -2404,13 +2404,20 @@ unsigned long nr_running(void)
7784 +
7785 + /*
7786 + * Check if only the current task is running on the cpu.
7787 ++ *
7788 ++ * Caution: this function does not check that the caller has disabled
7789 ++ * preemption, thus the result might have a time-of-check-to-time-of-use
7790 ++ * race. The caller is responsible to use it correctly, for example:
7791 ++ *
7792 ++ * - from a non-preemptable section (of course)
7793 ++ *
7794 ++ * - from a thread that is bound to a single CPU
7795 ++ *
7796 ++ * - in a loop with very short iterations (e.g. a polling loop)
7797 + */
7798 + bool single_task_running(void)
7799 + {
7800 +- if (cpu_rq(smp_processor_id())->nr_running == 1)
7801 +- return true;
7802 +- else
7803 +- return false;
7804 ++ return raw_rq()->nr_running == 1;
7805 + }
7806 + EXPORT_SYMBOL(single_task_running);
7807 +
7808 +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
7809 +index 2246a36050f9..07a75c150eeb 100644
7810 +--- a/kernel/sched/fair.c
7811 ++++ b/kernel/sched/fair.c
7812 +@@ -4844,18 +4844,21 @@ again:
7813 + * entity, update_curr() will update its vruntime, otherwise
7814 + * forget we've ever seen it.
7815 + */
7816 +- if (curr && curr->on_rq)
7817 +- update_curr(cfs_rq);
7818 +- else
7819 +- curr = NULL;
7820 ++ if (curr) {
7821 ++ if (curr->on_rq)
7822 ++ update_curr(cfs_rq);
7823 ++ else
7824 ++ curr = NULL;
7825 +
7826 +- /*
7827 +- * This call to check_cfs_rq_runtime() will do the throttle and
7828 +- * dequeue its entity in the parent(s). Therefore the 'simple'
7829 +- * nr_running test will indeed be correct.
7830 +- */
7831 +- if (unlikely(check_cfs_rq_runtime(cfs_rq)))
7832 +- goto simple;
7833 ++ /*
7834 ++ * This call to check_cfs_rq_runtime() will do the
7835 ++ * throttle and dequeue its entity in the parent(s).
7836 ++ * Therefore the 'simple' nr_running test will indeed
7837 ++ * be correct.
7838 ++ */
7839 ++ if (unlikely(check_cfs_rq_runtime(cfs_rq)))
7840 ++ goto simple;
7841 ++ }
7842 +
7843 + se = pick_next_entity(cfs_rq, curr);
7844 + cfs_rq = group_cfs_rq(se);
7845 +diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
7846 +index 2df8ef067cc5..f698089e10ca 100644
7847 +--- a/kernel/sched/sched.h
7848 ++++ b/kernel/sched/sched.h
7849 +@@ -994,9 +994,10 @@ static inline void finish_lock_switch(struct rq *rq, struct task_struct *prev)
7850 + * After ->on_cpu is cleared, the task can be moved to a different CPU.
7851 + * We must ensure this doesn't happen until the switch is completely
7852 + * finished.
7853 ++ *
7854 ++ * Pairs with the control dependency and rmb in try_to_wake_up().
7855 + */
7856 +- smp_wmb();
7857 +- prev->on_cpu = 0;
7858 ++ smp_store_release(&prev->on_cpu, 0);
7859 + #endif
7860 + #ifdef CONFIG_DEBUG_SPINLOCK
7861 + /* this is a valid case when another task releases the spinlock */
7862 +diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
7863 +index ec1791fae965..a4038c57e25d 100644
7864 +--- a/kernel/time/timekeeping.c
7865 ++++ b/kernel/time/timekeeping.c
7866 +@@ -1369,7 +1369,7 @@ static __always_inline void timekeeping_freqadjust(struct timekeeper *tk,
7867 + negative = (tick_error < 0);
7868 +
7869 + /* Sort out the magnitude of the correction */
7870 +- tick_error = abs(tick_error);
7871 ++ tick_error = abs64(tick_error);
7872 + for (adj = 0; tick_error > interval; adj++)
7873 + tick_error >>= 1;
7874 +
7875 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
7876 +index a1d4dfa62023..77c8d03b4278 100644
7877 +--- a/mm/hugetlb.c
7878 ++++ b/mm/hugetlb.c
7879 +@@ -2806,6 +2806,14 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
7880 + continue;
7881 +
7882 + /*
7883 ++ * Shared VMAs have their own reserves and do not affect
7884 ++ * MAP_PRIVATE accounting but it is possible that a shared
7885 ++ * VMA is using the same page so check and skip such VMAs.
7886 ++ */
7887 ++ if (iter_vma->vm_flags & VM_MAYSHARE)
7888 ++ continue;
7889 ++
7890 ++ /*
7891 + * Unmap the page from other VMAs without their own reserves.
7892 + * They get marked to be SIGKILLed if they fault in these
7893 + * areas. This is because a future no-page fault on this VMA
7894 +diff --git a/mm/slab.c b/mm/slab.c
7895 +index f34e053ec46e..b7f9f6456a61 100644
7896 +--- a/mm/slab.c
7897 ++++ b/mm/slab.c
7898 +@@ -2175,9 +2175,16 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
7899 + size += BYTES_PER_WORD;
7900 + }
7901 + #if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC)
7902 +- if (size >= kmalloc_size(INDEX_NODE + 1)
7903 +- && cachep->object_size > cache_line_size()
7904 +- && ALIGN(size, cachep->align) < PAGE_SIZE) {
7905 ++ /*
7906 ++ * To activate debug pagealloc, off-slab management is necessary
7907 ++ * requirement. In early phase of initialization, small sized slab
7908 ++ * doesn't get initialized so it would not be possible. So, we need
7909 ++ * to check size >= 256. It guarantees that all necessary small
7910 ++ * sized slab is initialized in current slab initialization sequence.
7911 ++ */
7912 ++ if (!slab_early_init && size >= kmalloc_size(INDEX_NODE) &&
7913 ++ size >= 256 && cachep->object_size > cache_line_size() &&
7914 ++ ALIGN(size, cachep->align) < PAGE_SIZE) {
7915 + cachep->obj_offset += PAGE_SIZE - ALIGN(size, cachep->align);
7916 + size = PAGE_SIZE;
7917 + }
7918 +diff --git a/mm/vmscan.c b/mm/vmscan.c
7919 +index e321fe20b979..d48b28219edf 100644
7920 +--- a/mm/vmscan.c
7921 ++++ b/mm/vmscan.c
7922 +@@ -1111,7 +1111,7 @@ cull_mlocked:
7923 + if (PageSwapCache(page))
7924 + try_to_free_swap(page);
7925 + unlock_page(page);
7926 +- putback_lru_page(page);
7927 ++ list_add(&page->lru, &ret_pages);
7928 + continue;
7929 +
7930 + activate_locked:
7931 +diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
7932 +index b5981113c9a7..4bbd72e90756 100644
7933 +--- a/net/batman-adv/distributed-arp-table.c
7934 ++++ b/net/batman-adv/distributed-arp-table.c
7935 +@@ -15,6 +15,7 @@
7936 + * along with this program; if not, see <http://www.gnu.org/licenses/>.
7937 + */
7938 +
7939 ++#include <linux/bitops.h>
7940 + #include <linux/if_ether.h>
7941 + #include <linux/if_arp.h>
7942 + #include <linux/if_vlan.h>
7943 +@@ -422,7 +423,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
7944 + int j;
7945 +
7946 + /* check if orig node candidate is running DAT */
7947 +- if (!(candidate->capabilities & BATADV_ORIG_CAPA_HAS_DAT))
7948 ++ if (!test_bit(BATADV_ORIG_CAPA_HAS_DAT, &candidate->capabilities))
7949 + goto out;
7950 +
7951 + /* Check if this node has already been selected... */
7952 +@@ -682,9 +683,9 @@ static void batadv_dat_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
7953 + uint16_t tvlv_value_len)
7954 + {
7955 + if (flags & BATADV_TVLV_HANDLER_OGM_CIFNOTFND)
7956 +- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_DAT;
7957 ++ clear_bit(BATADV_ORIG_CAPA_HAS_DAT, &orig->capabilities);
7958 + else
7959 +- orig->capabilities |= BATADV_ORIG_CAPA_HAS_DAT;
7960 ++ set_bit(BATADV_ORIG_CAPA_HAS_DAT, &orig->capabilities);
7961 + }
7962 +
7963 + /**
7964 +diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
7965 +index 8d04d174669e..65d19690d8ae 100644
7966 +--- a/net/batman-adv/network-coding.c
7967 ++++ b/net/batman-adv/network-coding.c
7968 +@@ -15,6 +15,7 @@
7969 + * along with this program; if not, see <http://www.gnu.org/licenses/>.
7970 + */
7971 +
7972 ++#include <linux/bitops.h>
7973 + #include <linux/debugfs.h>
7974 +
7975 + #include "main.h"
7976 +@@ -105,9 +106,9 @@ static void batadv_nc_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv,
7977 + uint16_t tvlv_value_len)
7978 + {
7979 + if (flags & BATADV_TVLV_HANDLER_OGM_CIFNOTFND)
7980 +- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_NC;
7981 ++ clear_bit(BATADV_ORIG_CAPA_HAS_NC, &orig->capabilities);
7982 + else
7983 +- orig->capabilities |= BATADV_ORIG_CAPA_HAS_NC;
7984 ++ set_bit(BATADV_ORIG_CAPA_HAS_NC, &orig->capabilities);
7985 + }
7986 +
7987 + /**
7988 +@@ -871,7 +872,7 @@ void batadv_nc_update_nc_node(struct batadv_priv *bat_priv,
7989 + goto out;
7990 +
7991 + /* check if orig node is network coding enabled */
7992 +- if (!(orig_node->capabilities & BATADV_ORIG_CAPA_HAS_NC))
7993 ++ if (!test_bit(BATADV_ORIG_CAPA_HAS_NC, &orig_node->capabilities))
7994 + goto out;
7995 +
7996 + /* accept ogms from 'good' neighbors and single hop neighbors */
7997 +diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
7998 +index 5467955eb27c..492b0593dc2f 100644
7999 +--- a/net/batman-adv/soft-interface.c
8000 ++++ b/net/batman-adv/soft-interface.c
8001 +@@ -173,6 +173,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
8002 + int gw_mode;
8003 + enum batadv_forw_mode forw_mode;
8004 + struct batadv_orig_node *mcast_single_orig = NULL;
8005 ++ int network_offset = ETH_HLEN;
8006 +
8007 + if (atomic_read(&bat_priv->mesh_state) != BATADV_MESH_ACTIVE)
8008 + goto dropped;
8009 +@@ -185,14 +186,18 @@ static int batadv_interface_tx(struct sk_buff *skb,
8010 + case ETH_P_8021Q:
8011 + vhdr = vlan_eth_hdr(skb);
8012 +
8013 +- if (vhdr->h_vlan_encapsulated_proto != ethertype)
8014 ++ if (vhdr->h_vlan_encapsulated_proto != ethertype) {
8015 ++ network_offset += VLAN_HLEN;
8016 + break;
8017 ++ }
8018 +
8019 + /* fall through */
8020 + case ETH_P_BATMAN:
8021 + goto dropped;
8022 + }
8023 +
8024 ++ skb_set_network_header(skb, network_offset);
8025 ++
8026 + if (batadv_bla_tx(bat_priv, skb, vid))
8027 + goto dropped;
8028 +
8029 +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
8030 +index 5f59e7f899a0..58ad6ba429b3 100644
8031 +--- a/net/batman-adv/translation-table.c
8032 ++++ b/net/batman-adv/translation-table.c
8033 +@@ -15,6 +15,7 @@
8034 + * along with this program; if not, see <http://www.gnu.org/licenses/>.
8035 + */
8036 +
8037 ++#include <linux/bitops.h>
8038 + #include "main.h"
8039 + #include "translation-table.h"
8040 + #include "soft-interface.h"
8041 +@@ -1015,6 +1016,7 @@ uint16_t batadv_tt_local_remove(struct batadv_priv *bat_priv,
8042 + struct batadv_tt_local_entry *tt_local_entry;
8043 + uint16_t flags, curr_flags = BATADV_NO_FLAGS;
8044 + struct batadv_softif_vlan *vlan;
8045 ++ void *tt_entry_exists;
8046 +
8047 + tt_local_entry = batadv_tt_local_hash_find(bat_priv, addr, vid);
8048 + if (!tt_local_entry)
8049 +@@ -1042,7 +1044,15 @@ uint16_t batadv_tt_local_remove(struct batadv_priv *bat_priv,
8050 + * immediately purge it
8051 + */
8052 + batadv_tt_local_event(bat_priv, tt_local_entry, BATADV_TT_CLIENT_DEL);
8053 +- hlist_del_rcu(&tt_local_entry->common.hash_entry);
8054 ++
8055 ++ tt_entry_exists = batadv_hash_remove(bat_priv->tt.local_hash,
8056 ++ batadv_compare_tt,
8057 ++ batadv_choose_tt,
8058 ++ &tt_local_entry->common);
8059 ++ if (!tt_entry_exists)
8060 ++ goto out;
8061 ++
8062 ++ /* extra call to free the local tt entry */
8063 + batadv_tt_local_entry_free_ref(tt_local_entry);
8064 +
8065 + /* decrease the reference held for this vlan */
8066 +@@ -1844,7 +1854,7 @@ void batadv_tt_global_del_orig(struct batadv_priv *bat_priv,
8067 + }
8068 + spin_unlock_bh(list_lock);
8069 + }
8070 +- orig_node->capa_initialized &= ~BATADV_ORIG_CAPA_HAS_TT;
8071 ++ clear_bit(BATADV_ORIG_CAPA_HAS_TT, &orig_node->capa_initialized);
8072 + }
8073 +
8074 + static bool batadv_tt_global_to_purge(struct batadv_tt_global_entry *tt_global,
8075 +@@ -2804,7 +2814,7 @@ static void _batadv_tt_update_changes(struct batadv_priv *bat_priv,
8076 + return;
8077 + }
8078 + }
8079 +- orig_node->capa_initialized |= BATADV_ORIG_CAPA_HAS_TT;
8080 ++ set_bit(BATADV_ORIG_CAPA_HAS_TT, &orig_node->capa_initialized);
8081 + }
8082 +
8083 + static void batadv_tt_fill_gtable(struct batadv_priv *bat_priv,
8084 +@@ -3304,7 +3314,8 @@ static void batadv_tt_update_orig(struct batadv_priv *bat_priv,
8085 + bool has_tt_init;
8086 +
8087 + tt_vlan = (struct batadv_tvlv_tt_vlan_data *)tt_buff;
8088 +- has_tt_init = orig_node->capa_initialized & BATADV_ORIG_CAPA_HAS_TT;
8089 ++ has_tt_init = test_bit(BATADV_ORIG_CAPA_HAS_TT,
8090 ++ &orig_node->capa_initialized);
8091 +
8092 + /* orig table not initialised AND first diff is in the OGM OR the ttvn
8093 + * increased by one -> we can apply the attached changes
8094 +diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
8095 +index 8854c05622a9..fdf65b50e3ec 100644
8096 +--- a/net/batman-adv/types.h
8097 ++++ b/net/batman-adv/types.h
8098 +@@ -258,8 +258,8 @@ struct batadv_orig_node {
8099 + struct hlist_node mcast_want_all_ipv4_node;
8100 + struct hlist_node mcast_want_all_ipv6_node;
8101 + #endif
8102 +- uint8_t capabilities;
8103 +- uint8_t capa_initialized;
8104 ++ unsigned long capabilities;
8105 ++ unsigned long capa_initialized;
8106 + atomic_t last_ttvn;
8107 + unsigned char *tt_buff;
8108 + int16_t tt_buff_len;
8109 +@@ -298,9 +298,9 @@ struct batadv_orig_node {
8110 + * (= orig node announces a tvlv of type BATADV_TVLV_MCAST)
8111 + */
8112 + enum batadv_orig_capabilities {
8113 +- BATADV_ORIG_CAPA_HAS_DAT = BIT(0),
8114 +- BATADV_ORIG_CAPA_HAS_NC = BIT(1),
8115 +- BATADV_ORIG_CAPA_HAS_TT = BIT(2),
8116 ++ BATADV_ORIG_CAPA_HAS_DAT,
8117 ++ BATADV_ORIG_CAPA_HAS_NC,
8118 ++ BATADV_ORIG_CAPA_HAS_TT,
8119 + BATADV_ORIG_CAPA_HAS_MCAST = BIT(3),
8120 + };
8121 +
8122 +diff --git a/net/core/datagram.c b/net/core/datagram.c
8123 +index 3a402a7b20e9..61e99f315ed9 100644
8124 +--- a/net/core/datagram.c
8125 ++++ b/net/core/datagram.c
8126 +@@ -130,6 +130,35 @@ out_noerr:
8127 + goto out;
8128 + }
8129 +
8130 ++static int skb_set_peeked(struct sk_buff *skb)
8131 ++{
8132 ++ struct sk_buff *nskb;
8133 ++
8134 ++ if (skb->peeked)
8135 ++ return 0;
8136 ++
8137 ++ /* We have to unshare an skb before modifying it. */
8138 ++ if (!skb_shared(skb))
8139 ++ goto done;
8140 ++
8141 ++ nskb = skb_clone(skb, GFP_ATOMIC);
8142 ++ if (!nskb)
8143 ++ return -ENOMEM;
8144 ++
8145 ++ skb->prev->next = nskb;
8146 ++ skb->next->prev = nskb;
8147 ++ nskb->prev = skb->prev;
8148 ++ nskb->next = skb->next;
8149 ++
8150 ++ consume_skb(skb);
8151 ++ skb = nskb;
8152 ++
8153 ++done:
8154 ++ skb->peeked = 1;
8155 ++
8156 ++ return 0;
8157 ++}
8158 ++
8159 + /**
8160 + * __skb_recv_datagram - Receive a datagram skbuff
8161 + * @sk: socket
8162 +@@ -164,7 +193,9 @@ out_noerr:
8163 + struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
8164 + int *peeked, int *off, int *err)
8165 + {
8166 ++ struct sk_buff_head *queue = &sk->sk_receive_queue;
8167 + struct sk_buff *skb, *last;
8168 ++ unsigned long cpu_flags;
8169 + long timeo;
8170 + /*
8171 + * Caller is allowed not to check sk->sk_err before skb_recv_datagram()
8172 +@@ -183,8 +214,6 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
8173 + * Look at current nfs client by the way...
8174 + * However, this function was correct in any case. 8)
8175 + */
8176 +- unsigned long cpu_flags;
8177 +- struct sk_buff_head *queue = &sk->sk_receive_queue;
8178 + int _off = *off;
8179 +
8180 + last = (struct sk_buff *)queue;
8181 +@@ -198,7 +227,11 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
8182 + _off -= skb->len;
8183 + continue;
8184 + }
8185 +- skb->peeked = 1;
8186 ++
8187 ++ error = skb_set_peeked(skb);
8188 ++ if (error)
8189 ++ goto unlock_err;
8190 ++
8191 + atomic_inc(&skb->users);
8192 + } else
8193 + __skb_unlink(skb, queue);
8194 +@@ -222,6 +255,8 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
8195 +
8196 + return NULL;
8197 +
8198 ++unlock_err:
8199 ++ spin_unlock_irqrestore(&queue->lock, cpu_flags);
8200 + no_packet:
8201 + *err = error;
8202 + return NULL;
8203 +diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
8204 +index 185c341fafbd..99ae718b79be 100644
8205 +--- a/net/core/fib_rules.c
8206 ++++ b/net/core/fib_rules.c
8207 +@@ -621,15 +621,17 @@ static int dump_rules(struct sk_buff *skb, struct netlink_callback *cb,
8208 + {
8209 + int idx = 0;
8210 + struct fib_rule *rule;
8211 ++ int err = 0;
8212 +
8213 + rcu_read_lock();
8214 + list_for_each_entry_rcu(rule, &ops->rules_list, list) {
8215 + if (idx < cb->args[1])
8216 + goto skip;
8217 +
8218 +- if (fib_nl_fill_rule(skb, rule, NETLINK_CB(cb->skb).portid,
8219 +- cb->nlh->nlmsg_seq, RTM_NEWRULE,
8220 +- NLM_F_MULTI, ops) < 0)
8221 ++ err = fib_nl_fill_rule(skb, rule, NETLINK_CB(cb->skb).portid,
8222 ++ cb->nlh->nlmsg_seq, RTM_NEWRULE,
8223 ++ NLM_F_MULTI, ops);
8224 ++ if (err < 0)
8225 + break;
8226 + skip:
8227 + idx++;
8228 +@@ -638,7 +640,7 @@ skip:
8229 + cb->args[1] = idx;
8230 + rules_ops_put(ops);
8231 +
8232 +- return skb->len;
8233 ++ return err;
8234 + }
8235 +
8236 + static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb)
8237 +@@ -654,7 +656,9 @@ static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb)
8238 + if (ops == NULL)
8239 + return -EAFNOSUPPORT;
8240 +
8241 +- return dump_rules(skb, cb, ops);
8242 ++ dump_rules(skb, cb, ops);
8243 ++
8244 ++ return skb->len;
8245 + }
8246 +
8247 + rcu_read_lock();
8248 +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
8249 +index c522f7a00eab..c412db774603 100644
8250 +--- a/net/core/rtnetlink.c
8251 ++++ b/net/core/rtnetlink.c
8252 +@@ -805,7 +805,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev,
8253 + nla_total_size(sizeof(struct ifla_vf_vlan)) +
8254 + nla_total_size(sizeof(struct ifla_vf_spoofchk)) +
8255 + nla_total_size(sizeof(struct ifla_vf_rate)) +
8256 +- nla_total_size(sizeof(struct ifla_vf_link_state)));
8257 ++ nla_total_size(sizeof(struct ifla_vf_link_state)) +
8258 ++ nla_total_size(sizeof(struct ifla_vf_rss_query_en)));
8259 + return size;
8260 + } else
8261 + return 0;
8262 +@@ -1075,14 +1076,16 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
8263 + struct ifla_vf_tx_rate vf_tx_rate;
8264 + struct ifla_vf_spoofchk vf_spoofchk;
8265 + struct ifla_vf_link_state vf_linkstate;
8266 ++ struct ifla_vf_rss_query_en vf_rss_query_en;
8267 +
8268 + /*
8269 + * Not all SR-IOV capable drivers support the
8270 +- * spoofcheck query. Preset to -1 so the user
8271 +- * space tool can detect that the driver didn't
8272 +- * report anything.
8273 ++ * spoofcheck and "RSS query enable" query. Preset to
8274 ++ * -1 so the user space tool can detect that the driver
8275 ++ * didn't report anything.
8276 + */
8277 + ivi.spoofchk = -1;
8278 ++ ivi.rss_query_en = -1;
8279 + memset(ivi.mac, 0, sizeof(ivi.mac));
8280 + /* The default value for VF link state is "auto"
8281 + * IFLA_VF_LINK_STATE_AUTO which equals zero
8282 +@@ -1095,7 +1098,8 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
8283 + vf_rate.vf =
8284 + vf_tx_rate.vf =
8285 + vf_spoofchk.vf =
8286 +- vf_linkstate.vf = ivi.vf;
8287 ++ vf_linkstate.vf =
8288 ++ vf_rss_query_en.vf = ivi.vf;
8289 +
8290 + memcpy(vf_mac.mac, ivi.mac, sizeof(ivi.mac));
8291 + vf_vlan.vlan = ivi.vlan;
8292 +@@ -1105,6 +1109,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
8293 + vf_rate.max_tx_rate = ivi.max_tx_rate;
8294 + vf_spoofchk.setting = ivi.spoofchk;
8295 + vf_linkstate.link_state = ivi.linkstate;
8296 ++ vf_rss_query_en.setting = ivi.rss_query_en;
8297 + vf = nla_nest_start(skb, IFLA_VF_INFO);
8298 + if (!vf) {
8299 + nla_nest_cancel(skb, vfinfo);
8300 +@@ -1119,7 +1124,10 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
8301 + nla_put(skb, IFLA_VF_SPOOFCHK, sizeof(vf_spoofchk),
8302 + &vf_spoofchk) ||
8303 + nla_put(skb, IFLA_VF_LINK_STATE, sizeof(vf_linkstate),
8304 +- &vf_linkstate))
8305 ++ &vf_linkstate) ||
8306 ++ nla_put(skb, IFLA_VF_RSS_QUERY_EN,
8307 ++ sizeof(vf_rss_query_en),
8308 ++ &vf_rss_query_en))
8309 + goto nla_put_failure;
8310 + nla_nest_end(skb, vf);
8311 + }
8312 +@@ -1207,10 +1215,6 @@ static const struct nla_policy ifla_info_policy[IFLA_INFO_MAX+1] = {
8313 + [IFLA_INFO_SLAVE_DATA] = { .type = NLA_NESTED },
8314 + };
8315 +
8316 +-static const struct nla_policy ifla_vfinfo_policy[IFLA_VF_INFO_MAX+1] = {
8317 +- [IFLA_VF_INFO] = { .type = NLA_NESTED },
8318 +-};
8319 +-
8320 + static const struct nla_policy ifla_vf_policy[IFLA_VF_MAX+1] = {
8321 + [IFLA_VF_MAC] = { .len = sizeof(struct ifla_vf_mac) },
8322 + [IFLA_VF_VLAN] = { .len = sizeof(struct ifla_vf_vlan) },
8323 +@@ -1218,6 +1222,7 @@ static const struct nla_policy ifla_vf_policy[IFLA_VF_MAX+1] = {
8324 + [IFLA_VF_SPOOFCHK] = { .len = sizeof(struct ifla_vf_spoofchk) },
8325 + [IFLA_VF_RATE] = { .len = sizeof(struct ifla_vf_rate) },
8326 + [IFLA_VF_LINK_STATE] = { .len = sizeof(struct ifla_vf_link_state) },
8327 ++ [IFLA_VF_RSS_QUERY_EN] = { .len = sizeof(struct ifla_vf_rss_query_en) },
8328 + };
8329 +
8330 + static const struct nla_policy ifla_port_policy[IFLA_PORT_MAX+1] = {
8331 +@@ -1356,85 +1361,98 @@ static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[])
8332 + return 0;
8333 + }
8334 +
8335 +-static int do_setvfinfo(struct net_device *dev, struct nlattr *attr)
8336 ++static int do_setvfinfo(struct net_device *dev, struct nlattr **tb)
8337 + {
8338 +- int rem, err = -EINVAL;
8339 +- struct nlattr *vf;
8340 + const struct net_device_ops *ops = dev->netdev_ops;
8341 ++ int err = -EINVAL;
8342 +
8343 +- nla_for_each_nested(vf, attr, rem) {
8344 +- switch (nla_type(vf)) {
8345 +- case IFLA_VF_MAC: {
8346 +- struct ifla_vf_mac *ivm;
8347 +- ivm = nla_data(vf);
8348 +- err = -EOPNOTSUPP;
8349 +- if (ops->ndo_set_vf_mac)
8350 +- err = ops->ndo_set_vf_mac(dev, ivm->vf,
8351 +- ivm->mac);
8352 +- break;
8353 +- }
8354 +- case IFLA_VF_VLAN: {
8355 +- struct ifla_vf_vlan *ivv;
8356 +- ivv = nla_data(vf);
8357 +- err = -EOPNOTSUPP;
8358 +- if (ops->ndo_set_vf_vlan)
8359 +- err = ops->ndo_set_vf_vlan(dev, ivv->vf,
8360 +- ivv->vlan,
8361 +- ivv->qos);
8362 +- break;
8363 +- }
8364 +- case IFLA_VF_TX_RATE: {
8365 +- struct ifla_vf_tx_rate *ivt;
8366 +- struct ifla_vf_info ivf;
8367 +- ivt = nla_data(vf);
8368 +- err = -EOPNOTSUPP;
8369 +- if (ops->ndo_get_vf_config)
8370 +- err = ops->ndo_get_vf_config(dev, ivt->vf,
8371 +- &ivf);
8372 +- if (err)
8373 +- break;
8374 +- err = -EOPNOTSUPP;
8375 +- if (ops->ndo_set_vf_rate)
8376 +- err = ops->ndo_set_vf_rate(dev, ivt->vf,
8377 +- ivf.min_tx_rate,
8378 +- ivt->rate);
8379 +- break;
8380 +- }
8381 +- case IFLA_VF_RATE: {
8382 +- struct ifla_vf_rate *ivt;
8383 +- ivt = nla_data(vf);
8384 +- err = -EOPNOTSUPP;
8385 +- if (ops->ndo_set_vf_rate)
8386 +- err = ops->ndo_set_vf_rate(dev, ivt->vf,
8387 +- ivt->min_tx_rate,
8388 +- ivt->max_tx_rate);
8389 +- break;
8390 +- }
8391 +- case IFLA_VF_SPOOFCHK: {
8392 +- struct ifla_vf_spoofchk *ivs;
8393 +- ivs = nla_data(vf);
8394 +- err = -EOPNOTSUPP;
8395 +- if (ops->ndo_set_vf_spoofchk)
8396 +- err = ops->ndo_set_vf_spoofchk(dev, ivs->vf,
8397 +- ivs->setting);
8398 +- break;
8399 +- }
8400 +- case IFLA_VF_LINK_STATE: {
8401 +- struct ifla_vf_link_state *ivl;
8402 +- ivl = nla_data(vf);
8403 +- err = -EOPNOTSUPP;
8404 +- if (ops->ndo_set_vf_link_state)
8405 +- err = ops->ndo_set_vf_link_state(dev, ivl->vf,
8406 +- ivl->link_state);
8407 +- break;
8408 +- }
8409 +- default:
8410 +- err = -EINVAL;
8411 +- break;
8412 +- }
8413 +- if (err)
8414 +- break;
8415 ++ if (tb[IFLA_VF_MAC]) {
8416 ++ struct ifla_vf_mac *ivm = nla_data(tb[IFLA_VF_MAC]);
8417 ++
8418 ++ err = -EOPNOTSUPP;
8419 ++ if (ops->ndo_set_vf_mac)
8420 ++ err = ops->ndo_set_vf_mac(dev, ivm->vf,
8421 ++ ivm->mac);
8422 ++ if (err < 0)
8423 ++ return err;
8424 ++ }
8425 ++
8426 ++ if (tb[IFLA_VF_VLAN]) {
8427 ++ struct ifla_vf_vlan *ivv = nla_data(tb[IFLA_VF_VLAN]);
8428 ++
8429 ++ err = -EOPNOTSUPP;
8430 ++ if (ops->ndo_set_vf_vlan)
8431 ++ err = ops->ndo_set_vf_vlan(dev, ivv->vf, ivv->vlan,
8432 ++ ivv->qos);
8433 ++ if (err < 0)
8434 ++ return err;
8435 + }
8436 ++
8437 ++ if (tb[IFLA_VF_TX_RATE]) {
8438 ++ struct ifla_vf_tx_rate *ivt = nla_data(tb[IFLA_VF_TX_RATE]);
8439 ++ struct ifla_vf_info ivf;
8440 ++
8441 ++ err = -EOPNOTSUPP;
8442 ++ if (ops->ndo_get_vf_config)
8443 ++ err = ops->ndo_get_vf_config(dev, ivt->vf, &ivf);
8444 ++ if (err < 0)
8445 ++ return err;
8446 ++
8447 ++ err = -EOPNOTSUPP;
8448 ++ if (ops->ndo_set_vf_rate)
8449 ++ err = ops->ndo_set_vf_rate(dev, ivt->vf,
8450 ++ ivf.min_tx_rate,
8451 ++ ivt->rate);
8452 ++ if (err < 0)
8453 ++ return err;
8454 ++ }
8455 ++
8456 ++ if (tb[IFLA_VF_RATE]) {
8457 ++ struct ifla_vf_rate *ivt = nla_data(tb[IFLA_VF_RATE]);
8458 ++
8459 ++ err = -EOPNOTSUPP;
8460 ++ if (ops->ndo_set_vf_rate)
8461 ++ err = ops->ndo_set_vf_rate(dev, ivt->vf,
8462 ++ ivt->min_tx_rate,
8463 ++ ivt->max_tx_rate);
8464 ++ if (err < 0)
8465 ++ return err;
8466 ++ }
8467 ++
8468 ++ if (tb[IFLA_VF_SPOOFCHK]) {
8469 ++ struct ifla_vf_spoofchk *ivs = nla_data(tb[IFLA_VF_SPOOFCHK]);
8470 ++
8471 ++ err = -EOPNOTSUPP;
8472 ++ if (ops->ndo_set_vf_spoofchk)
8473 ++ err = ops->ndo_set_vf_spoofchk(dev, ivs->vf,
8474 ++ ivs->setting);
8475 ++ if (err < 0)
8476 ++ return err;
8477 ++ }
8478 ++
8479 ++ if (tb[IFLA_VF_LINK_STATE]) {
8480 ++ struct ifla_vf_link_state *ivl = nla_data(tb[IFLA_VF_LINK_STATE]);
8481 ++
8482 ++ err = -EOPNOTSUPP;
8483 ++ if (ops->ndo_set_vf_link_state)
8484 ++ err = ops->ndo_set_vf_link_state(dev, ivl->vf,
8485 ++ ivl->link_state);
8486 ++ if (err < 0)
8487 ++ return err;
8488 ++ }
8489 ++
8490 ++ if (tb[IFLA_VF_RSS_QUERY_EN]) {
8491 ++ struct ifla_vf_rss_query_en *ivrssq_en;
8492 ++
8493 ++ err = -EOPNOTSUPP;
8494 ++ ivrssq_en = nla_data(tb[IFLA_VF_RSS_QUERY_EN]);
8495 ++ if (ops->ndo_set_vf_rss_query_en)
8496 ++ err = ops->ndo_set_vf_rss_query_en(dev, ivrssq_en->vf,
8497 ++ ivrssq_en->setting);
8498 ++ if (err < 0)
8499 ++ return err;
8500 ++ }
8501 ++
8502 + return err;
8503 + }
8504 +
8505 +@@ -1630,14 +1648,21 @@ static int do_setlink(const struct sk_buff *skb,
8506 + }
8507 +
8508 + if (tb[IFLA_VFINFO_LIST]) {
8509 ++ struct nlattr *vfinfo[IFLA_VF_MAX + 1];
8510 + struct nlattr *attr;
8511 + int rem;
8512 ++
8513 + nla_for_each_nested(attr, tb[IFLA_VFINFO_LIST], rem) {
8514 +- if (nla_type(attr) != IFLA_VF_INFO) {
8515 ++ if (nla_type(attr) != IFLA_VF_INFO ||
8516 ++ nla_len(attr) < NLA_HDRLEN) {
8517 + err = -EINVAL;
8518 + goto errout;
8519 + }
8520 +- err = do_setvfinfo(dev, attr);
8521 ++ err = nla_parse_nested(vfinfo, IFLA_VF_MAX, attr,
8522 ++ ifla_vf_policy);
8523 ++ if (err < 0)
8524 ++ goto errout;
8525 ++ err = do_setvfinfo(dev, vfinfo);
8526 + if (err < 0)
8527 + goto errout;
8528 + status |= DO_SETLINK_NOTIFY;
8529 +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
8530 +index dc9f925b0cd5..9c7d88870e2b 100644
8531 +--- a/net/ipv4/tcp_output.c
8532 ++++ b/net/ipv4/tcp_output.c
8533 +@@ -2798,6 +2798,7 @@ void tcp_send_active_reset(struct sock *sk, gfp_t priority)
8534 + skb_reserve(skb, MAX_TCP_HEADER);
8535 + tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
8536 + TCPHDR_ACK | TCPHDR_RST);
8537 ++ skb_mstamp_get(&skb->skb_mstamp);
8538 + /* Send it off. */
8539 + if (tcp_transmit_skb(sk, skb, 0, priority))
8540 + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
8541 +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
8542 +index c5e3194fd9a5..4ea975324888 100644
8543 +--- a/net/ipv4/udp.c
8544 ++++ b/net/ipv4/udp.c
8545 +@@ -1983,12 +1983,19 @@ void udp_v4_early_demux(struct sk_buff *skb)
8546 +
8547 + skb->sk = sk;
8548 + skb->destructor = sock_efree;
8549 +- dst = sk->sk_rx_dst;
8550 ++ dst = READ_ONCE(sk->sk_rx_dst);
8551 +
8552 + if (dst)
8553 + dst = dst_check(dst, 0);
8554 +- if (dst)
8555 +- skb_dst_set_noref(skb, dst);
8556 ++ if (dst) {
8557 ++ /* DST_NOCACHE can not be used without taking a reference */
8558 ++ if (dst->flags & DST_NOCACHE) {
8559 ++ if (likely(atomic_inc_not_zero(&dst->__refcnt)))
8560 ++ skb_dst_set(skb, dst);
8561 ++ } else {
8562 ++ skb_dst_set_noref(skb, dst);
8563 ++ }
8564 ++ }
8565 + }
8566 +
8567 + int udp_rcv(struct sk_buff *skb)
8568 +diff --git a/net/ipv6/exthdrs_offload.c b/net/ipv6/exthdrs_offload.c
8569 +index 447a7fbd1bb6..f5e2ba1c18bf 100644
8570 +--- a/net/ipv6/exthdrs_offload.c
8571 ++++ b/net/ipv6/exthdrs_offload.c
8572 +@@ -36,6 +36,6 @@ out:
8573 + return ret;
8574 +
8575 + out_rt:
8576 +- inet_del_offload(&rthdr_offload, IPPROTO_ROUTING);
8577 ++ inet6_del_offload(&rthdr_offload, IPPROTO_ROUTING);
8578 + goto out;
8579 + }
8580 +diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
8581 +index 0e32d2e1bdbf..28d7a245ea34 100644
8582 +--- a/net/ipv6/ip6_gre.c
8583 ++++ b/net/ipv6/ip6_gre.c
8584 +@@ -360,7 +360,7 @@ static void ip6gre_tunnel_uninit(struct net_device *dev)
8585 + struct ip6_tnl *t = netdev_priv(dev);
8586 + struct ip6gre_net *ign = net_generic(t->net, ip6gre_net_id);
8587 +
8588 +- ip6gre_tunnel_unlink(ign, t);
8589 ++ ip6_tnl_dst_reset(netdev_priv(dev));
8590 + dev_put(dev);
8591 + }
8592 +
8593 +diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
8594 +index 1a01d79b8698..0d58542f9db0 100644
8595 +--- a/net/ipv6/ip6mr.c
8596 ++++ b/net/ipv6/ip6mr.c
8597 +@@ -552,7 +552,7 @@ static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
8598 +
8599 + if (it->cache == &mrt->mfc6_unres_queue)
8600 + spin_unlock_bh(&mfc_unres_lock);
8601 +- else if (it->cache == mrt->mfc6_cache_array)
8602 ++ else if (it->cache == &mrt->mfc6_cache_array[it->ct])
8603 + read_unlock(&mrt_lock);
8604 + }
8605 +
8606 +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
8607 +index 80ce44f6693d..45e782825567 100644
8608 +--- a/net/mac80211/tx.c
8609 ++++ b/net/mac80211/tx.c
8610 +@@ -299,9 +299,6 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
8611 + if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
8612 + return TX_CONTINUE;
8613 +
8614 +- if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
8615 +- return TX_CONTINUE;
8616 +-
8617 + if (tx->flags & IEEE80211_TX_PS_BUFFERED)
8618 + return TX_CONTINUE;
8619 +
8620 +diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
8621 +index 990decba1fe4..3a2fa9c044f8 100644
8622 +--- a/net/netfilter/ipvs/ip_vs_core.c
8623 ++++ b/net/netfilter/ipvs/ip_vs_core.c
8624 +@@ -313,7 +313,13 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
8625 + * return *ignored=0 i.e. ICMP and NF_DROP
8626 + */
8627 + sched = rcu_dereference(svc->scheduler);
8628 +- dest = sched->schedule(svc, skb, iph);
8629 ++ if (sched) {
8630 ++ /* read svc->sched_data after svc->scheduler */
8631 ++ smp_rmb();
8632 ++ dest = sched->schedule(svc, skb, iph);
8633 ++ } else {
8634 ++ dest = NULL;
8635 ++ }
8636 + if (!dest) {
8637 + IP_VS_DBG(1, "p-schedule: no dest found.\n");
8638 + kfree(param.pe_data);
8639 +@@ -461,7 +467,13 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
8640 + }
8641 +
8642 + sched = rcu_dereference(svc->scheduler);
8643 +- dest = sched->schedule(svc, skb, iph);
8644 ++ if (sched) {
8645 ++ /* read svc->sched_data after svc->scheduler */
8646 ++ smp_rmb();
8647 ++ dest = sched->schedule(svc, skb, iph);
8648 ++ } else {
8649 ++ dest = NULL;
8650 ++ }
8651 + if (dest == NULL) {
8652 + IP_VS_DBG(1, "Schedule: no dest found.\n");
8653 + return NULL;
8654 +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
8655 +index ac7ba689efe7..9b1452e8e868 100644
8656 +--- a/net/netfilter/ipvs/ip_vs_ctl.c
8657 ++++ b/net/netfilter/ipvs/ip_vs_ctl.c
8658 +@@ -828,15 +828,16 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
8659 + __ip_vs_dst_cache_reset(dest);
8660 + spin_unlock_bh(&dest->dst_lock);
8661 +
8662 +- sched = rcu_dereference_protected(svc->scheduler, 1);
8663 + if (add) {
8664 + ip_vs_start_estimator(svc->net, &dest->stats);
8665 + list_add_rcu(&dest->n_list, &svc->destinations);
8666 + svc->num_dests++;
8667 +- if (sched->add_dest)
8668 ++ sched = rcu_dereference_protected(svc->scheduler, 1);
8669 ++ if (sched && sched->add_dest)
8670 + sched->add_dest(svc, dest);
8671 + } else {
8672 +- if (sched->upd_dest)
8673 ++ sched = rcu_dereference_protected(svc->scheduler, 1);
8674 ++ if (sched && sched->upd_dest)
8675 + sched->upd_dest(svc, dest);
8676 + }
8677 + }
8678 +@@ -1070,7 +1071,7 @@ static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
8679 + struct ip_vs_scheduler *sched;
8680 +
8681 + sched = rcu_dereference_protected(svc->scheduler, 1);
8682 +- if (sched->del_dest)
8683 ++ if (sched && sched->del_dest)
8684 + sched->del_dest(svc, dest);
8685 + }
8686 + }
8687 +@@ -1161,11 +1162,14 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
8688 + ip_vs_use_count_inc();
8689 +
8690 + /* Lookup the scheduler by 'u->sched_name' */
8691 +- sched = ip_vs_scheduler_get(u->sched_name);
8692 +- if (sched == NULL) {
8693 +- pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name);
8694 +- ret = -ENOENT;
8695 +- goto out_err;
8696 ++ if (strcmp(u->sched_name, "none")) {
8697 ++ sched = ip_vs_scheduler_get(u->sched_name);
8698 ++ if (!sched) {
8699 ++ pr_info("Scheduler module ip_vs_%s not found\n",
8700 ++ u->sched_name);
8701 ++ ret = -ENOENT;
8702 ++ goto out_err;
8703 ++ }
8704 + }
8705 +
8706 + if (u->pe_name && *u->pe_name) {
8707 +@@ -1226,10 +1230,12 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
8708 + spin_lock_init(&svc->stats.lock);
8709 +
8710 + /* Bind the scheduler */
8711 +- ret = ip_vs_bind_scheduler(svc, sched);
8712 +- if (ret)
8713 +- goto out_err;
8714 +- sched = NULL;
8715 ++ if (sched) {
8716 ++ ret = ip_vs_bind_scheduler(svc, sched);
8717 ++ if (ret)
8718 ++ goto out_err;
8719 ++ sched = NULL;
8720 ++ }
8721 +
8722 + /* Bind the ct retriever */
8723 + RCU_INIT_POINTER(svc->pe, pe);
8724 +@@ -1277,17 +1283,20 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
8725 + static int
8726 + ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
8727 + {
8728 +- struct ip_vs_scheduler *sched, *old_sched;
8729 ++ struct ip_vs_scheduler *sched = NULL, *old_sched;
8730 + struct ip_vs_pe *pe = NULL, *old_pe = NULL;
8731 + int ret = 0;
8732 +
8733 + /*
8734 + * Lookup the scheduler, by 'u->sched_name'
8735 + */
8736 +- sched = ip_vs_scheduler_get(u->sched_name);
8737 +- if (sched == NULL) {
8738 +- pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name);
8739 +- return -ENOENT;
8740 ++ if (strcmp(u->sched_name, "none")) {
8741 ++ sched = ip_vs_scheduler_get(u->sched_name);
8742 ++ if (!sched) {
8743 ++ pr_info("Scheduler module ip_vs_%s not found\n",
8744 ++ u->sched_name);
8745 ++ return -ENOENT;
8746 ++ }
8747 + }
8748 + old_sched = sched;
8749 +
8750 +@@ -1315,14 +1324,20 @@ ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
8751 +
8752 + old_sched = rcu_dereference_protected(svc->scheduler, 1);
8753 + if (sched != old_sched) {
8754 ++ if (old_sched) {
8755 ++ ip_vs_unbind_scheduler(svc, old_sched);
8756 ++ RCU_INIT_POINTER(svc->scheduler, NULL);
8757 ++ /* Wait all svc->sched_data users */
8758 ++ synchronize_rcu();
8759 ++ }
8760 + /* Bind the new scheduler */
8761 +- ret = ip_vs_bind_scheduler(svc, sched);
8762 +- if (ret) {
8763 +- old_sched = sched;
8764 +- goto out;
8765 ++ if (sched) {
8766 ++ ret = ip_vs_bind_scheduler(svc, sched);
8767 ++ if (ret) {
8768 ++ ip_vs_scheduler_put(sched);
8769 ++ goto out;
8770 ++ }
8771 + }
8772 +- /* Unbind the old scheduler on success */
8773 +- ip_vs_unbind_scheduler(svc, old_sched);
8774 + }
8775 +
8776 + /*
8777 +@@ -1962,6 +1977,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
8778 + const struct ip_vs_iter *iter = seq->private;
8779 + const struct ip_vs_dest *dest;
8780 + struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler);
8781 ++ char *sched_name = sched ? sched->name : "none";
8782 +
8783 + if (iter->table == ip_vs_svc_table) {
8784 + #ifdef CONFIG_IP_VS_IPV6
8785 +@@ -1970,18 +1986,18 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
8786 + ip_vs_proto_name(svc->protocol),
8787 + &svc->addr.in6,
8788 + ntohs(svc->port),
8789 +- sched->name);
8790 ++ sched_name);
8791 + else
8792 + #endif
8793 + seq_printf(seq, "%s %08X:%04X %s %s ",
8794 + ip_vs_proto_name(svc->protocol),
8795 + ntohl(svc->addr.ip),
8796 + ntohs(svc->port),
8797 +- sched->name,
8798 ++ sched_name,
8799 + (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":"");
8800 + } else {
8801 + seq_printf(seq, "FWM %08X %s %s",
8802 +- svc->fwmark, sched->name,
8803 ++ svc->fwmark, sched_name,
8804 + (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":"");
8805 + }
8806 +
8807 +@@ -2401,13 +2417,15 @@ static void
8808 + ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src)
8809 + {
8810 + struct ip_vs_scheduler *sched;
8811 ++ char *sched_name;
8812 +
8813 + sched = rcu_dereference_protected(src->scheduler, 1);
8814 ++ sched_name = sched ? sched->name : "none";
8815 + dst->protocol = src->protocol;
8816 + dst->addr = src->addr.ip;
8817 + dst->port = src->port;
8818 + dst->fwmark = src->fwmark;
8819 +- strlcpy(dst->sched_name, sched->name, sizeof(dst->sched_name));
8820 ++ strlcpy(dst->sched_name, sched_name, sizeof(dst->sched_name));
8821 + dst->flags = src->flags;
8822 + dst->timeout = src->timeout / HZ;
8823 + dst->netmask = src->netmask;
8824 +@@ -2836,6 +2854,7 @@ static int ip_vs_genl_fill_service(struct sk_buff *skb,
8825 + struct nlattr *nl_service;
8826 + struct ip_vs_flags flags = { .flags = svc->flags,
8827 + .mask = ~0 };
8828 ++ char *sched_name;
8829 +
8830 + nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE);
8831 + if (!nl_service)
8832 +@@ -2854,8 +2873,9 @@ static int ip_vs_genl_fill_service(struct sk_buff *skb,
8833 + }
8834 +
8835 + sched = rcu_dereference_protected(svc->scheduler, 1);
8836 ++ sched_name = sched ? sched->name : "none";
8837 + pe = rcu_dereference_protected(svc->pe, 1);
8838 +- if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched->name) ||
8839 ++ if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched_name) ||
8840 + (pe && nla_put_string(skb, IPVS_SVC_ATTR_PE_NAME, pe->name)) ||
8841 + nla_put(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags) ||
8842 + nla_put_u32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ) ||
8843 +diff --git a/net/netfilter/ipvs/ip_vs_sched.c b/net/netfilter/ipvs/ip_vs_sched.c
8844 +index 4dbcda6258bc..21b6b515a09c 100644
8845 +--- a/net/netfilter/ipvs/ip_vs_sched.c
8846 ++++ b/net/netfilter/ipvs/ip_vs_sched.c
8847 +@@ -74,7 +74,7 @@ void ip_vs_unbind_scheduler(struct ip_vs_service *svc,
8848 +
8849 + if (sched->done_service)
8850 + sched->done_service(svc);
8851 +- /* svc->scheduler can not be set to NULL */
8852 ++ /* svc->scheduler can be set to NULL only by caller */
8853 + }
8854 +
8855 +
8856 +@@ -148,21 +148,21 @@ void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler)
8857 +
8858 + void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg)
8859 + {
8860 +- struct ip_vs_scheduler *sched;
8861 ++ struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler);
8862 ++ char *sched_name = sched ? sched->name : "none";
8863 +
8864 +- sched = rcu_dereference(svc->scheduler);
8865 + if (svc->fwmark) {
8866 + IP_VS_ERR_RL("%s: FWM %u 0x%08X - %s\n",
8867 +- sched->name, svc->fwmark, svc->fwmark, msg);
8868 ++ sched_name, svc->fwmark, svc->fwmark, msg);
8869 + #ifdef CONFIG_IP_VS_IPV6
8870 + } else if (svc->af == AF_INET6) {
8871 + IP_VS_ERR_RL("%s: %s [%pI6c]:%d - %s\n",
8872 +- sched->name, ip_vs_proto_name(svc->protocol),
8873 ++ sched_name, ip_vs_proto_name(svc->protocol),
8874 + &svc->addr.in6, ntohs(svc->port), msg);
8875 + #endif
8876 + } else {
8877 + IP_VS_ERR_RL("%s: %s %pI4:%d - %s\n",
8878 +- sched->name, ip_vs_proto_name(svc->protocol),
8879 ++ sched_name, ip_vs_proto_name(svc->protocol),
8880 + &svc->addr.ip, ntohs(svc->port), msg);
8881 + }
8882 + }
8883 +diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
8884 +index 7162c86fd50d..72fac696c85e 100644
8885 +--- a/net/netfilter/ipvs/ip_vs_sync.c
8886 ++++ b/net/netfilter/ipvs/ip_vs_sync.c
8887 +@@ -612,7 +612,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp,
8888 + pkts = atomic_add_return(1, &cp->in_pkts);
8889 + else
8890 + pkts = sysctl_sync_threshold(ipvs);
8891 +- ip_vs_sync_conn(net, cp->control, pkts);
8892 ++ ip_vs_sync_conn(net, cp, pkts);
8893 + }
8894 + }
8895 +
8896 +diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
8897 +index bd90bf8107da..72f030878e7a 100644
8898 +--- a/net/netfilter/ipvs/ip_vs_xmit.c
8899 ++++ b/net/netfilter/ipvs/ip_vs_xmit.c
8900 +@@ -130,7 +130,6 @@ static struct rtable *do_output_route4(struct net *net, __be32 daddr,
8901 +
8902 + memset(&fl4, 0, sizeof(fl4));
8903 + fl4.daddr = daddr;
8904 +- fl4.saddr = (rt_mode & IP_VS_RT_MODE_CONNECT) ? *saddr : 0;
8905 + fl4.flowi4_flags = (rt_mode & IP_VS_RT_MODE_KNOWN_NH) ?
8906 + FLOWI_FLAG_KNOWN_NH : 0;
8907 +
8908 +@@ -524,6 +523,21 @@ static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb,
8909 + return ret;
8910 + }
8911 +
8912 ++/* In the event of a remote destination, it's possible that we would have
8913 ++ * matches against an old socket (particularly a TIME-WAIT socket). This
8914 ++ * causes havoc down the line (ip_local_out et. al. expect regular sockets
8915 ++ * and invalid memory accesses will happen) so simply drop the association
8916 ++ * in this case.
8917 ++*/
8918 ++static inline void ip_vs_drop_early_demux_sk(struct sk_buff *skb)
8919 ++{
8920 ++ /* If dev is set, the packet came from the LOCAL_IN callback and
8921 ++ * not from a local TCP socket.
8922 ++ */
8923 ++ if (skb->dev)
8924 ++ skb_orphan(skb);
8925 ++}
8926 ++
8927 + /* return NF_STOLEN (sent) or NF_ACCEPT if local=1 (not sent) */
8928 + static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb,
8929 + struct ip_vs_conn *cp, int local)
8930 +@@ -535,12 +549,21 @@ static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb,
8931 + ip_vs_notrack(skb);
8932 + else
8933 + ip_vs_update_conntrack(skb, cp, 1);
8934 ++
8935 ++ /* Remove the early_demux association unless it's bound for the
8936 ++ * exact same port and address on this host after translation.
8937 ++ */
8938 ++ if (!local || cp->vport != cp->dport ||
8939 ++ !ip_vs_addr_equal(cp->af, &cp->vaddr, &cp->daddr))
8940 ++ ip_vs_drop_early_demux_sk(skb);
8941 ++
8942 + if (!local) {
8943 + skb_forward_csum(skb);
8944 + NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev,
8945 + dst_output);
8946 + } else
8947 + ret = NF_ACCEPT;
8948 ++
8949 + return ret;
8950 + }
8951 +
8952 +@@ -554,6 +577,7 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb,
8953 + if (likely(!(cp->flags & IP_VS_CONN_F_NFCT)))
8954 + ip_vs_notrack(skb);
8955 + if (!local) {
8956 ++ ip_vs_drop_early_demux_sk(skb);
8957 + skb_forward_csum(skb);
8958 + NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev,
8959 + dst_output);
8960 +@@ -842,6 +866,8 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af,
8961 + struct ipv6hdr *old_ipv6h = NULL;
8962 + #endif
8963 +
8964 ++ ip_vs_drop_early_demux_sk(skb);
8965 ++
8966 + if (skb_headroom(skb) < max_headroom || skb_cloned(skb)) {
8967 + new_skb = skb_realloc_headroom(skb, max_headroom);
8968 + if (!new_skb)
8969 +diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
8970 +index 91a1837acd0e..26af45193ab7 100644
8971 +--- a/net/netfilter/nf_conntrack_expect.c
8972 ++++ b/net/netfilter/nf_conntrack_expect.c
8973 +@@ -219,7 +219,8 @@ static inline int expect_clash(const struct nf_conntrack_expect *a,
8974 + a->mask.src.u3.all[count] & b->mask.src.u3.all[count];
8975 + }
8976 +
8977 +- return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask);
8978 ++ return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask) &&
8979 ++ nf_ct_zone(a->master) == nf_ct_zone(b->master);
8980 + }
8981 +
8982 + static inline int expect_matches(const struct nf_conntrack_expect *a,
8983 +diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
8984 +index 1bd9ed9e62f6..d3ea2999d0dc 100644
8985 +--- a/net/netfilter/nf_conntrack_netlink.c
8986 ++++ b/net/netfilter/nf_conntrack_netlink.c
8987 +@@ -2956,11 +2956,6 @@ ctnetlink_create_expect(struct net *net, u16 zone,
8988 + }
8989 +
8990 + err = nf_ct_expect_related_report(exp, portid, report);
8991 +- if (err < 0)
8992 +- goto err_exp;
8993 +-
8994 +- return 0;
8995 +-err_exp:
8996 + nf_ct_expect_put(exp);
8997 + err_ct:
8998 + nf_ct_put(ct);
8999 +diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
9000 +index d7197649dba6..cfe93c2227c5 100644
9001 +--- a/net/netfilter/nf_log.c
9002 ++++ b/net/netfilter/nf_log.c
9003 +@@ -19,6 +19,9 @@
9004 + static struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly;
9005 + static DEFINE_MUTEX(nf_log_mutex);
9006 +
9007 ++#define nft_log_dereference(logger) \
9008 ++ rcu_dereference_protected(logger, lockdep_is_held(&nf_log_mutex))
9009 ++
9010 + static struct nf_logger *__find_logger(int pf, const char *str_logger)
9011 + {
9012 + struct nf_logger *log;
9013 +@@ -28,8 +31,7 @@ static struct nf_logger *__find_logger(int pf, const char *str_logger)
9014 + if (loggers[pf][i] == NULL)
9015 + continue;
9016 +
9017 +- log = rcu_dereference_protected(loggers[pf][i],
9018 +- lockdep_is_held(&nf_log_mutex));
9019 ++ log = nft_log_dereference(loggers[pf][i]);
9020 + if (!strncasecmp(str_logger, log->name, strlen(log->name)))
9021 + return log;
9022 + }
9023 +@@ -45,8 +47,7 @@ void nf_log_set(struct net *net, u_int8_t pf, const struct nf_logger *logger)
9024 + return;
9025 +
9026 + mutex_lock(&nf_log_mutex);
9027 +- log = rcu_dereference_protected(net->nf.nf_loggers[pf],
9028 +- lockdep_is_held(&nf_log_mutex));
9029 ++ log = nft_log_dereference(net->nf.nf_loggers[pf]);
9030 + if (log == NULL)
9031 + rcu_assign_pointer(net->nf.nf_loggers[pf], logger);
9032 +
9033 +@@ -61,8 +62,7 @@ void nf_log_unset(struct net *net, const struct nf_logger *logger)
9034 +
9035 + mutex_lock(&nf_log_mutex);
9036 + for (i = 0; i < NFPROTO_NUMPROTO; i++) {
9037 +- log = rcu_dereference_protected(net->nf.nf_loggers[i],
9038 +- lockdep_is_held(&nf_log_mutex));
9039 ++ log = nft_log_dereference(net->nf.nf_loggers[i]);
9040 + if (log == logger)
9041 + RCU_INIT_POINTER(net->nf.nf_loggers[i], NULL);
9042 + }
9043 +@@ -97,12 +97,17 @@ EXPORT_SYMBOL(nf_log_register);
9044 +
9045 + void nf_log_unregister(struct nf_logger *logger)
9046 + {
9047 ++ const struct nf_logger *log;
9048 + int i;
9049 +
9050 + mutex_lock(&nf_log_mutex);
9051 +- for (i = 0; i < NFPROTO_NUMPROTO; i++)
9052 +- RCU_INIT_POINTER(loggers[i][logger->type], NULL);
9053 ++ for (i = 0; i < NFPROTO_NUMPROTO; i++) {
9054 ++ log = nft_log_dereference(loggers[i][logger->type]);
9055 ++ if (log == logger)
9056 ++ RCU_INIT_POINTER(loggers[i][logger->type], NULL);
9057 ++ }
9058 + mutex_unlock(&nf_log_mutex);
9059 ++ synchronize_rcu();
9060 + }
9061 + EXPORT_SYMBOL(nf_log_unregister);
9062 +
9063 +@@ -297,8 +302,7 @@ static int seq_show(struct seq_file *s, void *v)
9064 + int i, ret;
9065 + struct net *net = seq_file_net(s);
9066 +
9067 +- logger = rcu_dereference_protected(net->nf.nf_loggers[*pos],
9068 +- lockdep_is_held(&nf_log_mutex));
9069 ++ logger = nft_log_dereference(net->nf.nf_loggers[*pos]);
9070 +
9071 + if (!logger)
9072 + ret = seq_printf(s, "%2lld NONE (", *pos);
9073 +@@ -312,8 +316,7 @@ static int seq_show(struct seq_file *s, void *v)
9074 + if (loggers[*pos][i] == NULL)
9075 + continue;
9076 +
9077 +- logger = rcu_dereference_protected(loggers[*pos][i],
9078 +- lockdep_is_held(&nf_log_mutex));
9079 ++ logger = nft_log_dereference(loggers[*pos][i]);
9080 + ret = seq_printf(s, "%s", logger->name);
9081 + if (ret < 0)
9082 + return ret;
9083 +@@ -385,8 +388,7 @@ static int nf_log_proc_dostring(struct ctl_table *table, int write,
9084 + mutex_unlock(&nf_log_mutex);
9085 + } else {
9086 + mutex_lock(&nf_log_mutex);
9087 +- logger = rcu_dereference_protected(net->nf.nf_loggers[tindex],
9088 +- lockdep_is_held(&nf_log_mutex));
9089 ++ logger = nft_log_dereference(net->nf.nf_loggers[tindex]);
9090 + if (!logger)
9091 + table->data = "NONE";
9092 + else
9093 +diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
9094 +index 1aa7049c93f5..e41bab38a3ca 100644
9095 +--- a/net/netfilter/nfnetlink.c
9096 ++++ b/net/netfilter/nfnetlink.c
9097 +@@ -433,6 +433,7 @@ done:
9098 + static void nfnetlink_rcv(struct sk_buff *skb)
9099 + {
9100 + struct nlmsghdr *nlh = nlmsg_hdr(skb);
9101 ++ u_int16_t res_id;
9102 + int msglen;
9103 +
9104 + if (nlh->nlmsg_len < NLMSG_HDRLEN ||
9105 +@@ -457,7 +458,12 @@ static void nfnetlink_rcv(struct sk_buff *skb)
9106 +
9107 + nfgenmsg = nlmsg_data(nlh);
9108 + skb_pull(skb, msglen);
9109 +- nfnetlink_rcv_batch(skb, nlh, nfgenmsg->res_id);
9110 ++ /* Work around old nft using host byte order */
9111 ++ if (nfgenmsg->res_id == NFNL_SUBSYS_NFTABLES)
9112 ++ res_id = NFNL_SUBSYS_NFTABLES;
9113 ++ else
9114 ++ res_id = ntohs(nfgenmsg->res_id);
9115 ++ nfnetlink_rcv_batch(skb, nlh, res_id);
9116 + } else {
9117 + netlink_rcv_skb(skb, &nfnetlink_rcv_msg);
9118 + }
9119 +diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
9120 +index e22a2961cc39..ff6f35971ea2 100644
9121 +--- a/net/netfilter/nft_compat.c
9122 ++++ b/net/netfilter/nft_compat.c
9123 +@@ -561,6 +561,13 @@ struct nft_xt {
9124 +
9125 + static struct nft_expr_type nft_match_type;
9126 +
9127 ++static bool nft_match_cmp(const struct xt_match *match,
9128 ++ const char *name, u32 rev, u32 family)
9129 ++{
9130 ++ return strcmp(match->name, name) == 0 && match->revision == rev &&
9131 ++ (match->family == NFPROTO_UNSPEC || match->family == family);
9132 ++}
9133 ++
9134 + static const struct nft_expr_ops *
9135 + nft_match_select_ops(const struct nft_ctx *ctx,
9136 + const struct nlattr * const tb[])
9137 +@@ -568,7 +575,7 @@ nft_match_select_ops(const struct nft_ctx *ctx,
9138 + struct nft_xt *nft_match;
9139 + struct xt_match *match;
9140 + char *mt_name;
9141 +- __u32 rev, family;
9142 ++ u32 rev, family;
9143 +
9144 + if (tb[NFTA_MATCH_NAME] == NULL ||
9145 + tb[NFTA_MATCH_REV] == NULL ||
9146 +@@ -583,9 +590,12 @@ nft_match_select_ops(const struct nft_ctx *ctx,
9147 + list_for_each_entry(nft_match, &nft_match_list, head) {
9148 + struct xt_match *match = nft_match->ops.data;
9149 +
9150 +- if (strcmp(match->name, mt_name) == 0 &&
9151 +- match->revision == rev && match->family == family)
9152 ++ if (nft_match_cmp(match, mt_name, rev, family)) {
9153 ++ if (!try_module_get(match->me))
9154 ++ return ERR_PTR(-ENOENT);
9155 ++
9156 + return &nft_match->ops;
9157 ++ }
9158 + }
9159 +
9160 + match = xt_request_find_match(family, mt_name, rev);
9161 +@@ -631,6 +641,13 @@ static LIST_HEAD(nft_target_list);
9162 +
9163 + static struct nft_expr_type nft_target_type;
9164 +
9165 ++static bool nft_target_cmp(const struct xt_target *tg,
9166 ++ const char *name, u32 rev, u32 family)
9167 ++{
9168 ++ return strcmp(tg->name, name) == 0 && tg->revision == rev &&
9169 ++ (tg->family == NFPROTO_UNSPEC || tg->family == family);
9170 ++}
9171 ++
9172 + static const struct nft_expr_ops *
9173 + nft_target_select_ops(const struct nft_ctx *ctx,
9174 + const struct nlattr * const tb[])
9175 +@@ -638,7 +655,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
9176 + struct nft_xt *nft_target;
9177 + struct xt_target *target;
9178 + char *tg_name;
9179 +- __u32 rev, family;
9180 ++ u32 rev, family;
9181 +
9182 + if (tb[NFTA_TARGET_NAME] == NULL ||
9183 + tb[NFTA_TARGET_REV] == NULL ||
9184 +@@ -653,9 +670,12 @@ nft_target_select_ops(const struct nft_ctx *ctx,
9185 + list_for_each_entry(nft_target, &nft_target_list, head) {
9186 + struct xt_target *target = nft_target->ops.data;
9187 +
9188 +- if (strcmp(target->name, tg_name) == 0 &&
9189 +- target->revision == rev && target->family == family)
9190 ++ if (nft_target_cmp(target, tg_name, rev, family)) {
9191 ++ if (!try_module_get(target->me))
9192 ++ return ERR_PTR(-ENOENT);
9193 ++
9194 + return &nft_target->ops;
9195 ++ }
9196 + }
9197 +
9198 + target = xt_request_find_target(family, tg_name, rev);
9199 +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
9200 +index 6ffd1ebaba93..fe106b50053e 100644
9201 +--- a/net/netlink/af_netlink.c
9202 ++++ b/net/netlink/af_netlink.c
9203 +@@ -133,6 +133,24 @@ static inline u32 netlink_group_mask(u32 group)
9204 + return group ? 1 << (group - 1) : 0;
9205 + }
9206 +
9207 ++static struct sk_buff *netlink_to_full_skb(const struct sk_buff *skb,
9208 ++ gfp_t gfp_mask)
9209 ++{
9210 ++ unsigned int len = skb_end_offset(skb);
9211 ++ struct sk_buff *new;
9212 ++
9213 ++ new = alloc_skb(len, gfp_mask);
9214 ++ if (new == NULL)
9215 ++ return NULL;
9216 ++
9217 ++ NETLINK_CB(new).portid = NETLINK_CB(skb).portid;
9218 ++ NETLINK_CB(new).dst_group = NETLINK_CB(skb).dst_group;
9219 ++ NETLINK_CB(new).creds = NETLINK_CB(skb).creds;
9220 ++
9221 ++ memcpy(skb_put(new, len), skb->data, len);
9222 ++ return new;
9223 ++}
9224 ++
9225 + int netlink_add_tap(struct netlink_tap *nt)
9226 + {
9227 + if (unlikely(nt->dev->type != ARPHRD_NETLINK))
9228 +@@ -215,7 +233,11 @@ static int __netlink_deliver_tap_skb(struct sk_buff *skb,
9229 + int ret = -ENOMEM;
9230 +
9231 + dev_hold(dev);
9232 +- nskb = skb_clone(skb, GFP_ATOMIC);
9233 ++
9234 ++ if (netlink_skb_is_mmaped(skb) || is_vmalloc_addr(skb->head))
9235 ++ nskb = netlink_to_full_skb(skb, GFP_ATOMIC);
9236 ++ else
9237 ++ nskb = skb_clone(skb, GFP_ATOMIC);
9238 + if (nskb) {
9239 + nskb->dev = dev;
9240 + nskb->protocol = htons((u16) sk->sk_protocol);
9241 +@@ -287,11 +309,6 @@ static void netlink_rcv_wake(struct sock *sk)
9242 + }
9243 +
9244 + #ifdef CONFIG_NETLINK_MMAP
9245 +-static bool netlink_skb_is_mmaped(const struct sk_buff *skb)
9246 +-{
9247 +- return NETLINK_CB(skb).flags & NETLINK_SKB_MMAPED;
9248 +-}
9249 +-
9250 + static bool netlink_rx_is_mmaped(struct sock *sk)
9251 + {
9252 + return nlk_sk(sk)->rx_ring.pg_vec != NULL;
9253 +@@ -843,7 +860,6 @@ static void netlink_ring_set_copied(struct sock *sk, struct sk_buff *skb)
9254 + }
9255 +
9256 + #else /* CONFIG_NETLINK_MMAP */
9257 +-#define netlink_skb_is_mmaped(skb) false
9258 + #define netlink_rx_is_mmaped(sk) false
9259 + #define netlink_tx_is_mmaped(sk) false
9260 + #define netlink_mmap sock_no_mmap
9261 +diff --git a/net/netlink/af_netlink.h b/net/netlink/af_netlink.h
9262 +index b20a1731759b..3951874e715d 100644
9263 +--- a/net/netlink/af_netlink.h
9264 ++++ b/net/netlink/af_netlink.h
9265 +@@ -57,6 +57,15 @@ static inline struct netlink_sock *nlk_sk(struct sock *sk)
9266 + return container_of(sk, struct netlink_sock, sk);
9267 + }
9268 +
9269 ++static inline bool netlink_skb_is_mmaped(const struct sk_buff *skb)
9270 ++{
9271 ++#ifdef CONFIG_NETLINK_MMAP
9272 ++ return NETLINK_CB(skb).flags & NETLINK_SKB_MMAPED;
9273 ++#else
9274 ++ return false;
9275 ++#endif /* CONFIG_NETLINK_MMAP */
9276 ++}
9277 ++
9278 + struct netlink_table {
9279 + struct rhashtable hash;
9280 + struct hlist_head mc_list;
9281 +diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
9282 +index 28213dff723d..acf6b2edba65 100644
9283 +--- a/net/openvswitch/datapath.c
9284 ++++ b/net/openvswitch/datapath.c
9285 +@@ -834,7 +834,7 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
9286 + if (error)
9287 + goto err_kfree_flow;
9288 +
9289 +- ovs_flow_mask_key(&new_flow->key, &new_flow->unmasked_key, &mask);
9290 ++ ovs_flow_mask_key(&new_flow->key, &new_flow->unmasked_key, true, &mask);
9291 +
9292 + /* Validate actions. */
9293 + acts = ovs_nla_alloc_flow_actions(nla_len(a[OVS_FLOW_ATTR_ACTIONS]));
9294 +@@ -949,7 +949,7 @@ static struct sw_flow_actions *get_flow_actions(const struct nlattr *a,
9295 + if (IS_ERR(acts))
9296 + return acts;
9297 +
9298 +- ovs_flow_mask_key(&masked_key, key, mask);
9299 ++ ovs_flow_mask_key(&masked_key, key, true, mask);
9300 + error = ovs_nla_copy_actions(a, &masked_key, 0, &acts);
9301 + if (error) {
9302 + OVS_NLERR("Flow actions may not be safe on all matching packets.\n");
9303 +diff --git a/net/openvswitch/flow_table.c b/net/openvswitch/flow_table.c
9304 +index cf2d853646f0..740041a09b9d 100644
9305 +--- a/net/openvswitch/flow_table.c
9306 ++++ b/net/openvswitch/flow_table.c
9307 +@@ -56,20 +56,21 @@ static u16 range_n_bytes(const struct sw_flow_key_range *range)
9308 + }
9309 +
9310 + void ovs_flow_mask_key(struct sw_flow_key *dst, const struct sw_flow_key *src,
9311 +- const struct sw_flow_mask *mask)
9312 ++ bool full, const struct sw_flow_mask *mask)
9313 + {
9314 +- const long *m = (const long *)((const u8 *)&mask->key +
9315 +- mask->range.start);
9316 +- const long *s = (const long *)((const u8 *)src +
9317 +- mask->range.start);
9318 +- long *d = (long *)((u8 *)dst + mask->range.start);
9319 ++ int start = full ? 0 : mask->range.start;
9320 ++ int len = full ? sizeof *dst : range_n_bytes(&mask->range);
9321 ++ const long *m = (const long *)((const u8 *)&mask->key + start);
9322 ++ const long *s = (const long *)((const u8 *)src + start);
9323 ++ long *d = (long *)((u8 *)dst + start);
9324 + int i;
9325 +
9326 +- /* The memory outside of the 'mask->range' are not set since
9327 +- * further operations on 'dst' only uses contents within
9328 +- * 'mask->range'.
9329 ++ /* If 'full' is true then all of 'dst' is fully initialized. Otherwise,
9330 ++ * if 'full' is false the memory outside of the 'mask->range' is left
9331 ++ * uninitialized. This can be used as an optimization when further
9332 ++ * operations on 'dst' only use contents within 'mask->range'.
9333 + */
9334 +- for (i = 0; i < range_n_bytes(&mask->range); i += sizeof(long))
9335 ++ for (i = 0; i < len; i += sizeof(long))
9336 + *d++ = *s++ & *m++;
9337 + }
9338 +
9339 +@@ -418,7 +419,7 @@ static struct sw_flow *masked_flow_lookup(struct table_instance *ti,
9340 + u32 hash;
9341 + struct sw_flow_key masked_key;
9342 +
9343 +- ovs_flow_mask_key(&masked_key, unmasked, mask);
9344 ++ ovs_flow_mask_key(&masked_key, unmasked, false, mask);
9345 + hash = flow_hash(&masked_key, key_start, key_end);
9346 + head = find_bucket(ti, hash);
9347 + hlist_for_each_entry_rcu(flow, head, hash_node[ti->node_ver]) {
9348 +diff --git a/net/openvswitch/flow_table.h b/net/openvswitch/flow_table.h
9349 +index 5918bff7f3f6..2f0cf200ede9 100644
9350 +--- a/net/openvswitch/flow_table.h
9351 ++++ b/net/openvswitch/flow_table.h
9352 +@@ -82,5 +82,5 @@ bool ovs_flow_cmp_unmasked_key(const struct sw_flow *flow,
9353 + struct sw_flow_match *match);
9354 +
9355 + void ovs_flow_mask_key(struct sw_flow_key *dst, const struct sw_flow_key *src,
9356 +- const struct sw_flow_mask *mask);
9357 ++ bool full, const struct sw_flow_mask *mask);
9358 + #endif /* flow_table.h */
9359 +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
9360 +index 5dcfe05ea232..bf6097793170 100644
9361 +--- a/net/packet/af_packet.c
9362 ++++ b/net/packet/af_packet.c
9363 +@@ -2645,7 +2645,7 @@ static int packet_release(struct socket *sock)
9364 + static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
9365 + {
9366 + struct packet_sock *po = pkt_sk(sk);
9367 +- const struct net_device *dev_curr;
9368 ++ struct net_device *dev_curr;
9369 + __be16 proto_curr;
9370 + bool need_rehook;
9371 +
9372 +@@ -2669,15 +2669,13 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
9373 +
9374 + po->num = proto;
9375 + po->prot_hook.type = proto;
9376 +-
9377 +- if (po->prot_hook.dev)
9378 +- dev_put(po->prot_hook.dev);
9379 +-
9380 + po->prot_hook.dev = dev;
9381 +
9382 + po->ifindex = dev ? dev->ifindex : 0;
9383 + packet_cached_dev_assign(po, dev);
9384 + }
9385 ++ if (dev_curr)
9386 ++ dev_put(dev_curr);
9387 +
9388 + if (proto == 0 || !need_rehook)
9389 + goto out_unlock;
9390 +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
9391 +index 8f34b27d5775..143c4ebd55fa 100644
9392 +--- a/net/sctp/protocol.c
9393 ++++ b/net/sctp/protocol.c
9394 +@@ -1166,7 +1166,7 @@ static void sctp_v4_del_protocol(void)
9395 + unregister_inetaddr_notifier(&sctp_inetaddr_notifier);
9396 + }
9397 +
9398 +-static int __net_init sctp_net_init(struct net *net)
9399 ++static int __net_init sctp_defaults_init(struct net *net)
9400 + {
9401 + int status;
9402 +
9403 +@@ -1259,12 +1259,6 @@ static int __net_init sctp_net_init(struct net *net)
9404 +
9405 + sctp_dbg_objcnt_init(net);
9406 +
9407 +- /* Initialize the control inode/socket for handling OOTB packets. */
9408 +- if ((status = sctp_ctl_sock_init(net))) {
9409 +- pr_err("Failed to initialize the SCTP control sock\n");
9410 +- goto err_ctl_sock_init;
9411 +- }
9412 +-
9413 + /* Initialize the local address list. */
9414 + INIT_LIST_HEAD(&net->sctp.local_addr_list);
9415 + spin_lock_init(&net->sctp.local_addr_lock);
9416 +@@ -1280,9 +1274,6 @@ static int __net_init sctp_net_init(struct net *net)
9417 +
9418 + return 0;
9419 +
9420 +-err_ctl_sock_init:
9421 +- sctp_dbg_objcnt_exit(net);
9422 +- sctp_proc_exit(net);
9423 + err_init_proc:
9424 + cleanup_sctp_mibs(net);
9425 + err_init_mibs:
9426 +@@ -1291,15 +1282,12 @@ err_sysctl_register:
9427 + return status;
9428 + }
9429 +
9430 +-static void __net_exit sctp_net_exit(struct net *net)
9431 ++static void __net_exit sctp_defaults_exit(struct net *net)
9432 + {
9433 + /* Free the local address list */
9434 + sctp_free_addr_wq(net);
9435 + sctp_free_local_addr_list(net);
9436 +
9437 +- /* Free the control endpoint. */
9438 +- inet_ctl_sock_destroy(net->sctp.ctl_sock);
9439 +-
9440 + sctp_dbg_objcnt_exit(net);
9441 +
9442 + sctp_proc_exit(net);
9443 +@@ -1307,9 +1295,32 @@ static void __net_exit sctp_net_exit(struct net *net)
9444 + sctp_sysctl_net_unregister(net);
9445 + }
9446 +
9447 +-static struct pernet_operations sctp_net_ops = {
9448 +- .init = sctp_net_init,
9449 +- .exit = sctp_net_exit,
9450 ++static struct pernet_operations sctp_defaults_ops = {
9451 ++ .init = sctp_defaults_init,
9452 ++ .exit = sctp_defaults_exit,
9453 ++};
9454 ++
9455 ++static int __net_init sctp_ctrlsock_init(struct net *net)
9456 ++{
9457 ++ int status;
9458 ++
9459 ++ /* Initialize the control inode/socket for handling OOTB packets. */
9460 ++ status = sctp_ctl_sock_init(net);
9461 ++ if (status)
9462 ++ pr_err("Failed to initialize the SCTP control sock\n");
9463 ++
9464 ++ return status;
9465 ++}
9466 ++
9467 ++static void __net_init sctp_ctrlsock_exit(struct net *net)
9468 ++{
9469 ++ /* Free the control endpoint. */
9470 ++ inet_ctl_sock_destroy(net->sctp.ctl_sock);
9471 ++}
9472 ++
9473 ++static struct pernet_operations sctp_ctrlsock_ops = {
9474 ++ .init = sctp_ctrlsock_init,
9475 ++ .exit = sctp_ctrlsock_exit,
9476 + };
9477 +
9478 + /* Initialize the universe into something sensible. */
9479 +@@ -1443,8 +1454,11 @@ static __init int sctp_init(void)
9480 + sctp_v4_pf_init();
9481 + sctp_v6_pf_init();
9482 +
9483 +- status = sctp_v4_protosw_init();
9484 ++ status = register_pernet_subsys(&sctp_defaults_ops);
9485 ++ if (status)
9486 ++ goto err_register_defaults;
9487 +
9488 ++ status = sctp_v4_protosw_init();
9489 + if (status)
9490 + goto err_protosw_init;
9491 +
9492 +@@ -1452,9 +1466,9 @@ static __init int sctp_init(void)
9493 + if (status)
9494 + goto err_v6_protosw_init;
9495 +
9496 +- status = register_pernet_subsys(&sctp_net_ops);
9497 ++ status = register_pernet_subsys(&sctp_ctrlsock_ops);
9498 + if (status)
9499 +- goto err_register_pernet_subsys;
9500 ++ goto err_register_ctrlsock;
9501 +
9502 + status = sctp_v4_add_protocol();
9503 + if (status)
9504 +@@ -1470,12 +1484,14 @@ out:
9505 + err_v6_add_protocol:
9506 + sctp_v4_del_protocol();
9507 + err_add_protocol:
9508 +- unregister_pernet_subsys(&sctp_net_ops);
9509 +-err_register_pernet_subsys:
9510 ++ unregister_pernet_subsys(&sctp_ctrlsock_ops);
9511 ++err_register_ctrlsock:
9512 + sctp_v6_protosw_exit();
9513 + err_v6_protosw_init:
9514 + sctp_v4_protosw_exit();
9515 + err_protosw_init:
9516 ++ unregister_pernet_subsys(&sctp_defaults_ops);
9517 ++err_register_defaults:
9518 + sctp_v4_pf_exit();
9519 + sctp_v6_pf_exit();
9520 + sctp_sysctl_unregister();
9521 +@@ -1508,12 +1524,14 @@ static __exit void sctp_exit(void)
9522 + sctp_v6_del_protocol();
9523 + sctp_v4_del_protocol();
9524 +
9525 +- unregister_pernet_subsys(&sctp_net_ops);
9526 ++ unregister_pernet_subsys(&sctp_ctrlsock_ops);
9527 +
9528 + /* Free protosw registrations */
9529 + sctp_v6_protosw_exit();
9530 + sctp_v4_protosw_exit();
9531 +
9532 ++ unregister_pernet_subsys(&sctp_defaults_ops);
9533 ++
9534 + /* Unregister with socket layer. */
9535 + sctp_v6_pf_exit();
9536 + sctp_v4_pf_exit();
9537 +diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
9538 +index 9f1b50689c0f..03252a652e4b 100644
9539 +--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c
9540 ++++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
9541 +@@ -372,6 +372,7 @@ static int send_reply(struct svcxprt_rdma *rdma,
9542 + int byte_count)
9543 + {
9544 + struct ib_send_wr send_wr;
9545 ++ u32 xdr_off;
9546 + int sge_no;
9547 + int sge_bytes;
9548 + int page_no;
9549 +@@ -406,8 +407,8 @@ static int send_reply(struct svcxprt_rdma *rdma,
9550 + ctxt->direction = DMA_TO_DEVICE;
9551 +
9552 + /* Map the payload indicated by 'byte_count' */
9553 ++ xdr_off = 0;
9554 + for (sge_no = 1; byte_count && sge_no < vec->count; sge_no++) {
9555 +- int xdr_off = 0;
9556 + sge_bytes = min_t(size_t, vec->sge[sge_no].iov_len, byte_count);
9557 + byte_count -= sge_bytes;
9558 + ctxt->sge[sge_no].addr =
9559 +@@ -443,6 +444,14 @@ static int send_reply(struct svcxprt_rdma *rdma,
9560 + rqstp->rq_next_page = rqstp->rq_respages + 1;
9561 +
9562 + BUG_ON(sge_no > rdma->sc_max_sge);
9563 ++
9564 ++ /* The loop above bumps sc_dma_used for each sge. The
9565 ++ * xdr_buf.tail gets a separate sge, but resides in the
9566 ++ * same page as xdr_buf.head. Don't count it twice.
9567 ++ */
9568 ++ if (sge_no > ctxt->count)
9569 ++ atomic_dec(&rdma->sc_dma_used);
9570 ++
9571 + memset(&send_wr, 0, sizeof send_wr);
9572 + ctxt->wr_op = IB_WR_SEND;
9573 + send_wr.wr_id = (unsigned long)ctxt;
9574 +diff --git a/sound/arm/Kconfig b/sound/arm/Kconfig
9575 +index 885683a3b0bd..e0406211716b 100644
9576 +--- a/sound/arm/Kconfig
9577 ++++ b/sound/arm/Kconfig
9578 +@@ -9,6 +9,14 @@ menuconfig SND_ARM
9579 + Drivers that are implemented on ASoC can be found in
9580 + "ALSA for SoC audio support" section.
9581 +
9582 ++config SND_PXA2XX_LIB
9583 ++ tristate
9584 ++ select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97
9585 ++ select SND_DMAENGINE_PCM
9586 ++
9587 ++config SND_PXA2XX_LIB_AC97
9588 ++ bool
9589 ++
9590 + if SND_ARM
9591 +
9592 + config SND_ARMAACI
9593 +@@ -21,13 +29,6 @@ config SND_PXA2XX_PCM
9594 + tristate
9595 + select SND_PCM
9596 +
9597 +-config SND_PXA2XX_LIB
9598 +- tristate
9599 +- select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97
9600 +-
9601 +-config SND_PXA2XX_LIB_AC97
9602 +- bool
9603 +-
9604 + config SND_PXA2XX_AC97
9605 + tristate "AC97 driver for the Intel PXA2xx chip"
9606 + depends on ARCH_PXA
9607 +diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
9608 +index e5dac8ea65e4..1b3b38d025fc 100644
9609 +--- a/sound/pci/hda/patch_cirrus.c
9610 ++++ b/sound/pci/hda/patch_cirrus.c
9611 +@@ -634,6 +634,7 @@ static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
9612 + SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11),
9613 + SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
9614 + SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
9615 ++ SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11),
9616 + {} /* terminator */
9617 + };
9618 +
9619 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
9620 +index f979293b421a..d36cdb27a02c 100644
9621 +--- a/sound/pci/hda/patch_realtek.c
9622 ++++ b/sound/pci/hda/patch_realtek.c
9623 +@@ -1131,7 +1131,7 @@ static const struct hda_fixup alc880_fixups[] = {
9624 + /* override all pins as BIOS on old Amilo is broken */
9625 + .type = HDA_FIXUP_PINS,
9626 + .v.pins = (const struct hda_pintbl[]) {
9627 +- { 0x14, 0x0121411f }, /* HP */
9628 ++ { 0x14, 0x0121401f }, /* HP */
9629 + { 0x15, 0x99030120 }, /* speaker */
9630 + { 0x16, 0x99030130 }, /* bass speaker */
9631 + { 0x17, 0x411111f0 }, /* N/A */
9632 +@@ -1151,7 +1151,7 @@ static const struct hda_fixup alc880_fixups[] = {
9633 + /* almost compatible with FUJITSU, but no bass and SPDIF */
9634 + .type = HDA_FIXUP_PINS,
9635 + .v.pins = (const struct hda_pintbl[]) {
9636 +- { 0x14, 0x0121411f }, /* HP */
9637 ++ { 0x14, 0x0121401f }, /* HP */
9638 + { 0x15, 0x99030120 }, /* speaker */
9639 + { 0x16, 0x411111f0 }, /* N/A */
9640 + { 0x17, 0x411111f0 }, /* N/A */
9641 +@@ -1360,7 +1360,7 @@ static const struct snd_pci_quirk alc880_fixup_tbl[] = {
9642 + SND_PCI_QUIRK(0x161f, 0x203d, "W810", ALC880_FIXUP_W810),
9643 + SND_PCI_QUIRK(0x161f, 0x205d, "Medion Rim 2150", ALC880_FIXUP_MEDION_RIM),
9644 + SND_PCI_QUIRK(0x1631, 0xe011, "PB 13201056", ALC880_FIXUP_6ST_AUTOMUTE),
9645 +- SND_PCI_QUIRK(0x1734, 0x107c, "FSC F1734", ALC880_FIXUP_F1734),
9646 ++ SND_PCI_QUIRK(0x1734, 0x107c, "FSC Amilo M1437", ALC880_FIXUP_FUJITSU),
9647 + SND_PCI_QUIRK(0x1734, 0x1094, "FSC Amilo M1451G", ALC880_FIXUP_FUJITSU),
9648 + SND_PCI_QUIRK(0x1734, 0x10ac, "FSC AMILO Xi 1526", ALC880_FIXUP_F1734),
9649 + SND_PCI_QUIRK(0x1734, 0x10b0, "FSC Amilo Pi1556", ALC880_FIXUP_FUJITSU),
9650 +@@ -5050,6 +5050,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
9651 + SND_PCI_QUIRK(0x17aa, 0x2212, "Thinkpad T440", ALC292_FIXUP_TPT440_DOCK),
9652 + SND_PCI_QUIRK(0x17aa, 0x2214, "Thinkpad X240", ALC292_FIXUP_TPT440_DOCK),
9653 + SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
9654 ++ SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
9655 + SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
9656 + SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
9657 + SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP),
9658 +diff --git a/sound/soc/dwc/designware_i2s.c b/sound/soc/dwc/designware_i2s.c
9659 +index 10e1b8ca42ed..8086f3da5de8 100644
9660 +--- a/sound/soc/dwc/designware_i2s.c
9661 ++++ b/sound/soc/dwc/designware_i2s.c
9662 +@@ -100,10 +100,10 @@ static inline void i2s_clear_irqs(struct dw_i2s_dev *dev, u32 stream)
9663 +
9664 + if (stream == SNDRV_PCM_STREAM_PLAYBACK) {
9665 + for (i = 0; i < 4; i++)
9666 +- i2s_write_reg(dev->i2s_base, TOR(i), 0);
9667 ++ i2s_read_reg(dev->i2s_base, TOR(i));
9668 + } else {
9669 + for (i = 0; i < 4; i++)
9670 +- i2s_write_reg(dev->i2s_base, ROR(i), 0);
9671 ++ i2s_read_reg(dev->i2s_base, ROR(i));
9672 + }
9673 + }
9674 +
9675 +diff --git a/sound/soc/pxa/Kconfig b/sound/soc/pxa/Kconfig
9676 +index 2434b6d61675..e1f501b46c9d 100644
9677 +--- a/sound/soc/pxa/Kconfig
9678 ++++ b/sound/soc/pxa/Kconfig
9679 +@@ -1,7 +1,6 @@
9680 + config SND_PXA2XX_SOC
9681 + tristate "SoC Audio for the Intel PXA2xx chip"
9682 + depends on ARCH_PXA
9683 +- select SND_ARM
9684 + select SND_PXA2XX_LIB
9685 + help
9686 + Say Y or M if you want to add support for codecs attached to
9687 +@@ -25,7 +24,6 @@ config SND_PXA2XX_AC97
9688 + config SND_PXA2XX_SOC_AC97
9689 + tristate
9690 + select AC97_BUS
9691 +- select SND_ARM
9692 + select SND_PXA2XX_LIB_AC97
9693 + select SND_SOC_AC97_BUS
9694 +
9695 +diff --git a/sound/soc/pxa/pxa2xx-ac97.c b/sound/soc/pxa/pxa2xx-ac97.c
9696 +index ae956e3f4b9d..593e3202fc35 100644
9697 +--- a/sound/soc/pxa/pxa2xx-ac97.c
9698 ++++ b/sound/soc/pxa/pxa2xx-ac97.c
9699 +@@ -49,7 +49,7 @@ static struct snd_ac97_bus_ops pxa2xx_ac97_ops = {
9700 + .reset = pxa2xx_ac97_cold_reset,
9701 + };
9702 +
9703 +-static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 12;
9704 ++static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 11;
9705 + static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = {
9706 + .addr = __PREG(PCDR),
9707 + .addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES,
9708 +@@ -57,7 +57,7 @@ static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = {
9709 + .filter_data = &pxa2xx_ac97_pcm_stereo_in_req,
9710 + };
9711 +
9712 +-static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 11;
9713 ++static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 12;
9714 + static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_out = {
9715 + .addr = __PREG(PCDR),
9716 + .addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES,
9717 +diff --git a/sound/synth/emux/emux_oss.c b/sound/synth/emux/emux_oss.c
9718 +index daf61abc3670..646b66703bd8 100644
9719 +--- a/sound/synth/emux/emux_oss.c
9720 ++++ b/sound/synth/emux/emux_oss.c
9721 +@@ -69,7 +69,8 @@ snd_emux_init_seq_oss(struct snd_emux *emu)
9722 + struct snd_seq_oss_reg *arg;
9723 + struct snd_seq_device *dev;
9724 +
9725 +- if (snd_seq_device_new(emu->card, 0, SNDRV_SEQ_DEV_ID_OSS,
9726 ++ /* using device#1 here for avoiding conflicts with OPL3 */
9727 ++ if (snd_seq_device_new(emu->card, 1, SNDRV_SEQ_DEV_ID_OSS,
9728 + sizeof(struct snd_seq_oss_reg), &dev) < 0)
9729 + return;
9730 +
9731 +diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
9732 +index cf3a44bf1ec3..dfb8be78ff75 100644
9733 +--- a/tools/lib/traceevent/event-parse.c
9734 ++++ b/tools/lib/traceevent/event-parse.c
9735 +@@ -3658,7 +3658,7 @@ static void print_str_arg(struct trace_seq *s, void *data, int size,
9736 + struct format_field *field;
9737 + struct printk_map *printk;
9738 + unsigned long long val, fval;
9739 +- unsigned long addr;
9740 ++ unsigned long long addr;
9741 + char *str;
9742 + unsigned char *hex;
9743 + int print;
9744 +@@ -3691,13 +3691,30 @@ static void print_str_arg(struct trace_seq *s, void *data, int size,
9745 + */
9746 + if (!(field->flags & FIELD_IS_ARRAY) &&
9747 + field->size == pevent->long_size) {
9748 +- addr = *(unsigned long *)(data + field->offset);
9749 ++
9750 ++ /* Handle heterogeneous recording and processing
9751 ++ * architectures
9752 ++ *
9753 ++ * CASE I:
9754 ++ * Traces recorded on 32-bit devices (32-bit
9755 ++ * addressing) and processed on 64-bit devices:
9756 ++ * In this case, only 32 bits should be read.
9757 ++ *
9758 ++ * CASE II:
9759 ++ * Traces recorded on 64 bit devices and processed
9760 ++ * on 32-bit devices:
9761 ++ * In this case, 64 bits must be read.
9762 ++ */
9763 ++ addr = (pevent->long_size == 8) ?
9764 ++ *(unsigned long long *)(data + field->offset) :
9765 ++ (unsigned long long)*(unsigned int *)(data + field->offset);
9766 ++
9767 + /* Check if it matches a print format */
9768 + printk = find_printk(pevent, addr);
9769 + if (printk)
9770 + trace_seq_puts(s, printk->printk);
9771 + else
9772 +- trace_seq_printf(s, "%lx", addr);
9773 ++ trace_seq_printf(s, "%llx", addr);
9774 + break;
9775 + }
9776 + str = malloc(len + 1);
9777 +diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
9778 +index 055ce9232c9e..66c9fc730a14 100644
9779 +--- a/tools/perf/builtin-stat.c
9780 ++++ b/tools/perf/builtin-stat.c
9781 +@@ -1117,7 +1117,7 @@ static void abs_printout(int id, int nr, struct perf_evsel *evsel, double avg)
9782 + static void print_aggr(char *prefix)
9783 + {
9784 + struct perf_evsel *counter;
9785 +- int cpu, cpu2, s, s2, id, nr;
9786 ++ int cpu, s, s2, id, nr;
9787 + double uval;
9788 + u64 ena, run, val;
9789 +
9790 +@@ -1130,8 +1130,7 @@ static void print_aggr(char *prefix)
9791 + val = ena = run = 0;
9792 + nr = 0;
9793 + for (cpu = 0; cpu < perf_evsel__nr_cpus(counter); cpu++) {
9794 +- cpu2 = perf_evsel__cpus(counter)->map[cpu];
9795 +- s2 = aggr_get_id(evsel_list->cpus, cpu2);
9796 ++ s2 = aggr_get_id(perf_evsel__cpus(counter), cpu);
9797 + if (s2 != id)
9798 + continue;
9799 + val += counter->counts->cpu[cpu].val;
9800 +diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
9801 +index 26f5b2fe5dc8..74caa262ace5 100644
9802 +--- a/tools/perf/util/header.c
9803 ++++ b/tools/perf/util/header.c
9804 +@@ -1775,7 +1775,7 @@ static int process_nrcpus(struct perf_file_section *section __maybe_unused,
9805 + if (ph->needs_swap)
9806 + nr = bswap_32(nr);
9807 +
9808 +- ph->env.nr_cpus_online = nr;
9809 ++ ph->env.nr_cpus_avail = nr;
9810 +
9811 + ret = readn(fd, &nr, sizeof(nr));
9812 + if (ret != sizeof(nr))
9813 +@@ -1784,7 +1784,7 @@ static int process_nrcpus(struct perf_file_section *section __maybe_unused,
9814 + if (ph->needs_swap)
9815 + nr = bswap_32(nr);
9816 +
9817 +- ph->env.nr_cpus_avail = nr;
9818 ++ ph->env.nr_cpus_online = nr;
9819 + return 0;
9820 + }
9821 +
9822 +diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
9823 +index 6e88b9e395df..06868c61f8dd 100644
9824 +--- a/tools/perf/util/hist.c
9825 ++++ b/tools/perf/util/hist.c
9826 +@@ -150,6 +150,9 @@ void hists__calc_col_len(struct hists *hists, struct hist_entry *h)
9827 + hists__new_col_len(hists, HISTC_LOCAL_WEIGHT, 12);
9828 + hists__new_col_len(hists, HISTC_GLOBAL_WEIGHT, 12);
9829 +
9830 ++ if (h->srcline)
9831 ++ hists__new_col_len(hists, HISTC_SRCLINE, strlen(h->srcline));
9832 ++
9833 + if (h->transaction)
9834 + hists__new_col_len(hists, HISTC_TRANSACTION,
9835 + hist_entry__transaction_len());
9836 +diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
9837 +index fcaf06b40558..194300a08197 100644
9838 +--- a/tools/perf/util/symbol-elf.c
9839 ++++ b/tools/perf/util/symbol-elf.c
9840 +@@ -1166,8 +1166,6 @@ out_close:
9841 + static int kcore__init(struct kcore *kcore, char *filename, int elfclass,
9842 + bool temp)
9843 + {
9844 +- GElf_Ehdr *ehdr;
9845 +-
9846 + kcore->elfclass = elfclass;
9847 +
9848 + if (temp)
9849 +@@ -1184,9 +1182,7 @@ static int kcore__init(struct kcore *kcore, char *filename, int elfclass,
9850 + if (!gelf_newehdr(kcore->elf, elfclass))
9851 + goto out_end;
9852 +
9853 +- ehdr = gelf_getehdr(kcore->elf, &kcore->ehdr);
9854 +- if (!ehdr)
9855 +- goto out_end;
9856 ++ memset(&kcore->ehdr, 0, sizeof(GElf_Ehdr));
9857 +
9858 + return 0;
9859 +
9860 +@@ -1243,23 +1239,18 @@ static int kcore__copy_hdr(struct kcore *from, struct kcore *to, size_t count)
9861 + static int kcore__add_phdr(struct kcore *kcore, int idx, off_t offset,
9862 + u64 addr, u64 len)
9863 + {
9864 +- GElf_Phdr gphdr;
9865 +- GElf_Phdr *phdr;
9866 +-
9867 +- phdr = gelf_getphdr(kcore->elf, idx, &gphdr);
9868 +- if (!phdr)
9869 +- return -1;
9870 +-
9871 +- phdr->p_type = PT_LOAD;
9872 +- phdr->p_flags = PF_R | PF_W | PF_X;
9873 +- phdr->p_offset = offset;
9874 +- phdr->p_vaddr = addr;
9875 +- phdr->p_paddr = 0;
9876 +- phdr->p_filesz = len;
9877 +- phdr->p_memsz = len;
9878 +- phdr->p_align = page_size;
9879 +-
9880 +- if (!gelf_update_phdr(kcore->elf, idx, phdr))
9881 ++ GElf_Phdr phdr = {
9882 ++ .p_type = PT_LOAD,
9883 ++ .p_flags = PF_R | PF_W | PF_X,
9884 ++ .p_offset = offset,
9885 ++ .p_vaddr = addr,
9886 ++ .p_paddr = 0,
9887 ++ .p_filesz = len,
9888 ++ .p_memsz = len,
9889 ++ .p_align = page_size,
9890 ++ };
9891 ++
9892 ++ if (!gelf_update_phdr(kcore->elf, idx, &phdr))
9893 + return -1;
9894 +
9895 + return 0;
9896 +diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
9897 +index b0fb390943c6..5a310caf4bbe 100644
9898 +--- a/virt/kvm/eventfd.c
9899 ++++ b/virt/kvm/eventfd.c
9900 +@@ -775,40 +775,14 @@ static enum kvm_bus ioeventfd_bus_from_flags(__u32 flags)
9901 + return KVM_MMIO_BUS;
9902 + }
9903 +
9904 +-static int
9905 +-kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9906 ++static int kvm_assign_ioeventfd_idx(struct kvm *kvm,
9907 ++ enum kvm_bus bus_idx,
9908 ++ struct kvm_ioeventfd *args)
9909 + {
9910 +- enum kvm_bus bus_idx;
9911 +- struct _ioeventfd *p;
9912 +- struct eventfd_ctx *eventfd;
9913 +- int ret;
9914 +-
9915 +- bus_idx = ioeventfd_bus_from_flags(args->flags);
9916 +- /* must be natural-word sized, or 0 to ignore length */
9917 +- switch (args->len) {
9918 +- case 0:
9919 +- case 1:
9920 +- case 2:
9921 +- case 4:
9922 +- case 8:
9923 +- break;
9924 +- default:
9925 +- return -EINVAL;
9926 +- }
9927 +-
9928 +- /* check for range overflow */
9929 +- if (args->addr + args->len < args->addr)
9930 +- return -EINVAL;
9931 +
9932 +- /* check for extra flags that we don't understand */
9933 +- if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
9934 +- return -EINVAL;
9935 +-
9936 +- /* ioeventfd with no length can't be combined with DATAMATCH */
9937 +- if (!args->len &&
9938 +- args->flags & (KVM_IOEVENTFD_FLAG_PIO |
9939 +- KVM_IOEVENTFD_FLAG_DATAMATCH))
9940 +- return -EINVAL;
9941 ++ struct eventfd_ctx *eventfd;
9942 ++ struct _ioeventfd *p;
9943 ++ int ret;
9944 +
9945 + eventfd = eventfd_ctx_fdget(args->fd);
9946 + if (IS_ERR(eventfd))
9947 +@@ -847,16 +821,6 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9948 + if (ret < 0)
9949 + goto unlock_fail;
9950 +
9951 +- /* When length is ignored, MMIO is also put on a separate bus, for
9952 +- * faster lookups.
9953 +- */
9954 +- if (!args->len && !(args->flags & KVM_IOEVENTFD_FLAG_PIO)) {
9955 +- ret = kvm_io_bus_register_dev(kvm, KVM_FAST_MMIO_BUS,
9956 +- p->addr, 0, &p->dev);
9957 +- if (ret < 0)
9958 +- goto register_fail;
9959 +- }
9960 +-
9961 + kvm->buses[bus_idx]->ioeventfd_count++;
9962 + list_add_tail(&p->list, &kvm->ioeventfds);
9963 +
9964 +@@ -864,8 +828,6 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9965 +
9966 + return 0;
9967 +
9968 +-register_fail:
9969 +- kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
9970 + unlock_fail:
9971 + mutex_unlock(&kvm->slots_lock);
9972 +
9973 +@@ -877,14 +839,13 @@ fail:
9974 + }
9975 +
9976 + static int
9977 +-kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9978 ++kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx,
9979 ++ struct kvm_ioeventfd *args)
9980 + {
9981 +- enum kvm_bus bus_idx;
9982 + struct _ioeventfd *p, *tmp;
9983 + struct eventfd_ctx *eventfd;
9984 + int ret = -ENOENT;
9985 +
9986 +- bus_idx = ioeventfd_bus_from_flags(args->flags);
9987 + eventfd = eventfd_ctx_fdget(args->fd);
9988 + if (IS_ERR(eventfd))
9989 + return PTR_ERR(eventfd);
9990 +@@ -905,10 +866,6 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
9991 + continue;
9992 +
9993 + kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
9994 +- if (!p->length) {
9995 +- kvm_io_bus_unregister_dev(kvm, KVM_FAST_MMIO_BUS,
9996 +- &p->dev);
9997 +- }
9998 + kvm->buses[bus_idx]->ioeventfd_count--;
9999 + ioeventfd_release(p);
10000 + ret = 0;
10001 +@@ -922,6 +879,71 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
10002 + return ret;
10003 + }
10004 +
10005 ++static int kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
10006 ++{
10007 ++ enum kvm_bus bus_idx = ioeventfd_bus_from_flags(args->flags);
10008 ++ int ret = kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
10009 ++
10010 ++ if (!args->len && bus_idx == KVM_MMIO_BUS)
10011 ++ kvm_deassign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args);
10012 ++
10013 ++ return ret;
10014 ++}
10015 ++
10016 ++static int
10017 ++kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
10018 ++{
10019 ++ enum kvm_bus bus_idx;
10020 ++ int ret;
10021 ++
10022 ++ bus_idx = ioeventfd_bus_from_flags(args->flags);
10023 ++ /* must be natural-word sized, or 0 to ignore length */
10024 ++ switch (args->len) {
10025 ++ case 0:
10026 ++ case 1:
10027 ++ case 2:
10028 ++ case 4:
10029 ++ case 8:
10030 ++ break;
10031 ++ default:
10032 ++ return -EINVAL;
10033 ++ }
10034 ++
10035 ++ /* check for range overflow */
10036 ++ if (args->addr + args->len < args->addr)
10037 ++ return -EINVAL;
10038 ++
10039 ++ /* check for extra flags that we don't understand */
10040 ++ if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK)
10041 ++ return -EINVAL;
10042 ++
10043 ++ /* ioeventfd with no length can't be combined with DATAMATCH */
10044 ++ if (!args->len &&
10045 ++ args->flags & (KVM_IOEVENTFD_FLAG_PIO |
10046 ++ KVM_IOEVENTFD_FLAG_DATAMATCH))
10047 ++ return -EINVAL;
10048 ++
10049 ++ ret = kvm_assign_ioeventfd_idx(kvm, bus_idx, args);
10050 ++ if (ret)
10051 ++ goto fail;
10052 ++
10053 ++ /* When length is ignored, MMIO is also put on a separate bus, for
10054 ++ * faster lookups.
10055 ++ */
10056 ++ if (!args->len && bus_idx == KVM_MMIO_BUS) {
10057 ++ ret = kvm_assign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args);
10058 ++ if (ret < 0)
10059 ++ goto fast_fail;
10060 ++ }
10061 ++
10062 ++ return 0;
10063 ++
10064 ++fast_fail:
10065 ++ kvm_deassign_ioeventfd_idx(kvm, bus_idx, args);
10066 ++fail:
10067 ++ return ret;
10068 ++}
10069 ++
10070 + int
10071 + kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
10072 + {
10073 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
10074 +index 4e52bb926374..329c3c91bb68 100644
10075 +--- a/virt/kvm/kvm_main.c
10076 ++++ b/virt/kvm/kvm_main.c
10077 +@@ -2875,10 +2875,25 @@ static void kvm_io_bus_destroy(struct kvm_io_bus *bus)
10078 + static inline int kvm_io_bus_cmp(const struct kvm_io_range *r1,
10079 + const struct kvm_io_range *r2)
10080 + {
10081 +- if (r1->addr < r2->addr)
10082 ++ gpa_t addr1 = r1->addr;
10083 ++ gpa_t addr2 = r2->addr;
10084 ++
10085 ++ if (addr1 < addr2)
10086 + return -1;
10087 +- if (r1->addr + r1->len > r2->addr + r2->len)
10088 ++
10089 ++ /* If r2->len == 0, match the exact address. If r2->len != 0,
10090 ++ * accept any overlapping write. Any order is acceptable for
10091 ++ * overlapping ranges, because kvm_io_bus_get_first_dev ensures
10092 ++ * we process all of them.
10093 ++ */
10094 ++ if (r2->len) {
10095 ++ addr1 += r1->len;
10096 ++ addr2 += r2->len;
10097 ++ }
10098 ++
10099 ++ if (addr1 > addr2)
10100 + return 1;
10101 ++
10102 + return 0;
10103 + }
10104 +
Report Message
Find on MARC Find on Google Groups