Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Sun, 08 Apr 2018 14:26:35
Message-Id: 1523197581.220df3b30d95895bd6092700c754329cfc0f45f1.mpagano@gentoo
1 commit: 220df3b30d95895bd6092700c754329cfc0f45f1
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sun Apr 8 14:26:21 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sun Apr 8 14:26:21 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=220df3b3
7
8 Linux patch 4.9.93
9
10 0000_README | 4 +
11 1092_linux-4.9.93.patch | 3737 +++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 3741 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index 7083c5f..3036eb1 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -411,6 +411,10 @@ Patch: 1091_linux-4.9.92.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.9.92
21
22 +Patch: 1092_linux-4.9.93.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.9.93
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1092_linux-4.9.93.patch b/1092_linux-4.9.93.patch
31 new file mode 100644
32 index 0000000..4092fd9
33 --- /dev/null
34 +++ b/1092_linux-4.9.93.patch
35 @@ -0,0 +1,3737 @@
36 +diff --git a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
37 +index caf297bee1fb..c28d4eb83b76 100644
38 +--- a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
39 ++++ b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
40 +@@ -35,6 +35,15 @@ Optional properties:
41 + - ti,palmas-enable-dvfs2: Enable DVFS2. Configure pins for DVFS2 mode.
42 + Selection primary or secondary function associated to GPADC_START
43 + and SYSEN2 pin/pad for DVFS2 interface
44 ++- ti,palmas-override-powerhold: This is applicable for PMICs for which
45 ++ GPIO7 is configured in POWERHOLD mode which has higher priority
46 ++ over DEV_ON bit and keeps the PMIC supplies on even after the DEV_ON
47 ++ bit is turned off. This property enables driver to over ride the
48 ++ POWERHOLD value to GPIO7 so as to turn off the PMIC in power off
49 ++ scenarios. So for GPIO7 if ti,palmas-override-powerhold is set
50 ++ then the GPIO_7 field should never be muxed to anything else.
51 ++ It should be set to POWERHOLD by default and only in case of
52 ++ power off scenarios the driver will over ride the mux value.
53 +
54 + This binding uses the following generic properties as defined in
55 + pinctrl-bindings.txt:
56 +diff --git a/Makefile b/Makefile
57 +index 3ab3b8203bf6..f5cf4159fc20 100644
58 +--- a/Makefile
59 ++++ b/Makefile
60 +@@ -1,6 +1,6 @@
61 + VERSION = 4
62 + PATCHLEVEL = 9
63 +-SUBLEVEL = 92
64 ++SUBLEVEL = 93
65 + EXTRAVERSION =
66 + NAME = Roaring Lionus
67 +
68 +diff --git a/arch/arm/boot/dts/am335x-pepper.dts b/arch/arm/boot/dts/am335x-pepper.dts
69 +index 42b62f54e4b7..30e2f8770aaf 100644
70 +--- a/arch/arm/boot/dts/am335x-pepper.dts
71 ++++ b/arch/arm/boot/dts/am335x-pepper.dts
72 +@@ -139,7 +139,7 @@
73 + &audio_codec {
74 + status = "okay";
75 +
76 +- reset-gpios = <&gpio1 16 GPIO_ACTIVE_LOW>;
77 ++ gpio-reset = <&gpio1 16 GPIO_ACTIVE_LOW>;
78 + AVDD-supply = <&ldo3_reg>;
79 + IOVDD-supply = <&ldo3_reg>;
80 + DRVDD-supply = <&ldo3_reg>;
81 +diff --git a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
82 +index 6df7829a2c15..78bee26361f1 100644
83 +--- a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
84 ++++ b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
85 +@@ -204,6 +204,7 @@
86 + interrupt-controller;
87 +
88 + ti,system-power-controller;
89 ++ ti,palmas-override-powerhold;
90 +
91 + tps659038_pmic {
92 + compatible = "ti,tps659038-pmic";
93 +diff --git a/arch/arm/boot/dts/am57xx-idk-common.dtsi b/arch/arm/boot/dts/am57xx-idk-common.dtsi
94 +index db858fff4e18..1cc62727e43a 100644
95 +--- a/arch/arm/boot/dts/am57xx-idk-common.dtsi
96 ++++ b/arch/arm/boot/dts/am57xx-idk-common.dtsi
97 +@@ -57,6 +57,7 @@
98 + #interrupt-cells = <2>;
99 + interrupt-controller;
100 + ti,system-power-controller;
101 ++ ti,palmas-override-powerhold;
102 +
103 + tps659038_pmic {
104 + compatible = "ti,tps659038-pmic";
105 +diff --git a/arch/arm/boot/dts/dra7-evm.dts b/arch/arm/boot/dts/dra7-evm.dts
106 +index 132f2be10889..56311fd34f81 100644
107 +--- a/arch/arm/boot/dts/dra7-evm.dts
108 ++++ b/arch/arm/boot/dts/dra7-evm.dts
109 +@@ -398,6 +398,8 @@
110 + tps659038: tps659038@58 {
111 + compatible = "ti,tps659038";
112 + reg = <0x58>;
113 ++ ti,palmas-override-powerhold;
114 ++ ti,system-power-controller;
115 +
116 + tps659038_pmic {
117 + compatible = "ti,tps659038-pmic";
118 +diff --git a/arch/arm/boot/dts/omap3-n900.dts b/arch/arm/boot/dts/omap3-n900.dts
119 +index 6003b29c0fc0..4d448f145ed1 100644
120 +--- a/arch/arm/boot/dts/omap3-n900.dts
121 ++++ b/arch/arm/boot/dts/omap3-n900.dts
122 +@@ -510,7 +510,7 @@
123 + tlv320aic3x: tlv320aic3x@18 {
124 + compatible = "ti,tlv320aic3x";
125 + reg = <0x18>;
126 +- reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */
127 ++ gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */
128 + ai3x-gpio-func = <
129 + 0 /* AIC3X_GPIO1_FUNC_DISABLED */
130 + 5 /* AIC3X_GPIO2_FUNC_DIGITAL_MIC_INPUT */
131 +@@ -527,7 +527,7 @@
132 + tlv320aic3x_aux: tlv320aic3x@19 {
133 + compatible = "ti,tlv320aic3x";
134 + reg = <0x19>;
135 +- reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */
136 ++ gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */
137 +
138 + AVDD-supply = <&vmmc2>;
139 + DRVDD-supply = <&vmmc2>;
140 +diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c
141 +index da0b33deba6d..5629d7580973 100644
142 +--- a/arch/arm/vfp/vfpmodule.c
143 ++++ b/arch/arm/vfp/vfpmodule.c
144 +@@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp,
145 + */
146 + static int vfp_dying_cpu(unsigned int cpu)
147 + {
148 +- vfp_force_reload(cpu, current_thread_info());
149 ++ vfp_current_hw_state[cpu] = NULL;
150 + return 0;
151 + }
152 +
153 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
154 +index 7769c2e27788..c8471cf46cbb 100644
155 +--- a/arch/arm64/Kconfig
156 ++++ b/arch/arm64/Kconfig
157 +@@ -733,6 +733,18 @@ config FORCE_MAX_ZONEORDER
158 + However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
159 + 4M allocations matching the default size used by generic code.
160 +
161 ++config UNMAP_KERNEL_AT_EL0
162 ++ bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
163 ++ default y
164 ++ help
165 ++ Speculation attacks against some high-performance processors can
166 ++ be used to bypass MMU permission checks and leak kernel data to
167 ++ userspace. This can be defended against by unmapping the kernel
168 ++ when running in userspace, mapping it back in on exception entry
169 ++ via a trampoline page in the vector table.
170 ++
171 ++ If unsure, say Y.
172 ++
173 + menuconfig ARMV8_DEPRECATED
174 + bool "Emulate deprecated/obsolete ARMv8 instructions"
175 + depends on COMPAT
176 +diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
177 +index 851290d2bfe3..7193bf97b8da 100644
178 +--- a/arch/arm64/include/asm/assembler.h
179 ++++ b/arch/arm64/include/asm/assembler.h
180 +@@ -413,4 +413,7 @@ alternative_endif
181 + movk \reg, :abs_g0_nc:\val
182 + .endm
183 +
184 ++ .macro pte_to_phys, phys, pte
185 ++ and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT)
186 ++ .endm
187 + #endif /* __ASM_ASSEMBLER_H */
188 +diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
189 +index 87b446535185..7ddf233f05bd 100644
190 +--- a/arch/arm64/include/asm/cpucaps.h
191 ++++ b/arch/arm64/include/asm/cpucaps.h
192 +@@ -34,7 +34,8 @@
193 + #define ARM64_HAS_32BIT_EL0 13
194 + #define ARM64_HYP_OFFSET_LOW 14
195 + #define ARM64_MISMATCHED_CACHE_LINE_SIZE 15
196 ++#define ARM64_UNMAP_KERNEL_AT_EL0 16
197 +
198 +-#define ARM64_NCAPS 16
199 ++#define ARM64_NCAPS 17
200 +
201 + #endif /* __ASM_CPUCAPS_H */
202 +diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
203 +index 26a68ddb11c1..1d47930c30dc 100644
204 +--- a/arch/arm64/include/asm/cputype.h
205 ++++ b/arch/arm64/include/asm/cputype.h
206 +@@ -81,6 +81,7 @@
207 +
208 + #define CAVIUM_CPU_PART_THUNDERX 0x0A1
209 + #define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2
210 ++#define CAVIUM_CPU_PART_THUNDERX2 0x0AF
211 +
212 + #define BRCM_CPU_PART_VULCAN 0x516
213 +
214 +@@ -88,6 +89,8 @@
215 + #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57)
216 + #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
217 + #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
218 ++#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2)
219 ++#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN)
220 +
221 + #ifndef __ASSEMBLY__
222 +
223 +diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
224 +index caf86be815ba..d8e58051f32d 100644
225 +--- a/arch/arm64/include/asm/fixmap.h
226 ++++ b/arch/arm64/include/asm/fixmap.h
227 +@@ -51,6 +51,12 @@ enum fixed_addresses {
228 +
229 + FIX_EARLYCON_MEM_BASE,
230 + FIX_TEXT_POKE0,
231 ++
232 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
233 ++ FIX_ENTRY_TRAMP_DATA,
234 ++ FIX_ENTRY_TRAMP_TEXT,
235 ++#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
236 ++#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
237 + __end_of_permanent_fixed_addresses,
238 +
239 + /*
240 +diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
241 +index 53211a0acf0f..5e3faba689e0 100644
242 +--- a/arch/arm64/include/asm/memory.h
243 ++++ b/arch/arm64/include/asm/memory.h
244 +@@ -64,8 +64,10 @@
245 + * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area.
246 + */
247 + #define VA_BITS (CONFIG_ARM64_VA_BITS)
248 +-#define VA_START (UL(0xffffffffffffffff) << VA_BITS)
249 +-#define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1))
250 ++#define VA_START (UL(0xffffffffffffffff) - \
251 ++ (UL(1) << VA_BITS) + 1)
252 ++#define PAGE_OFFSET (UL(0xffffffffffffffff) - \
253 ++ (UL(1) << (VA_BITS - 1)) + 1)
254 + #define KIMAGE_VADDR (MODULES_END)
255 + #define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
256 + #define MODULES_VADDR (VA_START + KASAN_SHADOW_SIZE)
257 +diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
258 +index 8d9fce037b2f..a813edf28737 100644
259 +--- a/arch/arm64/include/asm/mmu.h
260 ++++ b/arch/arm64/include/asm/mmu.h
261 +@@ -16,6 +16,10 @@
262 + #ifndef __ASM_MMU_H
263 + #define __ASM_MMU_H
264 +
265 ++#define USER_ASID_FLAG (UL(1) << 48)
266 ++
267 ++#ifndef __ASSEMBLY__
268 ++
269 + typedef struct {
270 + atomic64_t id;
271 + void *vdso;
272 +@@ -28,6 +32,12 @@ typedef struct {
273 + */
274 + #define ASID(mm) ((mm)->context.id.counter & 0xffff)
275 +
276 ++static inline bool arm64_kernel_unmapped_at_el0(void)
277 ++{
278 ++ return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) &&
279 ++ cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0);
280 ++}
281 ++
282 + extern void paging_init(void);
283 + extern void bootmem_init(void);
284 + extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt);
285 +@@ -37,4 +47,5 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
286 + pgprot_t prot, bool allow_block_mappings);
287 + extern void *fixmap_remap_fdt(phys_addr_t dt_phys);
288 +
289 ++#endif /* !__ASSEMBLY__ */
290 + #endif
291 +diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h
292 +index a50185375f09..b96c4799f881 100644
293 +--- a/arch/arm64/include/asm/mmu_context.h
294 ++++ b/arch/arm64/include/asm/mmu_context.h
295 +@@ -50,6 +50,13 @@ static inline void cpu_set_reserved_ttbr0(void)
296 + isb();
297 + }
298 +
299 ++static inline void cpu_switch_mm(pgd_t *pgd, struct mm_struct *mm)
300 ++{
301 ++ BUG_ON(pgd == swapper_pg_dir);
302 ++ cpu_set_reserved_ttbr0();
303 ++ cpu_do_switch_mm(virt_to_phys(pgd),mm);
304 ++}
305 ++
306 + /*
307 + * TCR.T0SZ value to use when the ID map is active. Usually equals
308 + * TCR_T0SZ(VA_BITS), unless system RAM is positioned very high in
309 +diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
310 +index eb0c2bd90de9..8df4cb6ac6f7 100644
311 +--- a/arch/arm64/include/asm/pgtable-hwdef.h
312 ++++ b/arch/arm64/include/asm/pgtable-hwdef.h
313 +@@ -272,6 +272,7 @@
314 + #define TCR_TG1_4K (UL(2) << TCR_TG1_SHIFT)
315 + #define TCR_TG1_64K (UL(3) << TCR_TG1_SHIFT)
316 +
317 ++#define TCR_A1 (UL(1) << 22)
318 + #define TCR_ASID16 (UL(1) << 36)
319 + #define TCR_TBI0 (UL(1) << 37)
320 + #define TCR_HA (UL(1) << 39)
321 +diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
322 +index 2142c7726e76..f705d96a76f2 100644
323 +--- a/arch/arm64/include/asm/pgtable-prot.h
324 ++++ b/arch/arm64/include/asm/pgtable-prot.h
325 +@@ -34,8 +34,14 @@
326 +
327 + #include <asm/pgtable-types.h>
328 +
329 +-#define PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
330 +-#define PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
331 ++#define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
332 ++#define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
333 ++
334 ++#define PTE_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PTE_NG : 0)
335 ++#define PMD_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PMD_SECT_NG : 0)
336 ++
337 ++#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG)
338 ++#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG)
339 +
340 + #define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE))
341 + #define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE))
342 +@@ -47,23 +53,24 @@
343 + #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
344 + #define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
345 +
346 +-#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
347 ++#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
348 ++#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT
349 +
350 +-#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE)
351 +-#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
352 +-#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
353 +-#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE)
354 +-#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT)
355 ++#define PAGE_KERNEL __pgprot(PROT_NORMAL)
356 ++#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY)
357 ++#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY)
358 ++#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN)
359 ++#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT)
360 +
361 +-#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
362 +-#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
363 +-#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
364 ++#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
365 ++#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
366 ++#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
367 + #define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP)
368 +
369 +-#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
370 +-#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
371 ++#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
372 ++#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
373 +
374 +-#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_PXN | PTE_UXN)
375 ++#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_NG | PTE_PXN | PTE_UXN)
376 + #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
377 + #define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE)
378 + #define PAGE_COPY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN)
379 +diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
380 +index 7acd3c5c7643..3a30a3994e4a 100644
381 +--- a/arch/arm64/include/asm/pgtable.h
382 ++++ b/arch/arm64/include/asm/pgtable.h
383 +@@ -692,6 +692,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
384 +
385 + extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
386 + extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
387 ++extern pgd_t tramp_pg_dir[PTRS_PER_PGD];
388 +
389 + /*
390 + * Encode and decode a swap entry:
391 +diff --git a/arch/arm64/include/asm/proc-fns.h b/arch/arm64/include/asm/proc-fns.h
392 +index 14ad6e4e87d1..16cef2e8449e 100644
393 +--- a/arch/arm64/include/asm/proc-fns.h
394 ++++ b/arch/arm64/include/asm/proc-fns.h
395 +@@ -35,12 +35,6 @@ extern u64 cpu_do_resume(phys_addr_t ptr, u64 idmap_ttbr);
396 +
397 + #include <asm/memory.h>
398 +
399 +-#define cpu_switch_mm(pgd,mm) \
400 +-do { \
401 +- BUG_ON(pgd == swapper_pg_dir); \
402 +- cpu_do_switch_mm(virt_to_phys(pgd),mm); \
403 +-} while (0)
404 +-
405 + #endif /* __ASSEMBLY__ */
406 + #endif /* __KERNEL__ */
407 + #endif /* __ASM_PROCFNS_H */
408 +diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
409 +index 7393cc767edb..7cb7f7cdcfbc 100644
410 +--- a/arch/arm64/include/asm/sysreg.h
411 ++++ b/arch/arm64/include/asm/sysreg.h
412 +@@ -117,6 +117,7 @@
413 + #define ID_AA64ISAR0_AES_SHIFT 4
414 +
415 + /* id_aa64pfr0 */
416 ++#define ID_AA64PFR0_CSV3_SHIFT 60
417 + #define ID_AA64PFR0_GIC_SHIFT 24
418 + #define ID_AA64PFR0_ASIMD_SHIFT 20
419 + #define ID_AA64PFR0_FP_SHIFT 16
420 +diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
421 +index deab52374119..ad6bd8b26ada 100644
422 +--- a/arch/arm64/include/asm/tlbflush.h
423 ++++ b/arch/arm64/include/asm/tlbflush.h
424 +@@ -23,6 +23,7 @@
425 +
426 + #include <linux/sched.h>
427 + #include <asm/cputype.h>
428 ++#include <asm/mmu.h>
429 +
430 + /*
431 + * Raw TLBI operations.
432 +@@ -42,6 +43,11 @@
433 +
434 + #define __tlbi(op, ...) __TLBI_N(op, ##__VA_ARGS__, 1, 0)
435 +
436 ++#define __tlbi_user(op, arg) do { \
437 ++ if (arm64_kernel_unmapped_at_el0()) \
438 ++ __tlbi(op, (arg) | USER_ASID_FLAG); \
439 ++} while (0)
440 ++
441 + /*
442 + * TLB Management
443 + * ==============
444 +@@ -103,6 +109,7 @@ static inline void flush_tlb_mm(struct mm_struct *mm)
445 +
446 + dsb(ishst);
447 + __tlbi(aside1is, asid);
448 ++ __tlbi_user(aside1is, asid);
449 + dsb(ish);
450 + }
451 +
452 +@@ -113,6 +120,7 @@ static inline void flush_tlb_page(struct vm_area_struct *vma,
453 +
454 + dsb(ishst);
455 + __tlbi(vale1is, addr);
456 ++ __tlbi_user(vale1is, addr);
457 + dsb(ish);
458 + }
459 +
460 +@@ -139,10 +147,13 @@ static inline void __flush_tlb_range(struct vm_area_struct *vma,
461 +
462 + dsb(ishst);
463 + for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) {
464 +- if (last_level)
465 ++ if (last_level) {
466 + __tlbi(vale1is, addr);
467 +- else
468 ++ __tlbi_user(vale1is, addr);
469 ++ } else {
470 + __tlbi(vae1is, addr);
471 ++ __tlbi_user(vae1is, addr);
472 ++ }
473 + }
474 + dsb(ish);
475 + }
476 +@@ -182,6 +193,7 @@ static inline void __flush_tlb_pgtable(struct mm_struct *mm,
477 + unsigned long addr = uaddr >> 12 | (ASID(mm) << 48);
478 +
479 + __tlbi(vae1is, addr);
480 ++ __tlbi_user(vae1is, addr);
481 + dsb(ish);
482 + }
483 +
484 +diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
485 +index c58ddf8c4062..5f4bf3c6f016 100644
486 +--- a/arch/arm64/kernel/asm-offsets.c
487 ++++ b/arch/arm64/kernel/asm-offsets.c
488 +@@ -24,6 +24,7 @@
489 + #include <linux/kvm_host.h>
490 + #include <linux/suspend.h>
491 + #include <asm/cpufeature.h>
492 ++#include <asm/fixmap.h>
493 + #include <asm/thread_info.h>
494 + #include <asm/memory.h>
495 + #include <asm/smp_plat.h>
496 +@@ -144,11 +145,14 @@ int main(void)
497 + DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
498 + DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
499 + DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
500 +-
501 + BLANK();
502 + DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address));
503 + DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address));
504 + DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next));
505 + DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val));
506 ++ BLANK();
507 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
508 ++ DEFINE(TRAMP_VALIAS, TRAMP_VALIAS);
509 ++#endif
510 + return 0;
511 + }
512 +diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S
513 +index 65f42d257414..f736a6f81ecd 100644
514 +--- a/arch/arm64/kernel/cpu-reset.S
515 ++++ b/arch/arm64/kernel/cpu-reset.S
516 +@@ -16,7 +16,7 @@
517 + #include <asm/virt.h>
518 +
519 + .text
520 +-.pushsection .idmap.text, "ax"
521 ++.pushsection .idmap.text, "awx"
522 +
523 + /*
524 + * __cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) - Helper for
525 +diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
526 +index 3a129d48674e..5056fc597ae9 100644
527 +--- a/arch/arm64/kernel/cpufeature.c
528 ++++ b/arch/arm64/kernel/cpufeature.c
529 +@@ -93,7 +93,8 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
530 + };
531 +
532 + static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
533 +- ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 32, 0),
534 ++ ARM64_FTR_BITS(FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0),
535 ++ ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 28, 0),
536 + ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 28, 4, 0),
537 + ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0),
538 + S_ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI),
539 +@@ -746,6 +747,86 @@ static bool hyp_offset_low(const struct arm64_cpu_capabilities *entry,
540 + return idmap_addr > GENMASK(VA_BITS - 2, 0) && !is_kernel_in_hyp_mode();
541 + }
542 +
543 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
544 ++static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
545 ++
546 ++static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
547 ++ int __unused)
548 ++{
549 ++ char const *str = "command line option";
550 ++ u64 pfr0 = read_system_reg(SYS_ID_AA64PFR0_EL1);
551 ++
552 ++ /*
553 ++ * For reasons that aren't entirely clear, enabling KPTI on Cavium
554 ++ * ThunderX leads to apparent I-cache corruption of kernel text, which
555 ++ * ends as well as you might imagine. Don't even try.
556 ++ */
557 ++ if (cpus_have_cap(ARM64_WORKAROUND_CAVIUM_27456)) {
558 ++ str = "ARM64_WORKAROUND_CAVIUM_27456";
559 ++ __kpti_forced = -1;
560 ++ }
561 ++
562 ++ /* Forced? */
563 ++ if (__kpti_forced) {
564 ++ pr_info_once("kernel page table isolation forced %s by %s\n",
565 ++ __kpti_forced > 0 ? "ON" : "OFF", str);
566 ++ return __kpti_forced > 0;
567 ++ }
568 ++
569 ++ /* Useful for KASLR robustness */
570 ++ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
571 ++ return true;
572 ++
573 ++ /* Don't force KPTI for CPUs that are not vulnerable */
574 ++ switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
575 ++ case MIDR_CAVIUM_THUNDERX2:
576 ++ case MIDR_BRCM_VULCAN:
577 ++ return false;
578 ++ }
579 ++
580 ++ /* Defer to CPU feature registers */
581 ++ return !cpuid_feature_extract_unsigned_field(pfr0,
582 ++ ID_AA64PFR0_CSV3_SHIFT);
583 ++}
584 ++
585 ++static int kpti_install_ng_mappings(void *__unused)
586 ++{
587 ++ typedef void (kpti_remap_fn)(int, int, phys_addr_t);
588 ++ extern kpti_remap_fn idmap_kpti_install_ng_mappings;
589 ++ kpti_remap_fn *remap_fn;
590 ++
591 ++ static bool kpti_applied = false;
592 ++ int cpu = smp_processor_id();
593 ++
594 ++ if (kpti_applied)
595 ++ return 0;
596 ++
597 ++ remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
598 ++
599 ++ cpu_install_idmap();
600 ++ remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir));
601 ++ cpu_uninstall_idmap();
602 ++
603 ++ if (!cpu)
604 ++ kpti_applied = true;
605 ++
606 ++ return 0;
607 ++}
608 ++
609 ++static int __init parse_kpti(char *str)
610 ++{
611 ++ bool enabled;
612 ++ int ret = strtobool(str, &enabled);
613 ++
614 ++ if (ret)
615 ++ return ret;
616 ++
617 ++ __kpti_forced = enabled ? 1 : -1;
618 ++ return 0;
619 ++}
620 ++__setup("kpti=", parse_kpti);
621 ++#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
622 ++
623 + static const struct arm64_cpu_capabilities arm64_features[] = {
624 + {
625 + .desc = "GIC system register CPU interface",
626 +@@ -829,6 +910,15 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
627 + .def_scope = SCOPE_SYSTEM,
628 + .matches = hyp_offset_low,
629 + },
630 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
631 ++ {
632 ++ .desc = "Kernel page table isolation (KPTI)",
633 ++ .capability = ARM64_UNMAP_KERNEL_AT_EL0,
634 ++ .def_scope = SCOPE_SYSTEM,
635 ++ .matches = unmap_kernel_at_el0,
636 ++ .enable = kpti_install_ng_mappings,
637 ++ },
638 ++#endif
639 + {},
640 + };
641 +
642 +@@ -922,6 +1012,26 @@ static void __init setup_elf_hwcaps(const struct arm64_cpu_capabilities *hwcaps)
643 + cap_set_elf_hwcap(hwcaps);
644 + }
645 +
646 ++/*
647 ++ * Check if the current CPU has a given feature capability.
648 ++ * Should be called from non-preemptible context.
649 ++ */
650 ++static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array,
651 ++ unsigned int cap)
652 ++{
653 ++ const struct arm64_cpu_capabilities *caps;
654 ++
655 ++ if (WARN_ON(preemptible()))
656 ++ return false;
657 ++
658 ++ for (caps = cap_array; caps->desc; caps++)
659 ++ if (caps->capability == cap &&
660 ++ caps->matches &&
661 ++ caps->matches(caps, SCOPE_LOCAL_CPU))
662 ++ return true;
663 ++ return false;
664 ++}
665 ++
666 + void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
667 + const char *info)
668 + {
669 +@@ -990,8 +1100,9 @@ verify_local_elf_hwcaps(const struct arm64_cpu_capabilities *caps)
670 + }
671 +
672 + static void
673 +-verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
674 ++verify_local_cpu_features(const struct arm64_cpu_capabilities *caps_list)
675 + {
676 ++ const struct arm64_cpu_capabilities *caps = caps_list;
677 + for (; caps->matches; caps++) {
678 + if (!cpus_have_cap(caps->capability))
679 + continue;
680 +@@ -999,7 +1110,7 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
681 + * If the new CPU misses an advertised feature, we cannot proceed
682 + * further, park the cpu.
683 + */
684 +- if (!caps->matches(caps, SCOPE_LOCAL_CPU)) {
685 ++ if (!__this_cpu_has_cap(caps_list, caps->capability)) {
686 + pr_crit("CPU%d: missing feature: %s\n",
687 + smp_processor_id(), caps->desc);
688 + cpu_die_early();
689 +@@ -1052,22 +1163,12 @@ static void __init setup_feature_capabilities(void)
690 + enable_cpu_capabilities(arm64_features);
691 + }
692 +
693 +-/*
694 +- * Check if the current CPU has a given feature capability.
695 +- * Should be called from non-preemptible context.
696 +- */
697 ++extern const struct arm64_cpu_capabilities arm64_errata[];
698 ++
699 + bool this_cpu_has_cap(unsigned int cap)
700 + {
701 +- const struct arm64_cpu_capabilities *caps;
702 +-
703 +- if (WARN_ON(preemptible()))
704 +- return false;
705 +-
706 +- for (caps = arm64_features; caps->desc; caps++)
707 +- if (caps->capability == cap && caps->matches)
708 +- return caps->matches(caps, SCOPE_LOCAL_CPU);
709 +-
710 +- return false;
711 ++ return (__this_cpu_has_cap(arm64_features, cap) ||
712 ++ __this_cpu_has_cap(arm64_errata, cap));
713 + }
714 +
715 + void __init setup_cpu_features(void)
716 +diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
717 +index b4c7db434654..8d1600b18562 100644
718 +--- a/arch/arm64/kernel/entry.S
719 ++++ b/arch/arm64/kernel/entry.S
720 +@@ -29,9 +29,11 @@
721 + #include <asm/esr.h>
722 + #include <asm/irq.h>
723 + #include <asm/memory.h>
724 ++#include <asm/mmu.h>
725 + #include <asm/thread_info.h>
726 + #include <asm/asm-uaccess.h>
727 + #include <asm/unistd.h>
728 ++#include <asm/kernel-pgtable.h>
729 +
730 + /*
731 + * Context tracking subsystem. Used to instrument transitions
732 +@@ -68,8 +70,31 @@
733 + #define BAD_FIQ 2
734 + #define BAD_ERROR 3
735 +
736 +- .macro kernel_entry, el, regsize = 64
737 ++ .macro kernel_ventry, el, label, regsize = 64
738 ++ .align 7
739 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
740 ++alternative_if ARM64_UNMAP_KERNEL_AT_EL0
741 ++ .if \el == 0
742 ++ .if \regsize == 64
743 ++ mrs x30, tpidrro_el0
744 ++ msr tpidrro_el0, xzr
745 ++ .else
746 ++ mov x30, xzr
747 ++ .endif
748 ++ .endif
749 ++alternative_else_nop_endif
750 ++#endif
751 ++
752 + sub sp, sp, #S_FRAME_SIZE
753 ++ b el\()\el\()_\label
754 ++ .endm
755 ++
756 ++ .macro tramp_alias, dst, sym
757 ++ mov_q \dst, TRAMP_VALIAS
758 ++ add \dst, \dst, #(\sym - .entry.tramp.text)
759 ++ .endm
760 ++
761 ++ .macro kernel_entry, el, regsize = 64
762 + .if \regsize == 32
763 + mov w0, w0 // zero upper 32 bits of x0
764 + .endif
765 +@@ -150,18 +175,20 @@
766 + ct_user_enter
767 + ldr x23, [sp, #S_SP] // load return stack pointer
768 + msr sp_el0, x23
769 ++ tst x22, #PSR_MODE32_BIT // native task?
770 ++ b.eq 3f
771 ++
772 + #ifdef CONFIG_ARM64_ERRATUM_845719
773 + alternative_if ARM64_WORKAROUND_845719
774 +- tbz x22, #4, 1f
775 + #ifdef CONFIG_PID_IN_CONTEXTIDR
776 + mrs x29, contextidr_el1
777 + msr contextidr_el1, x29
778 + #else
779 + msr contextidr_el1, xzr
780 + #endif
781 +-1:
782 + alternative_else_nop_endif
783 + #endif
784 ++3:
785 + .endif
786 + msr elr_el1, x21 // set up the return data
787 + msr spsr_el1, x22
788 +@@ -182,7 +209,21 @@ alternative_else_nop_endif
789 + ldp x28, x29, [sp, #16 * 14]
790 + ldr lr, [sp, #S_LR]
791 + add sp, sp, #S_FRAME_SIZE // restore sp
792 +- eret // return to kernel
793 ++
794 ++ .if \el == 0
795 ++alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
796 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
797 ++ bne 4f
798 ++ msr far_el1, x30
799 ++ tramp_alias x30, tramp_exit_native
800 ++ br x30
801 ++4:
802 ++ tramp_alias x30, tramp_exit_compat
803 ++ br x30
804 ++#endif
805 ++ .else
806 ++ eret
807 ++ .endif
808 + .endm
809 +
810 + .macro get_thread_info, rd
811 +@@ -257,31 +298,31 @@ tsk .req x28 // current thread_info
812 +
813 + .align 11
814 + ENTRY(vectors)
815 +- ventry el1_sync_invalid // Synchronous EL1t
816 +- ventry el1_irq_invalid // IRQ EL1t
817 +- ventry el1_fiq_invalid // FIQ EL1t
818 +- ventry el1_error_invalid // Error EL1t
819 ++ kernel_ventry 1, sync_invalid // Synchronous EL1t
820 ++ kernel_ventry 1, irq_invalid // IRQ EL1t
821 ++ kernel_ventry 1, fiq_invalid // FIQ EL1t
822 ++ kernel_ventry 1, error_invalid // Error EL1t
823 +
824 +- ventry el1_sync // Synchronous EL1h
825 +- ventry el1_irq // IRQ EL1h
826 +- ventry el1_fiq_invalid // FIQ EL1h
827 +- ventry el1_error_invalid // Error EL1h
828 ++ kernel_ventry 1, sync // Synchronous EL1h
829 ++ kernel_ventry 1, irq // IRQ EL1h
830 ++ kernel_ventry 1, fiq_invalid // FIQ EL1h
831 ++ kernel_ventry 1, error_invalid // Error EL1h
832 +
833 +- ventry el0_sync // Synchronous 64-bit EL0
834 +- ventry el0_irq // IRQ 64-bit EL0
835 +- ventry el0_fiq_invalid // FIQ 64-bit EL0
836 +- ventry el0_error_invalid // Error 64-bit EL0
837 ++ kernel_ventry 0, sync // Synchronous 64-bit EL0
838 ++ kernel_ventry 0, irq // IRQ 64-bit EL0
839 ++ kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0
840 ++ kernel_ventry 0, error_invalid // Error 64-bit EL0
841 +
842 + #ifdef CONFIG_COMPAT
843 +- ventry el0_sync_compat // Synchronous 32-bit EL0
844 +- ventry el0_irq_compat // IRQ 32-bit EL0
845 +- ventry el0_fiq_invalid_compat // FIQ 32-bit EL0
846 +- ventry el0_error_invalid_compat // Error 32-bit EL0
847 ++ kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0
848 ++ kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0
849 ++ kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0
850 ++ kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0
851 + #else
852 +- ventry el0_sync_invalid // Synchronous 32-bit EL0
853 +- ventry el0_irq_invalid // IRQ 32-bit EL0
854 +- ventry el0_fiq_invalid // FIQ 32-bit EL0
855 +- ventry el0_error_invalid // Error 32-bit EL0
856 ++ kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0
857 ++ kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0
858 ++ kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0
859 ++ kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0
860 + #endif
861 + END(vectors)
862 +
863 +@@ -801,6 +842,105 @@ __ni_sys_trace:
864 +
865 + .popsection // .entry.text
866 +
867 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
868 ++/*
869 ++ * Exception vectors trampoline.
870 ++ */
871 ++ .pushsection ".entry.tramp.text", "ax"
872 ++
873 ++ .macro tramp_map_kernel, tmp
874 ++ mrs \tmp, ttbr1_el1
875 ++ sub \tmp, \tmp, #SWAPPER_DIR_SIZE
876 ++ bic \tmp, \tmp, #USER_ASID_FLAG
877 ++ msr ttbr1_el1, \tmp
878 ++ .endm
879 ++
880 ++ .macro tramp_unmap_kernel, tmp
881 ++ mrs \tmp, ttbr1_el1
882 ++ add \tmp, \tmp, #SWAPPER_DIR_SIZE
883 ++ orr \tmp, \tmp, #USER_ASID_FLAG
884 ++ msr ttbr1_el1, \tmp
885 ++ /*
886 ++ * We avoid running the post_ttbr_update_workaround here because
887 ++ * it's only needed by Cavium ThunderX, which requires KPTI to be
888 ++ * disabled.
889 ++ */
890 ++ .endm
891 ++
892 ++ .macro tramp_ventry, regsize = 64
893 ++ .align 7
894 ++1:
895 ++ .if \regsize == 64
896 ++ msr tpidrro_el0, x30 // Restored in kernel_ventry
897 ++ .endif
898 ++ /*
899 ++ * Defend against branch aliasing attacks by pushing a dummy
900 ++ * entry onto the return stack and using a RET instruction to
901 ++ * enter the full-fat kernel vectors.
902 ++ */
903 ++ bl 2f
904 ++ b .
905 ++2:
906 ++ tramp_map_kernel x30
907 ++#ifdef CONFIG_RANDOMIZE_BASE
908 ++ adr x30, tramp_vectors + PAGE_SIZE
909 ++ isb
910 ++ ldr x30, [x30]
911 ++#else
912 ++ ldr x30, =vectors
913 ++#endif
914 ++ prfm plil1strm, [x30, #(1b - tramp_vectors)]
915 ++ msr vbar_el1, x30
916 ++ add x30, x30, #(1b - tramp_vectors)
917 ++ isb
918 ++ ret
919 ++ .endm
920 ++
921 ++ .macro tramp_exit, regsize = 64
922 ++ adr x30, tramp_vectors
923 ++ msr vbar_el1, x30
924 ++ tramp_unmap_kernel x30
925 ++ .if \regsize == 64
926 ++ mrs x30, far_el1
927 ++ .endif
928 ++ eret
929 ++ .endm
930 ++
931 ++ .align 11
932 ++ENTRY(tramp_vectors)
933 ++ .space 0x400
934 ++
935 ++ tramp_ventry
936 ++ tramp_ventry
937 ++ tramp_ventry
938 ++ tramp_ventry
939 ++
940 ++ tramp_ventry 32
941 ++ tramp_ventry 32
942 ++ tramp_ventry 32
943 ++ tramp_ventry 32
944 ++END(tramp_vectors)
945 ++
946 ++ENTRY(tramp_exit_native)
947 ++ tramp_exit
948 ++END(tramp_exit_native)
949 ++
950 ++ENTRY(tramp_exit_compat)
951 ++ tramp_exit 32
952 ++END(tramp_exit_compat)
953 ++
954 ++ .ltorg
955 ++ .popsection // .entry.tramp.text
956 ++#ifdef CONFIG_RANDOMIZE_BASE
957 ++ .pushsection ".rodata", "a"
958 ++ .align PAGE_SHIFT
959 ++ .globl __entry_tramp_data_start
960 ++__entry_tramp_data_start:
961 ++ .quad vectors
962 ++ .popsection // .rodata
963 ++#endif /* CONFIG_RANDOMIZE_BASE */
964 ++#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
965 ++
966 + /*
967 + * Special system call wrappers.
968 + */
969 +diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
970 +index 539bebc1222f..fa52817d84c5 100644
971 +--- a/arch/arm64/kernel/head.S
972 ++++ b/arch/arm64/kernel/head.S
973 +@@ -473,7 +473,7 @@ ENDPROC(__primary_switched)
974 + * end early head section, begin head code that is also used for
975 + * hotplug and needs to have the same protections as the text region
976 + */
977 +- .section ".idmap.text","ax"
978 ++ .section ".idmap.text","awx"
979 +
980 + ENTRY(kimage_vaddr)
981 + .quad _text - TEXT_OFFSET
982 +diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
983 +index 0e7394915c70..0972ce58316d 100644
984 +--- a/arch/arm64/kernel/process.c
985 ++++ b/arch/arm64/kernel/process.c
986 +@@ -306,17 +306,17 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start,
987 +
988 + static void tls_thread_switch(struct task_struct *next)
989 + {
990 +- unsigned long tpidr, tpidrro;
991 ++ unsigned long tpidr;
992 +
993 + tpidr = read_sysreg(tpidr_el0);
994 + *task_user_tls(current) = tpidr;
995 +
996 +- tpidr = *task_user_tls(next);
997 +- tpidrro = is_compat_thread(task_thread_info(next)) ?
998 +- next->thread.tp_value : 0;
999 ++ if (is_compat_thread(task_thread_info(next)))
1000 ++ write_sysreg(next->thread.tp_value, tpidrro_el0);
1001 ++ else if (!arm64_kernel_unmapped_at_el0())
1002 ++ write_sysreg(0, tpidrro_el0);
1003 +
1004 +- write_sysreg(tpidr, tpidr_el0);
1005 +- write_sysreg(tpidrro, tpidrro_el0);
1006 ++ write_sysreg(*task_user_tls(next), tpidr_el0);
1007 + }
1008 +
1009 + /* Restore the UAO state depending on next's addr_limit */
1010 +diff --git a/arch/arm64/kernel/sleep.S b/arch/arm64/kernel/sleep.S
1011 +index 1bec41b5fda3..0030d6964e65 100644
1012 +--- a/arch/arm64/kernel/sleep.S
1013 ++++ b/arch/arm64/kernel/sleep.S
1014 +@@ -95,7 +95,7 @@ ENTRY(__cpu_suspend_enter)
1015 + ret
1016 + ENDPROC(__cpu_suspend_enter)
1017 +
1018 +- .pushsection ".idmap.text", "ax"
1019 ++ .pushsection ".idmap.text", "awx"
1020 + ENTRY(cpu_resume)
1021 + bl el2_setup // if in EL2 drop to EL1 cleanly
1022 + bl __cpu_setup
1023 +diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
1024 +index 1105aab1e6d6..6a584558b29d 100644
1025 +--- a/arch/arm64/kernel/vmlinux.lds.S
1026 ++++ b/arch/arm64/kernel/vmlinux.lds.S
1027 +@@ -56,6 +56,17 @@ jiffies = jiffies_64;
1028 + #define HIBERNATE_TEXT
1029 + #endif
1030 +
1031 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1032 ++#define TRAMP_TEXT \
1033 ++ . = ALIGN(PAGE_SIZE); \
1034 ++ VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \
1035 ++ *(.entry.tramp.text) \
1036 ++ . = ALIGN(PAGE_SIZE); \
1037 ++ VMLINUX_SYMBOL(__entry_tramp_text_end) = .;
1038 ++#else
1039 ++#define TRAMP_TEXT
1040 ++#endif
1041 ++
1042 + /*
1043 + * The size of the PE/COFF section that covers the kernel image, which
1044 + * runs from stext to _edata, must be a round multiple of the PE/COFF
1045 +@@ -128,6 +139,7 @@ SECTIONS
1046 + HYPERVISOR_TEXT
1047 + IDMAP_TEXT
1048 + HIBERNATE_TEXT
1049 ++ TRAMP_TEXT
1050 + *(.fixup)
1051 + *(.gnu.warning)
1052 + . = ALIGN(16);
1053 +@@ -216,6 +228,11 @@ SECTIONS
1054 + swapper_pg_dir = .;
1055 + . += SWAPPER_DIR_SIZE;
1056 +
1057 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1058 ++ tramp_pg_dir = .;
1059 ++ . += PAGE_SIZE;
1060 ++#endif
1061 ++
1062 + _end = .;
1063 +
1064 + STABS_DEBUG
1065 +@@ -235,7 +252,10 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
1066 + ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1))
1067 + <= SZ_4K, "Hibernate exit text too big or misaligned")
1068 + #endif
1069 +-
1070 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1071 ++ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE,
1072 ++ "Entry trampoline text too big")
1073 ++#endif
1074 + /*
1075 + * If padding is applied before .head.text, virt<->phys conversions will fail.
1076 + */
1077 +diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
1078 +index efcf1f7ef1e4..f00f5eeb556f 100644
1079 +--- a/arch/arm64/mm/context.c
1080 ++++ b/arch/arm64/mm/context.c
1081 +@@ -39,7 +39,16 @@ static cpumask_t tlb_flush_pending;
1082 +
1083 + #define ASID_MASK (~GENMASK(asid_bits - 1, 0))
1084 + #define ASID_FIRST_VERSION (1UL << asid_bits)
1085 +-#define NUM_USER_ASIDS ASID_FIRST_VERSION
1086 ++
1087 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1088 ++#define NUM_USER_ASIDS (ASID_FIRST_VERSION >> 1)
1089 ++#define asid2idx(asid) (((asid) & ~ASID_MASK) >> 1)
1090 ++#define idx2asid(idx) (((idx) << 1) & ~ASID_MASK)
1091 ++#else
1092 ++#define NUM_USER_ASIDS (ASID_FIRST_VERSION)
1093 ++#define asid2idx(asid) ((asid) & ~ASID_MASK)
1094 ++#define idx2asid(idx) asid2idx(idx)
1095 ++#endif
1096 +
1097 + /* Get the ASIDBits supported by the current CPU */
1098 + static u32 get_cpu_asid_bits(void)
1099 +@@ -104,7 +113,7 @@ static void flush_context(unsigned int cpu)
1100 + */
1101 + if (asid == 0)
1102 + asid = per_cpu(reserved_asids, i);
1103 +- __set_bit(asid & ~ASID_MASK, asid_map);
1104 ++ __set_bit(asid2idx(asid), asid_map);
1105 + per_cpu(reserved_asids, i) = asid;
1106 + }
1107 +
1108 +@@ -159,16 +168,16 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
1109 + * We had a valid ASID in a previous life, so try to re-use
1110 + * it if possible.
1111 + */
1112 +- asid &= ~ASID_MASK;
1113 +- if (!__test_and_set_bit(asid, asid_map))
1114 ++ if (!__test_and_set_bit(asid2idx(asid), asid_map))
1115 + return newasid;
1116 + }
1117 +
1118 + /*
1119 + * Allocate a free ASID. If we can't find one, take a note of the
1120 +- * currently active ASIDs and mark the TLBs as requiring flushes.
1121 +- * We always count from ASID #1, as we use ASID #0 when setting a
1122 +- * reserved TTBR0 for the init_mm.
1123 ++ * currently active ASIDs and mark the TLBs as requiring flushes. We
1124 ++ * always count from ASID #2 (index 1), as we use ASID #0 when setting
1125 ++ * a reserved TTBR0 for the init_mm and we allocate ASIDs in even/odd
1126 ++ * pairs.
1127 + */
1128 + asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
1129 + if (asid != NUM_USER_ASIDS)
1130 +@@ -185,7 +194,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
1131 + set_asid:
1132 + __set_bit(asid, asid_map);
1133 + cur_idx = asid;
1134 +- return asid | generation;
1135 ++ return idx2asid(asid) | generation;
1136 + }
1137 +
1138 + void check_and_switch_context(struct mm_struct *mm, unsigned int cpu)
1139 +diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
1140 +index 638f7f2bd79c..4cd4862845cd 100644
1141 +--- a/arch/arm64/mm/mmu.c
1142 ++++ b/arch/arm64/mm/mmu.c
1143 +@@ -419,6 +419,37 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end,
1144 + vm_area_add_early(vma);
1145 + }
1146 +
1147 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1148 ++static int __init map_entry_trampoline(void)
1149 ++{
1150 ++ extern char __entry_tramp_text_start[];
1151 ++
1152 ++ pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
1153 ++ phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
1154 ++
1155 ++ /* The trampoline is always mapped and can therefore be global */
1156 ++ pgprot_val(prot) &= ~PTE_NG;
1157 ++
1158 ++ /* Map only the text into the trampoline page table */
1159 ++ memset(tramp_pg_dir, 0, PGD_SIZE);
1160 ++ __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
1161 ++ prot, pgd_pgtable_alloc, 0);
1162 ++
1163 ++ /* Map both the text and data into the kernel page table */
1164 ++ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
1165 ++ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
1166 ++ extern char __entry_tramp_data_start[];
1167 ++
1168 ++ __set_fixmap(FIX_ENTRY_TRAMP_DATA,
1169 ++ __pa_symbol(__entry_tramp_data_start),
1170 ++ PAGE_KERNEL_RO);
1171 ++ }
1172 ++
1173 ++ return 0;
1174 ++}
1175 ++core_initcall(map_entry_trampoline);
1176 ++#endif
1177 ++
1178 + /*
1179 + * Create fine-grained mappings for the kernel.
1180 + */
1181 +diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
1182 +index 352c73b6a59e..c07d9cc057e6 100644
1183 +--- a/arch/arm64/mm/proc.S
1184 ++++ b/arch/arm64/mm/proc.S
1185 +@@ -83,7 +83,7 @@ ENDPROC(cpu_do_suspend)
1186 + *
1187 + * x0: Address of context pointer
1188 + */
1189 +- .pushsection ".idmap.text", "ax"
1190 ++ .pushsection ".idmap.text", "awx"
1191 + ENTRY(cpu_do_resume)
1192 + ldp x2, x3, [x0]
1193 + ldp x4, x5, [x0, #16]
1194 +@@ -132,9 +132,12 @@ ENDPROC(cpu_do_resume)
1195 + * - pgd_phys - physical address of new TTB
1196 + */
1197 + ENTRY(cpu_do_switch_mm)
1198 ++ mrs x2, ttbr1_el1
1199 + mmid x1, x1 // get mm->context.id
1200 +- bfi x0, x1, #48, #16 // set the ASID
1201 +- msr ttbr0_el1, x0 // set TTBR0
1202 ++ bfi x2, x1, #48, #16 // set the ASID
1203 ++ msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set)
1204 ++ isb
1205 ++ msr ttbr0_el1, x0 // now update TTBR0
1206 + isb
1207 + alternative_if ARM64_WORKAROUND_CAVIUM_27456
1208 + ic iallu
1209 +@@ -144,7 +147,17 @@ alternative_else_nop_endif
1210 + ret
1211 + ENDPROC(cpu_do_switch_mm)
1212 +
1213 +- .pushsection ".idmap.text", "ax"
1214 ++ .pushsection ".idmap.text", "awx"
1215 ++
1216 ++.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
1217 ++ adrp \tmp1, empty_zero_page
1218 ++ msr ttbr1_el1, \tmp1
1219 ++ isb
1220 ++ tlbi vmalle1
1221 ++ dsb nsh
1222 ++ isb
1223 ++.endm
1224 ++
1225 + /*
1226 + * void idmap_cpu_replace_ttbr1(phys_addr_t new_pgd)
1227 + *
1228 +@@ -155,13 +168,7 @@ ENTRY(idmap_cpu_replace_ttbr1)
1229 + mrs x2, daif
1230 + msr daifset, #0xf
1231 +
1232 +- adrp x1, empty_zero_page
1233 +- msr ttbr1_el1, x1
1234 +- isb
1235 +-
1236 +- tlbi vmalle1
1237 +- dsb nsh
1238 +- isb
1239 ++ __idmap_cpu_set_reserved_ttbr1 x1, x3
1240 +
1241 + msr ttbr1_el1, x0
1242 + isb
1243 +@@ -172,13 +179,196 @@ ENTRY(idmap_cpu_replace_ttbr1)
1244 + ENDPROC(idmap_cpu_replace_ttbr1)
1245 + .popsection
1246 +
1247 ++#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1248 ++ .pushsection ".idmap.text", "awx"
1249 ++
1250 ++ .macro __idmap_kpti_get_pgtable_ent, type
1251 ++ dc cvac, cur_\()\type\()p // Ensure any existing dirty
1252 ++ dmb sy // lines are written back before
1253 ++ ldr \type, [cur_\()\type\()p] // loading the entry
1254 ++ tbz \type, #0, next_\()\type // Skip invalid entries
1255 ++ .endm
1256 ++
1257 ++ .macro __idmap_kpti_put_pgtable_ent_ng, type
1258 ++ orr \type, \type, #PTE_NG // Same bit for blocks and pages
1259 ++ str \type, [cur_\()\type\()p] // Update the entry and ensure it
1260 ++ dc civac, cur_\()\type\()p // is visible to all CPUs.
1261 ++ .endm
1262 ++
1263 ++/*
1264 ++ * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
1265 ++ *
1266 ++ * Called exactly once from stop_machine context by each CPU found during boot.
1267 ++ */
1268 ++__idmap_kpti_flag:
1269 ++ .long 1
1270 ++ENTRY(idmap_kpti_install_ng_mappings)
1271 ++ cpu .req w0
1272 ++ num_cpus .req w1
1273 ++ swapper_pa .req x2
1274 ++ swapper_ttb .req x3
1275 ++ flag_ptr .req x4
1276 ++ cur_pgdp .req x5
1277 ++ end_pgdp .req x6
1278 ++ pgd .req x7
1279 ++ cur_pudp .req x8
1280 ++ end_pudp .req x9
1281 ++ pud .req x10
1282 ++ cur_pmdp .req x11
1283 ++ end_pmdp .req x12
1284 ++ pmd .req x13
1285 ++ cur_ptep .req x14
1286 ++ end_ptep .req x15
1287 ++ pte .req x16
1288 ++
1289 ++ mrs swapper_ttb, ttbr1_el1
1290 ++ adr flag_ptr, __idmap_kpti_flag
1291 ++
1292 ++ cbnz cpu, __idmap_kpti_secondary
1293 ++
1294 ++ /* We're the boot CPU. Wait for the others to catch up */
1295 ++ sevl
1296 ++1: wfe
1297 ++ ldaxr w18, [flag_ptr]
1298 ++ eor w18, w18, num_cpus
1299 ++ cbnz w18, 1b
1300 ++
1301 ++ /* We need to walk swapper, so turn off the MMU. */
1302 ++ mrs x18, sctlr_el1
1303 ++ bic x18, x18, #SCTLR_ELx_M
1304 ++ msr sctlr_el1, x18
1305 ++ isb
1306 ++
1307 ++ /* Everybody is enjoying the idmap, so we can rewrite swapper. */
1308 ++ /* PGD */
1309 ++ mov cur_pgdp, swapper_pa
1310 ++ add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8)
1311 ++do_pgd: __idmap_kpti_get_pgtable_ent pgd
1312 ++ tbnz pgd, #1, walk_puds
1313 ++ __idmap_kpti_put_pgtable_ent_ng pgd
1314 ++next_pgd:
1315 ++ add cur_pgdp, cur_pgdp, #8
1316 ++ cmp cur_pgdp, end_pgdp
1317 ++ b.ne do_pgd
1318 ++
1319 ++ /* Publish the updated tables and nuke all the TLBs */
1320 ++ dsb sy
1321 ++ tlbi vmalle1is
1322 ++ dsb ish
1323 ++ isb
1324 ++
1325 ++ /* We're done: fire up the MMU again */
1326 ++ mrs x18, sctlr_el1
1327 ++ orr x18, x18, #SCTLR_ELx_M
1328 ++ msr sctlr_el1, x18
1329 ++ isb
1330 ++
1331 ++ /* Set the flag to zero to indicate that we're all done */
1332 ++ str wzr, [flag_ptr]
1333 ++ ret
1334 ++
1335 ++ /* PUD */
1336 ++walk_puds:
1337 ++ .if CONFIG_PGTABLE_LEVELS > 3
1338 ++ pte_to_phys cur_pudp, pgd
1339 ++ add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8)
1340 ++do_pud: __idmap_kpti_get_pgtable_ent pud
1341 ++ tbnz pud, #1, walk_pmds
1342 ++ __idmap_kpti_put_pgtable_ent_ng pud
1343 ++next_pud:
1344 ++ add cur_pudp, cur_pudp, 8
1345 ++ cmp cur_pudp, end_pudp
1346 ++ b.ne do_pud
1347 ++ b next_pgd
1348 ++ .else /* CONFIG_PGTABLE_LEVELS <= 3 */
1349 ++ mov pud, pgd
1350 ++ b walk_pmds
1351 ++next_pud:
1352 ++ b next_pgd
1353 ++ .endif
1354 ++
1355 ++ /* PMD */
1356 ++walk_pmds:
1357 ++ .if CONFIG_PGTABLE_LEVELS > 2
1358 ++ pte_to_phys cur_pmdp, pud
1359 ++ add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8)
1360 ++do_pmd: __idmap_kpti_get_pgtable_ent pmd
1361 ++ tbnz pmd, #1, walk_ptes
1362 ++ __idmap_kpti_put_pgtable_ent_ng pmd
1363 ++next_pmd:
1364 ++ add cur_pmdp, cur_pmdp, #8
1365 ++ cmp cur_pmdp, end_pmdp
1366 ++ b.ne do_pmd
1367 ++ b next_pud
1368 ++ .else /* CONFIG_PGTABLE_LEVELS <= 2 */
1369 ++ mov pmd, pud
1370 ++ b walk_ptes
1371 ++next_pmd:
1372 ++ b next_pud
1373 ++ .endif
1374 ++
1375 ++ /* PTE */
1376 ++walk_ptes:
1377 ++ pte_to_phys cur_ptep, pmd
1378 ++ add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8)
1379 ++do_pte: __idmap_kpti_get_pgtable_ent pte
1380 ++ __idmap_kpti_put_pgtable_ent_ng pte
1381 ++next_pte:
1382 ++ add cur_ptep, cur_ptep, #8
1383 ++ cmp cur_ptep, end_ptep
1384 ++ b.ne do_pte
1385 ++ b next_pmd
1386 ++
1387 ++ /* Secondary CPUs end up here */
1388 ++__idmap_kpti_secondary:
1389 ++ /* Uninstall swapper before surgery begins */
1390 ++ __idmap_cpu_set_reserved_ttbr1 x18, x17
1391 ++
1392 ++ /* Increment the flag to let the boot CPU we're ready */
1393 ++1: ldxr w18, [flag_ptr]
1394 ++ add w18, w18, #1
1395 ++ stxr w17, w18, [flag_ptr]
1396 ++ cbnz w17, 1b
1397 ++
1398 ++ /* Wait for the boot CPU to finish messing around with swapper */
1399 ++ sevl
1400 ++1: wfe
1401 ++ ldxr w18, [flag_ptr]
1402 ++ cbnz w18, 1b
1403 ++
1404 ++ /* All done, act like nothing happened */
1405 ++ msr ttbr1_el1, swapper_ttb
1406 ++ isb
1407 ++ ret
1408 ++
1409 ++ .unreq cpu
1410 ++ .unreq num_cpus
1411 ++ .unreq swapper_pa
1412 ++ .unreq swapper_ttb
1413 ++ .unreq flag_ptr
1414 ++ .unreq cur_pgdp
1415 ++ .unreq end_pgdp
1416 ++ .unreq pgd
1417 ++ .unreq cur_pudp
1418 ++ .unreq end_pudp
1419 ++ .unreq pud
1420 ++ .unreq cur_pmdp
1421 ++ .unreq end_pmdp
1422 ++ .unreq pmd
1423 ++ .unreq cur_ptep
1424 ++ .unreq end_ptep
1425 ++ .unreq pte
1426 ++ENDPROC(idmap_kpti_install_ng_mappings)
1427 ++ .popsection
1428 ++#endif
1429 ++
1430 + /*
1431 + * __cpu_setup
1432 + *
1433 + * Initialise the processor for turning the MMU on. Return in x0 the
1434 + * value of the SCTLR_EL1 register.
1435 + */
1436 +- .pushsection ".idmap.text", "ax"
1437 ++ .pushsection ".idmap.text", "awx"
1438 + ENTRY(__cpu_setup)
1439 + tlbi vmalle1 // Invalidate local TLB
1440 + dsb nsh
1441 +@@ -222,7 +412,7 @@ ENTRY(__cpu_setup)
1442 + * both user and kernel.
1443 + */
1444 + ldr x10, =TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \
1445 +- TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0
1446 ++ TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 | TCR_A1
1447 + tcr_set_idmap_t0sz x10, x9
1448 +
1449 + /*
1450 +diff --git a/arch/frv/include/asm/timex.h b/arch/frv/include/asm/timex.h
1451 +index a89bddefdacf..139093fab326 100644
1452 +--- a/arch/frv/include/asm/timex.h
1453 ++++ b/arch/frv/include/asm/timex.h
1454 +@@ -16,5 +16,11 @@ static inline cycles_t get_cycles(void)
1455 + #define vxtime_lock() do {} while (0)
1456 + #define vxtime_unlock() do {} while (0)
1457 +
1458 ++/* This attribute is used in include/linux/jiffies.h alongside with
1459 ++ * __cacheline_aligned_in_smp. It is assumed that __cacheline_aligned_in_smp
1460 ++ * for frv does not contain another section specification.
1461 ++ */
1462 ++#define __jiffy_arch_data __attribute__((__section__(".data")))
1463 ++
1464 + #endif
1465 +
1466 +diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
1467 +index 7614d1dd2c0b..94b5dfb087e9 100644
1468 +--- a/arch/powerpc/kernel/exceptions-64s.S
1469 ++++ b/arch/powerpc/kernel/exceptions-64s.S
1470 +@@ -723,7 +723,7 @@ EXC_COMMON_BEGIN(bad_addr_slb)
1471 + ld r3, PACA_EXSLB+EX_DAR(r13)
1472 + std r3, _DAR(r1)
1473 + beq cr6, 2f
1474 +- li r10, 0x480 /* fix trap number for I-SLB miss */
1475 ++ li r10, 0x481 /* fix trap number for I-SLB miss */
1476 + std r10, _TRAP(r1)
1477 + 2: bl save_nvgprs
1478 + addi r3, r1, STACK_FRAME_OVERHEAD
1479 +diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
1480 +index 028a22bfa90c..ad713f741ca8 100644
1481 +--- a/arch/powerpc/kernel/irq.c
1482 ++++ b/arch/powerpc/kernel/irq.c
1483 +@@ -372,6 +372,14 @@ void force_external_irq_replay(void)
1484 + */
1485 + WARN_ON(!arch_irqs_disabled());
1486 +
1487 ++ /*
1488 ++ * Interrupts must always be hard disabled before irq_happened is
1489 ++ * modified (to prevent lost update in case of interrupt between
1490 ++ * load and store).
1491 ++ */
1492 ++ __hard_irq_disable();
1493 ++ local_paca->irq_happened |= PACA_IRQ_HARD_DIS;
1494 ++
1495 + /* Indicate in the PACA that we have an interrupt to replay */
1496 + local_paca->irq_happened |= PACA_IRQ_EE;
1497 + }
1498 +diff --git a/arch/x86/crypto/cast5_avx_glue.c b/arch/x86/crypto/cast5_avx_glue.c
1499 +index 8648158f3916..f8fe11d24cde 100644
1500 +--- a/arch/x86/crypto/cast5_avx_glue.c
1501 ++++ b/arch/x86/crypto/cast5_avx_glue.c
1502 +@@ -66,8 +66,6 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
1503 + void (*fn)(struct cast5_ctx *ctx, u8 *dst, const u8 *src);
1504 + int err;
1505 +
1506 +- fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
1507 +-
1508 + err = blkcipher_walk_virt(desc, walk);
1509 + desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
1510 +
1511 +@@ -79,6 +77,7 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
1512 +
1513 + /* Process multi-block batch */
1514 + if (nbytes >= bsize * CAST5_PARALLEL_BLOCKS) {
1515 ++ fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
1516 + do {
1517 + fn(ctx, wdst, wsrc);
1518 +
1519 +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
1520 +index b8d3f1b60331..91c48cdfe81f 100644
1521 +--- a/arch/x86/kernel/kprobes/core.c
1522 ++++ b/arch/x86/kernel/kprobes/core.c
1523 +@@ -51,6 +51,7 @@
1524 + #include <linux/ftrace.h>
1525 + #include <linux/frame.h>
1526 + #include <linux/kasan.h>
1527 ++#include <linux/moduleloader.h>
1528 +
1529 + #include <asm/text-patching.h>
1530 + #include <asm/cacheflush.h>
1531 +@@ -405,6 +406,14 @@ int __copy_instruction(u8 *dest, u8 *src)
1532 + return length;
1533 + }
1534 +
1535 ++/* Recover page to RW mode before releasing it */
1536 ++void free_insn_page(void *page)
1537 ++{
1538 ++ set_memory_nx((unsigned long)page & PAGE_MASK, 1);
1539 ++ set_memory_rw((unsigned long)page & PAGE_MASK, 1);
1540 ++ module_memfree(page);
1541 ++}
1542 ++
1543 + static int arch_copy_kprobe(struct kprobe *p)
1544 + {
1545 + int ret;
1546 +diff --git a/block/bio.c b/block/bio.c
1547 +index 07f287b14cff..4f93345c6a82 100644
1548 +--- a/block/bio.c
1549 ++++ b/block/bio.c
1550 +@@ -42,9 +42,9 @@
1551 + * break badly! cannot be bigger than what you can fit into an
1552 + * unsigned short
1553 + */
1554 +-#define BV(x) { .nr_vecs = x, .name = "biovec-"__stringify(x) }
1555 ++#define BV(x, n) { .nr_vecs = x, .name = "biovec-"#n }
1556 + static struct biovec_slab bvec_slabs[BVEC_POOL_NR] __read_mostly = {
1557 +- BV(1), BV(4), BV(16), BV(64), BV(128), BV(BIO_MAX_PAGES),
1558 ++ BV(1, 1), BV(4, 4), BV(16, 16), BV(64, 64), BV(128, 128), BV(BIO_MAX_PAGES, max),
1559 + };
1560 + #undef BV
1561 +
1562 +diff --git a/block/partitions/msdos.c b/block/partitions/msdos.c
1563 +index 5610cd537da7..7d8d50c11ce7 100644
1564 +--- a/block/partitions/msdos.c
1565 ++++ b/block/partitions/msdos.c
1566 +@@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_partitions *state,
1567 + continue;
1568 + bsd_start = le32_to_cpu(p->p_offset);
1569 + bsd_size = le32_to_cpu(p->p_size);
1570 +- if (memcmp(flavour, "bsd\0", 4) == 0)
1571 ++ /* FreeBSD has relative offset if C partition offset is zero */
1572 ++ if (memcmp(flavour, "bsd\0", 4) == 0 &&
1573 ++ le32_to_cpu(l->d_partitions[2].p_offset) == 0)
1574 + bsd_start += offset;
1575 + if (offset == bsd_start && size == bsd_size)
1576 + /* full parent partition, we have it already */
1577 +diff --git a/crypto/ahash.c b/crypto/ahash.c
1578 +index 14402ef6d826..90d73a22f129 100644
1579 +--- a/crypto/ahash.c
1580 ++++ b/crypto/ahash.c
1581 +@@ -91,13 +91,14 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
1582 +
1583 + if (nbytes && walk->offset & alignmask && !err) {
1584 + walk->offset = ALIGN(walk->offset, alignmask + 1);
1585 +- walk->data += walk->offset;
1586 +-
1587 + nbytes = min(nbytes,
1588 + ((unsigned int)(PAGE_SIZE)) - walk->offset);
1589 + walk->entrylen -= nbytes;
1590 +
1591 +- return nbytes;
1592 ++ if (nbytes) {
1593 ++ walk->data += walk->offset;
1594 ++ return nbytes;
1595 ++ }
1596 + }
1597 +
1598 + if (walk->flags & CRYPTO_ALG_ASYNC)
1599 +diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
1600 +index b86273fdf48e..3cfd879267b2 100644
1601 +--- a/drivers/block/mtip32xx/mtip32xx.c
1602 ++++ b/drivers/block/mtip32xx/mtip32xx.c
1603 +@@ -169,25 +169,6 @@ static bool mtip_check_surprise_removal(struct pci_dev *pdev)
1604 + return false; /* device present */
1605 + }
1606 +
1607 +-/* we have to use runtime tag to setup command header */
1608 +-static void mtip_init_cmd_header(struct request *rq)
1609 +-{
1610 +- struct driver_data *dd = rq->q->queuedata;
1611 +- struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq);
1612 +- u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64;
1613 +-
1614 +- /* Point the command headers at the command tables. */
1615 +- cmd->command_header = dd->port->command_list +
1616 +- (sizeof(struct mtip_cmd_hdr) * rq->tag);
1617 +- cmd->command_header_dma = dd->port->command_list_dma +
1618 +- (sizeof(struct mtip_cmd_hdr) * rq->tag);
1619 +-
1620 +- if (host_cap_64)
1621 +- cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16);
1622 +-
1623 +- cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF);
1624 +-}
1625 +-
1626 + static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd)
1627 + {
1628 + struct request *rq;
1629 +@@ -199,9 +180,6 @@ static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd)
1630 + if (IS_ERR(rq))
1631 + return NULL;
1632 +
1633 +- /* Internal cmd isn't submitted via .queue_rq */
1634 +- mtip_init_cmd_header(rq);
1635 +-
1636 + return blk_mq_rq_to_pdu(rq);
1637 + }
1638 +
1639 +@@ -3833,8 +3811,6 @@ static int mtip_queue_rq(struct blk_mq_hw_ctx *hctx,
1640 + struct request *rq = bd->rq;
1641 + int ret;
1642 +
1643 +- mtip_init_cmd_header(rq);
1644 +-
1645 + if (unlikely(mtip_check_unal_depth(hctx, rq)))
1646 + return BLK_MQ_RQ_QUEUE_BUSY;
1647 +
1648 +@@ -3866,6 +3842,7 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx,
1649 + {
1650 + struct driver_data *dd = data;
1651 + struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq);
1652 ++ u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64;
1653 +
1654 + /*
1655 + * For flush requests, request_idx starts at the end of the
1656 +@@ -3882,6 +3859,17 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx,
1657 +
1658 + memset(cmd->command, 0, CMD_DMA_ALLOC_SZ);
1659 +
1660 ++ /* Point the command headers at the command tables. */
1661 ++ cmd->command_header = dd->port->command_list +
1662 ++ (sizeof(struct mtip_cmd_hdr) * request_idx);
1663 ++ cmd->command_header_dma = dd->port->command_list_dma +
1664 ++ (sizeof(struct mtip_cmd_hdr) * request_idx);
1665 ++
1666 ++ if (host_cap_64)
1667 ++ cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16);
1668 ++
1669 ++ cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF);
1670 ++
1671 + sg_init_table(cmd->sg, MTIP_MAX_SG);
1672 + return 0;
1673 + }
1674 +diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
1675 +index b0bb99a821bd..1b1dccd37fbd 100644
1676 +--- a/drivers/hid/hid-sony.c
1677 ++++ b/drivers/hid/hid-sony.c
1678 +@@ -1056,7 +1056,6 @@ struct sony_sc {
1679 + u8 battery_charging;
1680 + u8 battery_capacity;
1681 + u8 led_state[MAX_LEDS];
1682 +- u8 resume_led_state[MAX_LEDS];
1683 + u8 led_delay_on[MAX_LEDS];
1684 + u8 led_delay_off[MAX_LEDS];
1685 + u8 led_count;
1686 +@@ -1793,6 +1792,7 @@ static int sony_leds_init(struct sony_sc *sc)
1687 + led->name = name;
1688 + led->brightness = sc->led_state[n];
1689 + led->max_brightness = max_brightness[n];
1690 ++ led->flags = LED_CORE_SUSPENDRESUME;
1691 + led->brightness_get = sony_led_get_brightness;
1692 + led->brightness_set = sony_led_set_brightness;
1693 +
1694 +@@ -2509,47 +2509,32 @@ static void sony_remove(struct hid_device *hdev)
1695 +
1696 + static int sony_suspend(struct hid_device *hdev, pm_message_t message)
1697 + {
1698 +- /*
1699 +- * On suspend save the current LED state,
1700 +- * stop running force-feedback and blank the LEDS.
1701 +- */
1702 +- if (SONY_LED_SUPPORT || SONY_FF_SUPPORT) {
1703 +- struct sony_sc *sc = hid_get_drvdata(hdev);
1704 +-
1705 + #ifdef CONFIG_SONY_FF
1706 +- sc->left = sc->right = 0;
1707 +-#endif
1708 +
1709 +- memcpy(sc->resume_led_state, sc->led_state,
1710 +- sizeof(sc->resume_led_state));
1711 +- memset(sc->led_state, 0, sizeof(sc->led_state));
1712 ++ /* On suspend stop any running force-feedback events */
1713 ++ if (SONY_FF_SUPPORT) {
1714 ++ struct sony_sc *sc = hid_get_drvdata(hdev);
1715 +
1716 ++ sc->left = sc->right = 0;
1717 + sony_send_output_report(sc);
1718 + }
1719 +
1720 ++#endif
1721 + return 0;
1722 + }
1723 +
1724 + static int sony_resume(struct hid_device *hdev)
1725 + {
1726 +- /* Restore the state of controller LEDs on resume */
1727 +- if (SONY_LED_SUPPORT) {
1728 +- struct sony_sc *sc = hid_get_drvdata(hdev);
1729 +-
1730 +- memcpy(sc->led_state, sc->resume_led_state,
1731 +- sizeof(sc->led_state));
1732 +-
1733 +- /*
1734 +- * The Sixaxis and navigation controllers on USB need to be
1735 +- * reinitialized on resume or they won't behave properly.
1736 +- */
1737 +- if ((sc->quirks & SIXAXIS_CONTROLLER_USB) ||
1738 +- (sc->quirks & NAVIGATION_CONTROLLER_USB)) {
1739 +- sixaxis_set_operational_usb(sc->hdev);
1740 +- sc->defer_initialization = 1;
1741 +- }
1742 ++ struct sony_sc *sc = hid_get_drvdata(hdev);
1743 +
1744 +- sony_set_leds(sc);
1745 ++ /*
1746 ++ * The Sixaxis and navigation controllers on USB need to be
1747 ++ * reinitialized on resume or they won't behave properly.
1748 ++ */
1749 ++ if ((sc->quirks & SIXAXIS_CONTROLLER_USB) ||
1750 ++ (sc->quirks & NAVIGATION_CONTROLLER_USB)) {
1751 ++ sixaxis_set_operational_usb(sc->hdev);
1752 ++ sc->defer_initialization = 1;
1753 + }
1754 +
1755 + return 0;
1756 +diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
1757 +index fb4ce0394ac7..978b8d94f9a4 100644
1758 +--- a/drivers/infiniband/core/addr.c
1759 ++++ b/drivers/infiniband/core/addr.c
1760 +@@ -209,6 +209,22 @@ int rdma_addr_size(struct sockaddr *addr)
1761 + }
1762 + EXPORT_SYMBOL(rdma_addr_size);
1763 +
1764 ++int rdma_addr_size_in6(struct sockaddr_in6 *addr)
1765 ++{
1766 ++ int ret = rdma_addr_size((struct sockaddr *) addr);
1767 ++
1768 ++ return ret <= sizeof(*addr) ? ret : 0;
1769 ++}
1770 ++EXPORT_SYMBOL(rdma_addr_size_in6);
1771 ++
1772 ++int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr)
1773 ++{
1774 ++ int ret = rdma_addr_size((struct sockaddr *) addr);
1775 ++
1776 ++ return ret <= sizeof(*addr) ? ret : 0;
1777 ++}
1778 ++EXPORT_SYMBOL(rdma_addr_size_kss);
1779 ++
1780 + static struct rdma_addr_client self;
1781 +
1782 + void rdma_addr_register_client(struct rdma_addr_client *client)
1783 +diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
1784 +index 017a09ceba3f..4d732810f6fc 100644
1785 +--- a/drivers/infiniband/core/ucma.c
1786 ++++ b/drivers/infiniband/core/ucma.c
1787 +@@ -132,7 +132,7 @@ static inline struct ucma_context *_ucma_find_context(int id,
1788 + ctx = idr_find(&ctx_idr, id);
1789 + if (!ctx)
1790 + ctx = ERR_PTR(-ENOENT);
1791 +- else if (ctx->file != file)
1792 ++ else if (ctx->file != file || !ctx->cm_id)
1793 + ctx = ERR_PTR(-EINVAL);
1794 + return ctx;
1795 + }
1796 +@@ -454,6 +454,7 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
1797 + struct rdma_ucm_create_id cmd;
1798 + struct rdma_ucm_create_id_resp resp;
1799 + struct ucma_context *ctx;
1800 ++ struct rdma_cm_id *cm_id;
1801 + enum ib_qp_type qp_type;
1802 + int ret;
1803 +
1804 +@@ -474,10 +475,10 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
1805 + return -ENOMEM;
1806 +
1807 + ctx->uid = cmd.uid;
1808 +- ctx->cm_id = rdma_create_id(current->nsproxy->net_ns,
1809 +- ucma_event_handler, ctx, cmd.ps, qp_type);
1810 +- if (IS_ERR(ctx->cm_id)) {
1811 +- ret = PTR_ERR(ctx->cm_id);
1812 ++ cm_id = rdma_create_id(current->nsproxy->net_ns,
1813 ++ ucma_event_handler, ctx, cmd.ps, qp_type);
1814 ++ if (IS_ERR(cm_id)) {
1815 ++ ret = PTR_ERR(cm_id);
1816 + goto err1;
1817 + }
1818 +
1819 +@@ -487,14 +488,19 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
1820 + ret = -EFAULT;
1821 + goto err2;
1822 + }
1823 ++
1824 ++ ctx->cm_id = cm_id;
1825 + return 0;
1826 +
1827 + err2:
1828 +- rdma_destroy_id(ctx->cm_id);
1829 ++ rdma_destroy_id(cm_id);
1830 + err1:
1831 + mutex_lock(&mut);
1832 + idr_remove(&ctx_idr, ctx->id);
1833 + mutex_unlock(&mut);
1834 ++ mutex_lock(&file->mut);
1835 ++ list_del(&ctx->list);
1836 ++ mutex_unlock(&file->mut);
1837 + kfree(ctx);
1838 + return ret;
1839 + }
1840 +@@ -624,6 +630,9 @@ static ssize_t ucma_bind_ip(struct ucma_file *file, const char __user *inbuf,
1841 + if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1842 + return -EFAULT;
1843 +
1844 ++ if (!rdma_addr_size_in6(&cmd.addr))
1845 ++ return -EINVAL;
1846 ++
1847 + ctx = ucma_get_ctx(file, cmd.id);
1848 + if (IS_ERR(ctx))
1849 + return PTR_ERR(ctx);
1850 +@@ -637,22 +646,21 @@ static ssize_t ucma_bind(struct ucma_file *file, const char __user *inbuf,
1851 + int in_len, int out_len)
1852 + {
1853 + struct rdma_ucm_bind cmd;
1854 +- struct sockaddr *addr;
1855 + struct ucma_context *ctx;
1856 + int ret;
1857 +
1858 + if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1859 + return -EFAULT;
1860 +
1861 +- addr = (struct sockaddr *) &cmd.addr;
1862 +- if (cmd.reserved || !cmd.addr_size || (cmd.addr_size != rdma_addr_size(addr)))
1863 ++ if (cmd.reserved || !cmd.addr_size ||
1864 ++ cmd.addr_size != rdma_addr_size_kss(&cmd.addr))
1865 + return -EINVAL;
1866 +
1867 + ctx = ucma_get_ctx(file, cmd.id);
1868 + if (IS_ERR(ctx))
1869 + return PTR_ERR(ctx);
1870 +
1871 +- ret = rdma_bind_addr(ctx->cm_id, addr);
1872 ++ ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
1873 + ucma_put_ctx(ctx);
1874 + return ret;
1875 + }
1876 +@@ -668,13 +676,16 @@ static ssize_t ucma_resolve_ip(struct ucma_file *file,
1877 + if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1878 + return -EFAULT;
1879 +
1880 ++ if (!rdma_addr_size_in6(&cmd.src_addr) ||
1881 ++ !rdma_addr_size_in6(&cmd.dst_addr))
1882 ++ return -EINVAL;
1883 ++
1884 + ctx = ucma_get_ctx(file, cmd.id);
1885 + if (IS_ERR(ctx))
1886 + return PTR_ERR(ctx);
1887 +
1888 + ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
1889 +- (struct sockaddr *) &cmd.dst_addr,
1890 +- cmd.timeout_ms);
1891 ++ (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
1892 + ucma_put_ctx(ctx);
1893 + return ret;
1894 + }
1895 +@@ -684,24 +695,23 @@ static ssize_t ucma_resolve_addr(struct ucma_file *file,
1896 + int in_len, int out_len)
1897 + {
1898 + struct rdma_ucm_resolve_addr cmd;
1899 +- struct sockaddr *src, *dst;
1900 + struct ucma_context *ctx;
1901 + int ret;
1902 +
1903 + if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1904 + return -EFAULT;
1905 +
1906 +- src = (struct sockaddr *) &cmd.src_addr;
1907 +- dst = (struct sockaddr *) &cmd.dst_addr;
1908 +- if (cmd.reserved || (cmd.src_size && (cmd.src_size != rdma_addr_size(src))) ||
1909 +- !cmd.dst_size || (cmd.dst_size != rdma_addr_size(dst)))
1910 ++ if (cmd.reserved ||
1911 ++ (cmd.src_size && (cmd.src_size != rdma_addr_size_kss(&cmd.src_addr))) ||
1912 ++ !cmd.dst_size || (cmd.dst_size != rdma_addr_size_kss(&cmd.dst_addr)))
1913 + return -EINVAL;
1914 +
1915 + ctx = ucma_get_ctx(file, cmd.id);
1916 + if (IS_ERR(ctx))
1917 + return PTR_ERR(ctx);
1918 +
1919 +- ret = rdma_resolve_addr(ctx->cm_id, src, dst, cmd.timeout_ms);
1920 ++ ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
1921 ++ (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
1922 + ucma_put_ctx(ctx);
1923 + return ret;
1924 + }
1925 +@@ -1146,6 +1156,11 @@ static ssize_t ucma_init_qp_attr(struct ucma_file *file,
1926 + if (IS_ERR(ctx))
1927 + return PTR_ERR(ctx);
1928 +
1929 ++ if (!ctx->cm_id->device) {
1930 ++ ret = -EINVAL;
1931 ++ goto out;
1932 ++ }
1933 ++
1934 + resp.qp_attr_mask = 0;
1935 + memset(&qp_attr, 0, sizeof qp_attr);
1936 + qp_attr.qp_state = cmd.qp_state;
1937 +@@ -1302,7 +1317,7 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
1938 + {
1939 + struct rdma_ucm_notify cmd;
1940 + struct ucma_context *ctx;
1941 +- int ret;
1942 ++ int ret = -EINVAL;
1943 +
1944 + if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1945 + return -EFAULT;
1946 +@@ -1311,7 +1326,9 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
1947 + if (IS_ERR(ctx))
1948 + return PTR_ERR(ctx);
1949 +
1950 +- ret = rdma_notify(ctx->cm_id, (enum ib_event_type) cmd.event);
1951 ++ if (ctx->cm_id->device)
1952 ++ ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event);
1953 ++
1954 + ucma_put_ctx(ctx);
1955 + return ret;
1956 + }
1957 +@@ -1397,7 +1414,7 @@ static ssize_t ucma_join_ip_multicast(struct ucma_file *file,
1958 + join_cmd.response = cmd.response;
1959 + join_cmd.uid = cmd.uid;
1960 + join_cmd.id = cmd.id;
1961 +- join_cmd.addr_size = rdma_addr_size((struct sockaddr *) &cmd.addr);
1962 ++ join_cmd.addr_size = rdma_addr_size_in6(&cmd.addr);
1963 + if (!join_cmd.addr_size)
1964 + return -EINVAL;
1965 +
1966 +@@ -1416,7 +1433,7 @@ static ssize_t ucma_join_multicast(struct ucma_file *file,
1967 + if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1968 + return -EFAULT;
1969 +
1970 +- if (!rdma_addr_size((struct sockaddr *)&cmd.addr))
1971 ++ if (!rdma_addr_size_kss(&cmd.addr))
1972 + return -EINVAL;
1973 +
1974 + return ucma_process_join(file, &cmd, out_len);
1975 +diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c
1976 +index af83d2e34913..a8a96def0ba2 100644
1977 +--- a/drivers/input/mouse/alps.c
1978 ++++ b/drivers/input/mouse/alps.c
1979 +@@ -2538,13 +2538,31 @@ static int alps_update_btn_info_ss4_v2(unsigned char otp[][4],
1980 + }
1981 +
1982 + static int alps_update_dual_info_ss4_v2(unsigned char otp[][4],
1983 +- struct alps_data *priv)
1984 ++ struct alps_data *priv,
1985 ++ struct psmouse *psmouse)
1986 + {
1987 + bool is_dual = false;
1988 ++ int reg_val = 0;
1989 ++ struct ps2dev *ps2dev = &psmouse->ps2dev;
1990 +
1991 +- if (IS_SS4PLUS_DEV(priv->dev_id))
1992 ++ if (IS_SS4PLUS_DEV(priv->dev_id)) {
1993 + is_dual = (otp[0][0] >> 4) & 0x01;
1994 +
1995 ++ if (!is_dual) {
1996 ++ /* For support TrackStick of Thinkpad L/E series */
1997 ++ if (alps_exit_command_mode(psmouse) == 0 &&
1998 ++ alps_enter_command_mode(psmouse) == 0) {
1999 ++ reg_val = alps_command_mode_read_reg(psmouse,
2000 ++ 0xD7);
2001 ++ }
2002 ++ alps_exit_command_mode(psmouse);
2003 ++ ps2_command(ps2dev, NULL, PSMOUSE_CMD_ENABLE);
2004 ++
2005 ++ if (reg_val == 0x0C || reg_val == 0x1D)
2006 ++ is_dual = true;
2007 ++ }
2008 ++ }
2009 ++
2010 + if (is_dual)
2011 + priv->flags |= ALPS_DUALPOINT |
2012 + ALPS_DUALPOINT_WITH_PRESSURE;
2013 +@@ -2567,7 +2585,7 @@ static int alps_set_defaults_ss4_v2(struct psmouse *psmouse,
2014 +
2015 + alps_update_btn_info_ss4_v2(otp, priv);
2016 +
2017 +- alps_update_dual_info_ss4_v2(otp, priv);
2018 ++ alps_update_dual_info_ss4_v2(otp, priv, psmouse);
2019 +
2020 + return 0;
2021 + }
2022 +diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
2023 +index b604564dec5c..30328e57fdda 100644
2024 +--- a/drivers/input/mousedev.c
2025 ++++ b/drivers/input/mousedev.c
2026 +@@ -15,6 +15,7 @@
2027 + #define MOUSEDEV_MINORS 31
2028 + #define MOUSEDEV_MIX 63
2029 +
2030 ++#include <linux/bitops.h>
2031 + #include <linux/sched.h>
2032 + #include <linux/slab.h>
2033 + #include <linux/poll.h>
2034 +@@ -103,7 +104,7 @@ struct mousedev_client {
2035 + spinlock_t packet_lock;
2036 + int pos_x, pos_y;
2037 +
2038 +- signed char ps2[6];
2039 ++ u8 ps2[6];
2040 + unsigned char ready, buffer, bufsiz;
2041 + unsigned char imexseq, impsseq;
2042 + enum mousedev_emul mode;
2043 +@@ -291,11 +292,10 @@ static void mousedev_notify_readers(struct mousedev *mousedev,
2044 + }
2045 +
2046 + client->pos_x += packet->dx;
2047 +- client->pos_x = client->pos_x < 0 ?
2048 +- 0 : (client->pos_x >= xres ? xres : client->pos_x);
2049 ++ client->pos_x = clamp_val(client->pos_x, 0, xres);
2050 ++
2051 + client->pos_y += packet->dy;
2052 +- client->pos_y = client->pos_y < 0 ?
2053 +- 0 : (client->pos_y >= yres ? yres : client->pos_y);
2054 ++ client->pos_y = clamp_val(client->pos_y, 0, yres);
2055 +
2056 + p->dx += packet->dx;
2057 + p->dy += packet->dy;
2058 +@@ -571,44 +571,50 @@ static int mousedev_open(struct inode *inode, struct file *file)
2059 + return error;
2060 + }
2061 +
2062 +-static inline int mousedev_limit_delta(int delta, int limit)
2063 +-{
2064 +- return delta > limit ? limit : (delta < -limit ? -limit : delta);
2065 +-}
2066 +-
2067 +-static void mousedev_packet(struct mousedev_client *client,
2068 +- signed char *ps2_data)
2069 ++static void mousedev_packet(struct mousedev_client *client, u8 *ps2_data)
2070 + {
2071 + struct mousedev_motion *p = &client->packets[client->tail];
2072 ++ s8 dx, dy, dz;
2073 ++
2074 ++ dx = clamp_val(p->dx, -127, 127);
2075 ++ p->dx -= dx;
2076 ++
2077 ++ dy = clamp_val(p->dy, -127, 127);
2078 ++ p->dy -= dy;
2079 +
2080 +- ps2_data[0] = 0x08 |
2081 +- ((p->dx < 0) << 4) | ((p->dy < 0) << 5) | (p->buttons & 0x07);
2082 +- ps2_data[1] = mousedev_limit_delta(p->dx, 127);
2083 +- ps2_data[2] = mousedev_limit_delta(p->dy, 127);
2084 +- p->dx -= ps2_data[1];
2085 +- p->dy -= ps2_data[2];
2086 ++ ps2_data[0] = BIT(3);
2087 ++ ps2_data[0] |= ((dx & BIT(7)) >> 3) | ((dy & BIT(7)) >> 2);
2088 ++ ps2_data[0] |= p->buttons & 0x07;
2089 ++ ps2_data[1] = dx;
2090 ++ ps2_data[2] = dy;
2091 +
2092 + switch (client->mode) {
2093 + case MOUSEDEV_EMUL_EXPS:
2094 +- ps2_data[3] = mousedev_limit_delta(p->dz, 7);
2095 +- p->dz -= ps2_data[3];
2096 +- ps2_data[3] = (ps2_data[3] & 0x0f) | ((p->buttons & 0x18) << 1);
2097 ++ dz = clamp_val(p->dz, -7, 7);
2098 ++ p->dz -= dz;
2099 ++
2100 ++ ps2_data[3] = (dz & 0x0f) | ((p->buttons & 0x18) << 1);
2101 + client->bufsiz = 4;
2102 + break;
2103 +
2104 + case MOUSEDEV_EMUL_IMPS:
2105 +- ps2_data[0] |=
2106 +- ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1);
2107 +- ps2_data[3] = mousedev_limit_delta(p->dz, 127);
2108 +- p->dz -= ps2_data[3];
2109 ++ dz = clamp_val(p->dz, -127, 127);
2110 ++ p->dz -= dz;
2111 ++
2112 ++ ps2_data[0] |= ((p->buttons & 0x10) >> 3) |
2113 ++ ((p->buttons & 0x08) >> 1);
2114 ++ ps2_data[3] = dz;
2115 ++
2116 + client->bufsiz = 4;
2117 + break;
2118 +
2119 + case MOUSEDEV_EMUL_PS2:
2120 + default:
2121 +- ps2_data[0] |=
2122 +- ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1);
2123 + p->dz = 0;
2124 ++
2125 ++ ps2_data[0] |= ((p->buttons & 0x10) >> 3) |
2126 ++ ((p->buttons & 0x08) >> 1);
2127 ++
2128 + client->bufsiz = 3;
2129 + break;
2130 + }
2131 +@@ -714,7 +720,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
2132 + {
2133 + struct mousedev_client *client = file->private_data;
2134 + struct mousedev *mousedev = client->mousedev;
2135 +- signed char data[sizeof(client->ps2)];
2136 ++ u8 data[sizeof(client->ps2)];
2137 + int retval = 0;
2138 +
2139 + if (!client->ready && !client->buffer && mousedev->exist &&
2140 +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
2141 +index d1051e3ce819..e484ea2dc787 100644
2142 +--- a/drivers/input/serio/i8042-x86ia64io.h
2143 ++++ b/drivers/input/serio/i8042-x86ia64io.h
2144 +@@ -530,6 +530,20 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = {
2145 + { }
2146 + };
2147 +
2148 ++static const struct dmi_system_id i8042_dmi_forcemux_table[] __initconst = {
2149 ++ {
2150 ++ /*
2151 ++ * Sony Vaio VGN-CS series require MUX or the touch sensor
2152 ++ * buttons will disturb touchpad operation
2153 ++ */
2154 ++ .matches = {
2155 ++ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
2156 ++ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-CS"),
2157 ++ },
2158 ++ },
2159 ++ { }
2160 ++};
2161 ++
2162 + /*
2163 + * On some Asus laptops, just running self tests cause problems.
2164 + */
2165 +@@ -692,6 +706,13 @@ static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
2166 + DMI_MATCH(DMI_PRODUCT_NAME, "20046"),
2167 + },
2168 + },
2169 ++ {
2170 ++ /* Lenovo ThinkPad L460 */
2171 ++ .matches = {
2172 ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
2173 ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L460"),
2174 ++ },
2175 ++ },
2176 + {
2177 + /* Clevo P650RS, 650RP6, Sager NP8152-S, and others */
2178 + .matches = {
2179 +@@ -1223,6 +1244,9 @@ static int __init i8042_platform_init(void)
2180 + if (dmi_check_system(i8042_dmi_nomux_table))
2181 + i8042_nomux = true;
2182 +
2183 ++ if (dmi_check_system(i8042_dmi_forcemux_table))
2184 ++ i8042_nomux = false;
2185 ++
2186 + if (dmi_check_system(i8042_dmi_notimeout_table))
2187 + i8042_notimeout = true;
2188 +
2189 +diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
2190 +index a68c650aad11..b67414b5a64e 100644
2191 +--- a/drivers/md/dm-ioctl.c
2192 ++++ b/drivers/md/dm-ioctl.c
2193 +@@ -1777,12 +1777,12 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
2194 + cmd == DM_LIST_VERSIONS_CMD)
2195 + return 0;
2196 +
2197 +- if ((cmd == DM_DEV_CREATE_CMD)) {
2198 ++ if (cmd == DM_DEV_CREATE_CMD) {
2199 + if (!*param->name) {
2200 + DMWARN("name not supplied when creating device");
2201 + return -EINVAL;
2202 + }
2203 +- } else if ((*param->uuid && *param->name)) {
2204 ++ } else if (*param->uuid && *param->name) {
2205 + DMWARN("only supply one of name or uuid, cmd(%u)", cmd);
2206 + return -EINVAL;
2207 + }
2208 +diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
2209 +index 18a4271bf569..6a7b9b1dcfe3 100644
2210 +--- a/drivers/md/raid10.c
2211 ++++ b/drivers/md/raid10.c
2212 +@@ -3681,6 +3681,7 @@ static int raid10_run(struct mddev *mddev)
2213 +
2214 + if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
2215 + discard_supported = true;
2216 ++ first = 0;
2217 + }
2218 +
2219 + if (mddev->queue) {
2220 +diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c
2221 +index 0324633ede42..e56a49a5e8b1 100644
2222 +--- a/drivers/media/usb/usbtv/usbtv-core.c
2223 ++++ b/drivers/media/usb/usbtv/usbtv-core.c
2224 +@@ -109,6 +109,8 @@ static int usbtv_probe(struct usb_interface *intf,
2225 + return 0;
2226 +
2227 + usbtv_audio_fail:
2228 ++ /* we must not free at this point */
2229 ++ usb_get_dev(usbtv->udev);
2230 + usbtv_video_free(usbtv);
2231 +
2232 + usbtv_video_fail:
2233 +diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
2234 +index 41f318631c6d..60f5a8ded8dd 100644
2235 +--- a/drivers/misc/mei/main.c
2236 ++++ b/drivers/misc/mei/main.c
2237 +@@ -551,7 +551,6 @@ static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
2238 + break;
2239 +
2240 + default:
2241 +- dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd);
2242 + rets = -ENOIOCTLCMD;
2243 + }
2244 +
2245 +diff --git a/drivers/mtd/chips/jedec_probe.c b/drivers/mtd/chips/jedec_probe.c
2246 +index 7c0b27d132b1..b479bd81120b 100644
2247 +--- a/drivers/mtd/chips/jedec_probe.c
2248 ++++ b/drivers/mtd/chips/jedec_probe.c
2249 +@@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct map_info *map, uint32_t base,
2250 + do {
2251 + uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi);
2252 + mask = (1 << (cfi->device_type * 8)) - 1;
2253 ++ if (ofs >= map->size)
2254 ++ return 0;
2255 + result = map_read(map, base + ofs);
2256 + bank++;
2257 + } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION);
2258 +diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
2259 +index 651f308cdc60..fca2e428cd86 100644
2260 +--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
2261 ++++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
2262 +@@ -1680,6 +1680,30 @@ static void xgene_enet_napi_add(struct xgene_enet_pdata *pdata)
2263 + }
2264 + }
2265 +
2266 ++#ifdef CONFIG_ACPI
2267 ++static const struct acpi_device_id xgene_enet_acpi_match[] = {
2268 ++ { "APMC0D05", XGENE_ENET1},
2269 ++ { "APMC0D30", XGENE_ENET1},
2270 ++ { "APMC0D31", XGENE_ENET1},
2271 ++ { "APMC0D3F", XGENE_ENET1},
2272 ++ { "APMC0D26", XGENE_ENET2},
2273 ++ { "APMC0D25", XGENE_ENET2},
2274 ++ { }
2275 ++};
2276 ++MODULE_DEVICE_TABLE(acpi, xgene_enet_acpi_match);
2277 ++#endif
2278 ++
2279 ++static const struct of_device_id xgene_enet_of_match[] = {
2280 ++ {.compatible = "apm,xgene-enet", .data = (void *)XGENE_ENET1},
2281 ++ {.compatible = "apm,xgene1-sgenet", .data = (void *)XGENE_ENET1},
2282 ++ {.compatible = "apm,xgene1-xgenet", .data = (void *)XGENE_ENET1},
2283 ++ {.compatible = "apm,xgene2-sgenet", .data = (void *)XGENE_ENET2},
2284 ++ {.compatible = "apm,xgene2-xgenet", .data = (void *)XGENE_ENET2},
2285 ++ {},
2286 ++};
2287 ++
2288 ++MODULE_DEVICE_TABLE(of, xgene_enet_of_match);
2289 ++
2290 + static int xgene_enet_probe(struct platform_device *pdev)
2291 + {
2292 + struct net_device *ndev;
2293 +@@ -1826,32 +1850,6 @@ static void xgene_enet_shutdown(struct platform_device *pdev)
2294 + xgene_enet_remove(pdev);
2295 + }
2296 +
2297 +-#ifdef CONFIG_ACPI
2298 +-static const struct acpi_device_id xgene_enet_acpi_match[] = {
2299 +- { "APMC0D05", XGENE_ENET1},
2300 +- { "APMC0D30", XGENE_ENET1},
2301 +- { "APMC0D31", XGENE_ENET1},
2302 +- { "APMC0D3F", XGENE_ENET1},
2303 +- { "APMC0D26", XGENE_ENET2},
2304 +- { "APMC0D25", XGENE_ENET2},
2305 +- { }
2306 +-};
2307 +-MODULE_DEVICE_TABLE(acpi, xgene_enet_acpi_match);
2308 +-#endif
2309 +-
2310 +-#ifdef CONFIG_OF
2311 +-static const struct of_device_id xgene_enet_of_match[] = {
2312 +- {.compatible = "apm,xgene-enet", .data = (void *)XGENE_ENET1},
2313 +- {.compatible = "apm,xgene1-sgenet", .data = (void *)XGENE_ENET1},
2314 +- {.compatible = "apm,xgene1-xgenet", .data = (void *)XGENE_ENET1},
2315 +- {.compatible = "apm,xgene2-sgenet", .data = (void *)XGENE_ENET2},
2316 +- {.compatible = "apm,xgene2-xgenet", .data = (void *)XGENE_ENET2},
2317 +- {},
2318 +-};
2319 +-
2320 +-MODULE_DEVICE_TABLE(of, xgene_enet_of_match);
2321 +-#endif
2322 +-
2323 + static struct platform_driver xgene_enet_driver = {
2324 + .driver = {
2325 + .name = "xgene-enet",
2326 +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
2327 +index 34b5e699a1d5..02a03bccde7b 100644
2328 +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
2329 ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
2330 +@@ -671,7 +671,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data)
2331 +
2332 + static int hns_gmac_get_sset_count(int stringset)
2333 + {
2334 +- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
2335 ++ if (stringset == ETH_SS_STATS)
2336 + return ARRAY_SIZE(g_gmac_stats_string);
2337 +
2338 + return 0;
2339 +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
2340 +index 4ecb809785f9..6ea872287307 100644
2341 +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
2342 ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
2343 +@@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb)
2344 +
2345 + int hns_ppe_get_sset_count(int stringset)
2346 + {
2347 +- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
2348 ++ if (stringset == ETH_SS_STATS)
2349 + return ETH_PPE_STATIC_NUM;
2350 + return 0;
2351 + }
2352 +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
2353 +index fbbbbffd58dc..f3be9ac47bfb 100644
2354 +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
2355 ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
2356 +@@ -798,7 +798,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data)
2357 + */
2358 + int hns_rcb_get_ring_sset_count(int stringset)
2359 + {
2360 +- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
2361 ++ if (stringset == ETH_SS_STATS)
2362 + return HNS_RING_STATIC_REG_NUM;
2363 +
2364 + return 0;
2365 +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
2366 +index 86a496d71995..6be0cae44e9b 100644
2367 +--- a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
2368 ++++ b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
2369 +@@ -1017,8 +1017,10 @@ int hns_get_sset_count(struct net_device *netdev, int stringset)
2370 + cnt--;
2371 +
2372 + return cnt;
2373 +- } else {
2374 ++ } else if (stringset == ETH_SS_STATS) {
2375 + return (HNS_NET_STATS_CNT + ops->get_sset_count(h, stringset));
2376 ++ } else {
2377 ++ return -EOPNOTSUPP;
2378 + }
2379 + }
2380 +
2381 +diff --git a/drivers/net/phy/mdio-xgene.c b/drivers/net/phy/mdio-xgene.c
2382 +index 39be3b82608f..20fbcc9c4687 100644
2383 +--- a/drivers/net/phy/mdio-xgene.c
2384 ++++ b/drivers/net/phy/mdio-xgene.c
2385 +@@ -314,6 +314,30 @@ static acpi_status acpi_register_phy(acpi_handle handle, u32 lvl,
2386 + }
2387 + #endif
2388 +
2389 ++static const struct of_device_id xgene_mdio_of_match[] = {
2390 ++ {
2391 ++ .compatible = "apm,xgene-mdio-rgmii",
2392 ++ .data = (void *)XGENE_MDIO_RGMII
2393 ++ },
2394 ++ {
2395 ++ .compatible = "apm,xgene-mdio-xfi",
2396 ++ .data = (void *)XGENE_MDIO_XFI
2397 ++ },
2398 ++ {},
2399 ++};
2400 ++MODULE_DEVICE_TABLE(of, xgene_mdio_of_match);
2401 ++
2402 ++#ifdef CONFIG_ACPI
2403 ++static const struct acpi_device_id xgene_mdio_acpi_match[] = {
2404 ++ { "APMC0D65", XGENE_MDIO_RGMII },
2405 ++ { "APMC0D66", XGENE_MDIO_XFI },
2406 ++ { }
2407 ++};
2408 ++
2409 ++MODULE_DEVICE_TABLE(acpi, xgene_mdio_acpi_match);
2410 ++#endif
2411 ++
2412 ++
2413 + static int xgene_mdio_probe(struct platform_device *pdev)
2414 + {
2415 + struct device *dev = &pdev->dev;
2416 +@@ -439,32 +463,6 @@ static int xgene_mdio_remove(struct platform_device *pdev)
2417 + return 0;
2418 + }
2419 +
2420 +-#ifdef CONFIG_OF
2421 +-static const struct of_device_id xgene_mdio_of_match[] = {
2422 +- {
2423 +- .compatible = "apm,xgene-mdio-rgmii",
2424 +- .data = (void *)XGENE_MDIO_RGMII
2425 +- },
2426 +- {
2427 +- .compatible = "apm,xgene-mdio-xfi",
2428 +- .data = (void *)XGENE_MDIO_XFI
2429 +- },
2430 +- {},
2431 +-};
2432 +-
2433 +-MODULE_DEVICE_TABLE(of, xgene_mdio_of_match);
2434 +-#endif
2435 +-
2436 +-#ifdef CONFIG_ACPI
2437 +-static const struct acpi_device_id xgene_mdio_acpi_match[] = {
2438 +- { "APMC0D65", XGENE_MDIO_RGMII },
2439 +- { "APMC0D66", XGENE_MDIO_XFI },
2440 +- { }
2441 +-};
2442 +-
2443 +-MODULE_DEVICE_TABLE(acpi, xgene_mdio_acpi_match);
2444 +-#endif
2445 +-
2446 + static struct platform_driver xgene_mdio_driver = {
2447 + .driver = {
2448 + .name = "xgene-mdio",
2449 +diff --git a/drivers/net/phy/mdio-xgene.h b/drivers/net/phy/mdio-xgene.h
2450 +index 354241b53c1d..594a11d42401 100644
2451 +--- a/drivers/net/phy/mdio-xgene.h
2452 ++++ b/drivers/net/phy/mdio-xgene.h
2453 +@@ -132,10 +132,6 @@ static inline u64 xgene_enet_get_field_value(int pos, int len, u64 src)
2454 + #define GET_BIT(field, src) \
2455 + xgene_enet_get_field_value(field ## _POS, 1, src)
2456 +
2457 +-static const struct of_device_id xgene_mdio_of_match[];
2458 +-#ifdef CONFIG_ACPI
2459 +-static const struct acpi_device_id xgene_mdio_acpi_match[];
2460 +-#endif
2461 + int xgene_mdio_rgmii_read(struct mii_bus *bus, int phy_id, int reg);
2462 + int xgene_mdio_rgmii_write(struct mii_bus *bus, int phy_id, int reg, u16 data);
2463 + struct phy_device *xgene_enet_phy_register(struct mii_bus *bus, int phy_addr);
2464 +diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c
2465 +index 78530d1714dc..bdce0679674c 100644
2466 +--- a/drivers/parport/parport_pc.c
2467 ++++ b/drivers/parport/parport_pc.c
2468 +@@ -2646,6 +2646,7 @@ enum parport_pc_pci_cards {
2469 + netmos_9901,
2470 + netmos_9865,
2471 + quatech_sppxp100,
2472 ++ wch_ch382l,
2473 + };
2474 +
2475 +
2476 +@@ -2708,6 +2709,7 @@ static struct parport_pc_pci {
2477 + /* netmos_9901 */ { 1, { { 0, -1 }, } },
2478 + /* netmos_9865 */ { 1, { { 0, -1 }, } },
2479 + /* quatech_sppxp100 */ { 1, { { 0, 1 }, } },
2480 ++ /* wch_ch382l */ { 1, { { 2, -1 }, } },
2481 + };
2482 +
2483 + static const struct pci_device_id parport_pc_pci_tbl[] = {
2484 +@@ -2797,6 +2799,8 @@ static const struct pci_device_id parport_pc_pci_tbl[] = {
2485 + /* Quatech SPPXP-100 Parallel port PCI ExpressCard */
2486 + { PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100,
2487 + PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 },
2488 ++ /* WCH CH382L PCI-E single parallel port card */
2489 ++ { 0x1c00, 0x3050, 0x1c00, 0x3050, 0, 0, wch_ch382l },
2490 + { 0, } /* terminate list */
2491 + };
2492 + MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl);
2493 +diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
2494 +index a98be6db7e93..56340abe4fc6 100644
2495 +--- a/drivers/pci/probe.c
2496 ++++ b/drivers/pci/probe.c
2497 +@@ -231,7 +231,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
2498 + res->flags |= IORESOURCE_ROM_ENABLE;
2499 + l64 = l & PCI_ROM_ADDRESS_MASK;
2500 + sz64 = sz & PCI_ROM_ADDRESS_MASK;
2501 +- mask64 = (u32)PCI_ROM_ADDRESS_MASK;
2502 ++ mask64 = PCI_ROM_ADDRESS_MASK;
2503 + }
2504 +
2505 + if (res->flags & IORESOURCE_MEM_64) {
2506 +diff --git a/drivers/pci/setup-res.c b/drivers/pci/setup-res.c
2507 +index 4bc589ee78d0..85774b7a316a 100644
2508 +--- a/drivers/pci/setup-res.c
2509 ++++ b/drivers/pci/setup-res.c
2510 +@@ -63,7 +63,7 @@ static void pci_std_update_resource(struct pci_dev *dev, int resno)
2511 + mask = (u32)PCI_BASE_ADDRESS_IO_MASK;
2512 + new |= res->flags & ~PCI_BASE_ADDRESS_IO_MASK;
2513 + } else if (resno == PCI_ROM_RESOURCE) {
2514 +- mask = (u32)PCI_ROM_ADDRESS_MASK;
2515 ++ mask = PCI_ROM_ADDRESS_MASK;
2516 + } else {
2517 + mask = (u32)PCI_BASE_ADDRESS_MEM_MASK;
2518 + new |= res->flags & ~PCI_BASE_ADDRESS_MEM_MASK;
2519 +diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
2520 +index 8f4adc1d9588..cbc8e9388268 100644
2521 +--- a/drivers/scsi/virtio_scsi.c
2522 ++++ b/drivers/scsi/virtio_scsi.c
2523 +@@ -819,6 +819,7 @@ static struct scsi_host_template virtscsi_host_template_multi = {
2524 + .change_queue_depth = virtscsi_change_queue_depth,
2525 + .eh_abort_handler = virtscsi_abort,
2526 + .eh_device_reset_handler = virtscsi_device_reset,
2527 ++ .slave_alloc = virtscsi_device_alloc,
2528 +
2529 + .can_queue = 1024,
2530 + .dma_boundary = UINT_MAX,
2531 +diff --git a/drivers/spi/Kconfig b/drivers/spi/Kconfig
2532 +index 0e7415f6d093..b7995474148c 100644
2533 +--- a/drivers/spi/Kconfig
2534 ++++ b/drivers/spi/Kconfig
2535 +@@ -156,7 +156,6 @@ config SPI_BCM63XX_HSSPI
2536 + config SPI_BCM_QSPI
2537 + tristate "Broadcom BSPI and MSPI controller support"
2538 + depends on ARCH_BRCMSTB || ARCH_BCM || ARCH_BCM_IPROC || COMPILE_TEST
2539 +- depends on MTD_NORFLASH
2540 + default ARCH_BCM_IPROC
2541 + help
2542 + Enables support for the Broadcom SPI flash and MSPI controller.
2543 +diff --git a/drivers/spi/spi-davinci.c b/drivers/spi/spi-davinci.c
2544 +index 02fb96797ac8..0d8f43a17edb 100644
2545 +--- a/drivers/spi/spi-davinci.c
2546 ++++ b/drivers/spi/spi-davinci.c
2547 +@@ -646,7 +646,7 @@ static int davinci_spi_bufs(struct spi_device *spi, struct spi_transfer *t)
2548 + buf = t->rx_buf;
2549 + t->rx_dma = dma_map_single(&spi->dev, buf,
2550 + t->len, DMA_FROM_DEVICE);
2551 +- if (dma_mapping_error(&spi->dev, !t->rx_dma)) {
2552 ++ if (dma_mapping_error(&spi->dev, t->rx_dma)) {
2553 + ret = -EFAULT;
2554 + goto err_rx_map;
2555 + }
2556 +diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c
2557 +index a574885ffba9..18c5312f7886 100644
2558 +--- a/drivers/staging/comedi/drivers/ni_mio_common.c
2559 ++++ b/drivers/staging/comedi/drivers/ni_mio_common.c
2560 +@@ -1284,6 +1284,8 @@ static void ack_a_interrupt(struct comedi_device *dev, unsigned short a_status)
2561 + ack |= NISTC_INTA_ACK_AI_START;
2562 + if (a_status & NISTC_AI_STATUS1_STOP)
2563 + ack |= NISTC_INTA_ACK_AI_STOP;
2564 ++ if (a_status & NISTC_AI_STATUS1_OVER)
2565 ++ ack |= NISTC_INTA_ACK_AI_ERR;
2566 + if (ack)
2567 + ni_stc_writew(dev, ack, NISTC_INTA_ACK_REG);
2568 + }
2569 +diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
2570 +index 68c7bb0b7991..9e1ac58e269e 100644
2571 +--- a/drivers/tty/vt/vt.c
2572 ++++ b/drivers/tty/vt/vt.c
2573 +@@ -1354,6 +1354,11 @@ static void csi_m(struct vc_data *vc)
2574 + case 3:
2575 + vc->vc_italic = 1;
2576 + break;
2577 ++ case 21:
2578 ++ /*
2579 ++ * No console drivers support double underline, so
2580 ++ * convert it to a single underline.
2581 ++ */
2582 + case 4:
2583 + vc->vc_underline = 1;
2584 + break;
2585 +@@ -1389,7 +1394,6 @@ static void csi_m(struct vc_data *vc)
2586 + vc->vc_disp_ctrl = 1;
2587 + vc->vc_toggle_meta = 1;
2588 + break;
2589 +- case 21:
2590 + case 22:
2591 + vc->vc_intensity = 1;
2592 + break;
2593 +diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
2594 +index dfc0566bb155..919a32153060 100644
2595 +--- a/drivers/usb/dwc2/hcd.c
2596 ++++ b/drivers/usb/dwc2/hcd.c
2597 +@@ -3220,7 +3220,6 @@ static void dwc2_conn_id_status_change(struct work_struct *work)
2598 + dwc2_core_init(hsotg, false);
2599 + dwc2_enable_global_interrupts(hsotg);
2600 + spin_lock_irqsave(&hsotg->lock, flags);
2601 +- dwc2_hsotg_disconnect(hsotg);
2602 + dwc2_hsotg_core_init_disconnected(hsotg, false);
2603 + spin_unlock_irqrestore(&hsotg->lock, flags);
2604 + dwc2_hsotg_core_connect(hsotg);
2605 +@@ -3238,8 +3237,12 @@ static void dwc2_conn_id_status_change(struct work_struct *work)
2606 + if (count > 250)
2607 + dev_err(hsotg->dev,
2608 + "Connection id status change timed out\n");
2609 +- hsotg->op_state = OTG_STATE_A_HOST;
2610 +
2611 ++ spin_lock_irqsave(&hsotg->lock, flags);
2612 ++ dwc2_hsotg_disconnect(hsotg);
2613 ++ spin_unlock_irqrestore(&hsotg->lock, flags);
2614 ++
2615 ++ hsotg->op_state = OTG_STATE_A_HOST;
2616 + /* Initialize the Core for Host mode */
2617 + dwc2_core_init(hsotg, false);
2618 + dwc2_enable_global_interrupts(hsotg);
2619 +diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c
2620 +index e97539fc127e..7d658565b20f 100644
2621 +--- a/drivers/usb/gadget/udc/core.c
2622 ++++ b/drivers/usb/gadget/udc/core.c
2623 +@@ -139,10 +139,8 @@ int usb_ep_disable(struct usb_ep *ep)
2624 + goto out;
2625 +
2626 + ret = ep->ops->disable(ep);
2627 +- if (ret) {
2628 +- ret = ret;
2629 ++ if (ret)
2630 + goto out;
2631 +- }
2632 +
2633 + ep->enabled = false;
2634 +
2635 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
2636 +index 3178d8afb3e6..cab80acace4e 100644
2637 +--- a/drivers/usb/serial/cp210x.c
2638 ++++ b/drivers/usb/serial/cp210x.c
2639 +@@ -152,6 +152,7 @@ static const struct usb_device_id id_table[] = {
2640 + { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */
2641 + { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */
2642 + { USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */
2643 ++ { USB_DEVICE(0x155A, 0x1006) }, /* ELDAT Easywave RX09 */
2644 + { USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */
2645 + { USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */
2646 + { USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */
2647 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
2648 +index 0c743e4cca1e..71cbc6890ac4 100644
2649 +--- a/drivers/usb/serial/ftdi_sio.c
2650 ++++ b/drivers/usb/serial/ftdi_sio.c
2651 +@@ -773,6 +773,7 @@ static const struct usb_device_id id_table_combined[] = {
2652 + .driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk },
2653 + { USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) },
2654 + { USB_DEVICE(NOVITUS_VID, NOVITUS_BONO_E_PID) },
2655 ++ { USB_DEVICE(FTDI_VID, RTSYSTEMS_USB_VX8_PID) },
2656 + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_S03_PID) },
2657 + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_59_PID) },
2658 + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_57A_PID) },
2659 +@@ -935,6 +936,7 @@ static const struct usb_device_id id_table_combined[] = {
2660 + { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) },
2661 + { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) },
2662 + { USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) },
2663 ++ { USB_DEVICE(FTDI_VID, FTDI_FHE_PID) },
2664 + { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
2665 + { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
2666 + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
2667 +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
2668 +index 543d2801632b..76a10b222ff9 100644
2669 +--- a/drivers/usb/serial/ftdi_sio_ids.h
2670 ++++ b/drivers/usb/serial/ftdi_sio_ids.h
2671 +@@ -922,6 +922,9 @@
2672 + /*
2673 + * RT Systems programming cables for various ham radios
2674 + */
2675 ++/* This device uses the VID of FTDI */
2676 ++#define RTSYSTEMS_USB_VX8_PID 0x9e50 /* USB-VX8 USB to 7 pin modular plug for Yaesu VX-8 radio */
2677 ++
2678 + #define RTSYSTEMS_VID 0x2100 /* Vendor ID */
2679 + #define RTSYSTEMS_USB_S03_PID 0x9001 /* RTS-03 USB to Serial Adapter */
2680 + #define RTSYSTEMS_USB_59_PID 0x9e50 /* USB-59 USB to 8 pin plug */
2681 +@@ -1440,6 +1443,12 @@
2682 + */
2683 + #define FTDI_CINTERION_MC55I_PID 0xA951
2684 +
2685 ++/*
2686 ++ * Product: FirmwareHubEmulator
2687 ++ * Manufacturer: Harman Becker Automotive Systems
2688 ++ */
2689 ++#define FTDI_FHE_PID 0xA9A0
2690 ++
2691 + /*
2692 + * Product: Comet Caller ID decoder
2693 + * Manufacturer: Crucible Technologies
2694 +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
2695 +index 5539f0b95efa..52401732cddc 100644
2696 +--- a/fs/btrfs/tree-log.c
2697 ++++ b/fs/btrfs/tree-log.c
2698 +@@ -3664,7 +3664,7 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
2699 +
2700 + src_offset = btrfs_item_ptr_offset(src, start_slot + i);
2701 +
2702 +- if ((i == (nr - 1)))
2703 ++ if (i == nr - 1)
2704 + last_key = ins_keys[i];
2705 +
2706 + if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) {
2707 +diff --git a/fs/ceph/file.c b/fs/ceph/file.c
2708 +index ca3f630db90f..e7ddb23d9bb7 100644
2709 +--- a/fs/ceph/file.c
2710 ++++ b/fs/ceph/file.c
2711 +@@ -598,7 +598,8 @@ static ssize_t ceph_sync_read(struct kiocb *iocb, struct iov_iter *i,
2712 + struct ceph_aio_request {
2713 + struct kiocb *iocb;
2714 + size_t total_len;
2715 +- int write;
2716 ++ bool write;
2717 ++ bool should_dirty;
2718 + int error;
2719 + struct list_head osd_reqs;
2720 + unsigned num_reqs;
2721 +@@ -708,7 +709,7 @@ static void ceph_aio_complete_req(struct ceph_osd_request *req)
2722 + }
2723 + }
2724 +
2725 +- ceph_put_page_vector(osd_data->pages, num_pages, !aio_req->write);
2726 ++ ceph_put_page_vector(osd_data->pages, num_pages, aio_req->should_dirty);
2727 + ceph_osdc_put_request(req);
2728 +
2729 + if (rc < 0)
2730 +@@ -890,6 +891,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
2731 + size_t count = iov_iter_count(iter);
2732 + loff_t pos = iocb->ki_pos;
2733 + bool write = iov_iter_rw(iter) == WRITE;
2734 ++ bool should_dirty = !write && iter_is_iovec(iter);
2735 +
2736 + if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP)
2737 + return -EROFS;
2738 +@@ -954,6 +956,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
2739 + if (aio_req) {
2740 + aio_req->iocb = iocb;
2741 + aio_req->write = write;
2742 ++ aio_req->should_dirty = should_dirty;
2743 + INIT_LIST_HEAD(&aio_req->osd_reqs);
2744 + if (write) {
2745 + aio_req->mtime = mtime;
2746 +@@ -1012,7 +1015,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
2747 + len = ret;
2748 + }
2749 +
2750 +- ceph_put_page_vector(pages, num_pages, !write);
2751 ++ ceph_put_page_vector(pages, num_pages, should_dirty);
2752 +
2753 + ceph_osdc_put_request(req);
2754 + if (ret < 0)
2755 +diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
2756 +index f2d7402abe02..93c8e4a4bbd3 100644
2757 +--- a/fs/compat_ioctl.c
2758 ++++ b/fs/compat_ioctl.c
2759 +@@ -833,7 +833,7 @@ static int compat_ioctl_preallocate(struct file *file,
2760 + */
2761 + #define XFORM(i) (((i) ^ ((i) << 27) ^ ((i) << 17)) & 0xffffffff)
2762 +
2763 +-#define COMPATIBLE_IOCTL(cmd) XFORM(cmd),
2764 ++#define COMPATIBLE_IOCTL(cmd) XFORM((u32)cmd),
2765 + /* ioctl should not be warned about even if it's not implemented.
2766 + Valid reasons to use this:
2767 + - It is implemented with ->compat_ioctl on some device, but programs
2768 +diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
2769 +index 2d65bbd6dbd1..18ba29ff1449 100644
2770 +--- a/include/linux/cpumask.h
2771 ++++ b/include/linux/cpumask.h
2772 +@@ -680,6 +680,11 @@ void alloc_bootmem_cpumask_var(cpumask_var_t *mask);
2773 + void free_cpumask_var(cpumask_var_t mask);
2774 + void free_bootmem_cpumask_var(cpumask_var_t mask);
2775 +
2776 ++static inline bool cpumask_available(cpumask_var_t mask)
2777 ++{
2778 ++ return mask != NULL;
2779 ++}
2780 ++
2781 + #else
2782 + typedef struct cpumask cpumask_var_t[1];
2783 +
2784 +@@ -720,6 +725,11 @@ static inline void free_cpumask_var(cpumask_var_t mask)
2785 + static inline void free_bootmem_cpumask_var(cpumask_var_t mask)
2786 + {
2787 + }
2788 ++
2789 ++static inline bool cpumask_available(cpumask_var_t mask)
2790 ++{
2791 ++ return true;
2792 ++}
2793 + #endif /* CONFIG_CPUMASK_OFFSTACK */
2794 +
2795 + /* It's common to want to use cpu_all_mask in struct member initializers,
2796 +diff --git a/include/linux/init.h b/include/linux/init.h
2797 +index 683508f6bb4e..0cca4142987f 100644
2798 +--- a/include/linux/init.h
2799 ++++ b/include/linux/init.h
2800 +@@ -133,6 +133,9 @@ void prepare_namespace(void);
2801 + void __init load_default_modules(void);
2802 + int __init init_rootfs(void);
2803 +
2804 ++#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_SET_MODULE_RONX)
2805 ++extern bool rodata_enabled;
2806 ++#endif
2807 + #ifdef CONFIG_DEBUG_RODATA
2808 + void mark_rodata_ro(void);
2809 + #endif
2810 +diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
2811 +index 589d14e970ad..c2a0f0072274 100644
2812 +--- a/include/linux/jiffies.h
2813 ++++ b/include/linux/jiffies.h
2814 +@@ -1,6 +1,7 @@
2815 + #ifndef _LINUX_JIFFIES_H
2816 + #define _LINUX_JIFFIES_H
2817 +
2818 ++#include <linux/cache.h>
2819 + #include <linux/math64.h>
2820 + #include <linux/kernel.h>
2821 + #include <linux/types.h>
2822 +@@ -63,19 +64,17 @@ extern int register_refined_jiffies(long clock_tick_rate);
2823 + /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */
2824 + #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ)
2825 +
2826 +-/* some arch's have a small-data section that can be accessed register-relative
2827 +- * but that can only take up to, say, 4-byte variables. jiffies being part of
2828 +- * an 8-byte variable may not be correctly accessed unless we force the issue
2829 +- */
2830 +-#define __jiffy_data __attribute__((section(".data")))
2831 ++#ifndef __jiffy_arch_data
2832 ++#define __jiffy_arch_data
2833 ++#endif
2834 +
2835 + /*
2836 + * The 64-bit value is not atomic - you MUST NOT read it
2837 + * without sampling the sequence number in jiffies_lock.
2838 + * get_jiffies_64() will do this for you as appropriate.
2839 + */
2840 +-extern u64 __jiffy_data jiffies_64;
2841 +-extern unsigned long volatile __jiffy_data jiffies;
2842 ++extern u64 __cacheline_aligned_in_smp jiffies_64;
2843 ++extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies;
2844 +
2845 + #if (BITS_PER_LONG < 64)
2846 + u64 get_jiffies_64(void);
2847 +diff --git a/include/linux/llist.h b/include/linux/llist.h
2848 +index fd4ca0b4fe0f..ac6796138ba0 100644
2849 +--- a/include/linux/llist.h
2850 ++++ b/include/linux/llist.h
2851 +@@ -87,6 +87,23 @@ static inline void init_llist_head(struct llist_head *list)
2852 + #define llist_entry(ptr, type, member) \
2853 + container_of(ptr, type, member)
2854 +
2855 ++/**
2856 ++ * member_address_is_nonnull - check whether the member address is not NULL
2857 ++ * @ptr: the object pointer (struct type * that contains the llist_node)
2858 ++ * @member: the name of the llist_node within the struct.
2859 ++ *
2860 ++ * This macro is conceptually the same as
2861 ++ * &ptr->member != NULL
2862 ++ * but it works around the fact that compilers can decide that taking a member
2863 ++ * address is never a NULL pointer.
2864 ++ *
2865 ++ * Real objects that start at a high address and have a member at NULL are
2866 ++ * unlikely to exist, but such pointers may be returned e.g. by the
2867 ++ * container_of() macro.
2868 ++ */
2869 ++#define member_address_is_nonnull(ptr, member) \
2870 ++ ((uintptr_t)(ptr) + offsetof(typeof(*(ptr)), member) != 0)
2871 ++
2872 + /**
2873 + * llist_for_each - iterate over some deleted entries of a lock-less list
2874 + * @pos: the &struct llist_node to use as a loop cursor
2875 +@@ -121,7 +138,7 @@ static inline void init_llist_head(struct llist_head *list)
2876 + */
2877 + #define llist_for_each_entry(pos, node, member) \
2878 + for ((pos) = llist_entry((node), typeof(*(pos)), member); \
2879 +- &(pos)->member != NULL; \
2880 ++ member_address_is_nonnull(pos, member); \
2881 + (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member))
2882 +
2883 + /**
2884 +@@ -143,7 +160,7 @@ static inline void init_llist_head(struct llist_head *list)
2885 + */
2886 + #define llist_for_each_entry_safe(pos, n, node, member) \
2887 + for (pos = llist_entry((node), typeof(*pos), member); \
2888 +- &pos->member != NULL && \
2889 ++ member_address_is_nonnull(pos, member) && \
2890 + (n = llist_entry(pos->member.next, typeof(*n), member), true); \
2891 + pos = n)
2892 +
2893 +diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
2894 +index 9bfeb88fb940..69111fa2e578 100644
2895 +--- a/include/linux/netfilter/x_tables.h
2896 ++++ b/include/linux/netfilter/x_tables.h
2897 +@@ -254,6 +254,8 @@ unsigned int *xt_alloc_entry_offsets(unsigned int size);
2898 + bool xt_find_jump_offset(const unsigned int *offsets,
2899 + unsigned int target, unsigned int size);
2900 +
2901 ++int xt_check_proc_name(const char *name, unsigned int size);
2902 ++
2903 + int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto,
2904 + bool inv_proto);
2905 + int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto,
2906 +diff --git a/include/rdma/ib_addr.h b/include/rdma/ib_addr.h
2907 +index 818a38f99221..f888263fd757 100644
2908 +--- a/include/rdma/ib_addr.h
2909 ++++ b/include/rdma/ib_addr.h
2910 +@@ -129,6 +129,8 @@ int rdma_copy_addr(struct rdma_dev_addr *dev_addr, struct net_device *dev,
2911 + const unsigned char *dst_dev_addr);
2912 +
2913 + int rdma_addr_size(struct sockaddr *addr);
2914 ++int rdma_addr_size_in6(struct sockaddr_in6 *addr);
2915 ++int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr);
2916 +
2917 + int rdma_addr_find_smac_by_sgid(union ib_gid *sgid, u8 *smac, u16 *vlan_id);
2918 + int rdma_addr_find_l2_eth_by_grh(const union ib_gid *sgid,
2919 +diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h
2920 +index e5a2e68b2236..ecc8e01c5616 100644
2921 +--- a/include/uapi/linux/pci_regs.h
2922 ++++ b/include/uapi/linux/pci_regs.h
2923 +@@ -106,7 +106,7 @@
2924 + #define PCI_SUBSYSTEM_ID 0x2e
2925 + #define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */
2926 + #define PCI_ROM_ADDRESS_ENABLE 0x01
2927 +-#define PCI_ROM_ADDRESS_MASK (~0x7ffUL)
2928 ++#define PCI_ROM_ADDRESS_MASK (~0x7ffU)
2929 +
2930 + #define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */
2931 +
2932 +diff --git a/init/main.c b/init/main.c
2933 +index 99f026565608..f22957afb37e 100644
2934 +--- a/init/main.c
2935 ++++ b/init/main.c
2936 +@@ -81,6 +81,7 @@
2937 + #include <linux/proc_ns.h>
2938 + #include <linux/io.h>
2939 + #include <linux/kaiser.h>
2940 ++#include <linux/cache.h>
2941 +
2942 + #include <asm/io.h>
2943 + #include <asm/bugs.h>
2944 +@@ -914,14 +915,16 @@ static int try_to_run_init_process(const char *init_filename)
2945 +
2946 + static noinline void __init kernel_init_freeable(void);
2947 +
2948 +-#ifdef CONFIG_DEBUG_RODATA
2949 +-static bool rodata_enabled = true;
2950 ++#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_SET_MODULE_RONX)
2951 ++bool rodata_enabled __ro_after_init = true;
2952 + static int __init set_debug_rodata(char *str)
2953 + {
2954 + return strtobool(str, &rodata_enabled);
2955 + }
2956 + __setup("rodata=", set_debug_rodata);
2957 ++#endif
2958 +
2959 ++#ifdef CONFIG_DEBUG_RODATA
2960 + static void mark_readonly(void)
2961 + {
2962 + if (rodata_enabled)
2963 +diff --git a/ipc/shm.c b/ipc/shm.c
2964 +index e2072ae4f90e..de93d01bfce2 100644
2965 +--- a/ipc/shm.c
2966 ++++ b/ipc/shm.c
2967 +@@ -381,6 +381,17 @@ static int shm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
2968 + return sfd->vm_ops->fault(vma, vmf);
2969 + }
2970 +
2971 ++static int shm_split(struct vm_area_struct *vma, unsigned long addr)
2972 ++{
2973 ++ struct file *file = vma->vm_file;
2974 ++ struct shm_file_data *sfd = shm_file_data(file);
2975 ++
2976 ++ if (sfd->vm_ops && sfd->vm_ops->split)
2977 ++ return sfd->vm_ops->split(vma, addr);
2978 ++
2979 ++ return 0;
2980 ++}
2981 ++
2982 + #ifdef CONFIG_NUMA
2983 + static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new)
2984 + {
2985 +@@ -503,6 +514,7 @@ static const struct vm_operations_struct shm_vm_ops = {
2986 + .open = shm_open, /* callback for a new vm-area open */
2987 + .close = shm_close, /* callback for when the vm-area is released */
2988 + .fault = shm_fault,
2989 ++ .split = shm_split,
2990 + #if defined(CONFIG_NUMA)
2991 + .set_policy = shm_set_policy,
2992 + .get_policy = shm_get_policy,
2993 +diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
2994 +index 3f8cb1e14588..253ae2da13c3 100644
2995 +--- a/kernel/events/hw_breakpoint.c
2996 ++++ b/kernel/events/hw_breakpoint.c
2997 +@@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_breakpoint);
2998 + * modify_user_hw_breakpoint - modify a user-space hardware breakpoint
2999 + * @bp: the breakpoint structure to modify
3000 + * @attr: new breakpoint attributes
3001 +- * @triggered: callback to trigger when we hit the breakpoint
3002 +- * @tsk: pointer to 'task_struct' of the process to which the address belongs
3003 + */
3004 + int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr)
3005 + {
3006 +- u64 old_addr = bp->attr.bp_addr;
3007 +- u64 old_len = bp->attr.bp_len;
3008 +- int old_type = bp->attr.bp_type;
3009 +- int err = 0;
3010 +-
3011 + /*
3012 + * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it
3013 + * will not be possible to raise IPIs that invoke __perf_event_disable.
3014 +@@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att
3015 + bp->attr.bp_addr = attr->bp_addr;
3016 + bp->attr.bp_type = attr->bp_type;
3017 + bp->attr.bp_len = attr->bp_len;
3018 ++ bp->attr.disabled = 1;
3019 +
3020 +- if (attr->disabled)
3021 +- goto end;
3022 +-
3023 +- err = validate_hw_breakpoint(bp);
3024 +- if (!err)
3025 +- perf_event_enable(bp);
3026 ++ if (!attr->disabled) {
3027 ++ int err = validate_hw_breakpoint(bp);
3028 +
3029 +- if (err) {
3030 +- bp->attr.bp_addr = old_addr;
3031 +- bp->attr.bp_type = old_type;
3032 +- bp->attr.bp_len = old_len;
3033 +- if (!bp->attr.disabled)
3034 +- perf_event_enable(bp);
3035 ++ if (err)
3036 ++ return err;
3037 +
3038 +- return err;
3039 ++ perf_event_enable(bp);
3040 ++ bp->attr.disabled = 0;
3041 + }
3042 +
3043 +-end:
3044 +- bp->attr.disabled = attr->disabled;
3045 +-
3046 + return 0;
3047 + }
3048 + EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint);
3049 +diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
3050 +index ea41820ab12e..5927da596d42 100644
3051 +--- a/kernel/irq/manage.c
3052 ++++ b/kernel/irq/manage.c
3053 +@@ -850,7 +850,7 @@ irq_thread_check_affinity(struct irq_desc *desc, struct irqaction *action)
3054 + * This code is triggered unconditionally. Check the affinity
3055 + * mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out.
3056 + */
3057 +- if (desc->irq_common_data.affinity)
3058 ++ if (cpumask_available(desc->irq_common_data.affinity))
3059 + cpumask_copy(mask, desc->irq_common_data.affinity);
3060 + else
3061 + valid = false;
3062 +diff --git a/kernel/kprobes.c b/kernel/kprobes.c
3063 +index a1a07cf1101f..69485183af79 100644
3064 +--- a/kernel/kprobes.c
3065 ++++ b/kernel/kprobes.c
3066 +@@ -125,7 +125,7 @@ static void *alloc_insn_page(void)
3067 + return module_alloc(PAGE_SIZE);
3068 + }
3069 +
3070 +-static void free_insn_page(void *page)
3071 ++void __weak free_insn_page(void *page)
3072 + {
3073 + module_memfree(page);
3074 + }
3075 +diff --git a/kernel/module.c b/kernel/module.c
3076 +index 07bfb9971f2f..0651f2d25fc9 100644
3077 +--- a/kernel/module.c
3078 ++++ b/kernel/module.c
3079 +@@ -1911,6 +1911,9 @@ static void frob_writable_data(const struct module_layout *layout,
3080 + /* livepatching wants to disable read-only so it can frob module. */
3081 + void module_disable_ro(const struct module *mod)
3082 + {
3083 ++ if (!rodata_enabled)
3084 ++ return;
3085 ++
3086 + frob_text(&mod->core_layout, set_memory_rw);
3087 + frob_rodata(&mod->core_layout, set_memory_rw);
3088 + frob_ro_after_init(&mod->core_layout, set_memory_rw);
3089 +@@ -1920,6 +1923,9 @@ void module_disable_ro(const struct module *mod)
3090 +
3091 + void module_enable_ro(const struct module *mod, bool after_init)
3092 + {
3093 ++ if (!rodata_enabled)
3094 ++ return;
3095 ++
3096 + frob_text(&mod->core_layout, set_memory_ro);
3097 + frob_rodata(&mod->core_layout, set_memory_ro);
3098 + frob_text(&mod->init_layout, set_memory_ro);
3099 +@@ -1952,6 +1958,9 @@ void set_all_modules_text_rw(void)
3100 + {
3101 + struct module *mod;
3102 +
3103 ++ if (!rodata_enabled)
3104 ++ return;
3105 ++
3106 + mutex_lock(&module_mutex);
3107 + list_for_each_entry_rcu(mod, &modules, list) {
3108 + if (mod->state == MODULE_STATE_UNFORMED)
3109 +@@ -1968,6 +1977,9 @@ void set_all_modules_text_ro(void)
3110 + {
3111 + struct module *mod;
3112 +
3113 ++ if (!rodata_enabled)
3114 ++ return;
3115 ++
3116 + mutex_lock(&module_mutex);
3117 + list_for_each_entry_rcu(mod, &modules, list) {
3118 + if (mod->state == MODULE_STATE_UNFORMED)
3119 +@@ -1981,10 +1993,12 @@ void set_all_modules_text_ro(void)
3120 +
3121 + static void disable_ro_nx(const struct module_layout *layout)
3122 + {
3123 +- frob_text(layout, set_memory_rw);
3124 +- frob_rodata(layout, set_memory_rw);
3125 ++ if (rodata_enabled) {
3126 ++ frob_text(layout, set_memory_rw);
3127 ++ frob_rodata(layout, set_memory_rw);
3128 ++ frob_ro_after_init(layout, set_memory_rw);
3129 ++ }
3130 + frob_rodata(layout, set_memory_x);
3131 +- frob_ro_after_init(layout, set_memory_rw);
3132 + frob_ro_after_init(layout, set_memory_x);
3133 + frob_writable_data(layout, set_memory_x);
3134 + }
3135 +diff --git a/mm/vmscan.c b/mm/vmscan.c
3136 +index cdd5c3b5c357..557ad1367595 100644
3137 +--- a/mm/vmscan.c
3138 ++++ b/mm/vmscan.c
3139 +@@ -2966,7 +2966,7 @@ unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
3140 + unsigned long nr_reclaimed;
3141 + struct scan_control sc = {
3142 + .nr_to_reclaim = SWAP_CLUSTER_MAX,
3143 +- .gfp_mask = (gfp_mask = memalloc_noio_flags(gfp_mask)),
3144 ++ .gfp_mask = memalloc_noio_flags(gfp_mask),
3145 + .reclaim_idx = gfp_zone(gfp_mask),
3146 + .order = order,
3147 + .nodemask = nodemask,
3148 +@@ -2981,12 +2981,12 @@ unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
3149 + * 1 is returned so that the page allocator does not OOM kill at this
3150 + * point.
3151 + */
3152 +- if (throttle_direct_reclaim(gfp_mask, zonelist, nodemask))
3153 ++ if (throttle_direct_reclaim(sc.gfp_mask, zonelist, nodemask))
3154 + return 1;
3155 +
3156 + trace_mm_vmscan_direct_reclaim_begin(order,
3157 + sc.may_writepage,
3158 +- gfp_mask,
3159 ++ sc.gfp_mask,
3160 + sc.reclaim_idx);
3161 +
3162 + nr_reclaimed = do_try_to_free_pages(zonelist, &sc);
3163 +@@ -3749,16 +3749,15 @@ static int __node_reclaim(struct pglist_data *pgdat, gfp_t gfp_mask, unsigned in
3164 + const unsigned long nr_pages = 1 << order;
3165 + struct task_struct *p = current;
3166 + struct reclaim_state reclaim_state;
3167 +- int classzone_idx = gfp_zone(gfp_mask);
3168 + struct scan_control sc = {
3169 + .nr_to_reclaim = max(nr_pages, SWAP_CLUSTER_MAX),
3170 +- .gfp_mask = (gfp_mask = memalloc_noio_flags(gfp_mask)),
3171 ++ .gfp_mask = memalloc_noio_flags(gfp_mask),
3172 + .order = order,
3173 + .priority = NODE_RECLAIM_PRIORITY,
3174 + .may_writepage = !!(node_reclaim_mode & RECLAIM_WRITE),
3175 + .may_unmap = !!(node_reclaim_mode & RECLAIM_UNMAP),
3176 + .may_swap = 1,
3177 +- .reclaim_idx = classzone_idx,
3178 ++ .reclaim_idx = gfp_zone(gfp_mask),
3179 + };
3180 +
3181 + cond_resched();
3182 +@@ -3768,7 +3767,7 @@ static int __node_reclaim(struct pglist_data *pgdat, gfp_t gfp_mask, unsigned in
3183 + * and RECLAIM_UNMAP.
3184 + */
3185 + p->flags |= PF_MEMALLOC | PF_SWAPWRITE;
3186 +- lockdep_set_current_reclaim_state(gfp_mask);
3187 ++ lockdep_set_current_reclaim_state(sc.gfp_mask);
3188 + reclaim_state.reclaimed_slab = 0;
3189 + p->reclaim_state = &reclaim_state;
3190 +
3191 +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
3192 +index 658c900752c6..ead4d1baeaa6 100644
3193 +--- a/net/bluetooth/smp.c
3194 ++++ b/net/bluetooth/smp.c
3195 +@@ -2233,8 +2233,14 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
3196 + else
3197 + sec_level = authreq_to_seclevel(auth);
3198 +
3199 +- if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
3200 ++ if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
3201 ++ /* If link is already encrypted with sufficient security we
3202 ++ * still need refresh encryption as per Core Spec 5.0 Vol 3,
3203 ++ * Part H 2.4.6
3204 ++ */
3205 ++ smp_ltk_encrypt(conn, hcon->sec_level);
3206 + return 0;
3207 ++ }
3208 +
3209 + if (sec_level > hcon->pending_sec_level)
3210 + hcon->pending_sec_level = sec_level;
3211 +diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
3212 +index 9637a681bdda..9adf16258cab 100644
3213 +--- a/net/bridge/netfilter/ebt_among.c
3214 ++++ b/net/bridge/netfilter/ebt_among.c
3215 +@@ -177,6 +177,28 @@ static bool poolsize_invalid(const struct ebt_mac_wormhash *w)
3216 + return w && w->poolsize >= (INT_MAX / sizeof(struct ebt_mac_wormhash_tuple));
3217 + }
3218 +
3219 ++static bool wormhash_offset_invalid(int off, unsigned int len)
3220 ++{
3221 ++ if (off == 0) /* not present */
3222 ++ return false;
3223 ++
3224 ++ if (off < (int)sizeof(struct ebt_among_info) ||
3225 ++ off % __alignof__(struct ebt_mac_wormhash))
3226 ++ return true;
3227 ++
3228 ++ off += sizeof(struct ebt_mac_wormhash);
3229 ++
3230 ++ return off > len;
3231 ++}
3232 ++
3233 ++static bool wormhash_sizes_valid(const struct ebt_mac_wormhash *wh, int a, int b)
3234 ++{
3235 ++ if (a == 0)
3236 ++ a = sizeof(struct ebt_among_info);
3237 ++
3238 ++ return ebt_mac_wormhash_size(wh) + a == b;
3239 ++}
3240 ++
3241 + static int ebt_among_mt_check(const struct xt_mtchk_param *par)
3242 + {
3243 + const struct ebt_among_info *info = par->matchinfo;
3244 +@@ -189,6 +211,10 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
3245 + if (expected_length > em->match_size)
3246 + return -EINVAL;
3247 +
3248 ++ if (wormhash_offset_invalid(info->wh_dst_ofs, em->match_size) ||
3249 ++ wormhash_offset_invalid(info->wh_src_ofs, em->match_size))
3250 ++ return -EINVAL;
3251 ++
3252 + wh_dst = ebt_among_wh_dst(info);
3253 + if (poolsize_invalid(wh_dst))
3254 + return -EINVAL;
3255 +@@ -201,6 +227,14 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
3256 + if (poolsize_invalid(wh_src))
3257 + return -EINVAL;
3258 +
3259 ++ if (info->wh_src_ofs < info->wh_dst_ofs) {
3260 ++ if (!wormhash_sizes_valid(wh_src, info->wh_src_ofs, info->wh_dst_ofs))
3261 ++ return -EINVAL;
3262 ++ } else {
3263 ++ if (!wormhash_sizes_valid(wh_dst, info->wh_dst_ofs, info->wh_src_ofs))
3264 ++ return -EINVAL;
3265 ++ }
3266 ++
3267 + expected_length += ebt_mac_wormhash_size(wh_src);
3268 +
3269 + if (em->match_size != EBT_ALIGN(expected_length)) {
3270 +diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
3271 +index 574f7ebba0b6..ac8342dcb55e 100644
3272 +--- a/net/ipv4/netfilter/nf_nat_h323.c
3273 ++++ b/net/ipv4/netfilter/nf_nat_h323.c
3274 +@@ -252,16 +252,16 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
3275 + if (set_h245_addr(skb, protoff, data, dataoff, taddr,
3276 + &ct->tuplehash[!dir].tuple.dst.u3,
3277 + htons((port & htons(1)) ? nated_port + 1 :
3278 +- nated_port)) == 0) {
3279 +- /* Save ports */
3280 +- info->rtp_port[i][dir] = rtp_port;
3281 +- info->rtp_port[i][!dir] = htons(nated_port);
3282 +- } else {
3283 ++ nated_port))) {
3284 + nf_ct_unexpect_related(rtp_exp);
3285 + nf_ct_unexpect_related(rtcp_exp);
3286 + return -1;
3287 + }
3288 +
3289 ++ /* Save ports */
3290 ++ info->rtp_port[i][dir] = rtp_port;
3291 ++ info->rtp_port[i][!dir] = htons(nated_port);
3292 ++
3293 + /* Success */
3294 + pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n",
3295 + &rtp_exp->tuple.src.u3.ip,
3296 +@@ -370,15 +370,15 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
3297 + /* Modify signal */
3298 + if (set_h225_addr(skb, protoff, data, dataoff, taddr,
3299 + &ct->tuplehash[!dir].tuple.dst.u3,
3300 +- htons(nated_port)) == 0) {
3301 +- /* Save ports */
3302 +- info->sig_port[dir] = port;
3303 +- info->sig_port[!dir] = htons(nated_port);
3304 +- } else {
3305 ++ htons(nated_port))) {
3306 + nf_ct_unexpect_related(exp);
3307 + return -1;
3308 + }
3309 +
3310 ++ /* Save ports */
3311 ++ info->sig_port[dir] = port;
3312 ++ info->sig_port[!dir] = htons(nated_port);
3313 ++
3314 + pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n",
3315 + &exp->tuple.src.u3.ip,
3316 + ntohs(exp->tuple.src.u.tcp.port),
3317 +@@ -462,24 +462,27 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
3318 + /* Modify signal */
3319 + if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
3320 + &ct->tuplehash[!dir].tuple.dst.u3,
3321 +- htons(nated_port)) == 0) {
3322 +- /* Save ports */
3323 +- info->sig_port[dir] = port;
3324 +- info->sig_port[!dir] = htons(nated_port);
3325 +-
3326 +- /* Fix for Gnomemeeting */
3327 +- if (idx > 0 &&
3328 +- get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
3329 +- (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
3330 +- set_h225_addr(skb, protoff, data, 0, &taddr[0],
3331 +- &ct->tuplehash[!dir].tuple.dst.u3,
3332 +- info->sig_port[!dir]);
3333 +- }
3334 +- } else {
3335 ++ htons(nated_port))) {
3336 + nf_ct_unexpect_related(exp);
3337 + return -1;
3338 + }
3339 +
3340 ++ /* Save ports */
3341 ++ info->sig_port[dir] = port;
3342 ++ info->sig_port[!dir] = htons(nated_port);
3343 ++
3344 ++ /* Fix for Gnomemeeting */
3345 ++ if (idx > 0 &&
3346 ++ get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
3347 ++ (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
3348 ++ if (set_h225_addr(skb, protoff, data, 0, &taddr[0],
3349 ++ &ct->tuplehash[!dir].tuple.dst.u3,
3350 ++ info->sig_port[!dir])) {
3351 ++ nf_ct_unexpect_related(exp);
3352 ++ return -1;
3353 ++ }
3354 ++ }
3355 ++
3356 + /* Success */
3357 + pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n",
3358 + &exp->tuple.src.u3.ip,
3359 +@@ -550,9 +553,9 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
3360 + }
3361 +
3362 + /* Modify signal */
3363 +- if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
3364 +- &ct->tuplehash[!dir].tuple.dst.u3,
3365 +- htons(nated_port)) == 0) {
3366 ++ if (set_h225_addr(skb, protoff, data, dataoff, taddr,
3367 ++ &ct->tuplehash[!dir].tuple.dst.u3,
3368 ++ htons(nated_port))) {
3369 + nf_ct_unexpect_related(exp);
3370 + return -1;
3371 + }
3372 +diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
3373 +index 345efeb887ef..912333586de6 100644
3374 +--- a/net/ipv6/ip6_vti.c
3375 ++++ b/net/ipv6/ip6_vti.c
3376 +@@ -625,7 +625,6 @@ static void vti6_link_config(struct ip6_tnl *t)
3377 + {
3378 + struct net_device *dev = t->dev;
3379 + struct __ip6_tnl_parm *p = &t->parms;
3380 +- struct net_device *tdev = NULL;
3381 +
3382 + memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
3383 + memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
3384 +@@ -638,25 +637,6 @@ static void vti6_link_config(struct ip6_tnl *t)
3385 + dev->flags |= IFF_POINTOPOINT;
3386 + else
3387 + dev->flags &= ~IFF_POINTOPOINT;
3388 +-
3389 +- if (p->flags & IP6_TNL_F_CAP_XMIT) {
3390 +- int strict = (ipv6_addr_type(&p->raddr) &
3391 +- (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL));
3392 +- struct rt6_info *rt = rt6_lookup(t->net,
3393 +- &p->raddr, &p->laddr,
3394 +- p->link, strict);
3395 +-
3396 +- if (rt)
3397 +- tdev = rt->dst.dev;
3398 +- ip6_rt_put(rt);
3399 +- }
3400 +-
3401 +- if (!tdev && p->link)
3402 +- tdev = __dev_get_by_index(t->net, p->link);
3403 +-
3404 +- if (tdev)
3405 +- dev->mtu = max_t(int, tdev->mtu - dev->hard_header_len,
3406 +- IPV6_MIN_MTU);
3407 + }
3408 +
3409 + /**
3410 +diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
3411 +index d31818e7d10c..a5acaf1efaab 100644
3412 +--- a/net/mac80211/ibss.c
3413 ++++ b/net/mac80211/ibss.c
3414 +@@ -427,7 +427,7 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
3415 + case NL80211_CHAN_WIDTH_5:
3416 + case NL80211_CHAN_WIDTH_10:
3417 + cfg80211_chandef_create(&chandef, cbss->channel,
3418 +- NL80211_CHAN_WIDTH_20_NOHT);
3419 ++ NL80211_CHAN_NO_HT);
3420 + chandef.width = sdata->u.ibss.chandef.width;
3421 + break;
3422 + case NL80211_CHAN_WIDTH_80:
3423 +@@ -439,7 +439,7 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
3424 + default:
3425 + /* fall back to 20 MHz for unsupported modes */
3426 + cfg80211_chandef_create(&chandef, cbss->channel,
3427 +- NL80211_CHAN_WIDTH_20_NOHT);
3428 ++ NL80211_CHAN_NO_HT);
3429 + break;
3430 + }
3431 +
3432 +diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
3433 +index dbceb42c2a8e..e6096dfd0210 100644
3434 +--- a/net/mac80211/rate.c
3435 ++++ b/net/mac80211/rate.c
3436 +@@ -173,9 +173,11 @@ ieee80211_rate_control_ops_get(const char *name)
3437 + /* try default if specific alg requested but not found */
3438 + ops = ieee80211_try_rate_control_ops_get(ieee80211_default_rc_algo);
3439 +
3440 +- /* try built-in one if specific alg requested but not found */
3441 +- if (!ops && strlen(CONFIG_MAC80211_RC_DEFAULT))
3442 ++ /* Note: check for > 0 is intentional to avoid clang warning */
3443 ++ if (!ops && (strlen(CONFIG_MAC80211_RC_DEFAULT) > 0))
3444 ++ /* try built-in one if specific alg requested but not found */
3445 + ops = ieee80211_try_rate_control_ops_get(CONFIG_MAC80211_RC_DEFAULT);
3446 ++
3447 + kernel_param_unlock(THIS_MODULE);
3448 +
3449 + return ops;
3450 +diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
3451 +index d5caed5bcfb1..d49a4639465f 100644
3452 +--- a/net/netfilter/nf_conntrack_netlink.c
3453 ++++ b/net/netfilter/nf_conntrack_netlink.c
3454 +@@ -1008,9 +1008,8 @@ static const struct nla_policy tuple_nla_policy[CTA_TUPLE_MAX+1] = {
3455 +
3456 + static int
3457 + ctnetlink_parse_tuple(const struct nlattr * const cda[],
3458 +- struct nf_conntrack_tuple *tuple,
3459 +- enum ctattr_type type, u_int8_t l3num,
3460 +- struct nf_conntrack_zone *zone)
3461 ++ struct nf_conntrack_tuple *tuple, u32 type,
3462 ++ u_int8_t l3num, struct nf_conntrack_zone *zone)
3463 + {
3464 + struct nlattr *tb[CTA_TUPLE_MAX+1];
3465 + int err;
3466 +@@ -2409,7 +2408,7 @@ static struct nfnl_ct_hook ctnetlink_glue_hook = {
3467 +
3468 + static int ctnetlink_exp_dump_tuple(struct sk_buff *skb,
3469 + const struct nf_conntrack_tuple *tuple,
3470 +- enum ctattr_expect type)
3471 ++ u32 type)
3472 + {
3473 + struct nlattr *nest_parms;
3474 +
3475 +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
3476 +index 7ad1a863587a..59be89813a29 100644
3477 +--- a/net/netfilter/x_tables.c
3478 ++++ b/net/netfilter/x_tables.c
3479 +@@ -367,6 +367,36 @@ textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
3480 + return buf;
3481 + }
3482 +
3483 ++/**
3484 ++ * xt_check_proc_name - check that name is suitable for /proc file creation
3485 ++ *
3486 ++ * @name: file name candidate
3487 ++ * @size: length of buffer
3488 ++ *
3489 ++ * some x_tables modules wish to create a file in /proc.
3490 ++ * This function makes sure that the name is suitable for this
3491 ++ * purpose, it checks that name is NUL terminated and isn't a 'special'
3492 ++ * name, like "..".
3493 ++ *
3494 ++ * returns negative number on error or 0 if name is useable.
3495 ++ */
3496 ++int xt_check_proc_name(const char *name, unsigned int size)
3497 ++{
3498 ++ if (name[0] == '\0')
3499 ++ return -EINVAL;
3500 ++
3501 ++ if (strnlen(name, size) == size)
3502 ++ return -ENAMETOOLONG;
3503 ++
3504 ++ if (strcmp(name, ".") == 0 ||
3505 ++ strcmp(name, "..") == 0 ||
3506 ++ strchr(name, '/'))
3507 ++ return -EINVAL;
3508 ++
3509 ++ return 0;
3510 ++}
3511 ++EXPORT_SYMBOL(xt_check_proc_name);
3512 ++
3513 + int xt_check_match(struct xt_mtchk_param *par,
3514 + unsigned int size, u_int8_t proto, bool inv_proto)
3515 + {
3516 +diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
3517 +index b89b688e9d01..a1a29cdc58fc 100644
3518 +--- a/net/netfilter/xt_hashlimit.c
3519 ++++ b/net/netfilter/xt_hashlimit.c
3520 +@@ -794,8 +794,9 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
3521 + struct hashlimit_cfg2 cfg = {};
3522 + int ret;
3523 +
3524 +- if (info->name[sizeof(info->name) - 1] != '\0')
3525 +- return -EINVAL;
3526 ++ ret = xt_check_proc_name(info->name, sizeof(info->name));
3527 ++ if (ret)
3528 ++ return ret;
3529 +
3530 + ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
3531 +
3532 +@@ -809,9 +810,11 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
3533 + static int hashlimit_mt_check(const struct xt_mtchk_param *par)
3534 + {
3535 + struct xt_hashlimit_mtinfo2 *info = par->matchinfo;
3536 ++ int ret;
3537 +
3538 +- if (info->name[sizeof(info->name) - 1] != '\0')
3539 +- return -EINVAL;
3540 ++ ret = xt_check_proc_name(info->name, sizeof(info->name));
3541 ++ if (ret)
3542 ++ return ret;
3543 +
3544 + return hashlimit_mt_check_common(par, &info->hinfo, &info->cfg,
3545 + info->name, 2);
3546 +diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
3547 +index e3b7a09b103e..79d7ad621a80 100644
3548 +--- a/net/netfilter/xt_recent.c
3549 ++++ b/net/netfilter/xt_recent.c
3550 +@@ -361,9 +361,9 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
3551 + info->hit_count, XT_RECENT_MAX_NSTAMPS - 1);
3552 + return -EINVAL;
3553 + }
3554 +- if (info->name[0] == '\0' ||
3555 +- strnlen(info->name, XT_RECENT_NAME_LEN) == XT_RECENT_NAME_LEN)
3556 +- return -EINVAL;
3557 ++ ret = xt_check_proc_name(info->name, sizeof(info->name));
3558 ++ if (ret)
3559 ++ return ret;
3560 +
3561 + if (ip_pkt_list_tot && info->hit_count < ip_pkt_list_tot)
3562 + nstamp_mask = roundup_pow_of_two(ip_pkt_list_tot) - 1;
3563 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
3564 +index a89061d59c74..36280e114959 100644
3565 +--- a/net/wireless/nl80211.c
3566 ++++ b/net/wireless/nl80211.c
3567 +@@ -4081,7 +4081,7 @@ static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3568 + struct nlattr *rate;
3569 + u32 bitrate;
3570 + u16 bitrate_compat;
3571 +- enum nl80211_attrs rate_flg;
3572 ++ enum nl80211_rate_info rate_flg;
3573 +
3574 + rate = nla_nest_start(msg, attr);
3575 + if (!rate)
3576 +diff --git a/net/wireless/util.c b/net/wireless/util.c
3577 +index c921c2eed15d..bb54d9db82df 100644
3578 +--- a/net/wireless/util.c
3579 ++++ b/net/wireless/util.c
3580 +@@ -663,7 +663,7 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
3581 + int offset, int len)
3582 + {
3583 + struct skb_shared_info *sh = skb_shinfo(skb);
3584 +- const skb_frag_t *frag = &sh->frags[-1];
3585 ++ const skb_frag_t *frag = &sh->frags[0];
3586 + struct page *frag_page;
3587 + void *frag_ptr;
3588 + int frag_len, frag_size;
3589 +@@ -676,10 +676,10 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
3590 +
3591 + while (offset >= frag_size) {
3592 + offset -= frag_size;
3593 +- frag++;
3594 + frag_page = skb_frag_page(frag);
3595 + frag_ptr = skb_frag_address(frag);
3596 + frag_size = skb_frag_size(frag);
3597 ++ frag++;
3598 + }
3599 +
3600 + frag_ptr += offset;
3601 +@@ -691,12 +691,12 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
3602 + len -= cur_len;
3603 +
3604 + while (len > 0) {
3605 +- frag++;
3606 + frag_len = skb_frag_size(frag);
3607 + cur_len = min(len, frag_len);
3608 + __frame_add_frag(frame, skb_frag_page(frag),
3609 + skb_frag_address(frag), cur_len, frag_len);
3610 + len -= cur_len;
3611 ++ frag++;
3612 + }
3613 + }
3614 +
3615 +diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
3616 +index ccfdc7115a83..a00ec715aa46 100644
3617 +--- a/net/xfrm/xfrm_ipcomp.c
3618 ++++ b/net/xfrm/xfrm_ipcomp.c
3619 +@@ -283,7 +283,7 @@ static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
3620 + struct crypto_comp *tfm;
3621 +
3622 + /* This can be any valid CPU ID so we don't need locking. */
3623 +- tfm = __this_cpu_read(*pos->tfms);
3624 ++ tfm = this_cpu_read(*pos->tfms);
3625 +
3626 + if (!strcmp(crypto_comp_name(tfm), alg_name)) {
3627 + pos->users++;
3628 +diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
3629 +index 13e0611a9085..fdb9742d934e 100644
3630 +--- a/net/xfrm/xfrm_state.c
3631 ++++ b/net/xfrm/xfrm_state.c
3632 +@@ -1883,6 +1883,11 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
3633 + struct xfrm_mgr *km;
3634 + struct xfrm_policy *pol = NULL;
3635 +
3636 ++#ifdef CONFIG_COMPAT
3637 ++ if (in_compat_syscall())
3638 ++ return -EOPNOTSUPP;
3639 ++#endif
3640 ++
3641 + if (!optval && !optlen) {
3642 + xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
3643 + xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
3644 +diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
3645 +index 5d33967d9aa1..6a029358bfd1 100644
3646 +--- a/net/xfrm/xfrm_user.c
3647 ++++ b/net/xfrm/xfrm_user.c
3648 +@@ -121,22 +121,17 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
3649 + struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
3650 + struct xfrm_replay_state_esn *rs;
3651 +
3652 +- if (p->flags & XFRM_STATE_ESN) {
3653 +- if (!rt)
3654 +- return -EINVAL;
3655 ++ if (!rt)
3656 ++ return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0;
3657 +
3658 +- rs = nla_data(rt);
3659 ++ rs = nla_data(rt);
3660 +
3661 +- if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
3662 +- return -EINVAL;
3663 +-
3664 +- if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
3665 +- nla_len(rt) != sizeof(*rs))
3666 +- return -EINVAL;
3667 +- }
3668 ++ if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
3669 ++ return -EINVAL;
3670 +
3671 +- if (!rt)
3672 +- return 0;
3673 ++ if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
3674 ++ nla_len(rt) != sizeof(*rs))
3675 ++ return -EINVAL;
3676 +
3677 + /* As only ESP and AH support ESN feature. */
3678 + if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH))
3679 +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
3680 +index b8278f3af9da..17627d8d5a26 100644
3681 +--- a/security/selinux/hooks.c
3682 ++++ b/security/selinux/hooks.c
3683 +@@ -406,18 +406,6 @@ static void superblock_free_security(struct super_block *sb)
3684 + kfree(sbsec);
3685 + }
3686 +
3687 +-/* The file system's label must be initialized prior to use. */
3688 +-
3689 +-static const char *labeling_behaviors[7] = {
3690 +- "uses xattr",
3691 +- "uses transition SIDs",
3692 +- "uses task SIDs",
3693 +- "uses genfs_contexts",
3694 +- "not configured for labeling",
3695 +- "uses mountpoint labeling",
3696 +- "uses native labeling",
3697 +-};
3698 +-
3699 + static inline int inode_doinit(struct inode *inode)
3700 + {
3701 + return inode_doinit_with_dentry(inode, NULL);
3702 +@@ -528,10 +516,6 @@ static int sb_finish_set_opts(struct super_block *sb)
3703 + }
3704 + }
3705 +
3706 +- if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
3707 +- printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
3708 +- sb->s_id, sb->s_type->name);
3709 +-
3710 + sbsec->flags |= SE_SBINITIALIZED;
3711 + if (selinux_is_sblabel_mnt(sb))
3712 + sbsec->flags |= SBLABEL_MNT;
3713 +diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
3714 +index 73275a92f2e2..d656b7c98394 100644
3715 +--- a/security/selinux/ss/services.c
3716 ++++ b/security/selinux/ss/services.c
3717 +@@ -155,7 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
3718 + }
3719 +
3720 + k = 0;
3721 +- while (p_in->perms && p_in->perms[k]) {
3722 ++ while (p_in->perms[k]) {
3723 + /* An empty permission string skips ahead */
3724 + if (!*p_in->perms[k]) {
3725 + k++;
3726 +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
3727 +index 3e7c3573871d..fa8741afadf5 100644
3728 +--- a/sound/core/oss/pcm_oss.c
3729 ++++ b/sound/core/oss/pcm_oss.c
3730 +@@ -1361,7 +1361,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha
3731 + static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes)
3732 + {
3733 + size_t xfer = 0;
3734 +- ssize_t tmp;
3735 ++ ssize_t tmp = 0;
3736 + struct snd_pcm_runtime *runtime = substream->runtime;
3737 +
3738 + if (atomic_read(&substream->mmap_count))
3739 +@@ -1468,7 +1468,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf,
3740 + static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes)
3741 + {
3742 + size_t xfer = 0;
3743 +- ssize_t tmp;
3744 ++ ssize_t tmp = 0;
3745 + struct snd_pcm_runtime *runtime = substream->runtime;
3746 +
3747 + if (atomic_read(&substream->mmap_count))
3748 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
3749 +index 9d33c1e85c79..d503285867e7 100644
3750 +--- a/sound/core/pcm_native.c
3751 ++++ b/sound/core/pcm_native.c
3752 +@@ -3410,7 +3410,7 @@ int snd_pcm_lib_default_mmap(struct snd_pcm_substream *substream,
3753 + area,
3754 + substream->runtime->dma_area,
3755 + substream->runtime->dma_addr,
3756 +- area->vm_end - area->vm_start);
3757 ++ substream->runtime->dma_bytes);
3758 + #endif /* CONFIG_X86 */
3759 + /* mmap with fault handler */
3760 + area->vm_ops = &snd_pcm_vm_ops_data_fault;
3761 +diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
3762 +index 1cd7f8b0bf77..45655b9108e8 100644
3763 +--- a/sound/usb/quirks.c
3764 ++++ b/sound/usb/quirks.c
3765 +@@ -1175,6 +1175,7 @@ static bool is_teac_dsd_dac(unsigned int id)
3766 + switch (id) {
3767 + case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */
3768 + case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */
3769 ++ case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */
3770 + return true;
3771 + }
3772 + return false;
Report Message
Find on MARC Find on Google Groups