Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.5 commit in: /
Date: Tue, 11 Feb 2020 15:37:09
Message-Id: 1581435406.b7d9a44dcd512076aef3e022da4da423d023d8a4.mpagano@gentoo
1 commit: b7d9a44dcd512076aef3e022da4da423d023d8a4
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Tue Feb 11 15:36:46 2020 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Tue Feb 11 15:36:46 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b7d9a44d
7
8 Linux patch 5.5.3
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1002_linux-5.5.3.patch | 18721 +++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 18725 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index ead5c5e..d7385d1 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -51,6 +51,10 @@ Patch: 1001_linux-5.5.2.patch
21 From: http://www.kernel.org
22 Desc: Linux 5.5.2
23
24 +Patch: 1002_linux-5.5.3.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 5.5.3
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1002_linux-5.5.3.patch b/1002_linux-5.5.3.patch
33 new file mode 100644
34 index 0000000..1464da0
35 --- /dev/null
36 +++ b/1002_linux-5.5.3.patch
37 @@ -0,0 +1,18721 @@
38 +diff --git a/MAINTAINERS b/MAINTAINERS
39 +index 56765f542244..44bc9d7f04a4 100644
40 +--- a/MAINTAINERS
41 ++++ b/MAINTAINERS
42 +@@ -8808,8 +8808,10 @@ L: isdn4linux@×××××××××××××××××××.de (subscribers-only)
43 + L: netdev@×××××××××××.org
44 + W: http://www.isdn4linux.de
45 + S: Maintained
46 +-F: drivers/isdn/mISDN
47 +-F: drivers/isdn/hardware
48 ++F: drivers/isdn/mISDN/
49 ++F: drivers/isdn/hardware/
50 ++F: drivers/isdn/Kconfig
51 ++F: drivers/isdn/Makefile
52 +
53 + ISDN/CAPI SUBSYSTEM
54 + M: Karsten Keil <isdn@×××××××××××.de>
55 +diff --git a/Makefile b/Makefile
56 +index cfbdf5f920fd..fdaa1e262320 100644
57 +--- a/Makefile
58 ++++ b/Makefile
59 +@@ -1,7 +1,7 @@
60 + # SPDX-License-Identifier: GPL-2.0
61 + VERSION = 5
62 + PATCHLEVEL = 5
63 +-SUBLEVEL = 2
64 ++SUBLEVEL = 3
65 + EXTRAVERSION =
66 + NAME = Kleptomaniac Octopus
67 +
68 +diff --git a/arch/Kconfig b/arch/Kconfig
69 +index 48b5e103bdb0..208aad121630 100644
70 +--- a/arch/Kconfig
71 ++++ b/arch/Kconfig
72 +@@ -396,9 +396,6 @@ config HAVE_ARCH_JUMP_LABEL_RELATIVE
73 + config HAVE_RCU_TABLE_FREE
74 + bool
75 +
76 +-config HAVE_RCU_TABLE_NO_INVALIDATE
77 +- bool
78 +-
79 + config HAVE_MMU_GATHER_PAGE_SIZE
80 + bool
81 +
82 +diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h
83 +index 9b118516d2db..08d9805f613b 100644
84 +--- a/arch/arm/include/asm/kvm_emulate.h
85 ++++ b/arch/arm/include/asm/kvm_emulate.h
86 +@@ -14,13 +14,25 @@
87 + #include <asm/cputype.h>
88 +
89 + /* arm64 compatibility macros */
90 ++#define PSR_AA32_MODE_FIQ FIQ_MODE
91 ++#define PSR_AA32_MODE_SVC SVC_MODE
92 + #define PSR_AA32_MODE_ABT ABT_MODE
93 + #define PSR_AA32_MODE_UND UND_MODE
94 + #define PSR_AA32_T_BIT PSR_T_BIT
95 ++#define PSR_AA32_F_BIT PSR_F_BIT
96 + #define PSR_AA32_I_BIT PSR_I_BIT
97 + #define PSR_AA32_A_BIT PSR_A_BIT
98 + #define PSR_AA32_E_BIT PSR_E_BIT
99 + #define PSR_AA32_IT_MASK PSR_IT_MASK
100 ++#define PSR_AA32_GE_MASK 0x000f0000
101 ++#define PSR_AA32_DIT_BIT 0x00200000
102 ++#define PSR_AA32_PAN_BIT 0x00400000
103 ++#define PSR_AA32_SSBS_BIT 0x00800000
104 ++#define PSR_AA32_Q_BIT PSR_Q_BIT
105 ++#define PSR_AA32_V_BIT PSR_V_BIT
106 ++#define PSR_AA32_C_BIT PSR_C_BIT
107 ++#define PSR_AA32_Z_BIT PSR_Z_BIT
108 ++#define PSR_AA32_N_BIT PSR_N_BIT
109 +
110 + unsigned long *vcpu_reg(struct kvm_vcpu *vcpu, u8 reg_num);
111 +
112 +@@ -41,6 +53,11 @@ static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v)
113 + *__vcpu_spsr(vcpu) = v;
114 + }
115 +
116 ++static inline unsigned long host_spsr_to_spsr32(unsigned long spsr)
117 ++{
118 ++ return spsr;
119 ++}
120 ++
121 + static inline unsigned long vcpu_get_reg(struct kvm_vcpu *vcpu,
122 + u8 reg_num)
123 + {
124 +@@ -182,6 +199,11 @@ static inline bool kvm_vcpu_dabt_issext(struct kvm_vcpu *vcpu)
125 + return kvm_vcpu_get_hsr(vcpu) & HSR_SSE;
126 + }
127 +
128 ++static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu)
129 ++{
130 ++ return false;
131 ++}
132 ++
133 + static inline int kvm_vcpu_dabt_get_rd(struct kvm_vcpu *vcpu)
134 + {
135 + return (kvm_vcpu_get_hsr(vcpu) & HSR_SRT_MASK) >> HSR_SRT_SHIFT;
136 +diff --git a/arch/arm/include/asm/kvm_mmio.h b/arch/arm/include/asm/kvm_mmio.h
137 +index 7c0eddb0adb2..32fbf82e3ebc 100644
138 +--- a/arch/arm/include/asm/kvm_mmio.h
139 ++++ b/arch/arm/include/asm/kvm_mmio.h
140 +@@ -14,6 +14,8 @@
141 + struct kvm_decode {
142 + unsigned long rt;
143 + bool sign_extend;
144 ++ /* Not used on 32-bit arm */
145 ++ bool sixty_four;
146 + };
147 +
148 + void kvm_mmio_write_buf(void *buf, unsigned int len, unsigned long data);
149 +diff --git a/arch/arm/mach-tegra/sleep-tegra30.S b/arch/arm/mach-tegra/sleep-tegra30.S
150 +index 3341a12bbb9c..c796a97194ac 100644
151 +--- a/arch/arm/mach-tegra/sleep-tegra30.S
152 ++++ b/arch/arm/mach-tegra/sleep-tegra30.S
153 +@@ -370,6 +370,14 @@ _pll_m_c_x_done:
154 + pll_locked r1, r0, CLK_RESET_PLLC_BASE
155 + pll_locked r1, r0, CLK_RESET_PLLX_BASE
156 +
157 ++ tegra_get_soc_id TEGRA_APB_MISC_BASE, r1
158 ++ cmp r1, #TEGRA30
159 ++ beq 1f
160 ++ ldr r1, [r0, #CLK_RESET_PLLP_BASE]
161 ++ bic r1, r1, #(1<<31) @ disable PllP bypass
162 ++ str r1, [r0, #CLK_RESET_PLLP_BASE]
163 ++1:
164 ++
165 + mov32 r7, TEGRA_TMRUS_BASE
166 + ldr r1, [r7]
167 + add r1, r1, #LOCK_DELAY
168 +@@ -630,7 +638,10 @@ tegra30_switch_cpu_to_clk32k:
169 + str r0, [r4, #PMC_PLLP_WB0_OVERRIDE]
170 +
171 + /* disable PLLP, PLLA, PLLC and PLLX */
172 ++ tegra_get_soc_id TEGRA_APB_MISC_BASE, r1
173 ++ cmp r1, #TEGRA30
174 + ldr r0, [r5, #CLK_RESET_PLLP_BASE]
175 ++ orrne r0, r0, #(1 << 31) @ enable PllP bypass on fast cluster
176 + bic r0, r0, #(1 << 30)
177 + str r0, [r5, #CLK_RESET_PLLP_BASE]
178 + ldr r0, [r5, #CLK_RESET_PLLA_BASE]
179 +diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
180 +index e822af0d9219..9414d72f664b 100644
181 +--- a/arch/arm/mm/dma-mapping.c
182 ++++ b/arch/arm/mm/dma-mapping.c
183 +@@ -221,7 +221,7 @@ EXPORT_SYMBOL(arm_coherent_dma_ops);
184 +
185 + static int __dma_supported(struct device *dev, u64 mask, bool warn)
186 + {
187 +- unsigned long max_dma_pfn = min(max_pfn, arm_dma_pfn_limit);
188 ++ unsigned long max_dma_pfn = min(max_pfn - 1, arm_dma_pfn_limit);
189 +
190 + /*
191 + * Translate the device's DMA mask to a PFN limit. This
192 +diff --git a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi
193 +index 501a7330dbc8..522d3ef72df5 100644
194 +--- a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi
195 ++++ b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi
196 +@@ -73,6 +73,7 @@
197 + regulator-always-on;
198 + regulator-boot-on;
199 + regulator-name = "vdd_apc";
200 ++ regulator-initial-mode = <1>;
201 + regulator-min-microvolt = <1048000>;
202 + regulator-max-microvolt = <1384000>;
203 + };
204 +diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c
205 +index 522cf004ce65..196aedd0c20c 100644
206 +--- a/arch/arm64/crypto/ghash-ce-glue.c
207 ++++ b/arch/arm64/crypto/ghash-ce-glue.c
208 +@@ -259,7 +259,7 @@ static int ghash_setkey(struct crypto_shash *tfm,
209 + static struct shash_alg ghash_alg[] = {{
210 + .base.cra_name = "ghash",
211 + .base.cra_driver_name = "ghash-neon",
212 +- .base.cra_priority = 100,
213 ++ .base.cra_priority = 150,
214 + .base.cra_blocksize = GHASH_BLOCK_SIZE,
215 + .base.cra_ctxsize = sizeof(struct ghash_key),
216 + .base.cra_module = THIS_MODULE,
217 +diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h
218 +index b0d53a265f1d..7b4172ce497c 100644
219 +--- a/arch/arm64/include/asm/compat.h
220 ++++ b/arch/arm64/include/asm/compat.h
221 +@@ -4,6 +4,9 @@
222 + */
223 + #ifndef __ASM_COMPAT_H
224 + #define __ASM_COMPAT_H
225 ++
226 ++#include <asm-generic/compat.h>
227 ++
228 + #ifdef CONFIG_COMPAT
229 +
230 + /*
231 +@@ -13,8 +16,6 @@
232 + #include <linux/sched.h>
233 + #include <linux/sched/task_stack.h>
234 +
235 +-#include <asm-generic/compat.h>
236 +-
237 + #define COMPAT_USER_HZ 100
238 + #ifdef __AARCH64EB__
239 + #define COMPAT_UTS_MACHINE "armv8b\0\0"
240 +diff --git a/arch/arm64/include/asm/daifflags.h b/arch/arm64/include/asm/daifflags.h
241 +index 72acd2db167f..ec213b4a1650 100644
242 +--- a/arch/arm64/include/asm/daifflags.h
243 ++++ b/arch/arm64/include/asm/daifflags.h
244 +@@ -38,7 +38,7 @@ static inline void local_daif_mask(void)
245 + trace_hardirqs_off();
246 + }
247 +
248 +-static inline unsigned long local_daif_save(void)
249 ++static inline unsigned long local_daif_save_flags(void)
250 + {
251 + unsigned long flags;
252 +
253 +@@ -50,6 +50,15 @@ static inline unsigned long local_daif_save(void)
254 + flags |= PSR_I_BIT;
255 + }
256 +
257 ++ return flags;
258 ++}
259 ++
260 ++static inline unsigned long local_daif_save(void)
261 ++{
262 ++ unsigned long flags;
263 ++
264 ++ flags = local_daif_save_flags();
265 ++
266 + local_daif_mask();
267 +
268 + return flags;
269 +diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
270 +index 5efe5ca8fecf..53ea7637b7b2 100644
271 +--- a/arch/arm64/include/asm/kvm_emulate.h
272 ++++ b/arch/arm64/include/asm/kvm_emulate.h
273 +@@ -219,6 +219,38 @@ static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v)
274 + vcpu_gp_regs(vcpu)->spsr[KVM_SPSR_EL1] = v;
275 + }
276 +
277 ++/*
278 ++ * The layout of SPSR for an AArch32 state is different when observed from an
279 ++ * AArch64 SPSR_ELx or an AArch32 SPSR_*. This function generates the AArch32
280 ++ * view given an AArch64 view.
281 ++ *
282 ++ * In ARM DDI 0487E.a see:
283 ++ *
284 ++ * - The AArch64 view (SPSR_EL2) in section C5.2.18, page C5-426
285 ++ * - The AArch32 view (SPSR_abt) in section G8.2.126, page G8-6256
286 ++ * - The AArch32 view (SPSR_und) in section G8.2.132, page G8-6280
287 ++ *
288 ++ * Which show the following differences:
289 ++ *
290 ++ * | Bit | AA64 | AA32 | Notes |
291 ++ * +-----+------+------+-----------------------------|
292 ++ * | 24 | DIT | J | J is RES0 in ARMv8 |
293 ++ * | 21 | SS | DIT | SS doesn't exist in AArch32 |
294 ++ *
295 ++ * ... and all other bits are (currently) common.
296 ++ */
297 ++static inline unsigned long host_spsr_to_spsr32(unsigned long spsr)
298 ++{
299 ++ const unsigned long overlap = BIT(24) | BIT(21);
300 ++ unsigned long dit = !!(spsr & PSR_AA32_DIT_BIT);
301 ++
302 ++ spsr &= ~overlap;
303 ++
304 ++ spsr |= dit << 21;
305 ++
306 ++ return spsr;
307 ++}
308 ++
309 + static inline bool vcpu_mode_priv(const struct kvm_vcpu *vcpu)
310 + {
311 + u32 mode;
312 +@@ -283,6 +315,11 @@ static inline bool kvm_vcpu_dabt_issext(const struct kvm_vcpu *vcpu)
313 + return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SSE);
314 + }
315 +
316 ++static inline bool kvm_vcpu_dabt_issf(const struct kvm_vcpu *vcpu)
317 ++{
318 ++ return !!(kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SF);
319 ++}
320 ++
321 + static inline int kvm_vcpu_dabt_get_rd(const struct kvm_vcpu *vcpu)
322 + {
323 + return (kvm_vcpu_get_hsr(vcpu) & ESR_ELx_SRT_MASK) >> ESR_ELx_SRT_SHIFT;
324 +diff --git a/arch/arm64/include/asm/kvm_mmio.h b/arch/arm64/include/asm/kvm_mmio.h
325 +index 02b5c48fd467..b204501a0c39 100644
326 +--- a/arch/arm64/include/asm/kvm_mmio.h
327 ++++ b/arch/arm64/include/asm/kvm_mmio.h
328 +@@ -10,13 +10,11 @@
329 + #include <linux/kvm_host.h>
330 + #include <asm/kvm_arm.h>
331 +
332 +-/*
333 +- * This is annoying. The mmio code requires this, even if we don't
334 +- * need any decoding. To be fixed.
335 +- */
336 + struct kvm_decode {
337 + unsigned long rt;
338 + bool sign_extend;
339 ++ /* Witdth of the register accessed by the faulting instruction is 64-bits */
340 ++ bool sixty_four;
341 + };
342 +
343 + void kvm_mmio_write_buf(void *buf, unsigned int len, unsigned long data);
344 +diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h
345 +index fbebb411ae20..bf57308fcd63 100644
346 +--- a/arch/arm64/include/asm/ptrace.h
347 ++++ b/arch/arm64/include/asm/ptrace.h
348 +@@ -62,6 +62,7 @@
349 + #define PSR_AA32_I_BIT 0x00000080
350 + #define PSR_AA32_A_BIT 0x00000100
351 + #define PSR_AA32_E_BIT 0x00000200
352 ++#define PSR_AA32_PAN_BIT 0x00400000
353 + #define PSR_AA32_SSBS_BIT 0x00800000
354 + #define PSR_AA32_DIT_BIT 0x01000000
355 + #define PSR_AA32_Q_BIT 0x08000000
356 +diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
357 +index 7ed9294e2004..d1bb5b69f1ce 100644
358 +--- a/arch/arm64/include/uapi/asm/ptrace.h
359 ++++ b/arch/arm64/include/uapi/asm/ptrace.h
360 +@@ -49,6 +49,7 @@
361 + #define PSR_SSBS_BIT 0x00001000
362 + #define PSR_PAN_BIT 0x00400000
363 + #define PSR_UAO_BIT 0x00800000
364 ++#define PSR_DIT_BIT 0x01000000
365 + #define PSR_V_BIT 0x10000000
366 + #define PSR_C_BIT 0x20000000
367 + #define PSR_Z_BIT 0x40000000
368 +diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c
369 +index 3a58e9db5cfe..a100483b47c4 100644
370 +--- a/arch/arm64/kernel/acpi.c
371 ++++ b/arch/arm64/kernel/acpi.c
372 +@@ -274,7 +274,7 @@ int apei_claim_sea(struct pt_regs *regs)
373 + if (!IS_ENABLED(CONFIG_ACPI_APEI_GHES))
374 + return err;
375 +
376 +- current_flags = arch_local_save_flags();
377 ++ current_flags = local_daif_save_flags();
378 +
379 + /*
380 + * SEA can interrupt SError, mask it and describe this as an NMI so
381 +diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
382 +index ccdb6a051ab2..6aafc2825c1c 100644
383 +--- a/arch/arm64/kvm/inject_fault.c
384 ++++ b/arch/arm64/kvm/inject_fault.c
385 +@@ -14,9 +14,6 @@
386 + #include <asm/kvm_emulate.h>
387 + #include <asm/esr.h>
388 +
389 +-#define PSTATE_FAULT_BITS_64 (PSR_MODE_EL1h | PSR_A_BIT | PSR_F_BIT | \
390 +- PSR_I_BIT | PSR_D_BIT)
391 +-
392 + #define CURRENT_EL_SP_EL0_VECTOR 0x0
393 + #define CURRENT_EL_SP_ELx_VECTOR 0x200
394 + #define LOWER_EL_AArch64_VECTOR 0x400
395 +@@ -50,6 +47,69 @@ static u64 get_except_vector(struct kvm_vcpu *vcpu, enum exception_type type)
396 + return vcpu_read_sys_reg(vcpu, VBAR_EL1) + exc_offset + type;
397 + }
398 +
399 ++/*
400 ++ * When an exception is taken, most PSTATE fields are left unchanged in the
401 ++ * handler. However, some are explicitly overridden (e.g. M[4:0]). Luckily all
402 ++ * of the inherited bits have the same position in the AArch64/AArch32 SPSR_ELx
403 ++ * layouts, so we don't need to shuffle these for exceptions from AArch32 EL0.
404 ++ *
405 ++ * For the SPSR_ELx layout for AArch64, see ARM DDI 0487E.a page C5-429.
406 ++ * For the SPSR_ELx layout for AArch32, see ARM DDI 0487E.a page C5-426.
407 ++ *
408 ++ * Here we manipulate the fields in order of the AArch64 SPSR_ELx layout, from
409 ++ * MSB to LSB.
410 ++ */
411 ++static unsigned long get_except64_pstate(struct kvm_vcpu *vcpu)
412 ++{
413 ++ unsigned long sctlr = vcpu_read_sys_reg(vcpu, SCTLR_EL1);
414 ++ unsigned long old, new;
415 ++
416 ++ old = *vcpu_cpsr(vcpu);
417 ++ new = 0;
418 ++
419 ++ new |= (old & PSR_N_BIT);
420 ++ new |= (old & PSR_Z_BIT);
421 ++ new |= (old & PSR_C_BIT);
422 ++ new |= (old & PSR_V_BIT);
423 ++
424 ++ // TODO: TCO (if/when ARMv8.5-MemTag is exposed to guests)
425 ++
426 ++ new |= (old & PSR_DIT_BIT);
427 ++
428 ++ // PSTATE.UAO is set to zero upon any exception to AArch64
429 ++ // See ARM DDI 0487E.a, page D5-2579.
430 ++
431 ++ // PSTATE.PAN is unchanged unless SCTLR_ELx.SPAN == 0b0
432 ++ // SCTLR_ELx.SPAN is RES1 when ARMv8.1-PAN is not implemented
433 ++ // See ARM DDI 0487E.a, page D5-2578.
434 ++ new |= (old & PSR_PAN_BIT);
435 ++ if (!(sctlr & SCTLR_EL1_SPAN))
436 ++ new |= PSR_PAN_BIT;
437 ++
438 ++ // PSTATE.SS is set to zero upon any exception to AArch64
439 ++ // See ARM DDI 0487E.a, page D2-2452.
440 ++
441 ++ // PSTATE.IL is set to zero upon any exception to AArch64
442 ++ // See ARM DDI 0487E.a, page D1-2306.
443 ++
444 ++ // PSTATE.SSBS is set to SCTLR_ELx.DSSBS upon any exception to AArch64
445 ++ // See ARM DDI 0487E.a, page D13-3258
446 ++ if (sctlr & SCTLR_ELx_DSSBS)
447 ++ new |= PSR_SSBS_BIT;
448 ++
449 ++ // PSTATE.BTYPE is set to zero upon any exception to AArch64
450 ++ // See ARM DDI 0487E.a, pages D1-2293 to D1-2294.
451 ++
452 ++ new |= PSR_D_BIT;
453 ++ new |= PSR_A_BIT;
454 ++ new |= PSR_I_BIT;
455 ++ new |= PSR_F_BIT;
456 ++
457 ++ new |= PSR_MODE_EL1h;
458 ++
459 ++ return new;
460 ++}
461 ++
462 + static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr)
463 + {
464 + unsigned long cpsr = *vcpu_cpsr(vcpu);
465 +@@ -59,7 +119,7 @@ static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr
466 + vcpu_write_elr_el1(vcpu, *vcpu_pc(vcpu));
467 + *vcpu_pc(vcpu) = get_except_vector(vcpu, except_type_sync);
468 +
469 +- *vcpu_cpsr(vcpu) = PSTATE_FAULT_BITS_64;
470 ++ *vcpu_cpsr(vcpu) = get_except64_pstate(vcpu);
471 + vcpu_write_spsr(vcpu, cpsr);
472 +
473 + vcpu_write_sys_reg(vcpu, addr, FAR_EL1);
474 +@@ -94,7 +154,7 @@ static void inject_undef64(struct kvm_vcpu *vcpu)
475 + vcpu_write_elr_el1(vcpu, *vcpu_pc(vcpu));
476 + *vcpu_pc(vcpu) = get_except_vector(vcpu, except_type_sync);
477 +
478 +- *vcpu_cpsr(vcpu) = PSTATE_FAULT_BITS_64;
479 ++ *vcpu_cpsr(vcpu) = get_except64_pstate(vcpu);
480 + vcpu_write_spsr(vcpu, cpsr);
481 +
482 + /*
483 +diff --git a/arch/mips/Makefile.postlink b/arch/mips/Makefile.postlink
484 +index f03fdc95143e..4b1d3ba3a8a2 100644
485 +--- a/arch/mips/Makefile.postlink
486 ++++ b/arch/mips/Makefile.postlink
487 +@@ -17,7 +17,7 @@ quiet_cmd_ls3_llsc = LLSCCHK $@
488 + cmd_ls3_llsc = $(CMD_LS3_LLSC) $@
489 +
490 + CMD_RELOCS = arch/mips/boot/tools/relocs
491 +-quiet_cmd_relocs = RELOCS $@
492 ++quiet_cmd_relocs = RELOCS $@
493 + cmd_relocs = $(CMD_RELOCS) $@
494 +
495 + # `@true` prevents complaint when there is nothing to be done
496 +diff --git a/arch/mips/boot/Makefile b/arch/mips/boot/Makefile
497 +index 528bd73d530a..4ed45ade32a1 100644
498 +--- a/arch/mips/boot/Makefile
499 ++++ b/arch/mips/boot/Makefile
500 +@@ -123,7 +123,7 @@ $(obj)/vmlinux.its.S: $(addprefix $(srctree)/arch/mips/$(PLATFORM)/,$(ITS_INPUTS
501 + targets += vmlinux.its
502 + targets += vmlinux.gz.its
503 + targets += vmlinux.bz2.its
504 +-targets += vmlinux.lzmo.its
505 ++targets += vmlinux.lzma.its
506 + targets += vmlinux.lzo.its
507 +
508 + quiet_cmd_cpp_its_S = ITS $@
509 +diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h
510 +index 02783e141c32..fef0fda8f82f 100644
511 +--- a/arch/mips/include/asm/local.h
512 ++++ b/arch/mips/include/asm/local.h
513 +@@ -37,6 +37,7 @@ static __inline__ long local_add_return(long i, local_t * l)
514 + __asm__ __volatile__(
515 + " .set push \n"
516 + " .set arch=r4000 \n"
517 ++ __SYNC(full, loongson3_war) " \n"
518 + "1:" __LL "%1, %2 # local_add_return \n"
519 + " addu %0, %1, %3 \n"
520 + __SC "%0, %2 \n"
521 +@@ -52,6 +53,7 @@ static __inline__ long local_add_return(long i, local_t * l)
522 + __asm__ __volatile__(
523 + " .set push \n"
524 + " .set "MIPS_ISA_ARCH_LEVEL" \n"
525 ++ __SYNC(full, loongson3_war) " \n"
526 + "1:" __LL "%1, %2 # local_add_return \n"
527 + " addu %0, %1, %3 \n"
528 + __SC "%0, %2 \n"
529 +@@ -84,6 +86,7 @@ static __inline__ long local_sub_return(long i, local_t * l)
530 + __asm__ __volatile__(
531 + " .set push \n"
532 + " .set arch=r4000 \n"
533 ++ __SYNC(full, loongson3_war) " \n"
534 + "1:" __LL "%1, %2 # local_sub_return \n"
535 + " subu %0, %1, %3 \n"
536 + __SC "%0, %2 \n"
537 +@@ -99,6 +102,7 @@ static __inline__ long local_sub_return(long i, local_t * l)
538 + __asm__ __volatile__(
539 + " .set push \n"
540 + " .set "MIPS_ISA_ARCH_LEVEL" \n"
541 ++ __SYNC(full, loongson3_war) " \n"
542 + "1:" __LL "%1, %2 # local_sub_return \n"
543 + " subu %0, %1, %3 \n"
544 + __SC "%0, %2 \n"
545 +diff --git a/arch/mips/kernel/syscalls/Makefile b/arch/mips/kernel/syscalls/Makefile
546 +index a3d4bec695c6..6efb2f6889a7 100644
547 +--- a/arch/mips/kernel/syscalls/Makefile
548 ++++ b/arch/mips/kernel/syscalls/Makefile
549 +@@ -18,7 +18,7 @@ quiet_cmd_syshdr = SYSHDR $@
550 + '$(syshdr_pfx_$(basetarget))' \
551 + '$(syshdr_offset_$(basetarget))'
552 +
553 +-quiet_cmd_sysnr = SYSNR $@
554 ++quiet_cmd_sysnr = SYSNR $@
555 + cmd_sysnr = $(CONFIG_SHELL) '$(sysnr)' '$<' '$@' \
556 + '$(sysnr_abis_$(basetarget))' \
557 + '$(sysnr_pfx_$(basetarget))' \
558 +diff --git a/arch/mips/sgi-ip30/ip30-irq.c b/arch/mips/sgi-ip30/ip30-irq.c
559 +index d46655b914f1..c2ffcb920250 100644
560 +--- a/arch/mips/sgi-ip30/ip30-irq.c
561 ++++ b/arch/mips/sgi-ip30/ip30-irq.c
562 +@@ -232,9 +232,10 @@ static void heart_domain_free(struct irq_domain *domain,
563 + return;
564 +
565 + irqd = irq_domain_get_irq_data(domain, virq);
566 +- clear_bit(irqd->hwirq, heart_irq_map);
567 +- if (irqd && irqd->chip_data)
568 ++ if (irqd) {
569 ++ clear_bit(irqd->hwirq, heart_irq_map);
570 + kfree(irqd->chip_data);
571 ++ }
572 + }
573 +
574 + static const struct irq_domain_ops heart_domain_ops = {
575 +diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
576 +index e2a412113359..f765385925e1 100644
577 +--- a/arch/powerpc/Kconfig
578 ++++ b/arch/powerpc/Kconfig
579 +@@ -222,8 +222,7 @@ config PPC
580 + select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI && !HAVE_HARDLOCKUP_DETECTOR_ARCH
581 + select HAVE_PERF_REGS
582 + select HAVE_PERF_USER_STACK_DUMP
583 +- select HAVE_RCU_TABLE_FREE if SMP
584 +- select HAVE_RCU_TABLE_NO_INVALIDATE if HAVE_RCU_TABLE_FREE
585 ++ select HAVE_RCU_TABLE_FREE
586 + select HAVE_MMU_GATHER_PAGE_SIZE
587 + select HAVE_REGS_AND_STACK_ACCESS_API
588 + select HAVE_RELIABLE_STACKTRACE if PPC_BOOK3S_64 && CPU_LITTLE_ENDIAN
589 +@@ -238,6 +237,7 @@ config PPC
590 + select NEED_DMA_MAP_STATE if PPC64 || NOT_COHERENT_CACHE
591 + select NEED_SG_DMA_LENGTH
592 + select OF
593 ++ select OF_DMA_DEFAULT_COHERENT if !NOT_COHERENT_CACHE
594 + select OF_EARLY_FLATTREE
595 + select OLD_SIGACTION if PPC32
596 + select OLD_SIGSUSPEND
597 +diff --git a/arch/powerpc/boot/4xx.c b/arch/powerpc/boot/4xx.c
598 +index 1699e9531552..00c4d843a023 100644
599 +--- a/arch/powerpc/boot/4xx.c
600 ++++ b/arch/powerpc/boot/4xx.c
601 +@@ -228,7 +228,7 @@ void ibm4xx_denali_fixup_memsize(void)
602 + dpath = 8; /* 64 bits */
603 +
604 + /* get address pins (rows) */
605 +- val = SDRAM0_READ(DDR0_42);
606 ++ val = SDRAM0_READ(DDR0_42);
607 +
608 + row = DDR_GET_VAL(val, DDR_APIN, DDR_APIN_SHIFT);
609 + if (row > max_row)
610 +diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h
611 +index f9dc597b0b86..91c8f1d9bcee 100644
612 +--- a/arch/powerpc/include/asm/book3s/32/kup.h
613 ++++ b/arch/powerpc/include/asm/book3s/32/kup.h
614 +@@ -102,11 +102,13 @@ static inline void kuap_update_sr(u32 sr, u32 addr, u32 end)
615 + isync(); /* Context sync required after mtsrin() */
616 + }
617 +
618 +-static inline void allow_user_access(void __user *to, const void __user *from, u32 size)
619 ++static __always_inline void allow_user_access(void __user *to, const void __user *from,
620 ++ u32 size, unsigned long dir)
621 + {
622 + u32 addr, end;
623 +
624 +- if (__builtin_constant_p(to) && to == NULL)
625 ++ BUILD_BUG_ON(!__builtin_constant_p(dir));
626 ++ if (!(dir & KUAP_WRITE))
627 + return;
628 +
629 + addr = (__force u32)to;
630 +@@ -119,11 +121,16 @@ static inline void allow_user_access(void __user *to, const void __user *from, u
631 + kuap_update_sr(mfsrin(addr) & ~SR_KS, addr, end); /* Clear Ks */
632 + }
633 +
634 +-static inline void prevent_user_access(void __user *to, const void __user *from, u32 size)
635 ++static __always_inline void prevent_user_access(void __user *to, const void __user *from,
636 ++ u32 size, unsigned long dir)
637 + {
638 + u32 addr = (__force u32)to;
639 + u32 end = min(addr + size, TASK_SIZE);
640 +
641 ++ BUILD_BUG_ON(!__builtin_constant_p(dir));
642 ++ if (!(dir & KUAP_WRITE))
643 ++ return;
644 ++
645 + if (!addr || addr >= TASK_SIZE || !size)
646 + return;
647 +
648 +@@ -131,12 +138,17 @@ static inline void prevent_user_access(void __user *to, const void __user *from,
649 + kuap_update_sr(mfsrin(addr) | SR_KS, addr, end); /* set Ks */
650 + }
651 +
652 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write)
653 ++static inline bool
654 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
655 + {
656 ++ unsigned long begin = regs->kuap & 0xf0000000;
657 ++ unsigned long end = regs->kuap << 28;
658 ++
659 + if (!is_write)
660 + return false;
661 +
662 +- return WARN(!regs->kuap, "Bug: write fault blocked by segment registers !");
663 ++ return WARN(address < begin || address >= end,
664 ++ "Bug: write fault blocked by segment registers !");
665 + }
666 +
667 + #endif /* CONFIG_PPC_KUAP */
668 +diff --git a/arch/powerpc/include/asm/book3s/32/pgalloc.h b/arch/powerpc/include/asm/book3s/32/pgalloc.h
669 +index 998317702630..dc5c039eb28e 100644
670 +--- a/arch/powerpc/include/asm/book3s/32/pgalloc.h
671 ++++ b/arch/powerpc/include/asm/book3s/32/pgalloc.h
672 +@@ -49,7 +49,6 @@ static inline void pgtable_free(void *table, unsigned index_size)
673 +
674 + #define get_hugepd_cache_index(x) (x)
675 +
676 +-#ifdef CONFIG_SMP
677 + static inline void pgtable_free_tlb(struct mmu_gather *tlb,
678 + void *table, int shift)
679 + {
680 +@@ -66,13 +65,6 @@ static inline void __tlb_remove_table(void *_table)
681 +
682 + pgtable_free(table, shift);
683 + }
684 +-#else
685 +-static inline void pgtable_free_tlb(struct mmu_gather *tlb,
686 +- void *table, int shift)
687 +-{
688 +- pgtable_free(table, shift);
689 +-}
690 +-#endif
691 +
692 + static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t table,
693 + unsigned long address)
694 +diff --git a/arch/powerpc/include/asm/book3s/64/kup-radix.h b/arch/powerpc/include/asm/book3s/64/kup-radix.h
695 +index f254de956d6a..c8d1076e0ebb 100644
696 +--- a/arch/powerpc/include/asm/book3s/64/kup-radix.h
697 ++++ b/arch/powerpc/include/asm/book3s/64/kup-radix.h
698 +@@ -77,25 +77,27 @@ static inline void set_kuap(unsigned long value)
699 + isync();
700 + }
701 +
702 +-static inline void allow_user_access(void __user *to, const void __user *from,
703 +- unsigned long size)
704 ++static __always_inline void allow_user_access(void __user *to, const void __user *from,
705 ++ unsigned long size, unsigned long dir)
706 + {
707 + // This is written so we can resolve to a single case at build time
708 +- if (__builtin_constant_p(to) && to == NULL)
709 ++ BUILD_BUG_ON(!__builtin_constant_p(dir));
710 ++ if (dir == KUAP_READ)
711 + set_kuap(AMR_KUAP_BLOCK_WRITE);
712 +- else if (__builtin_constant_p(from) && from == NULL)
713 ++ else if (dir == KUAP_WRITE)
714 + set_kuap(AMR_KUAP_BLOCK_READ);
715 + else
716 + set_kuap(0);
717 + }
718 +
719 + static inline void prevent_user_access(void __user *to, const void __user *from,
720 +- unsigned long size)
721 ++ unsigned long size, unsigned long dir)
722 + {
723 + set_kuap(AMR_KUAP_BLOCKED);
724 + }
725 +
726 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write)
727 ++static inline bool
728 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
729 + {
730 + return WARN(mmu_has_feature(MMU_FTR_RADIX_KUAP) &&
731 + (regs->kuap & (is_write ? AMR_KUAP_BLOCK_WRITE : AMR_KUAP_BLOCK_READ)),
732 +diff --git a/arch/powerpc/include/asm/book3s/64/pgalloc.h b/arch/powerpc/include/asm/book3s/64/pgalloc.h
733 +index f6968c811026..a41e91bd0580 100644
734 +--- a/arch/powerpc/include/asm/book3s/64/pgalloc.h
735 ++++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h
736 +@@ -19,9 +19,7 @@ extern struct vmemmap_backing *vmemmap_list;
737 + extern pmd_t *pmd_fragment_alloc(struct mm_struct *, unsigned long);
738 + extern void pmd_fragment_free(unsigned long *);
739 + extern void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int shift);
740 +-#ifdef CONFIG_SMP
741 + extern void __tlb_remove_table(void *_table);
742 +-#endif
743 + void pte_frag_destroy(void *pte_frag);
744 +
745 + static inline pgd_t *radix__pgd_alloc(struct mm_struct *mm)
746 +diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h
747 +index eea28ca679db..bc7d9d06a6d9 100644
748 +--- a/arch/powerpc/include/asm/futex.h
749 ++++ b/arch/powerpc/include/asm/futex.h
750 +@@ -35,7 +35,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval,
751 + {
752 + int oldval = 0, ret;
753 +
754 +- allow_write_to_user(uaddr, sizeof(*uaddr));
755 ++ allow_read_write_user(uaddr, uaddr, sizeof(*uaddr));
756 + pagefault_disable();
757 +
758 + switch (op) {
759 +@@ -62,7 +62,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval,
760 +
761 + *oval = oldval;
762 +
763 +- prevent_write_to_user(uaddr, sizeof(*uaddr));
764 ++ prevent_read_write_user(uaddr, uaddr, sizeof(*uaddr));
765 + return ret;
766 + }
767 +
768 +@@ -76,7 +76,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
769 + if (!access_ok(uaddr, sizeof(u32)))
770 + return -EFAULT;
771 +
772 +- allow_write_to_user(uaddr, sizeof(*uaddr));
773 ++ allow_read_write_user(uaddr, uaddr, sizeof(*uaddr));
774 ++
775 + __asm__ __volatile__ (
776 + PPC_ATOMIC_ENTRY_BARRIER
777 + "1: lwarx %1,0,%3 # futex_atomic_cmpxchg_inatomic\n\
778 +@@ -97,7 +98,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
779 + : "cc", "memory");
780 +
781 + *uval = prev;
782 +- prevent_write_to_user(uaddr, sizeof(*uaddr));
783 ++ prevent_read_write_user(uaddr, uaddr, sizeof(*uaddr));
784 ++
785 + return ret;
786 + }
787 +
788 +diff --git a/arch/powerpc/include/asm/kup.h b/arch/powerpc/include/asm/kup.h
789 +index 5b5e39643a27..94f24928916a 100644
790 +--- a/arch/powerpc/include/asm/kup.h
791 ++++ b/arch/powerpc/include/asm/kup.h
792 +@@ -2,6 +2,10 @@
793 + #ifndef _ASM_POWERPC_KUP_H_
794 + #define _ASM_POWERPC_KUP_H_
795 +
796 ++#define KUAP_READ 1
797 ++#define KUAP_WRITE 2
798 ++#define KUAP_READ_WRITE (KUAP_READ | KUAP_WRITE)
799 ++
800 + #ifdef CONFIG_PPC64
801 + #include <asm/book3s/64/kup-radix.h>
802 + #endif
803 +@@ -42,32 +46,48 @@ void setup_kuap(bool disabled);
804 + #else
805 + static inline void setup_kuap(bool disabled) { }
806 + static inline void allow_user_access(void __user *to, const void __user *from,
807 +- unsigned long size) { }
808 ++ unsigned long size, unsigned long dir) { }
809 + static inline void prevent_user_access(void __user *to, const void __user *from,
810 +- unsigned long size) { }
811 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write) { return false; }
812 ++ unsigned long size, unsigned long dir) { }
813 ++static inline bool
814 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
815 ++{
816 ++ return false;
817 ++}
818 + #endif /* CONFIG_PPC_KUAP */
819 +
820 + static inline void allow_read_from_user(const void __user *from, unsigned long size)
821 + {
822 +- allow_user_access(NULL, from, size);
823 ++ allow_user_access(NULL, from, size, KUAP_READ);
824 + }
825 +
826 + static inline void allow_write_to_user(void __user *to, unsigned long size)
827 + {
828 +- allow_user_access(to, NULL, size);
829 ++ allow_user_access(to, NULL, size, KUAP_WRITE);
830 ++}
831 ++
832 ++static inline void allow_read_write_user(void __user *to, const void __user *from,
833 ++ unsigned long size)
834 ++{
835 ++ allow_user_access(to, from, size, KUAP_READ_WRITE);
836 + }
837 +
838 + static inline void prevent_read_from_user(const void __user *from, unsigned long size)
839 + {
840 +- prevent_user_access(NULL, from, size);
841 ++ prevent_user_access(NULL, from, size, KUAP_READ);
842 + }
843 +
844 + static inline void prevent_write_to_user(void __user *to, unsigned long size)
845 + {
846 +- prevent_user_access(to, NULL, size);
847 ++ prevent_user_access(to, NULL, size, KUAP_WRITE);
848 ++}
849 ++
850 ++static inline void prevent_read_write_user(void __user *to, const void __user *from,
851 ++ unsigned long size)
852 ++{
853 ++ prevent_user_access(to, from, size, KUAP_READ_WRITE);
854 + }
855 +
856 + #endif /* !__ASSEMBLY__ */
857 +
858 +-#endif /* _ASM_POWERPC_KUP_H_ */
859 ++#endif /* _ASM_POWERPC_KUAP_H_ */
860 +diff --git a/arch/powerpc/include/asm/nohash/32/kup-8xx.h b/arch/powerpc/include/asm/nohash/32/kup-8xx.h
861 +index 1006a427e99c..1d70c80366fd 100644
862 +--- a/arch/powerpc/include/asm/nohash/32/kup-8xx.h
863 ++++ b/arch/powerpc/include/asm/nohash/32/kup-8xx.h
864 +@@ -35,18 +35,19 @@
865 + #include <asm/reg.h>
866 +
867 + static inline void allow_user_access(void __user *to, const void __user *from,
868 +- unsigned long size)
869 ++ unsigned long size, unsigned long dir)
870 + {
871 + mtspr(SPRN_MD_AP, MD_APG_INIT);
872 + }
873 +
874 + static inline void prevent_user_access(void __user *to, const void __user *from,
875 +- unsigned long size)
876 ++ unsigned long size, unsigned long dir)
877 + {
878 + mtspr(SPRN_MD_AP, MD_APG_KUAP);
879 + }
880 +
881 +-static inline bool bad_kuap_fault(struct pt_regs *regs, bool is_write)
882 ++static inline bool
883 ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
884 + {
885 + return WARN(!((regs->kuap ^ MD_APG_KUAP) & 0xf0000000),
886 + "Bug: fault blocked by AP register !");
887 +diff --git a/arch/powerpc/include/asm/nohash/pgalloc.h b/arch/powerpc/include/asm/nohash/pgalloc.h
888 +index 332b13b4ecdb..29c43665a753 100644
889 +--- a/arch/powerpc/include/asm/nohash/pgalloc.h
890 ++++ b/arch/powerpc/include/asm/nohash/pgalloc.h
891 +@@ -46,7 +46,6 @@ static inline void pgtable_free(void *table, int shift)
892 +
893 + #define get_hugepd_cache_index(x) (x)
894 +
895 +-#ifdef CONFIG_SMP
896 + static inline void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int shift)
897 + {
898 + unsigned long pgf = (unsigned long)table;
899 +@@ -64,13 +63,6 @@ static inline void __tlb_remove_table(void *_table)
900 + pgtable_free(table, shift);
901 + }
902 +
903 +-#else
904 +-static inline void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int shift)
905 +-{
906 +- pgtable_free(table, shift);
907 +-}
908 +-#endif
909 +-
910 + static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t table,
911 + unsigned long address)
912 + {
913 +diff --git a/arch/powerpc/include/asm/tlb.h b/arch/powerpc/include/asm/tlb.h
914 +index b2c0be93929d..7f3a8b902325 100644
915 +--- a/arch/powerpc/include/asm/tlb.h
916 ++++ b/arch/powerpc/include/asm/tlb.h
917 +@@ -26,6 +26,17 @@
918 +
919 + #define tlb_flush tlb_flush
920 + extern void tlb_flush(struct mmu_gather *tlb);
921 ++/*
922 ++ * book3s:
923 ++ * Hash does not use the linux page-tables, so we can avoid
924 ++ * the TLB invalidate for page-table freeing, Radix otoh does use the
925 ++ * page-tables and needs the TLBI.
926 ++ *
927 ++ * nohash:
928 ++ * We still do TLB invalidate in the __pte_free_tlb routine before we
929 ++ * add the page table pages to mmu gather table batch.
930 ++ */
931 ++#define tlb_needs_table_invalidate() radix_enabled()
932 +
933 + /* Get the generic bits... */
934 + #include <asm-generic/tlb.h>
935 +diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
936 +index c92fe7fe9692..cafad1960e76 100644
937 +--- a/arch/powerpc/include/asm/uaccess.h
938 ++++ b/arch/powerpc/include/asm/uaccess.h
939 +@@ -313,9 +313,9 @@ raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
940 + unsigned long ret;
941 +
942 + barrier_nospec();
943 +- allow_user_access(to, from, n);
944 ++ allow_read_write_user(to, from, n);
945 + ret = __copy_tofrom_user(to, from, n);
946 +- prevent_user_access(to, from, n);
947 ++ prevent_read_write_user(to, from, n);
948 + return ret;
949 + }
950 + #endif /* __powerpc64__ */
951 +diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
952 +index d60908ea37fb..59bb4f4ae316 100644
953 +--- a/arch/powerpc/kernel/entry_32.S
954 ++++ b/arch/powerpc/kernel/entry_32.S
955 +@@ -179,7 +179,7 @@ transfer_to_handler:
956 + 2: /* if from kernel, check interrupted DOZE/NAP mode and
957 + * check for stack overflow
958 + */
959 +- kuap_save_and_lock r11, r12, r9, r2, r0
960 ++ kuap_save_and_lock r11, r12, r9, r2, r6
961 + addi r2, r12, -THREAD
962 + lwz r9,KSP_LIMIT(r12)
963 + cmplw r1,r9 /* if r1 <= ksp_limit */
964 +@@ -284,6 +284,7 @@ reenable_mmu:
965 + rlwinm r9,r9,0,~MSR_EE
966 + lwz r12,_LINK(r11) /* and return to address in LR */
967 + kuap_restore r11, r2, r3, r4, r5
968 ++ lwz r2, GPR2(r11)
969 + b fast_exception_return
970 + #endif
971 +
972 +diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
973 +index 6ff3f896d908..ef6aa63b071b 100644
974 +--- a/arch/powerpc/kvm/book3s_hv.c
975 ++++ b/arch/powerpc/kvm/book3s_hv.c
976 +@@ -2368,7 +2368,7 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
977 + mutex_unlock(&kvm->lock);
978 +
979 + if (!vcore)
980 +- goto free_vcpu;
981 ++ goto uninit_vcpu;
982 +
983 + spin_lock(&vcore->lock);
984 + ++vcore->num_threads;
985 +@@ -2385,6 +2385,8 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_hv(struct kvm *kvm,
986 +
987 + return vcpu;
988 +
989 ++uninit_vcpu:
990 ++ kvm_vcpu_uninit(vcpu);
991 + free_vcpu:
992 + kmem_cache_free(kvm_vcpu_cache, vcpu);
993 + out:
994 +diff --git a/arch/powerpc/kvm/book3s_pr.c b/arch/powerpc/kvm/book3s_pr.c
995 +index eb86a2f26986..04512b4bb417 100644
996 +--- a/arch/powerpc/kvm/book3s_pr.c
997 ++++ b/arch/powerpc/kvm/book3s_pr.c
998 +@@ -1806,10 +1806,12 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_pr(struct kvm *kvm,
999 +
1000 + err = kvmppc_mmu_init(vcpu);
1001 + if (err < 0)
1002 +- goto uninit_vcpu;
1003 ++ goto free_shared_page;
1004 +
1005 + return vcpu;
1006 +
1007 ++free_shared_page:
1008 ++ free_page((unsigned long)vcpu->arch.shared);
1009 + uninit_vcpu:
1010 + kvm_vcpu_uninit(vcpu);
1011 + free_shadow_vcpu:
1012 +diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c
1013 +index d83adb1e1490..6ef0151ff70a 100644
1014 +--- a/arch/powerpc/kvm/book3s_xive_native.c
1015 ++++ b/arch/powerpc/kvm/book3s_xive_native.c
1016 +@@ -631,7 +631,7 @@ static int kvmppc_xive_native_set_queue_config(struct kvmppc_xive *xive,
1017 + srcu_idx = srcu_read_lock(&kvm->srcu);
1018 + gfn = gpa_to_gfn(kvm_eq.qaddr);
1019 +
1020 +- page_size = kvm_host_page_size(kvm, gfn);
1021 ++ page_size = kvm_host_page_size(vcpu, gfn);
1022 + if (1ull << kvm_eq.qshift > page_size) {
1023 + srcu_read_unlock(&kvm->srcu, srcu_idx);
1024 + pr_warn("Incompatible host page size %lx!\n", page_size);
1025 +diff --git a/arch/powerpc/mm/book3s64/pgtable.c b/arch/powerpc/mm/book3s64/pgtable.c
1026 +index 75483b40fcb1..2bf7e1b4fd82 100644
1027 +--- a/arch/powerpc/mm/book3s64/pgtable.c
1028 ++++ b/arch/powerpc/mm/book3s64/pgtable.c
1029 +@@ -378,7 +378,6 @@ static inline void pgtable_free(void *table, int index)
1030 + }
1031 + }
1032 +
1033 +-#ifdef CONFIG_SMP
1034 + void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int index)
1035 + {
1036 + unsigned long pgf = (unsigned long)table;
1037 +@@ -395,12 +394,6 @@ void __tlb_remove_table(void *_table)
1038 +
1039 + return pgtable_free(table, index);
1040 + }
1041 +-#else
1042 +-void pgtable_free_tlb(struct mmu_gather *tlb, void *table, int index)
1043 +-{
1044 +- return pgtable_free(table, index);
1045 +-}
1046 +-#endif
1047 +
1048 + #ifdef CONFIG_PROC_FS
1049 + atomic_long_t direct_pages_count[MMU_PAGE_COUNT];
1050 +diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
1051 +index b5047f9b5dec..1baeb045f7f4 100644
1052 +--- a/arch/powerpc/mm/fault.c
1053 ++++ b/arch/powerpc/mm/fault.c
1054 +@@ -233,7 +233,7 @@ static bool bad_kernel_fault(struct pt_regs *regs, unsigned long error_code,
1055 +
1056 + // Read/write fault in a valid region (the exception table search passed
1057 + // above), but blocked by KUAP is bad, it can never succeed.
1058 +- if (bad_kuap_fault(regs, is_write))
1059 ++ if (bad_kuap_fault(regs, address, is_write))
1060 + return true;
1061 +
1062 + // What's left? Kernel fault on user in well defined regions (extable
1063 +diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c
1064 +index 2f9ddc29c535..c73205172447 100644
1065 +--- a/arch/powerpc/mm/ptdump/ptdump.c
1066 ++++ b/arch/powerpc/mm/ptdump/ptdump.c
1067 +@@ -173,10 +173,12 @@ static void dump_addr(struct pg_state *st, unsigned long addr)
1068 +
1069 + static void note_prot_wx(struct pg_state *st, unsigned long addr)
1070 + {
1071 ++ pte_t pte = __pte(st->current_flags);
1072 ++
1073 + if (!IS_ENABLED(CONFIG_PPC_DEBUG_WX) || !st->check_wx)
1074 + return;
1075 +
1076 +- if (!((st->current_flags & pgprot_val(PAGE_KERNEL_X)) == pgprot_val(PAGE_KERNEL_X)))
1077 ++ if (!pte_write(pte) || !pte_exec(pte))
1078 + return;
1079 +
1080 + WARN_ONCE(1, "powerpc/mm: Found insecure W+X mapping at address %p/%pS\n",
1081 +diff --git a/arch/powerpc/platforms/pseries/hotplug-memory.c b/arch/powerpc/platforms/pseries/hotplug-memory.c
1082 +index c126b94d1943..a4d40a3ceea3 100644
1083 +--- a/arch/powerpc/platforms/pseries/hotplug-memory.c
1084 ++++ b/arch/powerpc/platforms/pseries/hotplug-memory.c
1085 +@@ -360,8 +360,10 @@ static bool lmb_is_removable(struct drmem_lmb *lmb)
1086 +
1087 + for (i = 0; i < scns_per_block; i++) {
1088 + pfn = PFN_DOWN(phys_addr);
1089 +- if (!pfn_present(pfn))
1090 ++ if (!pfn_present(pfn)) {
1091 ++ phys_addr += MIN_MEMORY_BLOCK_SIZE;
1092 + continue;
1093 ++ }
1094 +
1095 + rc = rc && is_mem_section_removable(pfn, PAGES_PER_SECTION);
1096 + phys_addr += MIN_MEMORY_BLOCK_SIZE;
1097 +diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c
1098 +index a7056049709e..03d23075ac43 100644
1099 +--- a/arch/powerpc/xmon/xmon.c
1100 ++++ b/arch/powerpc/xmon/xmon.c
1101 +@@ -1949,15 +1949,14 @@ static void dump_300_sprs(void)
1102 +
1103 + printf("pidr = %.16lx tidr = %.16lx\n",
1104 + mfspr(SPRN_PID), mfspr(SPRN_TIDR));
1105 +- printf("asdr = %.16lx psscr = %.16lx\n",
1106 +- mfspr(SPRN_ASDR), hv ? mfspr(SPRN_PSSCR)
1107 +- : mfspr(SPRN_PSSCR_PR));
1108 ++ printf("psscr = %.16lx\n",
1109 ++ hv ? mfspr(SPRN_PSSCR) : mfspr(SPRN_PSSCR_PR));
1110 +
1111 + if (!hv)
1112 + return;
1113 +
1114 +- printf("ptcr = %.16lx\n",
1115 +- mfspr(SPRN_PTCR));
1116 ++ printf("ptcr = %.16lx asdr = %.16lx\n",
1117 ++ mfspr(SPRN_PTCR), mfspr(SPRN_ASDR));
1118 + #endif
1119 + }
1120 +
1121 +diff --git a/arch/riscv/net/bpf_jit_comp.c b/arch/riscv/net/bpf_jit_comp.c
1122 +index 7fbf56aab661..e2279fed8f56 100644
1123 +--- a/arch/riscv/net/bpf_jit_comp.c
1124 ++++ b/arch/riscv/net/bpf_jit_comp.c
1125 +@@ -120,6 +120,11 @@ static bool seen_reg(int reg, struct rv_jit_context *ctx)
1126 + return false;
1127 + }
1128 +
1129 ++static void mark_fp(struct rv_jit_context *ctx)
1130 ++{
1131 ++ __set_bit(RV_CTX_F_SEEN_S5, &ctx->flags);
1132 ++}
1133 ++
1134 + static void mark_call(struct rv_jit_context *ctx)
1135 + {
1136 + __set_bit(RV_CTX_F_SEEN_CALL, &ctx->flags);
1137 +@@ -596,7 +601,8 @@ static void __build_epilogue(u8 reg, struct rv_jit_context *ctx)
1138 +
1139 + emit(rv_addi(RV_REG_SP, RV_REG_SP, stack_adjust), ctx);
1140 + /* Set return value. */
1141 +- emit(rv_addi(RV_REG_A0, RV_REG_A5, 0), ctx);
1142 ++ if (reg == RV_REG_RA)
1143 ++ emit(rv_addi(RV_REG_A0, RV_REG_A5, 0), ctx);
1144 + emit(rv_jalr(RV_REG_ZERO, reg, 0), ctx);
1145 + }
1146 +
1147 +@@ -1426,6 +1432,10 @@ static void build_prologue(struct rv_jit_context *ctx)
1148 + {
1149 + int stack_adjust = 0, store_offset, bpf_stack_adjust;
1150 +
1151 ++ bpf_stack_adjust = round_up(ctx->prog->aux->stack_depth, 16);
1152 ++ if (bpf_stack_adjust)
1153 ++ mark_fp(ctx);
1154 ++
1155 + if (seen_reg(RV_REG_RA, ctx))
1156 + stack_adjust += 8;
1157 + stack_adjust += 8; /* RV_REG_FP */
1158 +@@ -1443,7 +1453,6 @@ static void build_prologue(struct rv_jit_context *ctx)
1159 + stack_adjust += 8;
1160 +
1161 + stack_adjust = round_up(stack_adjust, 16);
1162 +- bpf_stack_adjust = round_up(ctx->prog->aux->stack_depth, 16);
1163 + stack_adjust += bpf_stack_adjust;
1164 +
1165 + store_offset = stack_adjust - 8;
1166 +diff --git a/arch/s390/include/asm/page.h b/arch/s390/include/asm/page.h
1167 +index a4d38092530a..85e944f04c70 100644
1168 +--- a/arch/s390/include/asm/page.h
1169 ++++ b/arch/s390/include/asm/page.h
1170 +@@ -33,6 +33,8 @@
1171 + #define ARCH_HAS_PREPARE_HUGEPAGE
1172 + #define ARCH_HAS_HUGEPAGE_CLEAR_FLUSH
1173 +
1174 ++#define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
1175 ++
1176 + #include <asm/setup.h>
1177 + #ifndef __ASSEMBLY__
1178 +
1179 +diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
1180 +index d9e6bf3d54f0..876802894b35 100644
1181 +--- a/arch/s390/kvm/kvm-s390.c
1182 ++++ b/arch/s390/kvm/kvm-s390.c
1183 +@@ -2860,9 +2860,7 @@ static void kvm_s390_vcpu_initial_reset(struct kvm_vcpu *vcpu)
1184 + vcpu->arch.sie_block->gcr[14] = CR14_UNUSED_32 |
1185 + CR14_UNUSED_33 |
1186 + CR14_EXTERNAL_DAMAGE_SUBMASK;
1187 +- /* make sure the new fpc will be lazily loaded */
1188 +- save_fpu_regs();
1189 +- current->thread.fpu.fpc = 0;
1190 ++ vcpu->run->s.regs.fpc = 0;
1191 + vcpu->arch.sie_block->gbea = 1;
1192 + vcpu->arch.sie_block->pp = 0;
1193 + vcpu->arch.sie_block->fpf &= ~FPF_BPBC;
1194 +@@ -4351,7 +4349,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
1195 + switch (ioctl) {
1196 + case KVM_S390_STORE_STATUS:
1197 + idx = srcu_read_lock(&vcpu->kvm->srcu);
1198 +- r = kvm_s390_vcpu_store_status(vcpu, arg);
1199 ++ r = kvm_s390_store_status_unloaded(vcpu, arg);
1200 + srcu_read_unlock(&vcpu->kvm->srcu, idx);
1201 + break;
1202 + case KVM_S390_SET_INITIAL_PSW: {
1203 +diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c
1204 +index b0246c705a19..5674710a4841 100644
1205 +--- a/arch/s390/mm/hugetlbpage.c
1206 ++++ b/arch/s390/mm/hugetlbpage.c
1207 +@@ -2,7 +2,7 @@
1208 + /*
1209 + * IBM System z Huge TLB Page Support for Kernel.
1210 + *
1211 +- * Copyright IBM Corp. 2007,2016
1212 ++ * Copyright IBM Corp. 2007,2020
1213 + * Author(s): Gerald Schaefer <gerald.schaefer@××××××.com>
1214 + */
1215 +
1216 +@@ -11,6 +11,9 @@
1217 +
1218 + #include <linux/mm.h>
1219 + #include <linux/hugetlb.h>
1220 ++#include <linux/mman.h>
1221 ++#include <linux/sched/mm.h>
1222 ++#include <linux/security.h>
1223 +
1224 + /*
1225 + * If the bit selected by single-bit bitmask "a" is set within "x", move
1226 +@@ -267,3 +270,98 @@ static __init int setup_hugepagesz(char *opt)
1227 + return 1;
1228 + }
1229 + __setup("hugepagesz=", setup_hugepagesz);
1230 ++
1231 ++static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
1232 ++ unsigned long addr, unsigned long len,
1233 ++ unsigned long pgoff, unsigned long flags)
1234 ++{
1235 ++ struct hstate *h = hstate_file(file);
1236 ++ struct vm_unmapped_area_info info;
1237 ++
1238 ++ info.flags = 0;
1239 ++ info.length = len;
1240 ++ info.low_limit = current->mm->mmap_base;
1241 ++ info.high_limit = TASK_SIZE;
1242 ++ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
1243 ++ info.align_offset = 0;
1244 ++ return vm_unmapped_area(&info);
1245 ++}
1246 ++
1247 ++static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
1248 ++ unsigned long addr0, unsigned long len,
1249 ++ unsigned long pgoff, unsigned long flags)
1250 ++{
1251 ++ struct hstate *h = hstate_file(file);
1252 ++ struct vm_unmapped_area_info info;
1253 ++ unsigned long addr;
1254 ++
1255 ++ info.flags = VM_UNMAPPED_AREA_TOPDOWN;
1256 ++ info.length = len;
1257 ++ info.low_limit = max(PAGE_SIZE, mmap_min_addr);
1258 ++ info.high_limit = current->mm->mmap_base;
1259 ++ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
1260 ++ info.align_offset = 0;
1261 ++ addr = vm_unmapped_area(&info);
1262 ++
1263 ++ /*
1264 ++ * A failed mmap() very likely causes application failure,
1265 ++ * so fall back to the bottom-up function here. This scenario
1266 ++ * can happen with large stack limits and large mmap()
1267 ++ * allocations.
1268 ++ */
1269 ++ if (addr & ~PAGE_MASK) {
1270 ++ VM_BUG_ON(addr != -ENOMEM);
1271 ++ info.flags = 0;
1272 ++ info.low_limit = TASK_UNMAPPED_BASE;
1273 ++ info.high_limit = TASK_SIZE;
1274 ++ addr = vm_unmapped_area(&info);
1275 ++ }
1276 ++
1277 ++ return addr;
1278 ++}
1279 ++
1280 ++unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
1281 ++ unsigned long len, unsigned long pgoff, unsigned long flags)
1282 ++{
1283 ++ struct hstate *h = hstate_file(file);
1284 ++ struct mm_struct *mm = current->mm;
1285 ++ struct vm_area_struct *vma;
1286 ++ int rc;
1287 ++
1288 ++ if (len & ~huge_page_mask(h))
1289 ++ return -EINVAL;
1290 ++ if (len > TASK_SIZE - mmap_min_addr)
1291 ++ return -ENOMEM;
1292 ++
1293 ++ if (flags & MAP_FIXED) {
1294 ++ if (prepare_hugepage_range(file, addr, len))
1295 ++ return -EINVAL;
1296 ++ goto check_asce_limit;
1297 ++ }
1298 ++
1299 ++ if (addr) {
1300 ++ addr = ALIGN(addr, huge_page_size(h));
1301 ++ vma = find_vma(mm, addr);
1302 ++ if (TASK_SIZE - len >= addr && addr >= mmap_min_addr &&
1303 ++ (!vma || addr + len <= vm_start_gap(vma)))
1304 ++ goto check_asce_limit;
1305 ++ }
1306 ++
1307 ++ if (mm->get_unmapped_area == arch_get_unmapped_area)
1308 ++ addr = hugetlb_get_unmapped_area_bottomup(file, addr, len,
1309 ++ pgoff, flags);
1310 ++ else
1311 ++ addr = hugetlb_get_unmapped_area_topdown(file, addr, len,
1312 ++ pgoff, flags);
1313 ++ if (addr & ~PAGE_MASK)
1314 ++ return addr;
1315 ++
1316 ++check_asce_limit:
1317 ++ if (addr + len > current->mm->context.asce_limit &&
1318 ++ addr + len <= TASK_SIZE) {
1319 ++ rc = crst_table_upgrade(mm, addr + len);
1320 ++ if (rc)
1321 ++ return (unsigned long) rc;
1322 ++ }
1323 ++ return addr;
1324 ++}
1325 +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
1326 +index eb24cb1afc11..18e9fb6fcf1b 100644
1327 +--- a/arch/sparc/Kconfig
1328 ++++ b/arch/sparc/Kconfig
1329 +@@ -65,7 +65,6 @@ config SPARC64
1330 + select HAVE_KRETPROBES
1331 + select HAVE_KPROBES
1332 + select HAVE_RCU_TABLE_FREE if SMP
1333 +- select HAVE_RCU_TABLE_NO_INVALIDATE if HAVE_RCU_TABLE_FREE
1334 + select HAVE_MEMBLOCK_NODE_MAP
1335 + select HAVE_ARCH_TRANSPARENT_HUGEPAGE
1336 + select HAVE_DYNAMIC_FTRACE
1337 +diff --git a/arch/sparc/include/asm/tlb_64.h b/arch/sparc/include/asm/tlb_64.h
1338 +index a2f3fa61ee36..8cb8f3833239 100644
1339 +--- a/arch/sparc/include/asm/tlb_64.h
1340 ++++ b/arch/sparc/include/asm/tlb_64.h
1341 +@@ -28,6 +28,15 @@ void flush_tlb_pending(void);
1342 + #define __tlb_remove_tlb_entry(tlb, ptep, address) do { } while (0)
1343 + #define tlb_flush(tlb) flush_tlb_pending()
1344 +
1345 ++/*
1346 ++ * SPARC64's hardware TLB fill does not use the Linux page-tables
1347 ++ * and therefore we don't need a TLBI when freeing page-table pages.
1348 ++ */
1349 ++
1350 ++#ifdef CONFIG_HAVE_RCU_TABLE_FREE
1351 ++#define tlb_needs_table_invalidate() (false)
1352 ++#endif
1353 ++
1354 + #include <asm-generic/tlb.h>
1355 +
1356 + #endif /* _SPARC64_TLB_H */
1357 +diff --git a/arch/sparc/include/uapi/asm/ipcbuf.h b/arch/sparc/include/uapi/asm/ipcbuf.h
1358 +index 5b933a598a33..0ea1240d2ea1 100644
1359 +--- a/arch/sparc/include/uapi/asm/ipcbuf.h
1360 ++++ b/arch/sparc/include/uapi/asm/ipcbuf.h
1361 +@@ -17,19 +17,19 @@
1362 +
1363 + struct ipc64_perm
1364 + {
1365 +- __kernel_key_t key;
1366 +- __kernel_uid_t uid;
1367 +- __kernel_gid_t gid;
1368 +- __kernel_uid_t cuid;
1369 +- __kernel_gid_t cgid;
1370 ++ __kernel_key_t key;
1371 ++ __kernel_uid32_t uid;
1372 ++ __kernel_gid32_t gid;
1373 ++ __kernel_uid32_t cuid;
1374 ++ __kernel_gid32_t cgid;
1375 + #ifndef __arch64__
1376 +- unsigned short __pad0;
1377 ++ unsigned short __pad0;
1378 + #endif
1379 +- __kernel_mode_t mode;
1380 +- unsigned short __pad1;
1381 +- unsigned short seq;
1382 +- unsigned long long __unused1;
1383 +- unsigned long long __unused2;
1384 ++ __kernel_mode_t mode;
1385 ++ unsigned short __pad1;
1386 ++ unsigned short seq;
1387 ++ unsigned long long __unused1;
1388 ++ unsigned long long __unused2;
1389 + };
1390 +
1391 + #endif /* __SPARC_IPCBUF_H */
1392 +diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
1393 +index 2ebc17d9c72c..19e94af9cc5d 100644
1394 +--- a/arch/x86/include/asm/apic.h
1395 ++++ b/arch/x86/include/asm/apic.h
1396 +@@ -140,6 +140,7 @@ extern void apic_soft_disable(void);
1397 + extern void lapic_shutdown(void);
1398 + extern void sync_Arb_IDs(void);
1399 + extern void init_bsp_APIC(void);
1400 ++extern void apic_intr_mode_select(void);
1401 + extern void apic_intr_mode_init(void);
1402 + extern void init_apic_mappings(void);
1403 + void register_lapic_address(unsigned long address);
1404 +@@ -188,6 +189,7 @@ static inline void disable_local_APIC(void) { }
1405 + # define setup_secondary_APIC_clock x86_init_noop
1406 + static inline void lapic_update_tsc_freq(void) { }
1407 + static inline void init_bsp_APIC(void) { }
1408 ++static inline void apic_intr_mode_select(void) { }
1409 + static inline void apic_intr_mode_init(void) { }
1410 + static inline void lapic_assign_system_vectors(void) { }
1411 + static inline void lapic_assign_legacy_vector(unsigned int i, bool r) { }
1412 +@@ -452,6 +454,14 @@ static inline void ack_APIC_irq(void)
1413 + apic_eoi();
1414 + }
1415 +
1416 ++
1417 ++static inline bool lapic_vector_set_in_irr(unsigned int vector)
1418 ++{
1419 ++ u32 irr = apic_read(APIC_IRR + (vector / 32 * 0x10));
1420 ++
1421 ++ return !!(irr & (1U << (vector % 32)));
1422 ++}
1423 ++
1424 + static inline unsigned default_get_apic_id(unsigned long x)
1425 + {
1426 + unsigned int ver = GET_APIC_VERSION(apic_read(APIC_LVR));
1427 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
1428 +index b79cd6aa4075..178e4e1a47f5 100644
1429 +--- a/arch/x86/include/asm/kvm_host.h
1430 ++++ b/arch/x86/include/asm/kvm_host.h
1431 +@@ -378,12 +378,12 @@ struct kvm_mmu {
1432 + void (*set_cr3)(struct kvm_vcpu *vcpu, unsigned long root);
1433 + unsigned long (*get_cr3)(struct kvm_vcpu *vcpu);
1434 + u64 (*get_pdptr)(struct kvm_vcpu *vcpu, int index);
1435 +- int (*page_fault)(struct kvm_vcpu *vcpu, gva_t gva, u32 err,
1436 ++ int (*page_fault)(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 err,
1437 + bool prefault);
1438 + void (*inject_page_fault)(struct kvm_vcpu *vcpu,
1439 + struct x86_exception *fault);
1440 +- gpa_t (*gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t gva, u32 access,
1441 +- struct x86_exception *exception);
1442 ++ gpa_t (*gva_to_gpa)(struct kvm_vcpu *vcpu, gpa_t gva_or_gpa,
1443 ++ u32 access, struct x86_exception *exception);
1444 + gpa_t (*translate_gpa)(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access,
1445 + struct x86_exception *exception);
1446 + int (*sync_page)(struct kvm_vcpu *vcpu,
1447 +@@ -685,10 +685,10 @@ struct kvm_vcpu_arch {
1448 + bool pvclock_set_guest_stopped_request;
1449 +
1450 + struct {
1451 ++ u8 preempted;
1452 + u64 msr_val;
1453 + u64 last_steal;
1454 +- struct gfn_to_hva_cache stime;
1455 +- struct kvm_steal_time steal;
1456 ++ struct gfn_to_pfn_cache cache;
1457 + } st;
1458 +
1459 + u64 tsc_offset;
1460 +@@ -1145,6 +1145,7 @@ struct kvm_x86_ops {
1461 + bool (*xsaves_supported)(void);
1462 + bool (*umip_emulated)(void);
1463 + bool (*pt_supported)(void);
1464 ++ bool (*pku_supported)(void);
1465 +
1466 + int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr);
1467 + void (*request_immediate_exit)(struct kvm_vcpu *vcpu);
1468 +@@ -1468,7 +1469,7 @@ void kvm_vcpu_deactivate_apicv(struct kvm_vcpu *vcpu);
1469 +
1470 + int kvm_emulate_hypercall(struct kvm_vcpu *vcpu);
1471 +
1472 +-int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t gva, u64 error_code,
1473 ++int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 error_code,
1474 + void *insn, int insn_len);
1475 + void kvm_mmu_invlpg(struct kvm_vcpu *vcpu, gva_t gva);
1476 + void kvm_mmu_invpcid_gva(struct kvm_vcpu *vcpu, gva_t gva, unsigned long pcid);
1477 +diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
1478 +index 19435858df5f..96d9cd208610 100644
1479 +--- a/arch/x86/include/asm/x86_init.h
1480 ++++ b/arch/x86/include/asm/x86_init.h
1481 +@@ -51,12 +51,14 @@ struct x86_init_resources {
1482 + * are set up.
1483 + * @intr_init: interrupt init code
1484 + * @trap_init: platform specific trap setup
1485 ++ * @intr_mode_select: interrupt delivery mode selection
1486 + * @intr_mode_init: interrupt delivery mode setup
1487 + */
1488 + struct x86_init_irqs {
1489 + void (*pre_vector_init)(void);
1490 + void (*intr_init)(void);
1491 + void (*trap_init)(void);
1492 ++ void (*intr_mode_select)(void);
1493 + void (*intr_mode_init)(void);
1494 + };
1495 +
1496 +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
1497 +index 28446fa6bf18..4b0f9117e1cd 100644
1498 +--- a/arch/x86/kernel/apic/apic.c
1499 ++++ b/arch/x86/kernel/apic/apic.c
1500 +@@ -830,8 +830,17 @@ bool __init apic_needs_pit(void)
1501 + if (!tsc_khz || !cpu_khz)
1502 + return true;
1503 +
1504 +- /* Is there an APIC at all? */
1505 +- if (!boot_cpu_has(X86_FEATURE_APIC))
1506 ++ /* Is there an APIC at all or is it disabled? */
1507 ++ if (!boot_cpu_has(X86_FEATURE_APIC) || disable_apic)
1508 ++ return true;
1509 ++
1510 ++ /*
1511 ++ * If interrupt delivery mode is legacy PIC or virtual wire without
1512 ++ * configuration, the local APIC timer wont be set up. Make sure
1513 ++ * that the PIT is initialized.
1514 ++ */
1515 ++ if (apic_intr_mode == APIC_PIC ||
1516 ++ apic_intr_mode == APIC_VIRTUAL_WIRE_NO_CONFIG)
1517 + return true;
1518 +
1519 + /* Virt guests may lack ARAT, but still have DEADLINE */
1520 +@@ -1322,7 +1331,7 @@ void __init sync_Arb_IDs(void)
1521 +
1522 + enum apic_intr_mode_id apic_intr_mode __ro_after_init;
1523 +
1524 +-static int __init apic_intr_mode_select(void)
1525 ++static int __init __apic_intr_mode_select(void)
1526 + {
1527 + /* Check kernel option */
1528 + if (disable_apic) {
1529 +@@ -1384,6 +1393,12 @@ static int __init apic_intr_mode_select(void)
1530 + return APIC_SYMMETRIC_IO;
1531 + }
1532 +
1533 ++/* Select the interrupt delivery mode for the BSP */
1534 ++void __init apic_intr_mode_select(void)
1535 ++{
1536 ++ apic_intr_mode = __apic_intr_mode_select();
1537 ++}
1538 ++
1539 + /*
1540 + * An initial setup of the virtual wire mode.
1541 + */
1542 +@@ -1440,8 +1455,6 @@ void __init apic_intr_mode_init(void)
1543 + {
1544 + bool upmode = IS_ENABLED(CONFIG_UP_LATE_INIT);
1545 +
1546 +- apic_intr_mode = apic_intr_mode_select();
1547 +-
1548 + switch (apic_intr_mode) {
1549 + case APIC_PIC:
1550 + pr_info("APIC: Keep in PIC mode(8259)\n");
1551 +diff --git a/arch/x86/kernel/apic/msi.c b/arch/x86/kernel/apic/msi.c
1552 +index 7f7533462474..159bd0cb8548 100644
1553 +--- a/arch/x86/kernel/apic/msi.c
1554 ++++ b/arch/x86/kernel/apic/msi.c
1555 +@@ -23,10 +23,8 @@
1556 +
1557 + static struct irq_domain *msi_default_domain;
1558 +
1559 +-static void irq_msi_compose_msg(struct irq_data *data, struct msi_msg *msg)
1560 ++static void __irq_msi_compose_msg(struct irq_cfg *cfg, struct msi_msg *msg)
1561 + {
1562 +- struct irq_cfg *cfg = irqd_cfg(data);
1563 +-
1564 + msg->address_hi = MSI_ADDR_BASE_HI;
1565 +
1566 + if (x2apic_enabled())
1567 +@@ -47,6 +45,127 @@ static void irq_msi_compose_msg(struct irq_data *data, struct msi_msg *msg)
1568 + MSI_DATA_VECTOR(cfg->vector);
1569 + }
1570 +
1571 ++static void irq_msi_compose_msg(struct irq_data *data, struct msi_msg *msg)
1572 ++{
1573 ++ __irq_msi_compose_msg(irqd_cfg(data), msg);
1574 ++}
1575 ++
1576 ++static void irq_msi_update_msg(struct irq_data *irqd, struct irq_cfg *cfg)
1577 ++{
1578 ++ struct msi_msg msg[2] = { [1] = { }, };
1579 ++
1580 ++ __irq_msi_compose_msg(cfg, msg);
1581 ++ irq_data_get_irq_chip(irqd)->irq_write_msi_msg(irqd, msg);
1582 ++}
1583 ++
1584 ++static int
1585 ++msi_set_affinity(struct irq_data *irqd, const struct cpumask *mask, bool force)
1586 ++{
1587 ++ struct irq_cfg old_cfg, *cfg = irqd_cfg(irqd);
1588 ++ struct irq_data *parent = irqd->parent_data;
1589 ++ unsigned int cpu;
1590 ++ int ret;
1591 ++
1592 ++ /* Save the current configuration */
1593 ++ cpu = cpumask_first(irq_data_get_effective_affinity_mask(irqd));
1594 ++ old_cfg = *cfg;
1595 ++
1596 ++ /* Allocate a new target vector */
1597 ++ ret = parent->chip->irq_set_affinity(parent, mask, force);
1598 ++ if (ret < 0 || ret == IRQ_SET_MASK_OK_DONE)
1599 ++ return ret;
1600 ++
1601 ++ /*
1602 ++ * For non-maskable and non-remapped MSI interrupts the migration
1603 ++ * to a different destination CPU and a different vector has to be
1604 ++ * done careful to handle the possible stray interrupt which can be
1605 ++ * caused by the non-atomic update of the address/data pair.
1606 ++ *
1607 ++ * Direct update is possible when:
1608 ++ * - The MSI is maskable (remapped MSI does not use this code path)).
1609 ++ * The quirk bit is not set in this case.
1610 ++ * - The new vector is the same as the old vector
1611 ++ * - The old vector is MANAGED_IRQ_SHUTDOWN_VECTOR (interrupt starts up)
1612 ++ * - The new destination CPU is the same as the old destination CPU
1613 ++ */
1614 ++ if (!irqd_msi_nomask_quirk(irqd) ||
1615 ++ cfg->vector == old_cfg.vector ||
1616 ++ old_cfg.vector == MANAGED_IRQ_SHUTDOWN_VECTOR ||
1617 ++ cfg->dest_apicid == old_cfg.dest_apicid) {
1618 ++ irq_msi_update_msg(irqd, cfg);
1619 ++ return ret;
1620 ++ }
1621 ++
1622 ++ /*
1623 ++ * Paranoia: Validate that the interrupt target is the local
1624 ++ * CPU.
1625 ++ */
1626 ++ if (WARN_ON_ONCE(cpu != smp_processor_id())) {
1627 ++ irq_msi_update_msg(irqd, cfg);
1628 ++ return ret;
1629 ++ }
1630 ++
1631 ++ /*
1632 ++ * Redirect the interrupt to the new vector on the current CPU
1633 ++ * first. This might cause a spurious interrupt on this vector if
1634 ++ * the device raises an interrupt right between this update and the
1635 ++ * update to the final destination CPU.
1636 ++ *
1637 ++ * If the vector is in use then the installed device handler will
1638 ++ * denote it as spurious which is no harm as this is a rare event
1639 ++ * and interrupt handlers have to cope with spurious interrupts
1640 ++ * anyway. If the vector is unused, then it is marked so it won't
1641 ++ * trigger the 'No irq handler for vector' warning in do_IRQ().
1642 ++ *
1643 ++ * This requires to hold vector lock to prevent concurrent updates to
1644 ++ * the affected vector.
1645 ++ */
1646 ++ lock_vector_lock();
1647 ++
1648 ++ /*
1649 ++ * Mark the new target vector on the local CPU if it is currently
1650 ++ * unused. Reuse the VECTOR_RETRIGGERED state which is also used in
1651 ++ * the CPU hotplug path for a similar purpose. This cannot be
1652 ++ * undone here as the current CPU has interrupts disabled and
1653 ++ * cannot handle the interrupt before the whole set_affinity()
1654 ++ * section is done. In the CPU unplug case, the current CPU is
1655 ++ * about to vanish and will not handle any interrupts anymore. The
1656 ++ * vector is cleaned up when the CPU comes online again.
1657 ++ */
1658 ++ if (IS_ERR_OR_NULL(this_cpu_read(vector_irq[cfg->vector])))
1659 ++ this_cpu_write(vector_irq[cfg->vector], VECTOR_RETRIGGERED);
1660 ++
1661 ++ /* Redirect it to the new vector on the local CPU temporarily */
1662 ++ old_cfg.vector = cfg->vector;
1663 ++ irq_msi_update_msg(irqd, &old_cfg);
1664 ++
1665 ++ /* Now transition it to the target CPU */
1666 ++ irq_msi_update_msg(irqd, cfg);
1667 ++
1668 ++ /*
1669 ++ * All interrupts after this point are now targeted at the new
1670 ++ * vector/CPU.
1671 ++ *
1672 ++ * Drop vector lock before testing whether the temporary assignment
1673 ++ * to the local CPU was hit by an interrupt raised in the device,
1674 ++ * because the retrigger function acquires vector lock again.
1675 ++ */
1676 ++ unlock_vector_lock();
1677 ++
1678 ++ /*
1679 ++ * Check whether the transition raced with a device interrupt and
1680 ++ * is pending in the local APICs IRR. It is safe to do this outside
1681 ++ * of vector lock as the irq_desc::lock of this interrupt is still
1682 ++ * held and interrupts are disabled: The check is not accessing the
1683 ++ * underlying vector store. It's just checking the local APIC's
1684 ++ * IRR.
1685 ++ */
1686 ++ if (lapic_vector_set_in_irr(cfg->vector))
1687 ++ irq_data_get_irq_chip(irqd)->irq_retrigger(irqd);
1688 ++
1689 ++ return ret;
1690 ++}
1691 ++
1692 + /*
1693 + * IRQ Chip for MSI PCI/PCI-X/PCI-Express Devices,
1694 + * which implement the MSI or MSI-X Capability Structure.
1695 +@@ -58,6 +177,7 @@ static struct irq_chip pci_msi_controller = {
1696 + .irq_ack = irq_chip_ack_parent,
1697 + .irq_retrigger = irq_chip_retrigger_hierarchy,
1698 + .irq_compose_msi_msg = irq_msi_compose_msg,
1699 ++ .irq_set_affinity = msi_set_affinity,
1700 + .flags = IRQCHIP_SKIP_SET_WAKE,
1701 + };
1702 +
1703 +@@ -146,6 +266,8 @@ void __init arch_init_msi_domain(struct irq_domain *parent)
1704 + }
1705 + if (!msi_default_domain)
1706 + pr_warn("failed to initialize irqdomain for MSI/MSI-x.\n");
1707 ++ else
1708 ++ msi_default_domain->flags |= IRQ_DOMAIN_MSI_NOMASK_QUIRK;
1709 + }
1710 +
1711 + #ifdef CONFIG_IRQ_REMAP
1712 +diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
1713 +index 3e20d322bc98..032509adf9de 100644
1714 +--- a/arch/x86/kernel/cpu/tsx.c
1715 ++++ b/arch/x86/kernel/cpu/tsx.c
1716 +@@ -115,11 +115,12 @@ void __init tsx_init(void)
1717 + tsx_disable();
1718 +
1719 + /*
1720 +- * tsx_disable() will change the state of the
1721 +- * RTM CPUID bit. Clear it here since it is now
1722 +- * expected to be not set.
1723 ++ * tsx_disable() will change the state of the RTM and HLE CPUID
1724 ++ * bits. Clear them here since they are now expected to be not
1725 ++ * set.
1726 + */
1727 + setup_clear_cpu_cap(X86_FEATURE_RTM);
1728 ++ setup_clear_cpu_cap(X86_FEATURE_HLE);
1729 + } else if (tsx_ctrl_state == TSX_CTRL_ENABLE) {
1730 +
1731 + /*
1732 +@@ -131,10 +132,10 @@ void __init tsx_init(void)
1733 + tsx_enable();
1734 +
1735 + /*
1736 +- * tsx_enable() will change the state of the
1737 +- * RTM CPUID bit. Force it here since it is now
1738 +- * expected to be set.
1739 ++ * tsx_enable() will change the state of the RTM and HLE CPUID
1740 ++ * bits. Force them here since they are now expected to be set.
1741 + */
1742 + setup_force_cpu_cap(X86_FEATURE_RTM);
1743 ++ setup_force_cpu_cap(X86_FEATURE_HLE);
1744 + }
1745 + }
1746 +diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c
1747 +index 7ce29cee9f9e..d8673d8a779b 100644
1748 +--- a/arch/x86/kernel/time.c
1749 ++++ b/arch/x86/kernel/time.c
1750 +@@ -91,10 +91,18 @@ void __init hpet_time_init(void)
1751 +
1752 + static __init void x86_late_time_init(void)
1753 + {
1754 ++ /*
1755 ++ * Before PIT/HPET init, select the interrupt mode. This is required
1756 ++ * to make the decision whether PIT should be initialized correct.
1757 ++ */
1758 ++ x86_init.irqs.intr_mode_select();
1759 ++
1760 ++ /* Setup the legacy timers */
1761 + x86_init.timers.timer_init();
1762 ++
1763 + /*
1764 +- * After PIT/HPET timers init, select and setup
1765 +- * the final interrupt mode for delivering IRQs.
1766 ++ * After PIT/HPET timers init, set up the final interrupt mode for
1767 ++ * delivering IRQs.
1768 + */
1769 + x86_init.irqs.intr_mode_init();
1770 + tsc_init();
1771 +diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
1772 +index ce89430a7f80..9a89261dcd2a 100644
1773 +--- a/arch/x86/kernel/x86_init.c
1774 ++++ b/arch/x86/kernel/x86_init.c
1775 +@@ -80,6 +80,7 @@ struct x86_init_ops x86_init __initdata = {
1776 + .pre_vector_init = init_ISA_irqs,
1777 + .intr_init = native_init_IRQ,
1778 + .trap_init = x86_init_noop,
1779 ++ .intr_mode_select = apic_intr_mode_select,
1780 + .intr_mode_init = apic_intr_mode_init
1781 + },
1782 +
1783 +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
1784 +index cf55629ff0ff..50678fe6a504 100644
1785 +--- a/arch/x86/kvm/cpuid.c
1786 ++++ b/arch/x86/kvm/cpuid.c
1787 +@@ -352,6 +352,7 @@ static inline void do_cpuid_7_mask(struct kvm_cpuid_entry2 *entry, int index)
1788 + unsigned f_umip = kvm_x86_ops->umip_emulated() ? F(UMIP) : 0;
1789 + unsigned f_intel_pt = kvm_x86_ops->pt_supported() ? F(INTEL_PT) : 0;
1790 + unsigned f_la57;
1791 ++ unsigned f_pku = kvm_x86_ops->pku_supported() ? F(PKU) : 0;
1792 +
1793 + /* cpuid 7.0.ebx */
1794 + const u32 kvm_cpuid_7_0_ebx_x86_features =
1795 +@@ -363,7 +364,7 @@ static inline void do_cpuid_7_mask(struct kvm_cpuid_entry2 *entry, int index)
1796 +
1797 + /* cpuid 7.0.ecx*/
1798 + const u32 kvm_cpuid_7_0_ecx_x86_features =
1799 +- F(AVX512VBMI) | F(LA57) | F(PKU) | 0 /*OSPKE*/ | F(RDPID) |
1800 ++ F(AVX512VBMI) | F(LA57) | 0 /*PKU*/ | 0 /*OSPKE*/ | F(RDPID) |
1801 + F(AVX512_VPOPCNTDQ) | F(UMIP) | F(AVX512_VBMI2) | F(GFNI) |
1802 + F(VAES) | F(VPCLMULQDQ) | F(AVX512_VNNI) | F(AVX512_BITALG) |
1803 + F(CLDEMOTE) | F(MOVDIRI) | F(MOVDIR64B) | 0 /*WAITPKG*/;
1804 +@@ -392,6 +393,7 @@ static inline void do_cpuid_7_mask(struct kvm_cpuid_entry2 *entry, int index)
1805 + /* Set LA57 based on hardware capability. */
1806 + entry->ecx |= f_la57;
1807 + entry->ecx |= f_umip;
1808 ++ entry->ecx |= f_pku;
1809 + /* PKU is not yet implemented for shadow paging. */
1810 + if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
1811 + entry->ecx &= ~F(PKU);
1812 +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
1813 +index 952d1a4f4d7e..3dc25ff95c46 100644
1814 +--- a/arch/x86/kvm/emulate.c
1815 ++++ b/arch/x86/kvm/emulate.c
1816 +@@ -22,6 +22,7 @@
1817 + #include "kvm_cache_regs.h"
1818 + #include <asm/kvm_emulate.h>
1819 + #include <linux/stringify.h>
1820 ++#include <asm/fpu/api.h>
1821 + #include <asm/debugreg.h>
1822 + #include <asm/nospec-branch.h>
1823 +
1824 +@@ -1075,8 +1076,23 @@ static void fetch_register_operand(struct operand *op)
1825 + }
1826 + }
1827 +
1828 ++static void emulator_get_fpu(void)
1829 ++{
1830 ++ fpregs_lock();
1831 ++
1832 ++ fpregs_assert_state_consistent();
1833 ++ if (test_thread_flag(TIF_NEED_FPU_LOAD))
1834 ++ switch_fpu_return();
1835 ++}
1836 ++
1837 ++static void emulator_put_fpu(void)
1838 ++{
1839 ++ fpregs_unlock();
1840 ++}
1841 ++
1842 + static void read_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data, int reg)
1843 + {
1844 ++ emulator_get_fpu();
1845 + switch (reg) {
1846 + case 0: asm("movdqa %%xmm0, %0" : "=m"(*data)); break;
1847 + case 1: asm("movdqa %%xmm1, %0" : "=m"(*data)); break;
1848 +@@ -1098,11 +1114,13 @@ static void read_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data, int reg)
1849 + #endif
1850 + default: BUG();
1851 + }
1852 ++ emulator_put_fpu();
1853 + }
1854 +
1855 + static void write_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data,
1856 + int reg)
1857 + {
1858 ++ emulator_get_fpu();
1859 + switch (reg) {
1860 + case 0: asm("movdqa %0, %%xmm0" : : "m"(*data)); break;
1861 + case 1: asm("movdqa %0, %%xmm1" : : "m"(*data)); break;
1862 +@@ -1124,10 +1142,12 @@ static void write_sse_reg(struct x86_emulate_ctxt *ctxt, sse128_t *data,
1863 + #endif
1864 + default: BUG();
1865 + }
1866 ++ emulator_put_fpu();
1867 + }
1868 +
1869 + static void read_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1870 + {
1871 ++ emulator_get_fpu();
1872 + switch (reg) {
1873 + case 0: asm("movq %%mm0, %0" : "=m"(*data)); break;
1874 + case 1: asm("movq %%mm1, %0" : "=m"(*data)); break;
1875 +@@ -1139,10 +1159,12 @@ static void read_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1876 + case 7: asm("movq %%mm7, %0" : "=m"(*data)); break;
1877 + default: BUG();
1878 + }
1879 ++ emulator_put_fpu();
1880 + }
1881 +
1882 + static void write_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1883 + {
1884 ++ emulator_get_fpu();
1885 + switch (reg) {
1886 + case 0: asm("movq %0, %%mm0" : : "m"(*data)); break;
1887 + case 1: asm("movq %0, %%mm1" : : "m"(*data)); break;
1888 +@@ -1154,6 +1176,7 @@ static void write_mmx_reg(struct x86_emulate_ctxt *ctxt, u64 *data, int reg)
1889 + case 7: asm("movq %0, %%mm7" : : "m"(*data)); break;
1890 + default: BUG();
1891 + }
1892 ++ emulator_put_fpu();
1893 + }
1894 +
1895 + static int em_fninit(struct x86_emulate_ctxt *ctxt)
1896 +@@ -1161,7 +1184,9 @@ static int em_fninit(struct x86_emulate_ctxt *ctxt)
1897 + if (ctxt->ops->get_cr(ctxt, 0) & (X86_CR0_TS | X86_CR0_EM))
1898 + return emulate_nm(ctxt);
1899 +
1900 ++ emulator_get_fpu();
1901 + asm volatile("fninit");
1902 ++ emulator_put_fpu();
1903 + return X86EMUL_CONTINUE;
1904 + }
1905 +
1906 +@@ -1172,7 +1197,9 @@ static int em_fnstcw(struct x86_emulate_ctxt *ctxt)
1907 + if (ctxt->ops->get_cr(ctxt, 0) & (X86_CR0_TS | X86_CR0_EM))
1908 + return emulate_nm(ctxt);
1909 +
1910 ++ emulator_get_fpu();
1911 + asm volatile("fnstcw %0": "+m"(fcw));
1912 ++ emulator_put_fpu();
1913 +
1914 + ctxt->dst.val = fcw;
1915 +
1916 +@@ -1186,7 +1213,9 @@ static int em_fnstsw(struct x86_emulate_ctxt *ctxt)
1917 + if (ctxt->ops->get_cr(ctxt, 0) & (X86_CR0_TS | X86_CR0_EM))
1918 + return emulate_nm(ctxt);
1919 +
1920 ++ emulator_get_fpu();
1921 + asm volatile("fnstsw %0": "+m"(fsw));
1922 ++ emulator_put_fpu();
1923 +
1924 + ctxt->dst.val = fsw;
1925 +
1926 +@@ -4092,8 +4121,12 @@ static int em_fxsave(struct x86_emulate_ctxt *ctxt)
1927 + if (rc != X86EMUL_CONTINUE)
1928 + return rc;
1929 +
1930 ++ emulator_get_fpu();
1931 ++
1932 + rc = asm_safe("fxsave %[fx]", , [fx] "+m"(fx_state));
1933 +
1934 ++ emulator_put_fpu();
1935 ++
1936 + if (rc != X86EMUL_CONTINUE)
1937 + return rc;
1938 +
1939 +@@ -4136,6 +4169,8 @@ static int em_fxrstor(struct x86_emulate_ctxt *ctxt)
1940 + if (rc != X86EMUL_CONTINUE)
1941 + return rc;
1942 +
1943 ++ emulator_get_fpu();
1944 ++
1945 + if (size < __fxstate_size(16)) {
1946 + rc = fxregs_fixup(&fx_state, size);
1947 + if (rc != X86EMUL_CONTINUE)
1948 +@@ -4151,6 +4186,8 @@ static int em_fxrstor(struct x86_emulate_ctxt *ctxt)
1949 + rc = asm_safe("fxrstor %[fx]", : [fx] "m"(fx_state));
1950 +
1951 + out:
1952 ++ emulator_put_fpu();
1953 ++
1954 + return rc;
1955 + }
1956 +
1957 +@@ -5210,16 +5247,28 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
1958 + ctxt->ad_bytes = def_ad_bytes ^ 6;
1959 + break;
1960 + case 0x26: /* ES override */
1961 ++ has_seg_override = true;
1962 ++ ctxt->seg_override = VCPU_SREG_ES;
1963 ++ break;
1964 + case 0x2e: /* CS override */
1965 ++ has_seg_override = true;
1966 ++ ctxt->seg_override = VCPU_SREG_CS;
1967 ++ break;
1968 + case 0x36: /* SS override */
1969 ++ has_seg_override = true;
1970 ++ ctxt->seg_override = VCPU_SREG_SS;
1971 ++ break;
1972 + case 0x3e: /* DS override */
1973 + has_seg_override = true;
1974 +- ctxt->seg_override = (ctxt->b >> 3) & 3;
1975 ++ ctxt->seg_override = VCPU_SREG_DS;
1976 + break;
1977 + case 0x64: /* FS override */
1978 ++ has_seg_override = true;
1979 ++ ctxt->seg_override = VCPU_SREG_FS;
1980 ++ break;
1981 + case 0x65: /* GS override */
1982 + has_seg_override = true;
1983 +- ctxt->seg_override = ctxt->b & 7;
1984 ++ ctxt->seg_override = VCPU_SREG_GS;
1985 + break;
1986 + case 0x40 ... 0x4f: /* REX */
1987 + if (mode != X86EMUL_MODE_PROT64)
1988 +@@ -5303,10 +5352,15 @@ done_prefixes:
1989 + }
1990 + break;
1991 + case Escape:
1992 +- if (ctxt->modrm > 0xbf)
1993 +- opcode = opcode.u.esc->high[ctxt->modrm - 0xc0];
1994 +- else
1995 ++ if (ctxt->modrm > 0xbf) {
1996 ++ size_t size = ARRAY_SIZE(opcode.u.esc->high);
1997 ++ u32 index = array_index_nospec(
1998 ++ ctxt->modrm - 0xc0, size);
1999 ++
2000 ++ opcode = opcode.u.esc->high[index];
2001 ++ } else {
2002 + opcode = opcode.u.esc->op[(ctxt->modrm >> 3) & 7];
2003 ++ }
2004 + break;
2005 + case InstrDual:
2006 + if ((ctxt->modrm >> 6) == 3)
2007 +@@ -5448,7 +5502,9 @@ static int flush_pending_x87_faults(struct x86_emulate_ctxt *ctxt)
2008 + {
2009 + int rc;
2010 +
2011 ++ emulator_get_fpu();
2012 + rc = asm_safe("fwait");
2013 ++ emulator_put_fpu();
2014 +
2015 + if (unlikely(rc != X86EMUL_CONTINUE))
2016 + return emulate_exception(ctxt, MF_VECTOR, 0, false);
2017 +diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
2018 +index 23ff65504d7e..26408434b9bc 100644
2019 +--- a/arch/x86/kvm/hyperv.c
2020 ++++ b/arch/x86/kvm/hyperv.c
2021 +@@ -809,11 +809,12 @@ static int kvm_hv_msr_get_crash_data(struct kvm_vcpu *vcpu,
2022 + u32 index, u64 *pdata)
2023 + {
2024 + struct kvm_hv *hv = &vcpu->kvm->arch.hyperv;
2025 ++ size_t size = ARRAY_SIZE(hv->hv_crash_param);
2026 +
2027 +- if (WARN_ON_ONCE(index >= ARRAY_SIZE(hv->hv_crash_param)))
2028 ++ if (WARN_ON_ONCE(index >= size))
2029 + return -EINVAL;
2030 +
2031 +- *pdata = hv->hv_crash_param[index];
2032 ++ *pdata = hv->hv_crash_param[array_index_nospec(index, size)];
2033 + return 0;
2034 + }
2035 +
2036 +@@ -852,11 +853,12 @@ static int kvm_hv_msr_set_crash_data(struct kvm_vcpu *vcpu,
2037 + u32 index, u64 data)
2038 + {
2039 + struct kvm_hv *hv = &vcpu->kvm->arch.hyperv;
2040 ++ size_t size = ARRAY_SIZE(hv->hv_crash_param);
2041 +
2042 +- if (WARN_ON_ONCE(index >= ARRAY_SIZE(hv->hv_crash_param)))
2043 ++ if (WARN_ON_ONCE(index >= size))
2044 + return -EINVAL;
2045 +
2046 +- hv->hv_crash_param[index] = data;
2047 ++ hv->hv_crash_param[array_index_nospec(index, size)] = data;
2048 + return 0;
2049 + }
2050 +
2051 +diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
2052 +index 8b38bb4868a6..629a09ca9860 100644
2053 +--- a/arch/x86/kvm/i8259.c
2054 ++++ b/arch/x86/kvm/i8259.c
2055 +@@ -460,10 +460,14 @@ static int picdev_write(struct kvm_pic *s,
2056 + switch (addr) {
2057 + case 0x20:
2058 + case 0x21:
2059 ++ pic_lock(s);
2060 ++ pic_ioport_write(&s->pics[0], addr, data);
2061 ++ pic_unlock(s);
2062 ++ break;
2063 + case 0xa0:
2064 + case 0xa1:
2065 + pic_lock(s);
2066 +- pic_ioport_write(&s->pics[addr >> 7], addr, data);
2067 ++ pic_ioport_write(&s->pics[1], addr, data);
2068 + pic_unlock(s);
2069 + break;
2070 + case 0x4d0:
2071 +diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
2072 +index 9fd2dd89a1c5..8aa58727045e 100644
2073 +--- a/arch/x86/kvm/ioapic.c
2074 ++++ b/arch/x86/kvm/ioapic.c
2075 +@@ -36,6 +36,7 @@
2076 + #include <linux/io.h>
2077 + #include <linux/slab.h>
2078 + #include <linux/export.h>
2079 ++#include <linux/nospec.h>
2080 + #include <asm/processor.h>
2081 + #include <asm/page.h>
2082 + #include <asm/current.h>
2083 +@@ -68,13 +69,14 @@ static unsigned long ioapic_read_indirect(struct kvm_ioapic *ioapic,
2084 + default:
2085 + {
2086 + u32 redir_index = (ioapic->ioregsel - 0x10) >> 1;
2087 +- u64 redir_content;
2088 ++ u64 redir_content = ~0ULL;
2089 +
2090 +- if (redir_index < IOAPIC_NUM_PINS)
2091 +- redir_content =
2092 +- ioapic->redirtbl[redir_index].bits;
2093 +- else
2094 +- redir_content = ~0ULL;
2095 ++ if (redir_index < IOAPIC_NUM_PINS) {
2096 ++ u32 index = array_index_nospec(
2097 ++ redir_index, IOAPIC_NUM_PINS);
2098 ++
2099 ++ redir_content = ioapic->redirtbl[index].bits;
2100 ++ }
2101 +
2102 + result = (ioapic->ioregsel & 0x1) ?
2103 + (redir_content >> 32) & 0xffffffff :
2104 +@@ -292,6 +294,7 @@ static void ioapic_write_indirect(struct kvm_ioapic *ioapic, u32 val)
2105 +
2106 + if (index >= IOAPIC_NUM_PINS)
2107 + return;
2108 ++ index = array_index_nospec(index, IOAPIC_NUM_PINS);
2109 + e = &ioapic->redirtbl[index];
2110 + mask_before = e->fields.mask;
2111 + /* Preserve read-only fields */
2112 +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
2113 +index cf9177b4a07f..3323115f52d5 100644
2114 +--- a/arch/x86/kvm/lapic.c
2115 ++++ b/arch/x86/kvm/lapic.c
2116 +@@ -1963,15 +1963,20 @@ int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
2117 + case APIC_LVTTHMR:
2118 + case APIC_LVTPC:
2119 + case APIC_LVT1:
2120 +- case APIC_LVTERR:
2121 ++ case APIC_LVTERR: {
2122 + /* TODO: Check vector */
2123 ++ size_t size;
2124 ++ u32 index;
2125 ++
2126 + if (!kvm_apic_sw_enabled(apic))
2127 + val |= APIC_LVT_MASKED;
2128 +-
2129 +- val &= apic_lvt_mask[(reg - APIC_LVTT) >> 4];
2130 ++ size = ARRAY_SIZE(apic_lvt_mask);
2131 ++ index = array_index_nospec(
2132 ++ (reg - APIC_LVTT) >> 4, size);
2133 ++ val &= apic_lvt_mask[index];
2134 + kvm_lapic_set_reg(apic, reg, val);
2135 +-
2136 + break;
2137 ++ }
2138 +
2139 + case APIC_LVTT:
2140 + if (!kvm_apic_sw_enabled(apic))
2141 +diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
2142 +index 6f92b40d798c..d21b69bbd6f4 100644
2143 +--- a/arch/x86/kvm/mmu/mmu.c
2144 ++++ b/arch/x86/kvm/mmu/mmu.c
2145 +@@ -418,22 +418,24 @@ static inline bool is_access_track_spte(u64 spte)
2146 + * requires a full MMU zap). The flag is instead explicitly queried when
2147 + * checking for MMIO spte cache hits.
2148 + */
2149 +-#define MMIO_SPTE_GEN_MASK GENMASK_ULL(18, 0)
2150 ++#define MMIO_SPTE_GEN_MASK GENMASK_ULL(17, 0)
2151 +
2152 + #define MMIO_SPTE_GEN_LOW_START 3
2153 + #define MMIO_SPTE_GEN_LOW_END 11
2154 + #define MMIO_SPTE_GEN_LOW_MASK GENMASK_ULL(MMIO_SPTE_GEN_LOW_END, \
2155 + MMIO_SPTE_GEN_LOW_START)
2156 +
2157 +-#define MMIO_SPTE_GEN_HIGH_START 52
2158 +-#define MMIO_SPTE_GEN_HIGH_END 61
2159 ++#define MMIO_SPTE_GEN_HIGH_START PT64_SECOND_AVAIL_BITS_SHIFT
2160 ++#define MMIO_SPTE_GEN_HIGH_END 62
2161 + #define MMIO_SPTE_GEN_HIGH_MASK GENMASK_ULL(MMIO_SPTE_GEN_HIGH_END, \
2162 + MMIO_SPTE_GEN_HIGH_START)
2163 ++
2164 + static u64 generation_mmio_spte_mask(u64 gen)
2165 + {
2166 + u64 mask;
2167 +
2168 + WARN_ON(gen & ~MMIO_SPTE_GEN_MASK);
2169 ++ BUILD_BUG_ON((MMIO_SPTE_GEN_HIGH_MASK | MMIO_SPTE_GEN_LOW_MASK) & SPTE_SPECIAL_MASK);
2170 +
2171 + mask = (gen << MMIO_SPTE_GEN_LOW_START) & MMIO_SPTE_GEN_LOW_MASK;
2172 + mask |= (gen << MMIO_SPTE_GEN_HIGH_START) & MMIO_SPTE_GEN_HIGH_MASK;
2173 +@@ -444,8 +446,6 @@ static u64 get_mmio_spte_generation(u64 spte)
2174 + {
2175 + u64 gen;
2176 +
2177 +- spte &= ~shadow_mmio_mask;
2178 +-
2179 + gen = (spte & MMIO_SPTE_GEN_LOW_MASK) >> MMIO_SPTE_GEN_LOW_START;
2180 + gen |= (spte & MMIO_SPTE_GEN_HIGH_MASK) >> MMIO_SPTE_GEN_HIGH_START;
2181 + return gen;
2182 +@@ -538,16 +538,20 @@ EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes);
2183 + static u8 kvm_get_shadow_phys_bits(void)
2184 + {
2185 + /*
2186 +- * boot_cpu_data.x86_phys_bits is reduced when MKTME is detected
2187 +- * in CPU detection code, but MKTME treats those reduced bits as
2188 +- * 'keyID' thus they are not reserved bits. Therefore for MKTME
2189 +- * we should still return physical address bits reported by CPUID.
2190 ++ * boot_cpu_data.x86_phys_bits is reduced when MKTME or SME are detected
2191 ++ * in CPU detection code, but the processor treats those reduced bits as
2192 ++ * 'keyID' thus they are not reserved bits. Therefore KVM needs to look at
2193 ++ * the physical address bits reported by CPUID.
2194 + */
2195 +- if (!boot_cpu_has(X86_FEATURE_TME) ||
2196 +- WARN_ON_ONCE(boot_cpu_data.extended_cpuid_level < 0x80000008))
2197 +- return boot_cpu_data.x86_phys_bits;
2198 ++ if (likely(boot_cpu_data.extended_cpuid_level >= 0x80000008))
2199 ++ return cpuid_eax(0x80000008) & 0xff;
2200 +
2201 +- return cpuid_eax(0x80000008) & 0xff;
2202 ++ /*
2203 ++ * Quite weird to have VMX or SVM but not MAXPHYADDR; probably a VM with
2204 ++ * custom CPUID. Proceed with whatever the kernel found since these features
2205 ++ * aren't virtualizable (SME/SEV also require CPUIDs higher than 0x80000008).
2206 ++ */
2207 ++ return boot_cpu_data.x86_phys_bits;
2208 + }
2209 +
2210 + static void kvm_mmu_reset_all_pte_masks(void)
2211 +@@ -1282,12 +1286,12 @@ static bool mmu_gfn_lpage_is_disallowed(struct kvm_vcpu *vcpu, gfn_t gfn,
2212 + return __mmu_gfn_lpage_is_disallowed(gfn, level, slot);
2213 + }
2214 +
2215 +-static int host_mapping_level(struct kvm *kvm, gfn_t gfn)
2216 ++static int host_mapping_level(struct kvm_vcpu *vcpu, gfn_t gfn)
2217 + {
2218 + unsigned long page_size;
2219 + int i, ret = 0;
2220 +
2221 +- page_size = kvm_host_page_size(kvm, gfn);
2222 ++ page_size = kvm_host_page_size(vcpu, gfn);
2223 +
2224 + for (i = PT_PAGE_TABLE_LEVEL; i <= PT_MAX_HUGEPAGE_LEVEL; ++i) {
2225 + if (page_size >= KVM_HPAGE_SIZE(i))
2226 +@@ -1337,7 +1341,7 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn,
2227 + if (unlikely(*force_pt_level))
2228 + return PT_PAGE_TABLE_LEVEL;
2229 +
2230 +- host_level = host_mapping_level(vcpu->kvm, large_gfn);
2231 ++ host_level = host_mapping_level(vcpu, large_gfn);
2232 +
2233 + if (host_level == PT_PAGE_TABLE_LEVEL)
2234 + return host_level;
2235 +@@ -3528,7 +3532,7 @@ static bool is_access_allowed(u32 fault_err_code, u64 spte)
2236 + * - true: let the vcpu to access on the same address again.
2237 + * - false: let the real page fault path to fix it.
2238 + */
2239 +-static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2240 ++static bool fast_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, int level,
2241 + u32 error_code)
2242 + {
2243 + struct kvm_shadow_walk_iterator iterator;
2244 +@@ -3548,7 +3552,7 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2245 + do {
2246 + u64 new_spte;
2247 +
2248 +- for_each_shadow_entry_lockless(vcpu, gva, iterator, spte)
2249 ++ for_each_shadow_entry_lockless(vcpu, cr2_or_gpa, iterator, spte)
2250 + if (!is_shadow_present_pte(spte) ||
2251 + iterator.level < level)
2252 + break;
2253 +@@ -3626,7 +3630,7 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2254 +
2255 + } while (true);
2256 +
2257 +- trace_fast_page_fault(vcpu, gva, error_code, iterator.sptep,
2258 ++ trace_fast_page_fault(vcpu, cr2_or_gpa, error_code, iterator.sptep,
2259 + spte, fault_handled);
2260 + walk_shadow_page_lockless_end(vcpu);
2261 +
2262 +@@ -3634,10 +3638,11 @@ static bool fast_page_fault(struct kvm_vcpu *vcpu, gva_t gva, int level,
2263 + }
2264 +
2265 + static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
2266 +- gva_t gva, kvm_pfn_t *pfn, bool write, bool *writable);
2267 ++ gpa_t cr2_or_gpa, kvm_pfn_t *pfn, bool write,
2268 ++ bool *writable);
2269 + static int make_mmu_pages_available(struct kvm_vcpu *vcpu);
2270 +
2271 +-static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
2272 ++static int nonpaging_map(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code,
2273 + gfn_t gfn, bool prefault)
2274 + {
2275 + int r;
2276 +@@ -3663,16 +3668,16 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
2277 + gfn &= ~(KVM_PAGES_PER_HPAGE(level) - 1);
2278 + }
2279 +
2280 +- if (fast_page_fault(vcpu, v, level, error_code))
2281 ++ if (fast_page_fault(vcpu, gpa, level, error_code))
2282 + return RET_PF_RETRY;
2283 +
2284 + mmu_seq = vcpu->kvm->mmu_notifier_seq;
2285 + smp_rmb();
2286 +
2287 +- if (try_async_pf(vcpu, prefault, gfn, v, &pfn, write, &map_writable))
2288 ++ if (try_async_pf(vcpu, prefault, gfn, gpa, &pfn, write, &map_writable))
2289 + return RET_PF_RETRY;
2290 +
2291 +- if (handle_abnormal_pfn(vcpu, v, gfn, pfn, ACC_ALL, &r))
2292 ++ if (handle_abnormal_pfn(vcpu, gpa, gfn, pfn, ACC_ALL, &r))
2293 + return r;
2294 +
2295 + r = RET_PF_RETRY;
2296 +@@ -3683,7 +3688,7 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
2297 + goto out_unlock;
2298 + if (likely(!force_pt_level))
2299 + transparent_hugepage_adjust(vcpu, gfn, &pfn, &level);
2300 +- r = __direct_map(vcpu, v, write, map_writable, level, pfn,
2301 ++ r = __direct_map(vcpu, gpa, write, map_writable, level, pfn,
2302 + prefault, false);
2303 + out_unlock:
2304 + spin_unlock(&vcpu->kvm->mmu_lock);
2305 +@@ -3981,7 +3986,7 @@ void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu)
2306 + }
2307 + EXPORT_SYMBOL_GPL(kvm_mmu_sync_roots);
2308 +
2309 +-static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr,
2310 ++static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gpa_t vaddr,
2311 + u32 access, struct x86_exception *exception)
2312 + {
2313 + if (exception)
2314 +@@ -3989,7 +3994,7 @@ static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr,
2315 + return vaddr;
2316 + }
2317 +
2318 +-static gpa_t nonpaging_gva_to_gpa_nested(struct kvm_vcpu *vcpu, gva_t vaddr,
2319 ++static gpa_t nonpaging_gva_to_gpa_nested(struct kvm_vcpu *vcpu, gpa_t vaddr,
2320 + u32 access,
2321 + struct x86_exception *exception)
2322 + {
2323 +@@ -4149,13 +4154,14 @@ static void shadow_page_table_clear_flood(struct kvm_vcpu *vcpu, gva_t addr)
2324 + walk_shadow_page_lockless_end(vcpu);
2325 + }
2326 +
2327 +-static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
2328 ++static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa,
2329 + u32 error_code, bool prefault)
2330 + {
2331 +- gfn_t gfn = gva >> PAGE_SHIFT;
2332 ++ gfn_t gfn = gpa >> PAGE_SHIFT;
2333 + int r;
2334 +
2335 +- pgprintk("%s: gva %lx error %x\n", __func__, gva, error_code);
2336 ++ /* Note, paging is disabled, ergo gva == gpa. */
2337 ++ pgprintk("%s: gva %lx error %x\n", __func__, gpa, error_code);
2338 +
2339 + if (page_fault_handle_page_track(vcpu, error_code, gfn))
2340 + return RET_PF_EMULATE;
2341 +@@ -4167,11 +4173,12 @@ static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
2342 + MMU_WARN_ON(!VALID_PAGE(vcpu->arch.mmu->root_hpa));
2343 +
2344 +
2345 +- return nonpaging_map(vcpu, gva & PAGE_MASK,
2346 ++ return nonpaging_map(vcpu, gpa & PAGE_MASK,
2347 + error_code, gfn, prefault);
2348 + }
2349 +
2350 +-static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
2351 ++static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
2352 ++ gfn_t gfn)
2353 + {
2354 + struct kvm_arch_async_pf arch;
2355 +
2356 +@@ -4180,11 +4187,13 @@ static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
2357 + arch.direct_map = vcpu->arch.mmu->direct_map;
2358 + arch.cr3 = vcpu->arch.mmu->get_cr3(vcpu);
2359 +
2360 +- return kvm_setup_async_pf(vcpu, gva, kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
2361 ++ return kvm_setup_async_pf(vcpu, cr2_or_gpa,
2362 ++ kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
2363 + }
2364 +
2365 + static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
2366 +- gva_t gva, kvm_pfn_t *pfn, bool write, bool *writable)
2367 ++ gpa_t cr2_or_gpa, kvm_pfn_t *pfn, bool write,
2368 ++ bool *writable)
2369 + {
2370 + struct kvm_memory_slot *slot;
2371 + bool async;
2372 +@@ -4204,12 +4213,12 @@ static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
2373 + return false; /* *pfn has correct page already */
2374 +
2375 + if (!prefault && kvm_can_do_async_pf(vcpu)) {
2376 +- trace_kvm_try_async_get_page(gva, gfn);
2377 ++ trace_kvm_try_async_get_page(cr2_or_gpa, gfn);
2378 + if (kvm_find_async_pf_gfn(vcpu, gfn)) {
2379 +- trace_kvm_async_pf_doublefault(gva, gfn);
2380 ++ trace_kvm_async_pf_doublefault(cr2_or_gpa, gfn);
2381 + kvm_make_request(KVM_REQ_APF_HALT, vcpu);
2382 + return true;
2383 +- } else if (kvm_arch_setup_async_pf(vcpu, gva, gfn))
2384 ++ } else if (kvm_arch_setup_async_pf(vcpu, cr2_or_gpa, gfn))
2385 + return true;
2386 + }
2387 +
2388 +@@ -4222,6 +4231,12 @@ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code,
2389 + {
2390 + int r = 1;
2391 +
2392 ++#ifndef CONFIG_X86_64
2393 ++ /* A 64-bit CR2 should be impossible on 32-bit KVM. */
2394 ++ if (WARN_ON_ONCE(fault_address >> 32))
2395 ++ return -EFAULT;
2396 ++#endif
2397 ++
2398 + vcpu->arch.l1tf_flush_l1d = true;
2399 + switch (vcpu->arch.apf.host_apf_reason) {
2400 + default:
2401 +@@ -4259,7 +4274,7 @@ check_hugepage_cache_consistency(struct kvm_vcpu *vcpu, gfn_t gfn, int level)
2402 + return kvm_mtrr_check_gfn_range_consistency(vcpu, gfn, page_num);
2403 + }
2404 +
2405 +-static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
2406 ++static int tdp_page_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u32 error_code,
2407 + bool prefault)
2408 + {
2409 + kvm_pfn_t pfn;
2410 +@@ -5516,7 +5531,7 @@ static int make_mmu_pages_available(struct kvm_vcpu *vcpu)
2411 + return 0;
2412 + }
2413 +
2414 +-int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2415 ++int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u64 error_code,
2416 + void *insn, int insn_len)
2417 + {
2418 + int r, emulation_type = 0;
2419 +@@ -5525,18 +5540,18 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2420 + /* With shadow page tables, fault_address contains a GVA or nGPA. */
2421 + if (vcpu->arch.mmu->direct_map) {
2422 + vcpu->arch.gpa_available = true;
2423 +- vcpu->arch.gpa_val = cr2;
2424 ++ vcpu->arch.gpa_val = cr2_or_gpa;
2425 + }
2426 +
2427 + r = RET_PF_INVALID;
2428 + if (unlikely(error_code & PFERR_RSVD_MASK)) {
2429 +- r = handle_mmio_page_fault(vcpu, cr2, direct);
2430 ++ r = handle_mmio_page_fault(vcpu, cr2_or_gpa, direct);
2431 + if (r == RET_PF_EMULATE)
2432 + goto emulate;
2433 + }
2434 +
2435 + if (r == RET_PF_INVALID) {
2436 +- r = vcpu->arch.mmu->page_fault(vcpu, cr2,
2437 ++ r = vcpu->arch.mmu->page_fault(vcpu, cr2_or_gpa,
2438 + lower_32_bits(error_code),
2439 + false);
2440 + WARN_ON(r == RET_PF_INVALID);
2441 +@@ -5556,7 +5571,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2442 + */
2443 + if (vcpu->arch.mmu->direct_map &&
2444 + (error_code & PFERR_NESTED_GUEST_PAGE) == PFERR_NESTED_GUEST_PAGE) {
2445 +- kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2));
2446 ++ kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2_or_gpa));
2447 + return 1;
2448 + }
2449 +
2450 +@@ -5571,7 +5586,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
2451 + * explicitly shadowing L1's page tables, i.e. unprotecting something
2452 + * for L1 isn't going to magically fix whatever issue cause L2 to fail.
2453 + */
2454 +- if (!mmio_info_in_cache(vcpu, cr2, direct) && !is_guest_mode(vcpu))
2455 ++ if (!mmio_info_in_cache(vcpu, cr2_or_gpa, direct) && !is_guest_mode(vcpu))
2456 + emulation_type = EMULTYPE_ALLOW_RETRY;
2457 + emulate:
2458 + /*
2459 +@@ -5586,7 +5601,7 @@ emulate:
2460 + return 1;
2461 + }
2462 +
2463 +- return x86_emulate_instruction(vcpu, cr2, emulation_type, insn,
2464 ++ return x86_emulate_instruction(vcpu, cr2_or_gpa, emulation_type, insn,
2465 + insn_len);
2466 + }
2467 + EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
2468 +@@ -6249,7 +6264,7 @@ static void kvm_set_mmio_spte_mask(void)
2469 + * If reserved bit is not supported, clear the present bit to disable
2470 + * mmio page fault.
2471 + */
2472 +- if (IS_ENABLED(CONFIG_X86_64) && shadow_phys_bits == 52)
2473 ++ if (shadow_phys_bits == 52)
2474 + mask &= ~1ull;
2475 +
2476 + kvm_mmu_set_mmio_spte_mask(mask, mask, ACC_WRITE_MASK | ACC_USER_MASK);
2477 +diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h
2478 +index 97b21e7fd013..c1d7b866a03f 100644
2479 +--- a/arch/x86/kvm/mmu/paging_tmpl.h
2480 ++++ b/arch/x86/kvm/mmu/paging_tmpl.h
2481 +@@ -291,11 +291,11 @@ static inline unsigned FNAME(gpte_pkeys)(struct kvm_vcpu *vcpu, u64 gpte)
2482 + }
2483 +
2484 + /*
2485 +- * Fetch a guest pte for a guest virtual address
2486 ++ * Fetch a guest pte for a guest virtual address, or for an L2's GPA.
2487 + */
2488 + static int FNAME(walk_addr_generic)(struct guest_walker *walker,
2489 + struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
2490 +- gva_t addr, u32 access)
2491 ++ gpa_t addr, u32 access)
2492 + {
2493 + int ret;
2494 + pt_element_t pte;
2495 +@@ -496,7 +496,7 @@ error:
2496 + }
2497 +
2498 + static int FNAME(walk_addr)(struct guest_walker *walker,
2499 +- struct kvm_vcpu *vcpu, gva_t addr, u32 access)
2500 ++ struct kvm_vcpu *vcpu, gpa_t addr, u32 access)
2501 + {
2502 + return FNAME(walk_addr_generic)(walker, vcpu, vcpu->arch.mmu, addr,
2503 + access);
2504 +@@ -611,7 +611,7 @@ static void FNAME(pte_prefetch)(struct kvm_vcpu *vcpu, struct guest_walker *gw,
2505 + * If the guest tries to write a write-protected page, we need to
2506 + * emulate this operation, return 1 to indicate this case.
2507 + */
2508 +-static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
2509 ++static int FNAME(fetch)(struct kvm_vcpu *vcpu, gpa_t addr,
2510 + struct guest_walker *gw,
2511 + int write_fault, int hlevel,
2512 + kvm_pfn_t pfn, bool map_writable, bool prefault,
2513 +@@ -765,7 +765,7 @@ FNAME(is_self_change_mapping)(struct kvm_vcpu *vcpu,
2514 + * Returns: 1 if we need to emulate the instruction, 0 otherwise, or
2515 + * a negative value on error.
2516 + */
2517 +-static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
2518 ++static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gpa_t addr, u32 error_code,
2519 + bool prefault)
2520 + {
2521 + int write_fault = error_code & PFERR_WRITE_MASK;
2522 +@@ -945,18 +945,19 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva, hpa_t root_hpa)
2523 + spin_unlock(&vcpu->kvm->mmu_lock);
2524 + }
2525 +
2526 +-static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t vaddr, u32 access,
2527 ++/* Note, @addr is a GPA when gva_to_gpa() translates an L2 GPA to an L1 GPA. */
2528 ++static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gpa_t addr, u32 access,
2529 + struct x86_exception *exception)
2530 + {
2531 + struct guest_walker walker;
2532 + gpa_t gpa = UNMAPPED_GVA;
2533 + int r;
2534 +
2535 +- r = FNAME(walk_addr)(&walker, vcpu, vaddr, access);
2536 ++ r = FNAME(walk_addr)(&walker, vcpu, addr, access);
2537 +
2538 + if (r) {
2539 + gpa = gfn_to_gpa(walker.gfn);
2540 +- gpa |= vaddr & ~PAGE_MASK;
2541 ++ gpa |= addr & ~PAGE_MASK;
2542 + } else if (exception)
2543 + *exception = walker.fault;
2544 +
2545 +@@ -964,7 +965,8 @@ static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t vaddr, u32 access,
2546 + }
2547 +
2548 + #if PTTYPE != PTTYPE_EPT
2549 +-static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gva_t vaddr,
2550 ++/* Note, gva_to_gpa_nested() is only used to translate L2 GVAs. */
2551 ++static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gpa_t vaddr,
2552 + u32 access,
2553 + struct x86_exception *exception)
2554 + {
2555 +@@ -972,6 +974,11 @@ static gpa_t FNAME(gva_to_gpa_nested)(struct kvm_vcpu *vcpu, gva_t vaddr,
2556 + gpa_t gpa = UNMAPPED_GVA;
2557 + int r;
2558 +
2559 ++#ifndef CONFIG_X86_64
2560 ++ /* A 64-bit GVA should be impossible on 32-bit KVM. */
2561 ++ WARN_ON_ONCE(vaddr >> 32);
2562 ++#endif
2563 ++
2564 + r = FNAME(walk_addr_nested)(&walker, vcpu, vaddr, access);
2565 +
2566 + if (r) {
2567 +diff --git a/arch/x86/kvm/mmutrace.h b/arch/x86/kvm/mmutrace.h
2568 +index 7ca8831c7d1a..3c6522b84ff1 100644
2569 +--- a/arch/x86/kvm/mmutrace.h
2570 ++++ b/arch/x86/kvm/mmutrace.h
2571 +@@ -249,13 +249,13 @@ TRACE_EVENT(
2572 +
2573 + TRACE_EVENT(
2574 + fast_page_fault,
2575 +- TP_PROTO(struct kvm_vcpu *vcpu, gva_t gva, u32 error_code,
2576 ++ TP_PROTO(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, u32 error_code,
2577 + u64 *sptep, u64 old_spte, bool retry),
2578 +- TP_ARGS(vcpu, gva, error_code, sptep, old_spte, retry),
2579 ++ TP_ARGS(vcpu, cr2_or_gpa, error_code, sptep, old_spte, retry),
2580 +
2581 + TP_STRUCT__entry(
2582 + __field(int, vcpu_id)
2583 +- __field(gva_t, gva)
2584 ++ __field(gpa_t, cr2_or_gpa)
2585 + __field(u32, error_code)
2586 + __field(u64 *, sptep)
2587 + __field(u64, old_spte)
2588 +@@ -265,7 +265,7 @@ TRACE_EVENT(
2589 +
2590 + TP_fast_assign(
2591 + __entry->vcpu_id = vcpu->vcpu_id;
2592 +- __entry->gva = gva;
2593 ++ __entry->cr2_or_gpa = cr2_or_gpa;
2594 + __entry->error_code = error_code;
2595 + __entry->sptep = sptep;
2596 + __entry->old_spte = old_spte;
2597 +@@ -273,9 +273,9 @@ TRACE_EVENT(
2598 + __entry->retry = retry;
2599 + ),
2600 +
2601 +- TP_printk("vcpu %d gva %lx error_code %s sptep %p old %#llx"
2602 ++ TP_printk("vcpu %d gva %llx error_code %s sptep %p old %#llx"
2603 + " new %llx spurious %d fixed %d", __entry->vcpu_id,
2604 +- __entry->gva, __print_flags(__entry->error_code, "|",
2605 ++ __entry->cr2_or_gpa, __print_flags(__entry->error_code, "|",
2606 + kvm_mmu_trace_pferr_flags), __entry->sptep,
2607 + __entry->old_spte, __entry->new_spte,
2608 + __spte_satisfied(old_spte), __spte_satisfied(new_spte)
2609 +diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
2610 +index 25ce3edd1872..7f0059aa30e1 100644
2611 +--- a/arch/x86/kvm/mtrr.c
2612 ++++ b/arch/x86/kvm/mtrr.c
2613 +@@ -192,11 +192,15 @@ static bool fixed_msr_to_seg_unit(u32 msr, int *seg, int *unit)
2614 + break;
2615 + case MSR_MTRRfix16K_80000 ... MSR_MTRRfix16K_A0000:
2616 + *seg = 1;
2617 +- *unit = msr - MSR_MTRRfix16K_80000;
2618 ++ *unit = array_index_nospec(
2619 ++ msr - MSR_MTRRfix16K_80000,
2620 ++ MSR_MTRRfix16K_A0000 - MSR_MTRRfix16K_80000 + 1);
2621 + break;
2622 + case MSR_MTRRfix4K_C0000 ... MSR_MTRRfix4K_F8000:
2623 + *seg = 2;
2624 +- *unit = msr - MSR_MTRRfix4K_C0000;
2625 ++ *unit = array_index_nospec(
2626 ++ msr - MSR_MTRRfix4K_C0000,
2627 ++ MSR_MTRRfix4K_F8000 - MSR_MTRRfix4K_C0000 + 1);
2628 + break;
2629 + default:
2630 + return false;
2631 +diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h
2632 +index 7ebb62326c14..13332984b6d5 100644
2633 +--- a/arch/x86/kvm/pmu.h
2634 ++++ b/arch/x86/kvm/pmu.h
2635 +@@ -2,6 +2,8 @@
2636 + #ifndef __KVM_X86_PMU_H
2637 + #define __KVM_X86_PMU_H
2638 +
2639 ++#include <linux/nospec.h>
2640 ++
2641 + #define vcpu_to_pmu(vcpu) (&(vcpu)->arch.pmu)
2642 + #define pmu_to_vcpu(pmu) (container_of((pmu), struct kvm_vcpu, arch.pmu))
2643 + #define pmc_to_pmu(pmc) (&(pmc)->vcpu->arch.pmu)
2644 +@@ -102,8 +104,12 @@ static inline bool kvm_valid_perf_global_ctrl(struct kvm_pmu *pmu,
2645 + static inline struct kvm_pmc *get_gp_pmc(struct kvm_pmu *pmu, u32 msr,
2646 + u32 base)
2647 + {
2648 +- if (msr >= base && msr < base + pmu->nr_arch_gp_counters)
2649 +- return &pmu->gp_counters[msr - base];
2650 ++ if (msr >= base && msr < base + pmu->nr_arch_gp_counters) {
2651 ++ u32 index = array_index_nospec(msr - base,
2652 ++ pmu->nr_arch_gp_counters);
2653 ++
2654 ++ return &pmu->gp_counters[index];
2655 ++ }
2656 +
2657 + return NULL;
2658 + }
2659 +@@ -113,8 +119,12 @@ static inline struct kvm_pmc *get_fixed_pmc(struct kvm_pmu *pmu, u32 msr)
2660 + {
2661 + int base = MSR_CORE_PERF_FIXED_CTR0;
2662 +
2663 +- if (msr >= base && msr < base + pmu->nr_arch_fixed_counters)
2664 +- return &pmu->fixed_counters[msr - base];
2665 ++ if (msr >= base && msr < base + pmu->nr_arch_fixed_counters) {
2666 ++ u32 index = array_index_nospec(msr - base,
2667 ++ pmu->nr_arch_fixed_counters);
2668 ++
2669 ++ return &pmu->fixed_counters[index];
2670 ++ }
2671 +
2672 + return NULL;
2673 + }
2674 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
2675 +index 122d4ce3b1ab..8b0620f3aed6 100644
2676 +--- a/arch/x86/kvm/svm.c
2677 ++++ b/arch/x86/kvm/svm.c
2678 +@@ -6001,6 +6001,11 @@ static bool svm_has_wbinvd_exit(void)
2679 + return true;
2680 + }
2681 +
2682 ++static bool svm_pku_supported(void)
2683 ++{
2684 ++ return false;
2685 ++}
2686 ++
2687 + #define PRE_EX(exit) { .exit_code = (exit), \
2688 + .stage = X86_ICPT_PRE_EXCEPT, }
2689 + #define POST_EX(exit) { .exit_code = (exit), \
2690 +@@ -7341,6 +7346,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
2691 + .xsaves_supported = svm_xsaves_supported,
2692 + .umip_emulated = svm_umip_emulated,
2693 + .pt_supported = svm_pt_supported,
2694 ++ .pku_supported = svm_pku_supported,
2695 +
2696 + .set_supported_cpuid = svm_set_supported_cpuid,
2697 +
2698 +diff --git a/arch/x86/kvm/vmx/capabilities.h b/arch/x86/kvm/vmx/capabilities.h
2699 +index 7aa69716d516..283bdb7071af 100644
2700 +--- a/arch/x86/kvm/vmx/capabilities.h
2701 ++++ b/arch/x86/kvm/vmx/capabilities.h
2702 +@@ -145,6 +145,11 @@ static inline bool vmx_umip_emulated(void)
2703 + SECONDARY_EXEC_DESC;
2704 + }
2705 +
2706 ++static inline bool vmx_pku_supported(void)
2707 ++{
2708 ++ return boot_cpu_has(X86_FEATURE_PKU);
2709 ++}
2710 ++
2711 + static inline bool cpu_has_vmx_rdtscp(void)
2712 + {
2713 + return vmcs_config.cpu_based_2nd_exec_ctrl &
2714 +diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
2715 +index 4aea7d304beb..5bfa8228f0c7 100644
2716 +--- a/arch/x86/kvm/vmx/nested.c
2717 ++++ b/arch/x86/kvm/vmx/nested.c
2718 +@@ -4807,8 +4807,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu)
2719 + vmx_instruction_info, true, len, &gva))
2720 + return 1;
2721 + /* _system ok, nested_vmx_check_permission has verified cpl=0 */
2722 +- if (kvm_write_guest_virt_system(vcpu, gva, &field_value, len, &e))
2723 ++ if (kvm_write_guest_virt_system(vcpu, gva, &field_value, len, &e)) {
2724 + kvm_inject_page_fault(vcpu, &e);
2725 ++ return 1;
2726 ++ }
2727 + }
2728 +
2729 + return nested_vmx_succeed(vcpu);
2730 +diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
2731 +index 7023138b1cb0..34a3a17bb6d7 100644
2732 +--- a/arch/x86/kvm/vmx/pmu_intel.c
2733 ++++ b/arch/x86/kvm/vmx/pmu_intel.c
2734 +@@ -86,10 +86,14 @@ static unsigned intel_find_arch_event(struct kvm_pmu *pmu,
2735 +
2736 + static unsigned intel_find_fixed_event(int idx)
2737 + {
2738 +- if (idx >= ARRAY_SIZE(fixed_pmc_events))
2739 ++ u32 event;
2740 ++ size_t size = ARRAY_SIZE(fixed_pmc_events);
2741 ++
2742 ++ if (idx >= size)
2743 + return PERF_COUNT_HW_MAX;
2744 +
2745 +- return intel_arch_events[fixed_pmc_events[idx]].event_type;
2746 ++ event = fixed_pmc_events[array_index_nospec(idx, size)];
2747 ++ return intel_arch_events[event].event_type;
2748 + }
2749 +
2750 + /* check if a PMC is enabled by comparing it with globl_ctrl bits. */
2751 +@@ -130,16 +134,20 @@ static struct kvm_pmc *intel_rdpmc_ecx_to_pmc(struct kvm_vcpu *vcpu,
2752 + struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
2753 + bool fixed = idx & (1u << 30);
2754 + struct kvm_pmc *counters;
2755 ++ unsigned int num_counters;
2756 +
2757 + idx &= ~(3u << 30);
2758 +- if (!fixed && idx >= pmu->nr_arch_gp_counters)
2759 +- return NULL;
2760 +- if (fixed && idx >= pmu->nr_arch_fixed_counters)
2761 ++ if (fixed) {
2762 ++ counters = pmu->fixed_counters;
2763 ++ num_counters = pmu->nr_arch_fixed_counters;
2764 ++ } else {
2765 ++ counters = pmu->gp_counters;
2766 ++ num_counters = pmu->nr_arch_gp_counters;
2767 ++ }
2768 ++ if (idx >= num_counters)
2769 + return NULL;
2770 +- counters = fixed ? pmu->fixed_counters : pmu->gp_counters;
2771 + *mask &= pmu->counter_bitmask[fixed ? KVM_PMC_FIXED : KVM_PMC_GP];
2772 +-
2773 +- return &counters[idx];
2774 ++ return &counters[array_index_nospec(idx, num_counters)];
2775 + }
2776 +
2777 + static bool intel_is_valid_msr(struct kvm_vcpu *vcpu, u32 msr)
2778 +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
2779 +index e3394c839dea..78e01e2524bc 100644
2780 +--- a/arch/x86/kvm/vmx/vmx.c
2781 ++++ b/arch/x86/kvm/vmx/vmx.c
2782 +@@ -2146,6 +2146,8 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
2783 + (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps,
2784 + PT_CAP_num_address_ranges)))
2785 + return 1;
2786 ++ if (is_noncanonical_address(data, vcpu))
2787 ++ return 1;
2788 + if (index % 2)
2789 + vmx->pt_desc.guest.addr_b[index / 2] = data;
2790 + else
2791 +@@ -5902,34 +5904,39 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
2792 + }
2793 + }
2794 +
2795 +- if (exit_reason < kvm_vmx_max_exit_handlers
2796 +- && kvm_vmx_exit_handlers[exit_reason]) {
2797 ++ if (exit_reason >= kvm_vmx_max_exit_handlers)
2798 ++ goto unexpected_vmexit;
2799 + #ifdef CONFIG_RETPOLINE
2800 +- if (exit_reason == EXIT_REASON_MSR_WRITE)
2801 +- return kvm_emulate_wrmsr(vcpu);
2802 +- else if (exit_reason == EXIT_REASON_PREEMPTION_TIMER)
2803 +- return handle_preemption_timer(vcpu);
2804 +- else if (exit_reason == EXIT_REASON_PENDING_INTERRUPT)
2805 +- return handle_interrupt_window(vcpu);
2806 +- else if (exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT)
2807 +- return handle_external_interrupt(vcpu);
2808 +- else if (exit_reason == EXIT_REASON_HLT)
2809 +- return kvm_emulate_halt(vcpu);
2810 +- else if (exit_reason == EXIT_REASON_EPT_MISCONFIG)
2811 +- return handle_ept_misconfig(vcpu);
2812 ++ if (exit_reason == EXIT_REASON_MSR_WRITE)
2813 ++ return kvm_emulate_wrmsr(vcpu);
2814 ++ else if (exit_reason == EXIT_REASON_PREEMPTION_TIMER)
2815 ++ return handle_preemption_timer(vcpu);
2816 ++ else if (exit_reason == EXIT_REASON_PENDING_INTERRUPT)
2817 ++ return handle_interrupt_window(vcpu);
2818 ++ else if (exit_reason == EXIT_REASON_EXTERNAL_INTERRUPT)
2819 ++ return handle_external_interrupt(vcpu);
2820 ++ else if (exit_reason == EXIT_REASON_HLT)
2821 ++ return kvm_emulate_halt(vcpu);
2822 ++ else if (exit_reason == EXIT_REASON_EPT_MISCONFIG)
2823 ++ return handle_ept_misconfig(vcpu);
2824 + #endif
2825 +- return kvm_vmx_exit_handlers[exit_reason](vcpu);
2826 +- } else {
2827 +- vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n",
2828 +- exit_reason);
2829 +- dump_vmcs();
2830 +- vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
2831 +- vcpu->run->internal.suberror =
2832 ++
2833 ++ exit_reason = array_index_nospec(exit_reason,
2834 ++ kvm_vmx_max_exit_handlers);
2835 ++ if (!kvm_vmx_exit_handlers[exit_reason])
2836 ++ goto unexpected_vmexit;
2837 ++
2838 ++ return kvm_vmx_exit_handlers[exit_reason](vcpu);
2839 ++
2840 ++unexpected_vmexit:
2841 ++ vcpu_unimpl(vcpu, "vmx: unexpected exit reason 0x%x\n", exit_reason);
2842 ++ dump_vmcs();
2843 ++ vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
2844 ++ vcpu->run->internal.suberror =
2845 + KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON;
2846 +- vcpu->run->internal.ndata = 1;
2847 +- vcpu->run->internal.data[0] = exit_reason;
2848 +- return 0;
2849 +- }
2850 ++ vcpu->run->internal.ndata = 1;
2851 ++ vcpu->run->internal.data[0] = exit_reason;
2852 ++ return 0;
2853 + }
2854 +
2855 + /*
2856 +@@ -7870,6 +7877,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
2857 + .xsaves_supported = vmx_xsaves_supported,
2858 + .umip_emulated = vmx_umip_emulated,
2859 + .pt_supported = vmx_pt_supported,
2860 ++ .pku_supported = vmx_pku_supported,
2861 +
2862 + .request_immediate_exit = vmx_request_immediate_exit,
2863 +
2864 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
2865 +index cf917139de6b..d744c1bf4dc8 100644
2866 +--- a/arch/x86/kvm/x86.c
2867 ++++ b/arch/x86/kvm/x86.c
2868 +@@ -93,6 +93,8 @@ u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
2869 + static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
2870 + #endif
2871 +
2872 ++static u64 __read_mostly cr4_reserved_bits = CR4_RESERVED_BITS;
2873 ++
2874 + #define VM_STAT(x, ...) offsetof(struct kvm, stat.x), KVM_STAT_VM, ## __VA_ARGS__
2875 + #define VCPU_STAT(x, ...) offsetof(struct kvm_vcpu, stat.x), KVM_STAT_VCPU, ## __VA_ARGS__
2876 +
2877 +@@ -879,9 +881,38 @@ int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
2878 + }
2879 + EXPORT_SYMBOL_GPL(kvm_set_xcr);
2880 +
2881 ++static u64 kvm_host_cr4_reserved_bits(struct cpuinfo_x86 *c)
2882 ++{
2883 ++ u64 reserved_bits = CR4_RESERVED_BITS;
2884 ++
2885 ++ if (!cpu_has(c, X86_FEATURE_XSAVE))
2886 ++ reserved_bits |= X86_CR4_OSXSAVE;
2887 ++
2888 ++ if (!cpu_has(c, X86_FEATURE_SMEP))
2889 ++ reserved_bits |= X86_CR4_SMEP;
2890 ++
2891 ++ if (!cpu_has(c, X86_FEATURE_SMAP))
2892 ++ reserved_bits |= X86_CR4_SMAP;
2893 ++
2894 ++ if (!cpu_has(c, X86_FEATURE_FSGSBASE))
2895 ++ reserved_bits |= X86_CR4_FSGSBASE;
2896 ++
2897 ++ if (!cpu_has(c, X86_FEATURE_PKU))
2898 ++ reserved_bits |= X86_CR4_PKE;
2899 ++
2900 ++ if (!cpu_has(c, X86_FEATURE_LA57) &&
2901 ++ !(cpuid_ecx(0x7) & bit(X86_FEATURE_LA57)))
2902 ++ reserved_bits |= X86_CR4_LA57;
2903 ++
2904 ++ if (!cpu_has(c, X86_FEATURE_UMIP) && !kvm_x86_ops->umip_emulated())
2905 ++ reserved_bits |= X86_CR4_UMIP;
2906 ++
2907 ++ return reserved_bits;
2908 ++}
2909 ++
2910 + static int kvm_valid_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
2911 + {
2912 +- if (cr4 & CR4_RESERVED_BITS)
2913 ++ if (cr4 & cr4_reserved_bits)
2914 + return -EINVAL;
2915 +
2916 + if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) && (cr4 & X86_CR4_OSXSAVE))
2917 +@@ -1047,9 +1078,11 @@ static u64 kvm_dr6_fixed(struct kvm_vcpu *vcpu)
2918 +
2919 + static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
2920 + {
2921 ++ size_t size = ARRAY_SIZE(vcpu->arch.db);
2922 ++
2923 + switch (dr) {
2924 + case 0 ... 3:
2925 +- vcpu->arch.db[dr] = val;
2926 ++ vcpu->arch.db[array_index_nospec(dr, size)] = val;
2927 + if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP))
2928 + vcpu->arch.eff_db[dr] = val;
2929 + break;
2930 +@@ -1086,9 +1119,11 @@ EXPORT_SYMBOL_GPL(kvm_set_dr);
2931 +
2932 + int kvm_get_dr(struct kvm_vcpu *vcpu, int dr, unsigned long *val)
2933 + {
2934 ++ size_t size = ARRAY_SIZE(vcpu->arch.db);
2935 ++
2936 + switch (dr) {
2937 + case 0 ... 3:
2938 +- *val = vcpu->arch.db[dr];
2939 ++ *val = vcpu->arch.db[array_index_nospec(dr, size)];
2940 + break;
2941 + case 4:
2942 + /* fall through */
2943 +@@ -1545,6 +1580,8 @@ struct pvclock_clock {
2944 + u64 mask;
2945 + u32 mult;
2946 + u32 shift;
2947 ++ u64 base_cycles;
2948 ++ u64 offset;
2949 + };
2950 +
2951 + struct pvclock_gtod_data {
2952 +@@ -1553,11 +1590,8 @@ struct pvclock_gtod_data {
2953 + struct pvclock_clock clock; /* extract of a clocksource struct */
2954 + struct pvclock_clock raw_clock; /* extract of a clocksource struct */
2955 +
2956 +- u64 boot_ns_raw;
2957 +- u64 boot_ns;
2958 +- u64 nsec_base;
2959 ++ ktime_t offs_boot;
2960 + u64 wall_time_sec;
2961 +- u64 monotonic_raw_nsec;
2962 + };
2963 +
2964 + static struct pvclock_gtod_data pvclock_gtod_data;
2965 +@@ -1565,10 +1599,6 @@ static struct pvclock_gtod_data pvclock_gtod_data;
2966 + static void update_pvclock_gtod(struct timekeeper *tk)
2967 + {
2968 + struct pvclock_gtod_data *vdata = &pvclock_gtod_data;
2969 +- u64 boot_ns, boot_ns_raw;
2970 +-
2971 +- boot_ns = ktime_to_ns(ktime_add(tk->tkr_mono.base, tk->offs_boot));
2972 +- boot_ns_raw = ktime_to_ns(ktime_add(tk->tkr_raw.base, tk->offs_boot));
2973 +
2974 + write_seqcount_begin(&vdata->seq);
2975 +
2976 +@@ -1578,23 +1608,35 @@ static void update_pvclock_gtod(struct timekeeper *tk)
2977 + vdata->clock.mask = tk->tkr_mono.mask;
2978 + vdata->clock.mult = tk->tkr_mono.mult;
2979 + vdata->clock.shift = tk->tkr_mono.shift;
2980 ++ vdata->clock.base_cycles = tk->tkr_mono.xtime_nsec;
2981 ++ vdata->clock.offset = tk->tkr_mono.base;
2982 +
2983 + vdata->raw_clock.vclock_mode = tk->tkr_raw.clock->archdata.vclock_mode;
2984 + vdata->raw_clock.cycle_last = tk->tkr_raw.cycle_last;
2985 + vdata->raw_clock.mask = tk->tkr_raw.mask;
2986 + vdata->raw_clock.mult = tk->tkr_raw.mult;
2987 + vdata->raw_clock.shift = tk->tkr_raw.shift;
2988 +-
2989 +- vdata->boot_ns = boot_ns;
2990 +- vdata->nsec_base = tk->tkr_mono.xtime_nsec;
2991 ++ vdata->raw_clock.base_cycles = tk->tkr_raw.xtime_nsec;
2992 ++ vdata->raw_clock.offset = tk->tkr_raw.base;
2993 +
2994 + vdata->wall_time_sec = tk->xtime_sec;
2995 +
2996 +- vdata->boot_ns_raw = boot_ns_raw;
2997 +- vdata->monotonic_raw_nsec = tk->tkr_raw.xtime_nsec;
2998 ++ vdata->offs_boot = tk->offs_boot;
2999 +
3000 + write_seqcount_end(&vdata->seq);
3001 + }
3002 ++
3003 ++static s64 get_kvmclock_base_ns(void)
3004 ++{
3005 ++ /* Count up from boot time, but with the frequency of the raw clock. */
3006 ++ return ktime_to_ns(ktime_add(ktime_get_raw(), pvclock_gtod_data.offs_boot));
3007 ++}
3008 ++#else
3009 ++static s64 get_kvmclock_base_ns(void)
3010 ++{
3011 ++ /* Master clock not used, so we can just use CLOCK_BOOTTIME. */
3012 ++ return ktime_get_boottime_ns();
3013 ++}
3014 + #endif
3015 +
3016 + void kvm_set_pending_timer(struct kvm_vcpu *vcpu)
3017 +@@ -1608,7 +1650,7 @@ static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
3018 + int version;
3019 + int r;
3020 + struct pvclock_wall_clock wc;
3021 +- struct timespec64 boot;
3022 ++ u64 wall_nsec;
3023 +
3024 + if (!wall_clock)
3025 + return;
3026 +@@ -1628,17 +1670,12 @@ static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
3027 + /*
3028 + * The guest calculates current wall clock time by adding
3029 + * system time (updated by kvm_guest_time_update below) to the
3030 +- * wall clock specified here. guest system time equals host
3031 +- * system time for us, thus we must fill in host boot time here.
3032 ++ * wall clock specified here. We do the reverse here.
3033 + */
3034 +- getboottime64(&boot);
3035 ++ wall_nsec = ktime_get_real_ns() - get_kvmclock_ns(kvm);
3036 +
3037 +- if (kvm->arch.kvmclock_offset) {
3038 +- struct timespec64 ts = ns_to_timespec64(kvm->arch.kvmclock_offset);
3039 +- boot = timespec64_sub(boot, ts);
3040 +- }
3041 +- wc.sec = (u32)boot.tv_sec; /* overflow in 2106 guest time */
3042 +- wc.nsec = boot.tv_nsec;
3043 ++ wc.nsec = do_div(wall_nsec, 1000000000);
3044 ++ wc.sec = (u32)wall_nsec; /* overflow in 2106 guest time */
3045 + wc.version = version;
3046 +
3047 + kvm_write_guest(kvm, wall_clock, &wc, sizeof(wc));
3048 +@@ -1886,7 +1923,7 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, struct msr_data *msr)
3049 +
3050 + raw_spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
3051 + offset = kvm_compute_tsc_offset(vcpu, data);
3052 +- ns = ktime_get_boottime_ns();
3053 ++ ns = get_kvmclock_base_ns();
3054 + elapsed = ns - kvm->arch.last_tsc_nsec;
3055 +
3056 + if (vcpu->arch.virtual_tsc_khz) {
3057 +@@ -2061,10 +2098,10 @@ static int do_monotonic_raw(s64 *t, u64 *tsc_timestamp)
3058 +
3059 + do {
3060 + seq = read_seqcount_begin(&gtod->seq);
3061 +- ns = gtod->monotonic_raw_nsec;
3062 ++ ns = gtod->raw_clock.base_cycles;
3063 + ns += vgettsc(&gtod->raw_clock, tsc_timestamp, &mode);
3064 +- ns >>= gtod->clock.shift;
3065 +- ns += gtod->boot_ns_raw;
3066 ++ ns >>= gtod->raw_clock.shift;
3067 ++ ns += ktime_to_ns(ktime_add(gtod->raw_clock.offset, gtod->offs_boot));
3068 + } while (unlikely(read_seqcount_retry(&gtod->seq, seq)));
3069 + *t = ns;
3070 +
3071 +@@ -2081,7 +2118,7 @@ static int do_realtime(struct timespec64 *ts, u64 *tsc_timestamp)
3072 + do {
3073 + seq = read_seqcount_begin(&gtod->seq);
3074 + ts->tv_sec = gtod->wall_time_sec;
3075 +- ns = gtod->nsec_base;
3076 ++ ns = gtod->clock.base_cycles;
3077 + ns += vgettsc(&gtod->clock, tsc_timestamp, &mode);
3078 + ns >>= gtod->clock.shift;
3079 + } while (unlikely(read_seqcount_retry(&gtod->seq, seq)));
3080 +@@ -2224,7 +2261,7 @@ u64 get_kvmclock_ns(struct kvm *kvm)
3081 + spin_lock(&ka->pvclock_gtod_sync_lock);
3082 + if (!ka->use_master_clock) {
3083 + spin_unlock(&ka->pvclock_gtod_sync_lock);
3084 +- return ktime_get_boottime_ns() + ka->kvmclock_offset;
3085 ++ return get_kvmclock_base_ns() + ka->kvmclock_offset;
3086 + }
3087 +
3088 + hv_clock.tsc_timestamp = ka->master_cycle_now;
3089 +@@ -2240,7 +2277,7 @@ u64 get_kvmclock_ns(struct kvm *kvm)
3090 + &hv_clock.tsc_to_system_mul);
3091 + ret = __pvclock_read_cycles(&hv_clock, rdtsc());
3092 + } else
3093 +- ret = ktime_get_boottime_ns() + ka->kvmclock_offset;
3094 ++ ret = get_kvmclock_base_ns() + ka->kvmclock_offset;
3095 +
3096 + put_cpu();
3097 +
3098 +@@ -2339,7 +2376,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
3099 + }
3100 + if (!use_master_clock) {
3101 + host_tsc = rdtsc();
3102 +- kernel_ns = ktime_get_boottime_ns();
3103 ++ kernel_ns = get_kvmclock_base_ns();
3104 + }
3105 +
3106 + tsc_timestamp = kvm_read_l1_tsc(v, host_tsc);
3107 +@@ -2379,6 +2416,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v)
3108 + vcpu->hv_clock.tsc_timestamp = tsc_timestamp;
3109 + vcpu->hv_clock.system_time = kernel_ns + v->kvm->arch.kvmclock_offset;
3110 + vcpu->last_guest_tsc = tsc_timestamp;
3111 ++ WARN_ON(vcpu->hv_clock.system_time < 0);
3112 +
3113 + /* If the host uses TSC clocksource, then it is stable */
3114 + pvclock_flags = 0;
3115 +@@ -2485,7 +2523,10 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
3116 + default:
3117 + if (msr >= MSR_IA32_MC0_CTL &&
3118 + msr < MSR_IA32_MCx_CTL(bank_num)) {
3119 +- u32 offset = msr - MSR_IA32_MC0_CTL;
3120 ++ u32 offset = array_index_nospec(
3121 ++ msr - MSR_IA32_MC0_CTL,
3122 ++ MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL);
3123 ++
3124 + /* only 0 or all 1s can be written to IA32_MCi_CTL
3125 + * some Linux kernels though clear bit 10 in bank 4 to
3126 + * workaround a BIOS/GART TBL issue on AMD K8s, ignore
3127 +@@ -2581,45 +2622,47 @@ static void kvm_vcpu_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa)
3128 +
3129 + static void record_steal_time(struct kvm_vcpu *vcpu)
3130 + {
3131 ++ struct kvm_host_map map;
3132 ++ struct kvm_steal_time *st;
3133 ++
3134 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
3135 + return;
3136 +
3137 +- if (unlikely(kvm_read_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
3138 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time))))
3139 ++ /* -EAGAIN is returned in atomic context so we can just return. */
3140 ++ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT,
3141 ++ &map, &vcpu->arch.st.cache, false))
3142 + return;
3143 +
3144 ++ st = map.hva +
3145 ++ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
3146 ++
3147 + /*
3148 + * Doing a TLB flush here, on the guest's behalf, can avoid
3149 + * expensive IPIs.
3150 + */
3151 + trace_kvm_pv_tlb_flush(vcpu->vcpu_id,
3152 +- vcpu->arch.st.steal.preempted & KVM_VCPU_FLUSH_TLB);
3153 +- if (xchg(&vcpu->arch.st.steal.preempted, 0) & KVM_VCPU_FLUSH_TLB)
3154 ++ st->preempted & KVM_VCPU_FLUSH_TLB);
3155 ++ if (xchg(&st->preempted, 0) & KVM_VCPU_FLUSH_TLB)
3156 + kvm_vcpu_flush_tlb(vcpu, false);
3157 +
3158 +- if (vcpu->arch.st.steal.version & 1)
3159 +- vcpu->arch.st.steal.version += 1; /* first time write, random junk */
3160 ++ vcpu->arch.st.preempted = 0;
3161 +
3162 +- vcpu->arch.st.steal.version += 1;
3163 ++ if (st->version & 1)
3164 ++ st->version += 1; /* first time write, random junk */
3165 +
3166 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
3167 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
3168 ++ st->version += 1;
3169 +
3170 + smp_wmb();
3171 +
3172 +- vcpu->arch.st.steal.steal += current->sched_info.run_delay -
3173 ++ st->steal += current->sched_info.run_delay -
3174 + vcpu->arch.st.last_steal;
3175 + vcpu->arch.st.last_steal = current->sched_info.run_delay;
3176 +
3177 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
3178 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
3179 +-
3180 + smp_wmb();
3181 +
3182 +- vcpu->arch.st.steal.version += 1;
3183 ++ st->version += 1;
3184 +
3185 +- kvm_write_guest_cached(vcpu->kvm, &vcpu->arch.st.stime,
3186 +- &vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
3187 ++ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, false);
3188 + }
3189 +
3190 + int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
3191 +@@ -2786,11 +2829,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
3192 + if (data & KVM_STEAL_RESERVED_MASK)
3193 + return 1;
3194 +
3195 +- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime,
3196 +- data & KVM_STEAL_VALID_BITS,
3197 +- sizeof(struct kvm_steal_time)))
3198 +- return 1;
3199 +-
3200 + vcpu->arch.st.msr_val = data;
3201 +
3202 + if (!(data & KVM_MSR_ENABLED))
3203 +@@ -2926,7 +2964,10 @@ static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host)
3204 + default:
3205 + if (msr >= MSR_IA32_MC0_CTL &&
3206 + msr < MSR_IA32_MCx_CTL(bank_num)) {
3207 +- u32 offset = msr - MSR_IA32_MC0_CTL;
3208 ++ u32 offset = array_index_nospec(
3209 ++ msr - MSR_IA32_MC0_CTL,
3210 ++ MSR_IA32_MCx_CTL(bank_num) - MSR_IA32_MC0_CTL);
3211 ++
3212 + data = vcpu->arch.mce_banks[offset];
3213 + break;
3214 + }
3215 +@@ -3458,10 +3499,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
3216 +
3217 + kvm_x86_ops->vcpu_load(vcpu, cpu);
3218 +
3219 +- fpregs_assert_state_consistent();
3220 +- if (test_thread_flag(TIF_NEED_FPU_LOAD))
3221 +- switch_fpu_return();
3222 +-
3223 + /* Apply any externally detected TSC adjustments (due to suspend) */
3224 + if (unlikely(vcpu->arch.tsc_offset_adjustment)) {
3225 + adjust_tsc_offset_host(vcpu, vcpu->arch.tsc_offset_adjustment);
3226 +@@ -3501,15 +3538,25 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
3227 +
3228 + static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
3229 + {
3230 ++ struct kvm_host_map map;
3231 ++ struct kvm_steal_time *st;
3232 ++
3233 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
3234 + return;
3235 +
3236 +- vcpu->arch.st.steal.preempted = KVM_VCPU_PREEMPTED;
3237 ++ if (vcpu->arch.st.preempted)
3238 ++ return;
3239 ++
3240 ++ if (kvm_map_gfn(vcpu, vcpu->arch.st.msr_val >> PAGE_SHIFT, &map,
3241 ++ &vcpu->arch.st.cache, true))
3242 ++ return;
3243 ++
3244 ++ st = map.hva +
3245 ++ offset_in_page(vcpu->arch.st.msr_val & KVM_STEAL_VALID_BITS);
3246 +
3247 +- kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime,
3248 +- &vcpu->arch.st.steal.preempted,
3249 +- offsetof(struct kvm_steal_time, preempted),
3250 +- sizeof(vcpu->arch.st.steal.preempted));
3251 ++ st->preempted = vcpu->arch.st.preempted = KVM_VCPU_PREEMPTED;
3252 ++
3253 ++ kvm_unmap_gfn(vcpu, &map, &vcpu->arch.st.cache, true, true);
3254 + }
3255 +
3256 + void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
3257 +@@ -6379,11 +6426,11 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu, int emulation_type)
3258 + return 1;
3259 + }
3260 +
3261 +-static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
3262 ++static bool reexecute_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
3263 + bool write_fault_to_shadow_pgtable,
3264 + int emulation_type)
3265 + {
3266 +- gpa_t gpa = cr2;
3267 ++ gpa_t gpa = cr2_or_gpa;
3268 + kvm_pfn_t pfn;
3269 +
3270 + if (!(emulation_type & EMULTYPE_ALLOW_RETRY))
3271 +@@ -6397,7 +6444,7 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
3272 + * Write permission should be allowed since only
3273 + * write access need to be emulated.
3274 + */
3275 +- gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL);
3276 ++ gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
3277 +
3278 + /*
3279 + * If the mapping is invalid in guest, let cpu retry
3280 +@@ -6454,10 +6501,10 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
3281 + }
3282 +
3283 + static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
3284 +- unsigned long cr2, int emulation_type)
3285 ++ gpa_t cr2_or_gpa, int emulation_type)
3286 + {
3287 + struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
3288 +- unsigned long last_retry_eip, last_retry_addr, gpa = cr2;
3289 ++ unsigned long last_retry_eip, last_retry_addr, gpa = cr2_or_gpa;
3290 +
3291 + last_retry_eip = vcpu->arch.last_retry_eip;
3292 + last_retry_addr = vcpu->arch.last_retry_addr;
3293 +@@ -6486,14 +6533,14 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
3294 + if (x86_page_table_writing_insn(ctxt))
3295 + return false;
3296 +
3297 +- if (ctxt->eip == last_retry_eip && last_retry_addr == cr2)
3298 ++ if (ctxt->eip == last_retry_eip && last_retry_addr == cr2_or_gpa)
3299 + return false;
3300 +
3301 + vcpu->arch.last_retry_eip = ctxt->eip;
3302 +- vcpu->arch.last_retry_addr = cr2;
3303 ++ vcpu->arch.last_retry_addr = cr2_or_gpa;
3304 +
3305 + if (!vcpu->arch.mmu->direct_map)
3306 +- gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2, NULL);
3307 ++ gpa = kvm_mmu_gva_to_gpa_write(vcpu, cr2_or_gpa, NULL);
3308 +
3309 + kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(gpa));
3310 +
3311 +@@ -6639,11 +6686,8 @@ static bool is_vmware_backdoor_opcode(struct x86_emulate_ctxt *ctxt)
3312 + return false;
3313 + }
3314 +
3315 +-int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3316 +- unsigned long cr2,
3317 +- int emulation_type,
3318 +- void *insn,
3319 +- int insn_len)
3320 ++int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
3321 ++ int emulation_type, void *insn, int insn_len)
3322 + {
3323 + int r;
3324 + struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
3325 +@@ -6689,8 +6733,9 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3326 + kvm_queue_exception(vcpu, UD_VECTOR);
3327 + return 1;
3328 + }
3329 +- if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
3330 +- emulation_type))
3331 ++ if (reexecute_instruction(vcpu, cr2_or_gpa,
3332 ++ write_fault_to_spt,
3333 ++ emulation_type))
3334 + return 1;
3335 + if (ctxt->have_exception) {
3336 + /*
3337 +@@ -6724,7 +6769,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3338 + return 1;
3339 + }
3340 +
3341 +- if (retry_instruction(ctxt, cr2, emulation_type))
3342 ++ if (retry_instruction(ctxt, cr2_or_gpa, emulation_type))
3343 + return 1;
3344 +
3345 + /* this is needed for vmware backdoor interface to work since it
3346 +@@ -6736,7 +6781,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
3347 +
3348 + restart:
3349 + /* Save the faulting GPA (cr2) in the address field */
3350 +- ctxt->exception.address = cr2;
3351 ++ ctxt->exception.address = cr2_or_gpa;
3352 +
3353 + r = x86_emulate_insn(ctxt);
3354 +
3355 +@@ -6744,7 +6789,7 @@ restart:
3356 + return 1;
3357 +
3358 + if (r == EMULATION_FAILED) {
3359 +- if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
3360 ++ if (reexecute_instruction(vcpu, cr2_or_gpa, write_fault_to_spt,
3361 + emulation_type))
3362 + return 1;
3363 +
3364 +@@ -8198,8 +8243,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
3365 + trace_kvm_entry(vcpu->vcpu_id);
3366 + guest_enter_irqoff();
3367 +
3368 +- /* The preempt notifier should have taken care of the FPU already. */
3369 +- WARN_ON_ONCE(test_thread_flag(TIF_NEED_FPU_LOAD));
3370 ++ fpregs_assert_state_consistent();
3371 ++ if (test_thread_flag(TIF_NEED_FPU_LOAD))
3372 ++ switch_fpu_return();
3373 +
3374 + if (unlikely(vcpu->arch.switch_db_regs)) {
3375 + set_debugreg(0, 7);
3376 +@@ -8471,12 +8517,26 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
3377 + return 0;
3378 + }
3379 +
3380 ++static void kvm_save_current_fpu(struct fpu *fpu)
3381 ++{
3382 ++ /*
3383 ++ * If the target FPU state is not resident in the CPU registers, just
3384 ++ * memcpy() from current, else save CPU state directly to the target.
3385 ++ */
3386 ++ if (test_thread_flag(TIF_NEED_FPU_LOAD))
3387 ++ memcpy(&fpu->state, &current->thread.fpu.state,
3388 ++ fpu_kernel_xstate_size);
3389 ++ else
3390 ++ copy_fpregs_to_fpstate(fpu);
3391 ++}
3392 ++
3393 + /* Swap (qemu) user FPU context for the guest FPU context. */
3394 + static void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
3395 + {
3396 + fpregs_lock();
3397 +
3398 +- copy_fpregs_to_fpstate(vcpu->arch.user_fpu);
3399 ++ kvm_save_current_fpu(vcpu->arch.user_fpu);
3400 ++
3401 + /* PKRU is separately restored in kvm_x86_ops->run. */
3402 + __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu->state,
3403 + ~XFEATURE_MASK_PKRU);
3404 +@@ -8492,7 +8552,8 @@ static void kvm_put_guest_fpu(struct kvm_vcpu *vcpu)
3405 + {
3406 + fpregs_lock();
3407 +
3408 +- copy_fpregs_to_fpstate(vcpu->arch.guest_fpu);
3409 ++ kvm_save_current_fpu(vcpu->arch.guest_fpu);
3410 ++
3411 + copy_kernel_to_fpregs(&vcpu->arch.user_fpu->state);
3412 +
3413 + fpregs_mark_activate();
3414 +@@ -8714,6 +8775,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
3415 + struct kvm_mp_state *mp_state)
3416 + {
3417 + vcpu_load(vcpu);
3418 ++ if (kvm_mpx_supported())
3419 ++ kvm_load_guest_fpu(vcpu);
3420 +
3421 + kvm_apic_accept_events(vcpu);
3422 + if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED &&
3423 +@@ -8722,6 +8785,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
3424 + else
3425 + mp_state->mp_state = vcpu->arch.mp_state;
3426 +
3427 ++ if (kvm_mpx_supported())
3428 ++ kvm_put_guest_fpu(vcpu);
3429 + vcpu_put(vcpu);
3430 + return 0;
3431 + }
3432 +@@ -9085,6 +9150,9 @@ static void fx_init(struct kvm_vcpu *vcpu)
3433 + void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
3434 + {
3435 + void *wbinvd_dirty_mask = vcpu->arch.wbinvd_dirty_mask;
3436 ++ struct gfn_to_pfn_cache *cache = &vcpu->arch.st.cache;
3437 ++
3438 ++ kvm_release_pfn(cache->pfn, cache->dirty, cache);
3439 +
3440 + kvmclock_reset(vcpu);
3441 +
3442 +@@ -9155,7 +9223,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
3443 + kvm_mmu_unload(vcpu);
3444 + vcpu_put(vcpu);
3445 +
3446 +- kvm_x86_ops->vcpu_free(vcpu);
3447 ++ kvm_arch_vcpu_free(vcpu);
3448 + }
3449 +
3450 + void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
3451 +@@ -9347,6 +9415,8 @@ int kvm_arch_hardware_setup(void)
3452 + if (r != 0)
3453 + return r;
3454 +
3455 ++ cr4_reserved_bits = kvm_host_cr4_reserved_bits(&boot_cpu_data);
3456 ++
3457 + if (kvm_has_tsc_control) {
3458 + /*
3459 + * Make sure the user can only configure tsc_khz values that
3460 +@@ -9518,7 +9588,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
3461 + mutex_init(&kvm->arch.apic_map_lock);
3462 + spin_lock_init(&kvm->arch.pvclock_gtod_sync_lock);
3463 +
3464 +- kvm->arch.kvmclock_offset = -ktime_get_boottime_ns();
3465 ++ kvm->arch.kvmclock_offset = -get_kvmclock_base_ns();
3466 + pvclock_update_vm_gtod_copy(kvm);
3467 +
3468 + kvm->arch.guest_can_read_msr_platform_info = true;
3469 +@@ -9758,11 +9828,18 @@ out_free:
3470 +
3471 + void kvm_arch_memslots_updated(struct kvm *kvm, u64 gen)
3472 + {
3473 ++ struct kvm_vcpu *vcpu;
3474 ++ int i;
3475 ++
3476 + /*
3477 + * memslots->generation has been incremented.
3478 + * mmio generation may have reached its maximum value.
3479 + */
3480 + kvm_mmu_invalidate_mmio_sptes(kvm, gen);
3481 ++
3482 ++ /* Force re-initialization of steal_time cache */
3483 ++ kvm_for_each_vcpu(i, vcpu, kvm)
3484 ++ kvm_vcpu_kick(vcpu);
3485 + }
3486 +
3487 + int kvm_arch_prepare_memory_region(struct kvm *kvm,
3488 +@@ -10014,7 +10091,7 @@ void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
3489 + work->arch.cr3 != vcpu->arch.mmu->get_cr3(vcpu))
3490 + return;
3491 +
3492 +- vcpu->arch.mmu->page_fault(vcpu, work->gva, 0, true);
3493 ++ vcpu->arch.mmu->page_fault(vcpu, work->cr2_or_gpa, 0, true);
3494 + }
3495 +
3496 + static inline u32 kvm_async_pf_hash_fn(gfn_t gfn)
3497 +@@ -10127,7 +10204,7 @@ void kvm_arch_async_page_not_present(struct kvm_vcpu *vcpu,
3498 + {
3499 + struct x86_exception fault;
3500 +
3501 +- trace_kvm_async_pf_not_present(work->arch.token, work->gva);
3502 ++ trace_kvm_async_pf_not_present(work->arch.token, work->cr2_or_gpa);
3503 + kvm_add_async_pf_gfn(vcpu, work->arch.gfn);
3504 +
3505 + if (kvm_can_deliver_async_pf(vcpu) &&
3506 +@@ -10162,7 +10239,7 @@ void kvm_arch_async_page_present(struct kvm_vcpu *vcpu,
3507 + work->arch.token = ~0; /* broadcast wakeup */
3508 + else
3509 + kvm_del_async_pf_gfn(vcpu, work->arch.gfn);
3510 +- trace_kvm_async_pf_ready(work->arch.token, work->gva);
3511 ++ trace_kvm_async_pf_ready(work->arch.token, work->cr2_or_gpa);
3512 +
3513 + if (vcpu->arch.apf.msr_val & KVM_ASYNC_PF_ENABLED &&
3514 + !apf_get_user(vcpu, &val)) {
3515 +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
3516 +index 29391af8871d..cab5e71f0f0f 100644
3517 +--- a/arch/x86/kvm/x86.h
3518 ++++ b/arch/x86/kvm/x86.h
3519 +@@ -289,7 +289,7 @@ int kvm_mtrr_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
3520 + bool kvm_mtrr_check_gfn_range_consistency(struct kvm_vcpu *vcpu, gfn_t gfn,
3521 + int page_num);
3522 + bool kvm_vector_hashing_enabled(void);
3523 +-int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
3524 ++int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
3525 + int emulation_type, void *insn, int insn_len);
3526 +
3527 + #define KVM_SUPPORTED_XCR0 (XFEATURE_MASK_FP | XFEATURE_MASK_SSE \
3528 +diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
3529 +index ae4a41ca19f6..1f756ffffe8b 100644
3530 +--- a/arch/x86/xen/enlighten_pv.c
3531 ++++ b/arch/x86/xen/enlighten_pv.c
3532 +@@ -1205,6 +1205,7 @@ asmlinkage __visible void __init xen_start_kernel(void)
3533 + x86_platform.get_nmi_reason = xen_get_nmi_reason;
3534 +
3535 + x86_init.resources.memory_setup = xen_memory_setup;
3536 ++ x86_init.irqs.intr_mode_select = x86_init_noop;
3537 + x86_init.irqs.intr_mode_init = x86_init_noop;
3538 + x86_init.oem.arch_setup = xen_arch_setup;
3539 + x86_init.oem.banner = xen_banner;
3540 +diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
3541 +index 650bade5ea5a..b61dbf4d8443 100644
3542 +--- a/block/scsi_ioctl.c
3543 ++++ b/block/scsi_ioctl.c
3544 +@@ -20,6 +20,7 @@
3545 + #include <scsi/scsi.h>
3546 + #include <scsi/scsi_ioctl.h>
3547 + #include <scsi/scsi_cmnd.h>
3548 ++#include <scsi/sg.h>
3549 +
3550 + struct blk_cmd_filter {
3551 + unsigned long read_ok[BLK_SCSI_CMD_PER_LONG];
3552 +@@ -550,34 +551,6 @@ static inline int blk_send_start_stop(struct request_queue *q,
3553 + return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data);
3554 + }
3555 +
3556 +-#ifdef CONFIG_COMPAT
3557 +-struct compat_sg_io_hdr {
3558 +- compat_int_t interface_id; /* [i] 'S' for SCSI generic (required) */
3559 +- compat_int_t dxfer_direction; /* [i] data transfer direction */
3560 +- unsigned char cmd_len; /* [i] SCSI command length ( <= 16 bytes) */
3561 +- unsigned char mx_sb_len; /* [i] max length to write to sbp */
3562 +- unsigned short iovec_count; /* [i] 0 implies no scatter gather */
3563 +- compat_uint_t dxfer_len; /* [i] byte count of data transfer */
3564 +- compat_uint_t dxferp; /* [i], [*io] points to data transfer memory
3565 +- or scatter gather list */
3566 +- compat_uptr_t cmdp; /* [i], [*i] points to command to perform */
3567 +- compat_uptr_t sbp; /* [i], [*o] points to sense_buffer memory */
3568 +- compat_uint_t timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */
3569 +- compat_uint_t flags; /* [i] 0 -> default, see SG_FLAG... */
3570 +- compat_int_t pack_id; /* [i->o] unused internally (normally) */
3571 +- compat_uptr_t usr_ptr; /* [i->o] unused internally */
3572 +- unsigned char status; /* [o] scsi status */
3573 +- unsigned char masked_status; /* [o] shifted, masked scsi status */
3574 +- unsigned char msg_status; /* [o] messaging level data (optional) */
3575 +- unsigned char sb_len_wr; /* [o] byte count actually written to sbp */
3576 +- unsigned short host_status; /* [o] errors from host adapter */
3577 +- unsigned short driver_status; /* [o] errors from software driver */
3578 +- compat_int_t resid; /* [o] dxfer_len - actual_transferred */
3579 +- compat_uint_t duration; /* [o] time taken by cmd (unit: millisec) */
3580 +- compat_uint_t info; /* [o] auxiliary information */
3581 +-};
3582 +-#endif
3583 +-
3584 + int put_sg_io_hdr(const struct sg_io_hdr *hdr, void __user *argp)
3585 + {
3586 + #ifdef CONFIG_COMPAT
3587 +diff --git a/crypto/algapi.c b/crypto/algapi.c
3588 +index b052f38edba6..5566650b2091 100644
3589 +--- a/crypto/algapi.c
3590 ++++ b/crypto/algapi.c
3591 +@@ -257,6 +257,7 @@ void crypto_alg_tested(const char *name, int err)
3592 + struct crypto_alg *alg;
3593 + struct crypto_alg *q;
3594 + LIST_HEAD(list);
3595 ++ bool best;
3596 +
3597 + down_write(&crypto_alg_sem);
3598 + list_for_each_entry(q, &crypto_alg_list, cra_list) {
3599 +@@ -280,6 +281,21 @@ found:
3600 +
3601 + alg->cra_flags |= CRYPTO_ALG_TESTED;
3602 +
3603 ++ /* Only satisfy larval waiters if we are the best. */
3604 ++ best = true;
3605 ++ list_for_each_entry(q, &crypto_alg_list, cra_list) {
3606 ++ if (crypto_is_moribund(q) || !crypto_is_larval(q))
3607 ++ continue;
3608 ++
3609 ++ if (strcmp(alg->cra_name, q->cra_name))
3610 ++ continue;
3611 ++
3612 ++ if (q->cra_priority > alg->cra_priority) {
3613 ++ best = false;
3614 ++ break;
3615 ++ }
3616 ++ }
3617 ++
3618 + list_for_each_entry(q, &crypto_alg_list, cra_list) {
3619 + if (q == alg)
3620 + continue;
3621 +@@ -303,10 +319,12 @@ found:
3622 + continue;
3623 + if ((q->cra_flags ^ alg->cra_flags) & larval->mask)
3624 + continue;
3625 +- if (!crypto_mod_get(alg))
3626 +- continue;
3627 +
3628 +- larval->adult = alg;
3629 ++ if (best && crypto_mod_get(alg))
3630 ++ larval->adult = alg;
3631 ++ else
3632 ++ larval->adult = ERR_PTR(-EAGAIN);
3633 ++
3634 + continue;
3635 + }
3636 +
3637 +@@ -669,11 +687,9 @@ EXPORT_SYMBOL_GPL(crypto_grab_spawn);
3638 +
3639 + void crypto_drop_spawn(struct crypto_spawn *spawn)
3640 + {
3641 +- if (!spawn->alg)
3642 +- return;
3643 +-
3644 + down_write(&crypto_alg_sem);
3645 +- list_del(&spawn->list);
3646 ++ if (spawn->alg)
3647 ++ list_del(&spawn->list);
3648 + up_write(&crypto_alg_sem);
3649 + }
3650 + EXPORT_SYMBOL_GPL(crypto_drop_spawn);
3651 +@@ -681,22 +697,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn);
3652 + static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
3653 + {
3654 + struct crypto_alg *alg;
3655 +- struct crypto_alg *alg2;
3656 +
3657 + down_read(&crypto_alg_sem);
3658 + alg = spawn->alg;
3659 +- alg2 = alg;
3660 +- if (alg2)
3661 +- alg2 = crypto_mod_get(alg2);
3662 +- up_read(&crypto_alg_sem);
3663 +-
3664 +- if (!alg2) {
3665 +- if (alg)
3666 +- crypto_shoot_alg(alg);
3667 +- return ERR_PTR(-EAGAIN);
3668 ++ if (alg && !crypto_mod_get(alg)) {
3669 ++ alg->cra_flags |= CRYPTO_ALG_DYING;
3670 ++ alg = NULL;
3671 + }
3672 ++ up_read(&crypto_alg_sem);
3673 +
3674 +- return alg;
3675 ++ return alg ?: ERR_PTR(-EAGAIN);
3676 + }
3677 +
3678 + struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
3679 +diff --git a/crypto/api.c b/crypto/api.c
3680 +index 55bca28df92d..c00af5ad1b16 100644
3681 +--- a/crypto/api.c
3682 ++++ b/crypto/api.c
3683 +@@ -97,7 +97,7 @@ static void crypto_larval_destroy(struct crypto_alg *alg)
3684 + struct crypto_larval *larval = (void *)alg;
3685 +
3686 + BUG_ON(!crypto_is_larval(alg));
3687 +- if (larval->adult)
3688 ++ if (!IS_ERR_OR_NULL(larval->adult))
3689 + crypto_mod_put(larval->adult);
3690 + kfree(larval);
3691 + }
3692 +@@ -178,6 +178,8 @@ static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg)
3693 + alg = ERR_PTR(-ETIMEDOUT);
3694 + else if (!alg)
3695 + alg = ERR_PTR(-ENOENT);
3696 ++ else if (IS_ERR(alg))
3697 ++ ;
3698 + else if (crypto_is_test_larval(larval) &&
3699 + !(alg->cra_flags & CRYPTO_ALG_TESTED))
3700 + alg = ERR_PTR(-EAGAIN);
3701 +@@ -344,13 +346,12 @@ static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask)
3702 + return len;
3703 + }
3704 +
3705 +-void crypto_shoot_alg(struct crypto_alg *alg)
3706 ++static void crypto_shoot_alg(struct crypto_alg *alg)
3707 + {
3708 + down_write(&crypto_alg_sem);
3709 + alg->cra_flags |= CRYPTO_ALG_DYING;
3710 + up_write(&crypto_alg_sem);
3711 + }
3712 +-EXPORT_SYMBOL_GPL(crypto_shoot_alg);
3713 +
3714 + struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
3715 + u32 mask)
3716 +diff --git a/crypto/internal.h b/crypto/internal.h
3717 +index 93df7bec844a..e506a57e2243 100644
3718 +--- a/crypto/internal.h
3719 ++++ b/crypto/internal.h
3720 +@@ -68,7 +68,6 @@ void crypto_alg_tested(const char *name, int err);
3721 + void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
3722 + struct crypto_alg *nalg);
3723 + void crypto_remove_final(struct list_head *list);
3724 +-void crypto_shoot_alg(struct crypto_alg *alg);
3725 + struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
3726 + u32 mask);
3727 + void *crypto_create_tfm(struct crypto_alg *alg,
3728 +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
3729 +index 81bbea7f2ba6..a4f3b3f342c8 100644
3730 +--- a/crypto/pcrypt.c
3731 ++++ b/crypto/pcrypt.c
3732 +@@ -24,6 +24,8 @@ static struct kset *pcrypt_kset;
3733 +
3734 + struct pcrypt_instance_ctx {
3735 + struct crypto_aead_spawn spawn;
3736 ++ struct padata_shell *psenc;
3737 ++ struct padata_shell *psdec;
3738 + atomic_t tfm_count;
3739 + };
3740 +
3741 +@@ -32,6 +34,12 @@ struct pcrypt_aead_ctx {
3742 + unsigned int cb_cpu;
3743 + };
3744 +
3745 ++static inline struct pcrypt_instance_ctx *pcrypt_tfm_ictx(
3746 ++ struct crypto_aead *tfm)
3747 ++{
3748 ++ return aead_instance_ctx(aead_alg_instance(tfm));
3749 ++}
3750 ++
3751 + static int pcrypt_aead_setkey(struct crypto_aead *parent,
3752 + const u8 *key, unsigned int keylen)
3753 + {
3754 +@@ -63,7 +71,6 @@ static void pcrypt_aead_done(struct crypto_async_request *areq, int err)
3755 + struct padata_priv *padata = pcrypt_request_padata(preq);
3756 +
3757 + padata->info = err;
3758 +- req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
3759 +
3760 + padata_do_serial(padata);
3761 + }
3762 +@@ -90,6 +97,9 @@ static int pcrypt_aead_encrypt(struct aead_request *req)
3763 + struct crypto_aead *aead = crypto_aead_reqtfm(req);
3764 + struct pcrypt_aead_ctx *ctx = crypto_aead_ctx(aead);
3765 + u32 flags = aead_request_flags(req);
3766 ++ struct pcrypt_instance_ctx *ictx;
3767 ++
3768 ++ ictx = pcrypt_tfm_ictx(aead);
3769 +
3770 + memset(padata, 0, sizeof(struct padata_priv));
3771 +
3772 +@@ -103,7 +113,7 @@ static int pcrypt_aead_encrypt(struct aead_request *req)
3773 + req->cryptlen, req->iv);
3774 + aead_request_set_ad(creq, req->assoclen);
3775 +
3776 +- err = padata_do_parallel(pencrypt, padata, &ctx->cb_cpu);
3777 ++ err = padata_do_parallel(ictx->psenc, padata, &ctx->cb_cpu);
3778 + if (!err)
3779 + return -EINPROGRESS;
3780 +
3781 +@@ -132,6 +142,9 @@ static int pcrypt_aead_decrypt(struct aead_request *req)
3782 + struct crypto_aead *aead = crypto_aead_reqtfm(req);
3783 + struct pcrypt_aead_ctx *ctx = crypto_aead_ctx(aead);
3784 + u32 flags = aead_request_flags(req);
3785 ++ struct pcrypt_instance_ctx *ictx;
3786 ++
3787 ++ ictx = pcrypt_tfm_ictx(aead);
3788 +
3789 + memset(padata, 0, sizeof(struct padata_priv));
3790 +
3791 +@@ -145,7 +158,7 @@ static int pcrypt_aead_decrypt(struct aead_request *req)
3792 + req->cryptlen, req->iv);
3793 + aead_request_set_ad(creq, req->assoclen);
3794 +
3795 +- err = padata_do_parallel(pdecrypt, padata, &ctx->cb_cpu);
3796 ++ err = padata_do_parallel(ictx->psdec, padata, &ctx->cb_cpu);
3797 + if (!err)
3798 + return -EINPROGRESS;
3799 +
3800 +@@ -192,6 +205,8 @@ static void pcrypt_free(struct aead_instance *inst)
3801 + struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst);
3802 +
3803 + crypto_drop_aead(&ctx->spawn);
3804 ++ padata_free_shell(ctx->psdec);
3805 ++ padata_free_shell(ctx->psenc);
3806 + kfree(inst);
3807 + }
3808 +
3809 +@@ -233,12 +248,22 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb,
3810 + if (!inst)
3811 + return -ENOMEM;
3812 +
3813 ++ err = -ENOMEM;
3814 ++
3815 + ctx = aead_instance_ctx(inst);
3816 ++ ctx->psenc = padata_alloc_shell(pencrypt);
3817 ++ if (!ctx->psenc)
3818 ++ goto out_free_inst;
3819 ++
3820 ++ ctx->psdec = padata_alloc_shell(pdecrypt);
3821 ++ if (!ctx->psdec)
3822 ++ goto out_free_psenc;
3823 ++
3824 + crypto_set_aead_spawn(&ctx->spawn, aead_crypto_instance(inst));
3825 +
3826 + err = crypto_grab_aead(&ctx->spawn, name, 0, 0);
3827 + if (err)
3828 +- goto out_free_inst;
3829 ++ goto out_free_psdec;
3830 +
3831 + alg = crypto_spawn_aead_alg(&ctx->spawn);
3832 + err = pcrypt_init_instance(aead_crypto_instance(inst), &alg->base);
3833 +@@ -271,6 +296,10 @@ out:
3834 +
3835 + out_drop_aead:
3836 + crypto_drop_aead(&ctx->spawn);
3837 ++out_free_psdec:
3838 ++ padata_free_shell(ctx->psdec);
3839 ++out_free_psenc:
3840 ++ padata_free_shell(ctx->psenc);
3841 + out_free_inst:
3842 + kfree(inst);
3843 + goto out;
3844 +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
3845 +index 8f0e0c8d8c3d..15cc7d5a6185 100644
3846 +--- a/drivers/acpi/battery.c
3847 ++++ b/drivers/acpi/battery.c
3848 +@@ -38,6 +38,8 @@
3849 + #define PREFIX "ACPI: "
3850 +
3851 + #define ACPI_BATTERY_VALUE_UNKNOWN 0xFFFFFFFF
3852 ++#define ACPI_BATTERY_CAPACITY_VALID(capacity) \
3853 ++ ((capacity) != 0 && (capacity) != ACPI_BATTERY_VALUE_UNKNOWN)
3854 +
3855 + #define ACPI_BATTERY_DEVICE_NAME "Battery"
3856 +
3857 +@@ -192,7 +194,8 @@ static int acpi_battery_is_charged(struct acpi_battery *battery)
3858 +
3859 + static bool acpi_battery_is_degraded(struct acpi_battery *battery)
3860 + {
3861 +- return battery->full_charge_capacity && battery->design_capacity &&
3862 ++ return ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) &&
3863 ++ ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity) &&
3864 + battery->full_charge_capacity < battery->design_capacity;
3865 + }
3866 +
3867 +@@ -214,7 +217,7 @@ static int acpi_battery_get_property(struct power_supply *psy,
3868 + enum power_supply_property psp,
3869 + union power_supply_propval *val)
3870 + {
3871 +- int ret = 0;
3872 ++ int full_capacity = ACPI_BATTERY_VALUE_UNKNOWN, ret = 0;
3873 + struct acpi_battery *battery = to_acpi_battery(psy);
3874 +
3875 + if (acpi_battery_present(battery)) {
3876 +@@ -263,14 +266,14 @@ static int acpi_battery_get_property(struct power_supply *psy,
3877 + break;
3878 + case POWER_SUPPLY_PROP_CHARGE_FULL_DESIGN:
3879 + case POWER_SUPPLY_PROP_ENERGY_FULL_DESIGN:
3880 +- if (battery->design_capacity == ACPI_BATTERY_VALUE_UNKNOWN)
3881 ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity))
3882 + ret = -ENODEV;
3883 + else
3884 + val->intval = battery->design_capacity * 1000;
3885 + break;
3886 + case POWER_SUPPLY_PROP_CHARGE_FULL:
3887 + case POWER_SUPPLY_PROP_ENERGY_FULL:
3888 +- if (battery->full_charge_capacity == ACPI_BATTERY_VALUE_UNKNOWN)
3889 ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity))
3890 + ret = -ENODEV;
3891 + else
3892 + val->intval = battery->full_charge_capacity * 1000;
3893 +@@ -283,11 +286,17 @@ static int acpi_battery_get_property(struct power_supply *psy,
3894 + val->intval = battery->capacity_now * 1000;
3895 + break;
3896 + case POWER_SUPPLY_PROP_CAPACITY:
3897 +- if (battery->capacity_now && battery->full_charge_capacity)
3898 +- val->intval = battery->capacity_now * 100/
3899 +- battery->full_charge_capacity;
3900 ++ if (ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity))
3901 ++ full_capacity = battery->full_charge_capacity;
3902 ++ else if (ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity))
3903 ++ full_capacity = battery->design_capacity;
3904 ++
3905 ++ if (battery->capacity_now == ACPI_BATTERY_VALUE_UNKNOWN ||
3906 ++ full_capacity == ACPI_BATTERY_VALUE_UNKNOWN)
3907 ++ ret = -ENODEV;
3908 + else
3909 +- val->intval = 0;
3910 ++ val->intval = battery->capacity_now * 100/
3911 ++ full_capacity;
3912 + break;
3913 + case POWER_SUPPLY_PROP_CAPACITY_LEVEL:
3914 + if (battery->state & ACPI_BATTERY_STATE_CRITICAL)
3915 +@@ -333,6 +342,20 @@ static enum power_supply_property charge_battery_props[] = {
3916 + POWER_SUPPLY_PROP_SERIAL_NUMBER,
3917 + };
3918 +
3919 ++static enum power_supply_property charge_battery_full_cap_broken_props[] = {
3920 ++ POWER_SUPPLY_PROP_STATUS,
3921 ++ POWER_SUPPLY_PROP_PRESENT,
3922 ++ POWER_SUPPLY_PROP_TECHNOLOGY,
3923 ++ POWER_SUPPLY_PROP_CYCLE_COUNT,
3924 ++ POWER_SUPPLY_PROP_VOLTAGE_MIN_DESIGN,
3925 ++ POWER_SUPPLY_PROP_VOLTAGE_NOW,
3926 ++ POWER_SUPPLY_PROP_CURRENT_NOW,
3927 ++ POWER_SUPPLY_PROP_CHARGE_NOW,
3928 ++ POWER_SUPPLY_PROP_MODEL_NAME,
3929 ++ POWER_SUPPLY_PROP_MANUFACTURER,
3930 ++ POWER_SUPPLY_PROP_SERIAL_NUMBER,
3931 ++};
3932 ++
3933 + static enum power_supply_property energy_battery_props[] = {
3934 + POWER_SUPPLY_PROP_STATUS,
3935 + POWER_SUPPLY_PROP_PRESENT,
3936 +@@ -794,20 +817,34 @@ static void __exit battery_hook_exit(void)
3937 + static int sysfs_add_battery(struct acpi_battery *battery)
3938 + {
3939 + struct power_supply_config psy_cfg = { .drv_data = battery, };
3940 ++ bool full_cap_broken = false;
3941 ++
3942 ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) &&
3943 ++ !ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity))
3944 ++ full_cap_broken = true;
3945 +
3946 + if (battery->power_unit == ACPI_BATTERY_POWER_UNIT_MA) {
3947 +- battery->bat_desc.properties = charge_battery_props;
3948 +- battery->bat_desc.num_properties =
3949 +- ARRAY_SIZE(charge_battery_props);
3950 +- } else if (battery->full_charge_capacity == 0) {
3951 +- battery->bat_desc.properties =
3952 +- energy_battery_full_cap_broken_props;
3953 +- battery->bat_desc.num_properties =
3954 +- ARRAY_SIZE(energy_battery_full_cap_broken_props);
3955 ++ if (full_cap_broken) {
3956 ++ battery->bat_desc.properties =
3957 ++ charge_battery_full_cap_broken_props;
3958 ++ battery->bat_desc.num_properties =
3959 ++ ARRAY_SIZE(charge_battery_full_cap_broken_props);
3960 ++ } else {
3961 ++ battery->bat_desc.properties = charge_battery_props;
3962 ++ battery->bat_desc.num_properties =
3963 ++ ARRAY_SIZE(charge_battery_props);
3964 ++ }
3965 + } else {
3966 +- battery->bat_desc.properties = energy_battery_props;
3967 +- battery->bat_desc.num_properties =
3968 +- ARRAY_SIZE(energy_battery_props);
3969 ++ if (full_cap_broken) {
3970 ++ battery->bat_desc.properties =
3971 ++ energy_battery_full_cap_broken_props;
3972 ++ battery->bat_desc.num_properties =
3973 ++ ARRAY_SIZE(energy_battery_full_cap_broken_props);
3974 ++ } else {
3975 ++ battery->bat_desc.properties = energy_battery_props;
3976 ++ battery->bat_desc.num_properties =
3977 ++ ARRAY_SIZE(energy_battery_props);
3978 ++ }
3979 + }
3980 +
3981 + battery->bat_desc.name = acpi_device_bid(battery->device);
3982 +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
3983 +index 31014c7d3793..e63fd7bfd3a5 100644
3984 +--- a/drivers/acpi/video_detect.c
3985 ++++ b/drivers/acpi/video_detect.c
3986 +@@ -336,6 +336,11 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
3987 + DMI_MATCH(DMI_PRODUCT_NAME, "Precision 7510"),
3988 + },
3989 + },
3990 ++
3991 ++ /*
3992 ++ * Desktops which falsely report a backlight and which our heuristics
3993 ++ * for this do not catch.
3994 ++ */
3995 + {
3996 + .callback = video_detect_force_none,
3997 + .ident = "Dell OptiPlex 9020M",
3998 +@@ -344,6 +349,14 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
3999 + DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 9020M"),
4000 + },
4001 + },
4002 ++ {
4003 ++ .callback = video_detect_force_none,
4004 ++ .ident = "MSI MS-7721",
4005 ++ .matches = {
4006 ++ DMI_MATCH(DMI_SYS_VENDOR, "MSI"),
4007 ++ DMI_MATCH(DMI_PRODUCT_NAME, "MS-7721"),
4008 ++ },
4009 ++ },
4010 + { },
4011 + };
4012 +
4013 +diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
4014 +index 134a8af51511..0e99a760aebd 100644
4015 +--- a/drivers/base/power/main.c
4016 ++++ b/drivers/base/power/main.c
4017 +@@ -273,10 +273,38 @@ static void dpm_wait_for_suppliers(struct device *dev, bool async)
4018 + device_links_read_unlock(idx);
4019 + }
4020 +
4021 +-static void dpm_wait_for_superior(struct device *dev, bool async)
4022 ++static bool dpm_wait_for_superior(struct device *dev, bool async)
4023 + {
4024 +- dpm_wait(dev->parent, async);
4025 ++ struct device *parent;
4026 ++
4027 ++ /*
4028 ++ * If the device is resumed asynchronously and the parent's callback
4029 ++ * deletes both the device and the parent itself, the parent object may
4030 ++ * be freed while this function is running, so avoid that by reference
4031 ++ * counting the parent once more unless the device has been deleted
4032 ++ * already (in which case return right away).
4033 ++ */
4034 ++ mutex_lock(&dpm_list_mtx);
4035 ++
4036 ++ if (!device_pm_initialized(dev)) {
4037 ++ mutex_unlock(&dpm_list_mtx);
4038 ++ return false;
4039 ++ }
4040 ++
4041 ++ parent = get_device(dev->parent);
4042 ++
4043 ++ mutex_unlock(&dpm_list_mtx);
4044 ++
4045 ++ dpm_wait(parent, async);
4046 ++ put_device(parent);
4047 ++
4048 + dpm_wait_for_suppliers(dev, async);
4049 ++
4050 ++ /*
4051 ++ * If the parent's callback has deleted the device, attempting to resume
4052 ++ * it would be invalid, so avoid doing that then.
4053 ++ */
4054 ++ return device_pm_initialized(dev);
4055 + }
4056 +
4057 + static void dpm_wait_for_consumers(struct device *dev, bool async)
4058 +@@ -621,7 +649,8 @@ static int device_resume_noirq(struct device *dev, pm_message_t state, bool asyn
4059 + if (!dev->power.is_noirq_suspended)
4060 + goto Out;
4061 +
4062 +- dpm_wait_for_superior(dev, async);
4063 ++ if (!dpm_wait_for_superior(dev, async))
4064 ++ goto Out;
4065 +
4066 + skip_resume = dev_pm_may_skip_resume(dev);
4067 +
4068 +@@ -829,7 +858,8 @@ static int device_resume_early(struct device *dev, pm_message_t state, bool asyn
4069 + if (!dev->power.is_late_suspended)
4070 + goto Out;
4071 +
4072 +- dpm_wait_for_superior(dev, async);
4073 ++ if (!dpm_wait_for_superior(dev, async))
4074 ++ goto Out;
4075 +
4076 + callback = dpm_subsys_resume_early_cb(dev, state, &info);
4077 +
4078 +@@ -944,7 +974,9 @@ static int device_resume(struct device *dev, pm_message_t state, bool async)
4079 + goto Complete;
4080 + }
4081 +
4082 +- dpm_wait_for_superior(dev, async);
4083 ++ if (!dpm_wait_for_superior(dev, async))
4084 ++ goto Complete;
4085 ++
4086 + dpm_watchdog_set(&wd, dev);
4087 + device_lock(dev);
4088 +
4089 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
4090 +index b6bf5c195d94..a6dad2f6995a 100644
4091 +--- a/drivers/bluetooth/btusb.c
4092 ++++ b/drivers/bluetooth/btusb.c
4093 +@@ -2867,7 +2867,7 @@ static int btusb_mtk_setup_firmware(struct hci_dev *hdev, const char *fwname)
4094 + err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params);
4095 + if (err < 0) {
4096 + bt_dev_err(hdev, "Failed to send wmt rst (%d)", err);
4097 +- return err;
4098 ++ goto err_release_fw;
4099 + }
4100 +
4101 + /* Wait a few moments for firmware activation done */
4102 +@@ -3832,6 +3832,10 @@ static int btusb_probe(struct usb_interface *intf,
4103 + * (DEVICE_REMOTE_WAKEUP)
4104 + */
4105 + set_bit(BTUSB_WAKEUP_DISABLE, &data->flags);
4106 ++
4107 ++ err = usb_autopm_get_interface(intf);
4108 ++ if (err < 0)
4109 ++ goto out_free_dev;
4110 + }
4111 +
4112 + if (id->driver_info & BTUSB_AMP) {
4113 +diff --git a/drivers/clk/tegra/clk-tegra-periph.c b/drivers/clk/tegra/clk-tegra-periph.c
4114 +index 0d07c0ba49b6..2b2a3b81c16b 100644
4115 +--- a/drivers/clk/tegra/clk-tegra-periph.c
4116 ++++ b/drivers/clk/tegra/clk-tegra-periph.c
4117 +@@ -777,7 +777,11 @@ static struct tegra_periph_init_data gate_clks[] = {
4118 + GATE("ahbdma", "hclk", 33, 0, tegra_clk_ahbdma, 0),
4119 + GATE("apbdma", "pclk", 34, 0, tegra_clk_apbdma, 0),
4120 + GATE("kbc", "clk_32k", 36, TEGRA_PERIPH_ON_APB | TEGRA_PERIPH_NO_RESET, tegra_clk_kbc, 0),
4121 +- GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, 0),
4122 ++ /*
4123 ++ * Critical for RAM re-repair operation, which must occur on resume
4124 ++ * from LP1 system suspend and as part of CCPLEX cluster switching.
4125 ++ */
4126 ++ GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, CLK_IS_CRITICAL),
4127 + GATE("fuse_burn", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse_burn, 0),
4128 + GATE("kfuse", "clk_m", 40, TEGRA_PERIPH_ON_APB, tegra_clk_kfuse, 0),
4129 + GATE("apbif", "clk_m", 107, TEGRA_PERIPH_ON_APB, tegra_clk_apbif, 0),
4130 +diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
4131 +index 8d8da763adc5..8910fd1ae3c6 100644
4132 +--- a/drivers/cpufreq/cppc_cpufreq.c
4133 ++++ b/drivers/cpufreq/cppc_cpufreq.c
4134 +@@ -217,7 +217,7 @@ static int cppc_cpufreq_set_target(struct cpufreq_policy *policy,
4135 + return ret;
4136 + }
4137 +
4138 +-static int cppc_verify_policy(struct cpufreq_policy *policy)
4139 ++static int cppc_verify_policy(struct cpufreq_policy_data *policy)
4140 + {
4141 + cpufreq_verify_within_cpu_limits(policy);
4142 + return 0;
4143 +diff --git a/drivers/cpufreq/cpufreq-nforce2.c b/drivers/cpufreq/cpufreq-nforce2.c
4144 +index cd53272e2fa2..f7a7bcf6f52e 100644
4145 +--- a/drivers/cpufreq/cpufreq-nforce2.c
4146 ++++ b/drivers/cpufreq/cpufreq-nforce2.c
4147 +@@ -291,7 +291,7 @@ static int nforce2_target(struct cpufreq_policy *policy,
4148 + * nforce2_verify - verifies a new CPUFreq policy
4149 + * @policy: new policy
4150 + */
4151 +-static int nforce2_verify(struct cpufreq_policy *policy)
4152 ++static int nforce2_verify(struct cpufreq_policy_data *policy)
4153 + {
4154 + unsigned int fsb_pol_max;
4155 +
4156 +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
4157 +index 77114a3897fb..4adac3a8c265 100644
4158 +--- a/drivers/cpufreq/cpufreq.c
4159 ++++ b/drivers/cpufreq/cpufreq.c
4160 +@@ -74,6 +74,9 @@ static void cpufreq_exit_governor(struct cpufreq_policy *policy);
4161 + static int cpufreq_start_governor(struct cpufreq_policy *policy);
4162 + static void cpufreq_stop_governor(struct cpufreq_policy *policy);
4163 + static void cpufreq_governor_limits(struct cpufreq_policy *policy);
4164 ++static int cpufreq_set_policy(struct cpufreq_policy *policy,
4165 ++ struct cpufreq_governor *new_gov,
4166 ++ unsigned int new_pol);
4167 +
4168 + /**
4169 + * Two notifier lists: the "policy" list is involved in the
4170 +@@ -616,25 +619,22 @@ static struct cpufreq_governor *find_governor(const char *str_governor)
4171 + return NULL;
4172 + }
4173 +
4174 +-static int cpufreq_parse_policy(char *str_governor,
4175 +- struct cpufreq_policy *policy)
4176 ++static unsigned int cpufreq_parse_policy(char *str_governor)
4177 + {
4178 +- if (!strncasecmp(str_governor, "performance", CPUFREQ_NAME_LEN)) {
4179 +- policy->policy = CPUFREQ_POLICY_PERFORMANCE;
4180 +- return 0;
4181 +- }
4182 +- if (!strncasecmp(str_governor, "powersave", CPUFREQ_NAME_LEN)) {
4183 +- policy->policy = CPUFREQ_POLICY_POWERSAVE;
4184 +- return 0;
4185 +- }
4186 +- return -EINVAL;
4187 ++ if (!strncasecmp(str_governor, "performance", CPUFREQ_NAME_LEN))
4188 ++ return CPUFREQ_POLICY_PERFORMANCE;
4189 ++
4190 ++ if (!strncasecmp(str_governor, "powersave", CPUFREQ_NAME_LEN))
4191 ++ return CPUFREQ_POLICY_POWERSAVE;
4192 ++
4193 ++ return CPUFREQ_POLICY_UNKNOWN;
4194 + }
4195 +
4196 + /**
4197 + * cpufreq_parse_governor - parse a governor string only for has_target()
4198 ++ * @str_governor: Governor name.
4199 + */
4200 +-static int cpufreq_parse_governor(char *str_governor,
4201 +- struct cpufreq_policy *policy)
4202 ++static struct cpufreq_governor *cpufreq_parse_governor(char *str_governor)
4203 + {
4204 + struct cpufreq_governor *t;
4205 +
4206 +@@ -648,7 +648,7 @@ static int cpufreq_parse_governor(char *str_governor,
4207 +
4208 + ret = request_module("cpufreq_%s", str_governor);
4209 + if (ret)
4210 +- return -EINVAL;
4211 ++ return NULL;
4212 +
4213 + mutex_lock(&cpufreq_governor_mutex);
4214 +
4215 +@@ -659,12 +659,7 @@ static int cpufreq_parse_governor(char *str_governor,
4216 +
4217 + mutex_unlock(&cpufreq_governor_mutex);
4218 +
4219 +- if (t) {
4220 +- policy->governor = t;
4221 +- return 0;
4222 +- }
4223 +-
4224 +- return -EINVAL;
4225 ++ return t;
4226 + }
4227 +
4228 + /**
4229 +@@ -765,28 +760,33 @@ static ssize_t show_scaling_governor(struct cpufreq_policy *policy, char *buf)
4230 + static ssize_t store_scaling_governor(struct cpufreq_policy *policy,
4231 + const char *buf, size_t count)
4232 + {
4233 ++ char str_governor[16];
4234 + int ret;
4235 +- char str_governor[16];
4236 +- struct cpufreq_policy new_policy;
4237 +-
4238 +- memcpy(&new_policy, policy, sizeof(*policy));
4239 +
4240 + ret = sscanf(buf, "%15s", str_governor);
4241 + if (ret != 1)
4242 + return -EINVAL;
4243 +
4244 + if (cpufreq_driver->setpolicy) {
4245 +- if (cpufreq_parse_policy(str_governor, &new_policy))
4246 ++ unsigned int new_pol;
4247 ++
4248 ++ new_pol = cpufreq_parse_policy(str_governor);
4249 ++ if (!new_pol)
4250 + return -EINVAL;
4251 ++
4252 ++ ret = cpufreq_set_policy(policy, NULL, new_pol);
4253 + } else {
4254 +- if (cpufreq_parse_governor(str_governor, &new_policy))
4255 ++ struct cpufreq_governor *new_gov;
4256 ++
4257 ++ new_gov = cpufreq_parse_governor(str_governor);
4258 ++ if (!new_gov)
4259 + return -EINVAL;
4260 +- }
4261 +
4262 +- ret = cpufreq_set_policy(policy, &new_policy);
4263 ++ ret = cpufreq_set_policy(policy, new_gov,
4264 ++ CPUFREQ_POLICY_UNKNOWN);
4265 +
4266 +- if (new_policy.governor)
4267 +- module_put(new_policy.governor->owner);
4268 ++ module_put(new_gov->owner);
4269 ++ }
4270 +
4271 + return ret ? ret : count;
4272 + }
4273 +@@ -1053,40 +1053,33 @@ __weak struct cpufreq_governor *cpufreq_default_governor(void)
4274 +
4275 + static int cpufreq_init_policy(struct cpufreq_policy *policy)
4276 + {
4277 +- struct cpufreq_governor *gov = NULL, *def_gov = NULL;
4278 +- struct cpufreq_policy new_policy;
4279 +-
4280 +- memcpy(&new_policy, policy, sizeof(*policy));
4281 +-
4282 +- def_gov = cpufreq_default_governor();
4283 ++ struct cpufreq_governor *def_gov = cpufreq_default_governor();
4284 ++ struct cpufreq_governor *gov = NULL;
4285 ++ unsigned int pol = CPUFREQ_POLICY_UNKNOWN;
4286 +
4287 + if (has_target()) {
4288 +- /*
4289 +- * Update governor of new_policy to the governor used before
4290 +- * hotplug
4291 +- */
4292 ++ /* Update policy governor to the one used before hotplug. */
4293 + gov = find_governor(policy->last_governor);
4294 + if (gov) {
4295 + pr_debug("Restoring governor %s for cpu %d\n",
4296 +- policy->governor->name, policy->cpu);
4297 +- } else {
4298 +- if (!def_gov)
4299 +- return -ENODATA;
4300 ++ policy->governor->name, policy->cpu);
4301 ++ } else if (def_gov) {
4302 + gov = def_gov;
4303 ++ } else {
4304 ++ return -ENODATA;
4305 + }
4306 +- new_policy.governor = gov;
4307 + } else {
4308 + /* Use the default policy if there is no last_policy. */
4309 + if (policy->last_policy) {
4310 +- new_policy.policy = policy->last_policy;
4311 ++ pol = policy->last_policy;
4312 ++ } else if (def_gov) {
4313 ++ pol = cpufreq_parse_policy(def_gov->name);
4314 + } else {
4315 +- if (!def_gov)
4316 +- return -ENODATA;
4317 +- cpufreq_parse_policy(def_gov->name, &new_policy);
4318 ++ return -ENODATA;
4319 + }
4320 + }
4321 +
4322 +- return cpufreq_set_policy(policy, &new_policy);
4323 ++ return cpufreq_set_policy(policy, gov, pol);
4324 + }
4325 +
4326 + static int cpufreq_add_policy_cpu(struct cpufreq_policy *policy, unsigned int cpu)
4327 +@@ -1114,13 +1107,10 @@ static int cpufreq_add_policy_cpu(struct cpufreq_policy *policy, unsigned int cp
4328 +
4329 + void refresh_frequency_limits(struct cpufreq_policy *policy)
4330 + {
4331 +- struct cpufreq_policy new_policy;
4332 +-
4333 + if (!policy_is_inactive(policy)) {
4334 +- new_policy = *policy;
4335 + pr_debug("updating policy for CPU %u\n", policy->cpu);
4336 +
4337 +- cpufreq_set_policy(policy, &new_policy);
4338 ++ cpufreq_set_policy(policy, policy->governor, policy->policy);
4339 + }
4340 + }
4341 + EXPORT_SYMBOL(refresh_frequency_limits);
4342 +@@ -2364,46 +2354,49 @@ EXPORT_SYMBOL(cpufreq_get_policy);
4343 + /**
4344 + * cpufreq_set_policy - Modify cpufreq policy parameters.
4345 + * @policy: Policy object to modify.
4346 +- * @new_policy: New policy data.
4347 ++ * @new_gov: Policy governor pointer.
4348 ++ * @new_pol: Policy value (for drivers with built-in governors).
4349 + *
4350 +- * Pass @new_policy to the cpufreq driver's ->verify() callback. Next, copy the
4351 +- * min and max parameters of @new_policy to @policy and either invoke the
4352 +- * driver's ->setpolicy() callback (if present) or carry out a governor update
4353 +- * for @policy. That is, run the current governor's ->limits() callback (if the
4354 +- * governor field in @new_policy points to the same object as the one in
4355 +- * @policy) or replace the governor for @policy with the new one stored in
4356 +- * @new_policy.
4357 ++ * Invoke the cpufreq driver's ->verify() callback to sanity-check the frequency
4358 ++ * limits to be set for the policy, update @policy with the verified limits
4359 ++ * values and either invoke the driver's ->setpolicy() callback (if present) or
4360 ++ * carry out a governor update for @policy. That is, run the current governor's
4361 ++ * ->limits() callback (if @new_gov points to the same object as the one in
4362 ++ * @policy) or replace the governor for @policy with @new_gov.
4363 + *
4364 + * The cpuinfo part of @policy is not updated by this function.
4365 + */
4366 +-int cpufreq_set_policy(struct cpufreq_policy *policy,
4367 +- struct cpufreq_policy *new_policy)
4368 ++static int cpufreq_set_policy(struct cpufreq_policy *policy,
4369 ++ struct cpufreq_governor *new_gov,
4370 ++ unsigned int new_pol)
4371 + {
4372 ++ struct cpufreq_policy_data new_data;
4373 + struct cpufreq_governor *old_gov;
4374 + int ret;
4375 +
4376 +- pr_debug("setting new policy for CPU %u: %u - %u kHz\n",
4377 +- new_policy->cpu, new_policy->min, new_policy->max);
4378 +-
4379 +- memcpy(&new_policy->cpuinfo, &policy->cpuinfo, sizeof(policy->cpuinfo));
4380 +-
4381 ++ memcpy(&new_data.cpuinfo, &policy->cpuinfo, sizeof(policy->cpuinfo));
4382 ++ new_data.freq_table = policy->freq_table;
4383 ++ new_data.cpu = policy->cpu;
4384 + /*
4385 + * PM QoS framework collects all the requests from users and provide us
4386 + * the final aggregated value here.
4387 + */
4388 +- new_policy->min = freq_qos_read_value(&policy->constraints, FREQ_QOS_MIN);
4389 +- new_policy->max = freq_qos_read_value(&policy->constraints, FREQ_QOS_MAX);
4390 ++ new_data.min = freq_qos_read_value(&policy->constraints, FREQ_QOS_MIN);
4391 ++ new_data.max = freq_qos_read_value(&policy->constraints, FREQ_QOS_MAX);
4392 ++
4393 ++ pr_debug("setting new policy for CPU %u: %u - %u kHz\n",
4394 ++ new_data.cpu, new_data.min, new_data.max);
4395 +
4396 + /*
4397 + * Verify that the CPU speed can be set within these limits and make sure
4398 + * that min <= max.
4399 + */
4400 +- ret = cpufreq_driver->verify(new_policy);
4401 ++ ret = cpufreq_driver->verify(&new_data);
4402 + if (ret)
4403 + return ret;
4404 +
4405 +- policy->min = new_policy->min;
4406 +- policy->max = new_policy->max;
4407 ++ policy->min = new_data.min;
4408 ++ policy->max = new_data.max;
4409 + trace_cpu_frequency_limits(policy);
4410 +
4411 + policy->cached_target_freq = UINT_MAX;
4412 +@@ -2412,12 +2405,12 @@ int cpufreq_set_policy(struct cpufreq_policy *policy,
4413 + policy->min, policy->max);
4414 +
4415 + if (cpufreq_driver->setpolicy) {
4416 +- policy->policy = new_policy->policy;
4417 ++ policy->policy = new_pol;
4418 + pr_debug("setting range\n");
4419 + return cpufreq_driver->setpolicy(policy);
4420 + }
4421 +
4422 +- if (new_policy->governor == policy->governor) {
4423 ++ if (new_gov == policy->governor) {
4424 + pr_debug("governor limits update\n");
4425 + cpufreq_governor_limits(policy);
4426 + return 0;
4427 +@@ -2434,7 +2427,7 @@ int cpufreq_set_policy(struct cpufreq_policy *policy,
4428 + }
4429 +
4430 + /* start new governor */
4431 +- policy->governor = new_policy->governor;
4432 ++ policy->governor = new_gov;
4433 + ret = cpufreq_init_governor(policy);
4434 + if (!ret) {
4435 + ret = cpufreq_start_governor(policy);
4436 +diff --git a/drivers/cpufreq/freq_table.c b/drivers/cpufreq/freq_table.c
4437 +index ded427e0a488..e117b0059123 100644
4438 +--- a/drivers/cpufreq/freq_table.c
4439 ++++ b/drivers/cpufreq/freq_table.c
4440 +@@ -60,7 +60,7 @@ int cpufreq_frequency_table_cpuinfo(struct cpufreq_policy *policy,
4441 + return 0;
4442 + }
4443 +
4444 +-int cpufreq_frequency_table_verify(struct cpufreq_policy *policy,
4445 ++int cpufreq_frequency_table_verify(struct cpufreq_policy_data *policy,
4446 + struct cpufreq_frequency_table *table)
4447 + {
4448 + struct cpufreq_frequency_table *pos;
4449 +@@ -100,7 +100,7 @@ EXPORT_SYMBOL_GPL(cpufreq_frequency_table_verify);
4450 + * Generic routine to verify policy & frequency table, requires driver to set
4451 + * policy->freq_table prior to it.
4452 + */
4453 +-int cpufreq_generic_frequency_table_verify(struct cpufreq_policy *policy)
4454 ++int cpufreq_generic_frequency_table_verify(struct cpufreq_policy_data *policy)
4455 + {
4456 + if (!policy->freq_table)
4457 + return -ENODEV;
4458 +diff --git a/drivers/cpufreq/gx-suspmod.c b/drivers/cpufreq/gx-suspmod.c
4459 +index e97b5733aa24..75b3ef7ec679 100644
4460 +--- a/drivers/cpufreq/gx-suspmod.c
4461 ++++ b/drivers/cpufreq/gx-suspmod.c
4462 +@@ -328,7 +328,7 @@ static void gx_set_cpuspeed(struct cpufreq_policy *policy, unsigned int khz)
4463 + * for the hardware supported by the driver.
4464 + */
4465 +
4466 +-static int cpufreq_gx_verify(struct cpufreq_policy *policy)
4467 ++static int cpufreq_gx_verify(struct cpufreq_policy_data *policy)
4468 + {
4469 + unsigned int tmp_freq = 0;
4470 + u8 tmp1, tmp2;
4471 +diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
4472 +index d2fa3e9ccd97..e23e51230b89 100644
4473 +--- a/drivers/cpufreq/intel_pstate.c
4474 ++++ b/drivers/cpufreq/intel_pstate.c
4475 +@@ -2036,8 +2036,9 @@ static int intel_pstate_get_max_freq(struct cpudata *cpu)
4476 + cpu->pstate.max_freq : cpu->pstate.turbo_freq;
4477 + }
4478 +
4479 +-static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4480 +- struct cpudata *cpu)
4481 ++static void intel_pstate_update_perf_limits(struct cpudata *cpu,
4482 ++ unsigned int policy_min,
4483 ++ unsigned int policy_max)
4484 + {
4485 + int max_freq = intel_pstate_get_max_freq(cpu);
4486 + int32_t max_policy_perf, min_policy_perf;
4487 +@@ -2056,18 +2057,17 @@ static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4488 + turbo_max = cpu->pstate.turbo_pstate;
4489 + }
4490 +
4491 +- max_policy_perf = max_state * policy->max / max_freq;
4492 +- if (policy->max == policy->min) {
4493 ++ max_policy_perf = max_state * policy_max / max_freq;
4494 ++ if (policy_max == policy_min) {
4495 + min_policy_perf = max_policy_perf;
4496 + } else {
4497 +- min_policy_perf = max_state * policy->min / max_freq;
4498 ++ min_policy_perf = max_state * policy_min / max_freq;
4499 + min_policy_perf = clamp_t(int32_t, min_policy_perf,
4500 + 0, max_policy_perf);
4501 + }
4502 +
4503 + pr_debug("cpu:%d max_state %d min_policy_perf:%d max_policy_perf:%d\n",
4504 +- policy->cpu, max_state,
4505 +- min_policy_perf, max_policy_perf);
4506 ++ cpu->cpu, max_state, min_policy_perf, max_policy_perf);
4507 +
4508 + /* Normalize user input to [min_perf, max_perf] */
4509 + if (per_cpu_limits) {
4510 +@@ -2081,7 +2081,7 @@ static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4511 + global_min = DIV_ROUND_UP(turbo_max * global.min_perf_pct, 100);
4512 + global_min = clamp_t(int32_t, global_min, 0, global_max);
4513 +
4514 +- pr_debug("cpu:%d global_min:%d global_max:%d\n", policy->cpu,
4515 ++ pr_debug("cpu:%d global_min:%d global_max:%d\n", cpu->cpu,
4516 + global_min, global_max);
4517 +
4518 + cpu->min_perf_ratio = max(min_policy_perf, global_min);
4519 +@@ -2094,7 +2094,7 @@ static void intel_pstate_update_perf_limits(struct cpufreq_policy *policy,
4520 + cpu->max_perf_ratio);
4521 +
4522 + }
4523 +- pr_debug("cpu:%d max_perf_ratio:%d min_perf_ratio:%d\n", policy->cpu,
4524 ++ pr_debug("cpu:%d max_perf_ratio:%d min_perf_ratio:%d\n", cpu->cpu,
4525 + cpu->max_perf_ratio,
4526 + cpu->min_perf_ratio);
4527 + }
4528 +@@ -2114,7 +2114,7 @@ static int intel_pstate_set_policy(struct cpufreq_policy *policy)
4529 +
4530 + mutex_lock(&intel_pstate_limits_lock);
4531 +
4532 +- intel_pstate_update_perf_limits(policy, cpu);
4533 ++ intel_pstate_update_perf_limits(cpu, policy->min, policy->max);
4534 +
4535 + if (cpu->policy == CPUFREQ_POLICY_PERFORMANCE) {
4536 + /*
4537 +@@ -2143,8 +2143,8 @@ static int intel_pstate_set_policy(struct cpufreq_policy *policy)
4538 + return 0;
4539 + }
4540 +
4541 +-static void intel_pstate_adjust_policy_max(struct cpufreq_policy *policy,
4542 +- struct cpudata *cpu)
4543 ++static void intel_pstate_adjust_policy_max(struct cpudata *cpu,
4544 ++ struct cpufreq_policy_data *policy)
4545 + {
4546 + if (!hwp_active &&
4547 + cpu->pstate.max_pstate_physical > cpu->pstate.max_pstate &&
4548 +@@ -2155,7 +2155,7 @@ static void intel_pstate_adjust_policy_max(struct cpufreq_policy *policy,
4549 + }
4550 + }
4551 +
4552 +-static int intel_pstate_verify_policy(struct cpufreq_policy *policy)
4553 ++static int intel_pstate_verify_policy(struct cpufreq_policy_data *policy)
4554 + {
4555 + struct cpudata *cpu = all_cpu_data[policy->cpu];
4556 +
4557 +@@ -2163,11 +2163,7 @@ static int intel_pstate_verify_policy(struct cpufreq_policy *policy)
4558 + cpufreq_verify_within_limits(policy, policy->cpuinfo.min_freq,
4559 + intel_pstate_get_max_freq(cpu));
4560 +
4561 +- if (policy->policy != CPUFREQ_POLICY_POWERSAVE &&
4562 +- policy->policy != CPUFREQ_POLICY_PERFORMANCE)
4563 +- return -EINVAL;
4564 +-
4565 +- intel_pstate_adjust_policy_max(policy, cpu);
4566 ++ intel_pstate_adjust_policy_max(cpu, policy);
4567 +
4568 + return 0;
4569 + }
4570 +@@ -2268,7 +2264,7 @@ static struct cpufreq_driver intel_pstate = {
4571 + .name = "intel_pstate",
4572 + };
4573 +
4574 +-static int intel_cpufreq_verify_policy(struct cpufreq_policy *policy)
4575 ++static int intel_cpufreq_verify_policy(struct cpufreq_policy_data *policy)
4576 + {
4577 + struct cpudata *cpu = all_cpu_data[policy->cpu];
4578 +
4579 +@@ -2276,9 +2272,9 @@ static int intel_cpufreq_verify_policy(struct cpufreq_policy *policy)
4580 + cpufreq_verify_within_limits(policy, policy->cpuinfo.min_freq,
4581 + intel_pstate_get_max_freq(cpu));
4582 +
4583 +- intel_pstate_adjust_policy_max(policy, cpu);
4584 ++ intel_pstate_adjust_policy_max(cpu, policy);
4585 +
4586 +- intel_pstate_update_perf_limits(policy, cpu);
4587 ++ intel_pstate_update_perf_limits(cpu, policy->min, policy->max);
4588 +
4589 + return 0;
4590 + }
4591 +diff --git a/drivers/cpufreq/longrun.c b/drivers/cpufreq/longrun.c
4592 +index 64b8689f7a4a..0b08be8bff76 100644
4593 +--- a/drivers/cpufreq/longrun.c
4594 ++++ b/drivers/cpufreq/longrun.c
4595 +@@ -122,7 +122,7 @@ static int longrun_set_policy(struct cpufreq_policy *policy)
4596 + * Validates a new CPUFreq policy. This function has to be called with
4597 + * cpufreq_driver locked.
4598 + */
4599 +-static int longrun_verify_policy(struct cpufreq_policy *policy)
4600 ++static int longrun_verify_policy(struct cpufreq_policy_data *policy)
4601 + {
4602 + if (!policy)
4603 + return -EINVAL;
4604 +@@ -130,10 +130,6 @@ static int longrun_verify_policy(struct cpufreq_policy *policy)
4605 + policy->cpu = 0;
4606 + cpufreq_verify_within_cpu_limits(policy);
4607 +
4608 +- if ((policy->policy != CPUFREQ_POLICY_POWERSAVE) &&
4609 +- (policy->policy != CPUFREQ_POLICY_PERFORMANCE))
4610 +- return -EINVAL;
4611 +-
4612 + return 0;
4613 + }
4614 +
4615 +diff --git a/drivers/cpufreq/pcc-cpufreq.c b/drivers/cpufreq/pcc-cpufreq.c
4616 +index fdc767fdbe6a..f90273006553 100644
4617 +--- a/drivers/cpufreq/pcc-cpufreq.c
4618 ++++ b/drivers/cpufreq/pcc-cpufreq.c
4619 +@@ -109,7 +109,7 @@ struct pcc_cpu {
4620 +
4621 + static struct pcc_cpu __percpu *pcc_cpu_info;
4622 +
4623 +-static int pcc_cpufreq_verify(struct cpufreq_policy *policy)
4624 ++static int pcc_cpufreq_verify(struct cpufreq_policy_data *policy)
4625 + {
4626 + cpufreq_verify_within_cpu_limits(policy);
4627 + return 0;
4628 +diff --git a/drivers/cpufreq/sh-cpufreq.c b/drivers/cpufreq/sh-cpufreq.c
4629 +index 5096c0ab781b..0ac265d47ef0 100644
4630 +--- a/drivers/cpufreq/sh-cpufreq.c
4631 ++++ b/drivers/cpufreq/sh-cpufreq.c
4632 +@@ -87,7 +87,7 @@ static int sh_cpufreq_target(struct cpufreq_policy *policy,
4633 + return work_on_cpu(policy->cpu, __sh_cpufreq_target, &data);
4634 + }
4635 +
4636 +-static int sh_cpufreq_verify(struct cpufreq_policy *policy)
4637 ++static int sh_cpufreq_verify(struct cpufreq_policy_data *policy)
4638 + {
4639 + struct clk *cpuclk = &per_cpu(sh_cpuclk, policy->cpu);
4640 + struct cpufreq_frequency_table *freq_table;
4641 +diff --git a/drivers/cpufreq/unicore2-cpufreq.c b/drivers/cpufreq/unicore2-cpufreq.c
4642 +index 707dbc1b7ac8..98d392196df2 100644
4643 +--- a/drivers/cpufreq/unicore2-cpufreq.c
4644 ++++ b/drivers/cpufreq/unicore2-cpufreq.c
4645 +@@ -22,7 +22,7 @@ static struct cpufreq_driver ucv2_driver;
4646 + /* make sure that only the "userspace" governor is run
4647 + * -- anything else wouldn't make sense on this platform, anyway.
4648 + */
4649 +-static int ucv2_verify_speed(struct cpufreq_policy *policy)
4650 ++static int ucv2_verify_speed(struct cpufreq_policy_data *policy)
4651 + {
4652 + if (policy->cpu)
4653 + return -EINVAL;
4654 +diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c
4655 +index 73a7649f915d..9e8b8dede920 100644
4656 +--- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c
4657 ++++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c
4658 +@@ -624,7 +624,7 @@ error_alg:
4659 + error_irq:
4660 + sun8i_ce_pm_exit(ce);
4661 + error_pm:
4662 +- sun8i_ce_free_chanlist(ce, MAXFLOW);
4663 ++ sun8i_ce_free_chanlist(ce, MAXFLOW - 1);
4664 + return err;
4665 + }
4666 +
4667 +@@ -638,7 +638,7 @@ static int sun8i_ce_remove(struct platform_device *pdev)
4668 + debugfs_remove_recursive(ce->dbgfs_dir);
4669 + #endif
4670 +
4671 +- sun8i_ce_free_chanlist(ce, MAXFLOW);
4672 ++ sun8i_ce_free_chanlist(ce, MAXFLOW - 1);
4673 +
4674 + sun8i_ce_pm_exit(ce);
4675 + return 0;
4676 +diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c
4677 +index 90997cc509b8..6b301afffd11 100644
4678 +--- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c
4679 ++++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c
4680 +@@ -595,7 +595,7 @@ error_alg:
4681 + error_irq:
4682 + sun8i_ss_pm_exit(ss);
4683 + error_pm:
4684 +- sun8i_ss_free_flows(ss, MAXFLOW);
4685 ++ sun8i_ss_free_flows(ss, MAXFLOW - 1);
4686 + return err;
4687 + }
4688 +
4689 +@@ -609,7 +609,7 @@ static int sun8i_ss_remove(struct platform_device *pdev)
4690 + debugfs_remove_recursive(ss->dbgfs_dir);
4691 + #endif
4692 +
4693 +- sun8i_ss_free_flows(ss, MAXFLOW);
4694 ++ sun8i_ss_free_flows(ss, MAXFLOW - 1);
4695 +
4696 + sun8i_ss_pm_exit(ss);
4697 +
4698 +diff --git a/drivers/crypto/amlogic/amlogic-gxl-core.c b/drivers/crypto/amlogic/amlogic-gxl-core.c
4699 +index fa05fce1c0de..9d4ead2f7ebb 100644
4700 +--- a/drivers/crypto/amlogic/amlogic-gxl-core.c
4701 ++++ b/drivers/crypto/amlogic/amlogic-gxl-core.c
4702 +@@ -289,7 +289,7 @@ static int meson_crypto_probe(struct platform_device *pdev)
4703 + error_alg:
4704 + meson_unregister_algs(mc);
4705 + error_flow:
4706 +- meson_free_chanlist(mc, MAXFLOW);
4707 ++ meson_free_chanlist(mc, MAXFLOW - 1);
4708 + clk_disable_unprepare(mc->busclk);
4709 + return err;
4710 + }
4711 +@@ -304,7 +304,7 @@ static int meson_crypto_remove(struct platform_device *pdev)
4712 +
4713 + meson_unregister_algs(mc);
4714 +
4715 +- meson_free_chanlist(mc, MAXFLOW);
4716 ++ meson_free_chanlist(mc, MAXFLOW - 1);
4717 +
4718 + clk_disable_unprepare(mc->busclk);
4719 + return 0;
4720 +diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
4721 +index 91092504bc96..b4dee726b253 100644
4722 +--- a/drivers/crypto/atmel-aes.c
4723 ++++ b/drivers/crypto/atmel-aes.c
4724 +@@ -89,7 +89,6 @@
4725 + struct atmel_aes_caps {
4726 + bool has_dualbuff;
4727 + bool has_cfb64;
4728 +- bool has_ctr32;
4729 + bool has_gcm;
4730 + bool has_xts;
4731 + bool has_authenc;
4732 +@@ -122,6 +121,7 @@ struct atmel_aes_ctr_ctx {
4733 + size_t offset;
4734 + struct scatterlist src[2];
4735 + struct scatterlist dst[2];
4736 ++ u32 blocks;
4737 + };
4738 +
4739 + struct atmel_aes_gcm_ctx {
4740 +@@ -514,8 +514,37 @@ static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd)
4741 + }
4742 + }
4743 +
4744 ++static inline struct atmel_aes_ctr_ctx *
4745 ++atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx)
4746 ++{
4747 ++ return container_of(ctx, struct atmel_aes_ctr_ctx, base);
4748 ++}
4749 ++
4750 ++static void atmel_aes_ctr_update_req_iv(struct atmel_aes_dev *dd)
4751 ++{
4752 ++ struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
4753 ++ struct skcipher_request *req = skcipher_request_cast(dd->areq);
4754 ++ struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
4755 ++ unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
4756 ++ int i;
4757 ++
4758 ++ /*
4759 ++ * The CTR transfer works in fragments of data of maximum 1 MByte
4760 ++ * because of the 16 bit CTR counter embedded in the IP. When reaching
4761 ++ * here, ctx->blocks contains the number of blocks of the last fragment
4762 ++ * processed, there is no need to explicit cast it to u16.
4763 ++ */
4764 ++ for (i = 0; i < ctx->blocks; i++)
4765 ++ crypto_inc((u8 *)ctx->iv, AES_BLOCK_SIZE);
4766 ++
4767 ++ memcpy(req->iv, ctx->iv, ivsize);
4768 ++}
4769 ++
4770 + static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
4771 + {
4772 ++ struct skcipher_request *req = skcipher_request_cast(dd->areq);
4773 ++ struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
4774 ++
4775 + #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
4776 + if (dd->ctx->is_aead)
4777 + atmel_aes_authenc_complete(dd, err);
4778 +@@ -524,8 +553,13 @@ static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
4779 + clk_disable(dd->iclk);
4780 + dd->flags &= ~AES_FLAGS_BUSY;
4781 +
4782 +- if (!dd->ctx->is_aead)
4783 +- atmel_aes_set_iv_as_last_ciphertext_block(dd);
4784 ++ if (!dd->ctx->is_aead &&
4785 ++ (rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_ECB) {
4786 ++ if ((rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_CTR)
4787 ++ atmel_aes_set_iv_as_last_ciphertext_block(dd);
4788 ++ else
4789 ++ atmel_aes_ctr_update_req_iv(dd);
4790 ++ }
4791 +
4792 + if (dd->is_async)
4793 + dd->areq->complete(dd->areq, err);
4794 +@@ -1004,19 +1038,14 @@ static int atmel_aes_start(struct atmel_aes_dev *dd)
4795 + atmel_aes_transfer_complete);
4796 + }
4797 +
4798 +-static inline struct atmel_aes_ctr_ctx *
4799 +-atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx)
4800 +-{
4801 +- return container_of(ctx, struct atmel_aes_ctr_ctx, base);
4802 +-}
4803 +-
4804 + static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
4805 + {
4806 + struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
4807 + struct skcipher_request *req = skcipher_request_cast(dd->areq);
4808 + struct scatterlist *src, *dst;
4809 +- u32 ctr, blocks;
4810 + size_t datalen;
4811 ++ u32 ctr;
4812 ++ u16 start, end;
4813 + bool use_dma, fragmented = false;
4814 +
4815 + /* Check for transfer completion. */
4816 +@@ -1026,29 +1055,19 @@ static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
4817 +
4818 + /* Compute data length. */
4819 + datalen = req->cryptlen - ctx->offset;
4820 +- blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
4821 ++ ctx->blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
4822 + ctr = be32_to_cpu(ctx->iv[3]);
4823 +- if (dd->caps.has_ctr32) {
4824 +- /* Check 32bit counter overflow. */
4825 +- u32 start = ctr;
4826 +- u32 end = start + blocks - 1;
4827 +-
4828 +- if (end < start) {
4829 +- ctr |= 0xffffffff;
4830 +- datalen = AES_BLOCK_SIZE * -start;
4831 +- fragmented = true;
4832 +- }
4833 +- } else {
4834 +- /* Check 16bit counter overflow. */
4835 +- u16 start = ctr & 0xffff;
4836 +- u16 end = start + (u16)blocks - 1;
4837 +-
4838 +- if (blocks >> 16 || end < start) {
4839 +- ctr |= 0xffff;
4840 +- datalen = AES_BLOCK_SIZE * (0x10000-start);
4841 +- fragmented = true;
4842 +- }
4843 ++
4844 ++ /* Check 16bit counter overflow. */
4845 ++ start = ctr & 0xffff;
4846 ++ end = start + ctx->blocks - 1;
4847 ++
4848 ++ if (ctx->blocks >> 16 || end < start) {
4849 ++ ctr |= 0xffff;
4850 ++ datalen = AES_BLOCK_SIZE * (0x10000 - start);
4851 ++ fragmented = true;
4852 + }
4853 ++
4854 + use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD);
4855 +
4856 + /* Jump to offset. */
4857 +@@ -1131,7 +1150,8 @@ static int atmel_aes_crypt(struct skcipher_request *req, unsigned long mode)
4858 + rctx = skcipher_request_ctx(req);
4859 + rctx->mode = mode;
4860 +
4861 +- if (!(mode & AES_FLAGS_ENCRYPT) && (req->src == req->dst)) {
4862 ++ if ((mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_ECB &&
4863 ++ !(mode & AES_FLAGS_ENCRYPT) && req->src == req->dst) {
4864 + unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
4865 +
4866 + if (req->cryptlen >= ivsize)
4867 +@@ -2533,7 +2553,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
4868 + {
4869 + dd->caps.has_dualbuff = 0;
4870 + dd->caps.has_cfb64 = 0;
4871 +- dd->caps.has_ctr32 = 0;
4872 + dd->caps.has_gcm = 0;
4873 + dd->caps.has_xts = 0;
4874 + dd->caps.has_authenc = 0;
4875 +@@ -2544,7 +2563,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
4876 + case 0x500:
4877 + dd->caps.has_dualbuff = 1;
4878 + dd->caps.has_cfb64 = 1;
4879 +- dd->caps.has_ctr32 = 1;
4880 + dd->caps.has_gcm = 1;
4881 + dd->caps.has_xts = 1;
4882 + dd->caps.has_authenc = 1;
4883 +@@ -2553,7 +2571,6 @@ static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
4884 + case 0x200:
4885 + dd->caps.has_dualbuff = 1;
4886 + dd->caps.has_cfb64 = 1;
4887 +- dd->caps.has_ctr32 = 1;
4888 + dd->caps.has_gcm = 1;
4889 + dd->caps.max_burst_size = 4;
4890 + break;
4891 +diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c
4892 +index 0c1f79b30fc1..fde34846b017 100644
4893 +--- a/drivers/crypto/atmel-tdes.c
4894 ++++ b/drivers/crypto/atmel-tdes.c
4895 +@@ -41,20 +41,23 @@
4896 + #include "atmel-tdes-regs.h"
4897 +
4898 + /* TDES flags */
4899 +-#define TDES_FLAGS_MODE_MASK 0x00ff
4900 +-#define TDES_FLAGS_ENCRYPT BIT(0)
4901 +-#define TDES_FLAGS_CBC BIT(1)
4902 +-#define TDES_FLAGS_CFB BIT(2)
4903 +-#define TDES_FLAGS_CFB8 BIT(3)
4904 +-#define TDES_FLAGS_CFB16 BIT(4)
4905 +-#define TDES_FLAGS_CFB32 BIT(5)
4906 +-#define TDES_FLAGS_CFB64 BIT(6)
4907 +-#define TDES_FLAGS_OFB BIT(7)
4908 +-
4909 +-#define TDES_FLAGS_INIT BIT(16)
4910 +-#define TDES_FLAGS_FAST BIT(17)
4911 +-#define TDES_FLAGS_BUSY BIT(18)
4912 +-#define TDES_FLAGS_DMA BIT(19)
4913 ++/* Reserve bits [17:16], [13:12], [2:0] for AES Mode Register */
4914 ++#define TDES_FLAGS_ENCRYPT TDES_MR_CYPHER_ENC
4915 ++#define TDES_FLAGS_OPMODE_MASK (TDES_MR_OPMOD_MASK | TDES_MR_CFBS_MASK)
4916 ++#define TDES_FLAGS_ECB TDES_MR_OPMOD_ECB
4917 ++#define TDES_FLAGS_CBC TDES_MR_OPMOD_CBC
4918 ++#define TDES_FLAGS_OFB TDES_MR_OPMOD_OFB
4919 ++#define TDES_FLAGS_CFB64 (TDES_MR_OPMOD_CFB | TDES_MR_CFBS_64b)
4920 ++#define TDES_FLAGS_CFB32 (TDES_MR_OPMOD_CFB | TDES_MR_CFBS_32b)
4921 ++#define TDES_FLAGS_CFB16 (TDES_MR_OPMOD_CFB | TDES_MR_CFBS_16b)
4922 ++#define TDES_FLAGS_CFB8 (TDES_MR_OPMOD_CFB | TDES_MR_CFBS_8b)
4923 ++
4924 ++#define TDES_FLAGS_MODE_MASK (TDES_FLAGS_OPMODE_MASK | TDES_FLAGS_ENCRYPT)
4925 ++
4926 ++#define TDES_FLAGS_INIT BIT(3)
4927 ++#define TDES_FLAGS_FAST BIT(4)
4928 ++#define TDES_FLAGS_BUSY BIT(5)
4929 ++#define TDES_FLAGS_DMA BIT(6)
4930 +
4931 + #define ATMEL_TDES_QUEUE_LENGTH 50
4932 +
4933 +@@ -282,25 +285,7 @@ static int atmel_tdes_write_ctrl(struct atmel_tdes_dev *dd)
4934 + valmr |= TDES_MR_TDESMOD_DES;
4935 + }
4936 +
4937 +- if (dd->flags & TDES_FLAGS_CBC) {
4938 +- valmr |= TDES_MR_OPMOD_CBC;
4939 +- } else if (dd->flags & TDES_FLAGS_CFB) {
4940 +- valmr |= TDES_MR_OPMOD_CFB;
4941 +-
4942 +- if (dd->flags & TDES_FLAGS_CFB8)
4943 +- valmr |= TDES_MR_CFBS_8b;
4944 +- else if (dd->flags & TDES_FLAGS_CFB16)
4945 +- valmr |= TDES_MR_CFBS_16b;
4946 +- else if (dd->flags & TDES_FLAGS_CFB32)
4947 +- valmr |= TDES_MR_CFBS_32b;
4948 +- else if (dd->flags & TDES_FLAGS_CFB64)
4949 +- valmr |= TDES_MR_CFBS_64b;
4950 +- } else if (dd->flags & TDES_FLAGS_OFB) {
4951 +- valmr |= TDES_MR_OPMOD_OFB;
4952 +- }
4953 +-
4954 +- if ((dd->flags & TDES_FLAGS_ENCRYPT) || (dd->flags & TDES_FLAGS_OFB))
4955 +- valmr |= TDES_MR_CYPHER_ENC;
4956 ++ valmr |= dd->flags & TDES_FLAGS_MODE_MASK;
4957 +
4958 + atmel_tdes_write(dd, TDES_CR, valcr);
4959 + atmel_tdes_write(dd, TDES_MR, valmr);
4960 +@@ -308,10 +293,8 @@ static int atmel_tdes_write_ctrl(struct atmel_tdes_dev *dd)
4961 + atmel_tdes_write_n(dd, TDES_KEY1W1R, dd->ctx->key,
4962 + dd->ctx->keylen >> 2);
4963 +
4964 +- if (((dd->flags & TDES_FLAGS_CBC) || (dd->flags & TDES_FLAGS_CFB) ||
4965 +- (dd->flags & TDES_FLAGS_OFB)) && dd->req->iv) {
4966 ++ if (dd->req->iv && (valmr & TDES_MR_OPMOD_MASK) != TDES_MR_OPMOD_ECB)
4967 + atmel_tdes_write_n(dd, TDES_IV1R, (void *)dd->req->iv, 2);
4968 +- }
4969 +
4970 + return 0;
4971 + }
4972 +@@ -402,6 +385,7 @@ static int atmel_tdes_crypt_pdc(struct crypto_tfm *tfm, dma_addr_t dma_addr_in,
4973 + {
4974 + struct atmel_tdes_ctx *ctx = crypto_tfm_ctx(tfm);
4975 + struct atmel_tdes_dev *dd = ctx->dd;
4976 ++ struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(dd->req);
4977 + int len32;
4978 +
4979 + dd->dma_size = length;
4980 +@@ -411,12 +395,19 @@ static int atmel_tdes_crypt_pdc(struct crypto_tfm *tfm, dma_addr_t dma_addr_in,
4981 + DMA_TO_DEVICE);
4982 + }
4983 +
4984 +- if ((dd->flags & TDES_FLAGS_CFB) && (dd->flags & TDES_FLAGS_CFB8))
4985 ++ switch (rctx->mode & TDES_FLAGS_OPMODE_MASK) {
4986 ++ case TDES_FLAGS_CFB8:
4987 + len32 = DIV_ROUND_UP(length, sizeof(u8));
4988 +- else if ((dd->flags & TDES_FLAGS_CFB) && (dd->flags & TDES_FLAGS_CFB16))
4989 ++ break;
4990 ++
4991 ++ case TDES_FLAGS_CFB16:
4992 + len32 = DIV_ROUND_UP(length, sizeof(u16));
4993 +- else
4994 ++ break;
4995 ++
4996 ++ default:
4997 + len32 = DIV_ROUND_UP(length, sizeof(u32));
4998 ++ break;
4999 ++ }
5000 +
5001 + atmel_tdes_write(dd, TDES_PTCR, TDES_PTCR_TXTDIS|TDES_PTCR_RXTDIS);
5002 + atmel_tdes_write(dd, TDES_TPR, dma_addr_in);
5003 +@@ -438,8 +429,10 @@ static int atmel_tdes_crypt_dma(struct crypto_tfm *tfm, dma_addr_t dma_addr_in,
5004 + {
5005 + struct atmel_tdes_ctx *ctx = crypto_tfm_ctx(tfm);
5006 + struct atmel_tdes_dev *dd = ctx->dd;
5007 ++ struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(dd->req);
5008 + struct scatterlist sg[2];
5009 + struct dma_async_tx_descriptor *in_desc, *out_desc;
5010 ++ enum dma_slave_buswidth addr_width;
5011 +
5012 + dd->dma_size = length;
5013 +
5014 +@@ -448,23 +441,23 @@ static int atmel_tdes_crypt_dma(struct crypto_tfm *tfm, dma_addr_t dma_addr_in,
5015 + DMA_TO_DEVICE);
5016 + }
5017 +
5018 +- if (dd->flags & TDES_FLAGS_CFB8) {
5019 +- dd->dma_lch_in.dma_conf.dst_addr_width =
5020 +- DMA_SLAVE_BUSWIDTH_1_BYTE;
5021 +- dd->dma_lch_out.dma_conf.src_addr_width =
5022 +- DMA_SLAVE_BUSWIDTH_1_BYTE;
5023 +- } else if (dd->flags & TDES_FLAGS_CFB16) {
5024 +- dd->dma_lch_in.dma_conf.dst_addr_width =
5025 +- DMA_SLAVE_BUSWIDTH_2_BYTES;
5026 +- dd->dma_lch_out.dma_conf.src_addr_width =
5027 +- DMA_SLAVE_BUSWIDTH_2_BYTES;
5028 +- } else {
5029 +- dd->dma_lch_in.dma_conf.dst_addr_width =
5030 +- DMA_SLAVE_BUSWIDTH_4_BYTES;
5031 +- dd->dma_lch_out.dma_conf.src_addr_width =
5032 +- DMA_SLAVE_BUSWIDTH_4_BYTES;
5033 ++ switch (rctx->mode & TDES_FLAGS_OPMODE_MASK) {
5034 ++ case TDES_FLAGS_CFB8:
5035 ++ addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
5036 ++ break;
5037 ++
5038 ++ case TDES_FLAGS_CFB16:
5039 ++ addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
5040 ++ break;
5041 ++
5042 ++ default:
5043 ++ addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
5044 ++ break;
5045 + }
5046 +
5047 ++ dd->dma_lch_in.dma_conf.dst_addr_width = addr_width;
5048 ++ dd->dma_lch_out.dma_conf.src_addr_width = addr_width;
5049 ++
5050 + dmaengine_slave_config(dd->dma_lch_in.chan, &dd->dma_lch_in.dma_conf);
5051 + dmaengine_slave_config(dd->dma_lch_out.chan, &dd->dma_lch_out.dma_conf);
5052 +
5053 +@@ -600,12 +593,14 @@ atmel_tdes_set_iv_as_last_ciphertext_block(struct atmel_tdes_dev *dd)
5054 + static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
5055 + {
5056 + struct skcipher_request *req = dd->req;
5057 ++ struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(req);
5058 +
5059 + clk_disable_unprepare(dd->iclk);
5060 +
5061 + dd->flags &= ~TDES_FLAGS_BUSY;
5062 +
5063 +- atmel_tdes_set_iv_as_last_ciphertext_block(dd);
5064 ++ if ((rctx->mode & TDES_FLAGS_OPMODE_MASK) != TDES_FLAGS_ECB)
5065 ++ atmel_tdes_set_iv_as_last_ciphertext_block(dd);
5066 +
5067 + req->base.complete(&req->base, err);
5068 + }
5069 +@@ -699,35 +694,44 @@ static int atmel_tdes_crypt(struct skcipher_request *req, unsigned long mode)
5070 + struct atmel_tdes_ctx *ctx = crypto_skcipher_ctx(skcipher);
5071 + struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(req);
5072 +
5073 +- if (mode & TDES_FLAGS_CFB8) {
5074 ++ switch (mode & TDES_FLAGS_OPMODE_MASK) {
5075 ++ case TDES_FLAGS_CFB8:
5076 + if (!IS_ALIGNED(req->cryptlen, CFB8_BLOCK_SIZE)) {
5077 + pr_err("request size is not exact amount of CFB8 blocks\n");
5078 + return -EINVAL;
5079 + }
5080 + ctx->block_size = CFB8_BLOCK_SIZE;
5081 +- } else if (mode & TDES_FLAGS_CFB16) {
5082 ++ break;
5083 ++
5084 ++ case TDES_FLAGS_CFB16:
5085 + if (!IS_ALIGNED(req->cryptlen, CFB16_BLOCK_SIZE)) {
5086 + pr_err("request size is not exact amount of CFB16 blocks\n");
5087 + return -EINVAL;
5088 + }
5089 + ctx->block_size = CFB16_BLOCK_SIZE;
5090 +- } else if (mode & TDES_FLAGS_CFB32) {
5091 ++ break;
5092 ++
5093 ++ case TDES_FLAGS_CFB32:
5094 + if (!IS_ALIGNED(req->cryptlen, CFB32_BLOCK_SIZE)) {
5095 + pr_err("request size is not exact amount of CFB32 blocks\n");
5096 + return -EINVAL;
5097 + }
5098 + ctx->block_size = CFB32_BLOCK_SIZE;
5099 +- } else {
5100 ++ break;
5101 ++
5102 ++ default:
5103 + if (!IS_ALIGNED(req->cryptlen, DES_BLOCK_SIZE)) {
5104 + pr_err("request size is not exact amount of DES blocks\n");
5105 + return -EINVAL;
5106 + }
5107 + ctx->block_size = DES_BLOCK_SIZE;
5108 ++ break;
5109 + }
5110 +
5111 + rctx->mode = mode;
5112 +
5113 +- if (!(mode & TDES_FLAGS_ENCRYPT) && req->src == req->dst) {
5114 ++ if ((mode & TDES_FLAGS_OPMODE_MASK) != TDES_FLAGS_ECB &&
5115 ++ !(mode & TDES_FLAGS_ENCRYPT) && req->src == req->dst) {
5116 + unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
5117 +
5118 + if (req->cryptlen >= ivsize)
5119 +@@ -841,17 +845,17 @@ static int atmel_tdes_setkey(struct crypto_skcipher *tfm, const u8 *key,
5120 +
5121 + static int atmel_tdes_ecb_encrypt(struct skcipher_request *req)
5122 + {
5123 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT);
5124 ++ return atmel_tdes_crypt(req, TDES_FLAGS_ECB | TDES_FLAGS_ENCRYPT);
5125 + }
5126 +
5127 + static int atmel_tdes_ecb_decrypt(struct skcipher_request *req)
5128 + {
5129 +- return atmel_tdes_crypt(req, 0);
5130 ++ return atmel_tdes_crypt(req, TDES_FLAGS_ECB);
5131 + }
5132 +
5133 + static int atmel_tdes_cbc_encrypt(struct skcipher_request *req)
5134 + {
5135 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT | TDES_FLAGS_CBC);
5136 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CBC | TDES_FLAGS_ENCRYPT);
5137 + }
5138 +
5139 + static int atmel_tdes_cbc_decrypt(struct skcipher_request *req)
5140 +@@ -860,50 +864,47 @@ static int atmel_tdes_cbc_decrypt(struct skcipher_request *req)
5141 + }
5142 + static int atmel_tdes_cfb_encrypt(struct skcipher_request *req)
5143 + {
5144 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT | TDES_FLAGS_CFB);
5145 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB64 | TDES_FLAGS_ENCRYPT);
5146 + }
5147 +
5148 + static int atmel_tdes_cfb_decrypt(struct skcipher_request *req)
5149 + {
5150 +- return atmel_tdes_crypt(req, TDES_FLAGS_CFB);
5151 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB64);
5152 + }
5153 +
5154 + static int atmel_tdes_cfb8_encrypt(struct skcipher_request *req)
5155 + {
5156 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT | TDES_FLAGS_CFB |
5157 +- TDES_FLAGS_CFB8);
5158 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB8 | TDES_FLAGS_ENCRYPT);
5159 + }
5160 +
5161 + static int atmel_tdes_cfb8_decrypt(struct skcipher_request *req)
5162 + {
5163 +- return atmel_tdes_crypt(req, TDES_FLAGS_CFB | TDES_FLAGS_CFB8);
5164 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB8);
5165 + }
5166 +
5167 + static int atmel_tdes_cfb16_encrypt(struct skcipher_request *req)
5168 + {
5169 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT | TDES_FLAGS_CFB |
5170 +- TDES_FLAGS_CFB16);
5171 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB16 | TDES_FLAGS_ENCRYPT);
5172 + }
5173 +
5174 + static int atmel_tdes_cfb16_decrypt(struct skcipher_request *req)
5175 + {
5176 +- return atmel_tdes_crypt(req, TDES_FLAGS_CFB | TDES_FLAGS_CFB16);
5177 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB16);
5178 + }
5179 +
5180 + static int atmel_tdes_cfb32_encrypt(struct skcipher_request *req)
5181 + {
5182 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT | TDES_FLAGS_CFB |
5183 +- TDES_FLAGS_CFB32);
5184 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB32 | TDES_FLAGS_ENCRYPT);
5185 + }
5186 +
5187 + static int atmel_tdes_cfb32_decrypt(struct skcipher_request *req)
5188 + {
5189 +- return atmel_tdes_crypt(req, TDES_FLAGS_CFB | TDES_FLAGS_CFB32);
5190 ++ return atmel_tdes_crypt(req, TDES_FLAGS_CFB32);
5191 + }
5192 +
5193 + static int atmel_tdes_ofb_encrypt(struct skcipher_request *req)
5194 + {
5195 +- return atmel_tdes_crypt(req, TDES_FLAGS_ENCRYPT | TDES_FLAGS_OFB);
5196 ++ return atmel_tdes_crypt(req, TDES_FLAGS_OFB | TDES_FLAGS_ENCRYPT);
5197 + }
5198 +
5199 + static int atmel_tdes_ofb_decrypt(struct skcipher_request *req)
5200 +diff --git a/drivers/crypto/ccp/ccp-dev-v3.c b/drivers/crypto/ccp/ccp-dev-v3.c
5201 +index 0186b3df4c87..0d5576f6ad21 100644
5202 +--- a/drivers/crypto/ccp/ccp-dev-v3.c
5203 ++++ b/drivers/crypto/ccp/ccp-dev-v3.c
5204 +@@ -586,6 +586,7 @@ const struct ccp_vdata ccpv3_platform = {
5205 + .setup = NULL,
5206 + .perform = &ccp3_actions,
5207 + .offset = 0,
5208 ++ .rsamax = CCP_RSA_MAX_WIDTH,
5209 + };
5210 +
5211 + const struct ccp_vdata ccpv3 = {
5212 +diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
5213 +index 64d318dc0d47..22d3e0e8b68c 100644
5214 +--- a/drivers/crypto/ccree/cc_aead.c
5215 ++++ b/drivers/crypto/ccree/cc_aead.c
5216 +@@ -237,7 +237,7 @@ static void cc_aead_complete(struct device *dev, void *cc_req, int err)
5217 + * revealed the decrypted message --> zero its memory.
5218 + */
5219 + sg_zero_buffer(areq->dst, sg_nents(areq->dst),
5220 +- areq->cryptlen, 0);
5221 ++ areq->cryptlen, areq->assoclen);
5222 + err = -EBADMSG;
5223 + }
5224 + /*ENCRYPT*/
5225 +diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
5226 +index 3112b58d0bb1..56c9a8f26435 100644
5227 +--- a/drivers/crypto/ccree/cc_cipher.c
5228 ++++ b/drivers/crypto/ccree/cc_cipher.c
5229 +@@ -523,6 +523,7 @@ static void cc_setup_readiv_desc(struct crypto_tfm *tfm,
5230 + }
5231 + }
5232 +
5233 ++
5234 + static void cc_setup_state_desc(struct crypto_tfm *tfm,
5235 + struct cipher_req_ctx *req_ctx,
5236 + unsigned int ivsize, unsigned int nbytes,
5237 +@@ -534,8 +535,6 @@ static void cc_setup_state_desc(struct crypto_tfm *tfm,
5238 + int cipher_mode = ctx_p->cipher_mode;
5239 + int flow_mode = ctx_p->flow_mode;
5240 + int direction = req_ctx->gen_ctx.op_type;
5241 +- dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
5242 +- unsigned int key_len = ctx_p->keylen;
5243 + dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
5244 + unsigned int du_size = nbytes;
5245 +
5246 +@@ -570,6 +569,47 @@ static void cc_setup_state_desc(struct crypto_tfm *tfm,
5247 + break;
5248 + case DRV_CIPHER_XTS:
5249 + case DRV_CIPHER_ESSIV:
5250 ++ case DRV_CIPHER_BITLOCKER:
5251 ++ break;
5252 ++ default:
5253 ++ dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
5254 ++ }
5255 ++}
5256 ++
5257 ++
5258 ++static void cc_setup_xex_state_desc(struct crypto_tfm *tfm,
5259 ++ struct cipher_req_ctx *req_ctx,
5260 ++ unsigned int ivsize, unsigned int nbytes,
5261 ++ struct cc_hw_desc desc[],
5262 ++ unsigned int *seq_size)
5263 ++{
5264 ++ struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
5265 ++ struct device *dev = drvdata_to_dev(ctx_p->drvdata);
5266 ++ int cipher_mode = ctx_p->cipher_mode;
5267 ++ int flow_mode = ctx_p->flow_mode;
5268 ++ int direction = req_ctx->gen_ctx.op_type;
5269 ++ dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
5270 ++ unsigned int key_len = ctx_p->keylen;
5271 ++ dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
5272 ++ unsigned int du_size = nbytes;
5273 ++
5274 ++ struct cc_crypto_alg *cc_alg =
5275 ++ container_of(tfm->__crt_alg, struct cc_crypto_alg,
5276 ++ skcipher_alg.base);
5277 ++
5278 ++ if (cc_alg->data_unit)
5279 ++ du_size = cc_alg->data_unit;
5280 ++
5281 ++ switch (cipher_mode) {
5282 ++ case DRV_CIPHER_ECB:
5283 ++ break;
5284 ++ case DRV_CIPHER_CBC:
5285 ++ case DRV_CIPHER_CBC_CTS:
5286 ++ case DRV_CIPHER_CTR:
5287 ++ case DRV_CIPHER_OFB:
5288 ++ break;
5289 ++ case DRV_CIPHER_XTS:
5290 ++ case DRV_CIPHER_ESSIV:
5291 + case DRV_CIPHER_BITLOCKER:
5292 + /* load XEX key */
5293 + hw_desc_init(&desc[*seq_size]);
5294 +@@ -881,12 +921,14 @@ static int cc_cipher_process(struct skcipher_request *req,
5295 +
5296 + /* STAT_PHASE_2: Create sequence */
5297 +
5298 +- /* Setup IV and XEX key used */
5299 ++ /* Setup state (IV) */
5300 + cc_setup_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
5301 + /* Setup MLLI line, if needed */
5302 + cc_setup_mlli_desc(tfm, req_ctx, dst, src, nbytes, req, desc, &seq_len);
5303 + /* Setup key */
5304 + cc_setup_key_desc(tfm, req_ctx, nbytes, desc, &seq_len);
5305 ++ /* Setup state (IV and XEX key) */
5306 ++ cc_setup_xex_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
5307 + /* Data processing */
5308 + cc_setup_flow_desc(tfm, req_ctx, dst, src, nbytes, desc, &seq_len);
5309 + /* Read next IV */
5310 +diff --git a/drivers/crypto/ccree/cc_driver.h b/drivers/crypto/ccree/cc_driver.h
5311 +index ab31d4a68c80..7d2f7e2c0bb5 100644
5312 +--- a/drivers/crypto/ccree/cc_driver.h
5313 ++++ b/drivers/crypto/ccree/cc_driver.h
5314 +@@ -161,6 +161,7 @@ struct cc_drvdata {
5315 + int std_bodies;
5316 + bool sec_disabled;
5317 + u32 comp_mask;
5318 ++ bool pm_on;
5319 + };
5320 +
5321 + struct cc_crypto_alg {
5322 +diff --git a/drivers/crypto/ccree/cc_pm.c b/drivers/crypto/ccree/cc_pm.c
5323 +index dbc508fb719b..452bd77a9ba0 100644
5324 +--- a/drivers/crypto/ccree/cc_pm.c
5325 ++++ b/drivers/crypto/ccree/cc_pm.c
5326 +@@ -22,14 +22,8 @@ const struct dev_pm_ops ccree_pm = {
5327 + int cc_pm_suspend(struct device *dev)
5328 + {
5329 + struct cc_drvdata *drvdata = dev_get_drvdata(dev);
5330 +- int rc;
5331 +
5332 + dev_dbg(dev, "set HOST_POWER_DOWN_EN\n");
5333 +- rc = cc_suspend_req_queue(drvdata);
5334 +- if (rc) {
5335 +- dev_err(dev, "cc_suspend_req_queue (%x)\n", rc);
5336 +- return rc;
5337 +- }
5338 + fini_cc_regs(drvdata);
5339 + cc_iowrite(drvdata, CC_REG(HOST_POWER_DOWN_EN), POWER_DOWN_ENABLE);
5340 + cc_clk_off(drvdata);
5341 +@@ -63,13 +57,6 @@ int cc_pm_resume(struct device *dev)
5342 + /* check if tee fips error occurred during power down */
5343 + cc_tee_handle_fips_error(drvdata);
5344 +
5345 +- rc = cc_resume_req_queue(drvdata);
5346 +- if (rc) {
5347 +- dev_err(dev, "cc_resume_req_queue (%x)\n", rc);
5348 +- return rc;
5349 +- }
5350 +-
5351 +- /* must be after the queue resuming as it uses the HW queue*/
5352 + cc_init_hash_sram(drvdata);
5353 +
5354 + return 0;
5355 +@@ -80,12 +67,10 @@ int cc_pm_get(struct device *dev)
5356 + int rc = 0;
5357 + struct cc_drvdata *drvdata = dev_get_drvdata(dev);
5358 +
5359 +- if (cc_req_queue_suspended(drvdata))
5360 ++ if (drvdata->pm_on)
5361 + rc = pm_runtime_get_sync(dev);
5362 +- else
5363 +- pm_runtime_get_noresume(dev);
5364 +
5365 +- return rc;
5366 ++ return (rc == 1 ? 0 : rc);
5367 + }
5368 +
5369 + int cc_pm_put_suspend(struct device *dev)
5370 +@@ -93,14 +78,11 @@ int cc_pm_put_suspend(struct device *dev)
5371 + int rc = 0;
5372 + struct cc_drvdata *drvdata = dev_get_drvdata(dev);
5373 +
5374 +- if (!cc_req_queue_suspended(drvdata)) {
5375 ++ if (drvdata->pm_on) {
5376 + pm_runtime_mark_last_busy(dev);
5377 + rc = pm_runtime_put_autosuspend(dev);
5378 +- } else {
5379 +- /* Something wrong happens*/
5380 +- dev_err(dev, "request to suspend already suspended queue");
5381 +- rc = -EBUSY;
5382 + }
5383 ++
5384 + return rc;
5385 + }
5386 +
5387 +@@ -117,7 +99,7 @@ int cc_pm_init(struct cc_drvdata *drvdata)
5388 + /* must be before the enabling to avoid resdundent suspending */
5389 + pm_runtime_set_autosuspend_delay(dev, CC_SUSPEND_TIMEOUT);
5390 + pm_runtime_use_autosuspend(dev);
5391 +- /* activate the PM module */
5392 ++ /* set us as active - note we won't do PM ops until cc_pm_go()! */
5393 + return pm_runtime_set_active(dev);
5394 + }
5395 +
5396 +@@ -125,9 +107,11 @@ int cc_pm_init(struct cc_drvdata *drvdata)
5397 + void cc_pm_go(struct cc_drvdata *drvdata)
5398 + {
5399 + pm_runtime_enable(drvdata_to_dev(drvdata));
5400 ++ drvdata->pm_on = true;
5401 + }
5402 +
5403 + void cc_pm_fini(struct cc_drvdata *drvdata)
5404 + {
5405 + pm_runtime_disable(drvdata_to_dev(drvdata));
5406 ++ drvdata->pm_on = false;
5407 + }
5408 +diff --git a/drivers/crypto/ccree/cc_request_mgr.c b/drivers/crypto/ccree/cc_request_mgr.c
5409 +index a947d5a2cf35..37e6fee37b13 100644
5410 +--- a/drivers/crypto/ccree/cc_request_mgr.c
5411 ++++ b/drivers/crypto/ccree/cc_request_mgr.c
5412 +@@ -41,7 +41,6 @@ struct cc_req_mgr_handle {
5413 + #else
5414 + struct tasklet_struct comptask;
5415 + #endif
5416 +- bool is_runtime_suspended;
5417 + };
5418 +
5419 + struct cc_bl_item {
5420 +@@ -404,6 +403,7 @@ static void cc_proc_backlog(struct cc_drvdata *drvdata)
5421 + spin_lock(&mgr->bl_lock);
5422 + list_del(&bli->list);
5423 + --mgr->bl_len;
5424 ++ kfree(bli);
5425 + }
5426 +
5427 + spin_unlock(&mgr->bl_lock);
5428 +@@ -677,52 +677,3 @@ static void comp_handler(unsigned long devarg)
5429 + cc_proc_backlog(drvdata);
5430 + dev_dbg(dev, "Comp. handler done.\n");
5431 + }
5432 +-
5433 +-/*
5434 +- * resume the queue configuration - no need to take the lock as this happens
5435 +- * inside the spin lock protection
5436 +- */
5437 +-#if defined(CONFIG_PM)
5438 +-int cc_resume_req_queue(struct cc_drvdata *drvdata)
5439 +-{
5440 +- struct cc_req_mgr_handle *request_mgr_handle =
5441 +- drvdata->request_mgr_handle;
5442 +-
5443 +- spin_lock_bh(&request_mgr_handle->hw_lock);
5444 +- request_mgr_handle->is_runtime_suspended = false;
5445 +- spin_unlock_bh(&request_mgr_handle->hw_lock);
5446 +-
5447 +- return 0;
5448 +-}
5449 +-
5450 +-/*
5451 +- * suspend the queue configuration. Since it is used for the runtime suspend
5452 +- * only verify that the queue can be suspended.
5453 +- */
5454 +-int cc_suspend_req_queue(struct cc_drvdata *drvdata)
5455 +-{
5456 +- struct cc_req_mgr_handle *request_mgr_handle =
5457 +- drvdata->request_mgr_handle;
5458 +-
5459 +- /* lock the send_request */
5460 +- spin_lock_bh(&request_mgr_handle->hw_lock);
5461 +- if (request_mgr_handle->req_queue_head !=
5462 +- request_mgr_handle->req_queue_tail) {
5463 +- spin_unlock_bh(&request_mgr_handle->hw_lock);
5464 +- return -EBUSY;
5465 +- }
5466 +- request_mgr_handle->is_runtime_suspended = true;
5467 +- spin_unlock_bh(&request_mgr_handle->hw_lock);
5468 +-
5469 +- return 0;
5470 +-}
5471 +-
5472 +-bool cc_req_queue_suspended(struct cc_drvdata *drvdata)
5473 +-{
5474 +- struct cc_req_mgr_handle *request_mgr_handle =
5475 +- drvdata->request_mgr_handle;
5476 +-
5477 +- return request_mgr_handle->is_runtime_suspended;
5478 +-}
5479 +-
5480 +-#endif
5481 +diff --git a/drivers/crypto/ccree/cc_request_mgr.h b/drivers/crypto/ccree/cc_request_mgr.h
5482 +index f46cf766fe4d..ff7746aaaf35 100644
5483 +--- a/drivers/crypto/ccree/cc_request_mgr.h
5484 ++++ b/drivers/crypto/ccree/cc_request_mgr.h
5485 +@@ -40,12 +40,4 @@ void complete_request(struct cc_drvdata *drvdata);
5486 +
5487 + void cc_req_mgr_fini(struct cc_drvdata *drvdata);
5488 +
5489 +-#if defined(CONFIG_PM)
5490 +-int cc_resume_req_queue(struct cc_drvdata *drvdata);
5491 +-
5492 +-int cc_suspend_req_queue(struct cc_drvdata *drvdata);
5493 +-
5494 +-bool cc_req_queue_suspended(struct cc_drvdata *drvdata);
5495 +-#endif
5496 +-
5497 + #endif /*__REQUEST_MGR_H__*/
5498 +diff --git a/drivers/crypto/hisilicon/Kconfig b/drivers/crypto/hisilicon/Kconfig
5499 +index c0e7a85fe129..6e7c7573dc0c 100644
5500 +--- a/drivers/crypto/hisilicon/Kconfig
5501 ++++ b/drivers/crypto/hisilicon/Kconfig
5502 +@@ -16,7 +16,7 @@ config CRYPTO_DEV_HISI_SEC
5503 +
5504 + config CRYPTO_DEV_HISI_SEC2
5505 + tristate "Support for HiSilicon SEC2 crypto block cipher accelerator"
5506 +- select CRYPTO_BLKCIPHER
5507 ++ select CRYPTO_SKCIPHER
5508 + select CRYPTO_ALGAPI
5509 + select CRYPTO_LIB_DES
5510 + select CRYPTO_DEV_HISI_QM
5511 +@@ -44,7 +44,6 @@ config CRYPTO_DEV_HISI_ZIP
5512 + depends on ARM64 || (COMPILE_TEST && 64BIT)
5513 + depends on !CPU_BIG_ENDIAN || COMPILE_TEST
5514 + select CRYPTO_DEV_HISI_QM
5515 +- select SG_SPLIT
5516 + help
5517 + Support for HiSilicon ZIP Driver
5518 +
5519 +diff --git a/drivers/crypto/hisilicon/sgl.c b/drivers/crypto/hisilicon/sgl.c
5520 +index 012023c347b1..1e153a0d7c10 100644
5521 +--- a/drivers/crypto/hisilicon/sgl.c
5522 ++++ b/drivers/crypto/hisilicon/sgl.c
5523 +@@ -202,18 +202,21 @@ hisi_acc_sg_buf_map_to_hw_sgl(struct device *dev,
5524 + dma_addr_t curr_sgl_dma = 0;
5525 + struct acc_hw_sge *curr_hw_sge;
5526 + struct scatterlist *sg;
5527 +- int i, ret, sg_n;
5528 ++ int i, sg_n, sg_n_mapped;
5529 +
5530 + if (!dev || !sgl || !pool || !hw_sgl_dma)
5531 + return ERR_PTR(-EINVAL);
5532 +
5533 + sg_n = sg_nents(sgl);
5534 +- if (sg_n > pool->sge_nr)
5535 ++
5536 ++ sg_n_mapped = dma_map_sg(dev, sgl, sg_n, DMA_BIDIRECTIONAL);
5537 ++ if (!sg_n_mapped)
5538 + return ERR_PTR(-EINVAL);
5539 +
5540 +- ret = dma_map_sg(dev, sgl, sg_n, DMA_BIDIRECTIONAL);
5541 +- if (!ret)
5542 ++ if (sg_n_mapped > pool->sge_nr) {
5543 ++ dma_unmap_sg(dev, sgl, sg_n, DMA_BIDIRECTIONAL);
5544 + return ERR_PTR(-EINVAL);
5545 ++ }
5546 +
5547 + curr_hw_sgl = acc_get_sgl(pool, index, &curr_sgl_dma);
5548 + if (IS_ERR(curr_hw_sgl)) {
5549 +@@ -224,7 +227,7 @@ hisi_acc_sg_buf_map_to_hw_sgl(struct device *dev,
5550 + curr_hw_sgl->entry_length_in_sgl = cpu_to_le16(pool->sge_nr);
5551 + curr_hw_sge = curr_hw_sgl->sge_entries;
5552 +
5553 +- for_each_sg(sgl, sg, sg_n, i) {
5554 ++ for_each_sg(sgl, sg, sg_n_mapped, i) {
5555 + sg_map_to_hw_sg(sg, curr_hw_sge);
5556 + inc_hw_sgl_sge(curr_hw_sgl);
5557 + curr_hw_sge++;
5558 +diff --git a/drivers/crypto/hisilicon/zip/zip.h b/drivers/crypto/hisilicon/zip/zip.h
5559 +index 79fc4dd3fe00..bc1db26598bb 100644
5560 +--- a/drivers/crypto/hisilicon/zip/zip.h
5561 ++++ b/drivers/crypto/hisilicon/zip/zip.h
5562 +@@ -11,6 +11,10 @@
5563 +
5564 + /* hisi_zip_sqe dw3 */
5565 + #define HZIP_BD_STATUS_M GENMASK(7, 0)
5566 ++/* hisi_zip_sqe dw7 */
5567 ++#define HZIP_IN_SGE_DATA_OFFSET_M GENMASK(23, 0)
5568 ++/* hisi_zip_sqe dw8 */
5569 ++#define HZIP_OUT_SGE_DATA_OFFSET_M GENMASK(23, 0)
5570 + /* hisi_zip_sqe dw9 */
5571 + #define HZIP_REQ_TYPE_M GENMASK(7, 0)
5572 + #define HZIP_ALG_TYPE_ZLIB 0x02
5573 +diff --git a/drivers/crypto/hisilicon/zip/zip_crypto.c b/drivers/crypto/hisilicon/zip/zip_crypto.c
5574 +index 795428c1d07e..9815d5e3ccd0 100644
5575 +--- a/drivers/crypto/hisilicon/zip/zip_crypto.c
5576 ++++ b/drivers/crypto/hisilicon/zip/zip_crypto.c
5577 +@@ -46,10 +46,8 @@ enum hisi_zip_alg_type {
5578 +
5579 + struct hisi_zip_req {
5580 + struct acomp_req *req;
5581 +- struct scatterlist *src;
5582 +- struct scatterlist *dst;
5583 +- size_t slen;
5584 +- size_t dlen;
5585 ++ int sskip;
5586 ++ int dskip;
5587 + struct hisi_acc_hw_sgl *hw_src;
5588 + struct hisi_acc_hw_sgl *hw_dst;
5589 + dma_addr_t dma_src;
5590 +@@ -119,13 +117,15 @@ static void hisi_zip_config_tag(struct hisi_zip_sqe *sqe, u32 tag)
5591 +
5592 + static void hisi_zip_fill_sqe(struct hisi_zip_sqe *sqe, u8 req_type,
5593 + dma_addr_t s_addr, dma_addr_t d_addr, u32 slen,
5594 +- u32 dlen)
5595 ++ u32 dlen, int sskip, int dskip)
5596 + {
5597 + memset(sqe, 0, sizeof(struct hisi_zip_sqe));
5598 +
5599 +- sqe->input_data_length = slen;
5600 ++ sqe->input_data_length = slen - sskip;
5601 ++ sqe->dw7 = FIELD_PREP(HZIP_IN_SGE_DATA_OFFSET_M, sskip);
5602 ++ sqe->dw8 = FIELD_PREP(HZIP_OUT_SGE_DATA_OFFSET_M, dskip);
5603 + sqe->dw9 = FIELD_PREP(HZIP_REQ_TYPE_M, req_type);
5604 +- sqe->dest_avail_out = dlen;
5605 ++ sqe->dest_avail_out = dlen - dskip;
5606 + sqe->source_addr_l = lower_32_bits(s_addr);
5607 + sqe->source_addr_h = upper_32_bits(s_addr);
5608 + sqe->dest_addr_l = lower_32_bits(d_addr);
5609 +@@ -327,11 +327,6 @@ static void hisi_zip_remove_req(struct hisi_zip_qp_ctx *qp_ctx,
5610 + {
5611 + struct hisi_zip_req_q *req_q = &qp_ctx->req_q;
5612 +
5613 +- if (qp_ctx->qp->alg_type == HZIP_ALG_TYPE_COMP)
5614 +- kfree(req->dst);
5615 +- else
5616 +- kfree(req->src);
5617 +-
5618 + write_lock(&req_q->req_lock);
5619 + clear_bit(req->req_id, req_q->req_bitmap);
5620 + memset(req, 0, sizeof(struct hisi_zip_req));
5621 +@@ -359,8 +354,8 @@ static void hisi_zip_acomp_cb(struct hisi_qp *qp, void *data)
5622 + }
5623 + dlen = sqe->produced;
5624 +
5625 +- hisi_acc_sg_buf_unmap(dev, req->src, req->hw_src);
5626 +- hisi_acc_sg_buf_unmap(dev, req->dst, req->hw_dst);
5627 ++ hisi_acc_sg_buf_unmap(dev, acomp_req->src, req->hw_src);
5628 ++ hisi_acc_sg_buf_unmap(dev, acomp_req->dst, req->hw_dst);
5629 +
5630 + head_size = (qp->alg_type == 0) ? TO_HEAD_SIZE(qp->req_type) : 0;
5631 + acomp_req->dlen = dlen + head_size;
5632 +@@ -454,20 +449,6 @@ static size_t get_comp_head_size(struct scatterlist *src, u8 req_type)
5633 + }
5634 + }
5635 +
5636 +-static int get_sg_skip_bytes(struct scatterlist *sgl, size_t bytes,
5637 +- size_t remains, struct scatterlist **out)
5638 +-{
5639 +-#define SPLIT_NUM 2
5640 +- size_t split_sizes[SPLIT_NUM];
5641 +- int out_mapped_nents[SPLIT_NUM];
5642 +-
5643 +- split_sizes[0] = bytes;
5644 +- split_sizes[1] = remains;
5645 +-
5646 +- return sg_split(sgl, 0, 0, SPLIT_NUM, split_sizes, out,
5647 +- out_mapped_nents, GFP_KERNEL);
5648 +-}
5649 +-
5650 + static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
5651 + struct hisi_zip_qp_ctx *qp_ctx,
5652 + size_t head_size, bool is_comp)
5653 +@@ -475,31 +456,7 @@ static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
5654 + struct hisi_zip_req_q *req_q = &qp_ctx->req_q;
5655 + struct hisi_zip_req *q = req_q->q;
5656 + struct hisi_zip_req *req_cache;
5657 +- struct scatterlist *out[2];
5658 +- struct scatterlist *sgl;
5659 +- size_t len;
5660 +- int ret, req_id;
5661 +-
5662 +- /*
5663 +- * remove/add zlib/gzip head, as hardware operations do not include
5664 +- * comp head. so split req->src to get sgl without heads in acomp, or
5665 +- * add comp head to req->dst ahead of that hardware output compressed
5666 +- * data in sgl splited from req->dst without comp head.
5667 +- */
5668 +- if (is_comp) {
5669 +- sgl = req->dst;
5670 +- len = req->dlen - head_size;
5671 +- } else {
5672 +- sgl = req->src;
5673 +- len = req->slen - head_size;
5674 +- }
5675 +-
5676 +- ret = get_sg_skip_bytes(sgl, head_size, len, out);
5677 +- if (ret)
5678 +- return ERR_PTR(ret);
5679 +-
5680 +- /* sgl for comp head is useless, so free it now */
5681 +- kfree(out[0]);
5682 ++ int req_id;
5683 +
5684 + write_lock(&req_q->req_lock);
5685 +
5686 +@@ -507,7 +464,6 @@ static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
5687 + if (req_id >= req_q->size) {
5688 + write_unlock(&req_q->req_lock);
5689 + dev_dbg(&qp_ctx->qp->qm->pdev->dev, "req cache is full!\n");
5690 +- kfree(out[1]);
5691 + return ERR_PTR(-EBUSY);
5692 + }
5693 + set_bit(req_id, req_q->req_bitmap);
5694 +@@ -515,16 +471,13 @@ static struct hisi_zip_req *hisi_zip_create_req(struct acomp_req *req,
5695 + req_cache = q + req_id;
5696 + req_cache->req_id = req_id;
5697 + req_cache->req = req;
5698 ++
5699 + if (is_comp) {
5700 +- req_cache->src = req->src;
5701 +- req_cache->dst = out[1];
5702 +- req_cache->slen = req->slen;
5703 +- req_cache->dlen = req->dlen - head_size;
5704 ++ req_cache->sskip = 0;
5705 ++ req_cache->dskip = head_size;
5706 + } else {
5707 +- req_cache->src = out[1];
5708 +- req_cache->dst = req->dst;
5709 +- req_cache->slen = req->slen - head_size;
5710 +- req_cache->dlen = req->dlen;
5711 ++ req_cache->sskip = head_size;
5712 ++ req_cache->dskip = 0;
5713 + }
5714 +
5715 + write_unlock(&req_q->req_lock);
5716 +@@ -536,6 +489,7 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
5717 + struct hisi_zip_qp_ctx *qp_ctx)
5718 + {
5719 + struct hisi_zip_sqe *zip_sqe = &qp_ctx->zip_sqe;
5720 ++ struct acomp_req *a_req = req->req;
5721 + struct hisi_qp *qp = qp_ctx->qp;
5722 + struct device *dev = &qp->qm->pdev->dev;
5723 + struct hisi_acc_sgl_pool *pool = qp_ctx->sgl_pool;
5724 +@@ -543,16 +497,16 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
5725 + dma_addr_t output;
5726 + int ret;
5727 +
5728 +- if (!req->src || !req->slen || !req->dst || !req->dlen)
5729 ++ if (!a_req->src || !a_req->slen || !a_req->dst || !a_req->dlen)
5730 + return -EINVAL;
5731 +
5732 +- req->hw_src = hisi_acc_sg_buf_map_to_hw_sgl(dev, req->src, pool,
5733 ++ req->hw_src = hisi_acc_sg_buf_map_to_hw_sgl(dev, a_req->src, pool,
5734 + req->req_id << 1, &input);
5735 + if (IS_ERR(req->hw_src))
5736 + return PTR_ERR(req->hw_src);
5737 + req->dma_src = input;
5738 +
5739 +- req->hw_dst = hisi_acc_sg_buf_map_to_hw_sgl(dev, req->dst, pool,
5740 ++ req->hw_dst = hisi_acc_sg_buf_map_to_hw_sgl(dev, a_req->dst, pool,
5741 + (req->req_id << 1) + 1,
5742 + &output);
5743 + if (IS_ERR(req->hw_dst)) {
5744 +@@ -561,8 +515,8 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
5745 + }
5746 + req->dma_dst = output;
5747 +
5748 +- hisi_zip_fill_sqe(zip_sqe, qp->req_type, input, output, req->slen,
5749 +- req->dlen);
5750 ++ hisi_zip_fill_sqe(zip_sqe, qp->req_type, input, output, a_req->slen,
5751 ++ a_req->dlen, req->sskip, req->dskip);
5752 + hisi_zip_config_buf_type(zip_sqe, HZIP_SGL);
5753 + hisi_zip_config_tag(zip_sqe, req->req_id);
5754 +
5755 +@@ -574,9 +528,9 @@ static int hisi_zip_do_work(struct hisi_zip_req *req,
5756 + return -EINPROGRESS;
5757 +
5758 + err_unmap_output:
5759 +- hisi_acc_sg_buf_unmap(dev, req->dst, req->hw_dst);
5760 ++ hisi_acc_sg_buf_unmap(dev, a_req->dst, req->hw_dst);
5761 + err_unmap_input:
5762 +- hisi_acc_sg_buf_unmap(dev, req->src, req->hw_src);
5763 ++ hisi_acc_sg_buf_unmap(dev, a_req->src, req->hw_src);
5764 + return ret;
5765 + }
5766 +
5767 +diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c
5768 +index 29da449b3e9e..d187312b9864 100644
5769 +--- a/drivers/crypto/picoxcell_crypto.c
5770 ++++ b/drivers/crypto/picoxcell_crypto.c
5771 +@@ -1595,6 +1595,11 @@ static const struct of_device_id spacc_of_id_table[] = {
5772 + MODULE_DEVICE_TABLE(of, spacc_of_id_table);
5773 + #endif /* CONFIG_OF */
5774 +
5775 ++static void spacc_tasklet_kill(void *data)
5776 ++{
5777 ++ tasklet_kill(data);
5778 ++}
5779 ++
5780 + static int spacc_probe(struct platform_device *pdev)
5781 + {
5782 + int i, err, ret;
5783 +@@ -1637,6 +1642,14 @@ static int spacc_probe(struct platform_device *pdev)
5784 + return -ENXIO;
5785 + }
5786 +
5787 ++ tasklet_init(&engine->complete, spacc_spacc_complete,
5788 ++ (unsigned long)engine);
5789 ++
5790 ++ ret = devm_add_action(&pdev->dev, spacc_tasklet_kill,
5791 ++ &engine->complete);
5792 ++ if (ret)
5793 ++ return ret;
5794 ++
5795 + if (devm_request_irq(&pdev->dev, irq->start, spacc_spacc_irq, 0,
5796 + engine->name, engine)) {
5797 + dev_err(engine->dev, "failed to request IRQ\n");
5798 +@@ -1694,8 +1707,6 @@ static int spacc_probe(struct platform_device *pdev)
5799 + INIT_LIST_HEAD(&engine->completed);
5800 + INIT_LIST_HEAD(&engine->in_progress);
5801 + engine->in_flight = 0;
5802 +- tasklet_init(&engine->complete, spacc_spacc_complete,
5803 +- (unsigned long)engine);
5804 +
5805 + platform_set_drvdata(pdev, engine);
5806 +
5807 +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
5808 +index 11e5784aa62a..0b401dfbe98a 100644
5809 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
5810 ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
5811 +@@ -246,7 +246,8 @@ bool dm_helpers_dp_mst_write_payload_allocation_table(
5812 + drm_dp_mst_reset_vcpi_slots(mst_mgr, mst_port);
5813 + }
5814 +
5815 +- ret = drm_dp_update_payload_part1(mst_mgr);
5816 ++ /* It's OK for this to fail */
5817 ++ drm_dp_update_payload_part1(mst_mgr);
5818 +
5819 + /* mst_mgr->->payloads are VC payload notify MST branch using DPCD or
5820 + * AUX message. The sequence is slot 1-63 allocated sequence for each
5821 +@@ -255,9 +256,6 @@ bool dm_helpers_dp_mst_write_payload_allocation_table(
5822 +
5823 + get_payload_table(aconnector, proposed_table);
5824 +
5825 +- if (ret)
5826 +- return false;
5827 +-
5828 + return true;
5829 + }
5830 +
5831 +@@ -315,7 +313,6 @@ bool dm_helpers_dp_mst_send_payload_allocation(
5832 + struct amdgpu_dm_connector *aconnector;
5833 + struct drm_dp_mst_topology_mgr *mst_mgr;
5834 + struct drm_dp_mst_port *mst_port;
5835 +- int ret;
5836 +
5837 + aconnector = (struct amdgpu_dm_connector *)stream->dm_stream_context;
5838 +
5839 +@@ -329,10 +326,8 @@ bool dm_helpers_dp_mst_send_payload_allocation(
5840 + if (!mst_mgr->mst_state)
5841 + return false;
5842 +
5843 +- ret = drm_dp_update_payload_part2(mst_mgr);
5844 +-
5845 +- if (ret)
5846 +- return false;
5847 ++ /* It's OK for this to fail */
5848 ++ drm_dp_update_payload_part2(mst_mgr);
5849 +
5850 + if (!enable)
5851 + drm_dp_mst_deallocate_vcpi(mst_mgr, mst_port);
5852 +diff --git a/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c b/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
5853 +index a23729d3174b..9b415f6569a2 100644
5854 +--- a/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
5855 ++++ b/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
5856 +@@ -21,6 +21,7 @@
5857 + */
5858 +
5859 + #include <linux/firmware.h>
5860 ++#include <linux/pci.h>
5861 +
5862 + #include "pp_debug.h"
5863 + #include "amdgpu.h"
5864 +@@ -1125,6 +1126,23 @@ static int smu_smc_table_hw_init(struct smu_context *smu,
5865 + ret = smu_get_power_limit(smu, &smu->default_power_limit, false, false);
5866 + if (ret)
5867 + return ret;
5868 ++
5869 ++ if (adev->asic_type == CHIP_NAVI10) {
5870 ++ if ((adev->pdev->device == 0x731f && (adev->pdev->revision == 0xc2 ||
5871 ++ adev->pdev->revision == 0xc3 ||
5872 ++ adev->pdev->revision == 0xca ||
5873 ++ adev->pdev->revision == 0xcb)) ||
5874 ++ (adev->pdev->device == 0x66af && (adev->pdev->revision == 0xf3 ||
5875 ++ adev->pdev->revision == 0xf4 ||
5876 ++ adev->pdev->revision == 0xf5 ||
5877 ++ adev->pdev->revision == 0xf6))) {
5878 ++ ret = smu_disable_umc_cdr_12gbps_workaround(smu);
5879 ++ if (ret) {
5880 ++ pr_err("Workaround failed to disable UMC CDR feature on 12Gbps SKU!\n");
5881 ++ return ret;
5882 ++ }
5883 ++ }
5884 ++ }
5885 + }
5886 +
5887 + /*
5888 +diff --git a/drivers/gpu/drm/amd/powerplay/inc/amdgpu_smu.h b/drivers/gpu/drm/amd/powerplay/inc/amdgpu_smu.h
5889 +index 41fce75b263f..d005dea4a3bf 100644
5890 +--- a/drivers/gpu/drm/amd/powerplay/inc/amdgpu_smu.h
5891 ++++ b/drivers/gpu/drm/amd/powerplay/inc/amdgpu_smu.h
5892 +@@ -263,6 +263,7 @@ struct smu_table_context
5893 + uint8_t thermal_controller_type;
5894 +
5895 + void *overdrive_table;
5896 ++ void *boot_overdrive_table;
5897 + };
5898 +
5899 + struct smu_dpm_context {
5900 +@@ -550,6 +551,7 @@ struct pptable_funcs {
5901 + int (*set_soft_freq_limited_range)(struct smu_context *smu, enum smu_clk_type clk_type, uint32_t min, uint32_t max);
5902 + int (*override_pcie_parameters)(struct smu_context *smu);
5903 + uint32_t (*get_pptable_power_limit)(struct smu_context *smu);
5904 ++ int (*disable_umc_cdr_12gbps_workaround)(struct smu_context *smu);
5905 + };
5906 +
5907 + int smu_load_microcode(struct smu_context *smu);
5908 +diff --git a/drivers/gpu/drm/amd/powerplay/inc/smu_types.h b/drivers/gpu/drm/amd/powerplay/inc/smu_types.h
5909 +index d8c9b7f91fcc..a5b4df146713 100644
5910 +--- a/drivers/gpu/drm/amd/powerplay/inc/smu_types.h
5911 ++++ b/drivers/gpu/drm/amd/powerplay/inc/smu_types.h
5912 +@@ -170,6 +170,8 @@
5913 + __SMU_DUMMY_MAP(SetSoftMinJpeg), \
5914 + __SMU_DUMMY_MAP(SetHardMinFclkByFreq), \
5915 + __SMU_DUMMY_MAP(DFCstateControl), \
5916 ++ __SMU_DUMMY_MAP(DAL_DISABLE_DUMMY_PSTATE_CHANGE), \
5917 ++ __SMU_DUMMY_MAP(DAL_ENABLE_DUMMY_PSTATE_CHANGE), \
5918 +
5919 + #undef __SMU_DUMMY_MAP
5920 + #define __SMU_DUMMY_MAP(type) SMU_MSG_##type
5921 +diff --git a/drivers/gpu/drm/amd/powerplay/inc/smu_v11_0_ppsmc.h b/drivers/gpu/drm/amd/powerplay/inc/smu_v11_0_ppsmc.h
5922 +index 373861ddccd0..406bfd187ce8 100644
5923 +--- a/drivers/gpu/drm/amd/powerplay/inc/smu_v11_0_ppsmc.h
5924 ++++ b/drivers/gpu/drm/amd/powerplay/inc/smu_v11_0_ppsmc.h
5925 +@@ -120,7 +120,10 @@
5926 + #define PPSMC_MSG_GetVoltageByDpmOverdrive 0x45
5927 + #define PPSMC_MSG_BacoAudioD3PME 0x48
5928 +
5929 +-#define PPSMC_Message_Count 0x49
5930 ++#define PPSMC_MSG_DALDisableDummyPstateChange 0x49
5931 ++#define PPSMC_MSG_DALEnableDummyPstateChange 0x4A
5932 ++
5933 ++#define PPSMC_Message_Count 0x4B
5934 +
5935 + typedef uint32_t PPSMC_Result;
5936 + typedef uint32_t PPSMC_Msg;
5937 +diff --git a/drivers/gpu/drm/amd/powerplay/navi10_ppt.c b/drivers/gpu/drm/amd/powerplay/navi10_ppt.c
5938 +index ca62e92e5a4f..e3f8c45e7467 100644
5939 +--- a/drivers/gpu/drm/amd/powerplay/navi10_ppt.c
5940 ++++ b/drivers/gpu/drm/amd/powerplay/navi10_ppt.c
5941 +@@ -119,6 +119,10 @@ static struct smu_11_0_cmn2aisc_mapping navi10_message_map[SMU_MSG_MAX_COUNT] =
5942 + MSG_MAP(PowerDownJpeg, PPSMC_MSG_PowerDownJpeg),
5943 + MSG_MAP(BacoAudioD3PME, PPSMC_MSG_BacoAudioD3PME),
5944 + MSG_MAP(ArmD3, PPSMC_MSG_ArmD3),
5945 ++ MSG_MAP(DAL_DISABLE_DUMMY_PSTATE_CHANGE,PPSMC_MSG_DALDisableDummyPstateChange),
5946 ++ MSG_MAP(DAL_ENABLE_DUMMY_PSTATE_CHANGE, PPSMC_MSG_DALEnableDummyPstateChange),
5947 ++ MSG_MAP(GetVoltageByDpm, PPSMC_MSG_GetVoltageByDpm),
5948 ++ MSG_MAP(GetVoltageByDpmOverdrive, PPSMC_MSG_GetVoltageByDpmOverdrive),
5949 + };
5950 +
5951 + static struct smu_11_0_cmn2aisc_mapping navi10_clk_map[SMU_CLK_COUNT] = {
5952 +@@ -706,6 +710,15 @@ static inline bool navi10_od_feature_is_supported(struct smu_11_0_overdrive_tabl
5953 + return od_table->cap[feature];
5954 + }
5955 +
5956 ++static void navi10_od_setting_get_range(struct smu_11_0_overdrive_table *od_table,
5957 ++ enum SMU_11_0_ODSETTING_ID setting,
5958 ++ uint32_t *min, uint32_t *max)
5959 ++{
5960 ++ if (min)
5961 ++ *min = od_table->min[setting];
5962 ++ if (max)
5963 ++ *max = od_table->max[setting];
5964 ++}
5965 +
5966 + static int navi10_print_clk_levels(struct smu_context *smu,
5967 + enum smu_clk_type clk_type, char *buf)
5968 +@@ -724,6 +737,7 @@ static int navi10_print_clk_levels(struct smu_context *smu,
5969 + OverDriveTable_t *od_table =
5970 + (OverDriveTable_t *)table_context->overdrive_table;
5971 + struct smu_11_0_overdrive_table *od_settings = smu->od_settings;
5972 ++ uint32_t min_value, max_value;
5973 +
5974 + switch (clk_type) {
5975 + case SMU_GFXCLK:
5976 +@@ -812,7 +826,7 @@ static int navi10_print_clk_levels(struct smu_context *smu,
5977 + if (!navi10_od_feature_is_supported(od_settings, SMU_11_0_ODFEATURE_UCLK_MAX))
5978 + break;
5979 + size += sprintf(buf + size, "OD_MCLK:\n");
5980 +- size += sprintf(buf + size, "0: %uMHz\n", od_table->UclkFmax);
5981 ++ size += sprintf(buf + size, "1: %uMHz\n", od_table->UclkFmax);
5982 + break;
5983 + case SMU_OD_VDDC_CURVE:
5984 + if (!smu->od_enabled || !od_table || !od_settings)
5985 +@@ -836,6 +850,55 @@ static int navi10_print_clk_levels(struct smu_context *smu,
5986 + }
5987 + size += sprintf(buf + size, "%d: %uMHz @ %umV\n", i, curve_settings[0], curve_settings[1] / NAVI10_VOLTAGE_SCALE);
5988 + }
5989 ++ break;
5990 ++ case SMU_OD_RANGE:
5991 ++ if (!smu->od_enabled || !od_table || !od_settings)
5992 ++ break;
5993 ++ size = sprintf(buf, "%s:\n", "OD_RANGE");
5994 ++
5995 ++ if (navi10_od_feature_is_supported(od_settings, SMU_11_0_ODFEATURE_GFXCLK_LIMITS)) {
5996 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_GFXCLKFMIN,
5997 ++ &min_value, NULL);
5998 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_GFXCLKFMAX,
5999 ++ NULL, &max_value);
6000 ++ size += sprintf(buf + size, "SCLK: %7uMhz %10uMhz\n",
6001 ++ min_value, max_value);
6002 ++ }
6003 ++
6004 ++ if (navi10_od_feature_is_supported(od_settings, SMU_11_0_ODFEATURE_UCLK_MAX)) {
6005 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_UCLKFMAX,
6006 ++ &min_value, &max_value);
6007 ++ size += sprintf(buf + size, "MCLK: %7uMhz %10uMhz\n",
6008 ++ min_value, max_value);
6009 ++ }
6010 ++
6011 ++ if (navi10_od_feature_is_supported(od_settings, SMU_11_0_ODFEATURE_GFXCLK_CURVE)) {
6012 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_VDDGFXCURVEFREQ_P1,
6013 ++ &min_value, &max_value);
6014 ++ size += sprintf(buf + size, "VDDC_CURVE_SCLK[0]: %7uMhz %10uMhz\n",
6015 ++ min_value, max_value);
6016 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_VDDGFXCURVEVOLTAGE_P1,
6017 ++ &min_value, &max_value);
6018 ++ size += sprintf(buf + size, "VDDC_CURVE_VOLT[0]: %7dmV %11dmV\n",
6019 ++ min_value, max_value);
6020 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_VDDGFXCURVEFREQ_P2,
6021 ++ &min_value, &max_value);
6022 ++ size += sprintf(buf + size, "VDDC_CURVE_SCLK[1]: %7uMhz %10uMhz\n",
6023 ++ min_value, max_value);
6024 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_VDDGFXCURVEVOLTAGE_P2,
6025 ++ &min_value, &max_value);
6026 ++ size += sprintf(buf + size, "VDDC_CURVE_VOLT[1]: %7dmV %11dmV\n",
6027 ++ min_value, max_value);
6028 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_VDDGFXCURVEFREQ_P3,
6029 ++ &min_value, &max_value);
6030 ++ size += sprintf(buf + size, "VDDC_CURVE_SCLK[2]: %7uMhz %10uMhz\n",
6031 ++ min_value, max_value);
6032 ++ navi10_od_setting_get_range(od_settings, SMU_11_0_ODSETTING_VDDGFXCURVEVOLTAGE_P3,
6033 ++ &min_value, &max_value);
6034 ++ size += sprintf(buf + size, "VDDC_CURVE_VOLT[2]: %7dmV %11dmV\n",
6035 ++ min_value, max_value);
6036 ++ }
6037 ++
6038 + break;
6039 + default:
6040 + break;
6041 +@@ -1780,6 +1843,28 @@ static int navi10_od_setting_check_range(struct smu_11_0_overdrive_table *od_tab
6042 + return 0;
6043 + }
6044 +
6045 ++static int navi10_overdrive_get_gfx_clk_base_voltage(struct smu_context *smu,
6046 ++ uint16_t *voltage,
6047 ++ uint32_t freq)
6048 ++{
6049 ++ uint32_t param = (freq & 0xFFFF) | (PPCLK_GFXCLK << 16);
6050 ++ uint32_t value = 0;
6051 ++ int ret;
6052 ++
6053 ++ ret = smu_send_smc_msg_with_param(smu,
6054 ++ SMU_MSG_GetVoltageByDpm,
6055 ++ param);
6056 ++ if (ret) {
6057 ++ pr_err("[GetBaseVoltage] failed to get GFXCLK AVFS voltage from SMU!");
6058 ++ return ret;
6059 ++ }
6060 ++
6061 ++ smu_read_smc_arg(smu, &value);
6062 ++ *voltage = (uint16_t)value;
6063 ++
6064 ++ return 0;
6065 ++}
6066 ++
6067 + static int navi10_setup_od_limits(struct smu_context *smu) {
6068 + struct smu_11_0_overdrive_table *overdrive_table = NULL;
6069 + struct smu_11_0_powerplay_table *powerplay_table = NULL;
6070 +@@ -1806,16 +1891,40 @@ static int navi10_set_default_od_settings(struct smu_context *smu, bool initiali
6071 + if (ret)
6072 + return ret;
6073 +
6074 ++ od_table = (OverDriveTable_t *)smu->smu_table.overdrive_table;
6075 + if (initialize) {
6076 + ret = navi10_setup_od_limits(smu);
6077 + if (ret) {
6078 + pr_err("Failed to retrieve board OD limits\n");
6079 + return ret;
6080 + }
6081 ++ if (od_table) {
6082 ++ if (!od_table->GfxclkVolt1) {
6083 ++ ret = navi10_overdrive_get_gfx_clk_base_voltage(smu,
6084 ++ &od_table->GfxclkVolt1,
6085 ++ od_table->GfxclkFreq1);
6086 ++ if (ret)
6087 ++ od_table->GfxclkVolt1 = 0;
6088 ++ }
6089 ++
6090 ++ if (!od_table->GfxclkVolt2) {
6091 ++ ret = navi10_overdrive_get_gfx_clk_base_voltage(smu,
6092 ++ &od_table->GfxclkVolt2,
6093 ++ od_table->GfxclkFreq2);
6094 ++ if (ret)
6095 ++ od_table->GfxclkVolt2 = 0;
6096 ++ }
6097 +
6098 ++ if (!od_table->GfxclkVolt3) {
6099 ++ ret = navi10_overdrive_get_gfx_clk_base_voltage(smu,
6100 ++ &od_table->GfxclkVolt3,
6101 ++ od_table->GfxclkFreq3);
6102 ++ if (ret)
6103 ++ od_table->GfxclkVolt3 = 0;
6104 ++ }
6105 ++ }
6106 + }
6107 +
6108 +- od_table = (OverDriveTable_t *)smu->smu_table.overdrive_table;
6109 + if (od_table) {
6110 + navi10_dump_od_table(od_table);
6111 + }
6112 +@@ -1911,6 +2020,13 @@ static int navi10_od_edit_dpm_table(struct smu_context *smu, enum PP_OD_DPM_TABL
6113 + return ret;
6114 + od_table->UclkFmax = input[1];
6115 + break;
6116 ++ case PP_OD_RESTORE_DEFAULT_TABLE:
6117 ++ if (!(table_context->overdrive_table && table_context->boot_overdrive_table)) {
6118 ++ pr_err("Overdrive table was not initialized!\n");
6119 ++ return -EINVAL;
6120 ++ }
6121 ++ memcpy(table_context->overdrive_table, table_context->boot_overdrive_table, sizeof(OverDriveTable_t));
6122 ++ break;
6123 + case PP_OD_COMMIT_DPM_TABLE:
6124 + navi10_dump_od_table(od_table);
6125 + ret = smu_update_table(smu, SMU_TABLE_OVERDRIVE, 0, (void *)od_table, true);
6126 +@@ -2000,6 +2116,61 @@ static int navi10_run_btc(struct smu_context *smu)
6127 + return ret;
6128 + }
6129 +
6130 ++static int navi10_dummy_pstate_control(struct smu_context *smu, bool enable)
6131 ++{
6132 ++ int result = 0;
6133 ++
6134 ++ if (!enable)
6135 ++ result = smu_send_smc_msg(smu, SMU_MSG_DAL_DISABLE_DUMMY_PSTATE_CHANGE);
6136 ++ else
6137 ++ result = smu_send_smc_msg(smu, SMU_MSG_DAL_ENABLE_DUMMY_PSTATE_CHANGE);
6138 ++
6139 ++ return result;
6140 ++}
6141 ++
6142 ++static int navi10_disable_umc_cdr_12gbps_workaround(struct smu_context *smu)
6143 ++{
6144 ++ uint32_t uclk_count, uclk_min, uclk_max;
6145 ++ uint32_t smu_version;
6146 ++ int ret = 0;
6147 ++
6148 ++ ret = smu_get_smc_version(smu, NULL, &smu_version);
6149 ++ if (ret)
6150 ++ return ret;
6151 ++
6152 ++ /* This workaround is available only for 42.50 or later SMC firmwares */
6153 ++ if (smu_version < 0x2A3200)
6154 ++ return 0;
6155 ++
6156 ++ ret = smu_get_dpm_level_count(smu, SMU_UCLK, &uclk_count);
6157 ++ if (ret)
6158 ++ return ret;
6159 ++
6160 ++ ret = smu_get_dpm_freq_by_index(smu, SMU_UCLK, (uint16_t)0, &uclk_min);
6161 ++ if (ret)
6162 ++ return ret;
6163 ++
6164 ++ ret = smu_get_dpm_freq_by_index(smu, SMU_UCLK, (uint16_t)(uclk_count - 1), &uclk_max);
6165 ++ if (ret)
6166 ++ return ret;
6167 ++
6168 ++ /* Force UCLK out of the highest DPM */
6169 ++ ret = smu_set_hard_freq_range(smu, SMU_UCLK, 0, uclk_min);
6170 ++ if (ret)
6171 ++ return ret;
6172 ++
6173 ++ /* Revert the UCLK Hardmax */
6174 ++ ret = smu_set_hard_freq_range(smu, SMU_UCLK, 0, uclk_max);
6175 ++ if (ret)
6176 ++ return ret;
6177 ++
6178 ++ /*
6179 ++ * In this case, SMU already disabled dummy pstate during enablement
6180 ++ * of UCLK DPM, we have to re-enabled it.
6181 ++ * */
6182 ++ return navi10_dummy_pstate_control(smu, true);
6183 ++}
6184 ++
6185 + static const struct pptable_funcs navi10_ppt_funcs = {
6186 + .tables_init = navi10_tables_init,
6187 + .alloc_dpm_context = navi10_allocate_dpm_context,
6188 +@@ -2091,6 +2262,7 @@ static const struct pptable_funcs navi10_ppt_funcs = {
6189 + .od_edit_dpm_table = navi10_od_edit_dpm_table,
6190 + .get_pptable_power_limit = navi10_get_pptable_power_limit,
6191 + .run_btc = navi10_run_btc,
6192 ++ .disable_umc_cdr_12gbps_workaround = navi10_disable_umc_cdr_12gbps_workaround,
6193 + };
6194 +
6195 + void navi10_set_ppt_funcs(struct smu_context *smu)
6196 +diff --git a/drivers/gpu/drm/amd/powerplay/smu_internal.h b/drivers/gpu/drm/amd/powerplay/smu_internal.h
6197 +index 8872f8b2d502..593271685a98 100644
6198 +--- a/drivers/gpu/drm/amd/powerplay/smu_internal.h
6199 ++++ b/drivers/gpu/drm/amd/powerplay/smu_internal.h
6200 +@@ -201,4 +201,7 @@ int smu_send_smc_msg(struct smu_context *smu, enum smu_message_type msg);
6201 + #define smu_update_pcie_parameters(smu, pcie_gen_cap, pcie_width_cap) \
6202 + ((smu)->ppt_funcs->update_pcie_parameters ? (smu)->ppt_funcs->update_pcie_parameters((smu), (pcie_gen_cap), (pcie_width_cap)) : 0)
6203 +
6204 ++#define smu_disable_umc_cdr_12gbps_workaround(smu) \
6205 ++ ((smu)->ppt_funcs->disable_umc_cdr_12gbps_workaround ? (smu)->ppt_funcs->disable_umc_cdr_12gbps_workaround((smu)) : 0)
6206 ++
6207 + #endif
6208 +diff --git a/drivers/gpu/drm/amd/powerplay/smu_v11_0.c b/drivers/gpu/drm/amd/powerplay/smu_v11_0.c
6209 +index e4268a627eff..8b13d18c6414 100644
6210 +--- a/drivers/gpu/drm/amd/powerplay/smu_v11_0.c
6211 ++++ b/drivers/gpu/drm/amd/powerplay/smu_v11_0.c
6212 +@@ -1807,6 +1807,12 @@ int smu_v11_0_set_default_od_settings(struct smu_context *smu, bool initialize,
6213 + pr_err("Failed to export overdrive table!\n");
6214 + return ret;
6215 + }
6216 ++ if (!table_context->boot_overdrive_table) {
6217 ++ table_context->boot_overdrive_table = kmemdup(table_context->overdrive_table, overdrive_table_size, GFP_KERNEL);
6218 ++ if (!table_context->boot_overdrive_table) {
6219 ++ return -ENOMEM;
6220 ++ }
6221 ++ }
6222 + }
6223 + ret = smu_update_table(smu, SMU_TABLE_OVERDRIVE, 0, table_context->overdrive_table, true);
6224 + if (ret) {
6225 +diff --git a/drivers/gpu/drm/amd/powerplay/vega20_ppt.c b/drivers/gpu/drm/amd/powerplay/vega20_ppt.c
6226 +index 0d3a3b0a934e..a9c41cd111ce 100644
6227 +--- a/drivers/gpu/drm/amd/powerplay/vega20_ppt.c
6228 ++++ b/drivers/gpu/drm/amd/powerplay/vega20_ppt.c
6229 +@@ -1702,22 +1702,11 @@ static int vega20_set_default_od_settings(struct smu_context *smu,
6230 + struct smu_table_context *table_context = &smu->smu_table;
6231 + int ret;
6232 +
6233 +- if (initialize) {
6234 +- if (table_context->overdrive_table)
6235 +- return -EINVAL;
6236 +-
6237 +- table_context->overdrive_table = kzalloc(sizeof(OverDriveTable_t), GFP_KERNEL);
6238 +-
6239 +- if (!table_context->overdrive_table)
6240 +- return -ENOMEM;
6241 +-
6242 +- ret = smu_update_table(smu, SMU_TABLE_OVERDRIVE, 0,
6243 +- table_context->overdrive_table, false);
6244 +- if (ret) {
6245 +- pr_err("Failed to export over drive table!\n");
6246 +- return ret;
6247 +- }
6248 ++ ret = smu_v11_0_set_default_od_settings(smu, initialize, sizeof(OverDriveTable_t));
6249 ++ if (ret)
6250 ++ return ret;
6251 +
6252 ++ if (initialize) {
6253 + ret = vega20_set_default_od8_setttings(smu);
6254 + if (ret)
6255 + return ret;
6256 +@@ -2774,12 +2763,11 @@ static int vega20_odn_edit_dpm_table(struct smu_context *smu,
6257 + break;
6258 +
6259 + case PP_OD_RESTORE_DEFAULT_TABLE:
6260 +- ret = smu_update_table(smu, SMU_TABLE_OVERDRIVE, 0, table_context->overdrive_table, false);
6261 +- if (ret) {
6262 +- pr_err("Failed to export over drive table!\n");
6263 +- return ret;
6264 ++ if (!(table_context->overdrive_table && table_context->boot_overdrive_table)) {
6265 ++ pr_err("Overdrive table was not initialized!\n");
6266 ++ return -EINVAL;
6267 + }
6268 +-
6269 ++ memcpy(table_context->overdrive_table, table_context->boot_overdrive_table, sizeof(OverDriveTable_t));
6270 + break;
6271 +
6272 + case PP_OD_COMMIT_DPM_TABLE:
6273 +diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
6274 +index f2e73e6d46b8..10985134ce0b 100644
6275 +--- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
6276 ++++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
6277 +@@ -73,7 +73,11 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
6278 + unsigned long prate;
6279 + unsigned int mask = ATMEL_HLCDC_CLKDIV_MASK | ATMEL_HLCDC_CLKPOL;
6280 + unsigned int cfg = 0;
6281 +- int div;
6282 ++ int div, ret;
6283 ++
6284 ++ ret = clk_prepare_enable(crtc->dc->hlcdc->sys_clk);
6285 ++ if (ret)
6286 ++ return;
6287 +
6288 + vm.vfront_porch = adj->crtc_vsync_start - adj->crtc_vdisplay;
6289 + vm.vback_porch = adj->crtc_vtotal - adj->crtc_vsync_end;
6290 +@@ -95,14 +99,14 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
6291 + (adj->crtc_hdisplay - 1) |
6292 + ((adj->crtc_vdisplay - 1) << 16));
6293 +
6294 ++ prate = clk_get_rate(crtc->dc->hlcdc->sys_clk);
6295 ++ mode_rate = adj->crtc_clock * 1000;
6296 + if (!crtc->dc->desc->fixed_clksrc) {
6297 ++ prate *= 2;
6298 + cfg |= ATMEL_HLCDC_CLKSEL;
6299 + mask |= ATMEL_HLCDC_CLKSEL;
6300 + }
6301 +
6302 +- prate = 2 * clk_get_rate(crtc->dc->hlcdc->sys_clk);
6303 +- mode_rate = adj->crtc_clock * 1000;
6304 +-
6305 + div = DIV_ROUND_UP(prate, mode_rate);
6306 + if (div < 2) {
6307 + div = 2;
6308 +@@ -117,8 +121,8 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
6309 + int div_low = prate / mode_rate;
6310 +
6311 + if (div_low >= 2 &&
6312 +- ((prate / div_low - mode_rate) <
6313 +- 10 * (mode_rate - prate / div)))
6314 ++ (10 * (prate / div_low - mode_rate) <
6315 ++ (mode_rate - prate / div)))
6316 + /*
6317 + * At least 10 times better when using a higher
6318 + * frequency than requested, instead of a lower.
6319 +@@ -147,6 +151,8 @@ static void atmel_hlcdc_crtc_mode_set_nofb(struct drm_crtc *c)
6320 + ATMEL_HLCDC_VSPSU | ATMEL_HLCDC_VSPHO |
6321 + ATMEL_HLCDC_GUARDTIME_MASK | ATMEL_HLCDC_MODE_MASK,
6322 + cfg);
6323 ++
6324 ++ clk_disable_unprepare(crtc->dc->hlcdc->sys_clk);
6325 + }
6326 +
6327 + static enum drm_mode_status
6328 +diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
6329 +index e6afe4faeca6..141ba31cf548 100644
6330 +--- a/drivers/gpu/drm/drm_dp_mst_topology.c
6331 ++++ b/drivers/gpu/drm/drm_dp_mst_topology.c
6332 +@@ -3435,6 +3435,7 @@ static int drm_dp_get_vc_payload_bw(u8 dp_link_bw, u8 dp_link_count)
6333 + int drm_dp_mst_topology_mgr_set_mst(struct drm_dp_mst_topology_mgr *mgr, bool mst_state)
6334 + {
6335 + int ret = 0;
6336 ++ int i = 0;
6337 + struct drm_dp_mst_branch *mstb = NULL;
6338 +
6339 + mutex_lock(&mgr->lock);
6340 +@@ -3495,10 +3496,21 @@ int drm_dp_mst_topology_mgr_set_mst(struct drm_dp_mst_topology_mgr *mgr, bool ms
6341 + /* this can fail if the device is gone */
6342 + drm_dp_dpcd_writeb(mgr->aux, DP_MSTM_CTRL, 0);
6343 + ret = 0;
6344 ++ mutex_lock(&mgr->payload_lock);
6345 + memset(mgr->payloads, 0, mgr->max_payloads * sizeof(struct drm_dp_payload));
6346 + mgr->payload_mask = 0;
6347 + set_bit(0, &mgr->payload_mask);
6348 ++ for (i = 0; i < mgr->max_payloads; i++) {
6349 ++ struct drm_dp_vcpi *vcpi = mgr->proposed_vcpis[i];
6350 ++
6351 ++ if (vcpi) {
6352 ++ vcpi->vcpi = 0;
6353 ++ vcpi->num_slots = 0;
6354 ++ }
6355 ++ mgr->proposed_vcpis[i] = NULL;
6356 ++ }
6357 + mgr->vcpi_mask = 0;
6358 ++ mutex_unlock(&mgr->payload_lock);
6359 + }
6360 +
6361 + out_unlock:
6362 +diff --git a/drivers/gpu/drm/drm_rect.c b/drivers/gpu/drm/drm_rect.c
6363 +index b8363aaa9032..818738e83d06 100644
6364 +--- a/drivers/gpu/drm/drm_rect.c
6365 ++++ b/drivers/gpu/drm/drm_rect.c
6366 +@@ -54,7 +54,12 @@ EXPORT_SYMBOL(drm_rect_intersect);
6367 +
6368 + static u32 clip_scaled(u32 src, u32 dst, u32 clip)
6369 + {
6370 +- u64 tmp = mul_u32_u32(src, dst - clip);
6371 ++ u64 tmp;
6372 ++
6373 ++ if (dst == 0)
6374 ++ return 0;
6375 ++
6376 ++ tmp = mul_u32_u32(src, dst - clip);
6377 +
6378 + /*
6379 + * Round toward 1.0 when clipping so that we don't accidentally
6380 +diff --git a/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c b/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c
6381 +index 772f0753ed38..aaf2f26f8505 100644
6382 +--- a/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c
6383 ++++ b/drivers/gpu/drm/msm/disp/mdp4/mdp4_dsi_encoder.c
6384 +@@ -121,7 +121,7 @@ static void mdp4_dsi_encoder_enable(struct drm_encoder *encoder)
6385 + if (mdp4_dsi_encoder->enabled)
6386 + return;
6387 +
6388 +- mdp4_crtc_set_config(encoder->crtc,
6389 ++ mdp4_crtc_set_config(encoder->crtc,
6390 + MDP4_DMA_CONFIG_PACK_ALIGN_MSB |
6391 + MDP4_DMA_CONFIG_DEFLKR_EN |
6392 + MDP4_DMA_CONFIG_DITHER_EN |
6393 +diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
6394 +index f455ce71e85d..b6aba7507043 100644
6395 +--- a/drivers/gpu/drm/tegra/drm.c
6396 ++++ b/drivers/gpu/drm/tegra/drm.c
6397 +@@ -1037,23 +1037,9 @@ void tegra_drm_free(struct tegra_drm *tegra, size_t size, void *virt,
6398 + free_pages((unsigned long)virt, get_order(size));
6399 + }
6400 +
6401 +-static int host1x_drm_probe(struct host1x_device *dev)
6402 ++static bool host1x_drm_wants_iommu(struct host1x_device *dev)
6403 + {
6404 +- struct drm_driver *driver = &tegra_drm_driver;
6405 + struct iommu_domain *domain;
6406 +- struct tegra_drm *tegra;
6407 +- struct drm_device *drm;
6408 +- int err;
6409 +-
6410 +- drm = drm_dev_alloc(driver, &dev->dev);
6411 +- if (IS_ERR(drm))
6412 +- return PTR_ERR(drm);
6413 +-
6414 +- tegra = kzalloc(sizeof(*tegra), GFP_KERNEL);
6415 +- if (!tegra) {
6416 +- err = -ENOMEM;
6417 +- goto put;
6418 +- }
6419 +
6420 + /*
6421 + * If the Tegra DRM clients are backed by an IOMMU, push buffers are
6422 +@@ -1082,9 +1068,38 @@ static int host1x_drm_probe(struct host1x_device *dev)
6423 + * up the device tree appropriately. This is considered an problem
6424 + * of integration, so care must be taken for the DT to be consistent.
6425 + */
6426 +- domain = iommu_get_domain_for_dev(drm->dev->parent);
6427 ++ domain = iommu_get_domain_for_dev(dev->dev.parent);
6428 ++
6429 ++ /*
6430 ++ * Tegra20 and Tegra30 don't support addressing memory beyond the
6431 ++ * 32-bit boundary, so the regular GATHER opcodes will always be
6432 ++ * sufficient and whether or not the host1x is attached to an IOMMU
6433 ++ * doesn't matter.
6434 ++ */
6435 ++ if (!domain && dma_get_mask(dev->dev.parent) <= DMA_BIT_MASK(32))
6436 ++ return true;
6437 ++
6438 ++ return domain != NULL;
6439 ++}
6440 ++
6441 ++static int host1x_drm_probe(struct host1x_device *dev)
6442 ++{
6443 ++ struct drm_driver *driver = &tegra_drm_driver;
6444 ++ struct tegra_drm *tegra;
6445 ++ struct drm_device *drm;
6446 ++ int err;
6447 ++
6448 ++ drm = drm_dev_alloc(driver, &dev->dev);
6449 ++ if (IS_ERR(drm))
6450 ++ return PTR_ERR(drm);
6451 ++
6452 ++ tegra = kzalloc(sizeof(*tegra), GFP_KERNEL);
6453 ++ if (!tegra) {
6454 ++ err = -ENOMEM;
6455 ++ goto put;
6456 ++ }
6457 +
6458 +- if (domain && iommu_present(&platform_bus_type)) {
6459 ++ if (host1x_drm_wants_iommu(dev) && iommu_present(&platform_bus_type)) {
6460 + tegra->domain = iommu_domain_alloc(&platform_bus_type);
6461 + if (!tegra->domain) {
6462 + err = -ENOMEM;
6463 +diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c
6464 +index bc15b430156d..c46b4d4190ac 100644
6465 +--- a/drivers/gpu/drm/tegra/gem.c
6466 ++++ b/drivers/gpu/drm/tegra/gem.c
6467 +@@ -60,8 +60,16 @@ static struct sg_table *tegra_bo_pin(struct device *dev, struct host1x_bo *bo,
6468 + /*
6469 + * If we've manually mapped the buffer object through the IOMMU, make
6470 + * sure to return the IOVA address of our mapping.
6471 ++ *
6472 ++ * Similarly, for buffers that have been allocated by the DMA API the
6473 ++ * physical address can be used for devices that are not attached to
6474 ++ * an IOMMU. For these devices, callers must pass a valid pointer via
6475 ++ * the @phys argument.
6476 ++ *
6477 ++ * Imported buffers were also already mapped at import time, so the
6478 ++ * existing mapping can be reused.
6479 + */
6480 +- if (phys && obj->mm) {
6481 ++ if (phys) {
6482 + *phys = obj->iova;
6483 + return NULL;
6484 + }
6485 +diff --git a/drivers/gpu/drm/tegra/plane.c b/drivers/gpu/drm/tegra/plane.c
6486 +index cadcdd9ea427..9ccfb56e9b01 100644
6487 +--- a/drivers/gpu/drm/tegra/plane.c
6488 ++++ b/drivers/gpu/drm/tegra/plane.c
6489 +@@ -3,6 +3,8 @@
6490 + * Copyright (C) 2017 NVIDIA CORPORATION. All rights reserved.
6491 + */
6492 +
6493 ++#include <linux/iommu.h>
6494 ++
6495 + #include <drm/drm_atomic.h>
6496 + #include <drm/drm_atomic_helper.h>
6497 + #include <drm/drm_fourcc.h>
6498 +@@ -107,21 +109,27 @@ const struct drm_plane_funcs tegra_plane_funcs = {
6499 +
6500 + static int tegra_dc_pin(struct tegra_dc *dc, struct tegra_plane_state *state)
6501 + {
6502 ++ struct iommu_domain *domain = iommu_get_domain_for_dev(dc->dev);
6503 + unsigned int i;
6504 + int err;
6505 +
6506 + for (i = 0; i < state->base.fb->format->num_planes; i++) {
6507 + struct tegra_bo *bo = tegra_fb_get_plane(state->base.fb, i);
6508 ++ dma_addr_t phys_addr, *phys;
6509 ++ struct sg_table *sgt;
6510 +
6511 +- if (!dc->client.group) {
6512 +- struct sg_table *sgt;
6513 ++ if (!domain || dc->client.group)
6514 ++ phys = &phys_addr;
6515 ++ else
6516 ++ phys = NULL;
6517 +
6518 +- sgt = host1x_bo_pin(dc->dev, &bo->base, NULL);
6519 +- if (IS_ERR(sgt)) {
6520 +- err = PTR_ERR(sgt);
6521 +- goto unpin;
6522 +- }
6523 ++ sgt = host1x_bo_pin(dc->dev, &bo->base, phys);
6524 ++ if (IS_ERR(sgt)) {
6525 ++ err = PTR_ERR(sgt);
6526 ++ goto unpin;
6527 ++ }
6528 +
6529 ++ if (sgt) {
6530 + err = dma_map_sg(dc->dev, sgt->sgl, sgt->nents,
6531 + DMA_TO_DEVICE);
6532 + if (err == 0) {
6533 +@@ -143,7 +151,7 @@ static int tegra_dc_pin(struct tegra_dc *dc, struct tegra_plane_state *state)
6534 + state->iova[i] = sg_dma_address(sgt->sgl);
6535 + state->sgt[i] = sgt;
6536 + } else {
6537 +- state->iova[i] = bo->iova;
6538 ++ state->iova[i] = phys_addr;
6539 + }
6540 + }
6541 +
6542 +@@ -156,9 +164,11 @@ unpin:
6543 + struct tegra_bo *bo = tegra_fb_get_plane(state->base.fb, i);
6544 + struct sg_table *sgt = state->sgt[i];
6545 +
6546 +- dma_unmap_sg(dc->dev, sgt->sgl, sgt->nents, DMA_TO_DEVICE);
6547 +- host1x_bo_unpin(dc->dev, &bo->base, sgt);
6548 ++ if (sgt)
6549 ++ dma_unmap_sg(dc->dev, sgt->sgl, sgt->nents,
6550 ++ DMA_TO_DEVICE);
6551 +
6552 ++ host1x_bo_unpin(dc->dev, &bo->base, sgt);
6553 + state->iova[i] = DMA_MAPPING_ERROR;
6554 + state->sgt[i] = NULL;
6555 + }
6556 +@@ -172,17 +182,13 @@ static void tegra_dc_unpin(struct tegra_dc *dc, struct tegra_plane_state *state)
6557 +
6558 + for (i = 0; i < state->base.fb->format->num_planes; i++) {
6559 + struct tegra_bo *bo = tegra_fb_get_plane(state->base.fb, i);
6560 ++ struct sg_table *sgt = state->sgt[i];
6561 +
6562 +- if (!dc->client.group) {
6563 +- struct sg_table *sgt = state->sgt[i];
6564 +-
6565 +- if (sgt) {
6566 +- dma_unmap_sg(dc->dev, sgt->sgl, sgt->nents,
6567 +- DMA_TO_DEVICE);
6568 +- host1x_bo_unpin(dc->dev, &bo->base, sgt);
6569 +- }
6570 +- }
6571 ++ if (sgt)
6572 ++ dma_unmap_sg(dc->dev, sgt->sgl, sgt->nents,
6573 ++ DMA_TO_DEVICE);
6574 +
6575 ++ host1x_bo_unpin(dc->dev, &bo->base, sgt);
6576 + state->iova[i] = DMA_MAPPING_ERROR;
6577 + state->sgt[i] = NULL;
6578 + }
6579 +diff --git a/drivers/gpu/host1x/job.c b/drivers/gpu/host1x/job.c
6580 +index 25ca54de8fc5..0d53c08e9972 100644
6581 +--- a/drivers/gpu/host1x/job.c
6582 ++++ b/drivers/gpu/host1x/job.c
6583 +@@ -8,6 +8,7 @@
6584 + #include <linux/dma-mapping.h>
6585 + #include <linux/err.h>
6586 + #include <linux/host1x.h>
6587 ++#include <linux/iommu.h>
6588 + #include <linux/kref.h>
6589 + #include <linux/module.h>
6590 + #include <linux/scatterlist.h>
6591 +@@ -101,9 +102,11 @@ static unsigned int pin_job(struct host1x *host, struct host1x_job *job)
6592 + {
6593 + struct host1x_client *client = job->client;
6594 + struct device *dev = client->dev;
6595 ++ struct iommu_domain *domain;
6596 + unsigned int i;
6597 + int err;
6598 +
6599 ++ domain = iommu_get_domain_for_dev(dev);
6600 + job->num_unpins = 0;
6601 +
6602 + for (i = 0; i < job->num_relocs; i++) {
6603 +@@ -117,7 +120,19 @@ static unsigned int pin_job(struct host1x *host, struct host1x_job *job)
6604 + goto unpin;
6605 + }
6606 +
6607 +- if (client->group)
6608 ++ /*
6609 ++ * If the client device is not attached to an IOMMU, the
6610 ++ * physical address of the buffer object can be used.
6611 ++ *
6612 ++ * Similarly, when an IOMMU domain is shared between all
6613 ++ * host1x clients, the IOVA is already available, so no
6614 ++ * need to map the buffer object again.
6615 ++ *
6616 ++ * XXX Note that this isn't always safe to do because it
6617 ++ * relies on an assumption that no cache maintenance is
6618 ++ * needed on the buffer objects.
6619 ++ */
6620 ++ if (!domain || client->group)
6621 + phys = &phys_addr;
6622 + else
6623 + phys = NULL;
6624 +@@ -176,6 +191,7 @@ static unsigned int pin_job(struct host1x *host, struct host1x_job *job)
6625 + dma_addr_t phys_addr;
6626 + unsigned long shift;
6627 + struct iova *alloc;
6628 ++ dma_addr_t *phys;
6629 + unsigned int j;
6630 +
6631 + g->bo = host1x_bo_get(g->bo);
6632 +@@ -184,7 +200,17 @@ static unsigned int pin_job(struct host1x *host, struct host1x_job *job)
6633 + goto unpin;
6634 + }
6635 +
6636 +- sgt = host1x_bo_pin(host->dev, g->bo, NULL);
6637 ++ /**
6638 ++ * If the host1x is not attached to an IOMMU, there is no need
6639 ++ * to map the buffer object for the host1x, since the physical
6640 ++ * address can simply be used.
6641 ++ */
6642 ++ if (!iommu_get_domain_for_dev(host->dev))
6643 ++ phys = &phys_addr;
6644 ++ else
6645 ++ phys = NULL;
6646 ++
6647 ++ sgt = host1x_bo_pin(host->dev, g->bo, phys);
6648 + if (IS_ERR(sgt)) {
6649 + err = PTR_ERR(sgt);
6650 + goto unpin;
6651 +@@ -214,7 +240,7 @@ static unsigned int pin_job(struct host1x *host, struct host1x_job *job)
6652 +
6653 + job->unpins[job->num_unpins].size = gather_size;
6654 + phys_addr = iova_dma_addr(&host->iova, alloc);
6655 +- } else {
6656 ++ } else if (sgt) {
6657 + err = dma_map_sg(host->dev, sgt->sgl, sgt->nents,
6658 + DMA_TO_DEVICE);
6659 + if (!err) {
6660 +diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
6661 +index b155d0052981..a02ce43d778d 100644
6662 +--- a/drivers/hv/hv_balloon.c
6663 ++++ b/drivers/hv/hv_balloon.c
6664 +@@ -1217,10 +1217,7 @@ static unsigned int alloc_balloon_pages(struct hv_dynmem_device *dm,
6665 + unsigned int i, j;
6666 + struct page *pg;
6667 +
6668 +- if (num_pages < alloc_unit)
6669 +- return 0;
6670 +-
6671 +- for (i = 0; (i * alloc_unit) < num_pages; i++) {
6672 ++ for (i = 0; i < num_pages / alloc_unit; i++) {
6673 + if (bl_resp->hdr.size + sizeof(union dm_mem_page_range) >
6674 + HV_HYP_PAGE_SIZE)
6675 + return i * alloc_unit;
6676 +@@ -1258,7 +1255,7 @@ static unsigned int alloc_balloon_pages(struct hv_dynmem_device *dm,
6677 +
6678 + }
6679 +
6680 +- return num_pages;
6681 ++ return i * alloc_unit;
6682 + }
6683 +
6684 + static void balloon_up(struct work_struct *dummy)
6685 +@@ -1273,9 +1270,6 @@ static void balloon_up(struct work_struct *dummy)
6686 + long avail_pages;
6687 + unsigned long floor;
6688 +
6689 +- /* The host balloons pages in 2M granularity. */
6690 +- WARN_ON_ONCE(num_pages % PAGES_IN_2M != 0);
6691 +-
6692 + /*
6693 + * We will attempt 2M allocations. However, if we fail to
6694 + * allocate 2M chunks, we will go back to PAGE_SIZE allocations.
6695 +@@ -1285,14 +1279,13 @@ static void balloon_up(struct work_struct *dummy)
6696 + avail_pages = si_mem_available();
6697 + floor = compute_balloon_floor();
6698 +
6699 +- /* Refuse to balloon below the floor, keep the 2M granularity. */
6700 ++ /* Refuse to balloon below the floor. */
6701 + if (avail_pages < num_pages || avail_pages - num_pages < floor) {
6702 + pr_warn("Balloon request will be partially fulfilled. %s\n",
6703 + avail_pages < num_pages ? "Not enough memory." :
6704 + "Balloon floor reached.");
6705 +
6706 + num_pages = avail_pages > floor ? (avail_pages - floor) : 0;
6707 +- num_pages -= num_pages % PAGES_IN_2M;
6708 + }
6709 +
6710 + while (!done) {
6711 +diff --git a/drivers/infiniband/core/umem_odp.c b/drivers/infiniband/core/umem_odp.c
6712 +index e42d44e501fd..b9baf7d0a5cb 100644
6713 +--- a/drivers/infiniband/core/umem_odp.c
6714 ++++ b/drivers/infiniband/core/umem_odp.c
6715 +@@ -242,21 +242,10 @@ struct ib_umem_odp *ib_umem_odp_get(struct ib_udata *udata, unsigned long addr,
6716 + umem_odp->notifier.ops = ops;
6717 +
6718 + umem_odp->page_shift = PAGE_SHIFT;
6719 +- if (access & IB_ACCESS_HUGETLB) {
6720 +- struct vm_area_struct *vma;
6721 +- struct hstate *h;
6722 +-
6723 +- down_read(&mm->mmap_sem);
6724 +- vma = find_vma(mm, ib_umem_start(umem_odp));
6725 +- if (!vma || !is_vm_hugetlb_page(vma)) {
6726 +- up_read(&mm->mmap_sem);
6727 +- ret = -EINVAL;
6728 +- goto err_free;
6729 +- }
6730 +- h = hstate_vma(vma);
6731 +- umem_odp->page_shift = huge_page_shift(h);
6732 +- up_read(&mm->mmap_sem);
6733 +- }
6734 ++#ifdef CONFIG_HUGETLB_PAGE
6735 ++ if (access & IB_ACCESS_HUGETLB)
6736 ++ umem_odp->page_shift = HPAGE_SHIFT;
6737 ++#endif
6738 +
6739 + umem_odp->tgid = get_task_pid(current->group_leader, PIDTYPE_PID);
6740 + ret = ib_init_umem_odp(umem_odp, ops);
6741 +@@ -266,7 +255,6 @@ struct ib_umem_odp *ib_umem_odp_get(struct ib_udata *udata, unsigned long addr,
6742 +
6743 + err_put_pid:
6744 + put_pid(umem_odp->tgid);
6745 +-err_free:
6746 + kfree(umem_odp);
6747 + return ERR_PTR(ret);
6748 + }
6749 +@@ -440,7 +428,7 @@ int ib_umem_odp_map_dma_pages(struct ib_umem_odp *umem_odp, u64 user_virt,
6750 +
6751 + while (bcnt > 0) {
6752 + const size_t gup_num_pages = min_t(size_t,
6753 +- (bcnt + BIT(page_shift) - 1) >> page_shift,
6754 ++ ALIGN(bcnt, PAGE_SIZE) / PAGE_SIZE,
6755 + PAGE_SIZE / sizeof(struct page *));
6756 +
6757 + down_read(&owning_mm->mmap_sem);
6758 +diff --git a/drivers/infiniband/hw/mlx5/gsi.c b/drivers/infiniband/hw/mlx5/gsi.c
6759 +index ac4d8d1b9a07..1ae6fd95acaa 100644
6760 +--- a/drivers/infiniband/hw/mlx5/gsi.c
6761 ++++ b/drivers/infiniband/hw/mlx5/gsi.c
6762 +@@ -507,8 +507,7 @@ int mlx5_ib_gsi_post_send(struct ib_qp *qp, const struct ib_send_wr *wr,
6763 + ret = ib_post_send(tx_qp, &cur_wr.wr, bad_wr);
6764 + if (ret) {
6765 + /* Undo the effect of adding the outstanding wr */
6766 +- gsi->outstanding_pi = (gsi->outstanding_pi - 1) %
6767 +- gsi->cap.max_send_wr;
6768 ++ gsi->outstanding_pi--;
6769 + goto err;
6770 + }
6771 + spin_unlock_irqrestore(&gsi->lock, flags);
6772 +diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
6773 +index 9198c1b480d9..78d1067e9e17 100644
6774 +--- a/drivers/md/bcache/bcache.h
6775 ++++ b/drivers/md/bcache/bcache.h
6776 +@@ -329,6 +329,9 @@ struct cached_dev {
6777 + */
6778 + atomic_t has_dirty;
6779 +
6780 ++#define BCH_CACHE_READA_ALL 0
6781 ++#define BCH_CACHE_READA_META_ONLY 1
6782 ++ unsigned int cache_readahead_policy;
6783 + struct bch_ratelimit writeback_rate;
6784 + struct delayed_work writeback_rate_update;
6785 +
6786 +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
6787 +index 73478a91a342..820d8402a1dc 100644
6788 +--- a/drivers/md/bcache/request.c
6789 ++++ b/drivers/md/bcache/request.c
6790 +@@ -379,13 +379,20 @@ static bool check_should_bypass(struct cached_dev *dc, struct bio *bio)
6791 + goto skip;
6792 +
6793 + /*
6794 +- * Flag for bypass if the IO is for read-ahead or background,
6795 +- * unless the read-ahead request is for metadata
6796 ++ * If the bio is for read-ahead or background IO, bypass it or
6797 ++ * not depends on the following situations,
6798 ++ * - If the IO is for meta data, always cache it and no bypass
6799 ++ * - If the IO is not meta data, check dc->cache_reada_policy,
6800 ++ * BCH_CACHE_READA_ALL: cache it and not bypass
6801 ++ * BCH_CACHE_READA_META_ONLY: not cache it and bypass
6802 ++ * That is, read-ahead request for metadata always get cached
6803 + * (eg, for gfs2 or xfs).
6804 + */
6805 +- if (bio->bi_opf & (REQ_RAHEAD|REQ_BACKGROUND) &&
6806 +- !(bio->bi_opf & (REQ_META|REQ_PRIO)))
6807 +- goto skip;
6808 ++ if ((bio->bi_opf & (REQ_RAHEAD|REQ_BACKGROUND))) {
6809 ++ if (!(bio->bi_opf & (REQ_META|REQ_PRIO)) &&
6810 ++ (dc->cache_readahead_policy != BCH_CACHE_READA_ALL))
6811 ++ goto skip;
6812 ++ }
6813 +
6814 + if (bio->bi_iter.bi_sector & (c->sb.block_size - 1) ||
6815 + bio_sectors(bio) & (c->sb.block_size - 1)) {
6816 +diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
6817 +index 733e2ddf3c78..3470fae4eabc 100644
6818 +--- a/drivers/md/bcache/sysfs.c
6819 ++++ b/drivers/md/bcache/sysfs.c
6820 +@@ -27,6 +27,12 @@ static const char * const bch_cache_modes[] = {
6821 + NULL
6822 + };
6823 +
6824 ++static const char * const bch_reada_cache_policies[] = {
6825 ++ "all",
6826 ++ "meta-only",
6827 ++ NULL
6828 ++};
6829 ++
6830 + /* Default is 0 ("auto") */
6831 + static const char * const bch_stop_on_failure_modes[] = {
6832 + "auto",
6833 +@@ -100,6 +106,7 @@ rw_attribute(congested_write_threshold_us);
6834 + rw_attribute(sequential_cutoff);
6835 + rw_attribute(data_csum);
6836 + rw_attribute(cache_mode);
6837 ++rw_attribute(readahead_cache_policy);
6838 + rw_attribute(stop_when_cache_set_failed);
6839 + rw_attribute(writeback_metadata);
6840 + rw_attribute(writeback_running);
6841 +@@ -168,6 +175,11 @@ SHOW(__bch_cached_dev)
6842 + bch_cache_modes,
6843 + BDEV_CACHE_MODE(&dc->sb));
6844 +
6845 ++ if (attr == &sysfs_readahead_cache_policy)
6846 ++ return bch_snprint_string_list(buf, PAGE_SIZE,
6847 ++ bch_reada_cache_policies,
6848 ++ dc->cache_readahead_policy);
6849 ++
6850 + if (attr == &sysfs_stop_when_cache_set_failed)
6851 + return bch_snprint_string_list(buf, PAGE_SIZE,
6852 + bch_stop_on_failure_modes,
6853 +@@ -353,6 +365,15 @@ STORE(__cached_dev)
6854 + }
6855 + }
6856 +
6857 ++ if (attr == &sysfs_readahead_cache_policy) {
6858 ++ v = __sysfs_match_string(bch_reada_cache_policies, -1, buf);
6859 ++ if (v < 0)
6860 ++ return v;
6861 ++
6862 ++ if ((unsigned int) v != dc->cache_readahead_policy)
6863 ++ dc->cache_readahead_policy = v;
6864 ++ }
6865 ++
6866 + if (attr == &sysfs_stop_when_cache_set_failed) {
6867 + v = __sysfs_match_string(bch_stop_on_failure_modes, -1, buf);
6868 + if (v < 0)
6869 +@@ -467,6 +488,7 @@ static struct attribute *bch_cached_dev_files[] = {
6870 + &sysfs_data_csum,
6871 + #endif
6872 + &sysfs_cache_mode,
6873 ++ &sysfs_readahead_cache_policy,
6874 + &sysfs_stop_when_cache_set_failed,
6875 + &sysfs_writeback_metadata,
6876 + &sysfs_writeback_running,
6877 +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
6878 +index eb9782fc93fe..492bbe0584d9 100644
6879 +--- a/drivers/md/dm-crypt.c
6880 ++++ b/drivers/md/dm-crypt.c
6881 +@@ -331,8 +331,14 @@ static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv,
6882 + static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
6883 + const char *opts)
6884 + {
6885 +- unsigned bs = crypto_skcipher_blocksize(any_tfm(cc));
6886 +- int log = ilog2(bs);
6887 ++ unsigned bs;
6888 ++ int log;
6889 ++
6890 ++ if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &cc->cipher_flags))
6891 ++ bs = crypto_aead_blocksize(any_tfm_aead(cc));
6892 ++ else
6893 ++ bs = crypto_skcipher_blocksize(any_tfm(cc));
6894 ++ log = ilog2(bs);
6895 +
6896 + /* we need to calculate how far we must shift the sector count
6897 + * to get the cipher block count, we use this shift in _gen */
6898 +@@ -717,7 +723,7 @@ static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv,
6899 + struct crypto_wait wait;
6900 + int err;
6901 +
6902 +- req = skcipher_request_alloc(any_tfm(cc), GFP_KERNEL | GFP_NOFS);
6903 ++ req = skcipher_request_alloc(any_tfm(cc), GFP_NOIO);
6904 + if (!req)
6905 + return -ENOMEM;
6906 +
6907 +diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
6908 +index b88d6d701f5b..8bb723f1a569 100644
6909 +--- a/drivers/md/dm-thin-metadata.c
6910 ++++ b/drivers/md/dm-thin-metadata.c
6911 +@@ -387,16 +387,15 @@ static int subtree_equal(void *context, const void *value1_le, const void *value
6912 + * Variant that is used for in-core only changes or code that
6913 + * shouldn't put the pool in service on its own (e.g. commit).
6914 + */
6915 +-static inline void __pmd_write_lock(struct dm_pool_metadata *pmd)
6916 ++static inline void pmd_write_lock_in_core(struct dm_pool_metadata *pmd)
6917 + __acquires(pmd->root_lock)
6918 + {
6919 + down_write(&pmd->root_lock);
6920 + }
6921 +-#define pmd_write_lock_in_core(pmd) __pmd_write_lock((pmd))
6922 +
6923 + static inline void pmd_write_lock(struct dm_pool_metadata *pmd)
6924 + {
6925 +- __pmd_write_lock(pmd);
6926 ++ pmd_write_lock_in_core(pmd);
6927 + if (unlikely(!pmd->in_service))
6928 + pmd->in_service = true;
6929 + }
6930 +@@ -831,6 +830,7 @@ static int __commit_transaction(struct dm_pool_metadata *pmd)
6931 + * We need to know if the thin_disk_superblock exceeds a 512-byte sector.
6932 + */
6933 + BUILD_BUG_ON(sizeof(struct thin_disk_superblock) > 512);
6934 ++ BUG_ON(!rwsem_is_locked(&pmd->root_lock));
6935 +
6936 + if (unlikely(!pmd->in_service))
6937 + return 0;
6938 +@@ -953,6 +953,7 @@ int dm_pool_metadata_close(struct dm_pool_metadata *pmd)
6939 + return -EBUSY;
6940 + }
6941 +
6942 ++ pmd_write_lock_in_core(pmd);
6943 + if (!dm_bm_is_read_only(pmd->bm) && !pmd->fail_io) {
6944 + r = __commit_transaction(pmd);
6945 + if (r < 0)
6946 +@@ -961,6 +962,7 @@ int dm_pool_metadata_close(struct dm_pool_metadata *pmd)
6947 + }
6948 + if (!pmd->fail_io)
6949 + __destroy_persistent_data_objects(pmd);
6950 ++ pmd_write_unlock(pmd);
6951 +
6952 + kfree(pmd);
6953 + return 0;
6954 +@@ -1841,7 +1843,7 @@ int dm_pool_commit_metadata(struct dm_pool_metadata *pmd)
6955 + * Care is taken to not have commit be what
6956 + * triggers putting the thin-pool in-service.
6957 + */
6958 +- __pmd_write_lock(pmd);
6959 ++ pmd_write_lock_in_core(pmd);
6960 + if (pmd->fail_io)
6961 + goto out;
6962 +
6963 +diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
6964 +index 57626c27a54b..a2bb2622cdbd 100644
6965 +--- a/drivers/md/dm-thin.c
6966 ++++ b/drivers/md/dm-thin.c
6967 +@@ -3408,10 +3408,6 @@ static int pool_ctr(struct dm_target *ti, unsigned argc, char **argv)
6968 + if (r)
6969 + goto out_flags_changed;
6970 +
6971 +- dm_pool_register_pre_commit_callback(pt->pool->pmd,
6972 +- metadata_pre_commit_callback,
6973 +- pt);
6974 +-
6975 + pt->callbacks.congested_fn = pool_is_congested;
6976 + dm_table_add_target_callbacks(ti->table, &pt->callbacks);
6977 +
6978 +@@ -3574,6 +3570,9 @@ static int pool_preresume(struct dm_target *ti)
6979 + if (r)
6980 + return r;
6981 +
6982 ++ dm_pool_register_pre_commit_callback(pool->pmd,
6983 ++ metadata_pre_commit_callback, pt);
6984 ++
6985 + r = maybe_resize_data_dev(ti, &need_commit1);
6986 + if (r)
6987 + return r;
6988 +diff --git a/drivers/md/dm-writecache.c b/drivers/md/dm-writecache.c
6989 +index 7d727a72aa13..9b0a3bf6a4a1 100644
6990 +--- a/drivers/md/dm-writecache.c
6991 ++++ b/drivers/md/dm-writecache.c
6992 +@@ -442,7 +442,13 @@ static void writecache_notify_io(unsigned long error, void *context)
6993 + complete(&endio->c);
6994 + }
6995 +
6996 +-static void ssd_commit_flushed(struct dm_writecache *wc)
6997 ++static void writecache_wait_for_ios(struct dm_writecache *wc, int direction)
6998 ++{
6999 ++ wait_event(wc->bio_in_progress_wait[direction],
7000 ++ !atomic_read(&wc->bio_in_progress[direction]));
7001 ++}
7002 ++
7003 ++static void ssd_commit_flushed(struct dm_writecache *wc, bool wait_for_ios)
7004 + {
7005 + struct dm_io_region region;
7006 + struct dm_io_request req;
7007 +@@ -488,17 +494,20 @@ static void ssd_commit_flushed(struct dm_writecache *wc)
7008 + writecache_notify_io(0, &endio);
7009 + wait_for_completion_io(&endio.c);
7010 +
7011 ++ if (wait_for_ios)
7012 ++ writecache_wait_for_ios(wc, WRITE);
7013 ++
7014 + writecache_disk_flush(wc, wc->ssd_dev);
7015 +
7016 + memset(wc->dirty_bitmap, 0, wc->dirty_bitmap_size);
7017 + }
7018 +
7019 +-static void writecache_commit_flushed(struct dm_writecache *wc)
7020 ++static void writecache_commit_flushed(struct dm_writecache *wc, bool wait_for_ios)
7021 + {
7022 + if (WC_MODE_PMEM(wc))
7023 + wmb();
7024 + else
7025 +- ssd_commit_flushed(wc);
7026 ++ ssd_commit_flushed(wc, wait_for_ios);
7027 + }
7028 +
7029 + static void writecache_disk_flush(struct dm_writecache *wc, struct dm_dev *dev)
7030 +@@ -522,12 +531,6 @@ static void writecache_disk_flush(struct dm_writecache *wc, struct dm_dev *dev)
7031 + writecache_error(wc, r, "error flushing metadata: %d", r);
7032 + }
7033 +
7034 +-static void writecache_wait_for_ios(struct dm_writecache *wc, int direction)
7035 +-{
7036 +- wait_event(wc->bio_in_progress_wait[direction],
7037 +- !atomic_read(&wc->bio_in_progress[direction]));
7038 +-}
7039 +-
7040 + #define WFE_RETURN_FOLLOWING 1
7041 + #define WFE_LOWEST_SEQ 2
7042 +
7043 +@@ -724,15 +727,12 @@ static void writecache_flush(struct dm_writecache *wc)
7044 + e = e2;
7045 + cond_resched();
7046 + }
7047 +- writecache_commit_flushed(wc);
7048 +-
7049 +- if (!WC_MODE_PMEM(wc))
7050 +- writecache_wait_for_ios(wc, WRITE);
7051 ++ writecache_commit_flushed(wc, true);
7052 +
7053 + wc->seq_count++;
7054 + pmem_assign(sb(wc)->seq_count, cpu_to_le64(wc->seq_count));
7055 + writecache_flush_region(wc, &sb(wc)->seq_count, sizeof sb(wc)->seq_count);
7056 +- writecache_commit_flushed(wc);
7057 ++ writecache_commit_flushed(wc, false);
7058 +
7059 + wc->overwrote_committed = false;
7060 +
7061 +@@ -756,7 +756,7 @@ static void writecache_flush(struct dm_writecache *wc)
7062 + }
7063 +
7064 + if (need_flush_after_free)
7065 +- writecache_commit_flushed(wc);
7066 ++ writecache_commit_flushed(wc, false);
7067 + }
7068 +
7069 + static void writecache_flush_work(struct work_struct *work)
7070 +@@ -809,7 +809,7 @@ static void writecache_discard(struct dm_writecache *wc, sector_t start, sector_
7071 + }
7072 +
7073 + if (discarded_something)
7074 +- writecache_commit_flushed(wc);
7075 ++ writecache_commit_flushed(wc, false);
7076 + }
7077 +
7078 + static bool writecache_wait_for_writeback(struct dm_writecache *wc)
7079 +@@ -958,7 +958,7 @@ erase_this:
7080 +
7081 + if (need_flush) {
7082 + writecache_flush_all_metadata(wc);
7083 +- writecache_commit_flushed(wc);
7084 ++ writecache_commit_flushed(wc, false);
7085 + }
7086 +
7087 + wc_unlock(wc);
7088 +@@ -1342,7 +1342,7 @@ static void __writecache_endio_pmem(struct dm_writecache *wc, struct list_head *
7089 + wc->writeback_size--;
7090 + n_walked++;
7091 + if (unlikely(n_walked >= ENDIO_LATENCY)) {
7092 +- writecache_commit_flushed(wc);
7093 ++ writecache_commit_flushed(wc, false);
7094 + wc_unlock(wc);
7095 + wc_lock(wc);
7096 + n_walked = 0;
7097 +@@ -1423,7 +1423,7 @@ pop_from_list:
7098 + writecache_wait_for_ios(wc, READ);
7099 + }
7100 +
7101 +- writecache_commit_flushed(wc);
7102 ++ writecache_commit_flushed(wc, false);
7103 +
7104 + wc_unlock(wc);
7105 + }
7106 +@@ -1766,10 +1766,10 @@ static int init_memory(struct dm_writecache *wc)
7107 + write_original_sector_seq_count(wc, &wc->entries[b], -1, -1);
7108 +
7109 + writecache_flush_all_metadata(wc);
7110 +- writecache_commit_flushed(wc);
7111 ++ writecache_commit_flushed(wc, false);
7112 + pmem_assign(sb(wc)->magic, cpu_to_le32(MEMORY_SUPERBLOCK_MAGIC));
7113 + writecache_flush_region(wc, &sb(wc)->magic, sizeof sb(wc)->magic);
7114 +- writecache_commit_flushed(wc);
7115 ++ writecache_commit_flushed(wc, false);
7116 +
7117 + return 0;
7118 + }
7119 +diff --git a/drivers/md/dm-zoned-metadata.c b/drivers/md/dm-zoned-metadata.c
7120 +index 22b3cb0050a7..516c7b671d25 100644
7121 +--- a/drivers/md/dm-zoned-metadata.c
7122 ++++ b/drivers/md/dm-zoned-metadata.c
7123 +@@ -134,6 +134,7 @@ struct dmz_metadata {
7124 +
7125 + sector_t zone_bitmap_size;
7126 + unsigned int zone_nr_bitmap_blocks;
7127 ++ unsigned int zone_bits_per_mblk;
7128 +
7129 + unsigned int nr_bitmap_blocks;
7130 + unsigned int nr_map_blocks;
7131 +@@ -1161,7 +1162,10 @@ static int dmz_init_zones(struct dmz_metadata *zmd)
7132 +
7133 + /* Init */
7134 + zmd->zone_bitmap_size = dev->zone_nr_blocks >> 3;
7135 +- zmd->zone_nr_bitmap_blocks = zmd->zone_bitmap_size >> DMZ_BLOCK_SHIFT;
7136 ++ zmd->zone_nr_bitmap_blocks =
7137 ++ max_t(sector_t, 1, zmd->zone_bitmap_size >> DMZ_BLOCK_SHIFT);
7138 ++ zmd->zone_bits_per_mblk = min_t(sector_t, dev->zone_nr_blocks,
7139 ++ DMZ_BLOCK_SIZE_BITS);
7140 +
7141 + /* Allocate zone array */
7142 + zmd->zones = kcalloc(dev->nr_zones, sizeof(struct dm_zone), GFP_KERNEL);
7143 +@@ -1956,7 +1960,7 @@ int dmz_copy_valid_blocks(struct dmz_metadata *zmd, struct dm_zone *from_zone,
7144 + dmz_release_mblock(zmd, to_mblk);
7145 + dmz_release_mblock(zmd, from_mblk);
7146 +
7147 +- chunk_block += DMZ_BLOCK_SIZE_BITS;
7148 ++ chunk_block += zmd->zone_bits_per_mblk;
7149 + }
7150 +
7151 + to_zone->weight = from_zone->weight;
7152 +@@ -2017,7 +2021,7 @@ int dmz_validate_blocks(struct dmz_metadata *zmd, struct dm_zone *zone,
7153 +
7154 + /* Set bits */
7155 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
7156 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
7157 ++ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit);
7158 +
7159 + count = dmz_set_bits((unsigned long *)mblk->data, bit, nr_bits);
7160 + if (count) {
7161 +@@ -2096,7 +2100,7 @@ int dmz_invalidate_blocks(struct dmz_metadata *zmd, struct dm_zone *zone,
7162 +
7163 + /* Clear bits */
7164 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
7165 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
7166 ++ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit);
7167 +
7168 + count = dmz_clear_bits((unsigned long *)mblk->data,
7169 + bit, nr_bits);
7170 +@@ -2156,6 +2160,7 @@ static int dmz_to_next_set_block(struct dmz_metadata *zmd, struct dm_zone *zone,
7171 + {
7172 + struct dmz_mblock *mblk;
7173 + unsigned int bit, set_bit, nr_bits;
7174 ++ unsigned int zone_bits = zmd->zone_bits_per_mblk;
7175 + unsigned long *bitmap;
7176 + int n = 0;
7177 +
7178 +@@ -2170,15 +2175,15 @@ static int dmz_to_next_set_block(struct dmz_metadata *zmd, struct dm_zone *zone,
7179 + /* Get offset */
7180 + bitmap = (unsigned long *) mblk->data;
7181 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
7182 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
7183 ++ nr_bits = min(nr_blocks, zone_bits - bit);
7184 + if (set)
7185 +- set_bit = find_next_bit(bitmap, DMZ_BLOCK_SIZE_BITS, bit);
7186 ++ set_bit = find_next_bit(bitmap, zone_bits, bit);
7187 + else
7188 +- set_bit = find_next_zero_bit(bitmap, DMZ_BLOCK_SIZE_BITS, bit);
7189 ++ set_bit = find_next_zero_bit(bitmap, zone_bits, bit);
7190 + dmz_release_mblock(zmd, mblk);
7191 +
7192 + n += set_bit - bit;
7193 +- if (set_bit < DMZ_BLOCK_SIZE_BITS)
7194 ++ if (set_bit < zone_bits)
7195 + break;
7196 +
7197 + nr_blocks -= nr_bits;
7198 +@@ -2281,7 +2286,7 @@ static void dmz_get_zone_weight(struct dmz_metadata *zmd, struct dm_zone *zone)
7199 + /* Count bits in this block */
7200 + bitmap = mblk->data;
7201 + bit = chunk_block & DMZ_BLOCK_MASK_BITS;
7202 +- nr_bits = min(nr_blocks, DMZ_BLOCK_SIZE_BITS - bit);
7203 ++ nr_bits = min(nr_blocks, zmd->zone_bits_per_mblk - bit);
7204 + n += dmz_count_bits(bitmap, bit, nr_bits);
7205 +
7206 + dmz_release_mblock(zmd, mblk);
7207 +diff --git a/drivers/md/dm.c b/drivers/md/dm.c
7208 +index e8f9661a10a1..b89f07ee2eff 100644
7209 +--- a/drivers/md/dm.c
7210 ++++ b/drivers/md/dm.c
7211 +@@ -1859,6 +1859,7 @@ static void dm_init_normal_md_queue(struct mapped_device *md)
7212 + /*
7213 + * Initialize aspects of queue that aren't relevant for blk-mq
7214 + */
7215 ++ md->queue->backing_dev_info->congested_data = md;
7216 + md->queue->backing_dev_info->congested_fn = dm_any_congested;
7217 + }
7218 +
7219 +@@ -1949,7 +1950,12 @@ static struct mapped_device *alloc_dev(int minor)
7220 + if (!md->queue)
7221 + goto bad;
7222 + md->queue->queuedata = md;
7223 +- md->queue->backing_dev_info->congested_data = md;
7224 ++ /*
7225 ++ * default to bio-based required ->make_request_fn until DM
7226 ++ * table is loaded and md->type established. If request-based
7227 ++ * table is loaded: blk-mq will override accordingly.
7228 ++ */
7229 ++ blk_queue_make_request(md->queue, dm_make_request);
7230 +
7231 + md->disk = alloc_disk_node(1, md->numa_node_id);
7232 + if (!md->disk)
7233 +@@ -2264,7 +2270,6 @@ int dm_setup_md_queue(struct mapped_device *md, struct dm_table *t)
7234 + case DM_TYPE_DAX_BIO_BASED:
7235 + case DM_TYPE_NVME_BIO_BASED:
7236 + dm_init_normal_md_queue(md);
7237 +- blk_queue_make_request(md->queue, dm_make_request);
7238 + break;
7239 + case DM_TYPE_NONE:
7240 + WARN_ON_ONCE(true);
7241 +diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c
7242 +index bd68f6fef694..d8b4125e338c 100644
7243 +--- a/drivers/md/persistent-data/dm-space-map-common.c
7244 ++++ b/drivers/md/persistent-data/dm-space-map-common.c
7245 +@@ -380,6 +380,33 @@ int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin,
7246 + return -ENOSPC;
7247 + }
7248 +
7249 ++int sm_ll_find_common_free_block(struct ll_disk *old_ll, struct ll_disk *new_ll,
7250 ++ dm_block_t begin, dm_block_t end, dm_block_t *b)
7251 ++{
7252 ++ int r;
7253 ++ uint32_t count;
7254 ++
7255 ++ do {
7256 ++ r = sm_ll_find_free_block(new_ll, begin, new_ll->nr_blocks, b);
7257 ++ if (r)
7258 ++ break;
7259 ++
7260 ++ /* double check this block wasn't used in the old transaction */
7261 ++ if (*b >= old_ll->nr_blocks)
7262 ++ count = 0;
7263 ++ else {
7264 ++ r = sm_ll_lookup(old_ll, *b, &count);
7265 ++ if (r)
7266 ++ break;
7267 ++
7268 ++ if (count)
7269 ++ begin = *b + 1;
7270 ++ }
7271 ++ } while (count);
7272 ++
7273 ++ return r;
7274 ++}
7275 ++
7276 + static int sm_ll_mutate(struct ll_disk *ll, dm_block_t b,
7277 + int (*mutator)(void *context, uint32_t old, uint32_t *new),
7278 + void *context, enum allocation_event *ev)
7279 +diff --git a/drivers/md/persistent-data/dm-space-map-common.h b/drivers/md/persistent-data/dm-space-map-common.h
7280 +index b3078d5eda0c..8de63ce39bdd 100644
7281 +--- a/drivers/md/persistent-data/dm-space-map-common.h
7282 ++++ b/drivers/md/persistent-data/dm-space-map-common.h
7283 +@@ -109,6 +109,8 @@ int sm_ll_lookup_bitmap(struct ll_disk *ll, dm_block_t b, uint32_t *result);
7284 + int sm_ll_lookup(struct ll_disk *ll, dm_block_t b, uint32_t *result);
7285 + int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin,
7286 + dm_block_t end, dm_block_t *result);
7287 ++int sm_ll_find_common_free_block(struct ll_disk *old_ll, struct ll_disk *new_ll,
7288 ++ dm_block_t begin, dm_block_t end, dm_block_t *result);
7289 + int sm_ll_insert(struct ll_disk *ll, dm_block_t b, uint32_t ref_count, enum allocation_event *ev);
7290 + int sm_ll_inc(struct ll_disk *ll, dm_block_t b, enum allocation_event *ev);
7291 + int sm_ll_dec(struct ll_disk *ll, dm_block_t b, enum allocation_event *ev);
7292 +diff --git a/drivers/md/persistent-data/dm-space-map-disk.c b/drivers/md/persistent-data/dm-space-map-disk.c
7293 +index 32adf6b4a9c7..bf4c5e2ccb6f 100644
7294 +--- a/drivers/md/persistent-data/dm-space-map-disk.c
7295 ++++ b/drivers/md/persistent-data/dm-space-map-disk.c
7296 +@@ -167,8 +167,10 @@ static int sm_disk_new_block(struct dm_space_map *sm, dm_block_t *b)
7297 + enum allocation_event ev;
7298 + struct sm_disk *smd = container_of(sm, struct sm_disk, sm);
7299 +
7300 +- /* FIXME: we should loop round a couple of times */
7301 +- r = sm_ll_find_free_block(&smd->old_ll, smd->begin, smd->old_ll.nr_blocks, b);
7302 ++ /*
7303 ++ * Any block we allocate has to be free in both the old and current ll.
7304 ++ */
7305 ++ r = sm_ll_find_common_free_block(&smd->old_ll, &smd->ll, smd->begin, smd->ll.nr_blocks, b);
7306 + if (r)
7307 + return r;
7308 +
7309 +diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c
7310 +index 25328582cc48..9e3c64ec2026 100644
7311 +--- a/drivers/md/persistent-data/dm-space-map-metadata.c
7312 ++++ b/drivers/md/persistent-data/dm-space-map-metadata.c
7313 +@@ -448,7 +448,10 @@ static int sm_metadata_new_block_(struct dm_space_map *sm, dm_block_t *b)
7314 + enum allocation_event ev;
7315 + struct sm_metadata *smm = container_of(sm, struct sm_metadata, sm);
7316 +
7317 +- r = sm_ll_find_free_block(&smm->old_ll, smm->begin, smm->old_ll.nr_blocks, b);
7318 ++ /*
7319 ++ * Any block we allocate has to be free in both the old and current ll.
7320 ++ */
7321 ++ r = sm_ll_find_common_free_block(&smm->old_ll, &smm->ll, smm->begin, smm->ll.nr_blocks, b);
7322 + if (r)
7323 + return r;
7324 +
7325 +diff --git a/drivers/media/rc/iguanair.c b/drivers/media/rc/iguanair.c
7326 +index 872d6441e512..a7deca1fefb7 100644
7327 +--- a/drivers/media/rc/iguanair.c
7328 ++++ b/drivers/media/rc/iguanair.c
7329 +@@ -413,7 +413,7 @@ static int iguanair_probe(struct usb_interface *intf,
7330 + int ret, pipein, pipeout;
7331 + struct usb_host_interface *idesc;
7332 +
7333 +- idesc = intf->altsetting;
7334 ++ idesc = intf->cur_altsetting;
7335 + if (idesc->desc.bNumEndpoints < 2)
7336 + return -ENODEV;
7337 +
7338 +diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
7339 +index 7741151606ef..6f80c251f641 100644
7340 +--- a/drivers/media/rc/rc-main.c
7341 ++++ b/drivers/media/rc/rc-main.c
7342 +@@ -1891,23 +1891,28 @@ int rc_register_device(struct rc_dev *dev)
7343 +
7344 + dev->registered = true;
7345 +
7346 +- if (dev->driver_type != RC_DRIVER_IR_RAW_TX) {
7347 +- rc = rc_setup_rx_device(dev);
7348 +- if (rc)
7349 +- goto out_dev;
7350 +- }
7351 +-
7352 +- /* Ensure that the lirc kfifo is setup before we start the thread */
7353 ++ /*
7354 ++ * once the the input device is registered in rc_setup_rx_device,
7355 ++ * userspace can open the input device and rc_open() will be called
7356 ++ * as a result. This results in driver code being allowed to submit
7357 ++ * keycodes with rc_keydown, so lirc must be registered first.
7358 ++ */
7359 + if (dev->allowed_protocols != RC_PROTO_BIT_CEC) {
7360 + rc = ir_lirc_register(dev);
7361 + if (rc < 0)
7362 +- goto out_rx;
7363 ++ goto out_dev;
7364 ++ }
7365 ++
7366 ++ if (dev->driver_type != RC_DRIVER_IR_RAW_TX) {
7367 ++ rc = rc_setup_rx_device(dev);
7368 ++ if (rc)
7369 ++ goto out_lirc;
7370 + }
7371 +
7372 + if (dev->driver_type == RC_DRIVER_IR_RAW) {
7373 + rc = ir_raw_event_register(dev);
7374 + if (rc < 0)
7375 +- goto out_lirc;
7376 ++ goto out_rx;
7377 + }
7378 +
7379 + dev_dbg(&dev->dev, "Registered rc%u (driver: %s)\n", dev->minor,
7380 +@@ -1915,11 +1920,11 @@ int rc_register_device(struct rc_dev *dev)
7381 +
7382 + return 0;
7383 +
7384 ++out_rx:
7385 ++ rc_free_rx_device(dev);
7386 + out_lirc:
7387 + if (dev->allowed_protocols != RC_PROTO_BIT_CEC)
7388 + ir_lirc_unregister(dev);
7389 +-out_rx:
7390 +- rc_free_rx_device(dev);
7391 + out_dev:
7392 + device_del(&dev->dev);
7393 + out_rx_free:
7394 +diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
7395 +index 428235ca2635..2b688cc39bb8 100644
7396 +--- a/drivers/media/usb/uvc/uvc_driver.c
7397 ++++ b/drivers/media/usb/uvc/uvc_driver.c
7398 +@@ -1493,6 +1493,11 @@ static int uvc_scan_chain_forward(struct uvc_video_chain *chain,
7399 + break;
7400 + if (forward == prev)
7401 + continue;
7402 ++ if (forward->chain.next || forward->chain.prev) {
7403 ++ uvc_trace(UVC_TRACE_DESCR, "Found reference to "
7404 ++ "entity %d already in chain.\n", forward->id);
7405 ++ return -EINVAL;
7406 ++ }
7407 +
7408 + switch (UVC_ENTITY_TYPE(forward)) {
7409 + case UVC_VC_EXTENSION_UNIT:
7410 +@@ -1574,6 +1579,13 @@ static int uvc_scan_chain_backward(struct uvc_video_chain *chain,
7411 + return -1;
7412 + }
7413 +
7414 ++ if (term->chain.next || term->chain.prev) {
7415 ++ uvc_trace(UVC_TRACE_DESCR, "Found reference to "
7416 ++ "entity %d already in chain.\n",
7417 ++ term->id);
7418 ++ return -EINVAL;
7419 ++ }
7420 ++
7421 + if (uvc_trace_param & UVC_TRACE_PROBE)
7422 + printk(KERN_CONT " %d", term->id);
7423 +
7424 +diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
7425 +index e1eaf1135c7f..7ad6db8dd9f6 100644
7426 +--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
7427 ++++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
7428 +@@ -1183,36 +1183,38 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7429 + u32 aux_space;
7430 + int compatible_arg = 1;
7431 + long err = 0;
7432 ++ unsigned int ncmd;
7433 +
7434 + /*
7435 + * 1. When struct size is different, converts the command.
7436 + */
7437 + switch (cmd) {
7438 +- case VIDIOC_G_FMT32: cmd = VIDIOC_G_FMT; break;
7439 +- case VIDIOC_S_FMT32: cmd = VIDIOC_S_FMT; break;
7440 +- case VIDIOC_QUERYBUF32: cmd = VIDIOC_QUERYBUF; break;
7441 +- case VIDIOC_G_FBUF32: cmd = VIDIOC_G_FBUF; break;
7442 +- case VIDIOC_S_FBUF32: cmd = VIDIOC_S_FBUF; break;
7443 +- case VIDIOC_QBUF32: cmd = VIDIOC_QBUF; break;
7444 +- case VIDIOC_DQBUF32: cmd = VIDIOC_DQBUF; break;
7445 +- case VIDIOC_ENUMSTD32: cmd = VIDIOC_ENUMSTD; break;
7446 +- case VIDIOC_ENUMINPUT32: cmd = VIDIOC_ENUMINPUT; break;
7447 +- case VIDIOC_TRY_FMT32: cmd = VIDIOC_TRY_FMT; break;
7448 +- case VIDIOC_G_EXT_CTRLS32: cmd = VIDIOC_G_EXT_CTRLS; break;
7449 +- case VIDIOC_S_EXT_CTRLS32: cmd = VIDIOC_S_EXT_CTRLS; break;
7450 +- case VIDIOC_TRY_EXT_CTRLS32: cmd = VIDIOC_TRY_EXT_CTRLS; break;
7451 +- case VIDIOC_DQEVENT32: cmd = VIDIOC_DQEVENT; break;
7452 +- case VIDIOC_OVERLAY32: cmd = VIDIOC_OVERLAY; break;
7453 +- case VIDIOC_STREAMON32: cmd = VIDIOC_STREAMON; break;
7454 +- case VIDIOC_STREAMOFF32: cmd = VIDIOC_STREAMOFF; break;
7455 +- case VIDIOC_G_INPUT32: cmd = VIDIOC_G_INPUT; break;
7456 +- case VIDIOC_S_INPUT32: cmd = VIDIOC_S_INPUT; break;
7457 +- case VIDIOC_G_OUTPUT32: cmd = VIDIOC_G_OUTPUT; break;
7458 +- case VIDIOC_S_OUTPUT32: cmd = VIDIOC_S_OUTPUT; break;
7459 +- case VIDIOC_CREATE_BUFS32: cmd = VIDIOC_CREATE_BUFS; break;
7460 +- case VIDIOC_PREPARE_BUF32: cmd = VIDIOC_PREPARE_BUF; break;
7461 +- case VIDIOC_G_EDID32: cmd = VIDIOC_G_EDID; break;
7462 +- case VIDIOC_S_EDID32: cmd = VIDIOC_S_EDID; break;
7463 ++ case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break;
7464 ++ case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break;
7465 ++ case VIDIOC_QUERYBUF32: ncmd = VIDIOC_QUERYBUF; break;
7466 ++ case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break;
7467 ++ case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break;
7468 ++ case VIDIOC_QBUF32: ncmd = VIDIOC_QBUF; break;
7469 ++ case VIDIOC_DQBUF32: ncmd = VIDIOC_DQBUF; break;
7470 ++ case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break;
7471 ++ case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break;
7472 ++ case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break;
7473 ++ case VIDIOC_G_EXT_CTRLS32: ncmd = VIDIOC_G_EXT_CTRLS; break;
7474 ++ case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break;
7475 ++ case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break;
7476 ++ case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break;
7477 ++ case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break;
7478 ++ case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break;
7479 ++ case VIDIOC_STREAMOFF32: ncmd = VIDIOC_STREAMOFF; break;
7480 ++ case VIDIOC_G_INPUT32: ncmd = VIDIOC_G_INPUT; break;
7481 ++ case VIDIOC_S_INPUT32: ncmd = VIDIOC_S_INPUT; break;
7482 ++ case VIDIOC_G_OUTPUT32: ncmd = VIDIOC_G_OUTPUT; break;
7483 ++ case VIDIOC_S_OUTPUT32: ncmd = VIDIOC_S_OUTPUT; break;
7484 ++ case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break;
7485 ++ case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break;
7486 ++ case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break;
7487 ++ case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break;
7488 ++ default: ncmd = cmd; break;
7489 + }
7490 +
7491 + /*
7492 +@@ -1221,11 +1223,11 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7493 + * argument into it.
7494 + */
7495 + switch (cmd) {
7496 +- case VIDIOC_OVERLAY:
7497 +- case VIDIOC_STREAMON:
7498 +- case VIDIOC_STREAMOFF:
7499 +- case VIDIOC_S_INPUT:
7500 +- case VIDIOC_S_OUTPUT:
7501 ++ case VIDIOC_OVERLAY32:
7502 ++ case VIDIOC_STREAMON32:
7503 ++ case VIDIOC_STREAMOFF32:
7504 ++ case VIDIOC_S_INPUT32:
7505 ++ case VIDIOC_S_OUTPUT32:
7506 + err = alloc_userspace(sizeof(unsigned int), 0, &new_p64);
7507 + if (!err && assign_in_user((unsigned int __user *)new_p64,
7508 + (compat_uint_t __user *)p32))
7509 +@@ -1233,23 +1235,23 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7510 + compatible_arg = 0;
7511 + break;
7512 +
7513 +- case VIDIOC_G_INPUT:
7514 +- case VIDIOC_G_OUTPUT:
7515 ++ case VIDIOC_G_INPUT32:
7516 ++ case VIDIOC_G_OUTPUT32:
7517 + err = alloc_userspace(sizeof(unsigned int), 0, &new_p64);
7518 + compatible_arg = 0;
7519 + break;
7520 +
7521 +- case VIDIOC_G_EDID:
7522 +- case VIDIOC_S_EDID:
7523 ++ case VIDIOC_G_EDID32:
7524 ++ case VIDIOC_S_EDID32:
7525 + err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64);
7526 + if (!err)
7527 + err = get_v4l2_edid32(new_p64, p32);
7528 + compatible_arg = 0;
7529 + break;
7530 +
7531 +- case VIDIOC_G_FMT:
7532 +- case VIDIOC_S_FMT:
7533 +- case VIDIOC_TRY_FMT:
7534 ++ case VIDIOC_G_FMT32:
7535 ++ case VIDIOC_S_FMT32:
7536 ++ case VIDIOC_TRY_FMT32:
7537 + err = bufsize_v4l2_format(p32, &aux_space);
7538 + if (!err)
7539 + err = alloc_userspace(sizeof(struct v4l2_format),
7540 +@@ -1262,7 +1264,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7541 + compatible_arg = 0;
7542 + break;
7543 +
7544 +- case VIDIOC_CREATE_BUFS:
7545 ++ case VIDIOC_CREATE_BUFS32:
7546 + err = bufsize_v4l2_create(p32, &aux_space);
7547 + if (!err)
7548 + err = alloc_userspace(sizeof(struct v4l2_create_buffers),
7549 +@@ -1275,10 +1277,10 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7550 + compatible_arg = 0;
7551 + break;
7552 +
7553 +- case VIDIOC_PREPARE_BUF:
7554 +- case VIDIOC_QUERYBUF:
7555 +- case VIDIOC_QBUF:
7556 +- case VIDIOC_DQBUF:
7557 ++ case VIDIOC_PREPARE_BUF32:
7558 ++ case VIDIOC_QUERYBUF32:
7559 ++ case VIDIOC_QBUF32:
7560 ++ case VIDIOC_DQBUF32:
7561 + err = bufsize_v4l2_buffer(p32, &aux_space);
7562 + if (!err)
7563 + err = alloc_userspace(sizeof(struct v4l2_buffer),
7564 +@@ -1291,7 +1293,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7565 + compatible_arg = 0;
7566 + break;
7567 +
7568 +- case VIDIOC_S_FBUF:
7569 ++ case VIDIOC_S_FBUF32:
7570 + err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0,
7571 + &new_p64);
7572 + if (!err)
7573 +@@ -1299,13 +1301,13 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7574 + compatible_arg = 0;
7575 + break;
7576 +
7577 +- case VIDIOC_G_FBUF:
7578 ++ case VIDIOC_G_FBUF32:
7579 + err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0,
7580 + &new_p64);
7581 + compatible_arg = 0;
7582 + break;
7583 +
7584 +- case VIDIOC_ENUMSTD:
7585 ++ case VIDIOC_ENUMSTD32:
7586 + err = alloc_userspace(sizeof(struct v4l2_standard), 0,
7587 + &new_p64);
7588 + if (!err)
7589 +@@ -1313,16 +1315,16 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7590 + compatible_arg = 0;
7591 + break;
7592 +
7593 +- case VIDIOC_ENUMINPUT:
7594 ++ case VIDIOC_ENUMINPUT32:
7595 + err = alloc_userspace(sizeof(struct v4l2_input), 0, &new_p64);
7596 + if (!err)
7597 + err = get_v4l2_input32(new_p64, p32);
7598 + compatible_arg = 0;
7599 + break;
7600 +
7601 +- case VIDIOC_G_EXT_CTRLS:
7602 +- case VIDIOC_S_EXT_CTRLS:
7603 +- case VIDIOC_TRY_EXT_CTRLS:
7604 ++ case VIDIOC_G_EXT_CTRLS32:
7605 ++ case VIDIOC_S_EXT_CTRLS32:
7606 ++ case VIDIOC_TRY_EXT_CTRLS32:
7607 + err = bufsize_v4l2_ext_controls(p32, &aux_space);
7608 + if (!err)
7609 + err = alloc_userspace(sizeof(struct v4l2_ext_controls),
7610 +@@ -1334,7 +1336,7 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7611 + }
7612 + compatible_arg = 0;
7613 + break;
7614 +- case VIDIOC_DQEVENT:
7615 ++ case VIDIOC_DQEVENT32:
7616 + err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64);
7617 + compatible_arg = 0;
7618 + break;
7619 +@@ -1352,9 +1354,9 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7620 + * Otherwise, it will pass the newly allocated @new_p64 argument.
7621 + */
7622 + if (compatible_arg)
7623 +- err = native_ioctl(file, cmd, (unsigned long)p32);
7624 ++ err = native_ioctl(file, ncmd, (unsigned long)p32);
7625 + else
7626 +- err = native_ioctl(file, cmd, (unsigned long)new_p64);
7627 ++ err = native_ioctl(file, ncmd, (unsigned long)new_p64);
7628 +
7629 + if (err == -ENOTTY)
7630 + return err;
7631 +@@ -1370,13 +1372,13 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7632 + * the blocks to maximum allowed value.
7633 + */
7634 + switch (cmd) {
7635 +- case VIDIOC_G_EXT_CTRLS:
7636 +- case VIDIOC_S_EXT_CTRLS:
7637 +- case VIDIOC_TRY_EXT_CTRLS:
7638 ++ case VIDIOC_G_EXT_CTRLS32:
7639 ++ case VIDIOC_S_EXT_CTRLS32:
7640 ++ case VIDIOC_TRY_EXT_CTRLS32:
7641 + if (put_v4l2_ext_controls32(file, new_p64, p32))
7642 + err = -EFAULT;
7643 + break;
7644 +- case VIDIOC_S_EDID:
7645 ++ case VIDIOC_S_EDID32:
7646 + if (put_v4l2_edid32(new_p64, p32))
7647 + err = -EFAULT;
7648 + break;
7649 +@@ -1389,49 +1391,49 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
7650 + * the original 32 bits structure.
7651 + */
7652 + switch (cmd) {
7653 +- case VIDIOC_S_INPUT:
7654 +- case VIDIOC_S_OUTPUT:
7655 +- case VIDIOC_G_INPUT:
7656 +- case VIDIOC_G_OUTPUT:
7657 ++ case VIDIOC_S_INPUT32:
7658 ++ case VIDIOC_S_OUTPUT32:
7659 ++ case VIDIOC_G_INPUT32:
7660 ++ case VIDIOC_G_OUTPUT32:
7661 + if (assign_in_user((compat_uint_t __user *)p32,
7662 + ((unsigned int __user *)new_p64)))
7663 + err = -EFAULT;
7664 + break;
7665 +
7666 +- case VIDIOC_G_FBUF:
7667 ++ case VIDIOC_G_FBUF32:
7668 + err = put_v4l2_framebuffer32(new_p64, p32);
7669 + break;
7670 +
7671 +- case VIDIOC_DQEVENT:
7672 ++ case VIDIOC_DQEVENT32:
7673 + err = put_v4l2_event32(new_p64, p32);
7674 + break;
7675 +
7676 +- case VIDIOC_G_EDID:
7677 ++ case VIDIOC_G_EDID32:
7678 + err = put_v4l2_edid32(new_p64, p32);
7679 + break;
7680 +
7681 +- case VIDIOC_G_FMT:
7682 +- case VIDIOC_S_FMT:
7683 +- case VIDIOC_TRY_FMT:
7684 ++ case VIDIOC_G_FMT32:
7685 ++ case VIDIOC_S_FMT32:
7686 ++ case VIDIOC_TRY_FMT32:
7687 + err = put_v4l2_format32(new_p64, p32);
7688 + break;
7689 +
7690 +- case VIDIOC_CREATE_BUFS:
7691 ++ case VIDIOC_CREATE_BUFS32:
7692 + err = put_v4l2_create32(new_p64, p32);
7693 + break;
7694 +
7695 +- case VIDIOC_PREPARE_BUF:
7696 +- case VIDIOC_QUERYBUF:
7697 +- case VIDIOC_QBUF:
7698 +- case VIDIOC_DQBUF:
7699 ++ case VIDIOC_PREPARE_BUF32:
7700 ++ case VIDIOC_QUERYBUF32:
7701 ++ case VIDIOC_QBUF32:
7702 ++ case VIDIOC_DQBUF32:
7703 + err = put_v4l2_buffer32(new_p64, p32);
7704 + break;
7705 +
7706 +- case VIDIOC_ENUMSTD:
7707 ++ case VIDIOC_ENUMSTD32:
7708 + err = put_v4l2_standard32(new_p64, p32);
7709 + break;
7710 +
7711 +- case VIDIOC_ENUMINPUT:
7712 ++ case VIDIOC_ENUMINPUT32:
7713 + err = put_v4l2_input32(new_p64, p32);
7714 + break;
7715 + }
7716 +diff --git a/drivers/media/v4l2-core/videobuf-dma-sg.c b/drivers/media/v4l2-core/videobuf-dma-sg.c
7717 +index 66a6c6c236a7..28262190c3ab 100644
7718 +--- a/drivers/media/v4l2-core/videobuf-dma-sg.c
7719 ++++ b/drivers/media/v4l2-core/videobuf-dma-sg.c
7720 +@@ -349,8 +349,11 @@ int videobuf_dma_free(struct videobuf_dmabuf *dma)
7721 + BUG_ON(dma->sglen);
7722 +
7723 + if (dma->pages) {
7724 +- for (i = 0; i < dma->nr_pages; i++)
7725 ++ for (i = 0; i < dma->nr_pages; i++) {
7726 ++ if (dma->direction == DMA_FROM_DEVICE)
7727 ++ set_page_dirty_lock(dma->pages[i]);
7728 + put_page(dma->pages[i]);
7729 ++ }
7730 + kfree(dma->pages);
7731 + dma->pages = NULL;
7732 + }
7733 +diff --git a/drivers/mfd/ab8500-core.c b/drivers/mfd/ab8500-core.c
7734 +index bafc729fc434..3c6fda68e6bc 100644
7735 +--- a/drivers/mfd/ab8500-core.c
7736 ++++ b/drivers/mfd/ab8500-core.c
7737 +@@ -631,8 +631,8 @@ static const struct mfd_cell ab8500_devs[] = {
7738 + NULL, NULL, 0, 0, "stericsson,ab8500-ext-regulator"),
7739 + OF_MFD_CELL("ab8500-regulator",
7740 + NULL, NULL, 0, 0, "stericsson,ab8500-regulator"),
7741 +- OF_MFD_CELL("abx500-clk",
7742 +- NULL, NULL, 0, 0, "stericsson,abx500-clk"),
7743 ++ OF_MFD_CELL("ab8500-clk",
7744 ++ NULL, NULL, 0, 0, "stericsson,ab8500-clk"),
7745 + OF_MFD_CELL("ab8500-gpadc",
7746 + NULL, NULL, 0, 0, "stericsson,ab8500-gpadc"),
7747 + OF_MFD_CELL("ab8500-rtc",
7748 +diff --git a/drivers/mfd/axp20x.c b/drivers/mfd/axp20x.c
7749 +index a4aaadaa0cb0..aa59496e4376 100644
7750 +--- a/drivers/mfd/axp20x.c
7751 ++++ b/drivers/mfd/axp20x.c
7752 +@@ -126,7 +126,7 @@ static const struct regmap_range axp288_writeable_ranges[] = {
7753 + static const struct regmap_range axp288_volatile_ranges[] = {
7754 + regmap_reg_range(AXP20X_PWR_INPUT_STATUS, AXP288_POWER_REASON),
7755 + regmap_reg_range(AXP288_BC_GLOBAL, AXP288_BC_GLOBAL),
7756 +- regmap_reg_range(AXP288_BC_DET_STAT, AXP288_BC_DET_STAT),
7757 ++ regmap_reg_range(AXP288_BC_DET_STAT, AXP20X_VBUS_IPSOUT_MGMT),
7758 + regmap_reg_range(AXP20X_CHRG_BAK_CTRL, AXP20X_CHRG_BAK_CTRL),
7759 + regmap_reg_range(AXP20X_IRQ1_EN, AXP20X_IPSOUT_V_HIGH_L),
7760 + regmap_reg_range(AXP20X_TIMER_CTRL, AXP20X_TIMER_CTRL),
7761 +diff --git a/drivers/mfd/da9062-core.c b/drivers/mfd/da9062-core.c
7762 +index e69626867c26..9143de7b77b8 100644
7763 +--- a/drivers/mfd/da9062-core.c
7764 ++++ b/drivers/mfd/da9062-core.c
7765 +@@ -248,7 +248,7 @@ static const struct mfd_cell da9062_devs[] = {
7766 + .name = "da9062-watchdog",
7767 + .num_resources = ARRAY_SIZE(da9062_wdt_resources),
7768 + .resources = da9062_wdt_resources,
7769 +- .of_compatible = "dlg,da9062-wdt",
7770 ++ .of_compatible = "dlg,da9062-watchdog",
7771 + },
7772 + {
7773 + .name = "da9062-thermal",
7774 +diff --git a/drivers/mfd/dln2.c b/drivers/mfd/dln2.c
7775 +index 381593fbe50f..7841c11411d0 100644
7776 +--- a/drivers/mfd/dln2.c
7777 ++++ b/drivers/mfd/dln2.c
7778 +@@ -722,6 +722,8 @@ static int dln2_probe(struct usb_interface *interface,
7779 + const struct usb_device_id *usb_id)
7780 + {
7781 + struct usb_host_interface *hostif = interface->cur_altsetting;
7782 ++ struct usb_endpoint_descriptor *epin;
7783 ++ struct usb_endpoint_descriptor *epout;
7784 + struct device *dev = &interface->dev;
7785 + struct dln2_dev *dln2;
7786 + int ret;
7787 +@@ -731,12 +733,19 @@ static int dln2_probe(struct usb_interface *interface,
7788 + hostif->desc.bNumEndpoints < 2)
7789 + return -ENODEV;
7790 +
7791 ++ epin = &hostif->endpoint[0].desc;
7792 ++ epout = &hostif->endpoint[1].desc;
7793 ++ if (!usb_endpoint_is_bulk_out(epout))
7794 ++ return -ENODEV;
7795 ++ if (!usb_endpoint_is_bulk_in(epin))
7796 ++ return -ENODEV;
7797 ++
7798 + dln2 = kzalloc(sizeof(*dln2), GFP_KERNEL);
7799 + if (!dln2)
7800 + return -ENOMEM;
7801 +
7802 +- dln2->ep_out = hostif->endpoint[0].desc.bEndpointAddress;
7803 +- dln2->ep_in = hostif->endpoint[1].desc.bEndpointAddress;
7804 ++ dln2->ep_out = epout->bEndpointAddress;
7805 ++ dln2->ep_in = epin->bEndpointAddress;
7806 + dln2->usb_dev = usb_get_dev(interface_to_usbdev(interface));
7807 + dln2->interface = interface;
7808 + usb_set_intfdata(interface, dln2);
7809 +diff --git a/drivers/mfd/rn5t618.c b/drivers/mfd/rn5t618.c
7810 +index da5cd9c92a59..ead2e79036a9 100644
7811 +--- a/drivers/mfd/rn5t618.c
7812 ++++ b/drivers/mfd/rn5t618.c
7813 +@@ -26,6 +26,7 @@ static bool rn5t618_volatile_reg(struct device *dev, unsigned int reg)
7814 + case RN5T618_WATCHDOGCNT:
7815 + case RN5T618_DCIRQ:
7816 + case RN5T618_ILIMDATAH ... RN5T618_AIN0DATAL:
7817 ++ case RN5T618_ADCCNT3:
7818 + case RN5T618_IR_ADC1 ... RN5T618_IR_ADC3:
7819 + case RN5T618_IR_GPR:
7820 + case RN5T618_IR_GPF:
7821 +diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c
7822 +index 74c6cfbf9172..1f02f54f09c0 100644
7823 +--- a/drivers/mmc/host/mmc_spi.c
7824 ++++ b/drivers/mmc/host/mmc_spi.c
7825 +@@ -1134,17 +1134,22 @@ static void mmc_spi_initsequence(struct mmc_spi_host *host)
7826 + * SPI protocol. Another is that when chipselect is released while
7827 + * the card returns BUSY status, the clock must issue several cycles
7828 + * with chipselect high before the card will stop driving its output.
7829 ++ *
7830 ++ * SPI_CS_HIGH means "asserted" here. In some cases like when using
7831 ++ * GPIOs for chip select, SPI_CS_HIGH is set but this will be logically
7832 ++ * inverted by gpiolib, so if we want to ascertain to drive it high
7833 ++ * we should toggle the default with an XOR as we do here.
7834 + */
7835 +- host->spi->mode |= SPI_CS_HIGH;
7836 ++ host->spi->mode ^= SPI_CS_HIGH;
7837 + if (spi_setup(host->spi) != 0) {
7838 + /* Just warn; most cards work without it. */
7839 + dev_warn(&host->spi->dev,
7840 + "can't change chip-select polarity\n");
7841 +- host->spi->mode &= ~SPI_CS_HIGH;
7842 ++ host->spi->mode ^= SPI_CS_HIGH;
7843 + } else {
7844 + mmc_spi_readbytes(host, 18);
7845 +
7846 +- host->spi->mode &= ~SPI_CS_HIGH;
7847 ++ host->spi->mode ^= SPI_CS_HIGH;
7848 + if (spi_setup(host->spi) != 0) {
7849 + /* Wot, we can't get the same setup we had before? */
7850 + dev_err(&host->spi->dev,
7851 +diff --git a/drivers/mmc/host/sdhci-of-at91.c b/drivers/mmc/host/sdhci-of-at91.c
7852 +index 5959e394b416..99d82c1874d6 100644
7853 +--- a/drivers/mmc/host/sdhci-of-at91.c
7854 ++++ b/drivers/mmc/host/sdhci-of-at91.c
7855 +@@ -335,19 +335,22 @@ static int sdhci_at91_probe(struct platform_device *pdev)
7856 + priv->mainck = devm_clk_get(&pdev->dev, "baseclk");
7857 + if (IS_ERR(priv->mainck)) {
7858 + dev_err(&pdev->dev, "failed to get baseclk\n");
7859 +- return PTR_ERR(priv->mainck);
7860 ++ ret = PTR_ERR(priv->mainck);
7861 ++ goto sdhci_pltfm_free;
7862 + }
7863 +
7864 + priv->hclock = devm_clk_get(&pdev->dev, "hclock");
7865 + if (IS_ERR(priv->hclock)) {
7866 + dev_err(&pdev->dev, "failed to get hclock\n");
7867 +- return PTR_ERR(priv->hclock);
7868 ++ ret = PTR_ERR(priv->hclock);
7869 ++ goto sdhci_pltfm_free;
7870 + }
7871 +
7872 + priv->gck = devm_clk_get(&pdev->dev, "multclk");
7873 + if (IS_ERR(priv->gck)) {
7874 + dev_err(&pdev->dev, "failed to get multclk\n");
7875 +- return PTR_ERR(priv->gck);
7876 ++ ret = PTR_ERR(priv->gck);
7877 ++ goto sdhci_pltfm_free;
7878 + }
7879 +
7880 + ret = sdhci_at91_set_clks_presets(&pdev->dev);
7881 +diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
7882 +index b0cd443dd758..70e55fe61b99 100644
7883 +--- a/drivers/mtd/spi-nor/spi-nor.c
7884 ++++ b/drivers/mtd/spi-nor/spi-nor.c
7885 +@@ -2461,15 +2461,16 @@ static const struct flash_info spi_nor_ids[] = {
7886 + { "n25q256a", INFO(0x20ba19, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
7887 + { "n25q256ax1", INFO(0x20bb19, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_QUAD_READ) },
7888 + { "n25q512ax3", INFO(0x20ba20, 0, 64 * 1024, 1024, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ) },
7889 ++ { "mt25qu512a", INFO6(0x20bb20, 0x104400, 64 * 1024, 1024,
7890 ++ SECT_4K | USE_FSR | SPI_NOR_DUAL_READ |
7891 ++ SPI_NOR_QUAD_READ | SPI_NOR_4B_OPCODES) },
7892 ++ { "n25q512a", INFO(0x20bb20, 0, 64 * 1024, 1024, SECT_4K |
7893 ++ SPI_NOR_QUAD_READ) },
7894 + { "n25q00", INFO(0x20ba21, 0, 64 * 1024, 2048, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ | NO_CHIP_ERASE) },
7895 + { "n25q00a", INFO(0x20bb21, 0, 64 * 1024, 2048, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ | NO_CHIP_ERASE) },
7896 + { "mt25ql02g", INFO(0x20ba22, 0, 64 * 1024, 4096,
7897 + SECT_4K | USE_FSR | SPI_NOR_QUAD_READ |
7898 + NO_CHIP_ERASE) },
7899 +- { "mt25qu512a (n25q512a)", INFO(0x20bb20, 0, 64 * 1024, 1024,
7900 +- SECT_4K | USE_FSR | SPI_NOR_DUAL_READ |
7901 +- SPI_NOR_QUAD_READ |
7902 +- SPI_NOR_4B_OPCODES) },
7903 + { "mt25qu02g", INFO(0x20bb22, 0, 64 * 1024, 4096, SECT_4K | USE_FSR | SPI_NOR_QUAD_READ | NO_CHIP_ERASE) },
7904 +
7905 + /* Micron */
7906 +diff --git a/drivers/mtd/ubi/fastmap.c b/drivers/mtd/ubi/fastmap.c
7907 +index 1c7be4eb3ba6..53f448e7433a 100644
7908 +--- a/drivers/mtd/ubi/fastmap.c
7909 ++++ b/drivers/mtd/ubi/fastmap.c
7910 +@@ -64,7 +64,7 @@ static int self_check_seen(struct ubi_device *ubi, unsigned long *seen)
7911 + return 0;
7912 +
7913 + for (pnum = 0; pnum < ubi->peb_count; pnum++) {
7914 +- if (test_bit(pnum, seen) && ubi->lookuptbl[pnum]) {
7915 ++ if (!test_bit(pnum, seen) && ubi->lookuptbl[pnum]) {
7916 + ubi_err(ubi, "self-check failed for PEB %d, fastmap didn't see it", pnum);
7917 + ret = -EINVAL;
7918 + }
7919 +@@ -1137,7 +1137,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7920 + struct rb_node *tmp_rb;
7921 + int ret, i, j, free_peb_count, used_peb_count, vol_count;
7922 + int scrub_peb_count, erase_peb_count;
7923 +- unsigned long *seen_pebs = NULL;
7924 ++ unsigned long *seen_pebs;
7925 +
7926 + fm_raw = ubi->fm_buf;
7927 + memset(ubi->fm_buf, 0, ubi->fm_size);
7928 +@@ -1151,7 +1151,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7929 + dvbuf = new_fm_vbuf(ubi, UBI_FM_DATA_VOLUME_ID);
7930 + if (!dvbuf) {
7931 + ret = -ENOMEM;
7932 +- goto out_kfree;
7933 ++ goto out_free_avbuf;
7934 + }
7935 +
7936 + avhdr = ubi_get_vid_hdr(avbuf);
7937 +@@ -1160,7 +1160,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7938 + seen_pebs = init_seen(ubi);
7939 + if (IS_ERR(seen_pebs)) {
7940 + ret = PTR_ERR(seen_pebs);
7941 +- goto out_kfree;
7942 ++ goto out_free_dvbuf;
7943 + }
7944 +
7945 + spin_lock(&ubi->volumes_lock);
7946 +@@ -1328,7 +1328,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7947 + ret = ubi_io_write_vid_hdr(ubi, new_fm->e[0]->pnum, avbuf);
7948 + if (ret) {
7949 + ubi_err(ubi, "unable to write vid_hdr to fastmap SB!");
7950 +- goto out_kfree;
7951 ++ goto out_free_seen;
7952 + }
7953 +
7954 + for (i = 0; i < new_fm->used_blocks; i++) {
7955 +@@ -1350,7 +1350,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7956 + if (ret) {
7957 + ubi_err(ubi, "unable to write vid_hdr to PEB %i!",
7958 + new_fm->e[i]->pnum);
7959 +- goto out_kfree;
7960 ++ goto out_free_seen;
7961 + }
7962 + }
7963 +
7964 +@@ -1360,7 +1360,7 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7965 + if (ret) {
7966 + ubi_err(ubi, "unable to write fastmap to PEB %i!",
7967 + new_fm->e[i]->pnum);
7968 +- goto out_kfree;
7969 ++ goto out_free_seen;
7970 + }
7971 + }
7972 +
7973 +@@ -1370,10 +1370,13 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
7974 + ret = self_check_seen(ubi, seen_pebs);
7975 + dbg_bld("fastmap written!");
7976 +
7977 +-out_kfree:
7978 +- ubi_free_vid_buf(avbuf);
7979 +- ubi_free_vid_buf(dvbuf);
7980 ++out_free_seen:
7981 + free_seen(seen_pebs);
7982 ++out_free_dvbuf:
7983 ++ ubi_free_vid_buf(dvbuf);
7984 ++out_free_avbuf:
7985 ++ ubi_free_vid_buf(avbuf);
7986 ++
7987 + out:
7988 + return ret;
7989 + }
7990 +diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
7991 +index 4f2e6910c623..1cc2cd894f87 100644
7992 +--- a/drivers/net/bonding/bond_alb.c
7993 ++++ b/drivers/net/bonding/bond_alb.c
7994 +@@ -1383,26 +1383,31 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
7995 + bool do_tx_balance = true;
7996 + u32 hash_index = 0;
7997 + const u8 *hash_start = NULL;
7998 +- struct ipv6hdr *ip6hdr;
7999 +
8000 + skb_reset_mac_header(skb);
8001 + eth_data = eth_hdr(skb);
8002 +
8003 + switch (ntohs(skb->protocol)) {
8004 + case ETH_P_IP: {
8005 +- const struct iphdr *iph = ip_hdr(skb);
8006 ++ const struct iphdr *iph;
8007 +
8008 + if (is_broadcast_ether_addr(eth_data->h_dest) ||
8009 +- iph->daddr == ip_bcast ||
8010 +- iph->protocol == IPPROTO_IGMP) {
8011 ++ !pskb_network_may_pull(skb, sizeof(*iph))) {
8012 ++ do_tx_balance = false;
8013 ++ break;
8014 ++ }
8015 ++ iph = ip_hdr(skb);
8016 ++ if (iph->daddr == ip_bcast || iph->protocol == IPPROTO_IGMP) {
8017 + do_tx_balance = false;
8018 + break;
8019 + }
8020 + hash_start = (char *)&(iph->daddr);
8021 + hash_size = sizeof(iph->daddr);
8022 +- }
8023 + break;
8024 +- case ETH_P_IPV6:
8025 ++ }
8026 ++ case ETH_P_IPV6: {
8027 ++ const struct ipv6hdr *ip6hdr;
8028 ++
8029 + /* IPv6 doesn't really use broadcast mac address, but leave
8030 + * that here just in case.
8031 + */
8032 +@@ -1419,7 +1424,11 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
8033 + break;
8034 + }
8035 +
8036 +- /* Additianally, DAD probes should not be tx-balanced as that
8037 ++ if (!pskb_network_may_pull(skb, sizeof(*ip6hdr))) {
8038 ++ do_tx_balance = false;
8039 ++ break;
8040 ++ }
8041 ++ /* Additionally, DAD probes should not be tx-balanced as that
8042 + * will lead to false positives for duplicate addresses and
8043 + * prevent address configuration from working.
8044 + */
8045 +@@ -1429,17 +1438,26 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
8046 + break;
8047 + }
8048 +
8049 +- hash_start = (char *)&(ipv6_hdr(skb)->daddr);
8050 +- hash_size = sizeof(ipv6_hdr(skb)->daddr);
8051 ++ hash_start = (char *)&ip6hdr->daddr;
8052 ++ hash_size = sizeof(ip6hdr->daddr);
8053 + break;
8054 +- case ETH_P_IPX:
8055 +- if (ipx_hdr(skb)->ipx_checksum != IPX_NO_CHECKSUM) {
8056 ++ }
8057 ++ case ETH_P_IPX: {
8058 ++ const struct ipxhdr *ipxhdr;
8059 ++
8060 ++ if (pskb_network_may_pull(skb, sizeof(*ipxhdr))) {
8061 ++ do_tx_balance = false;
8062 ++ break;
8063 ++ }
8064 ++ ipxhdr = (struct ipxhdr *)skb_network_header(skb);
8065 ++
8066 ++ if (ipxhdr->ipx_checksum != IPX_NO_CHECKSUM) {
8067 + /* something is wrong with this packet */
8068 + do_tx_balance = false;
8069 + break;
8070 + }
8071 +
8072 +- if (ipx_hdr(skb)->ipx_type != IPX_TYPE_NCP) {
8073 ++ if (ipxhdr->ipx_type != IPX_TYPE_NCP) {
8074 + /* The only protocol worth balancing in
8075 + * this family since it has an "ARP" like
8076 + * mechanism
8077 +@@ -1448,9 +1466,11 @@ netdev_tx_t bond_alb_xmit(struct sk_buff *skb, struct net_device *bond_dev)
8078 + break;
8079 + }
8080 +
8081 ++ eth_data = eth_hdr(skb);
8082 + hash_start = (char *)eth_data->h_dest;
8083 + hash_size = ETH_ALEN;
8084 + break;
8085 ++ }
8086 + case ETH_P_ARP:
8087 + do_tx_balance = false;
8088 + if (bond_info->rlb_enabled)
8089 +diff --git a/drivers/net/dsa/b53/b53_common.c b/drivers/net/dsa/b53/b53_common.c
8090 +index edacacfc9365..6a1ff4d43e3a 100644
8091 +--- a/drivers/net/dsa/b53/b53_common.c
8092 ++++ b/drivers/net/dsa/b53/b53_common.c
8093 +@@ -680,7 +680,7 @@ int b53_configure_vlan(struct dsa_switch *ds)
8094 + b53_do_vlan_op(dev, VTA_CMD_CLEAR);
8095 + }
8096 +
8097 +- b53_enable_vlan(dev, false, ds->vlan_filtering);
8098 ++ b53_enable_vlan(dev, dev->vlan_enabled, ds->vlan_filtering);
8099 +
8100 + b53_for_each_port(dev, i)
8101 + b53_write16(dev, B53_VLAN_PAGE,
8102 +diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
8103 +index 3e8635311d0d..d1955543acd1 100644
8104 +--- a/drivers/net/dsa/bcm_sf2.c
8105 ++++ b/drivers/net/dsa/bcm_sf2.c
8106 +@@ -68,7 +68,9 @@ static void bcm_sf2_imp_setup(struct dsa_switch *ds, int port)
8107 +
8108 + /* Force link status for IMP port */
8109 + reg = core_readl(priv, offset);
8110 +- reg |= (MII_SW_OR | LINK_STS | GMII_SPEED_UP_2G);
8111 ++ reg |= (MII_SW_OR | LINK_STS);
8112 ++ if (priv->type == BCM7278_DEVICE_ID)
8113 ++ reg |= GMII_SPEED_UP_2G;
8114 + core_writel(priv, reg, offset);
8115 +
8116 + /* Enable Broadcast, Multicast, Unicast forwarding to IMP port */
8117 +diff --git a/drivers/net/dsa/microchip/ksz9477_spi.c b/drivers/net/dsa/microchip/ksz9477_spi.c
8118 +index c5f64959a184..1142768969c2 100644
8119 +--- a/drivers/net/dsa/microchip/ksz9477_spi.c
8120 ++++ b/drivers/net/dsa/microchip/ksz9477_spi.c
8121 +@@ -101,6 +101,12 @@ static struct spi_driver ksz9477_spi_driver = {
8122 +
8123 + module_spi_driver(ksz9477_spi_driver);
8124 +
8125 ++MODULE_ALIAS("spi:ksz9477");
8126 ++MODULE_ALIAS("spi:ksz9897");
8127 ++MODULE_ALIAS("spi:ksz9893");
8128 ++MODULE_ALIAS("spi:ksz9563");
8129 ++MODULE_ALIAS("spi:ksz8563");
8130 ++MODULE_ALIAS("spi:ksz9567");
8131 + MODULE_AUTHOR("Woojung Huh <Woojung.Huh@×××××××××.com>");
8132 + MODULE_DESCRIPTION("Microchip KSZ9477 Series Switch SPI access Driver");
8133 + MODULE_LICENSE("GPL");
8134 +diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c
8135 +index d6b1a153f9df..c1ae42244f02 100644
8136 +--- a/drivers/net/ethernet/broadcom/bcmsysport.c
8137 ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c
8138 +@@ -2728,6 +2728,9 @@ static int __maybe_unused bcm_sysport_resume(struct device *d)
8139 +
8140 + umac_reset(priv);
8141 +
8142 ++ /* Disable the UniMAC RX/TX */
8143 ++ umac_enable_set(priv, CMD_RX_EN | CMD_TX_EN, 0);
8144 ++
8145 + /* We may have been suspended and never received a WOL event that
8146 + * would turn off MPD detection, take care of that now
8147 + */
8148 +diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
8149 +index e6f18f6070ef..01b603c5e76a 100644
8150 +--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
8151 ++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
8152 +@@ -7892,7 +7892,7 @@ static void bnxt_setup_msix(struct bnxt *bp)
8153 + int tcs, i;
8154 +
8155 + tcs = netdev_get_num_tc(dev);
8156 +- if (tcs > 1) {
8157 ++ if (tcs) {
8158 + int i, off, count;
8159 +
8160 + for (i = 0; i < tcs; i++) {
8161 +@@ -9240,6 +9240,17 @@ void bnxt_half_close_nic(struct bnxt *bp)
8162 + bnxt_free_mem(bp, false);
8163 + }
8164 +
8165 ++static void bnxt_reenable_sriov(struct bnxt *bp)
8166 ++{
8167 ++ if (BNXT_PF(bp)) {
8168 ++ struct bnxt_pf_info *pf = &bp->pf;
8169 ++ int n = pf->active_vfs;
8170 ++
8171 ++ if (n)
8172 ++ bnxt_cfg_hw_sriov(bp, &n, true);
8173 ++ }
8174 ++}
8175 ++
8176 + static int bnxt_open(struct net_device *dev)
8177 + {
8178 + struct bnxt *bp = netdev_priv(dev);
8179 +@@ -9258,15 +9269,10 @@ static int bnxt_open(struct net_device *dev)
8180 + bnxt_hwrm_if_change(bp, false);
8181 + } else {
8182 + if (test_and_clear_bit(BNXT_STATE_FW_RESET_DET, &bp->state)) {
8183 +- if (BNXT_PF(bp)) {
8184 +- struct bnxt_pf_info *pf = &bp->pf;
8185 +- int n = pf->active_vfs;
8186 +-
8187 +- if (n)
8188 +- bnxt_cfg_hw_sriov(bp, &n, true);
8189 +- }
8190 +- if (!test_bit(BNXT_STATE_IN_FW_RESET, &bp->state))
8191 ++ if (!test_bit(BNXT_STATE_IN_FW_RESET, &bp->state)) {
8192 + bnxt_ulp_start(bp, 0);
8193 ++ bnxt_reenable_sriov(bp);
8194 ++ }
8195 + }
8196 + bnxt_hwmon_open(bp);
8197 + }
8198 +@@ -9306,10 +9312,6 @@ static void __bnxt_close_nic(struct bnxt *bp, bool irq_re_init,
8199 + bnxt_debug_dev_exit(bp);
8200 + bnxt_disable_napi(bp);
8201 + del_timer_sync(&bp->timer);
8202 +- if (test_bit(BNXT_STATE_IN_FW_RESET, &bp->state) &&
8203 +- pci_is_enabled(bp->pdev))
8204 +- pci_disable_device(bp->pdev);
8205 +-
8206 + bnxt_free_skbs(bp);
8207 +
8208 + /* Save ring stats before shutdown */
8209 +@@ -10087,9 +10089,16 @@ static void bnxt_reset(struct bnxt *bp, bool silent)
8210 + static void bnxt_fw_reset_close(struct bnxt *bp)
8211 + {
8212 + bnxt_ulp_stop(bp);
8213 ++ /* When firmware is fatal state, disable PCI device to prevent
8214 ++ * any potential bad DMAs before freeing kernel memory.
8215 ++ */
8216 ++ if (test_bit(BNXT_STATE_FW_FATAL_COND, &bp->state))
8217 ++ pci_disable_device(bp->pdev);
8218 + __bnxt_close_nic(bp, true, false);
8219 + bnxt_clear_int_mode(bp);
8220 + bnxt_hwrm_func_drv_unrgtr(bp);
8221 ++ if (pci_is_enabled(bp->pdev))
8222 ++ pci_disable_device(bp->pdev);
8223 + bnxt_free_ctx_mem(bp);
8224 + kfree(bp->ctx);
8225 + bp->ctx = NULL;
8226 +@@ -10822,6 +10831,8 @@ static void bnxt_fw_reset_task(struct work_struct *work)
8227 + smp_mb__before_atomic();
8228 + clear_bit(BNXT_STATE_IN_FW_RESET, &bp->state);
8229 + bnxt_ulp_start(bp, rc);
8230 ++ if (!rc)
8231 ++ bnxt_reenable_sriov(bp);
8232 + bnxt_dl_health_status_update(bp, true);
8233 + rtnl_unlock();
8234 + break;
8235 +@@ -11433,9 +11444,9 @@ static void bnxt_remove_one(struct pci_dev *pdev)
8236 + bnxt_sriov_disable(bp);
8237 +
8238 + bnxt_dl_fw_reporters_destroy(bp, true);
8239 +- bnxt_dl_unregister(bp);
8240 + pci_disable_pcie_error_reporting(pdev);
8241 + unregister_netdev(dev);
8242 ++ bnxt_dl_unregister(bp);
8243 + bnxt_shutdown_tc(bp);
8244 + bnxt_cancel_sp_work(bp);
8245 + bp->sp_event = 0;
8246 +@@ -11905,11 +11916,14 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
8247 + bnxt_init_tc(bp);
8248 + }
8249 +
8250 ++ bnxt_dl_register(bp);
8251 ++
8252 + rc = register_netdev(dev);
8253 + if (rc)
8254 +- goto init_err_cleanup_tc;
8255 ++ goto init_err_cleanup;
8256 +
8257 +- bnxt_dl_register(bp);
8258 ++ if (BNXT_PF(bp))
8259 ++ devlink_port_type_eth_set(&bp->dl_port, bp->dev);
8260 + bnxt_dl_fw_reporters_create(bp);
8261 +
8262 + netdev_info(dev, "%s found at mem %lx, node addr %pM\n",
8263 +@@ -11919,7 +11933,8 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
8264 +
8265 + return 0;
8266 +
8267 +-init_err_cleanup_tc:
8268 ++init_err_cleanup:
8269 ++ bnxt_dl_unregister(bp);
8270 + bnxt_shutdown_tc(bp);
8271 + bnxt_clear_int_mode(bp);
8272 +
8273 +diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c
8274 +index 3eedd4477218..8fcaa2398344 100644
8275 +--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c
8276 ++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c
8277 +@@ -526,7 +526,6 @@ int bnxt_dl_register(struct bnxt *bp)
8278 + netdev_err(bp->dev, "devlink_port_register failed");
8279 + goto err_dl_param_unreg;
8280 + }
8281 +- devlink_port_type_eth_set(&bp->dl_port, bp->dev);
8282 +
8283 + rc = devlink_port_params_register(&bp->dl_port, bnxt_dl_port_params,
8284 + ARRAY_SIZE(bnxt_dl_port_params));
8285 +diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c
8286 +index f7d87c71aaa9..71bb0d56533a 100644
8287 +--- a/drivers/net/ethernet/cadence/macb_main.c
8288 ++++ b/drivers/net/ethernet/cadence/macb_main.c
8289 +@@ -73,7 +73,11 @@ struct sifive_fu540_macb_mgmt {
8290 + /* Max length of transmit frame must be a multiple of 8 bytes */
8291 + #define MACB_TX_LEN_ALIGN 8
8292 + #define MACB_MAX_TX_LEN ((unsigned int)((1 << MACB_TX_FRMLEN_SIZE) - 1) & ~((unsigned int)(MACB_TX_LEN_ALIGN - 1)))
8293 +-#define GEM_MAX_TX_LEN ((unsigned int)((1 << GEM_TX_FRMLEN_SIZE) - 1) & ~((unsigned int)(MACB_TX_LEN_ALIGN - 1)))
8294 ++/* Limit maximum TX length as per Cadence TSO errata. This is to avoid a
8295 ++ * false amba_error in TX path from the DMA assuming there is not enough
8296 ++ * space in the SRAM (16KB) even when there is.
8297 ++ */
8298 ++#define GEM_MAX_TX_LEN (unsigned int)(0x3FC0)
8299 +
8300 + #define GEM_MTU_MIN_SIZE ETH_MIN_MTU
8301 + #define MACB_NETIF_LSO NETIF_F_TSO
8302 +@@ -1752,16 +1756,14 @@ static netdev_features_t macb_features_check(struct sk_buff *skb,
8303 +
8304 + /* Validate LSO compatibility */
8305 +
8306 +- /* there is only one buffer */
8307 +- if (!skb_is_nonlinear(skb))
8308 ++ /* there is only one buffer or protocol is not UDP */
8309 ++ if (!skb_is_nonlinear(skb) || (ip_hdr(skb)->protocol != IPPROTO_UDP))
8310 + return features;
8311 +
8312 + /* length of header */
8313 + hdrlen = skb_transport_offset(skb);
8314 +- if (ip_hdr(skb)->protocol == IPPROTO_TCP)
8315 +- hdrlen += tcp_hdrlen(skb);
8316 +
8317 +- /* For LSO:
8318 ++ /* For UFO only:
8319 + * When software supplies two or more payload buffers all payload buffers
8320 + * apart from the last must be a multiple of 8 bytes in size.
8321 + */
8322 +diff --git a/drivers/net/ethernet/dec/tulip/dmfe.c b/drivers/net/ethernet/dec/tulip/dmfe.c
8323 +index 0efdbd1a4a6f..32d470d4122a 100644
8324 +--- a/drivers/net/ethernet/dec/tulip/dmfe.c
8325 ++++ b/drivers/net/ethernet/dec/tulip/dmfe.c
8326 +@@ -2214,15 +2214,16 @@ static int __init dmfe_init_module(void)
8327 + if (cr6set)
8328 + dmfe_cr6_user_set = cr6set;
8329 +
8330 +- switch(mode) {
8331 +- case DMFE_10MHF:
8332 ++ switch (mode) {
8333 ++ case DMFE_10MHF:
8334 + case DMFE_100MHF:
8335 + case DMFE_10MFD:
8336 + case DMFE_100MFD:
8337 + case DMFE_1M_HPNA:
8338 + dmfe_media_mode = mode;
8339 + break;
8340 +- default:dmfe_media_mode = DMFE_AUTO;
8341 ++ default:
8342 ++ dmfe_media_mode = DMFE_AUTO;
8343 + break;
8344 + }
8345 +
8346 +diff --git a/drivers/net/ethernet/dec/tulip/uli526x.c b/drivers/net/ethernet/dec/tulip/uli526x.c
8347 +index b1f30b194300..117ffe08800d 100644
8348 +--- a/drivers/net/ethernet/dec/tulip/uli526x.c
8349 ++++ b/drivers/net/ethernet/dec/tulip/uli526x.c
8350 +@@ -1809,8 +1809,8 @@ static int __init uli526x_init_module(void)
8351 + if (cr6set)
8352 + uli526x_cr6_user_set = cr6set;
8353 +
8354 +- switch (mode) {
8355 +- case ULI526X_10MHF:
8356 ++ switch (mode) {
8357 ++ case ULI526X_10MHF:
8358 + case ULI526X_100MHF:
8359 + case ULI526X_10MFD:
8360 + case ULI526X_100MFD:
8361 +diff --git a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
8362 +index a301f0095223..f827daf09b72 100644
8363 +--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
8364 ++++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
8365 +@@ -2453,6 +2453,9 @@ static void dpaa_adjust_link(struct net_device *net_dev)
8366 + mac_dev->adjust_link(mac_dev);
8367 + }
8368 +
8369 ++/* The Aquantia PHYs are capable of performing rate adaptation */
8370 ++#define PHY_VEND_AQUANTIA 0x03a1b400
8371 ++
8372 + static int dpaa_phy_init(struct net_device *net_dev)
8373 + {
8374 + __ETHTOOL_DECLARE_LINK_MODE_MASK(mask) = { 0, };
8375 +@@ -2471,9 +2474,14 @@ static int dpaa_phy_init(struct net_device *net_dev)
8376 + return -ENODEV;
8377 + }
8378 +
8379 +- /* Remove any features not supported by the controller */
8380 +- ethtool_convert_legacy_u32_to_link_mode(mask, mac_dev->if_support);
8381 +- linkmode_and(phy_dev->supported, phy_dev->supported, mask);
8382 ++ /* Unless the PHY is capable of rate adaptation */
8383 ++ if (mac_dev->phy_if != PHY_INTERFACE_MODE_XGMII ||
8384 ++ ((phy_dev->drv->phy_id & GENMASK(31, 10)) != PHY_VEND_AQUANTIA)) {
8385 ++ /* remove any features not supported by the controller */
8386 ++ ethtool_convert_legacy_u32_to_link_mode(mask,
8387 ++ mac_dev->if_support);
8388 ++ linkmode_and(phy_dev->supported, phy_dev->supported, mask);
8389 ++ }
8390 +
8391 + phy_support_asym_pause(phy_dev);
8392 +
8393 +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
8394 +index 8bad5b864682..e540f78e38a3 100644
8395 +--- a/drivers/net/ethernet/marvell/mvneta.c
8396 ++++ b/drivers/net/ethernet/marvell/mvneta.c
8397 +@@ -324,8 +324,7 @@
8398 + ETH_HLEN + ETH_FCS_LEN, \
8399 + cache_line_size())
8400 +
8401 +-#define MVNETA_SKB_HEADROOM (max(XDP_PACKET_HEADROOM, NET_SKB_PAD) + \
8402 +- NET_IP_ALIGN)
8403 ++#define MVNETA_SKB_HEADROOM max(XDP_PACKET_HEADROOM, NET_SKB_PAD)
8404 + #define MVNETA_SKB_PAD (SKB_DATA_ALIGN(sizeof(struct skb_shared_info) + \
8405 + MVNETA_SKB_HEADROOM))
8406 + #define MVNETA_SKB_SIZE(len) (SKB_DATA_ALIGN(len) + MVNETA_SKB_PAD)
8407 +@@ -402,6 +401,8 @@ struct mvneta_pcpu_stats {
8408 + struct u64_stats_sync syncp;
8409 + u64 rx_packets;
8410 + u64 rx_bytes;
8411 ++ u64 rx_dropped;
8412 ++ u64 rx_errors;
8413 + u64 tx_packets;
8414 + u64 tx_bytes;
8415 + };
8416 +@@ -739,6 +740,8 @@ mvneta_get_stats64(struct net_device *dev,
8417 + struct mvneta_pcpu_stats *cpu_stats;
8418 + u64 rx_packets;
8419 + u64 rx_bytes;
8420 ++ u64 rx_dropped;
8421 ++ u64 rx_errors;
8422 + u64 tx_packets;
8423 + u64 tx_bytes;
8424 +
8425 +@@ -747,19 +750,20 @@ mvneta_get_stats64(struct net_device *dev,
8426 + start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
8427 + rx_packets = cpu_stats->rx_packets;
8428 + rx_bytes = cpu_stats->rx_bytes;
8429 ++ rx_dropped = cpu_stats->rx_dropped;
8430 ++ rx_errors = cpu_stats->rx_errors;
8431 + tx_packets = cpu_stats->tx_packets;
8432 + tx_bytes = cpu_stats->tx_bytes;
8433 + } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
8434 +
8435 + stats->rx_packets += rx_packets;
8436 + stats->rx_bytes += rx_bytes;
8437 ++ stats->rx_dropped += rx_dropped;
8438 ++ stats->rx_errors += rx_errors;
8439 + stats->tx_packets += tx_packets;
8440 + stats->tx_bytes += tx_bytes;
8441 + }
8442 +
8443 +- stats->rx_errors = dev->stats.rx_errors;
8444 +- stats->rx_dropped = dev->stats.rx_dropped;
8445 +-
8446 + stats->tx_dropped = dev->stats.tx_dropped;
8447 + }
8448 +
8449 +@@ -1167,6 +1171,7 @@ bm_mtu_err:
8450 + mvneta_bm_pool_destroy(pp->bm_priv, pp->pool_short, 1 << pp->id);
8451 +
8452 + pp->bm_priv = NULL;
8453 ++ pp->rx_offset_correction = MVNETA_SKB_HEADROOM;
8454 + mvreg_write(pp, MVNETA_ACC_MODE, MVNETA_ACC_MODE_EXT1);
8455 + netdev_info(pp->dev, "fail to update MTU, fall back to software BM\n");
8456 + }
8457 +@@ -1736,8 +1741,14 @@ static u32 mvneta_txq_desc_csum(int l3_offs, int l3_proto,
8458 + static void mvneta_rx_error(struct mvneta_port *pp,
8459 + struct mvneta_rx_desc *rx_desc)
8460 + {
8461 ++ struct mvneta_pcpu_stats *stats = this_cpu_ptr(pp->stats);
8462 + u32 status = rx_desc->status;
8463 +
8464 ++ /* update per-cpu counter */
8465 ++ u64_stats_update_begin(&stats->syncp);
8466 ++ stats->rx_errors++;
8467 ++ u64_stats_update_end(&stats->syncp);
8468 ++
8469 + switch (status & MVNETA_RXD_ERR_CODE_MASK) {
8470 + case MVNETA_RXD_ERR_CRC:
8471 + netdev_err(pp->dev, "bad rx status %08x (crc error), size=%d\n",
8472 +@@ -2179,11 +2190,15 @@ mvneta_swbm_rx_frame(struct mvneta_port *pp,
8473 +
8474 + rxq->skb = build_skb(xdp->data_hard_start, PAGE_SIZE);
8475 + if (unlikely(!rxq->skb)) {
8476 +- netdev_err(dev,
8477 +- "Can't allocate skb on queue %d\n",
8478 +- rxq->id);
8479 +- dev->stats.rx_dropped++;
8480 ++ struct mvneta_pcpu_stats *stats = this_cpu_ptr(pp->stats);
8481 ++
8482 ++ netdev_err(dev, "Can't allocate skb on queue %d\n", rxq->id);
8483 + rxq->skb_alloc_err++;
8484 ++
8485 ++ u64_stats_update_begin(&stats->syncp);
8486 ++ stats->rx_dropped++;
8487 ++ u64_stats_update_end(&stats->syncp);
8488 ++
8489 + return -ENOMEM;
8490 + }
8491 + page_pool_release_page(rxq->page_pool, page);
8492 +@@ -2270,7 +2285,6 @@ static int mvneta_rx_swbm(struct napi_struct *napi,
8493 + /* Check errors only for FIRST descriptor */
8494 + if (rx_status & MVNETA_RXD_ERR_SUMMARY) {
8495 + mvneta_rx_error(pp, rx_desc);
8496 +- dev->stats.rx_errors++;
8497 + /* leave the descriptor untouched */
8498 + continue;
8499 + }
8500 +@@ -2372,7 +2386,6 @@ err_drop_frame_ret_pool:
8501 + mvneta_bm_pool_put_bp(pp->bm_priv, bm_pool,
8502 + rx_desc->buf_phys_addr);
8503 + err_drop_frame:
8504 +- dev->stats.rx_errors++;
8505 + mvneta_rx_error(pp, rx_desc);
8506 + /* leave the descriptor untouched */
8507 + continue;
8508 +@@ -4948,7 +4961,6 @@ static int mvneta_probe(struct platform_device *pdev)
8509 + SET_NETDEV_DEV(dev, &pdev->dev);
8510 +
8511 + pp->id = global_port_id++;
8512 +- pp->rx_offset_correction = MVNETA_SKB_HEADROOM;
8513 +
8514 + /* Obtain access to BM resources if enabled and already initialized */
8515 + bm_node = of_parse_phandle(dn, "buffer-manager", 0);
8516 +@@ -4973,6 +4985,10 @@ static int mvneta_probe(struct platform_device *pdev)
8517 + }
8518 + of_node_put(bm_node);
8519 +
8520 ++ /* sw buffer management */
8521 ++ if (!pp->bm_priv)
8522 ++ pp->rx_offset_correction = MVNETA_SKB_HEADROOM;
8523 ++
8524 + err = mvneta_init(&pdev->dev, pp);
8525 + if (err < 0)
8526 + goto err_netdev;
8527 +@@ -5130,6 +5146,7 @@ static int mvneta_resume(struct device *device)
8528 + err = mvneta_bm_port_init(pdev, pp);
8529 + if (err < 0) {
8530 + dev_info(&pdev->dev, "use SW buffer management\n");
8531 ++ pp->rx_offset_correction = MVNETA_SKB_HEADROOM;
8532 + pp->bm_priv = NULL;
8533 + }
8534 + }
8535 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h b/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h
8536 +index d787bc0a4155..e09bc3858d57 100644
8537 +--- a/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h
8538 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h
8539 +@@ -45,7 +45,7 @@ void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id);
8540 +
8541 + static inline bool mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev)
8542 + {
8543 +- if (!MLX5_CAP_GEN(mdev, tls))
8544 ++ if (!MLX5_CAP_GEN(mdev, tls_tx))
8545 + return false;
8546 +
8547 + if (!MLX5_CAP_GEN(mdev, log_max_dek))
8548 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
8549 +index 71384ad1a443..ef1ed15a53b4 100644
8550 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
8551 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/tls_rxtx.c
8552 +@@ -269,7 +269,7 @@ struct sk_buff *mlx5e_tls_handle_tx_skb(struct net_device *netdev,
8553 + int datalen;
8554 + u32 skb_seq;
8555 +
8556 +- if (MLX5_CAP_GEN(sq->channel->mdev, tls)) {
8557 ++ if (MLX5_CAP_GEN(sq->channel->mdev, tls_tx)) {
8558 + skb = mlx5e_ktls_handle_tx_skb(netdev, sq, skb, wqe, pi);
8559 + goto out;
8560 + }
8561 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
8562 +index 9e9960146e5b..1c3ab69cbd96 100644
8563 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
8564 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
8565 +@@ -613,13 +613,6 @@ void mlx5e_poll_ico_cq(struct mlx5e_cq *cq)
8566 +
8567 + wqe_counter = be16_to_cpu(cqe->wqe_counter);
8568 +
8569 +- if (unlikely(get_cqe_opcode(cqe) != MLX5_CQE_REQ)) {
8570 +- netdev_WARN_ONCE(cq->channel->netdev,
8571 +- "Bad OP in ICOSQ CQE: 0x%x\n", get_cqe_opcode(cqe));
8572 +- if (!test_and_set_bit(MLX5E_SQ_STATE_RECOVERING, &sq->state))
8573 +- queue_work(cq->channel->priv->wq, &sq->recover_work);
8574 +- break;
8575 +- }
8576 + do {
8577 + struct mlx5e_sq_wqe_info *wi;
8578 + u16 ci;
8579 +@@ -629,6 +622,15 @@ void mlx5e_poll_ico_cq(struct mlx5e_cq *cq)
8580 + ci = mlx5_wq_cyc_ctr2ix(&sq->wq, sqcc);
8581 + wi = &sq->db.ico_wqe[ci];
8582 +
8583 ++ if (last_wqe && unlikely(get_cqe_opcode(cqe) != MLX5_CQE_REQ)) {
8584 ++ netdev_WARN_ONCE(cq->channel->netdev,
8585 ++ "Bad OP in ICOSQ CQE: 0x%x\n",
8586 ++ get_cqe_opcode(cqe));
8587 ++ if (!test_and_set_bit(MLX5E_SQ_STATE_RECOVERING, &sq->state))
8588 ++ queue_work(cq->channel->priv->wq, &sq->recover_work);
8589 ++ break;
8590 ++ }
8591 ++
8592 + if (likely(wi->opcode == MLX5_OPCODE_UMR)) {
8593 + sqcc += MLX5E_UMR_WQEBBS;
8594 + wi->umr.rq->mpwqe.umr_completed++;
8595 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tx.c
8596 +index 2565ba8692d9..ee60383adc5b 100644
8597 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tx.c
8598 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tx.c
8599 +@@ -451,34 +451,17 @@ bool mlx5e_poll_tx_cq(struct mlx5e_cq *cq, int napi_budget)
8600 +
8601 + i = 0;
8602 + do {
8603 ++ struct mlx5e_tx_wqe_info *wi;
8604 + u16 wqe_counter;
8605 + bool last_wqe;
8606 ++ u16 ci;
8607 +
8608 + mlx5_cqwq_pop(&cq->wq);
8609 +
8610 + wqe_counter = be16_to_cpu(cqe->wqe_counter);
8611 +
8612 +- if (unlikely(get_cqe_opcode(cqe) == MLX5_CQE_REQ_ERR)) {
8613 +- if (!test_and_set_bit(MLX5E_SQ_STATE_RECOVERING,
8614 +- &sq->state)) {
8615 +- struct mlx5e_tx_wqe_info *wi;
8616 +- u16 ci;
8617 +-
8618 +- ci = mlx5_wq_cyc_ctr2ix(&sq->wq, sqcc);
8619 +- wi = &sq->db.wqe_info[ci];
8620 +- mlx5e_dump_error_cqe(sq,
8621 +- (struct mlx5_err_cqe *)cqe);
8622 +- mlx5_wq_cyc_wqe_dump(&sq->wq, ci, wi->num_wqebbs);
8623 +- queue_work(cq->channel->priv->wq,
8624 +- &sq->recover_work);
8625 +- }
8626 +- stats->cqe_err++;
8627 +- }
8628 +-
8629 + do {
8630 +- struct mlx5e_tx_wqe_info *wi;
8631 + struct sk_buff *skb;
8632 +- u16 ci;
8633 + int j;
8634 +
8635 + last_wqe = (sqcc == wqe_counter);
8636 +@@ -516,6 +499,18 @@ bool mlx5e_poll_tx_cq(struct mlx5e_cq *cq, int napi_budget)
8637 + napi_consume_skb(skb, napi_budget);
8638 + } while (!last_wqe);
8639 +
8640 ++ if (unlikely(get_cqe_opcode(cqe) == MLX5_CQE_REQ_ERR)) {
8641 ++ if (!test_and_set_bit(MLX5E_SQ_STATE_RECOVERING,
8642 ++ &sq->state)) {
8643 ++ mlx5e_dump_error_cqe(sq,
8644 ++ (struct mlx5_err_cqe *)cqe);
8645 ++ mlx5_wq_cyc_wqe_dump(&sq->wq, ci, wi->num_wqebbs);
8646 ++ queue_work(cq->channel->priv->wq,
8647 ++ &sq->recover_work);
8648 ++ }
8649 ++ stats->cqe_err++;
8650 ++ }
8651 ++
8652 + } while ((++i < MLX5E_TX_CQ_POLL_BUDGET) && (cqe = mlx5_cqwq_get_cqe(&cq->wq)));
8653 +
8654 + stats->cqes += i;
8655 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
8656 +index e4ec0e03c289..4c61d25d2e88 100644
8657 +--- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
8658 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
8659 +@@ -850,6 +850,7 @@ void mlx5_fpga_ipsec_delete_sa_ctx(void *context)
8660 + mutex_lock(&fpga_xfrm->lock);
8661 + if (!--fpga_xfrm->num_rules) {
8662 + mlx5_fpga_ipsec_release_sa_ctx(fpga_xfrm->sa_ctx);
8663 ++ kfree(fpga_xfrm->sa_ctx);
8664 + fpga_xfrm->sa_ctx = NULL;
8665 + }
8666 + mutex_unlock(&fpga_xfrm->lock);
8667 +@@ -1478,7 +1479,7 @@ int mlx5_fpga_esp_modify_xfrm(struct mlx5_accel_esp_xfrm *xfrm,
8668 + if (!memcmp(&xfrm->attrs, attrs, sizeof(xfrm->attrs)))
8669 + return 0;
8670 +
8671 +- if (!mlx5_fpga_esp_validate_xfrm_attrs(mdev, attrs)) {
8672 ++ if (mlx5_fpga_esp_validate_xfrm_attrs(mdev, attrs)) {
8673 + mlx5_core_warn(mdev, "Tried to create an esp with unsupported attrs\n");
8674 + return -EOPNOTSUPP;
8675 + }
8676 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
8677 +index 8c5df6c7d7b6..8af87f922fb6 100644
8678 +--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
8679 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
8680 +@@ -1555,16 +1555,16 @@ struct match_list_head {
8681 + struct match_list first;
8682 + };
8683 +
8684 +-static void free_match_list(struct match_list_head *head)
8685 ++static void free_match_list(struct match_list_head *head, bool ft_locked)
8686 + {
8687 + if (!list_empty(&head->list)) {
8688 + struct match_list *iter, *match_tmp;
8689 +
8690 + list_del(&head->first.list);
8691 +- tree_put_node(&head->first.g->node, false);
8692 ++ tree_put_node(&head->first.g->node, ft_locked);
8693 + list_for_each_entry_safe(iter, match_tmp, &head->list,
8694 + list) {
8695 +- tree_put_node(&iter->g->node, false);
8696 ++ tree_put_node(&iter->g->node, ft_locked);
8697 + list_del(&iter->list);
8698 + kfree(iter);
8699 + }
8700 +@@ -1573,7 +1573,8 @@ static void free_match_list(struct match_list_head *head)
8701 +
8702 + static int build_match_list(struct match_list_head *match_head,
8703 + struct mlx5_flow_table *ft,
8704 +- const struct mlx5_flow_spec *spec)
8705 ++ const struct mlx5_flow_spec *spec,
8706 ++ bool ft_locked)
8707 + {
8708 + struct rhlist_head *tmp, *list;
8709 + struct mlx5_flow_group *g;
8710 +@@ -1598,7 +1599,7 @@ static int build_match_list(struct match_list_head *match_head,
8711 +
8712 + curr_match = kmalloc(sizeof(*curr_match), GFP_ATOMIC);
8713 + if (!curr_match) {
8714 +- free_match_list(match_head);
8715 ++ free_match_list(match_head, ft_locked);
8716 + err = -ENOMEM;
8717 + goto out;
8718 + }
8719 +@@ -1778,7 +1779,7 @@ search_again_locked:
8720 + version = atomic_read(&ft->node.version);
8721 +
8722 + /* Collect all fgs which has a matching match_criteria */
8723 +- err = build_match_list(&match_head, ft, spec);
8724 ++ err = build_match_list(&match_head, ft, spec, take_write);
8725 + if (err) {
8726 + if (take_write)
8727 + up_write_ref_node(&ft->node, false);
8728 +@@ -1792,7 +1793,7 @@ search_again_locked:
8729 +
8730 + rule = try_add_to_existing_fg(ft, &match_head.list, spec, flow_act, dest,
8731 + dest_num, version);
8732 +- free_match_list(&match_head);
8733 ++ free_match_list(&match_head, take_write);
8734 + if (!IS_ERR(rule) ||
8735 + (PTR_ERR(rule) != -ENOENT && PTR_ERR(rule) != -EAGAIN)) {
8736 + if (take_write)
8737 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fw.c b/drivers/net/ethernet/mellanox/mlx5/core/fw.c
8738 +index a19790dee7b2..13e86f0b42f5 100644
8739 +--- a/drivers/net/ethernet/mellanox/mlx5/core/fw.c
8740 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/fw.c
8741 +@@ -239,7 +239,7 @@ int mlx5_query_hca_caps(struct mlx5_core_dev *dev)
8742 + return err;
8743 + }
8744 +
8745 +- if (MLX5_CAP_GEN(dev, tls)) {
8746 ++ if (MLX5_CAP_GEN(dev, tls_tx)) {
8747 + err = mlx5_core_get_caps(dev, MLX5_CAP_TLS);
8748 + if (err)
8749 + return err;
8750 +diff --git a/drivers/net/ethernet/pensando/ionic/ionic_if.h b/drivers/net/ethernet/pensando/ionic/ionic_if.h
8751 +index 39317cdfa6cf..ed23a05f2642 100644
8752 +--- a/drivers/net/ethernet/pensando/ionic/ionic_if.h
8753 ++++ b/drivers/net/ethernet/pensando/ionic/ionic_if.h
8754 +@@ -862,7 +862,7 @@ struct ionic_rxq_comp {
8755 + #define IONIC_RXQ_COMP_CSUM_F_VLAN 0x40
8756 + #define IONIC_RXQ_COMP_CSUM_F_CALC 0x80
8757 + u8 pkt_type_color;
8758 +-#define IONIC_RXQ_COMP_PKT_TYPE_MASK 0x0f
8759 ++#define IONIC_RXQ_COMP_PKT_TYPE_MASK 0x7f
8760 + };
8761 +
8762 + enum ionic_pkt_type {
8763 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_ptp.c b/drivers/net/ethernet/qlogic/qed/qed_ptp.c
8764 +index 0dacf2c18c09..3e613058e225 100644
8765 +--- a/drivers/net/ethernet/qlogic/qed/qed_ptp.c
8766 ++++ b/drivers/net/ethernet/qlogic/qed/qed_ptp.c
8767 +@@ -44,8 +44,8 @@
8768 + /* Add/subtract the Adjustment_Value when making a Drift adjustment */
8769 + #define QED_DRIFT_CNTR_DIRECTION_SHIFT 31
8770 + #define QED_TIMESTAMP_MASK BIT(16)
8771 +-/* Param mask for Hardware to detect/timestamp the unicast PTP packets */
8772 +-#define QED_PTP_UCAST_PARAM_MASK 0xF
8773 ++/* Param mask for Hardware to detect/timestamp the L2/L4 unicast PTP packets */
8774 ++#define QED_PTP_UCAST_PARAM_MASK 0x70F
8775 +
8776 + static enum qed_resc_lock qed_ptcdev_to_resc(struct qed_hwfn *p_hwfn)
8777 + {
8778 +diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c
8779 +index 67a4d5d45e3a..92a590154bb9 100644
8780 +--- a/drivers/net/ethernet/realtek/r8169_main.c
8781 ++++ b/drivers/net/ethernet/realtek/r8169_main.c
8782 +@@ -3865,15 +3865,18 @@ static void rtl_hw_jumbo_enable(struct rtl8169_private *tp)
8783 + switch (tp->mac_version) {
8784 + case RTL_GIGA_MAC_VER_12:
8785 + case RTL_GIGA_MAC_VER_17:
8786 ++ pcie_set_readrq(tp->pci_dev, 512);
8787 + r8168b_1_hw_jumbo_enable(tp);
8788 + break;
8789 + case RTL_GIGA_MAC_VER_18 ... RTL_GIGA_MAC_VER_26:
8790 ++ pcie_set_readrq(tp->pci_dev, 512);
8791 + r8168c_hw_jumbo_enable(tp);
8792 + break;
8793 + case RTL_GIGA_MAC_VER_27 ... RTL_GIGA_MAC_VER_28:
8794 + r8168dp_hw_jumbo_enable(tp);
8795 + break;
8796 + case RTL_GIGA_MAC_VER_31 ... RTL_GIGA_MAC_VER_33:
8797 ++ pcie_set_readrq(tp->pci_dev, 512);
8798 + r8168e_hw_jumbo_enable(tp);
8799 + break;
8800 + default:
8801 +@@ -3903,6 +3906,9 @@ static void rtl_hw_jumbo_disable(struct rtl8169_private *tp)
8802 + break;
8803 + }
8804 + rtl_lock_config_regs(tp);
8805 ++
8806 ++ if (pci_is_pcie(tp->pci_dev) && tp->supports_gmii)
8807 ++ pcie_set_readrq(tp->pci_dev, 4096);
8808 + }
8809 +
8810 + static void rtl_jumbo_config(struct rtl8169_private *tp, int mtu)
8811 +diff --git a/drivers/net/ethernet/smsc/smc911x.c b/drivers/net/ethernet/smsc/smc911x.c
8812 +index 8d88e4083456..7b65e79d6ae9 100644
8813 +--- a/drivers/net/ethernet/smsc/smc911x.c
8814 ++++ b/drivers/net/ethernet/smsc/smc911x.c
8815 +@@ -936,7 +936,7 @@ static void smc911x_phy_configure(struct work_struct *work)
8816 + if (lp->ctl_rspeed != 100)
8817 + my_ad_caps &= ~(ADVERTISE_100BASE4|ADVERTISE_100FULL|ADVERTISE_100HALF);
8818 +
8819 +- if (!lp->ctl_rfduplx)
8820 ++ if (!lp->ctl_rfduplx)
8821 + my_ad_caps &= ~(ADVERTISE_100FULL|ADVERTISE_10FULL);
8822 +
8823 + /* Update our Auto-Neg Advertisement Register */
8824 +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
8825 +index 7ec895407d23..e0a5fe83d8e0 100644
8826 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
8827 ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
8828 +@@ -413,6 +413,7 @@ static int ethqos_configure(struct qcom_ethqos *ethqos)
8829 + dll_lock = rgmii_readl(ethqos, SDC4_STATUS);
8830 + if (dll_lock & SDC4_STATUS_DLL_LOCK)
8831 + break;
8832 ++ retry--;
8833 + } while (retry > 0);
8834 + if (!retry)
8835 + dev_err(&ethqos->pdev->dev,
8836 +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c
8837 +index 40ca00e596dd..53be936137d0 100644
8838 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c
8839 ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c
8840 +@@ -420,7 +420,7 @@ static void dwmac4_set_filter(struct mac_device_info *hw,
8841 + value |= GMAC_PACKET_FILTER_PM;
8842 + /* Set all the bits of the HASH tab */
8843 + memset(mc_filter, 0xff, sizeof(mc_filter));
8844 +- } else if (!netdev_mc_empty(dev)) {
8845 ++ } else if (!netdev_mc_empty(dev) && (dev->flags & IFF_MULTICAST)) {
8846 + struct netdev_hw_addr *ha;
8847 +
8848 + /* Hash filter for multicast */
8849 +@@ -736,11 +736,14 @@ static void dwmac4_update_vlan_hash(struct mac_device_info *hw, u32 hash,
8850 + __le16 perfect_match, bool is_double)
8851 + {
8852 + void __iomem *ioaddr = hw->pcsr;
8853 ++ u32 value;
8854 +
8855 + writel(hash, ioaddr + GMAC_VLAN_HASH_TABLE);
8856 +
8857 ++ value = readl(ioaddr + GMAC_VLAN_TAG);
8858 ++
8859 + if (hash) {
8860 +- u32 value = GMAC_VLAN_VTHM | GMAC_VLAN_ETV;
8861 ++ value |= GMAC_VLAN_VTHM | GMAC_VLAN_ETV;
8862 + if (is_double) {
8863 + value |= GMAC_VLAN_EDVLP;
8864 + value |= GMAC_VLAN_ESVL;
8865 +@@ -759,8 +762,6 @@ static void dwmac4_update_vlan_hash(struct mac_device_info *hw, u32 hash,
8866 +
8867 + writel(value | perfect_match, ioaddr + GMAC_VLAN_TAG);
8868 + } else {
8869 +- u32 value = readl(ioaddr + GMAC_VLAN_TAG);
8870 +-
8871 + value &= ~(GMAC_VLAN_VTHM | GMAC_VLAN_ETV);
8872 + value &= ~(GMAC_VLAN_EDVLP | GMAC_VLAN_ESVL);
8873 + value &= ~GMAC_VLAN_DOVLTC;
8874 +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c
8875 +index 082f5ee9e525..e9bf54a579df 100644
8876 +--- a/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c
8877 ++++ b/drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c
8878 +@@ -458,7 +458,7 @@ static void dwxgmac2_set_filter(struct mac_device_info *hw,
8879 +
8880 + for (i = 0; i < XGMAC_MAX_HASH_TABLE; i++)
8881 + writel(~0x0, ioaddr + XGMAC_HASH_TABLE(i));
8882 +- } else if (!netdev_mc_empty(dev)) {
8883 ++ } else if (!netdev_mc_empty(dev) && (dev->flags & IFF_MULTICAST)) {
8884 + struct netdev_hw_addr *ha;
8885 +
8886 + value |= XGMAC_FILTER_HMC;
8887 +@@ -569,7 +569,9 @@ static void dwxgmac2_update_vlan_hash(struct mac_device_info *hw, u32 hash,
8888 +
8889 + writel(value, ioaddr + XGMAC_PACKET_FILTER);
8890 +
8891 +- value = XGMAC_VLAN_VTHM | XGMAC_VLAN_ETV;
8892 ++ value = readl(ioaddr + XGMAC_VLAN_TAG);
8893 ++
8894 ++ value |= XGMAC_VLAN_VTHM | XGMAC_VLAN_ETV;
8895 + if (is_double) {
8896 + value |= XGMAC_VLAN_EDVLP;
8897 + value |= XGMAC_VLAN_ESVL;
8898 +@@ -584,7 +586,9 @@ static void dwxgmac2_update_vlan_hash(struct mac_device_info *hw, u32 hash,
8899 +
8900 + writel(value, ioaddr + XGMAC_PACKET_FILTER);
8901 +
8902 +- value = XGMAC_VLAN_ETV;
8903 ++ value = readl(ioaddr + XGMAC_VLAN_TAG);
8904 ++
8905 ++ value |= XGMAC_VLAN_ETV;
8906 + if (is_double) {
8907 + value |= XGMAC_VLAN_EDVLP;
8908 + value |= XGMAC_VLAN_ESVL;
8909 +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
8910 +index 80d59b775907..6bc1bdb137ae 100644
8911 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
8912 ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
8913 +@@ -4860,6 +4860,7 @@ int stmmac_suspend(struct device *dev)
8914 + {
8915 + struct net_device *ndev = dev_get_drvdata(dev);
8916 + struct stmmac_priv *priv = netdev_priv(ndev);
8917 ++ u32 chan;
8918 +
8919 + if (!ndev || !netif_running(ndev))
8920 + return 0;
8921 +@@ -4873,6 +4874,9 @@ int stmmac_suspend(struct device *dev)
8922 +
8923 + stmmac_disable_all_queues(priv);
8924 +
8925 ++ for (chan = 0; chan < priv->plat->tx_queues_to_use; chan++)
8926 ++ del_timer_sync(&priv->tx_queue[chan].txtimer);
8927 ++
8928 + /* Stop TX/RX DMA */
8929 + stmmac_stop_all_dma(priv);
8930 +
8931 +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
8932 +index 8237dbc3e991..d2bc04dedd7c 100644
8933 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
8934 ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
8935 +@@ -96,7 +96,7 @@ static int stmmac_default_data(struct pci_dev *pdev,
8936 +
8937 + plat->bus_id = 1;
8938 + plat->phy_addr = 0;
8939 +- plat->interface = PHY_INTERFACE_MODE_GMII;
8940 ++ plat->phy_interface = PHY_INTERFACE_MODE_GMII;
8941 +
8942 + plat->dma_cfg->pbl = 32;
8943 + plat->dma_cfg->pblx8 = true;
8944 +@@ -220,7 +220,8 @@ static int ehl_sgmii_data(struct pci_dev *pdev,
8945 + {
8946 + plat->bus_id = 1;
8947 + plat->phy_addr = 0;
8948 +- plat->interface = PHY_INTERFACE_MODE_SGMII;
8949 ++ plat->phy_interface = PHY_INTERFACE_MODE_SGMII;
8950 ++
8951 + return ehl_common_data(pdev, plat);
8952 + }
8953 +
8954 +@@ -233,7 +234,8 @@ static int ehl_rgmii_data(struct pci_dev *pdev,
8955 + {
8956 + plat->bus_id = 1;
8957 + plat->phy_addr = 0;
8958 +- plat->interface = PHY_INTERFACE_MODE_RGMII;
8959 ++ plat->phy_interface = PHY_INTERFACE_MODE_RGMII;
8960 ++
8961 + return ehl_common_data(pdev, plat);
8962 + }
8963 +
8964 +@@ -261,7 +263,7 @@ static int tgl_sgmii_data(struct pci_dev *pdev,
8965 + {
8966 + plat->bus_id = 1;
8967 + plat->phy_addr = 0;
8968 +- plat->interface = PHY_INTERFACE_MODE_SGMII;
8969 ++ plat->phy_interface = PHY_INTERFACE_MODE_SGMII;
8970 + return tgl_common_data(pdev, plat);
8971 + }
8972 +
8973 +@@ -361,7 +363,7 @@ static int quark_default_data(struct pci_dev *pdev,
8974 +
8975 + plat->bus_id = pci_dev_id(pdev);
8976 + plat->phy_addr = ret;
8977 +- plat->interface = PHY_INTERFACE_MODE_RMII;
8978 ++ plat->phy_interface = PHY_INTERFACE_MODE_RMII;
8979 +
8980 + plat->dma_cfg->pbl = 16;
8981 + plat->dma_cfg->pblx8 = true;
8982 +@@ -418,7 +420,7 @@ static int snps_gmac5_default_data(struct pci_dev *pdev,
8983 +
8984 + plat->bus_id = 1;
8985 + plat->phy_addr = -1;
8986 +- plat->interface = PHY_INTERFACE_MODE_GMII;
8987 ++ plat->phy_interface = PHY_INTERFACE_MODE_GMII;
8988 +
8989 + plat->dma_cfg->pbl = 32;
8990 + plat->dma_cfg->pblx8 = true;
8991 +diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
8992 +index 9b3ba98726d7..3a53d222bfcc 100644
8993 +--- a/drivers/net/gtp.c
8994 ++++ b/drivers/net/gtp.c
8995 +@@ -767,12 +767,12 @@ static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize)
8996 + int i;
8997 +
8998 + gtp->addr_hash = kmalloc_array(hsize, sizeof(struct hlist_head),
8999 +- GFP_KERNEL);
9000 ++ GFP_KERNEL | __GFP_NOWARN);
9001 + if (gtp->addr_hash == NULL)
9002 + return -ENOMEM;
9003 +
9004 + gtp->tid_hash = kmalloc_array(hsize, sizeof(struct hlist_head),
9005 +- GFP_KERNEL);
9006 ++ GFP_KERNEL | __GFP_NOWARN);
9007 + if (gtp->tid_hash == NULL)
9008 + goto err1;
9009 +
9010 +diff --git a/drivers/net/netdevsim/dev.c b/drivers/net/netdevsim/dev.c
9011 +index 4b39aba2e9c4..2a945b3c7c76 100644
9012 +--- a/drivers/net/netdevsim/dev.c
9013 ++++ b/drivers/net/netdevsim/dev.c
9014 +@@ -73,7 +73,7 @@ static const struct file_operations nsim_dev_take_snapshot_fops = {
9015 +
9016 + static int nsim_dev_debugfs_init(struct nsim_dev *nsim_dev)
9017 + {
9018 +- char dev_ddir_name[16];
9019 ++ char dev_ddir_name[sizeof(DRV_NAME) + 10];
9020 +
9021 + sprintf(dev_ddir_name, DRV_NAME "%u", nsim_dev->nsim_bus_dev->dev.id);
9022 + nsim_dev->ddir = debugfs_create_dir(dev_ddir_name, nsim_dev_ddir);
9023 +diff --git a/drivers/net/phy/at803x.c b/drivers/net/phy/at803x.c
9024 +index aee62610bade..481cf48c9b9e 100644
9025 +--- a/drivers/net/phy/at803x.c
9026 ++++ b/drivers/net/phy/at803x.c
9027 +@@ -489,6 +489,14 @@ static int at803x_probe(struct phy_device *phydev)
9028 + return at803x_parse_dt(phydev);
9029 + }
9030 +
9031 ++static void at803x_remove(struct phy_device *phydev)
9032 ++{
9033 ++ struct at803x_priv *priv = phydev->priv;
9034 ++
9035 ++ if (priv->vddio)
9036 ++ regulator_disable(priv->vddio);
9037 ++}
9038 ++
9039 + static int at803x_clk_out_config(struct phy_device *phydev)
9040 + {
9041 + struct at803x_priv *priv = phydev->priv;
9042 +@@ -711,6 +719,7 @@ static struct phy_driver at803x_driver[] = {
9043 + .name = "Qualcomm Atheros AR8035",
9044 + .phy_id_mask = AT803X_PHY_ID_MASK,
9045 + .probe = at803x_probe,
9046 ++ .remove = at803x_remove,
9047 + .config_init = at803x_config_init,
9048 + .set_wol = at803x_set_wol,
9049 + .get_wol = at803x_get_wol,
9050 +@@ -726,6 +735,7 @@ static struct phy_driver at803x_driver[] = {
9051 + .name = "Qualcomm Atheros AR8030",
9052 + .phy_id_mask = AT803X_PHY_ID_MASK,
9053 + .probe = at803x_probe,
9054 ++ .remove = at803x_remove,
9055 + .config_init = at803x_config_init,
9056 + .link_change_notify = at803x_link_change_notify,
9057 + .set_wol = at803x_set_wol,
9058 +@@ -741,6 +751,7 @@ static struct phy_driver at803x_driver[] = {
9059 + .name = "Qualcomm Atheros AR8031/AR8033",
9060 + .phy_id_mask = AT803X_PHY_ID_MASK,
9061 + .probe = at803x_probe,
9062 ++ .remove = at803x_remove,
9063 + .config_init = at803x_config_init,
9064 + .set_wol = at803x_set_wol,
9065 + .get_wol = at803x_get_wol,
9066 +diff --git a/drivers/net/ppp/ppp_async.c b/drivers/net/ppp/ppp_async.c
9067 +index a7b9cf3269bf..29a0917a81e6 100644
9068 +--- a/drivers/net/ppp/ppp_async.c
9069 ++++ b/drivers/net/ppp/ppp_async.c
9070 +@@ -874,15 +874,15 @@ ppp_async_input(struct asyncppp *ap, const unsigned char *buf,
9071 + skb = dev_alloc_skb(ap->mru + PPP_HDRLEN + 2);
9072 + if (!skb)
9073 + goto nomem;
9074 +- ap->rpkt = skb;
9075 +- }
9076 +- if (skb->len == 0) {
9077 +- /* Try to get the payload 4-byte aligned.
9078 +- * This should match the
9079 +- * PPP_ALLSTATIONS/PPP_UI/compressed tests in
9080 +- * process_input_packet, but we do not have
9081 +- * enough chars here to test buf[1] and buf[2].
9082 +- */
9083 ++ ap->rpkt = skb;
9084 ++ }
9085 ++ if (skb->len == 0) {
9086 ++ /* Try to get the payload 4-byte aligned.
9087 ++ * This should match the
9088 ++ * PPP_ALLSTATIONS/PPP_UI/compressed tests in
9089 ++ * process_input_packet, but we do not have
9090 ++ * enough chars here to test buf[1] and buf[2].
9091 ++ */
9092 + if (buf[0] != PPP_ALLSTATIONS)
9093 + skb_reserve(skb, 2 + (buf[0] & 1));
9094 + }
9095 +diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
9096 +index 7cdfde9b3dea..575ed19e9195 100644
9097 +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
9098 ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
9099 +@@ -430,6 +430,7 @@ fail:
9100 + usb_free_urb(req->urb);
9101 + list_del(q->next);
9102 + }
9103 ++ kfree(reqs);
9104 + return NULL;
9105 +
9106 + }
9107 +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
9108 +index 7b35f416404c..64ef3f3ba23b 100644
9109 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
9110 ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
9111 +@@ -3320,6 +3320,10 @@ static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm,
9112 + igtk_cmd.sta_id = cpu_to_le32(sta_id);
9113 +
9114 + if (remove_key) {
9115 ++ /* This is a valid situation for IGTK */
9116 ++ if (sta_id == IWL_MVM_INVALID_STA)
9117 ++ return 0;
9118 ++
9119 + igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_NOT_VALID);
9120 + } else {
9121 + struct ieee80211_key_seq seq;
9122 +@@ -3574,9 +3578,9 @@ int iwl_mvm_remove_sta_key(struct iwl_mvm *mvm,
9123 + IWL_DEBUG_WEP(mvm, "mvm remove dynamic key: idx=%d sta=%d\n",
9124 + keyconf->keyidx, sta_id);
9125 +
9126 +- if (mvm_sta && (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
9127 +- keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
9128 +- keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256))
9129 ++ if (keyconf->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
9130 ++ keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
9131 ++ keyconf->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256)
9132 + return iwl_mvm_send_sta_igtk(mvm, keyconf, sta_id, true);
9133 +
9134 + if (!__test_and_clear_bit(keyconf->hw_key_idx, mvm->fw_key_table)) {
9135 +diff --git a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
9136 +index 6dd835f1efc2..fbfa0b15d0c8 100644
9137 +--- a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
9138 ++++ b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
9139 +@@ -232,6 +232,7 @@ static int mwifiex_process_country_ie(struct mwifiex_private *priv,
9140 +
9141 + if (country_ie_len >
9142 + (IEEE80211_COUNTRY_STRING_LEN + MWIFIEX_MAX_TRIPLET_802_11D)) {
9143 ++ rcu_read_unlock();
9144 + mwifiex_dbg(priv->adapter, ERROR,
9145 + "11D: country_ie_len overflow!, deauth AP\n");
9146 + return -EINVAL;
9147 +diff --git a/drivers/nfc/pn544/pn544.c b/drivers/nfc/pn544/pn544.c
9148 +index cda996f6954e..2b83156efe3f 100644
9149 +--- a/drivers/nfc/pn544/pn544.c
9150 ++++ b/drivers/nfc/pn544/pn544.c
9151 +@@ -693,7 +693,7 @@ static int pn544_hci_check_presence(struct nfc_hci_dev *hdev,
9152 + target->nfcid1_len != 10)
9153 + return -EOPNOTSUPP;
9154 +
9155 +- return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
9156 ++ return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
9157 + PN544_RF_READER_CMD_ACTIVATE_NEXT,
9158 + target->nfcid1, target->nfcid1_len, NULL);
9159 + } else if (target->supported_protocols & (NFC_PROTO_JEWEL_MASK |
9160 +diff --git a/drivers/nvme/target/fabrics-cmd.c b/drivers/nvme/target/fabrics-cmd.c
9161 +index f7297473d9eb..feef15c38ec9 100644
9162 +--- a/drivers/nvme/target/fabrics-cmd.c
9163 ++++ b/drivers/nvme/target/fabrics-cmd.c
9164 +@@ -109,6 +109,7 @@ static u16 nvmet_install_queue(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
9165 + u16 qid = le16_to_cpu(c->qid);
9166 + u16 sqsize = le16_to_cpu(c->sqsize);
9167 + struct nvmet_ctrl *old;
9168 ++ u16 ret;
9169 +
9170 + old = cmpxchg(&req->sq->ctrl, NULL, ctrl);
9171 + if (old) {
9172 +@@ -119,7 +120,8 @@ static u16 nvmet_install_queue(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
9173 + if (!sqsize) {
9174 + pr_warn("queue size zero!\n");
9175 + req->error_loc = offsetof(struct nvmf_connect_command, sqsize);
9176 +- return NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
9177 ++ ret = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
9178 ++ goto err;
9179 + }
9180 +
9181 + /* note: convert queue size from 0's-based value to 1's-based value */
9182 +@@ -132,16 +134,19 @@ static u16 nvmet_install_queue(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
9183 + }
9184 +
9185 + if (ctrl->ops->install_queue) {
9186 +- u16 ret = ctrl->ops->install_queue(req->sq);
9187 +-
9188 ++ ret = ctrl->ops->install_queue(req->sq);
9189 + if (ret) {
9190 + pr_err("failed to install queue %d cntlid %d ret %x\n",
9191 +- qid, ret, ctrl->cntlid);
9192 +- return ret;
9193 ++ qid, ctrl->cntlid, ret);
9194 ++ goto err;
9195 + }
9196 + }
9197 +
9198 + return 0;
9199 ++
9200 ++err:
9201 ++ req->sq->ctrl = NULL;
9202 ++ return ret;
9203 + }
9204 +
9205 + static void nvmet_execute_admin_connect(struct nvmet_req *req)
9206 +diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
9207 +index 9f1ee9c766ec..1e4a798dce6e 100644
9208 +--- a/drivers/nvmem/core.c
9209 ++++ b/drivers/nvmem/core.c
9210 +@@ -83,7 +83,7 @@ static void nvmem_cell_drop(struct nvmem_cell *cell)
9211 + list_del(&cell->node);
9212 + mutex_unlock(&nvmem_mutex);
9213 + of_node_put(cell->np);
9214 +- kfree(cell->name);
9215 ++ kfree_const(cell->name);
9216 + kfree(cell);
9217 + }
9218 +
9219 +@@ -110,7 +110,9 @@ static int nvmem_cell_info_to_nvmem_cell(struct nvmem_device *nvmem,
9220 + cell->nvmem = nvmem;
9221 + cell->offset = info->offset;
9222 + cell->bytes = info->bytes;
9223 +- cell->name = info->name;
9224 ++ cell->name = kstrdup_const(info->name, GFP_KERNEL);
9225 ++ if (!cell->name)
9226 ++ return -ENOMEM;
9227 +
9228 + cell->bit_offset = info->bit_offset;
9229 + cell->nbits = info->nbits;
9230 +@@ -300,7 +302,7 @@ static int nvmem_add_cells_from_of(struct nvmem_device *nvmem)
9231 + dev_err(dev, "cell %s unaligned to nvmem stride %d\n",
9232 + cell->name, nvmem->stride);
9233 + /* Cells already added will be freed later. */
9234 +- kfree(cell->name);
9235 ++ kfree_const(cell->name);
9236 + kfree(cell);
9237 + return -EINVAL;
9238 + }
9239 +diff --git a/drivers/nvmem/imx-ocotp-scu.c b/drivers/nvmem/imx-ocotp-scu.c
9240 +index 03f1ab23ad51..455675dd8efe 100644
9241 +--- a/drivers/nvmem/imx-ocotp-scu.c
9242 ++++ b/drivers/nvmem/imx-ocotp-scu.c
9243 +@@ -15,8 +15,7 @@
9244 + #include <linux/platform_device.h>
9245 + #include <linux/slab.h>
9246 +
9247 +-#define IMX_SIP_OTP 0xC200000A
9248 +-#define IMX_SIP_OTP_WRITE 0x2
9249 ++#define IMX_SIP_OTP_WRITE 0xc200000B
9250 +
9251 + enum ocotp_devtype {
9252 + IMX8QXP,
9253 +@@ -212,8 +211,7 @@ static int imx_scu_ocotp_write(void *context, unsigned int offset,
9254 +
9255 + mutex_lock(&scu_ocotp_mutex);
9256 +
9257 +- arm_smccc_smc(IMX_SIP_OTP, IMX_SIP_OTP_WRITE, index, *buf,
9258 +- 0, 0, 0, 0, &res);
9259 ++ arm_smccc_smc(IMX_SIP_OTP_WRITE, index, *buf, 0, 0, 0, 0, 0, &res);
9260 +
9261 + mutex_unlock(&scu_ocotp_mutex);
9262 +
9263 +diff --git a/drivers/of/Kconfig b/drivers/of/Kconfig
9264 +index 37c2ccbefecd..d91618641be6 100644
9265 +--- a/drivers/of/Kconfig
9266 ++++ b/drivers/of/Kconfig
9267 +@@ -103,4 +103,8 @@ config OF_OVERLAY
9268 + config OF_NUMA
9269 + bool
9270 +
9271 ++config OF_DMA_DEFAULT_COHERENT
9272 ++ # arches should select this if DMA is coherent by default for OF devices
9273 ++ bool
9274 ++
9275 + endif # OF
9276 +diff --git a/drivers/of/address.c b/drivers/of/address.c
9277 +index 99c1b8058559..e8a39c3ec4d4 100644
9278 +--- a/drivers/of/address.c
9279 ++++ b/drivers/of/address.c
9280 +@@ -995,12 +995,16 @@ out:
9281 + * @np: device node
9282 + *
9283 + * It returns true if "dma-coherent" property was found
9284 +- * for this device in DT.
9285 ++ * for this device in the DT, or if DMA is coherent by
9286 ++ * default for OF devices on the current platform.
9287 + */
9288 + bool of_dma_is_coherent(struct device_node *np)
9289 + {
9290 + struct device_node *node = of_node_get(np);
9291 +
9292 ++ if (IS_ENABLED(CONFIG_OF_DMA_DEFAULT_COHERENT))
9293 ++ return true;
9294 ++
9295 + while (node) {
9296 + if (of_property_read_bool(node, "dma-coherent")) {
9297 + of_node_put(node);
9298 +diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c
9299 +index 982b46f0a54d..b6f064c885c3 100644
9300 +--- a/drivers/pci/ats.c
9301 ++++ b/drivers/pci/ats.c
9302 +@@ -424,11 +424,12 @@ void pci_restore_pasid_state(struct pci_dev *pdev)
9303 + int pci_pasid_features(struct pci_dev *pdev)
9304 + {
9305 + u16 supported;
9306 +- int pasid = pdev->pasid_cap;
9307 ++ int pasid;
9308 +
9309 + if (pdev->is_virtfn)
9310 + pdev = pci_physfn(pdev);
9311 +
9312 ++ pasid = pdev->pasid_cap;
9313 + if (!pasid)
9314 + return -EINVAL;
9315 +
9316 +@@ -451,11 +452,12 @@ int pci_pasid_features(struct pci_dev *pdev)
9317 + int pci_max_pasids(struct pci_dev *pdev)
9318 + {
9319 + u16 supported;
9320 +- int pasid = pdev->pasid_cap;
9321 ++ int pasid;
9322 +
9323 + if (pdev->is_virtfn)
9324 + pdev = pci_physfn(pdev);
9325 +
9326 ++ pasid = pdev->pasid_cap;
9327 + if (!pasid)
9328 + return -EINVAL;
9329 +
9330 +diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c
9331 +index af677254a072..c8c702c494a2 100644
9332 +--- a/drivers/pci/controller/dwc/pci-keystone.c
9333 ++++ b/drivers/pci/controller/dwc/pci-keystone.c
9334 +@@ -422,7 +422,7 @@ static void ks_pcie_setup_rc_app_regs(struct keystone_pcie *ks_pcie)
9335 + lower_32_bits(start) | OB_ENABLEN);
9336 + ks_pcie_app_writel(ks_pcie, OB_OFFSET_HI(i),
9337 + upper_32_bits(start));
9338 +- start += OB_WIN_SIZE;
9339 ++ start += OB_WIN_SIZE * SZ_1M;
9340 + }
9341 +
9342 + val = ks_pcie_app_readl(ks_pcie, CMD_STATUS);
9343 +@@ -510,7 +510,7 @@ static void ks_pcie_stop_link(struct dw_pcie *pci)
9344 + /* Disable Link training */
9345 + val = ks_pcie_app_readl(ks_pcie, CMD_STATUS);
9346 + val &= ~LTSSM_EN_VAL;
9347 +- ks_pcie_app_writel(ks_pcie, CMD_STATUS, LTSSM_EN_VAL | val);
9348 ++ ks_pcie_app_writel(ks_pcie, CMD_STATUS, val);
9349 + }
9350 +
9351 + static int ks_pcie_start_link(struct dw_pcie *pci)
9352 +@@ -1354,7 +1354,7 @@ static int __init ks_pcie_probe(struct platform_device *pdev)
9353 + ret = of_property_read_u32(np, "num-viewport", &num_viewport);
9354 + if (ret < 0) {
9355 + dev_err(dev, "unable to read *num-viewport* property\n");
9356 +- return ret;
9357 ++ goto err_get_sync;
9358 + }
9359 +
9360 + /*
9361 +diff --git a/drivers/pci/controller/pci-tegra.c b/drivers/pci/controller/pci-tegra.c
9362 +index 673a1725ef38..090b632965e2 100644
9363 +--- a/drivers/pci/controller/pci-tegra.c
9364 ++++ b/drivers/pci/controller/pci-tegra.c
9365 +@@ -2798,7 +2798,7 @@ static int tegra_pcie_probe(struct platform_device *pdev)
9366 +
9367 + pm_runtime_enable(pcie->dev);
9368 + err = pm_runtime_get_sync(pcie->dev);
9369 +- if (err) {
9370 ++ if (err < 0) {
9371 + dev_err(dev, "fail to enable pcie controller: %d\n", err);
9372 + goto teardown_msi;
9373 + }
9374 +diff --git a/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c b/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c
9375 +index 42bc5150dd92..febe0aef68d4 100644
9376 +--- a/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c
9377 ++++ b/drivers/phy/qualcomm/phy-qcom-apq8064-sata.c
9378 +@@ -80,7 +80,7 @@ static int read_poll_timeout(void __iomem *addr, u32 mask)
9379 + if (readl_relaxed(addr) & mask)
9380 + return 0;
9381 +
9382 +- usleep_range(DELAY_INTERVAL_US, DELAY_INTERVAL_US + 50);
9383 ++ usleep_range(DELAY_INTERVAL_US, DELAY_INTERVAL_US + 50);
9384 + } while (!time_after(jiffies, timeout));
9385 +
9386 + return (readl_relaxed(addr) & mask) ? 0 : -ETIMEDOUT;
9387 +diff --git a/drivers/platform/x86/intel_scu_ipc.c b/drivers/platform/x86/intel_scu_ipc.c
9388 +index cdab916fbf92..e330ec73c465 100644
9389 +--- a/drivers/platform/x86/intel_scu_ipc.c
9390 ++++ b/drivers/platform/x86/intel_scu_ipc.c
9391 +@@ -67,26 +67,22 @@
9392 + struct intel_scu_ipc_pdata_t {
9393 + u32 i2c_base;
9394 + u32 i2c_len;
9395 +- u8 irq_mode;
9396 + };
9397 +
9398 + static const struct intel_scu_ipc_pdata_t intel_scu_ipc_lincroft_pdata = {
9399 + .i2c_base = 0xff12b000,
9400 + .i2c_len = 0x10,
9401 +- .irq_mode = 0,
9402 + };
9403 +
9404 + /* Penwell and Cloverview */
9405 + static const struct intel_scu_ipc_pdata_t intel_scu_ipc_penwell_pdata = {
9406 + .i2c_base = 0xff12b000,
9407 + .i2c_len = 0x10,
9408 +- .irq_mode = 1,
9409 + };
9410 +
9411 + static const struct intel_scu_ipc_pdata_t intel_scu_ipc_tangier_pdata = {
9412 + .i2c_base = 0xff00d000,
9413 + .i2c_len = 0x10,
9414 +- .irq_mode = 0,
9415 + };
9416 +
9417 + struct intel_scu_ipc_dev {
9418 +@@ -99,6 +95,9 @@ struct intel_scu_ipc_dev {
9419 +
9420 + static struct intel_scu_ipc_dev ipcdev; /* Only one for now */
9421 +
9422 ++#define IPC_STATUS 0x04
9423 ++#define IPC_STATUS_IRQ BIT(2)
9424 ++
9425 + /*
9426 + * IPC Read Buffer (Read Only):
9427 + * 16 byte buffer for receiving data from SCU, if IPC command
9428 +@@ -120,11 +119,8 @@ static DEFINE_MUTEX(ipclock); /* lock used to prevent multiple call to SCU */
9429 + */
9430 + static inline void ipc_command(struct intel_scu_ipc_dev *scu, u32 cmd)
9431 + {
9432 +- if (scu->irq_mode) {
9433 +- reinit_completion(&scu->cmd_complete);
9434 +- writel(cmd | IPC_IOC, scu->ipc_base);
9435 +- }
9436 +- writel(cmd, scu->ipc_base);
9437 ++ reinit_completion(&scu->cmd_complete);
9438 ++ writel(cmd | IPC_IOC, scu->ipc_base);
9439 + }
9440 +
9441 + /*
9442 +@@ -610,9 +606,10 @@ EXPORT_SYMBOL(intel_scu_ipc_i2c_cntrl);
9443 + static irqreturn_t ioc(int irq, void *dev_id)
9444 + {
9445 + struct intel_scu_ipc_dev *scu = dev_id;
9446 ++ int status = ipc_read_status(scu);
9447 +
9448 +- if (scu->irq_mode)
9449 +- complete(&scu->cmd_complete);
9450 ++ writel(status | IPC_STATUS_IRQ, scu->ipc_base + IPC_STATUS);
9451 ++ complete(&scu->cmd_complete);
9452 +
9453 + return IRQ_HANDLED;
9454 + }
9455 +@@ -638,8 +635,6 @@ static int ipc_probe(struct pci_dev *pdev, const struct pci_device_id *id)
9456 + if (!pdata)
9457 + return -ENODEV;
9458 +
9459 +- scu->irq_mode = pdata->irq_mode;
9460 +-
9461 + err = pcim_enable_device(pdev);
9462 + if (err)
9463 + return err;
9464 +diff --git a/drivers/power/supply/axp20x_ac_power.c b/drivers/power/supply/axp20x_ac_power.c
9465 +index 0d34a932b6d5..f74b0556bb6b 100644
9466 +--- a/drivers/power/supply/axp20x_ac_power.c
9467 ++++ b/drivers/power/supply/axp20x_ac_power.c
9468 +@@ -23,6 +23,8 @@
9469 + #define AXP20X_PWR_STATUS_ACIN_PRESENT BIT(7)
9470 + #define AXP20X_PWR_STATUS_ACIN_AVAIL BIT(6)
9471 +
9472 ++#define AXP813_ACIN_PATH_SEL BIT(7)
9473 ++
9474 + #define AXP813_VHOLD_MASK GENMASK(5, 3)
9475 + #define AXP813_VHOLD_UV_TO_BIT(x) ((((x) / 100000) - 40) << 3)
9476 + #define AXP813_VHOLD_REG_TO_UV(x) \
9477 +@@ -40,6 +42,7 @@ struct axp20x_ac_power {
9478 + struct power_supply *supply;
9479 + struct iio_channel *acin_v;
9480 + struct iio_channel *acin_i;
9481 ++ bool has_acin_path_sel;
9482 + };
9483 +
9484 + static irqreturn_t axp20x_ac_power_irq(int irq, void *devid)
9485 +@@ -86,6 +89,17 @@ static int axp20x_ac_power_get_property(struct power_supply *psy,
9486 + return ret;
9487 +
9488 + val->intval = !!(reg & AXP20X_PWR_STATUS_ACIN_AVAIL);
9489 ++
9490 ++ /* ACIN_PATH_SEL disables ACIN even if ACIN_AVAIL is set. */
9491 ++ if (val->intval && power->has_acin_path_sel) {
9492 ++ ret = regmap_read(power->regmap, AXP813_ACIN_PATH_CTRL,
9493 ++ &reg);
9494 ++ if (ret)
9495 ++ return ret;
9496 ++
9497 ++ val->intval = !!(reg & AXP813_ACIN_PATH_SEL);
9498 ++ }
9499 ++
9500 + return 0;
9501 +
9502 + case POWER_SUPPLY_PROP_VOLTAGE_NOW:
9503 +@@ -224,21 +238,25 @@ static const struct power_supply_desc axp813_ac_power_desc = {
9504 + struct axp_data {
9505 + const struct power_supply_desc *power_desc;
9506 + bool acin_adc;
9507 ++ bool acin_path_sel;
9508 + };
9509 +
9510 + static const struct axp_data axp20x_data = {
9511 +- .power_desc = &axp20x_ac_power_desc,
9512 +- .acin_adc = true,
9513 ++ .power_desc = &axp20x_ac_power_desc,
9514 ++ .acin_adc = true,
9515 ++ .acin_path_sel = false,
9516 + };
9517 +
9518 + static const struct axp_data axp22x_data = {
9519 +- .power_desc = &axp22x_ac_power_desc,
9520 +- .acin_adc = false,
9521 ++ .power_desc = &axp22x_ac_power_desc,
9522 ++ .acin_adc = false,
9523 ++ .acin_path_sel = false,
9524 + };
9525 +
9526 + static const struct axp_data axp813_data = {
9527 +- .power_desc = &axp813_ac_power_desc,
9528 +- .acin_adc = false,
9529 ++ .power_desc = &axp813_ac_power_desc,
9530 ++ .acin_adc = false,
9531 ++ .acin_path_sel = true,
9532 + };
9533 +
9534 + static int axp20x_ac_power_probe(struct platform_device *pdev)
9535 +@@ -282,6 +300,7 @@ static int axp20x_ac_power_probe(struct platform_device *pdev)
9536 + }
9537 +
9538 + power->regmap = dev_get_regmap(pdev->dev.parent, NULL);
9539 ++ power->has_acin_path_sel = axp_data->acin_path_sel;
9540 +
9541 + platform_set_drvdata(pdev, power);
9542 +
9543 +diff --git a/drivers/power/supply/ltc2941-battery-gauge.c b/drivers/power/supply/ltc2941-battery-gauge.c
9544 +index da49436176cd..30a9014b2f95 100644
9545 +--- a/drivers/power/supply/ltc2941-battery-gauge.c
9546 ++++ b/drivers/power/supply/ltc2941-battery-gauge.c
9547 +@@ -449,7 +449,7 @@ static int ltc294x_i2c_remove(struct i2c_client *client)
9548 + {
9549 + struct ltc294x_info *info = i2c_get_clientdata(client);
9550 +
9551 +- cancel_delayed_work(&info->work);
9552 ++ cancel_delayed_work_sync(&info->work);
9553 + power_supply_unregister(info->supply);
9554 + return 0;
9555 + }
9556 +diff --git a/drivers/regulator/helpers.c b/drivers/regulator/helpers.c
9557 +index ca3dc3f3bb29..bb16c465426e 100644
9558 +--- a/drivers/regulator/helpers.c
9559 ++++ b/drivers/regulator/helpers.c
9560 +@@ -13,6 +13,8 @@
9561 + #include <linux/regulator/driver.h>
9562 + #include <linux/module.h>
9563 +
9564 ++#include "internal.h"
9565 ++
9566 + /**
9567 + * regulator_is_enabled_regmap - standard is_enabled() for regmap users
9568 + *
9569 +@@ -881,3 +883,15 @@ void regulator_bulk_set_supply_names(struct regulator_bulk_data *consumers,
9570 + consumers[i].supply = supply_names[i];
9571 + }
9572 + EXPORT_SYMBOL_GPL(regulator_bulk_set_supply_names);
9573 ++
9574 ++/**
9575 ++ * regulator_is_equal - test whether two regulators are the same
9576 ++ *
9577 ++ * @reg1: first regulator to operate on
9578 ++ * @reg2: second regulator to operate on
9579 ++ */
9580 ++bool regulator_is_equal(struct regulator *reg1, struct regulator *reg2)
9581 ++{
9582 ++ return reg1->rdev == reg2->rdev;
9583 ++}
9584 ++EXPORT_SYMBOL_GPL(regulator_is_equal);
9585 +diff --git a/drivers/scsi/csiostor/csio_scsi.c b/drivers/scsi/csiostor/csio_scsi.c
9586 +index 469d0bc9f5fe..00cf33573136 100644
9587 +--- a/drivers/scsi/csiostor/csio_scsi.c
9588 ++++ b/drivers/scsi/csiostor/csio_scsi.c
9589 +@@ -1383,7 +1383,7 @@ csio_device_reset(struct device *dev,
9590 + return -EINVAL;
9591 +
9592 + /* Delete NPIV lnodes */
9593 +- csio_lnodes_exit(hw, 1);
9594 ++ csio_lnodes_exit(hw, 1);
9595 +
9596 + /* Block upper IOs */
9597 + csio_lnodes_block_request(hw);
9598 +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
9599 +index a4bc81479284..15b3d9050804 100644
9600 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c
9601 ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c
9602 +@@ -4392,7 +4392,8 @@ dcmd_timeout_ocr_possible(struct megasas_instance *instance) {
9603 + if (instance->adapter_type == MFI_SERIES)
9604 + return KILL_ADAPTER;
9605 + else if (instance->unload ||
9606 +- test_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags))
9607 ++ test_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE,
9608 ++ &instance->reset_flags))
9609 + return IGNORE_TIMEOUT;
9610 + else
9611 + return INITIATE_OCR;
9612 +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.c b/drivers/scsi/megaraid/megaraid_sas_fusion.c
9613 +index e301458bcbae..46bc062d873e 100644
9614 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
9615 ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
9616 +@@ -4847,6 +4847,7 @@ int megasas_reset_fusion(struct Scsi_Host *shost, int reason)
9617 + if (instance->requestorId && !instance->skip_heartbeat_timer_del)
9618 + del_timer_sync(&instance->sriov_heartbeat_timer);
9619 + set_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags);
9620 ++ set_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, &instance->reset_flags);
9621 + atomic_set(&instance->adprecovery, MEGASAS_ADPRESET_SM_POLLING);
9622 + instance->instancet->disable_intr(instance);
9623 + megasas_sync_irqs((unsigned long)instance);
9624 +@@ -5046,7 +5047,7 @@ kill_hba:
9625 + instance->skip_heartbeat_timer_del = 1;
9626 + retval = FAILED;
9627 + out:
9628 +- clear_bit(MEGASAS_FUSION_IN_RESET, &instance->reset_flags);
9629 ++ clear_bit(MEGASAS_FUSION_OCR_NOT_POSSIBLE, &instance->reset_flags);
9630 + mutex_unlock(&instance->reset_mutex);
9631 + return retval;
9632 + }
9633 +diff --git a/drivers/scsi/megaraid/megaraid_sas_fusion.h b/drivers/scsi/megaraid/megaraid_sas_fusion.h
9634 +index c013c80fe4e6..dd2e37e40d6b 100644
9635 +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h
9636 ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h
9637 +@@ -89,6 +89,7 @@ enum MR_RAID_FLAGS_IO_SUB_TYPE {
9638 +
9639 + #define MEGASAS_FP_CMD_LEN 16
9640 + #define MEGASAS_FUSION_IN_RESET 0
9641 ++#define MEGASAS_FUSION_OCR_NOT_POSSIBLE 1
9642 + #define RAID_1_PEER_CMDS 2
9643 + #define JBOD_MAPS_COUNT 2
9644 + #define MEGASAS_REDUCE_QD_COUNT 64
9645 +diff --git a/drivers/scsi/qla2xxx/qla_dbg.c b/drivers/scsi/qla2xxx/qla_dbg.c
9646 +index 30afc59c1870..7bbff91f8883 100644
9647 +--- a/drivers/scsi/qla2xxx/qla_dbg.c
9648 ++++ b/drivers/scsi/qla2xxx/qla_dbg.c
9649 +@@ -2519,12 +2519,6 @@ qla83xx_fw_dump_failed:
9650 + /* Driver Debug Functions. */
9651 + /****************************************************************************/
9652 +
9653 +-static inline int
9654 +-ql_mask_match(uint level)
9655 +-{
9656 +- return (level & ql2xextended_error_logging) == level;
9657 +-}
9658 +-
9659 + /*
9660 + * This function is for formatting and logging debug information.
9661 + * It is to be used when vha is available. It formats the message
9662 +diff --git a/drivers/scsi/qla2xxx/qla_dbg.h b/drivers/scsi/qla2xxx/qla_dbg.h
9663 +index bb01b680ce9f..433e95502808 100644
9664 +--- a/drivers/scsi/qla2xxx/qla_dbg.h
9665 ++++ b/drivers/scsi/qla2xxx/qla_dbg.h
9666 +@@ -374,3 +374,9 @@ extern int qla24xx_dump_ram(struct qla_hw_data *, uint32_t, uint32_t *,
9667 + extern void qla24xx_pause_risc(struct device_reg_24xx __iomem *,
9668 + struct qla_hw_data *);
9669 + extern int qla24xx_soft_reset(struct qla_hw_data *);
9670 ++
9671 ++static inline int
9672 ++ql_mask_match(uint level)
9673 ++{
9674 ++ return (level & ql2xextended_error_logging) == level;
9675 ++}
9676 +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
9677 +index 2edd9f7b3074..c18e2864de3a 100644
9678 +--- a/drivers/scsi/qla2xxx/qla_def.h
9679 ++++ b/drivers/scsi/qla2xxx/qla_def.h
9680 +@@ -2402,6 +2402,7 @@ typedef struct fc_port {
9681 + unsigned int scan_needed:1;
9682 + unsigned int n2n_flag:1;
9683 + unsigned int explicit_logout:1;
9684 ++ unsigned int prli_pend_timer:1;
9685 +
9686 + struct completion nvme_del_done;
9687 + uint32_t nvme_prli_service_param;
9688 +@@ -2428,6 +2429,7 @@ typedef struct fc_port {
9689 + struct work_struct free_work;
9690 + struct work_struct reg_work;
9691 + uint64_t jiffies_at_registration;
9692 ++ unsigned long prli_expired;
9693 + struct qlt_plogi_ack_t *plogi_link[QLT_PLOGI_LINK_MAX];
9694 +
9695 + uint16_t tgt_id;
9696 +@@ -4845,6 +4847,9 @@ struct sff_8247_a0 {
9697 + (ha->fc4_type_priority == FC4_PRIORITY_NVME)) || \
9698 + NVME_ONLY_TARGET(fcport)) \
9699 +
9700 ++#define PRLI_PHASE(_cls) \
9701 ++ ((_cls == DSC_LS_PRLI_PEND) || (_cls == DSC_LS_PRLI_COMP))
9702 ++
9703 + #include "qla_target.h"
9704 + #include "qla_gbl.h"
9705 + #include "qla_dbg.h"
9706 +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
9707 +index aa5204163bec..1841d4ad2cb2 100644
9708 +--- a/drivers/scsi/qla2xxx/qla_init.c
9709 ++++ b/drivers/scsi/qla2xxx/qla_init.c
9710 +@@ -685,7 +685,7 @@ static void qla24xx_handle_gnl_done_event(scsi_qla_host_t *vha,
9711 + port_id_t id;
9712 + u64 wwn;
9713 + u16 data[2];
9714 +- u8 current_login_state;
9715 ++ u8 current_login_state, nvme_cls;
9716 +
9717 + fcport = ea->fcport;
9718 + ql_dbg(ql_dbg_disc, vha, 0xffff,
9719 +@@ -744,10 +744,17 @@ static void qla24xx_handle_gnl_done_event(scsi_qla_host_t *vha,
9720 +
9721 + loop_id = le16_to_cpu(e->nport_handle);
9722 + loop_id = (loop_id & 0x7fff);
9723 +- if (NVME_TARGET(vha->hw, fcport))
9724 +- current_login_state = e->current_login_state >> 4;
9725 +- else
9726 +- current_login_state = e->current_login_state & 0xf;
9727 ++ nvme_cls = e->current_login_state >> 4;
9728 ++ current_login_state = e->current_login_state & 0xf;
9729 ++
9730 ++ if (PRLI_PHASE(nvme_cls)) {
9731 ++ current_login_state = nvme_cls;
9732 ++ fcport->fc4_type &= ~FS_FC4TYPE_FCP;
9733 ++ fcport->fc4_type |= FS_FC4TYPE_NVME;
9734 ++ } else if (PRLI_PHASE(current_login_state)) {
9735 ++ fcport->fc4_type |= FS_FC4TYPE_FCP;
9736 ++ fcport->fc4_type &= ~FS_FC4TYPE_NVME;
9737 ++ }
9738 +
9739 + ql_dbg(ql_dbg_disc, vha, 0x20e2,
9740 + "%s found %8phC CLS [%x|%x] fc4_type %d ID[%06x|%06x] lid[%d|%d]\n",
9741 +@@ -1216,12 +1223,19 @@ qla24xx_async_prli(struct scsi_qla_host *vha, fc_port_t *fcport)
9742 + struct srb_iocb *lio;
9743 + int rval = QLA_FUNCTION_FAILED;
9744 +
9745 +- if (!vha->flags.online)
9746 ++ if (!vha->flags.online) {
9747 ++ ql_dbg(ql_dbg_disc, vha, 0xffff, "%s %d %8phC exit\n",
9748 ++ __func__, __LINE__, fcport->port_name);
9749 + return rval;
9750 ++ }
9751 +
9752 +- if (fcport->fw_login_state == DSC_LS_PLOGI_PEND ||
9753 +- fcport->fw_login_state == DSC_LS_PRLI_PEND)
9754 ++ if ((fcport->fw_login_state == DSC_LS_PLOGI_PEND ||
9755 ++ fcport->fw_login_state == DSC_LS_PRLI_PEND) &&
9756 ++ qla_dual_mode_enabled(vha)) {
9757 ++ ql_dbg(ql_dbg_disc, vha, 0xffff, "%s %d %8phC exit\n",
9758 ++ __func__, __LINE__, fcport->port_name);
9759 + return rval;
9760 ++ }
9761 +
9762 + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL);
9763 + if (!sp)
9764 +@@ -1600,6 +1614,10 @@ int qla24xx_fcport_handle_login(struct scsi_qla_host *vha, fc_port_t *fcport)
9765 + break;
9766 + default:
9767 + if (fcport->login_pause) {
9768 ++ ql_dbg(ql_dbg_disc, vha, 0x20d8,
9769 ++ "%s %d %8phC exit\n",
9770 ++ __func__, __LINE__,
9771 ++ fcport->port_name);
9772 + fcport->last_rscn_gen = fcport->rscn_gen;
9773 + fcport->last_login_gen = fcport->login_gen;
9774 + set_bit(RELOGIN_NEEDED, &vha->dpc_flags);
9775 +diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
9776 +index 7b8a6bfcf08d..9f9124550415 100644
9777 +--- a/drivers/scsi/qla2xxx/qla_isr.c
9778 ++++ b/drivers/scsi/qla2xxx/qla_isr.c
9779 +@@ -1918,6 +1918,18 @@ static void qla24xx_nvme_iocb_entry(scsi_qla_host_t *vha, struct req_que *req,
9780 + inbuf = (uint32_t *)&sts->nvme_ersp_data;
9781 + outbuf = (uint32_t *)fd->rspaddr;
9782 + iocb->u.nvme.rsp_pyld_len = le16_to_cpu(sts->nvme_rsp_pyld_len);
9783 ++ if (unlikely(iocb->u.nvme.rsp_pyld_len >
9784 ++ sizeof(struct nvme_fc_ersp_iu))) {
9785 ++ if (ql_mask_match(ql_dbg_io)) {
9786 ++ WARN_ONCE(1, "Unexpected response payload length %u.\n",
9787 ++ iocb->u.nvme.rsp_pyld_len);
9788 ++ ql_log(ql_log_warn, fcport->vha, 0x5100,
9789 ++ "Unexpected response payload length %u.\n",
9790 ++ iocb->u.nvme.rsp_pyld_len);
9791 ++ }
9792 ++ iocb->u.nvme.rsp_pyld_len =
9793 ++ sizeof(struct nvme_fc_ersp_iu);
9794 ++ }
9795 + iter = iocb->u.nvme.rsp_pyld_len >> 2;
9796 + for (; iter; iter--)
9797 + *outbuf++ = swab32(*inbuf++);
9798 +diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
9799 +index b7c1108c48e2..9e09964f5c0e 100644
9800 +--- a/drivers/scsi/qla2xxx/qla_mbx.c
9801 ++++ b/drivers/scsi/qla2xxx/qla_mbx.c
9802 +@@ -6152,9 +6152,8 @@ qla2x00_dump_mctp_data(scsi_qla_host_t *vha, dma_addr_t req_dma, uint32_t addr,
9803 + mcp->mb[7] = LSW(MSD(req_dma));
9804 + mcp->mb[8] = MSW(addr);
9805 + /* Setting RAM ID to valid */
9806 +- mcp->mb[10] |= BIT_7;
9807 + /* For MCTP RAM ID is 0x40 */
9808 +- mcp->mb[10] |= 0x40;
9809 ++ mcp->mb[10] = BIT_7 | 0x40;
9810 +
9811 + mcp->out_mb |= MBX_10|MBX_8|MBX_7|MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1|
9812 + MBX_0;
9813 +diff --git a/drivers/scsi/qla2xxx/qla_nx.c b/drivers/scsi/qla2xxx/qla_nx.c
9814 +index 2b2028f2383e..c855d013ba8a 100644
9815 +--- a/drivers/scsi/qla2xxx/qla_nx.c
9816 ++++ b/drivers/scsi/qla2xxx/qla_nx.c
9817 +@@ -1612,8 +1612,7 @@ qla82xx_get_bootld_offset(struct qla_hw_data *ha)
9818 + return (u8 *)&ha->hablob->fw->data[offset];
9819 + }
9820 +
9821 +-static __le32
9822 +-qla82xx_get_fw_size(struct qla_hw_data *ha)
9823 ++static u32 qla82xx_get_fw_size(struct qla_hw_data *ha)
9824 + {
9825 + struct qla82xx_uri_data_desc *uri_desc = NULL;
9826 +
9827 +@@ -1624,7 +1623,7 @@ qla82xx_get_fw_size(struct qla_hw_data *ha)
9828 + return cpu_to_le32(uri_desc->size);
9829 + }
9830 +
9831 +- return cpu_to_le32(*(u32 *)&ha->hablob->fw->data[FW_SIZE_OFFSET]);
9832 ++ return get_unaligned_le32(&ha->hablob->fw->data[FW_SIZE_OFFSET]);
9833 + }
9834 +
9835 + static u8 *
9836 +@@ -1816,7 +1815,7 @@ qla82xx_fw_load_from_blob(struct qla_hw_data *ha)
9837 + }
9838 +
9839 + flashaddr = FLASH_ADDR_START;
9840 +- size = (__force u32)qla82xx_get_fw_size(ha) / 8;
9841 ++ size = qla82xx_get_fw_size(ha) / 8;
9842 + ptr64 = (u64 *)qla82xx_get_fw_offs(ha);
9843 +
9844 + for (i = 0; i < size; i++) {
9845 +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
9846 +index 68c14143e50e..f67a5c4dacd0 100644
9847 +--- a/drivers/scsi/qla2xxx/qla_target.c
9848 ++++ b/drivers/scsi/qla2xxx/qla_target.c
9849 +@@ -1257,6 +1257,7 @@ void qlt_schedule_sess_for_deletion(struct fc_port *sess)
9850 + sess->deleted = QLA_SESS_DELETION_IN_PROGRESS;
9851 + spin_unlock_irqrestore(&sess->vha->work_lock, flags);
9852 +
9853 ++ sess->prli_pend_timer = 0;
9854 + sess->disc_state = DSC_DELETE_PEND;
9855 +
9856 + qla24xx_chk_fcp_state(sess);
9857 +diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
9858 +index 2323432a0edb..5504ab11decc 100644
9859 +--- a/drivers/scsi/qla4xxx/ql4_os.c
9860 ++++ b/drivers/scsi/qla4xxx/ql4_os.c
9861 +@@ -4145,7 +4145,7 @@ static void qla4xxx_mem_free(struct scsi_qla_host *ha)
9862 + dma_free_coherent(&ha->pdev->dev, ha->queues_len, ha->queues,
9863 + ha->queues_dma);
9864 +
9865 +- if (ha->fw_dump)
9866 ++ if (ha->fw_dump)
9867 + vfree(ha->fw_dump);
9868 +
9869 + ha->queues_len = 0;
9870 +diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
9871 +index 160748ad9c0f..eace8886d95a 100644
9872 +--- a/drivers/scsi/sg.c
9873 ++++ b/drivers/scsi/sg.c
9874 +@@ -405,6 +405,38 @@ sg_release(struct inode *inode, struct file *filp)
9875 + return 0;
9876 + }
9877 +
9878 ++static int get_sg_io_pack_id(int *pack_id, void __user *buf, size_t count)
9879 ++{
9880 ++ struct sg_header __user *old_hdr = buf;
9881 ++ int reply_len;
9882 ++
9883 ++ if (count >= SZ_SG_HEADER) {
9884 ++ /* negative reply_len means v3 format, otherwise v1/v2 */
9885 ++ if (get_user(reply_len, &old_hdr->reply_len))
9886 ++ return -EFAULT;
9887 ++
9888 ++ if (reply_len >= 0)
9889 ++ return get_user(*pack_id, &old_hdr->pack_id);
9890 ++
9891 ++ if (in_compat_syscall() &&
9892 ++ count >= sizeof(struct compat_sg_io_hdr)) {
9893 ++ struct compat_sg_io_hdr __user *hp = buf;
9894 ++
9895 ++ return get_user(*pack_id, &hp->pack_id);
9896 ++ }
9897 ++
9898 ++ if (count >= sizeof(struct sg_io_hdr)) {
9899 ++ struct sg_io_hdr __user *hp = buf;
9900 ++
9901 ++ return get_user(*pack_id, &hp->pack_id);
9902 ++ }
9903 ++ }
9904 ++
9905 ++ /* no valid header was passed, so ignore the pack_id */
9906 ++ *pack_id = -1;
9907 ++ return 0;
9908 ++}
9909 ++
9910 + static ssize_t
9911 + sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
9912 + {
9913 +@@ -413,8 +445,8 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
9914 + Sg_request *srp;
9915 + int req_pack_id = -1;
9916 + sg_io_hdr_t *hp;
9917 +- struct sg_header *old_hdr = NULL;
9918 +- int retval = 0;
9919 ++ struct sg_header *old_hdr;
9920 ++ int retval;
9921 +
9922 + /*
9923 + * This could cause a response to be stranded. Close the associated
9924 +@@ -429,79 +461,34 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos)
9925 + SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
9926 + "sg_read: count=%d\n", (int) count));
9927 +
9928 +- if (sfp->force_packid && (count >= SZ_SG_HEADER)) {
9929 +- old_hdr = memdup_user(buf, SZ_SG_HEADER);
9930 +- if (IS_ERR(old_hdr))
9931 +- return PTR_ERR(old_hdr);
9932 +- if (old_hdr->reply_len < 0) {
9933 +- if (count >= SZ_SG_IO_HDR) {
9934 +- /*
9935 +- * This is stupid.
9936 +- *
9937 +- * We're copying the whole sg_io_hdr_t from user
9938 +- * space just to get the 'pack_id' field. But the
9939 +- * field is at different offsets for the compat
9940 +- * case, so we'll use "get_sg_io_hdr()" to copy
9941 +- * the whole thing and convert it.
9942 +- *
9943 +- * We could do something like just calculating the
9944 +- * offset based of 'in_compat_syscall()', but the
9945 +- * 'compat_sg_io_hdr' definition is in the wrong
9946 +- * place for that.
9947 +- */
9948 +- sg_io_hdr_t *new_hdr;
9949 +- new_hdr = kmalloc(SZ_SG_IO_HDR, GFP_KERNEL);
9950 +- if (!new_hdr) {
9951 +- retval = -ENOMEM;
9952 +- goto free_old_hdr;
9953 +- }
9954 +- retval = get_sg_io_hdr(new_hdr, buf);
9955 +- req_pack_id = new_hdr->pack_id;
9956 +- kfree(new_hdr);
9957 +- if (retval) {
9958 +- retval = -EFAULT;
9959 +- goto free_old_hdr;
9960 +- }
9961 +- }
9962 +- } else
9963 +- req_pack_id = old_hdr->pack_id;
9964 +- }
9965 ++ if (sfp->force_packid)
9966 ++ retval = get_sg_io_pack_id(&req_pack_id, buf, count);
9967 ++ if (retval)
9968 ++ return retval;
9969 ++
9970 + srp = sg_get_rq_mark(sfp, req_pack_id);
9971 + if (!srp) { /* now wait on packet to arrive */
9972 +- if (atomic_read(&sdp->detaching)) {
9973 +- retval = -ENODEV;
9974 +- goto free_old_hdr;
9975 +- }
9976 +- if (filp->f_flags & O_NONBLOCK) {
9977 +- retval = -EAGAIN;
9978 +- goto free_old_hdr;
9979 +- }
9980 ++ if (atomic_read(&sdp->detaching))
9981 ++ return -ENODEV;
9982 ++ if (filp->f_flags & O_NONBLOCK)
9983 ++ return -EAGAIN;
9984 + retval = wait_event_interruptible(sfp->read_wait,
9985 + (atomic_read(&sdp->detaching) ||
9986 + (srp = sg_get_rq_mark(sfp, req_pack_id))));
9987 +- if (atomic_read(&sdp->detaching)) {
9988 +- retval = -ENODEV;
9989 +- goto free_old_hdr;
9990 +- }
9991 +- if (retval) {
9992 ++ if (atomic_read(&sdp->detaching))
9993 ++ return -ENODEV;
9994 ++ if (retval)
9995 + /* -ERESTARTSYS as signal hit process */
9996 +- goto free_old_hdr;
9997 +- }
9998 +- }
9999 +- if (srp->header.interface_id != '\0') {
10000 +- retval = sg_new_read(sfp, buf, count, srp);
10001 +- goto free_old_hdr;
10002 ++ return retval;
10003 + }
10004 ++ if (srp->header.interface_id != '\0')
10005 ++ return sg_new_read(sfp, buf, count, srp);
10006 +
10007 + hp = &srp->header;
10008 +- if (old_hdr == NULL) {
10009 +- old_hdr = kmalloc(SZ_SG_HEADER, GFP_KERNEL);
10010 +- if (! old_hdr) {
10011 +- retval = -ENOMEM;
10012 +- goto free_old_hdr;
10013 +- }
10014 +- }
10015 +- memset(old_hdr, 0, SZ_SG_HEADER);
10016 ++ old_hdr = kzalloc(SZ_SG_HEADER, GFP_KERNEL);
10017 ++ if (!old_hdr)
10018 ++ return -ENOMEM;
10019 ++
10020 + old_hdr->reply_len = (int) hp->timeout;
10021 + old_hdr->pack_len = old_hdr->reply_len; /* old, strange behaviour */
10022 + old_hdr->pack_id = hp->pack_id;
10023 +@@ -575,7 +562,12 @@ sg_new_read(Sg_fd * sfp, char __user *buf, size_t count, Sg_request * srp)
10024 + int err = 0, err2;
10025 + int len;
10026 +
10027 +- if (count < SZ_SG_IO_HDR) {
10028 ++ if (in_compat_syscall()) {
10029 ++ if (count < sizeof(struct compat_sg_io_hdr)) {
10030 ++ err = -EINVAL;
10031 ++ goto err_out;
10032 ++ }
10033 ++ } else if (count < SZ_SG_IO_HDR) {
10034 + err = -EINVAL;
10035 + goto err_out;
10036 + }
10037 +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
10038 +index b5966faf3e98..03173f06ab96 100644
10039 +--- a/drivers/scsi/ufs/ufshcd.c
10040 ++++ b/drivers/scsi/ufs/ufshcd.c
10041 +@@ -5053,6 +5053,7 @@ static int ufshcd_disable_auto_bkops(struct ufs_hba *hba)
10042 +
10043 + hba->auto_bkops_enabled = false;
10044 + trace_ufshcd_auto_bkops_state(dev_name(hba->dev), "Disabled");
10045 ++ hba->is_urgent_bkops_lvl_checked = false;
10046 + out:
10047 + return err;
10048 + }
10049 +@@ -5077,6 +5078,7 @@ static void ufshcd_force_reset_auto_bkops(struct ufs_hba *hba)
10050 + hba->ee_ctrl_mask &= ~MASK_EE_URGENT_BKOPS;
10051 + ufshcd_disable_auto_bkops(hba);
10052 + }
10053 ++ hba->is_urgent_bkops_lvl_checked = false;
10054 + }
10055 +
10056 + static inline int ufshcd_get_bkops_status(struct ufs_hba *hba, u32 *status)
10057 +@@ -5123,6 +5125,7 @@ static int ufshcd_bkops_ctrl(struct ufs_hba *hba,
10058 + err = ufshcd_enable_auto_bkops(hba);
10059 + else
10060 + err = ufshcd_disable_auto_bkops(hba);
10061 ++ hba->urgent_bkops_lvl = curr_status;
10062 + out:
10063 + return err;
10064 + }
10065 +diff --git a/drivers/staging/wfx/debug.c b/drivers/staging/wfx/debug.c
10066 +index d17a75242365..1164aba118a1 100644
10067 +--- a/drivers/staging/wfx/debug.c
10068 ++++ b/drivers/staging/wfx/debug.c
10069 +@@ -145,7 +145,7 @@ static int wfx_rx_stats_show(struct seq_file *seq, void *v)
10070 + st->pwr_clk_freq,
10071 + st->is_ext_pwr_clk ? "yes" : "no");
10072 + seq_printf(seq,
10073 +- "N. of frames: %d, PER (x10e4): %d, Throughput: %dKbps/s\n",
10074 ++ "Num. of frames: %d, PER (x10e4): %d, Throughput: %dKbps/s\n",
10075 + st->nb_rx_frame, st->per_total, st->throughput);
10076 + seq_puts(seq, " Num. of PER RSSI SNR CFO\n");
10077 + seq_puts(seq, " frames (x10e4) (dBm) (dB) (kHz)\n");
10078 +diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
10079 +index 1c8b349379af..77c4a9abe365 100644
10080 +--- a/drivers/usb/dwc3/core.h
10081 ++++ b/drivers/usb/dwc3/core.h
10082 +@@ -688,7 +688,9 @@ struct dwc3_ep {
10083 + #define DWC3_EP_STALL BIT(1)
10084 + #define DWC3_EP_WEDGE BIT(2)
10085 + #define DWC3_EP_TRANSFER_STARTED BIT(3)
10086 ++#define DWC3_EP_END_TRANSFER_PENDING BIT(4)
10087 + #define DWC3_EP_PENDING_REQUEST BIT(5)
10088 ++#define DWC3_EP_DELAY_START BIT(6)
10089 +
10090 + /* This last one is specific to EP0 */
10091 + #define DWC3_EP0_DIR_IN BIT(31)
10092 +diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c
10093 +index fd1b100d2927..6dee4dabc0a4 100644
10094 +--- a/drivers/usb/dwc3/ep0.c
10095 ++++ b/drivers/usb/dwc3/ep0.c
10096 +@@ -1136,8 +1136,10 @@ void dwc3_ep0_interrupt(struct dwc3 *dwc,
10097 + case DWC3_DEPEVT_EPCMDCMPLT:
10098 + cmd = DEPEVT_PARAMETER_CMD(event->parameters);
10099 +
10100 +- if (cmd == DWC3_DEPCMD_ENDTRANSFER)
10101 ++ if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
10102 ++ dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
10103 + dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
10104 ++ }
10105 + break;
10106 + }
10107 + }
10108 +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
10109 +index 154f3f3e8cff..8b95be897078 100644
10110 +--- a/drivers/usb/dwc3/gadget.c
10111 ++++ b/drivers/usb/dwc3/gadget.c
10112 +@@ -1447,6 +1447,12 @@ static int __dwc3_gadget_ep_queue(struct dwc3_ep *dep, struct dwc3_request *req)
10113 + list_add_tail(&req->list, &dep->pending_list);
10114 + req->status = DWC3_REQUEST_STATUS_QUEUED;
10115 +
10116 ++ /* Start the transfer only after the END_TRANSFER is completed */
10117 ++ if (dep->flags & DWC3_EP_END_TRANSFER_PENDING) {
10118 ++ dep->flags |= DWC3_EP_DELAY_START;
10119 ++ return 0;
10120 ++ }
10121 ++
10122 + /*
10123 + * NOTICE: Isochronous endpoints should NEVER be prestarted. We must
10124 + * wait for a XferNotReady event so we will know what's the current
10125 +@@ -2625,8 +2631,14 @@ static void dwc3_endpoint_interrupt(struct dwc3 *dwc,
10126 + cmd = DEPEVT_PARAMETER_CMD(event->parameters);
10127 +
10128 + if (cmd == DWC3_DEPCMD_ENDTRANSFER) {
10129 ++ dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING;
10130 + dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
10131 + dwc3_gadget_ep_cleanup_cancelled_requests(dep);
10132 ++ if ((dep->flags & DWC3_EP_DELAY_START) &&
10133 ++ !usb_endpoint_xfer_isoc(dep->endpoint.desc))
10134 ++ __dwc3_gadget_kick_transfer(dep);
10135 ++
10136 ++ dep->flags &= ~DWC3_EP_DELAY_START;
10137 + }
10138 + break;
10139 + case DWC3_DEPEVT_STREAMEVT:
10140 +@@ -2683,7 +2695,8 @@ static void dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force,
10141 + u32 cmd;
10142 + int ret;
10143 +
10144 +- if (!(dep->flags & DWC3_EP_TRANSFER_STARTED))
10145 ++ if (!(dep->flags & DWC3_EP_TRANSFER_STARTED) ||
10146 ++ (dep->flags & DWC3_EP_END_TRANSFER_PENDING))
10147 + return;
10148 +
10149 + /*
10150 +@@ -2728,6 +2741,8 @@ static void dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force,
10151 +
10152 + if (!interrupt)
10153 + dep->flags &= ~DWC3_EP_TRANSFER_STARTED;
10154 ++ else
10155 ++ dep->flags |= DWC3_EP_END_TRANSFER_PENDING;
10156 +
10157 + if (dwc3_is_usb31(dwc) || dwc->revision < DWC3_REVISION_310A)
10158 + udelay(100);
10159 +diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c
10160 +index 460d5d7c984f..7f5cf488b2b1 100644
10161 +--- a/drivers/usb/gadget/function/f_ecm.c
10162 ++++ b/drivers/usb/gadget/function/f_ecm.c
10163 +@@ -52,6 +52,7 @@ struct f_ecm {
10164 + struct usb_ep *notify;
10165 + struct usb_request *notify_req;
10166 + u8 notify_state;
10167 ++ atomic_t notify_count;
10168 + bool is_open;
10169 +
10170 + /* FIXME is_open needs some irq-ish locking
10171 +@@ -380,7 +381,7 @@ static void ecm_do_notify(struct f_ecm *ecm)
10172 + int status;
10173 +
10174 + /* notification already in flight? */
10175 +- if (!req)
10176 ++ if (atomic_read(&ecm->notify_count))
10177 + return;
10178 +
10179 + event = req->buf;
10180 +@@ -420,10 +421,10 @@ static void ecm_do_notify(struct f_ecm *ecm)
10181 + event->bmRequestType = 0xA1;
10182 + event->wIndex = cpu_to_le16(ecm->ctrl_id);
10183 +
10184 +- ecm->notify_req = NULL;
10185 ++ atomic_inc(&ecm->notify_count);
10186 + status = usb_ep_queue(ecm->notify, req, GFP_ATOMIC);
10187 + if (status < 0) {
10188 +- ecm->notify_req = req;
10189 ++ atomic_dec(&ecm->notify_count);
10190 + DBG(cdev, "notify --> %d\n", status);
10191 + }
10192 + }
10193 +@@ -448,17 +449,19 @@ static void ecm_notify_complete(struct usb_ep *ep, struct usb_request *req)
10194 + switch (req->status) {
10195 + case 0:
10196 + /* no fault */
10197 ++ atomic_dec(&ecm->notify_count);
10198 + break;
10199 + case -ECONNRESET:
10200 + case -ESHUTDOWN:
10201 ++ atomic_set(&ecm->notify_count, 0);
10202 + ecm->notify_state = ECM_NOTIFY_NONE;
10203 + break;
10204 + default:
10205 + DBG(cdev, "event %02x --> %d\n",
10206 + event->bNotificationType, req->status);
10207 ++ atomic_dec(&ecm->notify_count);
10208 + break;
10209 + }
10210 +- ecm->notify_req = req;
10211 + ecm_do_notify(ecm);
10212 + }
10213 +
10214 +@@ -907,6 +910,11 @@ static void ecm_unbind(struct usb_configuration *c, struct usb_function *f)
10215 +
10216 + usb_free_all_descriptors(f);
10217 +
10218 ++ if (atomic_read(&ecm->notify_count)) {
10219 ++ usb_ep_dequeue(ecm->notify, ecm->notify_req);
10220 ++ atomic_set(&ecm->notify_count, 0);
10221 ++ }
10222 ++
10223 + kfree(ecm->notify_req->buf);
10224 + usb_ep_free_request(ecm->notify, ecm->notify_req);
10225 + }
10226 +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
10227 +index 0bbccac94d6c..6f8b67e61771 100644
10228 +--- a/drivers/usb/gadget/function/f_fs.c
10229 ++++ b/drivers/usb/gadget/function/f_fs.c
10230 +@@ -1062,6 +1062,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
10231 + req->num_sgs = io_data->sgt.nents;
10232 + } else {
10233 + req->buf = data;
10234 ++ req->num_sgs = 0;
10235 + }
10236 + req->length = data_len;
10237 +
10238 +@@ -1105,6 +1106,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
10239 + req->num_sgs = io_data->sgt.nents;
10240 + } else {
10241 + req->buf = data;
10242 ++ req->num_sgs = 0;
10243 + }
10244 + req->length = data_len;
10245 +
10246 +diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c
10247 +index 2d6e76e4cffa..1d900081b1f0 100644
10248 +--- a/drivers/usb/gadget/function/f_ncm.c
10249 ++++ b/drivers/usb/gadget/function/f_ncm.c
10250 +@@ -53,6 +53,7 @@ struct f_ncm {
10251 + struct usb_ep *notify;
10252 + struct usb_request *notify_req;
10253 + u8 notify_state;
10254 ++ atomic_t notify_count;
10255 + bool is_open;
10256 +
10257 + const struct ndp_parser_opts *parser_opts;
10258 +@@ -547,7 +548,7 @@ static void ncm_do_notify(struct f_ncm *ncm)
10259 + int status;
10260 +
10261 + /* notification already in flight? */
10262 +- if (!req)
10263 ++ if (atomic_read(&ncm->notify_count))
10264 + return;
10265 +
10266 + event = req->buf;
10267 +@@ -587,7 +588,8 @@ static void ncm_do_notify(struct f_ncm *ncm)
10268 + event->bmRequestType = 0xA1;
10269 + event->wIndex = cpu_to_le16(ncm->ctrl_id);
10270 +
10271 +- ncm->notify_req = NULL;
10272 ++ atomic_inc(&ncm->notify_count);
10273 ++
10274 + /*
10275 + * In double buffering if there is a space in FIFO,
10276 + * completion callback can be called right after the call,
10277 +@@ -597,7 +599,7 @@ static void ncm_do_notify(struct f_ncm *ncm)
10278 + status = usb_ep_queue(ncm->notify, req, GFP_ATOMIC);
10279 + spin_lock(&ncm->lock);
10280 + if (status < 0) {
10281 +- ncm->notify_req = req;
10282 ++ atomic_dec(&ncm->notify_count);
10283 + DBG(cdev, "notify --> %d\n", status);
10284 + }
10285 + }
10286 +@@ -632,17 +634,19 @@ static void ncm_notify_complete(struct usb_ep *ep, struct usb_request *req)
10287 + case 0:
10288 + VDBG(cdev, "Notification %02x sent\n",
10289 + event->bNotificationType);
10290 ++ atomic_dec(&ncm->notify_count);
10291 + break;
10292 + case -ECONNRESET:
10293 + case -ESHUTDOWN:
10294 ++ atomic_set(&ncm->notify_count, 0);
10295 + ncm->notify_state = NCM_NOTIFY_NONE;
10296 + break;
10297 + default:
10298 + DBG(cdev, "event %02x --> %d\n",
10299 + event->bNotificationType, req->status);
10300 ++ atomic_dec(&ncm->notify_count);
10301 + break;
10302 + }
10303 +- ncm->notify_req = req;
10304 + ncm_do_notify(ncm);
10305 + spin_unlock(&ncm->lock);
10306 + }
10307 +@@ -1649,6 +1653,11 @@ static void ncm_unbind(struct usb_configuration *c, struct usb_function *f)
10308 + ncm_string_defs[0].id = 0;
10309 + usb_free_all_descriptors(f);
10310 +
10311 ++ if (atomic_read(&ncm->notify_count)) {
10312 ++ usb_ep_dequeue(ncm->notify, ncm->notify_req);
10313 ++ atomic_set(&ncm->notify_count, 0);
10314 ++ }
10315 ++
10316 + kfree(ncm->notify_req->buf);
10317 + usb_ep_free_request(ncm->notify, ncm->notify_req);
10318 + }
10319 +diff --git a/drivers/usb/gadget/legacy/cdc2.c b/drivers/usb/gadget/legacy/cdc2.c
10320 +index da1c37933ca1..8d7a556ece30 100644
10321 +--- a/drivers/usb/gadget/legacy/cdc2.c
10322 ++++ b/drivers/usb/gadget/legacy/cdc2.c
10323 +@@ -225,7 +225,7 @@ static struct usb_composite_driver cdc_driver = {
10324 + .name = "g_cdc",
10325 + .dev = &device_desc,
10326 + .strings = dev_strings,
10327 +- .max_speed = USB_SPEED_HIGH,
10328 ++ .max_speed = USB_SPEED_SUPER,
10329 + .bind = cdc_bind,
10330 + .unbind = cdc_unbind,
10331 + };
10332 +diff --git a/drivers/usb/gadget/legacy/g_ffs.c b/drivers/usb/gadget/legacy/g_ffs.c
10333 +index b640ed3fcf70..ae6d8f7092b8 100644
10334 +--- a/drivers/usb/gadget/legacy/g_ffs.c
10335 ++++ b/drivers/usb/gadget/legacy/g_ffs.c
10336 +@@ -149,7 +149,7 @@ static struct usb_composite_driver gfs_driver = {
10337 + .name = DRIVER_NAME,
10338 + .dev = &gfs_dev_desc,
10339 + .strings = gfs_dev_strings,
10340 +- .max_speed = USB_SPEED_HIGH,
10341 ++ .max_speed = USB_SPEED_SUPER,
10342 + .bind = gfs_bind,
10343 + .unbind = gfs_unbind,
10344 + };
10345 +diff --git a/drivers/usb/gadget/legacy/multi.c b/drivers/usb/gadget/legacy/multi.c
10346 +index 50515f9e1022..ec9749845660 100644
10347 +--- a/drivers/usb/gadget/legacy/multi.c
10348 ++++ b/drivers/usb/gadget/legacy/multi.c
10349 +@@ -482,7 +482,7 @@ static struct usb_composite_driver multi_driver = {
10350 + .name = "g_multi",
10351 + .dev = &device_desc,
10352 + .strings = dev_strings,
10353 +- .max_speed = USB_SPEED_HIGH,
10354 ++ .max_speed = USB_SPEED_SUPER,
10355 + .bind = multi_bind,
10356 + .unbind = multi_unbind,
10357 + .needs_serial = 1,
10358 +diff --git a/drivers/usb/gadget/legacy/ncm.c b/drivers/usb/gadget/legacy/ncm.c
10359 +index 8465f081e921..c61e71ba7045 100644
10360 +--- a/drivers/usb/gadget/legacy/ncm.c
10361 ++++ b/drivers/usb/gadget/legacy/ncm.c
10362 +@@ -197,7 +197,7 @@ static struct usb_composite_driver ncm_driver = {
10363 + .name = "g_ncm",
10364 + .dev = &device_desc,
10365 + .strings = dev_strings,
10366 +- .max_speed = USB_SPEED_HIGH,
10367 ++ .max_speed = USB_SPEED_SUPER,
10368 + .bind = gncm_bind,
10369 + .unbind = gncm_unbind,
10370 + };
10371 +diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c
10372 +index 8b4ff9fff340..753645bb2527 100644
10373 +--- a/drivers/usb/typec/tcpm/tcpci.c
10374 ++++ b/drivers/usb/typec/tcpm/tcpci.c
10375 +@@ -591,6 +591,12 @@ static int tcpci_probe(struct i2c_client *client,
10376 + static int tcpci_remove(struct i2c_client *client)
10377 + {
10378 + struct tcpci_chip *chip = i2c_get_clientdata(client);
10379 ++ int err;
10380 ++
10381 ++ /* Disable chip interrupts before unregistering port */
10382 ++ err = tcpci_write16(chip->tcpci, TCPC_ALERT_MASK, 0);
10383 ++ if (err < 0)
10384 ++ return err;
10385 +
10386 + tcpci_unregister_port(chip->tcpci);
10387 +
10388 +diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
10389 +index 93f995f6cf36..7e5d84caeb94 100644
10390 +--- a/drivers/virtio/virtio_balloon.c
10391 ++++ b/drivers/virtio/virtio_balloon.c
10392 +@@ -475,7 +475,9 @@ static int init_vqs(struct virtio_balloon *vb)
10393 + names[VIRTIO_BALLOON_VQ_INFLATE] = "inflate";
10394 + callbacks[VIRTIO_BALLOON_VQ_DEFLATE] = balloon_ack;
10395 + names[VIRTIO_BALLOON_VQ_DEFLATE] = "deflate";
10396 ++ callbacks[VIRTIO_BALLOON_VQ_STATS] = NULL;
10397 + names[VIRTIO_BALLOON_VQ_STATS] = NULL;
10398 ++ callbacks[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL;
10399 + names[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL;
10400 +
10401 + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
10402 +@@ -899,8 +901,7 @@ static int virtballoon_probe(struct virtio_device *vdev)
10403 + vb->vb_dev_info.inode = alloc_anon_inode(balloon_mnt->mnt_sb);
10404 + if (IS_ERR(vb->vb_dev_info.inode)) {
10405 + err = PTR_ERR(vb->vb_dev_info.inode);
10406 +- kern_unmount(balloon_mnt);
10407 +- goto out_del_vqs;
10408 ++ goto out_kern_unmount;
10409 + }
10410 + vb->vb_dev_info.inode->i_mapping->a_ops = &balloon_aops;
10411 + #endif
10412 +@@ -911,13 +912,13 @@ static int virtballoon_probe(struct virtio_device *vdev)
10413 + */
10414 + if (virtqueue_get_vring_size(vb->free_page_vq) < 2) {
10415 + err = -ENOSPC;
10416 +- goto out_del_vqs;
10417 ++ goto out_iput;
10418 + }
10419 + vb->balloon_wq = alloc_workqueue("balloon-wq",
10420 + WQ_FREEZABLE | WQ_CPU_INTENSIVE, 0);
10421 + if (!vb->balloon_wq) {
10422 + err = -ENOMEM;
10423 +- goto out_del_vqs;
10424 ++ goto out_iput;
10425 + }
10426 + INIT_WORK(&vb->report_free_page_work, report_free_page_func);
10427 + vb->cmd_id_received_cache = VIRTIO_BALLOON_CMD_ID_STOP;
10428 +@@ -951,6 +952,12 @@ static int virtballoon_probe(struct virtio_device *vdev)
10429 + out_del_balloon_wq:
10430 + if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
10431 + destroy_workqueue(vb->balloon_wq);
10432 ++out_iput:
10433 ++#ifdef CONFIG_BALLOON_COMPACTION
10434 ++ iput(vb->vb_dev_info.inode);
10435 ++out_kern_unmount:
10436 ++ kern_unmount(balloon_mnt);
10437 ++#endif
10438 + out_del_vqs:
10439 + vdev->config->del_vqs(vdev);
10440 + out_free_vb:
10441 +@@ -966,6 +973,10 @@ static void remove_common(struct virtio_balloon *vb)
10442 + leak_balloon(vb, vb->num_pages);
10443 + update_balloon_size(vb);
10444 +
10445 ++ /* There might be free pages that are being reported: release them. */
10446 ++ if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
10447 ++ return_free_pages_to_mm(vb, ULONG_MAX);
10448 ++
10449 + /* Now we reset the device so we can clean up the queues. */
10450 + vb->vdev->config->reset(vb->vdev);
10451 +
10452 +diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
10453 +index f2862f66c2ac..222d630c41fc 100644
10454 +--- a/drivers/virtio/virtio_pci_common.c
10455 ++++ b/drivers/virtio/virtio_pci_common.c
10456 +@@ -294,7 +294,7 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs,
10457 + /* Best option: one for change interrupt, one per vq. */
10458 + nvectors = 1;
10459 + for (i = 0; i < nvqs; ++i)
10460 +- if (callbacks[i])
10461 ++ if (names[i] && callbacks[i])
10462 + ++nvectors;
10463 + } else {
10464 + /* Second best: one for change, shared for all vqs. */
10465 +diff --git a/drivers/watchdog/watchdog_core.c b/drivers/watchdog/watchdog_core.c
10466 +index 21e8085b848b..861daf4f37b2 100644
10467 +--- a/drivers/watchdog/watchdog_core.c
10468 ++++ b/drivers/watchdog/watchdog_core.c
10469 +@@ -147,6 +147,25 @@ int watchdog_init_timeout(struct watchdog_device *wdd,
10470 + }
10471 + EXPORT_SYMBOL_GPL(watchdog_init_timeout);
10472 +
10473 ++static int watchdog_reboot_notifier(struct notifier_block *nb,
10474 ++ unsigned long code, void *data)
10475 ++{
10476 ++ struct watchdog_device *wdd;
10477 ++
10478 ++ wdd = container_of(nb, struct watchdog_device, reboot_nb);
10479 ++ if (code == SYS_DOWN || code == SYS_HALT) {
10480 ++ if (watchdog_active(wdd)) {
10481 ++ int ret;
10482 ++
10483 ++ ret = wdd->ops->stop(wdd);
10484 ++ if (ret)
10485 ++ return NOTIFY_BAD;
10486 ++ }
10487 ++ }
10488 ++
10489 ++ return NOTIFY_DONE;
10490 ++}
10491 ++
10492 + static int watchdog_restart_notifier(struct notifier_block *nb,
10493 + unsigned long action, void *data)
10494 + {
10495 +@@ -235,6 +254,19 @@ static int __watchdog_register_device(struct watchdog_device *wdd)
10496 + }
10497 + }
10498 +
10499 ++ if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) {
10500 ++ wdd->reboot_nb.notifier_call = watchdog_reboot_notifier;
10501 ++
10502 ++ ret = register_reboot_notifier(&wdd->reboot_nb);
10503 ++ if (ret) {
10504 ++ pr_err("watchdog%d: Cannot register reboot notifier (%d)\n",
10505 ++ wdd->id, ret);
10506 ++ watchdog_dev_unregister(wdd);
10507 ++ ida_simple_remove(&watchdog_ida, id);
10508 ++ return ret;
10509 ++ }
10510 ++ }
10511 ++
10512 + if (wdd->ops->restart) {
10513 + wdd->restart_nb.notifier_call = watchdog_restart_notifier;
10514 +
10515 +@@ -289,6 +321,9 @@ static void __watchdog_unregister_device(struct watchdog_device *wdd)
10516 + if (wdd->ops->restart)
10517 + unregister_restart_handler(&wdd->restart_nb);
10518 +
10519 ++ if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status))
10520 ++ unregister_reboot_notifier(&wdd->reboot_nb);
10521 ++
10522 + watchdog_dev_unregister(wdd);
10523 + ida_simple_remove(&watchdog_ida, wdd->id);
10524 + }
10525 +diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
10526 +index 4b2a85438478..8b5c742f24e8 100644
10527 +--- a/drivers/watchdog/watchdog_dev.c
10528 ++++ b/drivers/watchdog/watchdog_dev.c
10529 +@@ -38,7 +38,6 @@
10530 + #include <linux/miscdevice.h> /* For handling misc devices */
10531 + #include <linux/module.h> /* For module stuff/... */
10532 + #include <linux/mutex.h> /* For mutexes */
10533 +-#include <linux/reboot.h> /* For reboot notifier */
10534 + #include <linux/slab.h> /* For memory functions */
10535 + #include <linux/types.h> /* For standard types (like size_t) */
10536 + #include <linux/watchdog.h> /* For watchdog specific items */
10537 +@@ -1097,25 +1096,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
10538 + put_device(&wd_data->dev);
10539 + }
10540 +
10541 +-static int watchdog_reboot_notifier(struct notifier_block *nb,
10542 +- unsigned long code, void *data)
10543 +-{
10544 +- struct watchdog_device *wdd;
10545 +-
10546 +- wdd = container_of(nb, struct watchdog_device, reboot_nb);
10547 +- if (code == SYS_DOWN || code == SYS_HALT) {
10548 +- if (watchdog_active(wdd)) {
10549 +- int ret;
10550 +-
10551 +- ret = wdd->ops->stop(wdd);
10552 +- if (ret)
10553 +- return NOTIFY_BAD;
10554 +- }
10555 +- }
10556 +-
10557 +- return NOTIFY_DONE;
10558 +-}
10559 +-
10560 + /*
10561 + * watchdog_dev_register: register a watchdog device
10562 + * @wdd: watchdog device
10563 +@@ -1134,22 +1114,8 @@ int watchdog_dev_register(struct watchdog_device *wdd)
10564 + return ret;
10565 +
10566 + ret = watchdog_register_pretimeout(wdd);
10567 +- if (ret) {
10568 ++ if (ret)
10569 + watchdog_cdev_unregister(wdd);
10570 +- return ret;
10571 +- }
10572 +-
10573 +- if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) {
10574 +- wdd->reboot_nb.notifier_call = watchdog_reboot_notifier;
10575 +-
10576 +- ret = devm_register_reboot_notifier(&wdd->wd_data->dev,
10577 +- &wdd->reboot_nb);
10578 +- if (ret) {
10579 +- pr_err("watchdog%d: Cannot register reboot notifier (%d)\n",
10580 +- wdd->id, ret);
10581 +- watchdog_dev_unregister(wdd);
10582 +- }
10583 +- }
10584 +
10585 + return ret;
10586 + }
10587 +diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
10588 +index 4fc83e3f5ad3..0258415ca0b2 100644
10589 +--- a/drivers/xen/gntdev.c
10590 ++++ b/drivers/xen/gntdev.c
10591 +@@ -1006,19 +1006,19 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
10592 + }
10593 + mutex_unlock(&priv->lock);
10594 +
10595 +- /*
10596 +- * gntdev takes the address of the PTE in find_grant_ptes() and passes
10597 +- * it to the hypervisor in gntdev_map_grant_pages(). The purpose of
10598 +- * the notifier is to prevent the hypervisor pointer to the PTE from
10599 +- * going stale.
10600 +- *
10601 +- * Since this vma's mappings can't be touched without the mmap_sem,
10602 +- * and we are holding it now, there is no need for the notifier_range
10603 +- * locking pattern.
10604 +- */
10605 +- mmu_interval_read_begin(&map->notifier);
10606 +-
10607 + if (use_ptemod) {
10608 ++ /*
10609 ++ * gntdev takes the address of the PTE in find_grant_ptes() and
10610 ++ * passes it to the hypervisor in gntdev_map_grant_pages(). The
10611 ++ * purpose of the notifier is to prevent the hypervisor pointer
10612 ++ * to the PTE from going stale.
10613 ++ *
10614 ++ * Since this vma's mappings can't be touched without the
10615 ++ * mmap_sem, and we are holding it now, there is no need for
10616 ++ * the notifier_range locking pattern.
10617 ++ */
10618 ++ mmu_interval_read_begin(&map->notifier);
10619 ++
10620 + map->pages_vm_start = vma->vm_start;
10621 + err = apply_to_page_range(vma->vm_mm, vma->vm_start,
10622 + vma->vm_end - vma->vm_start,
10623 +diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c
10624 +index 6d12fc368210..a8d24433c8e9 100644
10625 +--- a/drivers/xen/xen-balloon.c
10626 ++++ b/drivers/xen/xen-balloon.c
10627 +@@ -94,7 +94,7 @@ static void watch_target(struct xenbus_watch *watch,
10628 + "%llu", &static_max) == 1))
10629 + static_max >>= PAGE_SHIFT - 10;
10630 + else
10631 +- static_max = new_target;
10632 ++ static_max = balloon_stats.current_pages;
10633 +
10634 + target_diff = (xen_pv_domain() || xen_initial_domain()) ? 0
10635 + : static_max - balloon_stats.target_pages;
10636 +diff --git a/fs/aio.c b/fs/aio.c
10637 +index a9fbad2ce5e6..5f3d3d814928 100644
10638 +--- a/fs/aio.c
10639 ++++ b/fs/aio.c
10640 +@@ -1610,6 +1610,14 @@ static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb,
10641 + return 0;
10642 + }
10643 +
10644 ++static void aio_poll_put_work(struct work_struct *work)
10645 ++{
10646 ++ struct poll_iocb *req = container_of(work, struct poll_iocb, work);
10647 ++ struct aio_kiocb *iocb = container_of(req, struct aio_kiocb, poll);
10648 ++
10649 ++ iocb_put(iocb);
10650 ++}
10651 ++
10652 + static void aio_poll_complete_work(struct work_struct *work)
10653 + {
10654 + struct poll_iocb *req = container_of(work, struct poll_iocb, work);
10655 +@@ -1674,6 +1682,8 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
10656 + list_del_init(&req->wait.entry);
10657 +
10658 + if (mask && spin_trylock_irqsave(&iocb->ki_ctx->ctx_lock, flags)) {
10659 ++ struct kioctx *ctx = iocb->ki_ctx;
10660 ++
10661 + /*
10662 + * Try to complete the iocb inline if we can. Use
10663 + * irqsave/irqrestore because not all filesystems (e.g. fuse)
10664 +@@ -1683,8 +1693,14 @@ static int aio_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
10665 + list_del(&iocb->ki_list);
10666 + iocb->ki_res.res = mangle_poll(mask);
10667 + req->done = true;
10668 +- spin_unlock_irqrestore(&iocb->ki_ctx->ctx_lock, flags);
10669 +- iocb_put(iocb);
10670 ++ if (iocb->ki_eventfd && eventfd_signal_count()) {
10671 ++ iocb = NULL;
10672 ++ INIT_WORK(&req->work, aio_poll_put_work);
10673 ++ schedule_work(&req->work);
10674 ++ }
10675 ++ spin_unlock_irqrestore(&ctx->ctx_lock, flags);
10676 ++ if (iocb)
10677 ++ iocb_put(iocb);
10678 + } else {
10679 + schedule_work(&req->work);
10680 + }
10681 +diff --git a/fs/attr.c b/fs/attr.c
10682 +index df28035aa23e..b4bbdbd4c8ca 100644
10683 +--- a/fs/attr.c
10684 ++++ b/fs/attr.c
10685 +@@ -183,18 +183,12 @@ void setattr_copy(struct inode *inode, const struct iattr *attr)
10686 + inode->i_uid = attr->ia_uid;
10687 + if (ia_valid & ATTR_GID)
10688 + inode->i_gid = attr->ia_gid;
10689 +- if (ia_valid & ATTR_ATIME) {
10690 +- inode->i_atime = timestamp_truncate(attr->ia_atime,
10691 +- inode);
10692 +- }
10693 +- if (ia_valid & ATTR_MTIME) {
10694 +- inode->i_mtime = timestamp_truncate(attr->ia_mtime,
10695 +- inode);
10696 +- }
10697 +- if (ia_valid & ATTR_CTIME) {
10698 +- inode->i_ctime = timestamp_truncate(attr->ia_ctime,
10699 +- inode);
10700 +- }
10701 ++ if (ia_valid & ATTR_ATIME)
10702 ++ inode->i_atime = attr->ia_atime;
10703 ++ if (ia_valid & ATTR_MTIME)
10704 ++ inode->i_mtime = attr->ia_mtime;
10705 ++ if (ia_valid & ATTR_CTIME)
10706 ++ inode->i_ctime = attr->ia_ctime;
10707 + if (ia_valid & ATTR_MODE) {
10708 + umode_t mode = attr->ia_mode;
10709 +
10710 +@@ -268,8 +262,13 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de
10711 + attr->ia_ctime = now;
10712 + if (!(ia_valid & ATTR_ATIME_SET))
10713 + attr->ia_atime = now;
10714 ++ else
10715 ++ attr->ia_atime = timestamp_truncate(attr->ia_atime, inode);
10716 + if (!(ia_valid & ATTR_MTIME_SET))
10717 + attr->ia_mtime = now;
10718 ++ else
10719 ++ attr->ia_mtime = timestamp_truncate(attr->ia_mtime, inode);
10720 ++
10721 + if (ia_valid & ATTR_KILL_PRIV) {
10722 + error = security_inode_need_killpriv(dentry);
10723 + if (error < 0)
10724 +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
10725 +index 24658b5a5787..f2ec1a9bae28 100644
10726 +--- a/fs/btrfs/ctree.c
10727 ++++ b/fs/btrfs/ctree.c
10728 +@@ -326,12 +326,10 @@ u64 btrfs_get_tree_mod_seq(struct btrfs_fs_info *fs_info,
10729 + struct seq_list *elem)
10730 + {
10731 + write_lock(&fs_info->tree_mod_log_lock);
10732 +- spin_lock(&fs_info->tree_mod_seq_lock);
10733 + if (!elem->seq) {
10734 + elem->seq = btrfs_inc_tree_mod_seq(fs_info);
10735 + list_add_tail(&elem->list, &fs_info->tree_mod_seq_list);
10736 + }
10737 +- spin_unlock(&fs_info->tree_mod_seq_lock);
10738 + write_unlock(&fs_info->tree_mod_log_lock);
10739 +
10740 + return elem->seq;
10741 +@@ -351,7 +349,7 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info,
10742 + if (!seq_putting)
10743 + return;
10744 +
10745 +- spin_lock(&fs_info->tree_mod_seq_lock);
10746 ++ write_lock(&fs_info->tree_mod_log_lock);
10747 + list_del(&elem->list);
10748 + elem->seq = 0;
10749 +
10750 +@@ -362,19 +360,17 @@ void btrfs_put_tree_mod_seq(struct btrfs_fs_info *fs_info,
10751 + * blocker with lower sequence number exists, we
10752 + * cannot remove anything from the log
10753 + */
10754 +- spin_unlock(&fs_info->tree_mod_seq_lock);
10755 ++ write_unlock(&fs_info->tree_mod_log_lock);
10756 + return;
10757 + }
10758 + min_seq = cur_elem->seq;
10759 + }
10760 + }
10761 +- spin_unlock(&fs_info->tree_mod_seq_lock);
10762 +
10763 + /*
10764 + * anything that's lower than the lowest existing (read: blocked)
10765 + * sequence number can be removed from the tree.
10766 + */
10767 +- write_lock(&fs_info->tree_mod_log_lock);
10768 + tm_root = &fs_info->tree_mod_log;
10769 + for (node = rb_first(tm_root); node; node = next) {
10770 + next = rb_next(node);
10771 +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
10772 +index 54efb21c2727..ba7292435c14 100644
10773 +--- a/fs/btrfs/ctree.h
10774 ++++ b/fs/btrfs/ctree.h
10775 +@@ -673,14 +673,12 @@ struct btrfs_fs_info {
10776 + atomic_t nr_delayed_iputs;
10777 + wait_queue_head_t delayed_iputs_wait;
10778 +
10779 +- /* this protects tree_mod_seq_list */
10780 +- spinlock_t tree_mod_seq_lock;
10781 + atomic64_t tree_mod_seq;
10782 +- struct list_head tree_mod_seq_list;
10783 +
10784 +- /* this protects tree_mod_log */
10785 ++ /* this protects tree_mod_log and tree_mod_seq_list */
10786 + rwlock_t tree_mod_log_lock;
10787 + struct rb_root tree_mod_log;
10788 ++ struct list_head tree_mod_seq_list;
10789 +
10790 + atomic_t async_delalloc_pages;
10791 +
10792 +diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c
10793 +index df3bd880061d..dfdb7d4f8406 100644
10794 +--- a/fs/btrfs/delayed-ref.c
10795 ++++ b/fs/btrfs/delayed-ref.c
10796 +@@ -492,7 +492,7 @@ void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans,
10797 + if (head->is_data)
10798 + return;
10799 +
10800 +- spin_lock(&fs_info->tree_mod_seq_lock);
10801 ++ read_lock(&fs_info->tree_mod_log_lock);
10802 + if (!list_empty(&fs_info->tree_mod_seq_list)) {
10803 + struct seq_list *elem;
10804 +
10805 +@@ -500,7 +500,7 @@ void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans,
10806 + struct seq_list, list);
10807 + seq = elem->seq;
10808 + }
10809 +- spin_unlock(&fs_info->tree_mod_seq_lock);
10810 ++ read_unlock(&fs_info->tree_mod_log_lock);
10811 +
10812 + again:
10813 + for (node = rb_first_cached(&head->ref_tree); node;
10814 +@@ -518,7 +518,7 @@ int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, u64 seq)
10815 + struct seq_list *elem;
10816 + int ret = 0;
10817 +
10818 +- spin_lock(&fs_info->tree_mod_seq_lock);
10819 ++ read_lock(&fs_info->tree_mod_log_lock);
10820 + if (!list_empty(&fs_info->tree_mod_seq_list)) {
10821 + elem = list_first_entry(&fs_info->tree_mod_seq_list,
10822 + struct seq_list, list);
10823 +@@ -531,7 +531,7 @@ int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, u64 seq)
10824 + }
10825 + }
10826 +
10827 +- spin_unlock(&fs_info->tree_mod_seq_lock);
10828 ++ read_unlock(&fs_info->tree_mod_log_lock);
10829 + return ret;
10830 + }
10831 +
10832 +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
10833 +index e0edfdc9c82b..0c3c6450d1df 100644
10834 +--- a/fs/btrfs/disk-io.c
10835 ++++ b/fs/btrfs/disk-io.c
10836 +@@ -2691,7 +2691,6 @@ int __cold open_ctree(struct super_block *sb,
10837 + spin_lock_init(&fs_info->fs_roots_radix_lock);
10838 + spin_lock_init(&fs_info->delayed_iput_lock);
10839 + spin_lock_init(&fs_info->defrag_inodes_lock);
10840 +- spin_lock_init(&fs_info->tree_mod_seq_lock);
10841 + spin_lock_init(&fs_info->super_lock);
10842 + spin_lock_init(&fs_info->buffer_lock);
10843 + spin_lock_init(&fs_info->unused_bgs_lock);
10844 +@@ -4026,11 +4025,18 @@ void __cold close_ctree(struct btrfs_fs_info *fs_info)
10845 + invalidate_inode_pages2(fs_info->btree_inode->i_mapping);
10846 + btrfs_stop_all_workers(fs_info);
10847 +
10848 +- btrfs_free_block_groups(fs_info);
10849 +-
10850 + clear_bit(BTRFS_FS_OPEN, &fs_info->flags);
10851 + free_root_pointers(fs_info, true);
10852 +
10853 ++ /*
10854 ++ * We must free the block groups after dropping the fs_roots as we could
10855 ++ * have had an IO error and have left over tree log blocks that aren't
10856 ++ * cleaned up until the fs roots are freed. This makes the block group
10857 ++ * accounting appear to be wrong because there's pending reserved bytes,
10858 ++ * so make sure we do the block group cleanup afterwards.
10859 ++ */
10860 ++ btrfs_free_block_groups(fs_info);
10861 ++
10862 + iput(fs_info->btree_inode);
10863 +
10864 + #ifdef CONFIG_BTRFS_FS_CHECK_INTEGRITY
10865 +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
10866 +index 2f4802f405a2..5e7d6e3463ab 100644
10867 +--- a/fs/btrfs/extent_io.c
10868 ++++ b/fs/btrfs/extent_io.c
10869 +@@ -1593,21 +1593,25 @@ void find_first_clear_extent_bit(struct extent_io_tree *tree, u64 start,
10870 + /* Find first extent with bits cleared */
10871 + while (1) {
10872 + node = __etree_search(tree, start, &next, &prev, NULL, NULL);
10873 +- if (!node) {
10874 ++ if (!node && !next && !prev) {
10875 ++ /*
10876 ++ * Tree is completely empty, send full range and let
10877 ++ * caller deal with it
10878 ++ */
10879 ++ *start_ret = 0;
10880 ++ *end_ret = -1;
10881 ++ goto out;
10882 ++ } else if (!node && !next) {
10883 ++ /*
10884 ++ * We are past the last allocated chunk, set start at
10885 ++ * the end of the last extent.
10886 ++ */
10887 ++ state = rb_entry(prev, struct extent_state, rb_node);
10888 ++ *start_ret = state->end + 1;
10889 ++ *end_ret = -1;
10890 ++ goto out;
10891 ++ } else if (!node) {
10892 + node = next;
10893 +- if (!node) {
10894 +- /*
10895 +- * We are past the last allocated chunk,
10896 +- * set start at the end of the last extent. The
10897 +- * device alloc tree should never be empty so
10898 +- * prev is always set.
10899 +- */
10900 +- ASSERT(prev);
10901 +- state = rb_entry(prev, struct extent_state, rb_node);
10902 +- *start_ret = state->end + 1;
10903 +- *end_ret = -1;
10904 +- goto out;
10905 +- }
10906 + }
10907 + /*
10908 + * At this point 'node' either contains 'start' or start is
10909 +@@ -3941,6 +3945,11 @@ int btree_write_cache_pages(struct address_space *mapping,
10910 + if (wbc->range_cyclic) {
10911 + index = mapping->writeback_index; /* Start from prev offset */
10912 + end = -1;
10913 ++ /*
10914 ++ * Start from the beginning does not need to cycle over the
10915 ++ * range, mark it as scanned.
10916 ++ */
10917 ++ scanned = (index == 0);
10918 + } else {
10919 + index = wbc->range_start >> PAGE_SHIFT;
10920 + end = wbc->range_end >> PAGE_SHIFT;
10921 +@@ -3958,7 +3967,6 @@ retry:
10922 + tag))) {
10923 + unsigned i;
10924 +
10925 +- scanned = 1;
10926 + for (i = 0; i < nr_pages; i++) {
10927 + struct page *page = pvec.pages[i];
10928 +
10929 +@@ -4087,6 +4095,11 @@ static int extent_write_cache_pages(struct address_space *mapping,
10930 + if (wbc->range_cyclic) {
10931 + index = mapping->writeback_index; /* Start from prev offset */
10932 + end = -1;
10933 ++ /*
10934 ++ * Start from the beginning does not need to cycle over the
10935 ++ * range, mark it as scanned.
10936 ++ */
10937 ++ scanned = (index == 0);
10938 + } else {
10939 + index = wbc->range_start >> PAGE_SHIFT;
10940 + end = wbc->range_end >> PAGE_SHIFT;
10941 +@@ -4120,7 +4133,6 @@ retry:
10942 + &index, end, tag))) {
10943 + unsigned i;
10944 +
10945 +- scanned = 1;
10946 + for (i = 0; i < nr_pages; i++) {
10947 + struct page *page = pvec.pages[i];
10948 +
10949 +@@ -4180,7 +4192,16 @@ retry:
10950 + */
10951 + scanned = 1;
10952 + index = 0;
10953 +- goto retry;
10954 ++
10955 ++ /*
10956 ++ * If we're looping we could run into a page that is locked by a
10957 ++ * writer and that writer could be waiting on writeback for a
10958 ++ * page in our current bio, and thus deadlock, so flush the
10959 ++ * write bio here.
10960 ++ */
10961 ++ ret = flush_write_bio(epd);
10962 ++ if (!ret)
10963 ++ goto retry;
10964 + }
10965 +
10966 + if (wbc->range_cyclic || (wbc->nr_to_write > 0 && range_whole))
10967 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
10968 +index 12ae31e1813e..173758d86feb 100644
10969 +--- a/fs/btrfs/ioctl.c
10970 ++++ b/fs/btrfs/ioctl.c
10971 +@@ -3243,6 +3243,7 @@ static void btrfs_double_extent_lock(struct inode *inode1, u64 loff1,
10972 + static int btrfs_extent_same_range(struct inode *src, u64 loff, u64 len,
10973 + struct inode *dst, u64 dst_loff)
10974 + {
10975 ++ const u64 bs = BTRFS_I(src)->root->fs_info->sb->s_blocksize;
10976 + int ret;
10977 +
10978 + /*
10979 +@@ -3250,7 +3251,7 @@ static int btrfs_extent_same_range(struct inode *src, u64 loff, u64 len,
10980 + * source range to serialize with relocation.
10981 + */
10982 + btrfs_double_extent_lock(src, loff, dst, dst_loff, len);
10983 +- ret = btrfs_clone(src, dst, loff, len, len, dst_loff, 1);
10984 ++ ret = btrfs_clone(src, dst, loff, len, ALIGN(len, bs), dst_loff, 1);
10985 + btrfs_double_extent_unlock(src, loff, dst, dst_loff, len);
10986 +
10987 + return ret;
10988 +diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
10989 +index 091e5bc8c7ea..a055b657cb85 100644
10990 +--- a/fs/btrfs/send.c
10991 ++++ b/fs/btrfs/send.c
10992 +@@ -1269,7 +1269,8 @@ static int __iterate_backrefs(u64 ino, u64 offset, u64 root, void *ctx_)
10993 + * destination of the stream.
10994 + */
10995 + if (ino == bctx->cur_objectid &&
10996 +- offset >= bctx->sctx->cur_inode_next_write_offset)
10997 ++ offset + bctx->extent_len >
10998 ++ bctx->sctx->cur_inode_next_write_offset)
10999 + return 0;
11000 + }
11001 +
11002 +diff --git a/fs/btrfs/tests/btrfs-tests.c b/fs/btrfs/tests/btrfs-tests.c
11003 +index a7aca4141788..fa3d49d8e503 100644
11004 +--- a/fs/btrfs/tests/btrfs-tests.c
11005 ++++ b/fs/btrfs/tests/btrfs-tests.c
11006 +@@ -121,7 +121,6 @@ struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(u32 nodesize, u32 sectorsize)
11007 + spin_lock_init(&fs_info->qgroup_lock);
11008 + spin_lock_init(&fs_info->super_lock);
11009 + spin_lock_init(&fs_info->fs_roots_radix_lock);
11010 +- spin_lock_init(&fs_info->tree_mod_seq_lock);
11011 + mutex_init(&fs_info->qgroup_ioctl_lock);
11012 + mutex_init(&fs_info->qgroup_rescan_lock);
11013 + rwlock_init(&fs_info->tree_mod_log_lock);
11014 +diff --git a/fs/btrfs/tests/extent-io-tests.c b/fs/btrfs/tests/extent-io-tests.c
11015 +index 123d9a614357..df7ce874a74b 100644
11016 +--- a/fs/btrfs/tests/extent-io-tests.c
11017 ++++ b/fs/btrfs/tests/extent-io-tests.c
11018 +@@ -441,8 +441,17 @@ static int test_find_first_clear_extent_bit(void)
11019 + int ret = -EINVAL;
11020 +
11021 + test_msg("running find_first_clear_extent_bit test");
11022 ++
11023 + extent_io_tree_init(NULL, &tree, IO_TREE_SELFTEST, NULL);
11024 +
11025 ++ /* Test correct handling of empty tree */
11026 ++ find_first_clear_extent_bit(&tree, 0, &start, &end, CHUNK_TRIMMED);
11027 ++ if (start != 0 || end != -1) {
11028 ++ test_err(
11029 ++ "error getting a range from completely empty tree: start %llu end %llu",
11030 ++ start, end);
11031 ++ goto out;
11032 ++ }
11033 + /*
11034 + * Set 1M-4M alloc/discard and 32M-64M thus leaving a hole between
11035 + * 4M-32M
11036 +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
11037 +index cfc08ef9b876..33dcc88b428a 100644
11038 +--- a/fs/btrfs/transaction.c
11039 ++++ b/fs/btrfs/transaction.c
11040 +@@ -147,13 +147,14 @@ void btrfs_put_transaction(struct btrfs_transaction *transaction)
11041 + }
11042 + }
11043 +
11044 +-static noinline void switch_commit_roots(struct btrfs_transaction *trans)
11045 ++static noinline void switch_commit_roots(struct btrfs_trans_handle *trans)
11046 + {
11047 ++ struct btrfs_transaction *cur_trans = trans->transaction;
11048 + struct btrfs_fs_info *fs_info = trans->fs_info;
11049 + struct btrfs_root *root, *tmp;
11050 +
11051 + down_write(&fs_info->commit_root_sem);
11052 +- list_for_each_entry_safe(root, tmp, &trans->switch_commits,
11053 ++ list_for_each_entry_safe(root, tmp, &cur_trans->switch_commits,
11054 + dirty_list) {
11055 + list_del_init(&root->dirty_list);
11056 + free_extent_buffer(root->commit_root);
11057 +@@ -165,16 +166,17 @@ static noinline void switch_commit_roots(struct btrfs_transaction *trans)
11058 + }
11059 +
11060 + /* We can free old roots now. */
11061 +- spin_lock(&trans->dropped_roots_lock);
11062 +- while (!list_empty(&trans->dropped_roots)) {
11063 +- root = list_first_entry(&trans->dropped_roots,
11064 ++ spin_lock(&cur_trans->dropped_roots_lock);
11065 ++ while (!list_empty(&cur_trans->dropped_roots)) {
11066 ++ root = list_first_entry(&cur_trans->dropped_roots,
11067 + struct btrfs_root, root_list);
11068 + list_del_init(&root->root_list);
11069 +- spin_unlock(&trans->dropped_roots_lock);
11070 ++ spin_unlock(&cur_trans->dropped_roots_lock);
11071 ++ btrfs_free_log(trans, root);
11072 + btrfs_drop_and_free_fs_root(fs_info, root);
11073 +- spin_lock(&trans->dropped_roots_lock);
11074 ++ spin_lock(&cur_trans->dropped_roots_lock);
11075 + }
11076 +- spin_unlock(&trans->dropped_roots_lock);
11077 ++ spin_unlock(&cur_trans->dropped_roots_lock);
11078 + up_write(&fs_info->commit_root_sem);
11079 + }
11080 +
11081 +@@ -1421,7 +1423,7 @@ static int qgroup_account_snapshot(struct btrfs_trans_handle *trans,
11082 + ret = commit_cowonly_roots(trans);
11083 + if (ret)
11084 + goto out;
11085 +- switch_commit_roots(trans->transaction);
11086 ++ switch_commit_roots(trans);
11087 + ret = btrfs_write_and_wait_transaction(trans);
11088 + if (ret)
11089 + btrfs_handle_fs_error(fs_info, ret,
11090 +@@ -2013,6 +2015,14 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
11091 +
11092 + ASSERT(refcount_read(&trans->use_count) == 1);
11093 +
11094 ++ /*
11095 ++ * Some places just start a transaction to commit it. We need to make
11096 ++ * sure that if this commit fails that the abort code actually marks the
11097 ++ * transaction as failed, so set trans->dirty to make the abort code do
11098 ++ * the right thing.
11099 ++ */
11100 ++ trans->dirty = true;
11101 ++
11102 + /* Stop the commit early if ->aborted is set */
11103 + if (unlikely(READ_ONCE(cur_trans->aborted))) {
11104 + ret = cur_trans->aborted;
11105 +@@ -2301,7 +2311,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans)
11106 + list_add_tail(&fs_info->chunk_root->dirty_list,
11107 + &cur_trans->switch_commits);
11108 +
11109 +- switch_commit_roots(cur_trans);
11110 ++ switch_commit_roots(trans);
11111 +
11112 + ASSERT(list_empty(&cur_trans->dirty_bgs));
11113 + ASSERT(list_empty(&cur_trans->io_bgs));
11114 +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
11115 +index d3f115909ff0..f5bb59470957 100644
11116 +--- a/fs/btrfs/tree-log.c
11117 ++++ b/fs/btrfs/tree-log.c
11118 +@@ -3935,7 +3935,7 @@ static int log_csums(struct btrfs_trans_handle *trans,
11119 + static noinline int copy_items(struct btrfs_trans_handle *trans,
11120 + struct btrfs_inode *inode,
11121 + struct btrfs_path *dst_path,
11122 +- struct btrfs_path *src_path, u64 *last_extent,
11123 ++ struct btrfs_path *src_path,
11124 + int start_slot, int nr, int inode_only,
11125 + u64 logged_isize)
11126 + {
11127 +@@ -3946,7 +3946,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
11128 + struct btrfs_file_extent_item *extent;
11129 + struct btrfs_inode_item *inode_item;
11130 + struct extent_buffer *src = src_path->nodes[0];
11131 +- struct btrfs_key first_key, last_key, key;
11132 + int ret;
11133 + struct btrfs_key *ins_keys;
11134 + u32 *ins_sizes;
11135 +@@ -3954,9 +3953,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
11136 + int i;
11137 + struct list_head ordered_sums;
11138 + int skip_csum = inode->flags & BTRFS_INODE_NODATASUM;
11139 +- bool has_extents = false;
11140 +- bool need_find_last_extent = true;
11141 +- bool done = false;
11142 +
11143 + INIT_LIST_HEAD(&ordered_sums);
11144 +
11145 +@@ -3965,8 +3961,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
11146 + if (!ins_data)
11147 + return -ENOMEM;
11148 +
11149 +- first_key.objectid = (u64)-1;
11150 +-
11151 + ins_sizes = (u32 *)ins_data;
11152 + ins_keys = (struct btrfs_key *)(ins_data + nr * sizeof(u32));
11153 +
11154 +@@ -3987,9 +3981,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
11155 +
11156 + src_offset = btrfs_item_ptr_offset(src, start_slot + i);
11157 +
11158 +- if (i == nr - 1)
11159 +- last_key = ins_keys[i];
11160 +-
11161 + if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) {
11162 + inode_item = btrfs_item_ptr(dst_path->nodes[0],
11163 + dst_path->slots[0],
11164 +@@ -4003,20 +3994,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
11165 + src_offset, ins_sizes[i]);
11166 + }
11167 +
11168 +- /*
11169 +- * We set need_find_last_extent here in case we know we were
11170 +- * processing other items and then walk into the first extent in
11171 +- * the inode. If we don't hit an extent then nothing changes,
11172 +- * we'll do the last search the next time around.
11173 +- */
11174 +- if (ins_keys[i].type == BTRFS_EXTENT_DATA_KEY) {
11175 +- has_extents = true;
11176 +- if (first_key.objectid == (u64)-1)
11177 +- first_key = ins_keys[i];
11178 +- } else {
11179 +- need_find_last_extent = false;
11180 +- }
11181 +-
11182 + /* take a reference on file data extents so that truncates
11183 + * or deletes of this inode don't have to relog the inode
11184 + * again
11185 +@@ -4082,167 +4059,6 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
11186 + kfree(sums);
11187 + }
11188 +
11189 +- if (!has_extents)
11190 +- return ret;
11191 +-
11192 +- if (need_find_last_extent && *last_extent == first_key.offset) {
11193 +- /*
11194 +- * We don't have any leafs between our current one and the one
11195 +- * we processed before that can have file extent items for our
11196 +- * inode (and have a generation number smaller than our current
11197 +- * transaction id).
11198 +- */
11199 +- need_find_last_extent = false;
11200 +- }
11201 +-
11202 +- /*
11203 +- * Because we use btrfs_search_forward we could skip leaves that were
11204 +- * not modified and then assume *last_extent is valid when it really
11205 +- * isn't. So back up to the previous leaf and read the end of the last
11206 +- * extent before we go and fill in holes.
11207 +- */
11208 +- if (need_find_last_extent) {
11209 +- u64 len;
11210 +-
11211 +- ret = btrfs_prev_leaf(inode->root, src_path);
11212 +- if (ret < 0)
11213 +- return ret;
11214 +- if (ret)
11215 +- goto fill_holes;
11216 +- if (src_path->slots[0])
11217 +- src_path->slots[0]--;
11218 +- src = src_path->nodes[0];
11219 +- btrfs_item_key_to_cpu(src, &key, src_path->slots[0]);
11220 +- if (key.objectid != btrfs_ino(inode) ||
11221 +- key.type != BTRFS_EXTENT_DATA_KEY)
11222 +- goto fill_holes;
11223 +- extent = btrfs_item_ptr(src, src_path->slots[0],
11224 +- struct btrfs_file_extent_item);
11225 +- if (btrfs_file_extent_type(src, extent) ==
11226 +- BTRFS_FILE_EXTENT_INLINE) {
11227 +- len = btrfs_file_extent_ram_bytes(src, extent);
11228 +- *last_extent = ALIGN(key.offset + len,
11229 +- fs_info->sectorsize);
11230 +- } else {
11231 +- len = btrfs_file_extent_num_bytes(src, extent);
11232 +- *last_extent = key.offset + len;
11233 +- }
11234 +- }
11235 +-fill_holes:
11236 +- /* So we did prev_leaf, now we need to move to the next leaf, but a few
11237 +- * things could have happened
11238 +- *
11239 +- * 1) A merge could have happened, so we could currently be on a leaf
11240 +- * that holds what we were copying in the first place.
11241 +- * 2) A split could have happened, and now not all of the items we want
11242 +- * are on the same leaf.
11243 +- *
11244 +- * So we need to adjust how we search for holes, we need to drop the
11245 +- * path and re-search for the first extent key we found, and then walk
11246 +- * forward until we hit the last one we copied.
11247 +- */
11248 +- if (need_find_last_extent) {
11249 +- /* btrfs_prev_leaf could return 1 without releasing the path */
11250 +- btrfs_release_path(src_path);
11251 +- ret = btrfs_search_slot(NULL, inode->root, &first_key,
11252 +- src_path, 0, 0);
11253 +- if (ret < 0)
11254 +- return ret;
11255 +- ASSERT(ret == 0);
11256 +- src = src_path->nodes[0];
11257 +- i = src_path->slots[0];
11258 +- } else {
11259 +- i = start_slot;
11260 +- }
11261 +-
11262 +- /*
11263 +- * Ok so here we need to go through and fill in any holes we may have
11264 +- * to make sure that holes are punched for those areas in case they had
11265 +- * extents previously.
11266 +- */
11267 +- while (!done) {
11268 +- u64 offset, len;
11269 +- u64 extent_end;
11270 +-
11271 +- if (i >= btrfs_header_nritems(src_path->nodes[0])) {
11272 +- ret = btrfs_next_leaf(inode->root, src_path);
11273 +- if (ret < 0)
11274 +- return ret;
11275 +- ASSERT(ret == 0);
11276 +- src = src_path->nodes[0];
11277 +- i = 0;
11278 +- need_find_last_extent = true;
11279 +- }
11280 +-
11281 +- btrfs_item_key_to_cpu(src, &key, i);
11282 +- if (!btrfs_comp_cpu_keys(&key, &last_key))
11283 +- done = true;
11284 +- if (key.objectid != btrfs_ino(inode) ||
11285 +- key.type != BTRFS_EXTENT_DATA_KEY) {
11286 +- i++;
11287 +- continue;
11288 +- }
11289 +- extent = btrfs_item_ptr(src, i, struct btrfs_file_extent_item);
11290 +- if (btrfs_file_extent_type(src, extent) ==
11291 +- BTRFS_FILE_EXTENT_INLINE) {
11292 +- len = btrfs_file_extent_ram_bytes(src, extent);
11293 +- extent_end = ALIGN(key.offset + len,
11294 +- fs_info->sectorsize);
11295 +- } else {
11296 +- len = btrfs_file_extent_num_bytes(src, extent);
11297 +- extent_end = key.offset + len;
11298 +- }
11299 +- i++;
11300 +-
11301 +- if (*last_extent == key.offset) {
11302 +- *last_extent = extent_end;
11303 +- continue;
11304 +- }
11305 +- offset = *last_extent;
11306 +- len = key.offset - *last_extent;
11307 +- ret = btrfs_insert_file_extent(trans, log, btrfs_ino(inode),
11308 +- offset, 0, 0, len, 0, len, 0, 0, 0);
11309 +- if (ret)
11310 +- break;
11311 +- *last_extent = extent_end;
11312 +- }
11313 +-
11314 +- /*
11315 +- * Check if there is a hole between the last extent found in our leaf
11316 +- * and the first extent in the next leaf. If there is one, we need to
11317 +- * log an explicit hole so that at replay time we can punch the hole.
11318 +- */
11319 +- if (ret == 0 &&
11320 +- key.objectid == btrfs_ino(inode) &&
11321 +- key.type == BTRFS_EXTENT_DATA_KEY &&
11322 +- i == btrfs_header_nritems(src_path->nodes[0])) {
11323 +- ret = btrfs_next_leaf(inode->root, src_path);
11324 +- need_find_last_extent = true;
11325 +- if (ret > 0) {
11326 +- ret = 0;
11327 +- } else if (ret == 0) {
11328 +- btrfs_item_key_to_cpu(src_path->nodes[0], &key,
11329 +- src_path->slots[0]);
11330 +- if (key.objectid == btrfs_ino(inode) &&
11331 +- key.type == BTRFS_EXTENT_DATA_KEY &&
11332 +- *last_extent < key.offset) {
11333 +- const u64 len = key.offset - *last_extent;
11334 +-
11335 +- ret = btrfs_insert_file_extent(trans, log,
11336 +- btrfs_ino(inode),
11337 +- *last_extent, 0,
11338 +- 0, len, 0, len,
11339 +- 0, 0, 0);
11340 +- *last_extent += len;
11341 +- }
11342 +- }
11343 +- }
11344 +- /*
11345 +- * Need to let the callers know we dropped the path so they should
11346 +- * re-search.
11347 +- */
11348 +- if (!ret && need_find_last_extent)
11349 +- ret = 1;
11350 + return ret;
11351 + }
11352 +
11353 +@@ -4407,7 +4223,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
11354 + const u64 i_size = i_size_read(&inode->vfs_inode);
11355 + const u64 ino = btrfs_ino(inode);
11356 + struct btrfs_path *dst_path = NULL;
11357 +- u64 last_extent = (u64)-1;
11358 ++ bool dropped_extents = false;
11359 + int ins_nr = 0;
11360 + int start_slot;
11361 + int ret;
11362 +@@ -4429,8 +4245,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
11363 + if (slot >= btrfs_header_nritems(leaf)) {
11364 + if (ins_nr > 0) {
11365 + ret = copy_items(trans, inode, dst_path, path,
11366 +- &last_extent, start_slot,
11367 +- ins_nr, 1, 0);
11368 ++ start_slot, ins_nr, 1, 0);
11369 + if (ret < 0)
11370 + goto out;
11371 + ins_nr = 0;
11372 +@@ -4454,8 +4269,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
11373 + path->slots[0]++;
11374 + continue;
11375 + }
11376 +- if (last_extent == (u64)-1) {
11377 +- last_extent = key.offset;
11378 ++ if (!dropped_extents) {
11379 + /*
11380 + * Avoid logging extent items logged in past fsync calls
11381 + * and leading to duplicate keys in the log tree.
11382 +@@ -4469,6 +4283,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
11383 + } while (ret == -EAGAIN);
11384 + if (ret)
11385 + goto out;
11386 ++ dropped_extents = true;
11387 + }
11388 + if (ins_nr == 0)
11389 + start_slot = slot;
11390 +@@ -4483,7 +4298,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans,
11391 + }
11392 + }
11393 + if (ins_nr > 0) {
11394 +- ret = copy_items(trans, inode, dst_path, path, &last_extent,
11395 ++ ret = copy_items(trans, inode, dst_path, path,
11396 + start_slot, ins_nr, 1, 0);
11397 + if (ret > 0)
11398 + ret = 0;
11399 +@@ -4670,13 +4485,8 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans,
11400 +
11401 + if (slot >= nritems) {
11402 + if (ins_nr > 0) {
11403 +- u64 last_extent = 0;
11404 +-
11405 + ret = copy_items(trans, inode, dst_path, path,
11406 +- &last_extent, start_slot,
11407 +- ins_nr, 1, 0);
11408 +- /* can't be 1, extent items aren't processed */
11409 +- ASSERT(ret <= 0);
11410 ++ start_slot, ins_nr, 1, 0);
11411 + if (ret < 0)
11412 + return ret;
11413 + ins_nr = 0;
11414 +@@ -4700,13 +4510,8 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans,
11415 + cond_resched();
11416 + }
11417 + if (ins_nr > 0) {
11418 +- u64 last_extent = 0;
11419 +-
11420 + ret = copy_items(trans, inode, dst_path, path,
11421 +- &last_extent, start_slot,
11422 +- ins_nr, 1, 0);
11423 +- /* can't be 1, extent items aren't processed */
11424 +- ASSERT(ret <= 0);
11425 ++ start_slot, ins_nr, 1, 0);
11426 + if (ret < 0)
11427 + return ret;
11428 + }
11429 +@@ -4715,100 +4520,119 @@ static int btrfs_log_all_xattrs(struct btrfs_trans_handle *trans,
11430 + }
11431 +
11432 + /*
11433 +- * If the no holes feature is enabled we need to make sure any hole between the
11434 +- * last extent and the i_size of our inode is explicitly marked in the log. This
11435 +- * is to make sure that doing something like:
11436 +- *
11437 +- * 1) create file with 128Kb of data
11438 +- * 2) truncate file to 64Kb
11439 +- * 3) truncate file to 256Kb
11440 +- * 4) fsync file
11441 +- * 5) <crash/power failure>
11442 +- * 6) mount fs and trigger log replay
11443 +- *
11444 +- * Will give us a file with a size of 256Kb, the first 64Kb of data match what
11445 +- * the file had in its first 64Kb of data at step 1 and the last 192Kb of the
11446 +- * file correspond to a hole. The presence of explicit holes in a log tree is
11447 +- * what guarantees that log replay will remove/adjust file extent items in the
11448 +- * fs/subvol tree.
11449 +- *
11450 +- * Here we do not need to care about holes between extents, that is already done
11451 +- * by copy_items(). We also only need to do this in the full sync path, where we
11452 +- * lookup for extents from the fs/subvol tree only. In the fast path case, we
11453 +- * lookup the list of modified extent maps and if any represents a hole, we
11454 +- * insert a corresponding extent representing a hole in the log tree.
11455 ++ * When using the NO_HOLES feature if we punched a hole that causes the
11456 ++ * deletion of entire leafs or all the extent items of the first leaf (the one
11457 ++ * that contains the inode item and references) we may end up not processing
11458 ++ * any extents, because there are no leafs with a generation matching the
11459 ++ * current transaction that have extent items for our inode. So we need to find
11460 ++ * if any holes exist and then log them. We also need to log holes after any
11461 ++ * truncate operation that changes the inode's size.
11462 + */
11463 +-static int btrfs_log_trailing_hole(struct btrfs_trans_handle *trans,
11464 +- struct btrfs_root *root,
11465 +- struct btrfs_inode *inode,
11466 +- struct btrfs_path *path)
11467 ++static int btrfs_log_holes(struct btrfs_trans_handle *trans,
11468 ++ struct btrfs_root *root,
11469 ++ struct btrfs_inode *inode,
11470 ++ struct btrfs_path *path)
11471 + {
11472 + struct btrfs_fs_info *fs_info = root->fs_info;
11473 +- int ret;
11474 + struct btrfs_key key;
11475 +- u64 hole_start;
11476 +- u64 hole_size;
11477 +- struct extent_buffer *leaf;
11478 +- struct btrfs_root *log = root->log_root;
11479 + const u64 ino = btrfs_ino(inode);
11480 + const u64 i_size = i_size_read(&inode->vfs_inode);
11481 ++ u64 prev_extent_end = 0;
11482 ++ int ret;
11483 +
11484 +- if (!btrfs_fs_incompat(fs_info, NO_HOLES))
11485 ++ if (!btrfs_fs_incompat(fs_info, NO_HOLES) || i_size == 0)
11486 + return 0;
11487 +
11488 + key.objectid = ino;
11489 + key.type = BTRFS_EXTENT_DATA_KEY;
11490 +- key.offset = (u64)-1;
11491 ++ key.offset = 0;
11492 +
11493 + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
11494 +- ASSERT(ret != 0);
11495 + if (ret < 0)
11496 + return ret;
11497 +
11498 +- ASSERT(path->slots[0] > 0);
11499 +- path->slots[0]--;
11500 +- leaf = path->nodes[0];
11501 +- btrfs_item_key_to_cpu(leaf, &key, path->slots[0]);
11502 +-
11503 +- if (key.objectid != ino || key.type != BTRFS_EXTENT_DATA_KEY) {
11504 +- /* inode does not have any extents */
11505 +- hole_start = 0;
11506 +- hole_size = i_size;
11507 +- } else {
11508 ++ while (true) {
11509 + struct btrfs_file_extent_item *extent;
11510 ++ struct extent_buffer *leaf = path->nodes[0];
11511 + u64 len;
11512 +
11513 +- /*
11514 +- * If there's an extent beyond i_size, an explicit hole was
11515 +- * already inserted by copy_items().
11516 +- */
11517 +- if (key.offset >= i_size)
11518 +- return 0;
11519 ++ if (path->slots[0] >= btrfs_header_nritems(path->nodes[0])) {
11520 ++ ret = btrfs_next_leaf(root, path);
11521 ++ if (ret < 0)
11522 ++ return ret;
11523 ++ if (ret > 0) {
11524 ++ ret = 0;
11525 ++ break;
11526 ++ }
11527 ++ leaf = path->nodes[0];
11528 ++ }
11529 ++
11530 ++ btrfs_item_key_to_cpu(leaf, &key, path->slots[0]);
11531 ++ if (key.objectid != ino || key.type != BTRFS_EXTENT_DATA_KEY)
11532 ++ break;
11533 ++
11534 ++ /* We have a hole, log it. */
11535 ++ if (prev_extent_end < key.offset) {
11536 ++ const u64 hole_len = key.offset - prev_extent_end;
11537 ++
11538 ++ /*
11539 ++ * Release the path to avoid deadlocks with other code
11540 ++ * paths that search the root while holding locks on
11541 ++ * leafs from the log root.
11542 ++ */
11543 ++ btrfs_release_path(path);
11544 ++ ret = btrfs_insert_file_extent(trans, root->log_root,
11545 ++ ino, prev_extent_end, 0,
11546 ++ 0, hole_len, 0, hole_len,
11547 ++ 0, 0, 0);
11548 ++ if (ret < 0)
11549 ++ return ret;
11550 ++
11551 ++ /*
11552 ++ * Search for the same key again in the root. Since it's
11553 ++ * an extent item and we are holding the inode lock, the
11554 ++ * key must still exist. If it doesn't just emit warning
11555 ++ * and return an error to fall back to a transaction
11556 ++ * commit.
11557 ++ */
11558 ++ ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
11559 ++ if (ret < 0)
11560 ++ return ret;
11561 ++ if (WARN_ON(ret > 0))
11562 ++ return -ENOENT;
11563 ++ leaf = path->nodes[0];
11564 ++ }
11565 +
11566 + extent = btrfs_item_ptr(leaf, path->slots[0],
11567 + struct btrfs_file_extent_item);
11568 +-
11569 + if (btrfs_file_extent_type(leaf, extent) ==
11570 +- BTRFS_FILE_EXTENT_INLINE)
11571 +- return 0;
11572 ++ BTRFS_FILE_EXTENT_INLINE) {
11573 ++ len = btrfs_file_extent_ram_bytes(leaf, extent);
11574 ++ prev_extent_end = ALIGN(key.offset + len,
11575 ++ fs_info->sectorsize);
11576 ++ } else {
11577 ++ len = btrfs_file_extent_num_bytes(leaf, extent);
11578 ++ prev_extent_end = key.offset + len;
11579 ++ }
11580 +
11581 +- len = btrfs_file_extent_num_bytes(leaf, extent);
11582 +- /* Last extent goes beyond i_size, no need to log a hole. */
11583 +- if (key.offset + len > i_size)
11584 +- return 0;
11585 +- hole_start = key.offset + len;
11586 +- hole_size = i_size - hole_start;
11587 ++ path->slots[0]++;
11588 ++ cond_resched();
11589 + }
11590 +- btrfs_release_path(path);
11591 +
11592 +- /* Last extent ends at i_size. */
11593 +- if (hole_size == 0)
11594 +- return 0;
11595 ++ if (prev_extent_end < i_size) {
11596 ++ u64 hole_len;
11597 +
11598 +- hole_size = ALIGN(hole_size, fs_info->sectorsize);
11599 +- ret = btrfs_insert_file_extent(trans, log, ino, hole_start, 0, 0,
11600 +- hole_size, 0, hole_size, 0, 0, 0);
11601 +- return ret;
11602 ++ btrfs_release_path(path);
11603 ++ hole_len = ALIGN(i_size - prev_extent_end, fs_info->sectorsize);
11604 ++ ret = btrfs_insert_file_extent(trans, root->log_root,
11605 ++ ino, prev_extent_end, 0, 0,
11606 ++ hole_len, 0, hole_len,
11607 ++ 0, 0, 0);
11608 ++ if (ret < 0)
11609 ++ return ret;
11610 ++ }
11611 ++
11612 ++ return 0;
11613 + }
11614 +
11615 + /*
11616 +@@ -5011,6 +4835,50 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans,
11617 + }
11618 + continue;
11619 + }
11620 ++ /*
11621 ++ * If the inode was already logged skip it - otherwise we can
11622 ++ * hit an infinite loop. Example:
11623 ++ *
11624 ++ * From the commit root (previous transaction) we have the
11625 ++ * following inodes:
11626 ++ *
11627 ++ * inode 257 a directory
11628 ++ * inode 258 with references "zz" and "zz_link" on inode 257
11629 ++ * inode 259 with reference "a" on inode 257
11630 ++ *
11631 ++ * And in the current (uncommitted) transaction we have:
11632 ++ *
11633 ++ * inode 257 a directory, unchanged
11634 ++ * inode 258 with references "a" and "a2" on inode 257
11635 ++ * inode 259 with reference "zz_link" on inode 257
11636 ++ * inode 261 with reference "zz" on inode 257
11637 ++ *
11638 ++ * When logging inode 261 the following infinite loop could
11639 ++ * happen if we don't skip already logged inodes:
11640 ++ *
11641 ++ * - we detect inode 258 as a conflicting inode, with inode 261
11642 ++ * on reference "zz", and log it;
11643 ++ *
11644 ++ * - we detect inode 259 as a conflicting inode, with inode 258
11645 ++ * on reference "a", and log it;
11646 ++ *
11647 ++ * - we detect inode 258 as a conflicting inode, with inode 259
11648 ++ * on reference "zz_link", and log it - again! After this we
11649 ++ * repeat the above steps forever.
11650 ++ */
11651 ++ spin_lock(&BTRFS_I(inode)->lock);
11652 ++ /*
11653 ++ * Check the inode's logged_trans only instead of
11654 ++ * btrfs_inode_in_log(). This is because the last_log_commit of
11655 ++ * the inode is not updated when we only log that it exists and
11656 ++ * and it has the full sync bit set (see btrfs_log_inode()).
11657 ++ */
11658 ++ if (BTRFS_I(inode)->logged_trans == trans->transid) {
11659 ++ spin_unlock(&BTRFS_I(inode)->lock);
11660 ++ btrfs_add_delayed_iput(inode);
11661 ++ continue;
11662 ++ }
11663 ++ spin_unlock(&BTRFS_I(inode)->lock);
11664 + /*
11665 + * We are safe logging the other inode without acquiring its
11666 + * lock as long as we log with the LOG_INODE_EXISTS mode. We
11667 +@@ -5110,7 +4978,6 @@ static int btrfs_log_inode(struct btrfs_trans_handle *trans,
11668 + struct btrfs_key min_key;
11669 + struct btrfs_key max_key;
11670 + struct btrfs_root *log = root->log_root;
11671 +- u64 last_extent = 0;
11672 + int err = 0;
11673 + int ret;
11674 + int nritems;
11675 +@@ -5288,7 +5155,7 @@ again:
11676 + ins_start_slot = path->slots[0];
11677 + }
11678 + ret = copy_items(trans, inode, dst_path, path,
11679 +- &last_extent, ins_start_slot,
11680 ++ ins_start_slot,
11681 + ins_nr, inode_only,
11682 + logged_isize);
11683 + if (ret < 0) {
11684 +@@ -5311,17 +5178,13 @@ again:
11685 + if (ins_nr == 0)
11686 + goto next_slot;
11687 + ret = copy_items(trans, inode, dst_path, path,
11688 +- &last_extent, ins_start_slot,
11689 ++ ins_start_slot,
11690 + ins_nr, inode_only, logged_isize);
11691 + if (ret < 0) {
11692 + err = ret;
11693 + goto out_unlock;
11694 + }
11695 + ins_nr = 0;
11696 +- if (ret) {
11697 +- btrfs_release_path(path);
11698 +- continue;
11699 +- }
11700 + goto next_slot;
11701 + }
11702 +
11703 +@@ -5334,18 +5197,13 @@ again:
11704 + goto next_slot;
11705 + }
11706 +
11707 +- ret = copy_items(trans, inode, dst_path, path, &last_extent,
11708 ++ ret = copy_items(trans, inode, dst_path, path,
11709 + ins_start_slot, ins_nr, inode_only,
11710 + logged_isize);
11711 + if (ret < 0) {
11712 + err = ret;
11713 + goto out_unlock;
11714 + }
11715 +- if (ret) {
11716 +- ins_nr = 0;
11717 +- btrfs_release_path(path);
11718 +- continue;
11719 +- }
11720 + ins_nr = 1;
11721 + ins_start_slot = path->slots[0];
11722 + next_slot:
11723 +@@ -5359,13 +5217,12 @@ next_slot:
11724 + }
11725 + if (ins_nr) {
11726 + ret = copy_items(trans, inode, dst_path, path,
11727 +- &last_extent, ins_start_slot,
11728 ++ ins_start_slot,
11729 + ins_nr, inode_only, logged_isize);
11730 + if (ret < 0) {
11731 + err = ret;
11732 + goto out_unlock;
11733 + }
11734 +- ret = 0;
11735 + ins_nr = 0;
11736 + }
11737 + btrfs_release_path(path);
11738 +@@ -5380,14 +5237,13 @@ next_key:
11739 + }
11740 + }
11741 + if (ins_nr) {
11742 +- ret = copy_items(trans, inode, dst_path, path, &last_extent,
11743 ++ ret = copy_items(trans, inode, dst_path, path,
11744 + ins_start_slot, ins_nr, inode_only,
11745 + logged_isize);
11746 + if (ret < 0) {
11747 + err = ret;
11748 + goto out_unlock;
11749 + }
11750 +- ret = 0;
11751 + ins_nr = 0;
11752 + }
11753 +
11754 +@@ -5400,7 +5256,7 @@ next_key:
11755 + if (max_key.type >= BTRFS_EXTENT_DATA_KEY && !fast_search) {
11756 + btrfs_release_path(path);
11757 + btrfs_release_path(dst_path);
11758 +- err = btrfs_log_trailing_hole(trans, root, inode, path);
11759 ++ err = btrfs_log_holes(trans, root, inode, path);
11760 + if (err)
11761 + goto out_unlock;
11762 + }
11763 +diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
11764 +index 9b78e720c697..72ff80f7f24c 100644
11765 +--- a/fs/btrfs/volumes.c
11766 ++++ b/fs/btrfs/volumes.c
11767 +@@ -697,17 +697,28 @@ static struct btrfs_fs_devices *find_fsid_changed(
11768 + /*
11769 + * Handles the case where scanned device is part of an fs that had
11770 + * multiple successful changes of FSID but curently device didn't
11771 +- * observe it. Meaning our fsid will be different than theirs.
11772 ++ * observe it. Meaning our fsid will be different than theirs. We need
11773 ++ * to handle two subcases :
11774 ++ * 1 - The fs still continues to have different METADATA/FSID uuids.
11775 ++ * 2 - The fs is switched back to its original FSID (METADATA/FSID
11776 ++ * are equal).
11777 + */
11778 + list_for_each_entry(fs_devices, &fs_uuids, fs_list) {
11779 ++ /* Changed UUIDs */
11780 + if (memcmp(fs_devices->metadata_uuid, fs_devices->fsid,
11781 + BTRFS_FSID_SIZE) != 0 &&
11782 + memcmp(fs_devices->metadata_uuid, disk_super->metadata_uuid,
11783 + BTRFS_FSID_SIZE) == 0 &&
11784 + memcmp(fs_devices->fsid, disk_super->fsid,
11785 +- BTRFS_FSID_SIZE) != 0) {
11786 ++ BTRFS_FSID_SIZE) != 0)
11787 ++ return fs_devices;
11788 ++
11789 ++ /* Unchanged UUIDs */
11790 ++ if (memcmp(fs_devices->metadata_uuid, fs_devices->fsid,
11791 ++ BTRFS_FSID_SIZE) == 0 &&
11792 ++ memcmp(fs_devices->fsid, disk_super->metadata_uuid,
11793 ++ BTRFS_FSID_SIZE) == 0)
11794 + return fs_devices;
11795 +- }
11796 + }
11797 +
11798 + return NULL;
11799 +diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
11800 +index 96ae72b556ac..fb41e51dd574 100644
11801 +--- a/fs/cifs/cifsacl.c
11802 ++++ b/fs/cifs/cifsacl.c
11803 +@@ -802,6 +802,26 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl,
11804 + return;
11805 + }
11806 +
11807 ++unsigned int setup_authusers_ACE(struct cifs_ace *pntace)
11808 ++{
11809 ++ int i;
11810 ++ unsigned int ace_size = 20;
11811 ++
11812 ++ pntace->type = ACCESS_ALLOWED_ACE_TYPE;
11813 ++ pntace->flags = 0x0;
11814 ++ pntace->access_req = cpu_to_le32(GENERIC_ALL);
11815 ++ pntace->sid.num_subauth = 1;
11816 ++ pntace->sid.revision = 1;
11817 ++ for (i = 0; i < NUM_AUTHS; i++)
11818 ++ pntace->sid.authority[i] = sid_authusers.authority[i];
11819 ++
11820 ++ pntace->sid.sub_auth[0] = sid_authusers.sub_auth[0];
11821 ++
11822 ++ /* size = 1 + 1 + 2 + 4 + 1 + 1 + 6 + (psid->num_subauth*4) */
11823 ++ pntace->size = cpu_to_le16(ace_size);
11824 ++ return ace_size;
11825 ++}
11826 ++
11827 + /*
11828 + * Fill in the special SID based on the mode. See
11829 + * http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
11830 +diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
11831 +index 9c229408a251..d6100299458a 100644
11832 +--- a/fs/cifs/cifsproto.h
11833 ++++ b/fs/cifs/cifsproto.h
11834 +@@ -213,6 +213,7 @@ extern struct cifs_ntsd *get_cifs_acl_by_fid(struct cifs_sb_info *,
11835 + const struct cifs_fid *, u32 *);
11836 + extern int set_cifs_acl(struct cifs_ntsd *, __u32, struct inode *,
11837 + const char *, int);
11838 ++extern unsigned int setup_authusers_ACE(struct cifs_ace *pace);
11839 + extern unsigned int setup_special_mode_ACE(struct cifs_ace *pace, __u64 nmode);
11840 +
11841 + extern void dequeue_mid(struct mid_q_entry *mid, bool malformed);
11842 +diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
11843 +index d17587c2c4ab..ba9dadf3be24 100644
11844 +--- a/fs/cifs/readdir.c
11845 ++++ b/fs/cifs/readdir.c
11846 +@@ -196,7 +196,8 @@ cifs_fill_common_info(struct cifs_fattr *fattr, struct cifs_sb_info *cifs_sb)
11847 + * may look wrong since the inodes may not have timed out by the time
11848 + * "ls" does a stat() call on them.
11849 + */
11850 +- if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_ACL)
11851 ++ if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_ACL) ||
11852 ++ (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID))
11853 + fattr->cf_flags |= CIFS_FATTR_NEED_REVAL;
11854 +
11855 + if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UNX_EMUL &&
11856 +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
11857 +index de254369c554..0a3b37abc5e1 100644
11858 +--- a/fs/cifs/smb2pdu.c
11859 ++++ b/fs/cifs/smb2pdu.c
11860 +@@ -350,9 +350,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon)
11861 + }
11862 +
11863 + rc = cifs_negotiate_protocol(0, tcon->ses);
11864 +- if (!rc && tcon->ses->need_reconnect)
11865 ++ if (!rc && tcon->ses->need_reconnect) {
11866 + rc = cifs_setup_session(0, tcon->ses, nls_codepage);
11867 +-
11868 ++ if ((rc == -EACCES) && !tcon->retry) {
11869 ++ rc = -EHOSTDOWN;
11870 ++ mutex_unlock(&tcon->ses->session_mutex);
11871 ++ goto failed;
11872 ++ }
11873 ++ }
11874 + if (rc || !tcon->need_reconnect) {
11875 + mutex_unlock(&tcon->ses->session_mutex);
11876 + goto out;
11877 +@@ -397,6 +402,7 @@ out:
11878 + case SMB2_SET_INFO:
11879 + rc = -EAGAIN;
11880 + }
11881 ++failed:
11882 + unload_nls(nls_codepage);
11883 + return rc;
11884 + }
11885 +@@ -2199,13 +2205,14 @@ create_sd_buf(umode_t mode, unsigned int *len)
11886 + struct cifs_ace *pace;
11887 + unsigned int sdlen, acelen;
11888 +
11889 +- *len = roundup(sizeof(struct crt_sd_ctxt) + sizeof(struct cifs_ace), 8);
11890 ++ *len = roundup(sizeof(struct crt_sd_ctxt) + sizeof(struct cifs_ace) * 2,
11891 ++ 8);
11892 + buf = kzalloc(*len, GFP_KERNEL);
11893 + if (buf == NULL)
11894 + return buf;
11895 +
11896 + sdlen = sizeof(struct smb3_sd) + sizeof(struct smb3_acl) +
11897 +- sizeof(struct cifs_ace);
11898 ++ 2 * sizeof(struct cifs_ace);
11899 +
11900 + buf->ccontext.DataOffset = cpu_to_le16(offsetof
11901 + (struct crt_sd_ctxt, sd));
11902 +@@ -2232,8 +2239,12 @@ create_sd_buf(umode_t mode, unsigned int *len)
11903 + /* create one ACE to hold the mode embedded in reserved special SID */
11904 + pace = (struct cifs_ace *)(sizeof(struct crt_sd_ctxt) + (char *)buf);
11905 + acelen = setup_special_mode_ACE(pace, (__u64)mode);
11906 ++ /* and one more ACE to allow access for authenticated users */
11907 ++ pace = (struct cifs_ace *)(acelen + (sizeof(struct crt_sd_ctxt) +
11908 ++ (char *)buf));
11909 ++ acelen += setup_authusers_ACE(pace);
11910 + buf->acl.AclSize = cpu_to_le16(sizeof(struct cifs_acl) + acelen);
11911 +- buf->acl.AceCount = cpu_to_le16(1);
11912 ++ buf->acl.AceCount = cpu_to_le16(2);
11913 + return buf;
11914 + }
11915 +
11916 +diff --git a/fs/configfs/inode.c b/fs/configfs/inode.c
11917 +index 680aba9c00d5..fd0b5dd68f9e 100644
11918 +--- a/fs/configfs/inode.c
11919 ++++ b/fs/configfs/inode.c
11920 +@@ -76,14 +76,11 @@ int configfs_setattr(struct dentry * dentry, struct iattr * iattr)
11921 + if (ia_valid & ATTR_GID)
11922 + sd_iattr->ia_gid = iattr->ia_gid;
11923 + if (ia_valid & ATTR_ATIME)
11924 +- sd_iattr->ia_atime = timestamp_truncate(iattr->ia_atime,
11925 +- inode);
11926 ++ sd_iattr->ia_atime = iattr->ia_atime;
11927 + if (ia_valid & ATTR_MTIME)
11928 +- sd_iattr->ia_mtime = timestamp_truncate(iattr->ia_mtime,
11929 +- inode);
11930 ++ sd_iattr->ia_mtime = iattr->ia_mtime;
11931 + if (ia_valid & ATTR_CTIME)
11932 +- sd_iattr->ia_ctime = timestamp_truncate(iattr->ia_ctime,
11933 +- inode);
11934 ++ sd_iattr->ia_ctime = iattr->ia_ctime;
11935 + if (ia_valid & ATTR_MODE) {
11936 + umode_t mode = iattr->ia_mode;
11937 +
11938 +diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
11939 +index 40cca351273f..f09cb4cfae4d 100644
11940 +--- a/fs/crypto/keyring.c
11941 ++++ b/fs/crypto/keyring.c
11942 +@@ -666,9 +666,6 @@ static int check_for_busy_inodes(struct super_block *sb,
11943 + struct list_head *pos;
11944 + size_t busy_count = 0;
11945 + unsigned long ino;
11946 +- struct dentry *dentry;
11947 +- char _path[256];
11948 +- char *path = NULL;
11949 +
11950 + spin_lock(&mk->mk_decrypted_inodes_lock);
11951 +
11952 +@@ -687,22 +684,14 @@ static int check_for_busy_inodes(struct super_block *sb,
11953 + struct fscrypt_info,
11954 + ci_master_key_link)->ci_inode;
11955 + ino = inode->i_ino;
11956 +- dentry = d_find_alias(inode);
11957 + }
11958 + spin_unlock(&mk->mk_decrypted_inodes_lock);
11959 +
11960 +- if (dentry) {
11961 +- path = dentry_path(dentry, _path, sizeof(_path));
11962 +- dput(dentry);
11963 +- }
11964 +- if (IS_ERR_OR_NULL(path))
11965 +- path = "(unknown)";
11966 +-
11967 + fscrypt_warn(NULL,
11968 +- "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu (%s)",
11969 ++ "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu",
11970 + sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),
11971 + master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,
11972 +- ino, path);
11973 ++ ino);
11974 + return -EBUSY;
11975 + }
11976 +
11977 +diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c
11978 +index 2890a67a1ded..5779a15c2cd6 100644
11979 +--- a/fs/erofs/decompressor.c
11980 ++++ b/fs/erofs/decompressor.c
11981 +@@ -306,24 +306,22 @@ static int z_erofs_shifted_transform(const struct z_erofs_decompress_req *rq,
11982 + }
11983 +
11984 + src = kmap_atomic(*rq->in);
11985 +- if (!rq->out[0]) {
11986 +- dst = NULL;
11987 +- } else {
11988 ++ if (rq->out[0]) {
11989 + dst = kmap_atomic(rq->out[0]);
11990 + memcpy(dst + rq->pageofs_out, src, righthalf);
11991 ++ kunmap_atomic(dst);
11992 + }
11993 +
11994 +- if (rq->out[1] == *rq->in) {
11995 +- memmove(src, src + righthalf, rq->pageofs_out);
11996 +- } else if (nrpages_out == 2) {
11997 +- if (dst)
11998 +- kunmap_atomic(dst);
11999 ++ if (nrpages_out == 2) {
12000 + DBG_BUGON(!rq->out[1]);
12001 +- dst = kmap_atomic(rq->out[1]);
12002 +- memcpy(dst, src + righthalf, rq->pageofs_out);
12003 ++ if (rq->out[1] == *rq->in) {
12004 ++ memmove(src, src + righthalf, rq->pageofs_out);
12005 ++ } else {
12006 ++ dst = kmap_atomic(rq->out[1]);
12007 ++ memcpy(dst, src + righthalf, rq->pageofs_out);
12008 ++ kunmap_atomic(dst);
12009 ++ }
12010 + }
12011 +- if (dst)
12012 +- kunmap_atomic(dst);
12013 + kunmap_atomic(src);
12014 + return 0;
12015 + }
12016 +diff --git a/fs/eventfd.c b/fs/eventfd.c
12017 +index 8aa0ea8c55e8..78e41c7c3d05 100644
12018 +--- a/fs/eventfd.c
12019 ++++ b/fs/eventfd.c
12020 +@@ -24,6 +24,8 @@
12021 + #include <linux/seq_file.h>
12022 + #include <linux/idr.h>
12023 +
12024 ++DEFINE_PER_CPU(int, eventfd_wake_count);
12025 ++
12026 + static DEFINE_IDA(eventfd_ida);
12027 +
12028 + struct eventfd_ctx {
12029 +@@ -60,12 +62,25 @@ __u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n)
12030 + {
12031 + unsigned long flags;
12032 +
12033 ++ /*
12034 ++ * Deadlock or stack overflow issues can happen if we recurse here
12035 ++ * through waitqueue wakeup handlers. If the caller users potentially
12036 ++ * nested waitqueues with custom wakeup handlers, then it should
12037 ++ * check eventfd_signal_count() before calling this function. If
12038 ++ * it returns true, the eventfd_signal() call should be deferred to a
12039 ++ * safe context.
12040 ++ */
12041 ++ if (WARN_ON_ONCE(this_cpu_read(eventfd_wake_count)))
12042 ++ return 0;
12043 ++
12044 + spin_lock_irqsave(&ctx->wqh.lock, flags);
12045 ++ this_cpu_inc(eventfd_wake_count);
12046 + if (ULLONG_MAX - ctx->count < n)
12047 + n = ULLONG_MAX - ctx->count;
12048 + ctx->count += n;
12049 + if (waitqueue_active(&ctx->wqh))
12050 + wake_up_locked_poll(&ctx->wqh, EPOLLIN);
12051 ++ this_cpu_dec(eventfd_wake_count);
12052 + spin_unlock_irqrestore(&ctx->wqh.lock, flags);
12053 +
12054 + return n;
12055 +diff --git a/fs/ext2/super.c b/fs/ext2/super.c
12056 +index bcffe25da2f0..0e76db275e23 100644
12057 +--- a/fs/ext2/super.c
12058 ++++ b/fs/ext2/super.c
12059 +@@ -1073,9 +1073,9 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
12060 +
12061 + if (EXT2_BLOCKS_PER_GROUP(sb) == 0)
12062 + goto cantfind_ext2;
12063 +- sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) -
12064 +- le32_to_cpu(es->s_first_data_block) - 1)
12065 +- / EXT2_BLOCKS_PER_GROUP(sb)) + 1;
12066 ++ sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) -
12067 ++ le32_to_cpu(es->s_first_data_block) - 1)
12068 ++ / EXT2_BLOCKS_PER_GROUP(sb)) + 1;
12069 + db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) /
12070 + EXT2_DESC_PER_BLOCK(sb);
12071 + sbi->s_group_desc = kmalloc_array (db_count,
12072 +diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
12073 +index 9f00fc0bf21d..060f8a6a5da9 100644
12074 +--- a/fs/ext4/dir.c
12075 ++++ b/fs/ext4/dir.c
12076 +@@ -672,9 +672,11 @@ static int ext4_d_compare(const struct dentry *dentry, unsigned int len,
12077 + const char *str, const struct qstr *name)
12078 + {
12079 + struct qstr qstr = {.name = str, .len = len };
12080 +- struct inode *inode = dentry->d_parent->d_inode;
12081 ++ const struct dentry *parent = READ_ONCE(dentry->d_parent);
12082 ++ const struct inode *inode = READ_ONCE(parent->d_inode);
12083 +
12084 +- if (!IS_CASEFOLDED(inode) || !EXT4_SB(inode->i_sb)->s_encoding) {
12085 ++ if (!inode || !IS_CASEFOLDED(inode) ||
12086 ++ !EXT4_SB(inode->i_sb)->s_encoding) {
12087 + if (len != name->len)
12088 + return -1;
12089 + return memcmp(str, name->name, len);
12090 +@@ -687,10 +689,11 @@ static int ext4_d_hash(const struct dentry *dentry, struct qstr *str)
12091 + {
12092 + const struct ext4_sb_info *sbi = EXT4_SB(dentry->d_sb);
12093 + const struct unicode_map *um = sbi->s_encoding;
12094 ++ const struct inode *inode = READ_ONCE(dentry->d_inode);
12095 + unsigned char *norm;
12096 + int len, ret = 0;
12097 +
12098 +- if (!IS_CASEFOLDED(dentry->d_inode) || !um)
12099 ++ if (!inode || !IS_CASEFOLDED(inode) || !um)
12100 + return 0;
12101 +
12102 + norm = kmalloc(PATH_MAX, GFP_ATOMIC);
12103 +diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
12104 +index 24aeedb8fc75..68b39e75446a 100644
12105 +--- a/fs/ext4/page-io.c
12106 ++++ b/fs/ext4/page-io.c
12107 +@@ -512,17 +512,26 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
12108 + gfp_t gfp_flags = GFP_NOFS;
12109 + unsigned int enc_bytes = round_up(len, i_blocksize(inode));
12110 +
12111 ++ /*
12112 ++ * Since bounce page allocation uses a mempool, we can only use
12113 ++ * a waiting mask (i.e. request guaranteed allocation) on the
12114 ++ * first page of the bio. Otherwise it can deadlock.
12115 ++ */
12116 ++ if (io->io_bio)
12117 ++ gfp_flags = GFP_NOWAIT | __GFP_NOWARN;
12118 + retry_encrypt:
12119 + bounce_page = fscrypt_encrypt_pagecache_blocks(page, enc_bytes,
12120 + 0, gfp_flags);
12121 + if (IS_ERR(bounce_page)) {
12122 + ret = PTR_ERR(bounce_page);
12123 +- if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
12124 +- if (io->io_bio) {
12125 ++ if (ret == -ENOMEM &&
12126 ++ (io->io_bio || wbc->sync_mode == WB_SYNC_ALL)) {
12127 ++ gfp_flags = GFP_NOFS;
12128 ++ if (io->io_bio)
12129 + ext4_io_submit(io);
12130 +- congestion_wait(BLK_RW_ASYNC, HZ/50);
12131 +- }
12132 +- gfp_flags |= __GFP_NOFAIL;
12133 ++ else
12134 ++ gfp_flags |= __GFP_NOFAIL;
12135 ++ congestion_wait(BLK_RW_ASYNC, HZ/50);
12136 + goto retry_encrypt;
12137 + }
12138 +
12139 +diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
12140 +index c967cacf979e..93b6572cc6bd 100644
12141 +--- a/fs/f2fs/dir.c
12142 ++++ b/fs/f2fs/dir.c
12143 +@@ -1069,24 +1069,27 @@ static int f2fs_d_compare(const struct dentry *dentry, unsigned int len,
12144 + const char *str, const struct qstr *name)
12145 + {
12146 + struct qstr qstr = {.name = str, .len = len };
12147 ++ const struct dentry *parent = READ_ONCE(dentry->d_parent);
12148 ++ const struct inode *inode = READ_ONCE(parent->d_inode);
12149 +
12150 +- if (!IS_CASEFOLDED(dentry->d_parent->d_inode)) {
12151 ++ if (!inode || !IS_CASEFOLDED(inode)) {
12152 + if (len != name->len)
12153 + return -1;
12154 +- return memcmp(str, name, len);
12155 ++ return memcmp(str, name->name, len);
12156 + }
12157 +
12158 +- return f2fs_ci_compare(dentry->d_parent->d_inode, name, &qstr, false);
12159 ++ return f2fs_ci_compare(inode, name, &qstr, false);
12160 + }
12161 +
12162 + static int f2fs_d_hash(const struct dentry *dentry, struct qstr *str)
12163 + {
12164 + struct f2fs_sb_info *sbi = F2FS_SB(dentry->d_sb);
12165 + const struct unicode_map *um = sbi->s_encoding;
12166 ++ const struct inode *inode = READ_ONCE(dentry->d_inode);
12167 + unsigned char *norm;
12168 + int len, ret = 0;
12169 +
12170 +- if (!IS_CASEFOLDED(dentry->d_inode))
12171 ++ if (!inode || !IS_CASEFOLDED(inode))
12172 + return 0;
12173 +
12174 + norm = f2fs_kmalloc(sbi, PATH_MAX, GFP_ATOMIC);
12175 +diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
12176 +index 85af112e868d..13aef5f28fa8 100644
12177 +--- a/fs/f2fs/file.c
12178 ++++ b/fs/f2fs/file.c
12179 +@@ -754,18 +754,12 @@ static void __setattr_copy(struct inode *inode, const struct iattr *attr)
12180 + inode->i_uid = attr->ia_uid;
12181 + if (ia_valid & ATTR_GID)
12182 + inode->i_gid = attr->ia_gid;
12183 +- if (ia_valid & ATTR_ATIME) {
12184 +- inode->i_atime = timestamp_truncate(attr->ia_atime,
12185 +- inode);
12186 +- }
12187 +- if (ia_valid & ATTR_MTIME) {
12188 +- inode->i_mtime = timestamp_truncate(attr->ia_mtime,
12189 +- inode);
12190 +- }
12191 +- if (ia_valid & ATTR_CTIME) {
12192 +- inode->i_ctime = timestamp_truncate(attr->ia_ctime,
12193 +- inode);
12194 +- }
12195 ++ if (ia_valid & ATTR_ATIME)
12196 ++ inode->i_atime = attr->ia_atime;
12197 ++ if (ia_valid & ATTR_MTIME)
12198 ++ inode->i_mtime = attr->ia_mtime;
12199 ++ if (ia_valid & ATTR_CTIME)
12200 ++ inode->i_ctime = attr->ia_ctime;
12201 + if (ia_valid & ATTR_MODE) {
12202 + umode_t mode = attr->ia_mode;
12203 +
12204 +diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
12205 +index 5111e1ffe58a..ac01c3f8863d 100644
12206 +--- a/fs/f2fs/super.c
12207 ++++ b/fs/f2fs/super.c
12208 +@@ -1213,12 +1213,10 @@ static int f2fs_statfs_project(struct super_block *sb,
12209 + return PTR_ERR(dquot);
12210 + spin_lock(&dquot->dq_dqb_lock);
12211 +
12212 +- limit = 0;
12213 +- if (dquot->dq_dqb.dqb_bsoftlimit)
12214 +- limit = dquot->dq_dqb.dqb_bsoftlimit;
12215 +- if (dquot->dq_dqb.dqb_bhardlimit &&
12216 +- (!limit || dquot->dq_dqb.dqb_bhardlimit < limit))
12217 +- limit = dquot->dq_dqb.dqb_bhardlimit;
12218 ++ limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit,
12219 ++ dquot->dq_dqb.dqb_bhardlimit);
12220 ++ if (limit)
12221 ++ limit >>= sb->s_blocksize_bits;
12222 +
12223 + if (limit && buf->f_blocks > limit) {
12224 + curblock = dquot->dq_dqb.dqb_curspace >> sb->s_blocksize_bits;
12225 +@@ -1228,12 +1226,8 @@ static int f2fs_statfs_project(struct super_block *sb,
12226 + (buf->f_blocks - curblock) : 0;
12227 + }
12228 +
12229 +- limit = 0;
12230 +- if (dquot->dq_dqb.dqb_isoftlimit)
12231 +- limit = dquot->dq_dqb.dqb_isoftlimit;
12232 +- if (dquot->dq_dqb.dqb_ihardlimit &&
12233 +- (!limit || dquot->dq_dqb.dqb_ihardlimit < limit))
12234 +- limit = dquot->dq_dqb.dqb_ihardlimit;
12235 ++ limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit,
12236 ++ dquot->dq_dqb.dqb_ihardlimit);
12237 +
12238 + if (limit && buf->f_files > limit) {
12239 + buf->f_files = limit;
12240 +diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
12241 +index 335607b8c5c0..76ac9c7d32ec 100644
12242 +--- a/fs/fs-writeback.c
12243 ++++ b/fs/fs-writeback.c
12244 +@@ -2063,7 +2063,7 @@ void wb_workfn(struct work_struct *work)
12245 + struct bdi_writeback, dwork);
12246 + long pages_written;
12247 +
12248 +- set_worker_desc("flush-%s", dev_name(wb->bdi->dev));
12249 ++ set_worker_desc("flush-%s", bdi_dev_name(wb->bdi));
12250 + current->flags |= PF_SWAPWRITE;
12251 +
12252 + if (likely(!current_is_workqueue_rescuer() ||
12253 +diff --git a/fs/fuse/file.c b/fs/fuse/file.c
12254 +index ce715380143c..695369f46f92 100644
12255 +--- a/fs/fuse/file.c
12256 ++++ b/fs/fuse/file.c
12257 +@@ -1465,6 +1465,7 @@ ssize_t fuse_direct_io(struct fuse_io_priv *io, struct iov_iter *iter,
12258 + }
12259 + ia = NULL;
12260 + if (nres < 0) {
12261 ++ iov_iter_revert(iter, nbytes);
12262 + err = nres;
12263 + break;
12264 + }
12265 +@@ -1473,8 +1474,10 @@ ssize_t fuse_direct_io(struct fuse_io_priv *io, struct iov_iter *iter,
12266 + count -= nres;
12267 + res += nres;
12268 + pos += nres;
12269 +- if (nres != nbytes)
12270 ++ if (nres != nbytes) {
12271 ++ iov_iter_revert(iter, nbytes - nres);
12272 + break;
12273 ++ }
12274 + if (count) {
12275 + max_pages = iov_iter_npages(iter, fc->max_pages);
12276 + ia = fuse_io_alloc(io, max_pages);
12277 +diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c
12278 +index 9d58295ccf7a..cb26be6f4351 100644
12279 +--- a/fs/gfs2/file.c
12280 ++++ b/fs/gfs2/file.c
12281 +@@ -847,7 +847,7 @@ static ssize_t gfs2_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
12282 + struct file *file = iocb->ki_filp;
12283 + struct inode *inode = file_inode(file);
12284 + struct gfs2_inode *ip = GFS2_I(inode);
12285 +- ssize_t written = 0, ret;
12286 ++ ssize_t ret;
12287 +
12288 + ret = gfs2_rsqa_alloc(ip);
12289 + if (ret)
12290 +@@ -867,68 +867,58 @@ static ssize_t gfs2_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
12291 + inode_lock(inode);
12292 + ret = generic_write_checks(iocb, from);
12293 + if (ret <= 0)
12294 +- goto out;
12295 +-
12296 +- /* We can write back this queue in page reclaim */
12297 +- current->backing_dev_info = inode_to_bdi(inode);
12298 ++ goto out_unlock;
12299 +
12300 + ret = file_remove_privs(file);
12301 + if (ret)
12302 +- goto out2;
12303 ++ goto out_unlock;
12304 +
12305 + ret = file_update_time(file);
12306 + if (ret)
12307 +- goto out2;
12308 ++ goto out_unlock;
12309 +
12310 + if (iocb->ki_flags & IOCB_DIRECT) {
12311 + struct address_space *mapping = file->f_mapping;
12312 +- loff_t pos, endbyte;
12313 +- ssize_t buffered;
12314 ++ ssize_t buffered, ret2;
12315 +
12316 +- written = gfs2_file_direct_write(iocb, from);
12317 +- if (written < 0 || !iov_iter_count(from))
12318 +- goto out2;
12319 ++ ret = gfs2_file_direct_write(iocb, from);
12320 ++ if (ret < 0 || !iov_iter_count(from))
12321 ++ goto out_unlock;
12322 +
12323 +- ret = iomap_file_buffered_write(iocb, from, &gfs2_iomap_ops);
12324 +- if (unlikely(ret < 0))
12325 +- goto out2;
12326 +- buffered = ret;
12327 ++ iocb->ki_flags |= IOCB_DSYNC;
12328 ++ current->backing_dev_info = inode_to_bdi(inode);
12329 ++ buffered = iomap_file_buffered_write(iocb, from, &gfs2_iomap_ops);
12330 ++ current->backing_dev_info = NULL;
12331 ++ if (unlikely(buffered <= 0))
12332 ++ goto out_unlock;
12333 +
12334 + /*
12335 + * We need to ensure that the page cache pages are written to
12336 + * disk and invalidated to preserve the expected O_DIRECT
12337 +- * semantics.
12338 ++ * semantics. If the writeback or invalidate fails, only report
12339 ++ * the direct I/O range as we don't know if the buffered pages
12340 ++ * made it to disk.
12341 + */
12342 +- pos = iocb->ki_pos;
12343 +- endbyte = pos + buffered - 1;
12344 +- ret = filemap_write_and_wait_range(mapping, pos, endbyte);
12345 +- if (!ret) {
12346 +- iocb->ki_pos += buffered;
12347 +- written += buffered;
12348 +- invalidate_mapping_pages(mapping,
12349 +- pos >> PAGE_SHIFT,
12350 +- endbyte >> PAGE_SHIFT);
12351 +- } else {
12352 +- /*
12353 +- * We don't know how much we wrote, so just return
12354 +- * the number of bytes which were direct-written
12355 +- */
12356 +- }
12357 ++ iocb->ki_pos += buffered;
12358 ++ ret2 = generic_write_sync(iocb, buffered);
12359 ++ invalidate_mapping_pages(mapping,
12360 ++ (iocb->ki_pos - buffered) >> PAGE_SHIFT,
12361 ++ (iocb->ki_pos - 1) >> PAGE_SHIFT);
12362 ++ if (!ret || ret2 > 0)
12363 ++ ret += ret2;
12364 + } else {
12365 ++ current->backing_dev_info = inode_to_bdi(inode);
12366 + ret = iomap_file_buffered_write(iocb, from, &gfs2_iomap_ops);
12367 +- if (likely(ret > 0))
12368 ++ current->backing_dev_info = NULL;
12369 ++ if (likely(ret > 0)) {
12370 + iocb->ki_pos += ret;
12371 ++ ret = generic_write_sync(iocb, ret);
12372 ++ }
12373 + }
12374 +
12375 +-out2:
12376 +- current->backing_dev_info = NULL;
12377 +-out:
12378 ++out_unlock:
12379 + inode_unlock(inode);
12380 +- if (likely(ret > 0)) {
12381 +- /* Handle various SYNC-type writes */
12382 +- ret = generic_write_sync(iocb, ret);
12383 +- }
12384 +- return written ? written : ret;
12385 ++ return ret;
12386 + }
12387 +
12388 + static int fallocate_chunk(struct inode *inode, loff_t offset, loff_t len,
12389 +diff --git a/fs/gfs2/lops.c b/fs/gfs2/lops.c
12390 +index aa0359b7e2ac..b5cf50719006 100644
12391 +--- a/fs/gfs2/lops.c
12392 ++++ b/fs/gfs2/lops.c
12393 +@@ -422,7 +422,7 @@ static bool gfs2_jhead_pg_srch(struct gfs2_jdesc *jd,
12394 +
12395 + for (offset = 0; offset < PAGE_SIZE; offset += sdp->sd_sb.sb_bsize) {
12396 + if (!__get_log_header(sdp, kaddr + offset, 0, &lh)) {
12397 +- if (lh.lh_sequence > head->lh_sequence)
12398 ++ if (lh.lh_sequence >= head->lh_sequence)
12399 + *head = lh;
12400 + else {
12401 + ret = true;
12402 +diff --git a/fs/io_uring.c b/fs/io_uring.c
12403 +index e54556b0fcc6..f470fb21467e 100644
12404 +--- a/fs/io_uring.c
12405 ++++ b/fs/io_uring.c
12406 +@@ -188,6 +188,7 @@ struct io_ring_ctx {
12407 + bool account_mem;
12408 + bool cq_overflow_flushed;
12409 + bool drain_next;
12410 ++ bool eventfd_async;
12411 +
12412 + /*
12413 + * Ring buffer of indices into array of io_uring_sqe, which is
12414 +@@ -735,16 +736,30 @@ static struct io_uring_cqe *io_get_cqring(struct io_ring_ctx *ctx)
12415 + return &rings->cqes[tail & ctx->cq_mask];
12416 + }
12417 +
12418 +-static void io_cqring_ev_posted(struct io_ring_ctx *ctx)
12419 ++static inline bool io_should_trigger_evfd(struct io_ring_ctx *ctx)
12420 ++{
12421 ++ if (!ctx->cq_ev_fd)
12422 ++ return false;
12423 ++ if (!ctx->eventfd_async)
12424 ++ return true;
12425 ++ return io_wq_current_is_worker() || in_interrupt();
12426 ++}
12427 ++
12428 ++static void __io_cqring_ev_posted(struct io_ring_ctx *ctx, bool trigger_ev)
12429 + {
12430 + if (waitqueue_active(&ctx->wait))
12431 + wake_up(&ctx->wait);
12432 + if (waitqueue_active(&ctx->sqo_wait))
12433 + wake_up(&ctx->sqo_wait);
12434 +- if (ctx->cq_ev_fd)
12435 ++ if (trigger_ev)
12436 + eventfd_signal(ctx->cq_ev_fd, 1);
12437 + }
12438 +
12439 ++static void io_cqring_ev_posted(struct io_ring_ctx *ctx)
12440 ++{
12441 ++ __io_cqring_ev_posted(ctx, io_should_trigger_evfd(ctx));
12442 ++}
12443 ++
12444 + /* Returns true if there are no backlogged entries after the flush */
12445 + static bool io_cqring_overflow_flush(struct io_ring_ctx *ctx, bool force)
12446 + {
12447 +@@ -1789,10 +1804,12 @@ static int io_setup_async_rw(struct io_kiocb *req, ssize_t io_size,
12448 + if (req->opcode == IORING_OP_READ_FIXED ||
12449 + req->opcode == IORING_OP_WRITE_FIXED)
12450 + return 0;
12451 +- if (!req->io && io_alloc_async_ctx(req))
12452 +- return -ENOMEM;
12453 ++ if (!req->io) {
12454 ++ if (io_alloc_async_ctx(req))
12455 ++ return -ENOMEM;
12456 +
12457 +- io_req_map_rw(req, io_size, iovec, fast_iov, iter);
12458 ++ io_req_map_rw(req, io_size, iovec, fast_iov, iter);
12459 ++ }
12460 + req->work.func = io_rw_async;
12461 + return 0;
12462 + }
12463 +@@ -2635,6 +2652,14 @@ static void io_poll_complete_work(struct io_wq_work **workptr)
12464 + io_wq_assign_next(workptr, nxt);
12465 + }
12466 +
12467 ++static void io_poll_trigger_evfd(struct io_wq_work **workptr)
12468 ++{
12469 ++ struct io_kiocb *req = container_of(*workptr, struct io_kiocb, work);
12470 ++
12471 ++ eventfd_signal(req->ctx->cq_ev_fd, 1);
12472 ++ io_put_req(req);
12473 ++}
12474 ++
12475 + static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
12476 + void *key)
12477 + {
12478 +@@ -2657,13 +2682,21 @@ static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
12479 + * for finalizing the request, mark us as having grabbed that already.
12480 + */
12481 + if (mask && spin_trylock_irqsave(&ctx->completion_lock, flags)) {
12482 ++ bool trigger_ev;
12483 ++
12484 + hash_del(&req->hash_node);
12485 + io_poll_complete(req, mask, 0);
12486 +- req->flags |= REQ_F_COMP_LOCKED;
12487 +- io_put_req(req);
12488 ++ trigger_ev = io_should_trigger_evfd(ctx);
12489 ++ if (trigger_ev && eventfd_signal_count()) {
12490 ++ trigger_ev = false;
12491 ++ req->work.func = io_poll_trigger_evfd;
12492 ++ } else {
12493 ++ req->flags |= REQ_F_COMP_LOCKED;
12494 ++ io_put_req(req);
12495 ++ req = NULL;
12496 ++ }
12497 + spin_unlock_irqrestore(&ctx->completion_lock, flags);
12498 +-
12499 +- io_cqring_ev_posted(ctx);
12500 ++ __io_cqring_ev_posted(ctx, trigger_ev);
12501 + } else {
12502 + io_queue_async_work(req);
12503 + }
12504 +@@ -3900,7 +3933,8 @@ static int io_sq_thread(void *data)
12505 + * reap events and wake us up.
12506 + */
12507 + if (inflight ||
12508 +- (!time_after(jiffies, timeout) && ret != -EBUSY)) {
12509 ++ (!time_after(jiffies, timeout) && ret != -EBUSY &&
12510 ++ !percpu_ref_is_dying(&ctx->refs))) {
12511 + cond_resched();
12512 + continue;
12513 + }
12514 +@@ -4981,6 +5015,16 @@ static void io_ring_ctx_wait_and_kill(struct io_ring_ctx *ctx)
12515 + percpu_ref_kill(&ctx->refs);
12516 + mutex_unlock(&ctx->uring_lock);
12517 +
12518 ++ /*
12519 ++ * Wait for sq thread to idle, if we have one. It won't spin on new
12520 ++ * work after we've killed the ctx ref above. This is important to do
12521 ++ * before we cancel existing commands, as the thread could otherwise
12522 ++ * be queueing new work post that. If that's work we need to cancel,
12523 ++ * it could cause shutdown to hang.
12524 ++ */
12525 ++ while (ctx->sqo_thread && !wq_has_sleeper(&ctx->sqo_wait))
12526 ++ cpu_relax();
12527 ++
12528 + io_kill_timeouts(ctx);
12529 + io_poll_remove_all(ctx);
12530 +
12531 +@@ -5473,10 +5517,17 @@ static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode,
12532 + ret = io_sqe_files_update(ctx, arg, nr_args);
12533 + break;
12534 + case IORING_REGISTER_EVENTFD:
12535 ++ case IORING_REGISTER_EVENTFD_ASYNC:
12536 + ret = -EINVAL;
12537 + if (nr_args != 1)
12538 + break;
12539 + ret = io_eventfd_register(ctx, arg);
12540 ++ if (ret)
12541 ++ break;
12542 ++ if (opcode == IORING_REGISTER_EVENTFD_ASYNC)
12543 ++ ctx->eventfd_async = 1;
12544 ++ else
12545 ++ ctx->eventfd_async = 0;
12546 + break;
12547 + case IORING_UNREGISTER_EVENTFD:
12548 + ret = -EINVAL;
12549 +diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
12550 +index 5e408ee24a1a..b3e2433f94fe 100644
12551 +--- a/fs/jbd2/journal.c
12552 ++++ b/fs/jbd2/journal.c
12553 +@@ -982,6 +982,7 @@ static void *jbd2_seq_info_start(struct seq_file *seq, loff_t *pos)
12554 +
12555 + static void *jbd2_seq_info_next(struct seq_file *seq, void *v, loff_t *pos)
12556 + {
12557 ++ (*pos)++;
12558 + return NULL;
12559 + }
12560 +
12561 +diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
12562 +index e180033e35cf..05ed7be8a634 100644
12563 +--- a/fs/nfs/dir.c
12564 ++++ b/fs/nfs/dir.c
12565 +@@ -162,6 +162,17 @@ typedef struct {
12566 + bool eof;
12567 + } nfs_readdir_descriptor_t;
12568 +
12569 ++static
12570 ++void nfs_readdir_init_array(struct page *page)
12571 ++{
12572 ++ struct nfs_cache_array *array;
12573 ++
12574 ++ array = kmap_atomic(page);
12575 ++ memset(array, 0, sizeof(struct nfs_cache_array));
12576 ++ array->eof_index = -1;
12577 ++ kunmap_atomic(array);
12578 ++}
12579 ++
12580 + /*
12581 + * we are freeing strings created by nfs_add_to_readdir_array()
12582 + */
12583 +@@ -174,6 +185,7 @@ void nfs_readdir_clear_array(struct page *page)
12584 + array = kmap_atomic(page);
12585 + for (i = 0; i < array->size; i++)
12586 + kfree(array->array[i].string.name);
12587 ++ array->size = 0;
12588 + kunmap_atomic(array);
12589 + }
12590 +
12591 +@@ -610,6 +622,8 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
12592 + int status = -ENOMEM;
12593 + unsigned int array_size = ARRAY_SIZE(pages);
12594 +
12595 ++ nfs_readdir_init_array(page);
12596 ++
12597 + entry.prev_cookie = 0;
12598 + entry.cookie = desc->last_cookie;
12599 + entry.eof = 0;
12600 +@@ -626,8 +640,6 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
12601 + }
12602 +
12603 + array = kmap(page);
12604 +- memset(array, 0, sizeof(struct nfs_cache_array));
12605 +- array->eof_index = -1;
12606 +
12607 + status = nfs_readdir_alloc_pages(pages, array_size);
12608 + if (status < 0)
12609 +@@ -682,6 +694,7 @@ int nfs_readdir_filler(void *data, struct page* page)
12610 + unlock_page(page);
12611 + return 0;
12612 + error:
12613 ++ nfs_readdir_clear_array(page);
12614 + unlock_page(page);
12615 + return ret;
12616 + }
12617 +@@ -689,8 +702,6 @@ int nfs_readdir_filler(void *data, struct page* page)
12618 + static
12619 + void cache_page_release(nfs_readdir_descriptor_t *desc)
12620 + {
12621 +- if (!desc->page->mapping)
12622 +- nfs_readdir_clear_array(desc->page);
12623 + put_page(desc->page);
12624 + desc->page = NULL;
12625 + }
12626 +@@ -704,19 +715,28 @@ struct page *get_cache_page(nfs_readdir_descriptor_t *desc)
12627 +
12628 + /*
12629 + * Returns 0 if desc->dir_cookie was found on page desc->page_index
12630 ++ * and locks the page to prevent removal from the page cache.
12631 + */
12632 + static
12633 +-int find_cache_page(nfs_readdir_descriptor_t *desc)
12634 ++int find_and_lock_cache_page(nfs_readdir_descriptor_t *desc)
12635 + {
12636 + int res;
12637 +
12638 + desc->page = get_cache_page(desc);
12639 + if (IS_ERR(desc->page))
12640 + return PTR_ERR(desc->page);
12641 +-
12642 +- res = nfs_readdir_search_array(desc);
12643 ++ res = lock_page_killable(desc->page);
12644 + if (res != 0)
12645 +- cache_page_release(desc);
12646 ++ goto error;
12647 ++ res = -EAGAIN;
12648 ++ if (desc->page->mapping != NULL) {
12649 ++ res = nfs_readdir_search_array(desc);
12650 ++ if (res == 0)
12651 ++ return 0;
12652 ++ }
12653 ++ unlock_page(desc->page);
12654 ++error:
12655 ++ cache_page_release(desc);
12656 + return res;
12657 + }
12658 +
12659 +@@ -731,7 +751,7 @@ int readdir_search_pagecache(nfs_readdir_descriptor_t *desc)
12660 + desc->last_cookie = 0;
12661 + }
12662 + do {
12663 +- res = find_cache_page(desc);
12664 ++ res = find_and_lock_cache_page(desc);
12665 + } while (res == -EAGAIN);
12666 + return res;
12667 + }
12668 +@@ -770,7 +790,6 @@ int nfs_do_filldir(nfs_readdir_descriptor_t *desc)
12669 + desc->eof = true;
12670 +
12671 + kunmap(desc->page);
12672 +- cache_page_release(desc);
12673 + dfprintk(DIRCACHE, "NFS: nfs_do_filldir() filling ended @ cookie %Lu; returning = %d\n",
12674 + (unsigned long long)*desc->dir_cookie, res);
12675 + return res;
12676 +@@ -816,13 +835,13 @@ int uncached_readdir(nfs_readdir_descriptor_t *desc)
12677 +
12678 + status = nfs_do_filldir(desc);
12679 +
12680 ++ out_release:
12681 ++ nfs_readdir_clear_array(desc->page);
12682 ++ cache_page_release(desc);
12683 + out:
12684 + dfprintk(DIRCACHE, "NFS: %s: returns %d\n",
12685 + __func__, status);
12686 + return status;
12687 +- out_release:
12688 +- cache_page_release(desc);
12689 +- goto out;
12690 + }
12691 +
12692 + /* The file offset position represents the dirent entry number. A
12693 +@@ -887,6 +906,8 @@ static int nfs_readdir(struct file *file, struct dir_context *ctx)
12694 + break;
12695 +
12696 + res = nfs_do_filldir(desc);
12697 ++ unlock_page(desc->page);
12698 ++ cache_page_release(desc);
12699 + if (res < 0)
12700 + break;
12701 + } while (!desc->eof);
12702 +diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
12703 +index 32a9bf22ac08..0a3e5c2aac4b 100644
12704 +--- a/fs/nfsd/filecache.c
12705 ++++ b/fs/nfsd/filecache.c
12706 +@@ -789,6 +789,7 @@ nfsd_file_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
12707 + struct nfsd_file *nf, *new;
12708 + struct inode *inode;
12709 + unsigned int hashval;
12710 ++ bool retry = true;
12711 +
12712 + /* FIXME: skip this if fh_dentry is already set? */
12713 + status = fh_verify(rqstp, fhp, S_IFREG,
12714 +@@ -824,6 +825,11 @@ wait_for_construction:
12715 +
12716 + /* Did construction of this file fail? */
12717 + if (!test_bit(NFSD_FILE_HASHED, &nf->nf_flags)) {
12718 ++ if (!retry) {
12719 ++ status = nfserr_jukebox;
12720 ++ goto out;
12721 ++ }
12722 ++ retry = false;
12723 + nfsd_file_put_noref(nf);
12724 + goto retry;
12725 + }
12726 +diff --git a/fs/nfsd/nfs4layouts.c b/fs/nfsd/nfs4layouts.c
12727 +index 2681c70283ce..e12409eca7cc 100644
12728 +--- a/fs/nfsd/nfs4layouts.c
12729 ++++ b/fs/nfsd/nfs4layouts.c
12730 +@@ -675,7 +675,7 @@ nfsd4_cb_layout_done(struct nfsd4_callback *cb, struct rpc_task *task)
12731 +
12732 + /* Client gets 2 lease periods to return it */
12733 + cutoff = ktime_add_ns(task->tk_start,
12734 +- nn->nfsd4_lease * NSEC_PER_SEC * 2);
12735 ++ (u64)nn->nfsd4_lease * NSEC_PER_SEC * 2);
12736 +
12737 + if (ktime_before(now, cutoff)) {
12738 + rpc_delay(task, HZ/100); /* 10 mili-seconds */
12739 +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
12740 +index 369e574c5092..e909ca36c255 100644
12741 +--- a/fs/nfsd/nfs4state.c
12742 ++++ b/fs/nfsd/nfs4state.c
12743 +@@ -6550,7 +6550,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
12744 + }
12745 +
12746 + if (fl_flags & FL_SLEEP) {
12747 +- nbl->nbl_time = jiffies;
12748 ++ nbl->nbl_time = get_seconds();
12749 + spin_lock(&nn->blocked_locks_lock);
12750 + list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked);
12751 + list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
12752 +diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h
12753 +index d61b83b9654c..6bd915e4295e 100644
12754 +--- a/fs/nfsd/state.h
12755 ++++ b/fs/nfsd/state.h
12756 +@@ -606,7 +606,7 @@ static inline bool nfsd4_stateid_generation_after(stateid_t *a, stateid_t *b)
12757 + struct nfsd4_blocked_lock {
12758 + struct list_head nbl_list;
12759 + struct list_head nbl_lru;
12760 +- unsigned long nbl_time;
12761 ++ time_t nbl_time;
12762 + struct file_lock nbl_lock;
12763 + struct knfsd_fh nbl_fh;
12764 + struct nfsd4_callback nbl_cb;
12765 +diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
12766 +index c0dc491537a6..f0bca0e87d0c 100644
12767 +--- a/fs/nfsd/vfs.c
12768 ++++ b/fs/nfsd/vfs.c
12769 +@@ -975,6 +975,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
12770 + host_err = vfs_iter_write(file, &iter, &pos, flags);
12771 + if (host_err < 0)
12772 + goto out_nfserr;
12773 ++ *cnt = host_err;
12774 + nfsdstats.io_write += *cnt;
12775 + fsnotify_modify(file);
12776 +
12777 +diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
12778 +index 6c7388430ad3..d4359a1df3d5 100644
12779 +--- a/fs/ntfs/inode.c
12780 ++++ b/fs/ntfs/inode.c
12781 +@@ -2899,18 +2899,12 @@ int ntfs_setattr(struct dentry *dentry, struct iattr *attr)
12782 + ia_valid |= ATTR_MTIME | ATTR_CTIME;
12783 + }
12784 + }
12785 +- if (ia_valid & ATTR_ATIME) {
12786 +- vi->i_atime = timestamp_truncate(attr->ia_atime,
12787 +- vi);
12788 +- }
12789 +- if (ia_valid & ATTR_MTIME) {
12790 +- vi->i_mtime = timestamp_truncate(attr->ia_mtime,
12791 +- vi);
12792 +- }
12793 +- if (ia_valid & ATTR_CTIME) {
12794 +- vi->i_ctime = timestamp_truncate(attr->ia_ctime,
12795 +- vi);
12796 +- }
12797 ++ if (ia_valid & ATTR_ATIME)
12798 ++ vi->i_atime = attr->ia_atime;
12799 ++ if (ia_valid & ATTR_MTIME)
12800 ++ vi->i_mtime = attr->ia_mtime;
12801 ++ if (ia_valid & ATTR_CTIME)
12802 ++ vi->i_ctime = attr->ia_ctime;
12803 + mark_inode_dirty(vi);
12804 + out:
12805 + return err;
12806 +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
12807 +index 9876db52913a..6cd5e4924e4d 100644
12808 +--- a/fs/ocfs2/file.c
12809 ++++ b/fs/ocfs2/file.c
12810 +@@ -2101,17 +2101,15 @@ static int ocfs2_is_io_unaligned(struct inode *inode, size_t count, loff_t pos)
12811 + static int ocfs2_inode_lock_for_extent_tree(struct inode *inode,
12812 + struct buffer_head **di_bh,
12813 + int meta_level,
12814 +- int overwrite_io,
12815 + int write_sem,
12816 + int wait)
12817 + {
12818 + int ret = 0;
12819 +
12820 + if (wait)
12821 +- ret = ocfs2_inode_lock(inode, NULL, meta_level);
12822 ++ ret = ocfs2_inode_lock(inode, di_bh, meta_level);
12823 + else
12824 +- ret = ocfs2_try_inode_lock(inode,
12825 +- overwrite_io ? NULL : di_bh, meta_level);
12826 ++ ret = ocfs2_try_inode_lock(inode, di_bh, meta_level);
12827 + if (ret < 0)
12828 + goto out;
12829 +
12830 +@@ -2136,6 +2134,7 @@ static int ocfs2_inode_lock_for_extent_tree(struct inode *inode,
12831 +
12832 + out_unlock:
12833 + brelse(*di_bh);
12834 ++ *di_bh = NULL;
12835 + ocfs2_inode_unlock(inode, meta_level);
12836 + out:
12837 + return ret;
12838 +@@ -2177,7 +2176,6 @@ static int ocfs2_prepare_inode_for_write(struct file *file,
12839 + ret = ocfs2_inode_lock_for_extent_tree(inode,
12840 + &di_bh,
12841 + meta_level,
12842 +- overwrite_io,
12843 + write_sem,
12844 + wait);
12845 + if (ret < 0) {
12846 +@@ -2233,13 +2231,13 @@ static int ocfs2_prepare_inode_for_write(struct file *file,
12847 + &di_bh,
12848 + meta_level,
12849 + write_sem);
12850 ++ meta_level = 1;
12851 ++ write_sem = 1;
12852 + ret = ocfs2_inode_lock_for_extent_tree(inode,
12853 + &di_bh,
12854 + meta_level,
12855 +- overwrite_io,
12856 +- 1,
12857 ++ write_sem,
12858 + wait);
12859 +- write_sem = 1;
12860 + if (ret < 0) {
12861 + if (ret != -EAGAIN)
12862 + mlog_errno(ret);
12863 +diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
12864 +index e235a635d9ec..15e4fa288475 100644
12865 +--- a/fs/overlayfs/file.c
12866 ++++ b/fs/overlayfs/file.c
12867 +@@ -146,7 +146,7 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence)
12868 + struct inode *inode = file_inode(file);
12869 + struct fd real;
12870 + const struct cred *old_cred;
12871 +- ssize_t ret;
12872 ++ loff_t ret;
12873 +
12874 + /*
12875 + * The two special cases below do not need to involve real fs,
12876 +diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c
12877 +index 47a91c9733a5..7255e6a5838f 100644
12878 +--- a/fs/overlayfs/readdir.c
12879 ++++ b/fs/overlayfs/readdir.c
12880 +@@ -504,7 +504,13 @@ get:
12881 + if (err)
12882 + goto fail;
12883 +
12884 +- WARN_ON_ONCE(dir->d_sb->s_dev != stat.dev);
12885 ++ /*
12886 ++ * Directory inode is always on overlay st_dev.
12887 ++ * Non-dir with ovl_same_dev() could be on pseudo st_dev in case
12888 ++ * of xino bits overflow.
12889 ++ */
12890 ++ WARN_ON_ONCE(S_ISDIR(stat.mode) &&
12891 ++ dir->d_sb->s_dev != stat.dev);
12892 + ino = stat.ino;
12893 + } else if (xinobits && !OVL_TYPE_UPPER(type)) {
12894 + ino = ovl_remap_lower_ino(ino, xinobits,
12895 +diff --git a/fs/read_write.c b/fs/read_write.c
12896 +index 5bbf587f5bc1..7458fccc59e1 100644
12897 +--- a/fs/read_write.c
12898 ++++ b/fs/read_write.c
12899 +@@ -1777,10 +1777,9 @@ static int remap_verify_area(struct file *file, loff_t pos, loff_t len,
12900 + * else. Assume that the offsets have already been checked for block
12901 + * alignment.
12902 + *
12903 +- * For deduplication we always scale down to the previous block because we
12904 +- * can't meaningfully compare post-EOF contents.
12905 +- *
12906 +- * For clone we only link a partial EOF block above the destination file's EOF.
12907 ++ * For clone we only link a partial EOF block above or at the destination file's
12908 ++ * EOF. For deduplication we accept a partial EOF block only if it ends at the
12909 ++ * destination file's EOF (can not link it into the middle of a file).
12910 + *
12911 + * Shorten the request if possible.
12912 + */
12913 +@@ -1796,8 +1795,7 @@ static int generic_remap_check_len(struct inode *inode_in,
12914 + if ((*len & blkmask) == 0)
12915 + return 0;
12916 +
12917 +- if ((remap_flags & REMAP_FILE_DEDUP) ||
12918 +- pos_out + *len < i_size_read(inode_out))
12919 ++ if (pos_out + *len < i_size_read(inode_out))
12920 + new_len &= ~blkmask;
12921 +
12922 + if (new_len == *len)
12923 +diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
12924 +index 0b98e3c8b461..6c0e19f7a21f 100644
12925 +--- a/fs/ubifs/dir.c
12926 ++++ b/fs/ubifs/dir.c
12927 +@@ -228,6 +228,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
12928 + if (nm.hash) {
12929 + ubifs_assert(c, fname_len(&nm) == 0);
12930 + ubifs_assert(c, fname_name(&nm) == NULL);
12931 ++ if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
12932 ++ goto done; /* ENOENT */
12933 + dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
12934 + err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
12935 + } else {
12936 +diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
12937 +index cd52585c8f4f..a771273fba7e 100644
12938 +--- a/fs/ubifs/file.c
12939 ++++ b/fs/ubifs/file.c
12940 +@@ -786,7 +786,9 @@ static int ubifs_do_bulk_read(struct ubifs_info *c, struct bu_info *bu,
12941 +
12942 + if (page_offset > end_index)
12943 + break;
12944 +- page = find_or_create_page(mapping, page_offset, ra_gfp_mask);
12945 ++ page = pagecache_get_page(mapping, page_offset,
12946 ++ FGP_LOCK|FGP_ACCESSED|FGP_CREAT|FGP_NOWAIT,
12947 ++ ra_gfp_mask);
12948 + if (!page)
12949 + break;
12950 + if (!PageUptodate(page))
12951 +@@ -1078,18 +1080,12 @@ static void do_attr_changes(struct inode *inode, const struct iattr *attr)
12952 + inode->i_uid = attr->ia_uid;
12953 + if (attr->ia_valid & ATTR_GID)
12954 + inode->i_gid = attr->ia_gid;
12955 +- if (attr->ia_valid & ATTR_ATIME) {
12956 +- inode->i_atime = timestamp_truncate(attr->ia_atime,
12957 +- inode);
12958 +- }
12959 +- if (attr->ia_valid & ATTR_MTIME) {
12960 +- inode->i_mtime = timestamp_truncate(attr->ia_mtime,
12961 +- inode);
12962 +- }
12963 +- if (attr->ia_valid & ATTR_CTIME) {
12964 +- inode->i_ctime = timestamp_truncate(attr->ia_ctime,
12965 +- inode);
12966 +- }
12967 ++ if (attr->ia_valid & ATTR_ATIME)
12968 ++ inode->i_atime = attr->ia_atime;
12969 ++ if (attr->ia_valid & ATTR_MTIME)
12970 ++ inode->i_mtime = attr->ia_mtime;
12971 ++ if (attr->ia_valid & ATTR_CTIME)
12972 ++ inode->i_ctime = attr->ia_ctime;
12973 + if (attr->ia_valid & ATTR_MODE) {
12974 + umode_t mode = attr->ia_mode;
12975 +
12976 +diff --git a/fs/ubifs/ioctl.c b/fs/ubifs/ioctl.c
12977 +index 5dc5abca11c7..eeb1be259888 100644
12978 +--- a/fs/ubifs/ioctl.c
12979 ++++ b/fs/ubifs/ioctl.c
12980 +@@ -113,7 +113,8 @@ static int setflags(struct inode *inode, int flags)
12981 + if (err)
12982 + goto out_unlock;
12983 +
12984 +- ui->flags = ioctl2ubifs(flags);
12985 ++ ui->flags &= ~ioctl2ubifs(UBIFS_SUPPORTED_IOCTL_FLAGS);
12986 ++ ui->flags |= ioctl2ubifs(flags);
12987 + ubifs_set_inode_flags(inode);
12988 + inode->i_ctime = current_time(inode);
12989 + release = ui->dirty;
12990 +diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c
12991 +index 2b7c04bf8983..17c90dff7266 100644
12992 +--- a/fs/ubifs/sb.c
12993 ++++ b/fs/ubifs/sb.c
12994 +@@ -161,7 +161,7 @@ static int create_default_filesystem(struct ubifs_info *c)
12995 + sup = kzalloc(ALIGN(UBIFS_SB_NODE_SZ, c->min_io_size), GFP_KERNEL);
12996 + mst = kzalloc(c->mst_node_alsz, GFP_KERNEL);
12997 + idx_node_size = ubifs_idx_node_sz(c, 1);
12998 +- idx = kzalloc(ALIGN(tmp, c->min_io_size), GFP_KERNEL);
12999 ++ idx = kzalloc(ALIGN(idx_node_size, c->min_io_size), GFP_KERNEL);
13000 + ino = kzalloc(ALIGN(UBIFS_INO_NODE_SZ, c->min_io_size), GFP_KERNEL);
13001 + cs = kzalloc(ALIGN(UBIFS_CS_NODE_SZ, c->min_io_size), GFP_KERNEL);
13002 +
13003 +diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
13004 +index 5e1e8ec0589e..7fc2f3f07c16 100644
13005 +--- a/fs/ubifs/super.c
13006 ++++ b/fs/ubifs/super.c
13007 +@@ -1599,6 +1599,7 @@ out_free:
13008 + vfree(c->ileb_buf);
13009 + vfree(c->sbuf);
13010 + kfree(c->bottom_up_buf);
13011 ++ kfree(c->sup_node);
13012 + ubifs_debugging_exit(c);
13013 + return err;
13014 + }
13015 +@@ -1641,6 +1642,7 @@ static void ubifs_umount(struct ubifs_info *c)
13016 + vfree(c->ileb_buf);
13017 + vfree(c->sbuf);
13018 + kfree(c->bottom_up_buf);
13019 ++ kfree(c->sup_node);
13020 + ubifs_debugging_exit(c);
13021 + }
13022 +
13023 +diff --git a/fs/utimes.c b/fs/utimes.c
13024 +index c952b6b3d8a0..1d17ce98cb80 100644
13025 +--- a/fs/utimes.c
13026 ++++ b/fs/utimes.c
13027 +@@ -36,14 +36,14 @@ static int utimes_common(const struct path *path, struct timespec64 *times)
13028 + if (times[0].tv_nsec == UTIME_OMIT)
13029 + newattrs.ia_valid &= ~ATTR_ATIME;
13030 + else if (times[0].tv_nsec != UTIME_NOW) {
13031 +- newattrs.ia_atime = timestamp_truncate(times[0], inode);
13032 ++ newattrs.ia_atime = times[0];
13033 + newattrs.ia_valid |= ATTR_ATIME_SET;
13034 + }
13035 +
13036 + if (times[1].tv_nsec == UTIME_OMIT)
13037 + newattrs.ia_valid &= ~ATTR_MTIME;
13038 + else if (times[1].tv_nsec != UTIME_NOW) {
13039 +- newattrs.ia_mtime = timestamp_truncate(times[1], inode);
13040 ++ newattrs.ia_mtime = times[1];
13041 + newattrs.ia_valid |= ATTR_MTIME_SET;
13042 + }
13043 + /*
13044 +diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
13045 +index 2b10036fefd0..9e22ac369d1d 100644
13046 +--- a/include/asm-generic/tlb.h
13047 ++++ b/include/asm-generic/tlb.h
13048 +@@ -137,13 +137,6 @@
13049 + * When used, an architecture is expected to provide __tlb_remove_table()
13050 + * which does the actual freeing of these pages.
13051 + *
13052 +- * HAVE_RCU_TABLE_NO_INVALIDATE
13053 +- *
13054 +- * This makes HAVE_RCU_TABLE_FREE avoid calling tlb_flush_mmu_tlbonly() before
13055 +- * freeing the page-table pages. This can be avoided if you use
13056 +- * HAVE_RCU_TABLE_FREE and your architecture does _NOT_ use the Linux
13057 +- * page-tables natively.
13058 +- *
13059 + * MMU_GATHER_NO_RANGE
13060 + *
13061 + * Use this if your architecture lacks an efficient flush_tlb_range().
13062 +@@ -189,8 +182,23 @@ struct mmu_table_batch {
13063 +
13064 + extern void tlb_remove_table(struct mmu_gather *tlb, void *table);
13065 +
13066 ++/*
13067 ++ * This allows an architecture that does not use the linux page-tables for
13068 ++ * hardware to skip the TLBI when freeing page tables.
13069 ++ */
13070 ++#ifndef tlb_needs_table_invalidate
13071 ++#define tlb_needs_table_invalidate() (true)
13072 ++#endif
13073 ++
13074 ++#else
13075 ++
13076 ++#ifdef tlb_needs_table_invalidate
13077 ++#error tlb_needs_table_invalidate() requires HAVE_RCU_TABLE_FREE
13078 + #endif
13079 +
13080 ++#endif /* CONFIG_HAVE_RCU_TABLE_FREE */
13081 ++
13082 ++
13083 + #ifndef CONFIG_HAVE_MMU_GATHER_NO_GATHER
13084 + /*
13085 + * If we can't allocate a page to make a big batch of page pointers
13086 +diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
13087 +index 97967ce06de3..f88197c1ffc2 100644
13088 +--- a/include/linux/backing-dev.h
13089 ++++ b/include/linux/backing-dev.h
13090 +@@ -13,6 +13,7 @@
13091 + #include <linux/fs.h>
13092 + #include <linux/sched.h>
13093 + #include <linux/blkdev.h>
13094 ++#include <linux/device.h>
13095 + #include <linux/writeback.h>
13096 + #include <linux/blk-cgroup.h>
13097 + #include <linux/backing-dev-defs.h>
13098 +@@ -504,4 +505,13 @@ static inline int bdi_rw_congested(struct backing_dev_info *bdi)
13099 + (1 << WB_async_congested));
13100 + }
13101 +
13102 ++extern const char *bdi_unknown_name;
13103 ++
13104 ++static inline const char *bdi_dev_name(struct backing_dev_info *bdi)
13105 ++{
13106 ++ if (!bdi || !bdi->dev)
13107 ++ return bdi_unknown_name;
13108 ++ return dev_name(bdi->dev);
13109 ++}
13110 ++
13111 + #endif /* _LINUX_BACKING_DEV_H */
13112 +diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
13113 +index 31b1b0e03df8..018dce868de6 100644
13114 +--- a/include/linux/cpufreq.h
13115 ++++ b/include/linux/cpufreq.h
13116 +@@ -148,6 +148,20 @@ struct cpufreq_policy {
13117 + struct notifier_block nb_max;
13118 + };
13119 +
13120 ++/*
13121 ++ * Used for passing new cpufreq policy data to the cpufreq driver's ->verify()
13122 ++ * callback for sanitization. That callback is only expected to modify the min
13123 ++ * and max values, if necessary, and specifically it must not update the
13124 ++ * frequency table.
13125 ++ */
13126 ++struct cpufreq_policy_data {
13127 ++ struct cpufreq_cpuinfo cpuinfo;
13128 ++ struct cpufreq_frequency_table *freq_table;
13129 ++ unsigned int cpu;
13130 ++ unsigned int min; /* in kHz */
13131 ++ unsigned int max; /* in kHz */
13132 ++};
13133 ++
13134 + struct cpufreq_freqs {
13135 + struct cpufreq_policy *policy;
13136 + unsigned int old;
13137 +@@ -201,8 +215,6 @@ u64 get_cpu_idle_time(unsigned int cpu, u64 *wall, int io_busy);
13138 + struct cpufreq_policy *cpufreq_cpu_acquire(unsigned int cpu);
13139 + void cpufreq_cpu_release(struct cpufreq_policy *policy);
13140 + int cpufreq_get_policy(struct cpufreq_policy *policy, unsigned int cpu);
13141 +-int cpufreq_set_policy(struct cpufreq_policy *policy,
13142 +- struct cpufreq_policy *new_policy);
13143 + void refresh_frequency_limits(struct cpufreq_policy *policy);
13144 + void cpufreq_update_policy(unsigned int cpu);
13145 + void cpufreq_update_limits(unsigned int cpu);
13146 +@@ -284,7 +296,7 @@ struct cpufreq_driver {
13147 +
13148 + /* needed by all drivers */
13149 + int (*init)(struct cpufreq_policy *policy);
13150 +- int (*verify)(struct cpufreq_policy *policy);
13151 ++ int (*verify)(struct cpufreq_policy_data *policy);
13152 +
13153 + /* define one out of two */
13154 + int (*setpolicy)(struct cpufreq_policy *policy);
13155 +@@ -415,8 +427,9 @@ static inline int cpufreq_thermal_control_enabled(struct cpufreq_driver *drv)
13156 + (drv->flags & CPUFREQ_IS_COOLING_DEV);
13157 + }
13158 +
13159 +-static inline void cpufreq_verify_within_limits(struct cpufreq_policy *policy,
13160 +- unsigned int min, unsigned int max)
13161 ++static inline void cpufreq_verify_within_limits(struct cpufreq_policy_data *policy,
13162 ++ unsigned int min,
13163 ++ unsigned int max)
13164 + {
13165 + if (policy->min < min)
13166 + policy->min = min;
13167 +@@ -432,10 +445,10 @@ static inline void cpufreq_verify_within_limits(struct cpufreq_policy *policy,
13168 + }
13169 +
13170 + static inline void
13171 +-cpufreq_verify_within_cpu_limits(struct cpufreq_policy *policy)
13172 ++cpufreq_verify_within_cpu_limits(struct cpufreq_policy_data *policy)
13173 + {
13174 + cpufreq_verify_within_limits(policy, policy->cpuinfo.min_freq,
13175 +- policy->cpuinfo.max_freq);
13176 ++ policy->cpuinfo.max_freq);
13177 + }
13178 +
13179 + #ifdef CONFIG_CPU_FREQ
13180 +@@ -513,6 +526,7 @@ static inline unsigned long cpufreq_scale(unsigned long old, u_int div,
13181 + * CPUFREQ GOVERNORS *
13182 + *********************************************************************/
13183 +
13184 ++#define CPUFREQ_POLICY_UNKNOWN (0)
13185 + /*
13186 + * If (cpufreq_driver->target) exists, the ->governor decides what frequency
13187 + * within the limits is used. If (cpufreq_driver->setpolicy> exists, these
13188 +@@ -684,9 +698,9 @@ static inline void dev_pm_opp_free_cpufreq_table(struct device *dev,
13189 + int cpufreq_frequency_table_cpuinfo(struct cpufreq_policy *policy,
13190 + struct cpufreq_frequency_table *table);
13191 +
13192 +-int cpufreq_frequency_table_verify(struct cpufreq_policy *policy,
13193 ++int cpufreq_frequency_table_verify(struct cpufreq_policy_data *policy,
13194 + struct cpufreq_frequency_table *table);
13195 +-int cpufreq_generic_frequency_table_verify(struct cpufreq_policy *policy);
13196 ++int cpufreq_generic_frequency_table_verify(struct cpufreq_policy_data *policy);
13197 +
13198 + int cpufreq_table_index_unsorted(struct cpufreq_policy *policy,
13199 + unsigned int target_freq,
13200 +diff --git a/include/linux/eventfd.h b/include/linux/eventfd.h
13201 +index ffcc7724ca21..dc4fd8a6644d 100644
13202 +--- a/include/linux/eventfd.h
13203 ++++ b/include/linux/eventfd.h
13204 +@@ -12,6 +12,8 @@
13205 + #include <linux/fcntl.h>
13206 + #include <linux/wait.h>
13207 + #include <linux/err.h>
13208 ++#include <linux/percpu-defs.h>
13209 ++#include <linux/percpu.h>
13210 +
13211 + /*
13212 + * CAREFUL: Check include/uapi/asm-generic/fcntl.h when defining
13213 +@@ -40,6 +42,13 @@ __u64 eventfd_signal(struct eventfd_ctx *ctx, __u64 n);
13214 + int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx, wait_queue_entry_t *wait,
13215 + __u64 *cnt);
13216 +
13217 ++DECLARE_PER_CPU(int, eventfd_wake_count);
13218 ++
13219 ++static inline bool eventfd_signal_count(void)
13220 ++{
13221 ++ return this_cpu_read(eventfd_wake_count);
13222 ++}
13223 ++
13224 + #else /* CONFIG_EVENTFD */
13225 +
13226 + /*
13227 +@@ -68,6 +77,11 @@ static inline int eventfd_ctx_remove_wait_queue(struct eventfd_ctx *ctx,
13228 + return -ENOSYS;
13229 + }
13230 +
13231 ++static inline bool eventfd_signal_count(void)
13232 ++{
13233 ++ return false;
13234 ++}
13235 ++
13236 + #endif
13237 +
13238 + #endif /* _LINUX_EVENTFD_H */
13239 +diff --git a/include/linux/irq.h b/include/linux/irq.h
13240 +index 7853eb9301f2..3ed5a055b5f4 100644
13241 +--- a/include/linux/irq.h
13242 ++++ b/include/linux/irq.h
13243 +@@ -209,6 +209,8 @@ struct irq_data {
13244 + * IRQD_SINGLE_TARGET - IRQ allows only a single affinity target
13245 + * IRQD_DEFAULT_TRIGGER_SET - Expected trigger already been set
13246 + * IRQD_CAN_RESERVE - Can use reservation mode
13247 ++ * IRQD_MSI_NOMASK_QUIRK - Non-maskable MSI quirk for affinity change
13248 ++ * required
13249 + */
13250 + enum {
13251 + IRQD_TRIGGER_MASK = 0xf,
13252 +@@ -231,6 +233,7 @@ enum {
13253 + IRQD_SINGLE_TARGET = (1 << 24),
13254 + IRQD_DEFAULT_TRIGGER_SET = (1 << 25),
13255 + IRQD_CAN_RESERVE = (1 << 26),
13256 ++ IRQD_MSI_NOMASK_QUIRK = (1 << 27),
13257 + };
13258 +
13259 + #define __irqd_to_state(d) ACCESS_PRIVATE((d)->common, state_use_accessors)
13260 +@@ -390,6 +393,21 @@ static inline bool irqd_can_reserve(struct irq_data *d)
13261 + return __irqd_to_state(d) & IRQD_CAN_RESERVE;
13262 + }
13263 +
13264 ++static inline void irqd_set_msi_nomask_quirk(struct irq_data *d)
13265 ++{
13266 ++ __irqd_to_state(d) |= IRQD_MSI_NOMASK_QUIRK;
13267 ++}
13268 ++
13269 ++static inline void irqd_clr_msi_nomask_quirk(struct irq_data *d)
13270 ++{
13271 ++ __irqd_to_state(d) &= ~IRQD_MSI_NOMASK_QUIRK;
13272 ++}
13273 ++
13274 ++static inline bool irqd_msi_nomask_quirk(struct irq_data *d)
13275 ++{
13276 ++ return __irqd_to_state(d) & IRQD_MSI_NOMASK_QUIRK;
13277 ++}
13278 ++
13279 + #undef __irqd_to_state
13280 +
13281 + static inline irq_hw_number_t irqd_to_hwirq(struct irq_data *d)
13282 +diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
13283 +index 3c340dbc5a1f..4da8df57618a 100644
13284 +--- a/include/linux/irqdomain.h
13285 ++++ b/include/linux/irqdomain.h
13286 +@@ -206,6 +206,13 @@ enum {
13287 + /* Irq domain implements MSI remapping */
13288 + IRQ_DOMAIN_FLAG_MSI_REMAP = (1 << 5),
13289 +
13290 ++ /*
13291 ++ * Quirk to handle MSI implementations which do not provide
13292 ++ * masking. Currently known to affect x86, but partially
13293 ++ * handled in core code.
13294 ++ */
13295 ++ IRQ_DOMAIN_MSI_NOMASK_QUIRK = (1 << 6),
13296 ++
13297 + /*
13298 + * Flags starting from IRQ_DOMAIN_FLAG_NONCORE are reserved
13299 + * for implementation specific purposes and ignored by the
13300 +diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
13301 +index 538c25e778c0..eacb8c48e768 100644
13302 +--- a/include/linux/kvm_host.h
13303 ++++ b/include/linux/kvm_host.h
13304 +@@ -204,7 +204,7 @@ struct kvm_async_pf {
13305 + struct list_head queue;
13306 + struct kvm_vcpu *vcpu;
13307 + struct mm_struct *mm;
13308 +- gva_t gva;
13309 ++ gpa_t cr2_or_gpa;
13310 + unsigned long addr;
13311 + struct kvm_arch_async_pf arch;
13312 + bool wakeup_all;
13313 +@@ -212,8 +212,8 @@ struct kvm_async_pf {
13314 +
13315 + void kvm_clear_async_pf_completion_queue(struct kvm_vcpu *vcpu);
13316 + void kvm_check_async_pf_completion(struct kvm_vcpu *vcpu);
13317 +-int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, unsigned long hva,
13318 +- struct kvm_arch_async_pf *arch);
13319 ++int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
13320 ++ unsigned long hva, struct kvm_arch_async_pf *arch);
13321 + int kvm_async_pf_wakeup_all(struct kvm_vcpu *vcpu);
13322 + #endif
13323 +
13324 +@@ -723,6 +723,7 @@ void kvm_set_pfn_dirty(kvm_pfn_t pfn);
13325 + void kvm_set_pfn_accessed(kvm_pfn_t pfn);
13326 + void kvm_get_pfn(kvm_pfn_t pfn);
13327 +
13328 ++void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache);
13329 + int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
13330 + int len);
13331 + int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
13332 +@@ -767,7 +768,7 @@ int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
13333 + int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len);
13334 + struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
13335 + bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
13336 +-unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn);
13337 ++unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn);
13338 + void mark_page_dirty(struct kvm *kvm, gfn_t gfn);
13339 +
13340 + struct kvm_memslots *kvm_vcpu_memslots(struct kvm_vcpu *vcpu);
13341 +@@ -775,8 +776,12 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn
13342 + kvm_pfn_t kvm_vcpu_gfn_to_pfn_atomic(struct kvm_vcpu *vcpu, gfn_t gfn);
13343 + kvm_pfn_t kvm_vcpu_gfn_to_pfn(struct kvm_vcpu *vcpu, gfn_t gfn);
13344 + int kvm_vcpu_map(struct kvm_vcpu *vcpu, gpa_t gpa, struct kvm_host_map *map);
13345 ++int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map,
13346 ++ struct gfn_to_pfn_cache *cache, bool atomic);
13347 + struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn);
13348 + void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty);
13349 ++int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
13350 ++ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic);
13351 + unsigned long kvm_vcpu_gfn_to_hva(struct kvm_vcpu *vcpu, gfn_t gfn);
13352 + unsigned long kvm_vcpu_gfn_to_hva_prot(struct kvm_vcpu *vcpu, gfn_t gfn, bool *writable);
13353 + int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, int offset,
13354 +diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h
13355 +index 1c88e69db3d9..68e84cf42a3f 100644
13356 +--- a/include/linux/kvm_types.h
13357 ++++ b/include/linux/kvm_types.h
13358 +@@ -18,7 +18,7 @@ struct kvm_memslots;
13359 +
13360 + enum kvm_mr_change;
13361 +
13362 +-#include <asm/types.h>
13363 ++#include <linux/types.h>
13364 +
13365 + /*
13366 + * Address types:
13367 +@@ -51,4 +51,11 @@ struct gfn_to_hva_cache {
13368 + struct kvm_memory_slot *memslot;
13369 + };
13370 +
13371 ++struct gfn_to_pfn_cache {
13372 ++ u64 generation;
13373 ++ gfn_t gfn;
13374 ++ kvm_pfn_t pfn;
13375 ++ bool dirty;
13376 ++};
13377 ++
13378 + #endif /* __KVM_TYPES_H__ */
13379 +diff --git a/include/linux/mfd/rohm-bd70528.h b/include/linux/mfd/rohm-bd70528.h
13380 +index 1013e60c5b25..b0109ee6dae2 100644
13381 +--- a/include/linux/mfd/rohm-bd70528.h
13382 ++++ b/include/linux/mfd/rohm-bd70528.h
13383 +@@ -317,7 +317,7 @@ enum {
13384 + #define BD70528_MASK_RTC_MINUTE 0x7f
13385 + #define BD70528_MASK_RTC_HOUR_24H 0x80
13386 + #define BD70528_MASK_RTC_HOUR_PM 0x20
13387 +-#define BD70528_MASK_RTC_HOUR 0x1f
13388 ++#define BD70528_MASK_RTC_HOUR 0x3f
13389 + #define BD70528_MASK_RTC_DAY 0x3f
13390 + #define BD70528_MASK_RTC_WEEK 0x07
13391 + #define BD70528_MASK_RTC_MONTH 0x1f
13392 +diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h
13393 +index 5d54fccf87fc..56f124a6eccb 100644
13394 +--- a/include/linux/mlx5/mlx5_ifc.h
13395 ++++ b/include/linux/mlx5/mlx5_ifc.h
13396 +@@ -1418,14 +1418,15 @@ struct mlx5_ifc_cmd_hca_cap_bits {
13397 +
13398 + u8 reserved_at_440[0x20];
13399 +
13400 +- u8 tls[0x1];
13401 +- u8 reserved_at_461[0x2];
13402 ++ u8 reserved_at_460[0x3];
13403 + u8 log_max_uctx[0x5];
13404 + u8 reserved_at_468[0x3];
13405 + u8 log_max_umem[0x5];
13406 + u8 max_num_eqs[0x10];
13407 +
13408 +- u8 reserved_at_480[0x3];
13409 ++ u8 reserved_at_480[0x1];
13410 ++ u8 tls_tx[0x1];
13411 ++ u8 reserved_at_482[0x1];
13412 + u8 log_max_l2_table[0x5];
13413 + u8 reserved_at_488[0x8];
13414 + u8 log_uar_page_sz[0x10];
13415 +diff --git a/include/linux/padata.h b/include/linux/padata.h
13416 +index 23717eeaad23..cccab7a59787 100644
13417 +--- a/include/linux/padata.h
13418 ++++ b/include/linux/padata.h
13419 +@@ -9,6 +9,7 @@
13420 + #ifndef PADATA_H
13421 + #define PADATA_H
13422 +
13423 ++#include <linux/compiler_types.h>
13424 + #include <linux/workqueue.h>
13425 + #include <linux/spinlock.h>
13426 + #include <linux/list.h>
13427 +@@ -98,7 +99,7 @@ struct padata_cpumask {
13428 + * struct parallel_data - Internal control structure, covers everything
13429 + * that depends on the cpumask in use.
13430 + *
13431 +- * @pinst: padata instance.
13432 ++ * @sh: padata_shell object.
13433 + * @pqueue: percpu padata queues used for parallelization.
13434 + * @squeue: percpu padata queues used for serialuzation.
13435 + * @reorder_objects: Number of objects waiting in the reorder queues.
13436 +@@ -111,7 +112,7 @@ struct padata_cpumask {
13437 + * @lock: Reorder lock.
13438 + */
13439 + struct parallel_data {
13440 +- struct padata_instance *pinst;
13441 ++ struct padata_shell *ps;
13442 + struct padata_parallel_queue __percpu *pqueue;
13443 + struct padata_serial_queue __percpu *squeue;
13444 + atomic_t reorder_objects;
13445 +@@ -124,14 +125,33 @@ struct parallel_data {
13446 + spinlock_t lock ____cacheline_aligned;
13447 + };
13448 +
13449 ++/**
13450 ++ * struct padata_shell - Wrapper around struct parallel_data, its
13451 ++ * purpose is to allow the underlying control structure to be replaced
13452 ++ * on the fly using RCU.
13453 ++ *
13454 ++ * @pinst: padat instance.
13455 ++ * @pd: Actual parallel_data structure which may be substituted on the fly.
13456 ++ * @opd: Pointer to old pd to be freed by padata_replace.
13457 ++ * @list: List entry in padata_instance list.
13458 ++ */
13459 ++struct padata_shell {
13460 ++ struct padata_instance *pinst;
13461 ++ struct parallel_data __rcu *pd;
13462 ++ struct parallel_data *opd;
13463 ++ struct list_head list;
13464 ++};
13465 ++
13466 + /**
13467 + * struct padata_instance - The overall control structure.
13468 + *
13469 + * @cpu_notifier: cpu hotplug notifier.
13470 + * @parallel_wq: The workqueue used for parallel work.
13471 + * @serial_wq: The workqueue used for serial work.
13472 +- * @pd: The internal control structure.
13473 ++ * @pslist: List of padata_shell objects attached to this instance.
13474 + * @cpumask: User supplied cpumasks for parallel and serial works.
13475 ++ * @rcpumask: Actual cpumasks based on user cpumask and cpu_online_mask.
13476 ++ * @omask: Temporary storage used to compute the notification mask.
13477 + * @cpumask_change_notifier: Notifiers chain for user-defined notify
13478 + * callbacks that will be called when either @pcpu or @cbcpu
13479 + * or both cpumasks change.
13480 +@@ -143,8 +163,10 @@ struct padata_instance {
13481 + struct hlist_node node;
13482 + struct workqueue_struct *parallel_wq;
13483 + struct workqueue_struct *serial_wq;
13484 +- struct parallel_data *pd;
13485 ++ struct list_head pslist;
13486 + struct padata_cpumask cpumask;
13487 ++ struct padata_cpumask rcpumask;
13488 ++ cpumask_var_t omask;
13489 + struct blocking_notifier_head cpumask_change_notifier;
13490 + struct kobject kobj;
13491 + struct mutex lock;
13492 +@@ -156,7 +178,9 @@ struct padata_instance {
13493 +
13494 + extern struct padata_instance *padata_alloc_possible(const char *name);
13495 + extern void padata_free(struct padata_instance *pinst);
13496 +-extern int padata_do_parallel(struct padata_instance *pinst,
13497 ++extern struct padata_shell *padata_alloc_shell(struct padata_instance *pinst);
13498 ++extern void padata_free_shell(struct padata_shell *ps);
13499 ++extern int padata_do_parallel(struct padata_shell *ps,
13500 + struct padata_priv *padata, int *cb_cpu);
13501 + extern void padata_do_serial(struct padata_priv *padata);
13502 + extern int padata_set_cpumask(struct padata_instance *pinst, int cpumask_type,
13503 +diff --git a/include/linux/percpu-defs.h b/include/linux/percpu-defs.h
13504 +index a6fabd865211..176bfbd52d97 100644
13505 +--- a/include/linux/percpu-defs.h
13506 ++++ b/include/linux/percpu-defs.h
13507 +@@ -175,8 +175,7 @@
13508 + * Declaration/definition used for per-CPU variables that should be accessed
13509 + * as decrypted when memory encryption is enabled in the guest.
13510 + */
13511 +-#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT)
13512 +-
13513 ++#ifdef CONFIG_AMD_MEM_ENCRYPT
13514 + #define DECLARE_PER_CPU_DECRYPTED(type, name) \
13515 + DECLARE_PER_CPU_SECTION(type, name, "..decrypted")
13516 +
13517 +diff --git a/include/linux/regulator/consumer.h b/include/linux/regulator/consumer.h
13518 +index 337a46391527..6a92fd3105a3 100644
13519 +--- a/include/linux/regulator/consumer.h
13520 ++++ b/include/linux/regulator/consumer.h
13521 +@@ -287,6 +287,8 @@ void regulator_bulk_set_supply_names(struct regulator_bulk_data *consumers,
13522 + const char *const *supply_names,
13523 + unsigned int num_supplies);
13524 +
13525 ++bool regulator_is_equal(struct regulator *reg1, struct regulator *reg2);
13526 ++
13527 + #else
13528 +
13529 + /*
13530 +@@ -593,6 +595,11 @@ regulator_bulk_set_supply_names(struct regulator_bulk_data *consumers,
13531 + {
13532 + }
13533 +
13534 ++static inline bool
13535 ++regulator_is_equal(struct regulator *reg1, struct regulator *reg2)
13536 ++{
13537 ++ return false;
13538 ++}
13539 + #endif
13540 +
13541 + static inline int regulator_set_voltage_triplet(struct regulator *regulator,
13542 +diff --git a/include/media/v4l2-rect.h b/include/media/v4l2-rect.h
13543 +index c86474dc7b55..8800a640c224 100644
13544 +--- a/include/media/v4l2-rect.h
13545 ++++ b/include/media/v4l2-rect.h
13546 +@@ -63,10 +63,10 @@ static inline void v4l2_rect_map_inside(struct v4l2_rect *r,
13547 + r->left = boundary->left;
13548 + if (r->top < boundary->top)
13549 + r->top = boundary->top;
13550 +- if (r->left + r->width > boundary->width)
13551 +- r->left = boundary->width - r->width;
13552 +- if (r->top + r->height > boundary->height)
13553 +- r->top = boundary->height - r->height;
13554 ++ if (r->left + r->width > boundary->left + boundary->width)
13555 ++ r->left = boundary->left + boundary->width - r->width;
13556 ++ if (r->top + r->height > boundary->top + boundary->height)
13557 ++ r->top = boundary->top + boundary->height - r->height;
13558 + }
13559 +
13560 + /**
13561 +diff --git a/include/net/ipx.h b/include/net/ipx.h
13562 +index baf090390998..9d1342807b59 100644
13563 +--- a/include/net/ipx.h
13564 ++++ b/include/net/ipx.h
13565 +@@ -47,11 +47,6 @@ struct ipxhdr {
13566 + /* From af_ipx.c */
13567 + extern int sysctl_ipx_pprop_broadcasting;
13568 +
13569 +-static __inline__ struct ipxhdr *ipx_hdr(struct sk_buff *skb)
13570 +-{
13571 +- return (struct ipxhdr *)skb_transport_header(skb);
13572 +-}
13573 +-
13574 + struct ipx_interface {
13575 + /* IPX address */
13576 + __be32 if_netnum;
13577 +diff --git a/include/scsi/sg.h b/include/scsi/sg.h
13578 +index f91bcca604e4..29c7ad04d2e2 100644
13579 +--- a/include/scsi/sg.h
13580 ++++ b/include/scsi/sg.h
13581 +@@ -68,6 +68,36 @@ typedef struct sg_io_hdr
13582 + unsigned int info; /* [o] auxiliary information */
13583 + } sg_io_hdr_t; /* 64 bytes long (on i386) */
13584 +
13585 ++#if defined(__KERNEL__)
13586 ++#include <linux/compat.h>
13587 ++
13588 ++struct compat_sg_io_hdr {
13589 ++ compat_int_t interface_id; /* [i] 'S' for SCSI generic (required) */
13590 ++ compat_int_t dxfer_direction; /* [i] data transfer direction */
13591 ++ unsigned char cmd_len; /* [i] SCSI command length ( <= 16 bytes) */
13592 ++ unsigned char mx_sb_len; /* [i] max length to write to sbp */
13593 ++ unsigned short iovec_count; /* [i] 0 implies no scatter gather */
13594 ++ compat_uint_t dxfer_len; /* [i] byte count of data transfer */
13595 ++ compat_uint_t dxferp; /* [i], [*io] points to data transfer memory
13596 ++ or scatter gather list */
13597 ++ compat_uptr_t cmdp; /* [i], [*i] points to command to perform */
13598 ++ compat_uptr_t sbp; /* [i], [*o] points to sense_buffer memory */
13599 ++ compat_uint_t timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */
13600 ++ compat_uint_t flags; /* [i] 0 -> default, see SG_FLAG... */
13601 ++ compat_int_t pack_id; /* [i->o] unused internally (normally) */
13602 ++ compat_uptr_t usr_ptr; /* [i->o] unused internally */
13603 ++ unsigned char status; /* [o] scsi status */
13604 ++ unsigned char masked_status; /* [o] shifted, masked scsi status */
13605 ++ unsigned char msg_status; /* [o] messaging level data (optional) */
13606 ++ unsigned char sb_len_wr; /* [o] byte count actually written to sbp */
13607 ++ unsigned short host_status; /* [o] errors from host adapter */
13608 ++ unsigned short driver_status; /* [o] errors from software driver */
13609 ++ compat_int_t resid; /* [o] dxfer_len - actual_transferred */
13610 ++ compat_uint_t duration; /* [o] time taken by cmd (unit: millisec) */
13611 ++ compat_uint_t info; /* [o] auxiliary information */
13612 ++};
13613 ++#endif
13614 ++
13615 + #define SG_INTERFACE_ID_ORIG 'S'
13616 +
13617 + /* Use negative values to flag difference from original sg_header structure */
13618 +diff --git a/include/sound/hdaudio.h b/include/sound/hdaudio.h
13619 +index e05b95e83d5a..fb9dce4c6928 100644
13620 +--- a/include/sound/hdaudio.h
13621 ++++ b/include/sound/hdaudio.h
13622 +@@ -8,6 +8,7 @@
13623 +
13624 + #include <linux/device.h>
13625 + #include <linux/interrupt.h>
13626 ++#include <linux/io.h>
13627 + #include <linux/pm_runtime.h>
13628 + #include <linux/timecounter.h>
13629 + #include <sound/core.h>
13630 +@@ -330,6 +331,7 @@ struct hdac_bus {
13631 + bool chip_init:1; /* h/w initialized */
13632 +
13633 + /* behavior flags */
13634 ++ bool aligned_mmio:1; /* aligned MMIO access */
13635 + bool sync_write:1; /* sync after verb write */
13636 + bool use_posbuf:1; /* use position buffer */
13637 + bool snoop:1; /* enable snooping */
13638 +@@ -405,34 +407,61 @@ void snd_hdac_bus_free_stream_pages(struct hdac_bus *bus);
13639 + unsigned int snd_hdac_aligned_read(void __iomem *addr, unsigned int mask);
13640 + void snd_hdac_aligned_write(unsigned int val, void __iomem *addr,
13641 + unsigned int mask);
13642 +-#define snd_hdac_reg_writeb(v, addr) snd_hdac_aligned_write(v, addr, 0xff)
13643 +-#define snd_hdac_reg_writew(v, addr) snd_hdac_aligned_write(v, addr, 0xffff)
13644 +-#define snd_hdac_reg_readb(addr) snd_hdac_aligned_read(addr, 0xff)
13645 +-#define snd_hdac_reg_readw(addr) snd_hdac_aligned_read(addr, 0xffff)
13646 +-#else /* CONFIG_SND_HDA_ALIGNED_MMIO */
13647 +-#define snd_hdac_reg_writeb(val, addr) writeb(val, addr)
13648 +-#define snd_hdac_reg_writew(val, addr) writew(val, addr)
13649 +-#define snd_hdac_reg_readb(addr) readb(addr)
13650 +-#define snd_hdac_reg_readw(addr) readw(addr)
13651 +-#endif /* CONFIG_SND_HDA_ALIGNED_MMIO */
13652 +-#define snd_hdac_reg_writel(val, addr) writel(val, addr)
13653 +-#define snd_hdac_reg_readl(addr) readl(addr)
13654 ++#define snd_hdac_aligned_mmio(bus) (bus)->aligned_mmio
13655 ++#else
13656 ++#define snd_hdac_aligned_mmio(bus) false
13657 ++#define snd_hdac_aligned_read(addr, mask) 0
13658 ++#define snd_hdac_aligned_write(val, addr, mask) do {} while (0)
13659 ++#endif
13660 ++
13661 ++static inline void snd_hdac_reg_writeb(struct hdac_bus *bus, void __iomem *addr,
13662 ++ u8 val)
13663 ++{
13664 ++ if (snd_hdac_aligned_mmio(bus))
13665 ++ snd_hdac_aligned_write(val, addr, 0xff);
13666 ++ else
13667 ++ writeb(val, addr);
13668 ++}
13669 ++
13670 ++static inline void snd_hdac_reg_writew(struct hdac_bus *bus, void __iomem *addr,
13671 ++ u16 val)
13672 ++{
13673 ++ if (snd_hdac_aligned_mmio(bus))
13674 ++ snd_hdac_aligned_write(val, addr, 0xffff);
13675 ++ else
13676 ++ writew(val, addr);
13677 ++}
13678 ++
13679 ++static inline u8 snd_hdac_reg_readb(struct hdac_bus *bus, void __iomem *addr)
13680 ++{
13681 ++ return snd_hdac_aligned_mmio(bus) ?
13682 ++ snd_hdac_aligned_read(addr, 0xff) : readb(addr);
13683 ++}
13684 ++
13685 ++static inline u16 snd_hdac_reg_readw(struct hdac_bus *bus, void __iomem *addr)
13686 ++{
13687 ++ return snd_hdac_aligned_mmio(bus) ?
13688 ++ snd_hdac_aligned_read(addr, 0xffff) : readw(addr);
13689 ++}
13690 ++
13691 ++#define snd_hdac_reg_writel(bus, addr, val) writel(val, addr)
13692 ++#define snd_hdac_reg_readl(bus, addr) readl(addr)
13693 +
13694 + /*
13695 + * macros for easy use
13696 + */
13697 + #define _snd_hdac_chip_writeb(chip, reg, value) \
13698 +- snd_hdac_reg_writeb(value, (chip)->remap_addr + (reg))
13699 ++ snd_hdac_reg_writeb(chip, (chip)->remap_addr + (reg), value)
13700 + #define _snd_hdac_chip_readb(chip, reg) \
13701 +- snd_hdac_reg_readb((chip)->remap_addr + (reg))
13702 ++ snd_hdac_reg_readb(chip, (chip)->remap_addr + (reg))
13703 + #define _snd_hdac_chip_writew(chip, reg, value) \
13704 +- snd_hdac_reg_writew(value, (chip)->remap_addr + (reg))
13705 ++ snd_hdac_reg_writew(chip, (chip)->remap_addr + (reg), value)
13706 + #define _snd_hdac_chip_readw(chip, reg) \
13707 +- snd_hdac_reg_readw((chip)->remap_addr + (reg))
13708 ++ snd_hdac_reg_readw(chip, (chip)->remap_addr + (reg))
13709 + #define _snd_hdac_chip_writel(chip, reg, value) \
13710 +- snd_hdac_reg_writel(value, (chip)->remap_addr + (reg))
13711 ++ snd_hdac_reg_writel(chip, (chip)->remap_addr + (reg), value)
13712 + #define _snd_hdac_chip_readl(chip, reg) \
13713 +- snd_hdac_reg_readl((chip)->remap_addr + (reg))
13714 ++ snd_hdac_reg_readl(chip, (chip)->remap_addr + (reg))
13715 +
13716 + /* read/write a register, pass without AZX_REG_ prefix */
13717 + #define snd_hdac_chip_writel(chip, reg, value) \
13718 +@@ -540,17 +569,17 @@ int snd_hdac_get_stream_stripe_ctl(struct hdac_bus *bus,
13719 + */
13720 + /* read/write a register, pass without AZX_REG_ prefix */
13721 + #define snd_hdac_stream_writel(dev, reg, value) \
13722 +- snd_hdac_reg_writel(value, (dev)->sd_addr + AZX_REG_ ## reg)
13723 ++ snd_hdac_reg_writel((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg, value)
13724 + #define snd_hdac_stream_writew(dev, reg, value) \
13725 +- snd_hdac_reg_writew(value, (dev)->sd_addr + AZX_REG_ ## reg)
13726 ++ snd_hdac_reg_writew((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg, value)
13727 + #define snd_hdac_stream_writeb(dev, reg, value) \
13728 +- snd_hdac_reg_writeb(value, (dev)->sd_addr + AZX_REG_ ## reg)
13729 ++ snd_hdac_reg_writeb((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg, value)
13730 + #define snd_hdac_stream_readl(dev, reg) \
13731 +- snd_hdac_reg_readl((dev)->sd_addr + AZX_REG_ ## reg)
13732 ++ snd_hdac_reg_readl((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg)
13733 + #define snd_hdac_stream_readw(dev, reg) \
13734 +- snd_hdac_reg_readw((dev)->sd_addr + AZX_REG_ ## reg)
13735 ++ snd_hdac_reg_readw((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg)
13736 + #define snd_hdac_stream_readb(dev, reg) \
13737 +- snd_hdac_reg_readb((dev)->sd_addr + AZX_REG_ ## reg)
13738 ++ snd_hdac_reg_readb((dev)->bus, (dev)->sd_addr + AZX_REG_ ## reg)
13739 +
13740 + /* update a register, pass without AZX_REG_ prefix */
13741 + #define snd_hdac_stream_updatel(dev, reg, mask, val) \
13742 +diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h
13743 +index ef50be4e5e6c..d94def25e4dc 100644
13744 +--- a/include/trace/events/writeback.h
13745 ++++ b/include/trace/events/writeback.h
13746 +@@ -67,8 +67,8 @@ DECLARE_EVENT_CLASS(writeback_page_template,
13747 +
13748 + TP_fast_assign(
13749 + strscpy_pad(__entry->name,
13750 +- mapping ? dev_name(inode_to_bdi(mapping->host)->dev) : "(unknown)",
13751 +- 32);
13752 ++ bdi_dev_name(mapping ? inode_to_bdi(mapping->host) :
13753 ++ NULL), 32);
13754 + __entry->ino = mapping ? mapping->host->i_ino : 0;
13755 + __entry->index = page->index;
13756 + ),
13757 +@@ -111,8 +111,7 @@ DECLARE_EVENT_CLASS(writeback_dirty_inode_template,
13758 + struct backing_dev_info *bdi = inode_to_bdi(inode);
13759 +
13760 + /* may be called for files on pseudo FSes w/ unregistered bdi */
13761 +- strscpy_pad(__entry->name,
13762 +- bdi->dev ? dev_name(bdi->dev) : "(unknown)", 32);
13763 ++ strscpy_pad(__entry->name, bdi_dev_name(bdi), 32);
13764 + __entry->ino = inode->i_ino;
13765 + __entry->state = inode->i_state;
13766 + __entry->flags = flags;
13767 +@@ -193,7 +192,7 @@ TRACE_EVENT(inode_foreign_history,
13768 + ),
13769 +
13770 + TP_fast_assign(
13771 +- strncpy(__entry->name, dev_name(inode_to_bdi(inode)->dev), 32);
13772 ++ strncpy(__entry->name, bdi_dev_name(inode_to_bdi(inode)), 32);
13773 + __entry->ino = inode->i_ino;
13774 + __entry->cgroup_ino = __trace_wbc_assign_cgroup(wbc);
13775 + __entry->history = history;
13776 +@@ -222,7 +221,7 @@ TRACE_EVENT(inode_switch_wbs,
13777 + ),
13778 +
13779 + TP_fast_assign(
13780 +- strncpy(__entry->name, dev_name(old_wb->bdi->dev), 32);
13781 ++ strncpy(__entry->name, bdi_dev_name(old_wb->bdi), 32);
13782 + __entry->ino = inode->i_ino;
13783 + __entry->old_cgroup_ino = __trace_wb_assign_cgroup(old_wb);
13784 + __entry->new_cgroup_ino = __trace_wb_assign_cgroup(new_wb);
13785 +@@ -255,7 +254,7 @@ TRACE_EVENT(track_foreign_dirty,
13786 + struct address_space *mapping = page_mapping(page);
13787 + struct inode *inode = mapping ? mapping->host : NULL;
13788 +
13789 +- strncpy(__entry->name, dev_name(wb->bdi->dev), 32);
13790 ++ strncpy(__entry->name, bdi_dev_name(wb->bdi), 32);
13791 + __entry->bdi_id = wb->bdi->id;
13792 + __entry->ino = inode ? inode->i_ino : 0;
13793 + __entry->memcg_id = wb->memcg_css->id;
13794 +@@ -288,7 +287,7 @@ TRACE_EVENT(flush_foreign,
13795 + ),
13796 +
13797 + TP_fast_assign(
13798 +- strncpy(__entry->name, dev_name(wb->bdi->dev), 32);
13799 ++ strncpy(__entry->name, bdi_dev_name(wb->bdi), 32);
13800 + __entry->cgroup_ino = __trace_wb_assign_cgroup(wb);
13801 + __entry->frn_bdi_id = frn_bdi_id;
13802 + __entry->frn_memcg_id = frn_memcg_id;
13803 +@@ -318,7 +317,7 @@ DECLARE_EVENT_CLASS(writeback_write_inode_template,
13804 +
13805 + TP_fast_assign(
13806 + strscpy_pad(__entry->name,
13807 +- dev_name(inode_to_bdi(inode)->dev), 32);
13808 ++ bdi_dev_name(inode_to_bdi(inode)), 32);
13809 + __entry->ino = inode->i_ino;
13810 + __entry->sync_mode = wbc->sync_mode;
13811 + __entry->cgroup_ino = __trace_wbc_assign_cgroup(wbc);
13812 +@@ -361,9 +360,7 @@ DECLARE_EVENT_CLASS(writeback_work_class,
13813 + __field(ino_t, cgroup_ino)
13814 + ),
13815 + TP_fast_assign(
13816 +- strscpy_pad(__entry->name,
13817 +- wb->bdi->dev ? dev_name(wb->bdi->dev) :
13818 +- "(unknown)", 32);
13819 ++ strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
13820 + __entry->nr_pages = work->nr_pages;
13821 + __entry->sb_dev = work->sb ? work->sb->s_dev : 0;
13822 + __entry->sync_mode = work->sync_mode;
13823 +@@ -416,7 +413,7 @@ DECLARE_EVENT_CLASS(writeback_class,
13824 + __field(ino_t, cgroup_ino)
13825 + ),
13826 + TP_fast_assign(
13827 +- strscpy_pad(__entry->name, dev_name(wb->bdi->dev), 32);
13828 ++ strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
13829 + __entry->cgroup_ino = __trace_wb_assign_cgroup(wb);
13830 + ),
13831 + TP_printk("bdi %s: cgroup_ino=%lu",
13832 +@@ -438,7 +435,7 @@ TRACE_EVENT(writeback_bdi_register,
13833 + __array(char, name, 32)
13834 + ),
13835 + TP_fast_assign(
13836 +- strscpy_pad(__entry->name, dev_name(bdi->dev), 32);
13837 ++ strscpy_pad(__entry->name, bdi_dev_name(bdi), 32);
13838 + ),
13839 + TP_printk("bdi %s",
13840 + __entry->name
13841 +@@ -463,7 +460,7 @@ DECLARE_EVENT_CLASS(wbc_class,
13842 + ),
13843 +
13844 + TP_fast_assign(
13845 +- strscpy_pad(__entry->name, dev_name(bdi->dev), 32);
13846 ++ strscpy_pad(__entry->name, bdi_dev_name(bdi), 32);
13847 + __entry->nr_to_write = wbc->nr_to_write;
13848 + __entry->pages_skipped = wbc->pages_skipped;
13849 + __entry->sync_mode = wbc->sync_mode;
13850 +@@ -514,7 +511,7 @@ TRACE_EVENT(writeback_queue_io,
13851 + ),
13852 + TP_fast_assign(
13853 + unsigned long *older_than_this = work->older_than_this;
13854 +- strscpy_pad(__entry->name, dev_name(wb->bdi->dev), 32);
13855 ++ strscpy_pad(__entry->name, bdi_dev_name(wb->bdi), 32);
13856 + __entry->older = older_than_this ? *older_than_this : 0;
13857 + __entry->age = older_than_this ?
13858 + (jiffies - *older_than_this) * 1000 / HZ : -1;
13859 +@@ -600,7 +597,7 @@ TRACE_EVENT(bdi_dirty_ratelimit,
13860 + ),
13861 +
13862 + TP_fast_assign(
13863 +- strscpy_pad(__entry->bdi, dev_name(wb->bdi->dev), 32);
13864 ++ strscpy_pad(__entry->bdi, bdi_dev_name(wb->bdi), 32);
13865 + __entry->write_bw = KBps(wb->write_bandwidth);
13866 + __entry->avg_write_bw = KBps(wb->avg_write_bandwidth);
13867 + __entry->dirty_rate = KBps(dirty_rate);
13868 +@@ -665,7 +662,7 @@ TRACE_EVENT(balance_dirty_pages,
13869 +
13870 + TP_fast_assign(
13871 + unsigned long freerun = (thresh + bg_thresh) / 2;
13872 +- strscpy_pad(__entry->bdi, dev_name(wb->bdi->dev), 32);
13873 ++ strscpy_pad(__entry->bdi, bdi_dev_name(wb->bdi), 32);
13874 +
13875 + __entry->limit = global_wb_domain.dirty_limit;
13876 + __entry->setpoint = (global_wb_domain.dirty_limit +
13877 +@@ -726,7 +723,7 @@ TRACE_EVENT(writeback_sb_inodes_requeue,
13878 +
13879 + TP_fast_assign(
13880 + strscpy_pad(__entry->name,
13881 +- dev_name(inode_to_bdi(inode)->dev), 32);
13882 ++ bdi_dev_name(inode_to_bdi(inode)), 32);
13883 + __entry->ino = inode->i_ino;
13884 + __entry->state = inode->i_state;
13885 + __entry->dirtied_when = inode->dirtied_when;
13886 +@@ -800,7 +797,7 @@ DECLARE_EVENT_CLASS(writeback_single_inode_template,
13887 +
13888 + TP_fast_assign(
13889 + strscpy_pad(__entry->name,
13890 +- dev_name(inode_to_bdi(inode)->dev), 32);
13891 ++ bdi_dev_name(inode_to_bdi(inode)), 32);
13892 + __entry->ino = inode->i_ino;
13893 + __entry->state = inode->i_state;
13894 + __entry->dirtied_when = inode->dirtied_when;
13895 +diff --git a/include/uapi/linux/io_uring.h b/include/uapi/linux/io_uring.h
13896 +index 55cfcb71606d..88693fed2c4b 100644
13897 +--- a/include/uapi/linux/io_uring.h
13898 ++++ b/include/uapi/linux/io_uring.h
13899 +@@ -175,6 +175,7 @@ struct io_uring_params {
13900 + #define IORING_REGISTER_EVENTFD 4
13901 + #define IORING_UNREGISTER_EVENTFD 5
13902 + #define IORING_REGISTER_FILES_UPDATE 6
13903 ++#define IORING_REGISTER_EVENTFD_ASYNC 7
13904 +
13905 + struct io_uring_files_update {
13906 + __u32 offset;
13907 +diff --git a/ipc/msg.c b/ipc/msg.c
13908 +index 8dec945fa030..767587ab45a3 100644
13909 +--- a/ipc/msg.c
13910 ++++ b/ipc/msg.c
13911 +@@ -377,7 +377,7 @@ copy_msqid_from_user(struct msqid64_ds *out, void __user *buf, int version)
13912 + * NOTE: no locks must be held, the rwsem is taken inside this function.
13913 + */
13914 + static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
13915 +- struct msqid64_ds *msqid64)
13916 ++ struct ipc64_perm *perm, int msg_qbytes)
13917 + {
13918 + struct kern_ipc_perm *ipcp;
13919 + struct msg_queue *msq;
13920 +@@ -387,7 +387,7 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
13921 + rcu_read_lock();
13922 +
13923 + ipcp = ipcctl_obtain_check(ns, &msg_ids(ns), msqid, cmd,
13924 +- &msqid64->msg_perm, msqid64->msg_qbytes);
13925 ++ perm, msg_qbytes);
13926 + if (IS_ERR(ipcp)) {
13927 + err = PTR_ERR(ipcp);
13928 + goto out_unlock1;
13929 +@@ -409,18 +409,18 @@ static int msgctl_down(struct ipc_namespace *ns, int msqid, int cmd,
13930 + {
13931 + DEFINE_WAKE_Q(wake_q);
13932 +
13933 +- if (msqid64->msg_qbytes > ns->msg_ctlmnb &&
13934 ++ if (msg_qbytes > ns->msg_ctlmnb &&
13935 + !capable(CAP_SYS_RESOURCE)) {
13936 + err = -EPERM;
13937 + goto out_unlock1;
13938 + }
13939 +
13940 + ipc_lock_object(&msq->q_perm);
13941 +- err = ipc_update_perm(&msqid64->msg_perm, ipcp);
13942 ++ err = ipc_update_perm(perm, ipcp);
13943 + if (err)
13944 + goto out_unlock0;
13945 +
13946 +- msq->q_qbytes = msqid64->msg_qbytes;
13947 ++ msq->q_qbytes = msg_qbytes;
13948 +
13949 + msq->q_ctime = ktime_get_real_seconds();
13950 + /*
13951 +@@ -601,9 +601,10 @@ static long ksys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf, int ver
13952 + case IPC_SET:
13953 + if (copy_msqid_from_user(&msqid64, buf, version))
13954 + return -EFAULT;
13955 +- /* fallthru */
13956 ++ return msgctl_down(ns, msqid, cmd, &msqid64.msg_perm,
13957 ++ msqid64.msg_qbytes);
13958 + case IPC_RMID:
13959 +- return msgctl_down(ns, msqid, cmd, &msqid64);
13960 ++ return msgctl_down(ns, msqid, cmd, NULL, 0);
13961 + default:
13962 + return -EINVAL;
13963 + }
13964 +@@ -735,9 +736,9 @@ static long compat_ksys_msgctl(int msqid, int cmd, void __user *uptr, int versio
13965 + case IPC_SET:
13966 + if (copy_compat_msqid_from_user(&msqid64, uptr, version))
13967 + return -EFAULT;
13968 +- /* fallthru */
13969 ++ return msgctl_down(ns, msqid, cmd, &msqid64.msg_perm, msqid64.msg_qbytes);
13970 + case IPC_RMID:
13971 +- return msgctl_down(ns, msqid, cmd, &msqid64);
13972 ++ return msgctl_down(ns, msqid, cmd, NULL, 0);
13973 + default:
13974 + return -EINVAL;
13975 + }
13976 +diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c
13977 +index 3d3d61b5985b..b4b6b77f309c 100644
13978 +--- a/kernel/bpf/devmap.c
13979 ++++ b/kernel/bpf/devmap.c
13980 +@@ -293,7 +293,8 @@ struct bpf_dtab_netdev *__dev_map_hash_lookup_elem(struct bpf_map *map, u32 key)
13981 + struct hlist_head *head = dev_map_index_hash(dtab, key);
13982 + struct bpf_dtab_netdev *dev;
13983 +
13984 +- hlist_for_each_entry_rcu(dev, head, index_hlist)
13985 ++ hlist_for_each_entry_rcu(dev, head, index_hlist,
13986 ++ lockdep_is_held(&dtab->index_lock))
13987 + if (dev->idx == key)
13988 + return dev;
13989 +
13990 +diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
13991 +index 23b0d5cfd47e..88dee4b09f53 100644
13992 +--- a/kernel/bpf/trampoline.c
13993 ++++ b/kernel/bpf/trampoline.c
13994 +@@ -150,6 +150,14 @@ static int bpf_trampoline_update(struct bpf_trampoline *tr)
13995 + if (fexit_cnt)
13996 + flags = BPF_TRAMP_F_CALL_ORIG | BPF_TRAMP_F_SKIP_FRAME;
13997 +
13998 ++ /* Though the second half of trampoline page is unused a task could be
13999 ++ * preempted in the middle of the first half of trampoline and two
14000 ++ * updates to trampoline would change the code from underneath the
14001 ++ * preempted task. Hence wait for tasks to voluntarily schedule or go
14002 ++ * to userspace.
14003 ++ */
14004 ++ synchronize_rcu_tasks();
14005 ++
14006 + err = arch_prepare_bpf_trampoline(new_image, &tr->func.model, flags,
14007 + fentry, fentry_cnt,
14008 + fexit, fexit_cnt,
14009 +@@ -240,6 +248,8 @@ void bpf_trampoline_put(struct bpf_trampoline *tr)
14010 + goto out;
14011 + if (WARN_ON_ONCE(!hlist_empty(&tr->progs_hlist[BPF_TRAMP_FEXIT])))
14012 + goto out;
14013 ++ /* wait for tasks to get out of trampoline before freeing it */
14014 ++ synchronize_rcu_tasks();
14015 + bpf_jit_free_exec(tr->image);
14016 + hlist_del(&tr->hlist);
14017 + kfree(tr);
14018 +diff --git a/kernel/events/core.c b/kernel/events/core.c
14019 +index 2173c23c25b4..fdb7f7ef380c 100644
14020 +--- a/kernel/events/core.c
14021 ++++ b/kernel/events/core.c
14022 +@@ -951,9 +951,9 @@ list_update_cgroup_event(struct perf_event *event,
14023 +
14024 + /*
14025 + * Because cgroup events are always per-cpu events,
14026 +- * this will always be called from the right CPU.
14027 ++ * @ctx == &cpuctx->ctx.
14028 + */
14029 +- cpuctx = __get_cpu_context(ctx);
14030 ++ cpuctx = container_of(ctx, struct perf_cpu_context, ctx);
14031 +
14032 + /*
14033 + * Since setting cpuctx->cgrp is conditional on the current @cgrp
14034 +@@ -979,7 +979,8 @@ list_update_cgroup_event(struct perf_event *event,
14035 +
14036 + cpuctx_entry = &cpuctx->cgrp_cpuctx_entry;
14037 + if (add)
14038 +- list_add(cpuctx_entry, this_cpu_ptr(&cgrp_cpuctx_list));
14039 ++ list_add(cpuctx_entry,
14040 ++ per_cpu_ptr(&cgrp_cpuctx_list, event->cpu));
14041 + else
14042 + list_del(cpuctx_entry);
14043 + }
14044 +@@ -5916,7 +5917,15 @@ accounting:
14045 + */
14046 + user_lock_limit *= num_online_cpus();
14047 +
14048 +- user_locked = atomic_long_read(&user->locked_vm) + user_extra;
14049 ++ user_locked = atomic_long_read(&user->locked_vm);
14050 ++
14051 ++ /*
14052 ++ * sysctl_perf_event_mlock may have changed, so that
14053 ++ * user->locked_vm > user_lock_limit
14054 ++ */
14055 ++ if (user_locked > user_lock_limit)
14056 ++ user_locked = user_lock_limit;
14057 ++ user_locked += user_extra;
14058 +
14059 + if (user_locked > user_lock_limit) {
14060 + /*
14061 +diff --git a/kernel/irq/debugfs.c b/kernel/irq/debugfs.c
14062 +index c1eccd4f6520..a949bd39e343 100644
14063 +--- a/kernel/irq/debugfs.c
14064 ++++ b/kernel/irq/debugfs.c
14065 +@@ -114,6 +114,7 @@ static const struct irq_bit_descr irqdata_states[] = {
14066 + BIT_MASK_DESCR(IRQD_AFFINITY_MANAGED),
14067 + BIT_MASK_DESCR(IRQD_MANAGED_SHUTDOWN),
14068 + BIT_MASK_DESCR(IRQD_CAN_RESERVE),
14069 ++ BIT_MASK_DESCR(IRQD_MSI_NOMASK_QUIRK),
14070 +
14071 + BIT_MASK_DESCR(IRQD_FORWARDED_TO_VCPU),
14072 +
14073 +diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
14074 +index dd822fd8a7d5..480df3659720 100644
14075 +--- a/kernel/irq/irqdomain.c
14076 ++++ b/kernel/irq/irqdomain.c
14077 +@@ -1459,6 +1459,7 @@ int irq_domain_push_irq(struct irq_domain *domain, int virq, void *arg)
14078 + if (rv) {
14079 + /* Restore the original irq_data. */
14080 + *root_irq_data = *child_irq_data;
14081 ++ kfree(child_irq_data);
14082 + goto error;
14083 + }
14084 +
14085 +diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
14086 +index ad26fbcfbfc8..eb95f6106a1e 100644
14087 +--- a/kernel/irq/msi.c
14088 ++++ b/kernel/irq/msi.c
14089 +@@ -453,8 +453,11 @@ int msi_domain_alloc_irqs(struct irq_domain *domain, struct device *dev,
14090 + continue;
14091 +
14092 + irq_data = irq_domain_get_irq_data(domain, desc->irq);
14093 +- if (!can_reserve)
14094 ++ if (!can_reserve) {
14095 + irqd_clr_can_reserve(irq_data);
14096 ++ if (domain->flags & IRQ_DOMAIN_MSI_NOMASK_QUIRK)
14097 ++ irqd_set_msi_nomask_quirk(irq_data);
14098 ++ }
14099 + ret = irq_domain_activate_irq(irq_data, can_reserve);
14100 + if (ret)
14101 + goto cleanup;
14102 +diff --git a/kernel/padata.c b/kernel/padata.c
14103 +index c3fec1413295..9c82ee4a9732 100644
14104 +--- a/kernel/padata.c
14105 ++++ b/kernel/padata.c
14106 +@@ -35,6 +35,8 @@
14107 +
14108 + #define MAX_OBJ_NUM 1000
14109 +
14110 ++static void padata_free_pd(struct parallel_data *pd);
14111 ++
14112 + static int padata_index_to_cpu(struct parallel_data *pd, int cpu_index)
14113 + {
14114 + int cpu, target_cpu;
14115 +@@ -87,7 +89,7 @@ static void padata_parallel_worker(struct work_struct *parallel_work)
14116 + /**
14117 + * padata_do_parallel - padata parallelization function
14118 + *
14119 +- * @pinst: padata instance
14120 ++ * @ps: padatashell
14121 + * @padata: object to be parallelized
14122 + * @cb_cpu: pointer to the CPU that the serialization callback function should
14123 + * run on. If it's not in the serial cpumask of @pinst
14124 +@@ -98,16 +100,17 @@ static void padata_parallel_worker(struct work_struct *parallel_work)
14125 + * Note: Every object which is parallelized by padata_do_parallel
14126 + * must be seen by padata_do_serial.
14127 + */
14128 +-int padata_do_parallel(struct padata_instance *pinst,
14129 ++int padata_do_parallel(struct padata_shell *ps,
14130 + struct padata_priv *padata, int *cb_cpu)
14131 + {
14132 ++ struct padata_instance *pinst = ps->pinst;
14133 + int i, cpu, cpu_index, target_cpu, err;
14134 + struct padata_parallel_queue *queue;
14135 + struct parallel_data *pd;
14136 +
14137 + rcu_read_lock_bh();
14138 +
14139 +- pd = rcu_dereference_bh(pinst->pd);
14140 ++ pd = rcu_dereference_bh(ps->pd);
14141 +
14142 + err = -EINVAL;
14143 + if (!(pinst->flags & PADATA_INIT) || pinst->flags & PADATA_INVALID)
14144 +@@ -210,10 +213,10 @@ static struct padata_priv *padata_find_next(struct parallel_data *pd,
14145 +
14146 + static void padata_reorder(struct parallel_data *pd)
14147 + {
14148 ++ struct padata_instance *pinst = pd->ps->pinst;
14149 + int cb_cpu;
14150 + struct padata_priv *padata;
14151 + struct padata_serial_queue *squeue;
14152 +- struct padata_instance *pinst = pd->pinst;
14153 + struct padata_parallel_queue *next_queue;
14154 +
14155 + /*
14156 +@@ -283,6 +286,7 @@ static void padata_serial_worker(struct work_struct *serial_work)
14157 + struct padata_serial_queue *squeue;
14158 + struct parallel_data *pd;
14159 + LIST_HEAD(local_list);
14160 ++ int cnt;
14161 +
14162 + local_bh_disable();
14163 + squeue = container_of(serial_work, struct padata_serial_queue, work);
14164 +@@ -292,6 +296,8 @@ static void padata_serial_worker(struct work_struct *serial_work)
14165 + list_replace_init(&squeue->serial.list, &local_list);
14166 + spin_unlock(&squeue->serial.lock);
14167 +
14168 ++ cnt = 0;
14169 ++
14170 + while (!list_empty(&local_list)) {
14171 + struct padata_priv *padata;
14172 +
14173 +@@ -301,9 +307,12 @@ static void padata_serial_worker(struct work_struct *serial_work)
14174 + list_del_init(&padata->list);
14175 +
14176 + padata->serial(padata);
14177 +- atomic_dec(&pd->refcnt);
14178 ++ cnt++;
14179 + }
14180 + local_bh_enable();
14181 ++
14182 ++ if (atomic_sub_and_test(cnt, &pd->refcnt))
14183 ++ padata_free_pd(pd);
14184 + }
14185 +
14186 + /**
14187 +@@ -341,36 +350,39 @@ void padata_do_serial(struct padata_priv *padata)
14188 + }
14189 + EXPORT_SYMBOL(padata_do_serial);
14190 +
14191 +-static int padata_setup_cpumasks(struct parallel_data *pd,
14192 +- const struct cpumask *pcpumask,
14193 +- const struct cpumask *cbcpumask)
14194 ++static int padata_setup_cpumasks(struct padata_instance *pinst)
14195 + {
14196 + struct workqueue_attrs *attrs;
14197 ++ int err;
14198 ++
14199 ++ attrs = alloc_workqueue_attrs();
14200 ++ if (!attrs)
14201 ++ return -ENOMEM;
14202 ++
14203 ++ /* Restrict parallel_wq workers to pd->cpumask.pcpu. */
14204 ++ cpumask_copy(attrs->cpumask, pinst->cpumask.pcpu);
14205 ++ err = apply_workqueue_attrs(pinst->parallel_wq, attrs);
14206 ++ free_workqueue_attrs(attrs);
14207 ++
14208 ++ return err;
14209 ++}
14210 ++
14211 ++static int pd_setup_cpumasks(struct parallel_data *pd,
14212 ++ const struct cpumask *pcpumask,
14213 ++ const struct cpumask *cbcpumask)
14214 ++{
14215 + int err = -ENOMEM;
14216 +
14217 + if (!alloc_cpumask_var(&pd->cpumask.pcpu, GFP_KERNEL))
14218 + goto out;
14219 +- cpumask_and(pd->cpumask.pcpu, pcpumask, cpu_online_mask);
14220 +-
14221 + if (!alloc_cpumask_var(&pd->cpumask.cbcpu, GFP_KERNEL))
14222 + goto free_pcpu_mask;
14223 +- cpumask_and(pd->cpumask.cbcpu, cbcpumask, cpu_online_mask);
14224 +-
14225 +- attrs = alloc_workqueue_attrs();
14226 +- if (!attrs)
14227 +- goto free_cbcpu_mask;
14228 +
14229 +- /* Restrict parallel_wq workers to pd->cpumask.pcpu. */
14230 +- cpumask_copy(attrs->cpumask, pd->cpumask.pcpu);
14231 +- err = apply_workqueue_attrs(pd->pinst->parallel_wq, attrs);
14232 +- free_workqueue_attrs(attrs);
14233 +- if (err < 0)
14234 +- goto free_cbcpu_mask;
14235 ++ cpumask_copy(pd->cpumask.pcpu, pcpumask);
14236 ++ cpumask_copy(pd->cpumask.cbcpu, cbcpumask);
14237 +
14238 + return 0;
14239 +
14240 +-free_cbcpu_mask:
14241 +- free_cpumask_var(pd->cpumask.cbcpu);
14242 + free_pcpu_mask:
14243 + free_cpumask_var(pd->cpumask.pcpu);
14244 + out:
14245 +@@ -414,12 +426,16 @@ static void padata_init_pqueues(struct parallel_data *pd)
14246 + }
14247 +
14248 + /* Allocate and initialize the internal cpumask dependend resources. */
14249 +-static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
14250 +- const struct cpumask *pcpumask,
14251 +- const struct cpumask *cbcpumask)
14252 ++static struct parallel_data *padata_alloc_pd(struct padata_shell *ps)
14253 + {
14254 ++ struct padata_instance *pinst = ps->pinst;
14255 ++ const struct cpumask *cbcpumask;
14256 ++ const struct cpumask *pcpumask;
14257 + struct parallel_data *pd;
14258 +
14259 ++ cbcpumask = pinst->rcpumask.cbcpu;
14260 ++ pcpumask = pinst->rcpumask.pcpu;
14261 ++
14262 + pd = kzalloc(sizeof(struct parallel_data), GFP_KERNEL);
14263 + if (!pd)
14264 + goto err;
14265 +@@ -432,15 +448,15 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
14266 + if (!pd->squeue)
14267 + goto err_free_pqueue;
14268 +
14269 +- pd->pinst = pinst;
14270 +- if (padata_setup_cpumasks(pd, pcpumask, cbcpumask) < 0)
14271 ++ pd->ps = ps;
14272 ++ if (pd_setup_cpumasks(pd, pcpumask, cbcpumask))
14273 + goto err_free_squeue;
14274 +
14275 + padata_init_pqueues(pd);
14276 + padata_init_squeues(pd);
14277 + atomic_set(&pd->seq_nr, -1);
14278 + atomic_set(&pd->reorder_objects, 0);
14279 +- atomic_set(&pd->refcnt, 0);
14280 ++ atomic_set(&pd->refcnt, 1);
14281 + spin_lock_init(&pd->lock);
14282 + pd->cpu = cpumask_first(pd->cpumask.pcpu);
14283 + INIT_WORK(&pd->reorder_work, invoke_padata_reorder);
14284 +@@ -466,29 +482,6 @@ static void padata_free_pd(struct parallel_data *pd)
14285 + kfree(pd);
14286 + }
14287 +
14288 +-/* Flush all objects out of the padata queues. */
14289 +-static void padata_flush_queues(struct parallel_data *pd)
14290 +-{
14291 +- int cpu;
14292 +- struct padata_parallel_queue *pqueue;
14293 +- struct padata_serial_queue *squeue;
14294 +-
14295 +- for_each_cpu(cpu, pd->cpumask.pcpu) {
14296 +- pqueue = per_cpu_ptr(pd->pqueue, cpu);
14297 +- flush_work(&pqueue->work);
14298 +- }
14299 +-
14300 +- if (atomic_read(&pd->reorder_objects))
14301 +- padata_reorder(pd);
14302 +-
14303 +- for_each_cpu(cpu, pd->cpumask.cbcpu) {
14304 +- squeue = per_cpu_ptr(pd->squeue, cpu);
14305 +- flush_work(&squeue->work);
14306 +- }
14307 +-
14308 +- BUG_ON(atomic_read(&pd->refcnt) != 0);
14309 +-}
14310 +-
14311 + static void __padata_start(struct padata_instance *pinst)
14312 + {
14313 + pinst->flags |= PADATA_INIT;
14314 +@@ -502,39 +495,67 @@ static void __padata_stop(struct padata_instance *pinst)
14315 + pinst->flags &= ~PADATA_INIT;
14316 +
14317 + synchronize_rcu();
14318 +-
14319 +- get_online_cpus();
14320 +- padata_flush_queues(pinst->pd);
14321 +- put_online_cpus();
14322 + }
14323 +
14324 + /* Replace the internal control structure with a new one. */
14325 +-static void padata_replace(struct padata_instance *pinst,
14326 +- struct parallel_data *pd_new)
14327 ++static int padata_replace_one(struct padata_shell *ps)
14328 + {
14329 +- struct parallel_data *pd_old = pinst->pd;
14330 +- int notification_mask = 0;
14331 ++ struct parallel_data *pd_new;
14332 +
14333 +- pinst->flags |= PADATA_RESET;
14334 ++ pd_new = padata_alloc_pd(ps);
14335 ++ if (!pd_new)
14336 ++ return -ENOMEM;
14337 +
14338 +- rcu_assign_pointer(pinst->pd, pd_new);
14339 ++ ps->opd = rcu_dereference_protected(ps->pd, 1);
14340 ++ rcu_assign_pointer(ps->pd, pd_new);
14341 +
14342 +- synchronize_rcu();
14343 ++ return 0;
14344 ++}
14345 ++
14346 ++static int padata_replace(struct padata_instance *pinst, int cpu)
14347 ++{
14348 ++ int notification_mask = 0;
14349 ++ struct padata_shell *ps;
14350 ++ int err;
14351 ++
14352 ++ pinst->flags |= PADATA_RESET;
14353 +
14354 +- if (!cpumask_equal(pd_old->cpumask.pcpu, pd_new->cpumask.pcpu))
14355 ++ cpumask_copy(pinst->omask, pinst->rcpumask.pcpu);
14356 ++ cpumask_and(pinst->rcpumask.pcpu, pinst->cpumask.pcpu,
14357 ++ cpu_online_mask);
14358 ++ if (cpu >= 0)
14359 ++ cpumask_clear_cpu(cpu, pinst->rcpumask.pcpu);
14360 ++ if (!cpumask_equal(pinst->omask, pinst->rcpumask.pcpu))
14361 + notification_mask |= PADATA_CPU_PARALLEL;
14362 +- if (!cpumask_equal(pd_old->cpumask.cbcpu, pd_new->cpumask.cbcpu))
14363 ++
14364 ++ cpumask_copy(pinst->omask, pinst->rcpumask.cbcpu);
14365 ++ cpumask_and(pinst->rcpumask.cbcpu, pinst->cpumask.cbcpu,
14366 ++ cpu_online_mask);
14367 ++ if (cpu >= 0)
14368 ++ cpumask_clear_cpu(cpu, pinst->rcpumask.cbcpu);
14369 ++ if (!cpumask_equal(pinst->omask, pinst->rcpumask.cbcpu))
14370 + notification_mask |= PADATA_CPU_SERIAL;
14371 +
14372 +- padata_flush_queues(pd_old);
14373 +- padata_free_pd(pd_old);
14374 ++ list_for_each_entry(ps, &pinst->pslist, list) {
14375 ++ err = padata_replace_one(ps);
14376 ++ if (err)
14377 ++ break;
14378 ++ }
14379 ++
14380 ++ synchronize_rcu();
14381 ++
14382 ++ list_for_each_entry_continue_reverse(ps, &pinst->pslist, list)
14383 ++ if (atomic_dec_and_test(&ps->opd->refcnt))
14384 ++ padata_free_pd(ps->opd);
14385 +
14386 + if (notification_mask)
14387 + blocking_notifier_call_chain(&pinst->cpumask_change_notifier,
14388 + notification_mask,
14389 +- &pd_new->cpumask);
14390 ++ &pinst->cpumask);
14391 +
14392 + pinst->flags &= ~PADATA_RESET;
14393 ++
14394 ++ return err;
14395 + }
14396 +
14397 + /**
14398 +@@ -587,7 +608,7 @@ static int __padata_set_cpumasks(struct padata_instance *pinst,
14399 + cpumask_var_t cbcpumask)
14400 + {
14401 + int valid;
14402 +- struct parallel_data *pd;
14403 ++ int err;
14404 +
14405 + valid = padata_validate_cpumask(pinst, pcpumask);
14406 + if (!valid) {
14407 +@@ -600,19 +621,15 @@ static int __padata_set_cpumasks(struct padata_instance *pinst,
14408 + __padata_stop(pinst);
14409 +
14410 + out_replace:
14411 +- pd = padata_alloc_pd(pinst, pcpumask, cbcpumask);
14412 +- if (!pd)
14413 +- return -ENOMEM;
14414 +-
14415 + cpumask_copy(pinst->cpumask.pcpu, pcpumask);
14416 + cpumask_copy(pinst->cpumask.cbcpu, cbcpumask);
14417 +
14418 +- padata_replace(pinst, pd);
14419 ++ err = padata_setup_cpumasks(pinst) ?: padata_replace(pinst, -1);
14420 +
14421 + if (valid)
14422 + __padata_start(pinst);
14423 +
14424 +- return 0;
14425 ++ return err;
14426 + }
14427 +
14428 + /**
14429 +@@ -695,46 +712,32 @@ EXPORT_SYMBOL(padata_stop);
14430 +
14431 + static int __padata_add_cpu(struct padata_instance *pinst, int cpu)
14432 + {
14433 +- struct parallel_data *pd;
14434 ++ int err = 0;
14435 +
14436 + if (cpumask_test_cpu(cpu, cpu_online_mask)) {
14437 +- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,
14438 +- pinst->cpumask.cbcpu);
14439 +- if (!pd)
14440 +- return -ENOMEM;
14441 +-
14442 +- padata_replace(pinst, pd);
14443 ++ err = padata_replace(pinst, -1);
14444 +
14445 + if (padata_validate_cpumask(pinst, pinst->cpumask.pcpu) &&
14446 + padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))
14447 + __padata_start(pinst);
14448 + }
14449 +
14450 +- return 0;
14451 ++ return err;
14452 + }
14453 +
14454 + static int __padata_remove_cpu(struct padata_instance *pinst, int cpu)
14455 + {
14456 +- struct parallel_data *pd = NULL;
14457 ++ int err = 0;
14458 +
14459 + if (cpumask_test_cpu(cpu, cpu_online_mask)) {
14460 +-
14461 + if (!padata_validate_cpumask(pinst, pinst->cpumask.pcpu) ||
14462 + !padata_validate_cpumask(pinst, pinst->cpumask.cbcpu))
14463 + __padata_stop(pinst);
14464 +
14465 +- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu,
14466 +- pinst->cpumask.cbcpu);
14467 +- if (!pd)
14468 +- return -ENOMEM;
14469 +-
14470 +- padata_replace(pinst, pd);
14471 +-
14472 +- cpumask_clear_cpu(cpu, pd->cpumask.cbcpu);
14473 +- cpumask_clear_cpu(cpu, pd->cpumask.pcpu);
14474 ++ err = padata_replace(pinst, cpu);
14475 + }
14476 +
14477 +- return 0;
14478 ++ return err;
14479 + }
14480 +
14481 + /**
14482 +@@ -817,8 +820,12 @@ static void __padata_free(struct padata_instance *pinst)
14483 + cpuhp_state_remove_instance_nocalls(hp_online, &pinst->node);
14484 + #endif
14485 +
14486 ++ WARN_ON(!list_empty(&pinst->pslist));
14487 ++
14488 + padata_stop(pinst);
14489 +- padata_free_pd(pinst->pd);
14490 ++ free_cpumask_var(pinst->omask);
14491 ++ free_cpumask_var(pinst->rcpumask.cbcpu);
14492 ++ free_cpumask_var(pinst->rcpumask.pcpu);
14493 + free_cpumask_var(pinst->cpumask.pcpu);
14494 + free_cpumask_var(pinst->cpumask.cbcpu);
14495 + destroy_workqueue(pinst->serial_wq);
14496 +@@ -965,7 +972,6 @@ static struct padata_instance *padata_alloc(const char *name,
14497 + const struct cpumask *cbcpumask)
14498 + {
14499 + struct padata_instance *pinst;
14500 +- struct parallel_data *pd = NULL;
14501 +
14502 + pinst = kzalloc(sizeof(struct padata_instance), GFP_KERNEL);
14503 + if (!pinst)
14504 +@@ -993,14 +999,22 @@ static struct padata_instance *padata_alloc(const char *name,
14505 + !padata_validate_cpumask(pinst, cbcpumask))
14506 + goto err_free_masks;
14507 +
14508 +- pd = padata_alloc_pd(pinst, pcpumask, cbcpumask);
14509 +- if (!pd)
14510 ++ if (!alloc_cpumask_var(&pinst->rcpumask.pcpu, GFP_KERNEL))
14511 + goto err_free_masks;
14512 ++ if (!alloc_cpumask_var(&pinst->rcpumask.cbcpu, GFP_KERNEL))
14513 ++ goto err_free_rcpumask_pcpu;
14514 ++ if (!alloc_cpumask_var(&pinst->omask, GFP_KERNEL))
14515 ++ goto err_free_rcpumask_cbcpu;
14516 +
14517 +- rcu_assign_pointer(pinst->pd, pd);
14518 ++ INIT_LIST_HEAD(&pinst->pslist);
14519 +
14520 + cpumask_copy(pinst->cpumask.pcpu, pcpumask);
14521 + cpumask_copy(pinst->cpumask.cbcpu, cbcpumask);
14522 ++ cpumask_and(pinst->rcpumask.pcpu, pcpumask, cpu_online_mask);
14523 ++ cpumask_and(pinst->rcpumask.cbcpu, cbcpumask, cpu_online_mask);
14524 ++
14525 ++ if (padata_setup_cpumasks(pinst))
14526 ++ goto err_free_omask;
14527 +
14528 + pinst->flags = 0;
14529 +
14530 +@@ -1016,6 +1030,12 @@ static struct padata_instance *padata_alloc(const char *name,
14531 +
14532 + return pinst;
14533 +
14534 ++err_free_omask:
14535 ++ free_cpumask_var(pinst->omask);
14536 ++err_free_rcpumask_cbcpu:
14537 ++ free_cpumask_var(pinst->rcpumask.cbcpu);
14538 ++err_free_rcpumask_pcpu:
14539 ++ free_cpumask_var(pinst->rcpumask.pcpu);
14540 + err_free_masks:
14541 + free_cpumask_var(pinst->cpumask.pcpu);
14542 + free_cpumask_var(pinst->cpumask.cbcpu);
14543 +@@ -1054,6 +1074,61 @@ void padata_free(struct padata_instance *pinst)
14544 + }
14545 + EXPORT_SYMBOL(padata_free);
14546 +
14547 ++/**
14548 ++ * padata_alloc_shell - Allocate and initialize padata shell.
14549 ++ *
14550 ++ * @pinst: Parent padata_instance object.
14551 ++ */
14552 ++struct padata_shell *padata_alloc_shell(struct padata_instance *pinst)
14553 ++{
14554 ++ struct parallel_data *pd;
14555 ++ struct padata_shell *ps;
14556 ++
14557 ++ ps = kzalloc(sizeof(*ps), GFP_KERNEL);
14558 ++ if (!ps)
14559 ++ goto out;
14560 ++
14561 ++ ps->pinst = pinst;
14562 ++
14563 ++ get_online_cpus();
14564 ++ pd = padata_alloc_pd(ps);
14565 ++ put_online_cpus();
14566 ++
14567 ++ if (!pd)
14568 ++ goto out_free_ps;
14569 ++
14570 ++ mutex_lock(&pinst->lock);
14571 ++ RCU_INIT_POINTER(ps->pd, pd);
14572 ++ list_add(&ps->list, &pinst->pslist);
14573 ++ mutex_unlock(&pinst->lock);
14574 ++
14575 ++ return ps;
14576 ++
14577 ++out_free_ps:
14578 ++ kfree(ps);
14579 ++out:
14580 ++ return NULL;
14581 ++}
14582 ++EXPORT_SYMBOL(padata_alloc_shell);
14583 ++
14584 ++/**
14585 ++ * padata_free_shell - free a padata shell
14586 ++ *
14587 ++ * @ps: padata shell to free
14588 ++ */
14589 ++void padata_free_shell(struct padata_shell *ps)
14590 ++{
14591 ++ struct padata_instance *pinst = ps->pinst;
14592 ++
14593 ++ mutex_lock(&pinst->lock);
14594 ++ list_del(&ps->list);
14595 ++ padata_free_pd(rcu_dereference_protected(ps->pd, 1));
14596 ++ mutex_unlock(&pinst->lock);
14597 ++
14598 ++ kfree(ps);
14599 ++}
14600 ++EXPORT_SYMBOL(padata_free_shell);
14601 ++
14602 + #ifdef CONFIG_HOTPLUG_CPU
14603 +
14604 + static __init int padata_driver_init(void)
14605 +diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
14606 +index 5dffade2d7cd..21acdff3bd27 100644
14607 +--- a/kernel/rcu/srcutree.c
14608 ++++ b/kernel/rcu/srcutree.c
14609 +@@ -530,7 +530,7 @@ static void srcu_gp_end(struct srcu_struct *ssp)
14610 + idx = rcu_seq_state(ssp->srcu_gp_seq);
14611 + WARN_ON_ONCE(idx != SRCU_STATE_SCAN2);
14612 + cbdelay = srcu_get_delay(ssp);
14613 +- ssp->srcu_last_gp_end = ktime_get_mono_fast_ns();
14614 ++ WRITE_ONCE(ssp->srcu_last_gp_end, ktime_get_mono_fast_ns());
14615 + rcu_seq_end(&ssp->srcu_gp_seq);
14616 + gpseq = rcu_seq_current(&ssp->srcu_gp_seq);
14617 + if (ULONG_CMP_LT(ssp->srcu_gp_seq_needed_exp, gpseq))
14618 +@@ -762,6 +762,7 @@ static bool srcu_might_be_idle(struct srcu_struct *ssp)
14619 + unsigned long flags;
14620 + struct srcu_data *sdp;
14621 + unsigned long t;
14622 ++ unsigned long tlast;
14623 +
14624 + /* If the local srcu_data structure has callbacks, not idle. */
14625 + local_irq_save(flags);
14626 +@@ -780,9 +781,9 @@ static bool srcu_might_be_idle(struct srcu_struct *ssp)
14627 +
14628 + /* First, see if enough time has passed since the last GP. */
14629 + t = ktime_get_mono_fast_ns();
14630 ++ tlast = READ_ONCE(ssp->srcu_last_gp_end);
14631 + if (exp_holdoff == 0 ||
14632 +- time_in_range_open(t, ssp->srcu_last_gp_end,
14633 +- ssp->srcu_last_gp_end + exp_holdoff))
14634 ++ time_in_range_open(t, tlast, tlast + exp_holdoff))
14635 + return false; /* Too soon after last GP. */
14636 +
14637 + /* Next, check for probable idleness. */
14638 +diff --git a/kernel/rcu/tree_exp.h b/kernel/rcu/tree_exp.h
14639 +index d632cd019597..69c5aa64fcfd 100644
14640 +--- a/kernel/rcu/tree_exp.h
14641 ++++ b/kernel/rcu/tree_exp.h
14642 +@@ -134,7 +134,7 @@ static void __maybe_unused sync_exp_reset_tree(void)
14643 + rcu_for_each_node_breadth_first(rnp) {
14644 + raw_spin_lock_irqsave_rcu_node(rnp, flags);
14645 + WARN_ON_ONCE(rnp->expmask);
14646 +- rnp->expmask = rnp->expmaskinit;
14647 ++ WRITE_ONCE(rnp->expmask, rnp->expmaskinit);
14648 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
14649 + }
14650 + }
14651 +@@ -211,7 +211,7 @@ static void __rcu_report_exp_rnp(struct rcu_node *rnp,
14652 + rnp = rnp->parent;
14653 + raw_spin_lock_rcu_node(rnp); /* irqs already disabled */
14654 + WARN_ON_ONCE(!(rnp->expmask & mask));
14655 +- rnp->expmask &= ~mask;
14656 ++ WRITE_ONCE(rnp->expmask, rnp->expmask & ~mask);
14657 + }
14658 + }
14659 +
14660 +@@ -241,7 +241,7 @@ static void rcu_report_exp_cpu_mult(struct rcu_node *rnp,
14661 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
14662 + return;
14663 + }
14664 +- rnp->expmask &= ~mask;
14665 ++ WRITE_ONCE(rnp->expmask, rnp->expmask & ~mask);
14666 + __rcu_report_exp_rnp(rnp, wake, flags); /* Releases rnp->lock. */
14667 + }
14668 +
14669 +@@ -372,12 +372,10 @@ static void sync_rcu_exp_select_node_cpus(struct work_struct *wp)
14670 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
14671 +
14672 + /* IPI the remaining CPUs for expedited quiescent state. */
14673 +- for_each_leaf_node_cpu_mask(rnp, cpu, rnp->expmask) {
14674 ++ for_each_leaf_node_cpu_mask(rnp, cpu, mask_ofl_ipi) {
14675 + unsigned long mask = leaf_node_cpu_bit(rnp, cpu);
14676 + struct rcu_data *rdp = per_cpu_ptr(&rcu_data, cpu);
14677 +
14678 +- if (!(mask_ofl_ipi & mask))
14679 +- continue;
14680 + retry_ipi:
14681 + if (rcu_dynticks_in_eqs_since(rdp, rdp->exp_dynticks_snap)) {
14682 + mask_ofl_test |= mask;
14683 +@@ -491,7 +489,7 @@ static void synchronize_sched_expedited_wait(void)
14684 + struct rcu_data *rdp;
14685 +
14686 + mask = leaf_node_cpu_bit(rnp, cpu);
14687 +- if (!(rnp->expmask & mask))
14688 ++ if (!(READ_ONCE(rnp->expmask) & mask))
14689 + continue;
14690 + ndetected++;
14691 + rdp = per_cpu_ptr(&rcu_data, cpu);
14692 +@@ -503,7 +501,8 @@ static void synchronize_sched_expedited_wait(void)
14693 + }
14694 + pr_cont(" } %lu jiffies s: %lu root: %#lx/%c\n",
14695 + jiffies - jiffies_start, rcu_state.expedited_sequence,
14696 +- rnp_root->expmask, ".T"[!!rnp_root->exp_tasks]);
14697 ++ READ_ONCE(rnp_root->expmask),
14698 ++ ".T"[!!rnp_root->exp_tasks]);
14699 + if (ndetected) {
14700 + pr_err("blocking rcu_node structures:");
14701 + rcu_for_each_node_breadth_first(rnp) {
14702 +@@ -513,7 +512,7 @@ static void synchronize_sched_expedited_wait(void)
14703 + continue;
14704 + pr_cont(" l=%u:%d-%d:%#lx/%c",
14705 + rnp->level, rnp->grplo, rnp->grphi,
14706 +- rnp->expmask,
14707 ++ READ_ONCE(rnp->expmask),
14708 + ".T"[!!rnp->exp_tasks]);
14709 + }
14710 + pr_cont("\n");
14711 +@@ -521,7 +520,7 @@ static void synchronize_sched_expedited_wait(void)
14712 + rcu_for_each_leaf_node(rnp) {
14713 + for_each_leaf_node_possible_cpu(rnp, cpu) {
14714 + mask = leaf_node_cpu_bit(rnp, cpu);
14715 +- if (!(rnp->expmask & mask))
14716 ++ if (!(READ_ONCE(rnp->expmask) & mask))
14717 + continue;
14718 + dump_cpu_task(cpu);
14719 + }
14720 +diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
14721 +index fa08d55f7040..f849e7429816 100644
14722 +--- a/kernel/rcu/tree_plugin.h
14723 ++++ b/kernel/rcu/tree_plugin.h
14724 +@@ -220,7 +220,7 @@ static void rcu_preempt_ctxt_queue(struct rcu_node *rnp, struct rcu_data *rdp)
14725 + * blocked tasks.
14726 + */
14727 + if (!rnp->gp_tasks && (blkd_state & RCU_GP_BLKD)) {
14728 +- rnp->gp_tasks = &t->rcu_node_entry;
14729 ++ WRITE_ONCE(rnp->gp_tasks, &t->rcu_node_entry);
14730 + WARN_ON_ONCE(rnp->completedqs == rnp->gp_seq);
14731 + }
14732 + if (!rnp->exp_tasks && (blkd_state & RCU_EXP_BLKD))
14733 +@@ -340,7 +340,7 @@ EXPORT_SYMBOL_GPL(rcu_note_context_switch);
14734 + */
14735 + static int rcu_preempt_blocked_readers_cgp(struct rcu_node *rnp)
14736 + {
14737 +- return rnp->gp_tasks != NULL;
14738 ++ return READ_ONCE(rnp->gp_tasks) != NULL;
14739 + }
14740 +
14741 + /* Bias and limit values for ->rcu_read_lock_nesting. */
14742 +@@ -493,7 +493,7 @@ rcu_preempt_deferred_qs_irqrestore(struct task_struct *t, unsigned long flags)
14743 + trace_rcu_unlock_preempted_task(TPS("rcu_preempt"),
14744 + rnp->gp_seq, t->pid);
14745 + if (&t->rcu_node_entry == rnp->gp_tasks)
14746 +- rnp->gp_tasks = np;
14747 ++ WRITE_ONCE(rnp->gp_tasks, np);
14748 + if (&t->rcu_node_entry == rnp->exp_tasks)
14749 + rnp->exp_tasks = np;
14750 + if (IS_ENABLED(CONFIG_RCU_BOOST)) {
14751 +@@ -612,7 +612,7 @@ static void rcu_read_unlock_special(struct task_struct *t)
14752 +
14753 + t->rcu_read_unlock_special.b.exp_hint = false;
14754 + exp = (t->rcu_blocked_node && t->rcu_blocked_node->exp_tasks) ||
14755 +- (rdp->grpmask & rnp->expmask) ||
14756 ++ (rdp->grpmask & READ_ONCE(rnp->expmask)) ||
14757 + tick_nohz_full_cpu(rdp->cpu);
14758 + // Need to defer quiescent state until everything is enabled.
14759 + if (irqs_were_disabled && use_softirq &&
14760 +@@ -663,7 +663,7 @@ static void rcu_preempt_check_blocked_tasks(struct rcu_node *rnp)
14761 + dump_blkd_tasks(rnp, 10);
14762 + if (rcu_preempt_has_tasks(rnp) &&
14763 + (rnp->qsmaskinit || rnp->wait_blkd_tasks)) {
14764 +- rnp->gp_tasks = rnp->blkd_tasks.next;
14765 ++ WRITE_ONCE(rnp->gp_tasks, rnp->blkd_tasks.next);
14766 + t = container_of(rnp->gp_tasks, struct task_struct,
14767 + rcu_node_entry);
14768 + trace_rcu_unlock_preempted_task(TPS("rcu_preempt-GPS"),
14769 +@@ -757,7 +757,8 @@ dump_blkd_tasks(struct rcu_node *rnp, int ncheck)
14770 + pr_info("%s: %d:%d ->qsmask %#lx ->qsmaskinit %#lx ->qsmaskinitnext %#lx\n",
14771 + __func__, rnp1->grplo, rnp1->grphi, rnp1->qsmask, rnp1->qsmaskinit, rnp1->qsmaskinitnext);
14772 + pr_info("%s: ->gp_tasks %p ->boost_tasks %p ->exp_tasks %p\n",
14773 +- __func__, rnp->gp_tasks, rnp->boost_tasks, rnp->exp_tasks);
14774 ++ __func__, READ_ONCE(rnp->gp_tasks), rnp->boost_tasks,
14775 ++ rnp->exp_tasks);
14776 + pr_info("%s: ->blkd_tasks", __func__);
14777 + i = 0;
14778 + list_for_each(lhp, &rnp->blkd_tasks) {
14779 +diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
14780 +index 451f9d05ccfe..4b11f0309eee 100644
14781 +--- a/kernel/time/alarmtimer.c
14782 ++++ b/kernel/time/alarmtimer.c
14783 +@@ -88,6 +88,7 @@ static int alarmtimer_rtc_add_device(struct device *dev,
14784 + unsigned long flags;
14785 + struct rtc_device *rtc = to_rtc_device(dev);
14786 + struct wakeup_source *__ws;
14787 ++ int ret = 0;
14788 +
14789 + if (rtcdev)
14790 + return -EBUSY;
14791 +@@ -102,8 +103,8 @@ static int alarmtimer_rtc_add_device(struct device *dev,
14792 + spin_lock_irqsave(&rtcdev_lock, flags);
14793 + if (!rtcdev) {
14794 + if (!try_module_get(rtc->owner)) {
14795 +- spin_unlock_irqrestore(&rtcdev_lock, flags);
14796 +- return -1;
14797 ++ ret = -1;
14798 ++ goto unlock;
14799 + }
14800 +
14801 + rtcdev = rtc;
14802 +@@ -112,11 +113,12 @@ static int alarmtimer_rtc_add_device(struct device *dev,
14803 + ws = __ws;
14804 + __ws = NULL;
14805 + }
14806 ++unlock:
14807 + spin_unlock_irqrestore(&rtcdev_lock, flags);
14808 +
14809 + wakeup_source_unregister(__ws);
14810 +
14811 +- return 0;
14812 ++ return ret;
14813 + }
14814 +
14815 + static inline void alarmtimer_rtc_timer_init(void)
14816 +diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
14817 +index fff5f64981c6..428beb69426a 100644
14818 +--- a/kernel/time/clocksource.c
14819 ++++ b/kernel/time/clocksource.c
14820 +@@ -293,8 +293,15 @@ static void clocksource_watchdog(struct timer_list *unused)
14821 + next_cpu = cpumask_next(raw_smp_processor_id(), cpu_online_mask);
14822 + if (next_cpu >= nr_cpu_ids)
14823 + next_cpu = cpumask_first(cpu_online_mask);
14824 +- watchdog_timer.expires += WATCHDOG_INTERVAL;
14825 +- add_timer_on(&watchdog_timer, next_cpu);
14826 ++
14827 ++ /*
14828 ++ * Arm timer if not already pending: could race with concurrent
14829 ++ * pair clocksource_stop_watchdog() clocksource_start_watchdog().
14830 ++ */
14831 ++ if (!timer_pending(&watchdog_timer)) {
14832 ++ watchdog_timer.expires += WATCHDOG_INTERVAL;
14833 ++ add_timer_on(&watchdog_timer, next_cpu);
14834 ++ }
14835 + out:
14836 + spin_unlock(&watchdog_lock);
14837 + }
14838 +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
14839 +index 9bf1f2cd515e..3581bd96d6eb 100644
14840 +--- a/kernel/trace/ftrace.c
14841 ++++ b/kernel/trace/ftrace.c
14842 +@@ -5596,8 +5596,8 @@ static const struct file_operations ftrace_notrace_fops = {
14843 +
14844 + static DEFINE_MUTEX(graph_lock);
14845 +
14846 +-struct ftrace_hash *ftrace_graph_hash = EMPTY_HASH;
14847 +-struct ftrace_hash *ftrace_graph_notrace_hash = EMPTY_HASH;
14848 ++struct ftrace_hash __rcu *ftrace_graph_hash = EMPTY_HASH;
14849 ++struct ftrace_hash __rcu *ftrace_graph_notrace_hash = EMPTY_HASH;
14850 +
14851 + enum graph_filter_type {
14852 + GRAPH_FILTER_NOTRACE = 0,
14853 +@@ -5872,8 +5872,15 @@ ftrace_graph_release(struct inode *inode, struct file *file)
14854 +
14855 + mutex_unlock(&graph_lock);
14856 +
14857 +- /* Wait till all users are no longer using the old hash */
14858 +- synchronize_rcu();
14859 ++ /*
14860 ++ * We need to do a hard force of sched synchronization.
14861 ++ * This is because we use preempt_disable() to do RCU, but
14862 ++ * the function tracers can be called where RCU is not watching
14863 ++ * (like before user_exit()). We can not rely on the RCU
14864 ++ * infrastructure to do the synchronization, thus we must do it
14865 ++ * ourselves.
14866 ++ */
14867 ++ schedule_on_each_cpu(ftrace_sync);
14868 +
14869 + free_ftrace_hash(old_hash);
14870 + }
14871 +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
14872 +index 63bf60f79398..85f475bb4823 100644
14873 +--- a/kernel/trace/trace.h
14874 ++++ b/kernel/trace/trace.h
14875 +@@ -950,22 +950,31 @@ extern void __trace_graph_return(struct trace_array *tr,
14876 + unsigned long flags, int pc);
14877 +
14878 + #ifdef CONFIG_DYNAMIC_FTRACE
14879 +-extern struct ftrace_hash *ftrace_graph_hash;
14880 +-extern struct ftrace_hash *ftrace_graph_notrace_hash;
14881 ++extern struct ftrace_hash __rcu *ftrace_graph_hash;
14882 ++extern struct ftrace_hash __rcu *ftrace_graph_notrace_hash;
14883 +
14884 + static inline int ftrace_graph_addr(struct ftrace_graph_ent *trace)
14885 + {
14886 + unsigned long addr = trace->func;
14887 + int ret = 0;
14888 ++ struct ftrace_hash *hash;
14889 +
14890 + preempt_disable_notrace();
14891 +
14892 +- if (ftrace_hash_empty(ftrace_graph_hash)) {
14893 ++ /*
14894 ++ * Have to open code "rcu_dereference_sched()" because the
14895 ++ * function graph tracer can be called when RCU is not
14896 ++ * "watching".
14897 ++ * Protected with schedule_on_each_cpu(ftrace_sync)
14898 ++ */
14899 ++ hash = rcu_dereference_protected(ftrace_graph_hash, !preemptible());
14900 ++
14901 ++ if (ftrace_hash_empty(hash)) {
14902 + ret = 1;
14903 + goto out;
14904 + }
14905 +
14906 +- if (ftrace_lookup_ip(ftrace_graph_hash, addr)) {
14907 ++ if (ftrace_lookup_ip(hash, addr)) {
14908 +
14909 + /*
14910 + * This needs to be cleared on the return functions
14911 +@@ -1001,10 +1010,20 @@ static inline void ftrace_graph_addr_finish(struct ftrace_graph_ret *trace)
14912 + static inline int ftrace_graph_notrace_addr(unsigned long addr)
14913 + {
14914 + int ret = 0;
14915 ++ struct ftrace_hash *notrace_hash;
14916 +
14917 + preempt_disable_notrace();
14918 +
14919 +- if (ftrace_lookup_ip(ftrace_graph_notrace_hash, addr))
14920 ++ /*
14921 ++ * Have to open code "rcu_dereference_sched()" because the
14922 ++ * function graph tracer can be called when RCU is not
14923 ++ * "watching".
14924 ++ * Protected with schedule_on_each_cpu(ftrace_sync)
14925 ++ */
14926 ++ notrace_hash = rcu_dereference_protected(ftrace_graph_notrace_hash,
14927 ++ !preemptible());
14928 ++
14929 ++ if (ftrace_lookup_ip(notrace_hash, addr))
14930 + ret = 1;
14931 +
14932 + preempt_enable_notrace();
14933 +diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
14934 +index 9ae87be422f2..ab8b6436d53f 100644
14935 +--- a/kernel/trace/trace_probe.c
14936 ++++ b/kernel/trace/trace_probe.c
14937 +@@ -876,7 +876,8 @@ static int __set_print_fmt(struct trace_probe *tp, char *buf, int len,
14938 + for (i = 0; i < tp->nr_args; i++) {
14939 + parg = tp->args + i;
14940 + if (parg->count) {
14941 +- if (strcmp(parg->type->name, "string") == 0)
14942 ++ if ((strcmp(parg->type->name, "string") == 0) ||
14943 ++ (strcmp(parg->type->name, "ustring") == 0))
14944 + fmt = ", __get_str(%s[%d])";
14945 + else
14946 + fmt = ", REC->%s[%d]";
14947 +@@ -884,7 +885,8 @@ static int __set_print_fmt(struct trace_probe *tp, char *buf, int len,
14948 + pos += snprintf(buf + pos, LEN_OR_ZERO,
14949 + fmt, parg->name, j);
14950 + } else {
14951 +- if (strcmp(parg->type->name, "string") == 0)
14952 ++ if ((strcmp(parg->type->name, "string") == 0) ||
14953 ++ (strcmp(parg->type->name, "ustring") == 0))
14954 + fmt = ", __get_str(%s)";
14955 + else
14956 + fmt = ", REC->%s";
14957 +diff --git a/kernel/trace/trace_sched_switch.c b/kernel/trace/trace_sched_switch.c
14958 +index e288168661e1..e304196d7c28 100644
14959 +--- a/kernel/trace/trace_sched_switch.c
14960 ++++ b/kernel/trace/trace_sched_switch.c
14961 +@@ -89,8 +89,10 @@ static void tracing_sched_unregister(void)
14962 +
14963 + static void tracing_start_sched_switch(int ops)
14964 + {
14965 +- bool sched_register = (!sched_cmdline_ref && !sched_tgid_ref);
14966 ++ bool sched_register;
14967 ++
14968 + mutex_lock(&sched_register_mutex);
14969 ++ sched_register = (!sched_cmdline_ref && !sched_tgid_ref);
14970 +
14971 + switch (ops) {
14972 + case RECORD_CMDLINE:
14973 +diff --git a/lib/test_kasan.c b/lib/test_kasan.c
14974 +index 328d33beae36..3872d250ed2c 100644
14975 +--- a/lib/test_kasan.c
14976 ++++ b/lib/test_kasan.c
14977 +@@ -158,6 +158,7 @@ static noinline void __init kmalloc_oob_krealloc_more(void)
14978 + if (!ptr1 || !ptr2) {
14979 + pr_err("Allocation failed\n");
14980 + kfree(ptr1);
14981 ++ kfree(ptr2);
14982 + return;
14983 + }
14984 +
14985 +diff --git a/mm/backing-dev.c b/mm/backing-dev.c
14986 +index c360f6a6c844..62f05f605fb5 100644
14987 +--- a/mm/backing-dev.c
14988 ++++ b/mm/backing-dev.c
14989 +@@ -21,6 +21,7 @@ struct backing_dev_info noop_backing_dev_info = {
14990 + EXPORT_SYMBOL_GPL(noop_backing_dev_info);
14991 +
14992 + static struct class *bdi_class;
14993 ++const char *bdi_unknown_name = "(unknown)";
14994 +
14995 + /*
14996 + * bdi_lock protects bdi_tree and updates to bdi_list. bdi_list has RCU
14997 +diff --git a/mm/memcontrol.c b/mm/memcontrol.c
14998 +index 6c83cf4ed970..27c231bf4565 100644
14999 +--- a/mm/memcontrol.c
15000 ++++ b/mm/memcontrol.c
15001 +@@ -5340,14 +5340,6 @@ static int mem_cgroup_move_account(struct page *page,
15002 + __mod_lruvec_state(to_vec, NR_WRITEBACK, nr_pages);
15003 + }
15004 +
15005 +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
15006 +- if (compound && !list_empty(page_deferred_list(page))) {
15007 +- spin_lock(&from->deferred_split_queue.split_queue_lock);
15008 +- list_del_init(page_deferred_list(page));
15009 +- from->deferred_split_queue.split_queue_len--;
15010 +- spin_unlock(&from->deferred_split_queue.split_queue_lock);
15011 +- }
15012 +-#endif
15013 + /*
15014 + * It is safe to change page->mem_cgroup here because the page
15015 + * is referenced, charged, and isolated - we can't race with
15016 +@@ -5357,16 +5349,6 @@ static int mem_cgroup_move_account(struct page *page,
15017 + /* caller should have done css_get */
15018 + page->mem_cgroup = to;
15019 +
15020 +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
15021 +- if (compound && list_empty(page_deferred_list(page))) {
15022 +- spin_lock(&to->deferred_split_queue.split_queue_lock);
15023 +- list_add_tail(page_deferred_list(page),
15024 +- &to->deferred_split_queue.split_queue);
15025 +- to->deferred_split_queue.split_queue_len++;
15026 +- spin_unlock(&to->deferred_split_queue.split_queue_lock);
15027 +- }
15028 +-#endif
15029 +-
15030 + spin_unlock_irqrestore(&from->move_lock, flags);
15031 +
15032 + ret = 0;
15033 +diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
15034 +index a91a072f2b2c..0ddff29079c3 100644
15035 +--- a/mm/memory_hotplug.c
15036 ++++ b/mm/memory_hotplug.c
15037 +@@ -1764,8 +1764,6 @@ static int __ref try_remove_memory(int nid, u64 start, u64 size)
15038 +
15039 + BUG_ON(check_hotplug_memory_range(start, size));
15040 +
15041 +- mem_hotplug_begin();
15042 +-
15043 + /*
15044 + * All memory blocks must be offlined before removing memory. Check
15045 + * whether all memory blocks in question are offline and return error
15046 +@@ -1778,9 +1776,14 @@ static int __ref try_remove_memory(int nid, u64 start, u64 size)
15047 + /* remove memmap entry */
15048 + firmware_map_remove(start, start + size, "System RAM");
15049 +
15050 +- /* remove memory block devices before removing memory */
15051 ++ /*
15052 ++ * Memory block device removal under the device_hotplug_lock is
15053 ++ * a barrier against racing online attempts.
15054 ++ */
15055 + remove_memory_block_devices(start, size);
15056 +
15057 ++ mem_hotplug_begin();
15058 ++
15059 + arch_remove_memory(nid, start, size, NULL);
15060 + memblock_free(start, size);
15061 + memblock_remove(start, size);
15062 +diff --git a/mm/migrate.c b/mm/migrate.c
15063 +index 86873b6f38a7..b3b5d3bf0aab 100644
15064 +--- a/mm/migrate.c
15065 ++++ b/mm/migrate.c
15066 +@@ -1627,8 +1627,19 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes,
15067 + start = i;
15068 + } else if (node != current_node) {
15069 + err = do_move_pages_to_node(mm, &pagelist, current_node);
15070 +- if (err)
15071 ++ if (err) {
15072 ++ /*
15073 ++ * Positive err means the number of failed
15074 ++ * pages to migrate. Since we are going to
15075 ++ * abort and return the number of non-migrated
15076 ++ * pages, so need to incude the rest of the
15077 ++ * nr_pages that have not been attempted as
15078 ++ * well.
15079 ++ */
15080 ++ if (err > 0)
15081 ++ err += nr_pages - i - 1;
15082 + goto out;
15083 ++ }
15084 + err = store_status(status, start, current_node, i - start);
15085 + if (err)
15086 + goto out;
15087 +@@ -1659,8 +1670,11 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes,
15088 + goto out_flush;
15089 +
15090 + err = do_move_pages_to_node(mm, &pagelist, current_node);
15091 +- if (err)
15092 ++ if (err) {
15093 ++ if (err > 0)
15094 ++ err += nr_pages - i - 1;
15095 + goto out;
15096 ++ }
15097 + if (i > start) {
15098 + err = store_status(status, start, current_node, i - start);
15099 + if (err)
15100 +@@ -1674,9 +1688,16 @@ out_flush:
15101 +
15102 + /* Make sure we do not overwrite the existing error */
15103 + err1 = do_move_pages_to_node(mm, &pagelist, current_node);
15104 ++ /*
15105 ++ * Don't have to report non-attempted pages here since:
15106 ++ * - If the above loop is done gracefully all pages have been
15107 ++ * attempted.
15108 ++ * - If the above loop is aborted it means a fatal error
15109 ++ * happened, should return ret.
15110 ++ */
15111 + if (!err1)
15112 + err1 = store_status(status, start, current_node, i - start);
15113 +- if (!err)
15114 ++ if (err >= 0)
15115 + err = err1;
15116 + out:
15117 + return err;
15118 +diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c
15119 +index 7d70e5c78f97..7c1b8f67af7b 100644
15120 +--- a/mm/mmu_gather.c
15121 ++++ b/mm/mmu_gather.c
15122 +@@ -102,14 +102,14 @@ bool __tlb_remove_page_size(struct mmu_gather *tlb, struct page *page, int page_
15123 + */
15124 + static inline void tlb_table_invalidate(struct mmu_gather *tlb)
15125 + {
15126 +-#ifndef CONFIG_HAVE_RCU_TABLE_NO_INVALIDATE
15127 +- /*
15128 +- * Invalidate page-table caches used by hardware walkers. Then we still
15129 +- * need to RCU-sched wait while freeing the pages because software
15130 +- * walkers can still be in-flight.
15131 +- */
15132 +- tlb_flush_mmu_tlbonly(tlb);
15133 +-#endif
15134 ++ if (tlb_needs_table_invalidate()) {
15135 ++ /*
15136 ++ * Invalidate page-table caches used by hardware walkers. Then
15137 ++ * we still need to RCU-sched wait while freeing the pages
15138 ++ * because software walkers can still be in-flight.
15139 ++ */
15140 ++ tlb_flush_mmu_tlbonly(tlb);
15141 ++ }
15142 + }
15143 +
15144 + static void tlb_remove_table_smp_sync(void *arg)
15145 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c
15146 +index d047bf7d8fd4..627f1eba6df7 100644
15147 +--- a/mm/page_alloc.c
15148 ++++ b/mm/page_alloc.c
15149 +@@ -6921,7 +6921,8 @@ static u64 zero_pfn_range(unsigned long spfn, unsigned long epfn)
15150 + * This function also addresses a similar issue where struct pages are left
15151 + * uninitialized because the physical address range is not covered by
15152 + * memblock.memory or memblock.reserved. That could happen when memblock
15153 +- * layout is manually configured via memmap=.
15154 ++ * layout is manually configured via memmap=, or when the highest physical
15155 ++ * address (max_pfn) does not end on a section boundary.
15156 + */
15157 + void __init zero_resv_unavail(void)
15158 + {
15159 +@@ -6939,7 +6940,16 @@ void __init zero_resv_unavail(void)
15160 + pgcnt += zero_pfn_range(PFN_DOWN(next), PFN_UP(start));
15161 + next = end;
15162 + }
15163 +- pgcnt += zero_pfn_range(PFN_DOWN(next), max_pfn);
15164 ++
15165 ++ /*
15166 ++ * Early sections always have a fully populated memmap for the whole
15167 ++ * section - see pfn_valid(). If the last section has holes at the
15168 ++ * end and that section is marked "online", the memmap will be
15169 ++ * considered initialized. Make sure that memmap has a well defined
15170 ++ * state.
15171 ++ */
15172 ++ pgcnt += zero_pfn_range(PFN_DOWN(next),
15173 ++ round_up(max_pfn, PAGES_PER_SECTION));
15174 +
15175 + /*
15176 + * Struct pages that do not have backing memory. This could be because
15177 +diff --git a/mm/sparse.c b/mm/sparse.c
15178 +index 3822ecbd8a1f..3918fc3eaef1 100644
15179 +--- a/mm/sparse.c
15180 ++++ b/mm/sparse.c
15181 +@@ -789,7 +789,7 @@ static void section_deactivate(unsigned long pfn, unsigned long nr_pages,
15182 + ms->usage = NULL;
15183 + }
15184 + memmap = sparse_decode_mem_map(ms->section_mem_map, section_nr);
15185 +- ms->section_mem_map = sparse_encode_mem_map(NULL, section_nr);
15186 ++ ms->section_mem_map = (unsigned long)NULL;
15187 + }
15188 +
15189 + if (section_is_early && memmap)
15190 +diff --git a/net/core/devlink.c b/net/core/devlink.c
15191 +index f76219bf0c21..42370702d0e0 100644
15192 +--- a/net/core/devlink.c
15193 ++++ b/net/core/devlink.c
15194 +@@ -3986,6 +3986,12 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb,
15195 + goto out_unlock;
15196 + }
15197 +
15198 ++ /* return 0 if there is no further data to read */
15199 ++ if (start_offset >= region->size) {
15200 ++ err = 0;
15201 ++ goto out_unlock;
15202 ++ }
15203 ++
15204 + hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
15205 + &devlink_nl_family, NLM_F_ACK | NLM_F_MULTI,
15206 + DEVLINK_CMD_REGION_READ);
15207 +diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
15208 +index 536e032d95c8..246a258b1fac 100644
15209 +--- a/net/core/drop_monitor.c
15210 ++++ b/net/core/drop_monitor.c
15211 +@@ -1004,8 +1004,10 @@ static void net_dm_hw_monitor_stop(struct netlink_ext_ack *extack)
15212 + {
15213 + int cpu;
15214 +
15215 +- if (!monitor_hw)
15216 ++ if (!monitor_hw) {
15217 + NL_SET_ERR_MSG_MOD(extack, "Hardware monitoring already disabled");
15218 ++ return;
15219 ++ }
15220 +
15221 + monitor_hw = false;
15222 +
15223 +diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
15224 +index 2dbbb030fbed..cc32d1dd78c3 100644
15225 +--- a/net/core/flow_dissector.c
15226 ++++ b/net/core/flow_dissector.c
15227 +@@ -834,10 +834,10 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys,
15228 + struct flow_dissector *flow_dissector,
15229 + void *target_container)
15230 + {
15231 ++ struct flow_dissector_key_ports *key_ports = NULL;
15232 + struct flow_dissector_key_control *key_control;
15233 + struct flow_dissector_key_basic *key_basic;
15234 + struct flow_dissector_key_addrs *key_addrs;
15235 +- struct flow_dissector_key_ports *key_ports;
15236 + struct flow_dissector_key_tags *key_tags;
15237 +
15238 + key_control = skb_flow_dissector_target(flow_dissector,
15239 +@@ -876,10 +876,17 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys,
15240 + key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
15241 + }
15242 +
15243 +- if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) {
15244 ++ if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS))
15245 + key_ports = skb_flow_dissector_target(flow_dissector,
15246 + FLOW_DISSECTOR_KEY_PORTS,
15247 + target_container);
15248 ++ else if (dissector_uses_key(flow_dissector,
15249 ++ FLOW_DISSECTOR_KEY_PORTS_RANGE))
15250 ++ key_ports = skb_flow_dissector_target(flow_dissector,
15251 ++ FLOW_DISSECTOR_KEY_PORTS_RANGE,
15252 ++ target_container);
15253 ++
15254 ++ if (key_ports) {
15255 + key_ports->src = flow_keys->sport;
15256 + key_ports->dst = flow_keys->dport;
15257 + }
15258 +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
15259 +index d9001b5c48eb..f02705ff0e5e 100644
15260 +--- a/net/core/rtnetlink.c
15261 ++++ b/net/core/rtnetlink.c
15262 +@@ -1241,6 +1241,8 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
15263 + return 0;
15264 +
15265 + memset(&vf_vlan_info, 0, sizeof(vf_vlan_info));
15266 ++ memset(&node_guid, 0, sizeof(node_guid));
15267 ++ memset(&port_guid, 0, sizeof(port_guid));
15268 +
15269 + vf_mac.vf =
15270 + vf_vlan.vf =
15271 +@@ -1289,8 +1291,6 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
15272 + sizeof(vf_trust), &vf_trust))
15273 + goto nla_put_vf_failure;
15274 +
15275 +- memset(&node_guid, 0, sizeof(node_guid));
15276 +- memset(&port_guid, 0, sizeof(port_guid));
15277 + if (dev->netdev_ops->ndo_get_vf_guid &&
15278 + !dev->netdev_ops->ndo_get_vf_guid(dev, vfs_num, &node_guid,
15279 + &port_guid)) {
15280 +diff --git a/net/hsr/hsr_slave.c b/net/hsr/hsr_slave.c
15281 +index ee561297d8a7..fbfd0db182b7 100644
15282 +--- a/net/hsr/hsr_slave.c
15283 ++++ b/net/hsr/hsr_slave.c
15284 +@@ -27,6 +27,8 @@ static rx_handler_result_t hsr_handle_frame(struct sk_buff **pskb)
15285 +
15286 + rcu_read_lock(); /* hsr->node_db, hsr->ports */
15287 + port = hsr_port_get_rcu(skb->dev);
15288 ++ if (!port)
15289 ++ goto finish_pass;
15290 +
15291 + if (hsr_addr_is_self(port->hsr, eth_hdr(skb)->h_source)) {
15292 + /* Directly kill frames sent by ourselves */
15293 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
15294 +index a7d766e6390e..94e137f7aa9f 100644
15295 +--- a/net/ipv4/tcp.c
15296 ++++ b/net/ipv4/tcp.c
15297 +@@ -2621,10 +2621,12 @@ int tcp_disconnect(struct sock *sk, int flags)
15298 + tp->snd_cwnd = TCP_INIT_CWND;
15299 + tp->snd_cwnd_cnt = 0;
15300 + tp->window_clamp = 0;
15301 ++ tp->delivered = 0;
15302 + tp->delivered_ce = 0;
15303 + tcp_set_ca_state(sk, TCP_CA_Open);
15304 + tp->is_sack_reneg = 0;
15305 + tcp_clear_retrans(tp);
15306 ++ tp->total_retrans = 0;
15307 + inet_csk_delack_init(sk);
15308 + /* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0
15309 + * issue in __tcp_select_window()
15310 +@@ -2636,10 +2638,14 @@ int tcp_disconnect(struct sock *sk, int flags)
15311 + sk->sk_rx_dst = NULL;
15312 + tcp_saved_syn_free(tp);
15313 + tp->compressed_ack = 0;
15314 ++ tp->segs_in = 0;
15315 ++ tp->segs_out = 0;
15316 + tp->bytes_sent = 0;
15317 + tp->bytes_acked = 0;
15318 + tp->bytes_received = 0;
15319 + tp->bytes_retrans = 0;
15320 ++ tp->data_segs_in = 0;
15321 ++ tp->data_segs_out = 0;
15322 + tp->duplicate_sack[0].start_seq = 0;
15323 + tp->duplicate_sack[0].end_seq = 0;
15324 + tp->dsack_dups = 0;
15325 +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
15326 +index 39d861d00377..cb493e15959c 100644
15327 +--- a/net/ipv6/addrconf.c
15328 ++++ b/net/ipv6/addrconf.c
15329 +@@ -5718,6 +5718,9 @@ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
15330 + struct nlattr *tb[IFLA_INET6_MAX + 1];
15331 + int err;
15332 +
15333 ++ if (!idev)
15334 ++ return -EAFNOSUPPORT;
15335 ++
15336 + if (nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0)
15337 + BUG();
15338 +
15339 +diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
15340 +index f82ea12bac37..425b95eb7e87 100644
15341 +--- a/net/l2tp/l2tp_core.c
15342 ++++ b/net/l2tp/l2tp_core.c
15343 +@@ -322,8 +322,13 @@ int l2tp_session_register(struct l2tp_session *session,
15344 +
15345 + spin_lock_bh(&pn->l2tp_session_hlist_lock);
15346 +
15347 ++ /* IP encap expects session IDs to be globally unique, while
15348 ++ * UDP encap doesn't.
15349 ++ */
15350 + hlist_for_each_entry(session_walk, g_head, global_hlist)
15351 +- if (session_walk->session_id == session->session_id) {
15352 ++ if (session_walk->session_id == session->session_id &&
15353 ++ (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP ||
15354 ++ tunnel->encap == L2TP_ENCAPTYPE_IP)) {
15355 + err = -EEXIST;
15356 + goto err_tlock_pnlock;
15357 + }
15358 +diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
15359 +index cf895bc80871..69c107f9ba8d 100644
15360 +--- a/net/netfilter/ipset/ip_set_core.c
15361 ++++ b/net/netfilter/ipset/ip_set_core.c
15362 +@@ -1483,31 +1483,34 @@ ip_set_dump_policy[IPSET_ATTR_CMD_MAX + 1] = {
15363 + };
15364 +
15365 + static int
15366 +-dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
15367 ++ip_set_dump_start(struct netlink_callback *cb)
15368 + {
15369 + struct nlmsghdr *nlh = nlmsg_hdr(cb->skb);
15370 + int min_len = nlmsg_total_size(sizeof(struct nfgenmsg));
15371 + struct nlattr *cda[IPSET_ATTR_CMD_MAX + 1];
15372 + struct nlattr *attr = (void *)nlh + min_len;
15373 ++ struct sk_buff *skb = cb->skb;
15374 ++ struct ip_set_net *inst = ip_set_pernet(sock_net(skb->sk));
15375 + u32 dump_type;
15376 +- ip_set_id_t index;
15377 + int ret;
15378 +
15379 + ret = nla_parse(cda, IPSET_ATTR_CMD_MAX, attr,
15380 + nlh->nlmsg_len - min_len,
15381 + ip_set_dump_policy, NULL);
15382 + if (ret)
15383 +- return ret;
15384 ++ goto error;
15385 +
15386 + cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);
15387 + if (cda[IPSET_ATTR_SETNAME]) {
15388 ++ ip_set_id_t index;
15389 + struct ip_set *set;
15390 +
15391 + set = find_set_and_id(inst, nla_data(cda[IPSET_ATTR_SETNAME]),
15392 + &index);
15393 +- if (!set)
15394 +- return -ENOENT;
15395 +-
15396 ++ if (!set) {
15397 ++ ret = -ENOENT;
15398 ++ goto error;
15399 ++ }
15400 + dump_type = DUMP_ONE;
15401 + cb->args[IPSET_CB_INDEX] = index;
15402 + } else {
15403 +@@ -1523,10 +1526,17 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
15404 + cb->args[IPSET_CB_DUMP] = dump_type;
15405 +
15406 + return 0;
15407 ++
15408 ++error:
15409 ++ /* We have to create and send the error message manually :-( */
15410 ++ if (nlh->nlmsg_flags & NLM_F_ACK) {
15411 ++ netlink_ack(cb->skb, nlh, ret, NULL);
15412 ++ }
15413 ++ return ret;
15414 + }
15415 +
15416 + static int
15417 +-ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
15418 ++ip_set_dump_do(struct sk_buff *skb, struct netlink_callback *cb)
15419 + {
15420 + ip_set_id_t index = IPSET_INVALID_ID, max;
15421 + struct ip_set *set = NULL;
15422 +@@ -1537,18 +1547,8 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
15423 + bool is_destroyed;
15424 + int ret = 0;
15425 +
15426 +- if (!cb->args[IPSET_CB_DUMP]) {
15427 +- ret = dump_init(cb, inst);
15428 +- if (ret < 0) {
15429 +- nlh = nlmsg_hdr(cb->skb);
15430 +- /* We have to create and send the error message
15431 +- * manually :-(
15432 +- */
15433 +- if (nlh->nlmsg_flags & NLM_F_ACK)
15434 +- netlink_ack(cb->skb, nlh, ret, NULL);
15435 +- return ret;
15436 +- }
15437 +- }
15438 ++ if (!cb->args[IPSET_CB_DUMP])
15439 ++ return -EINVAL;
15440 +
15441 + if (cb->args[IPSET_CB_INDEX] >= inst->ip_set_max)
15442 + goto out;
15443 +@@ -1684,7 +1684,8 @@ static int ip_set_dump(struct net *net, struct sock *ctnl, struct sk_buff *skb,
15444 +
15445 + {
15446 + struct netlink_dump_control c = {
15447 +- .dump = ip_set_dump_start,
15448 ++ .start = ip_set_dump_start,
15449 ++ .dump = ip_set_dump_do,
15450 + .done = ip_set_dump_done,
15451 + };
15452 + return netlink_dump_start(ctnl, skb, nlh, &c);
15453 +diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
15454 +index 9d3c4d2d893a..fe42f986cd94 100644
15455 +--- a/net/rxrpc/af_rxrpc.c
15456 ++++ b/net/rxrpc/af_rxrpc.c
15457 +@@ -194,6 +194,7 @@ static int rxrpc_bind(struct socket *sock, struct sockaddr *saddr, int len)
15458 + service_in_use:
15459 + write_unlock(&local->services_lock);
15460 + rxrpc_unuse_local(local);
15461 ++ rxrpc_put_local(local);
15462 + ret = -EADDRINUSE;
15463 + error_unlock:
15464 + release_sock(&rx->sk);
15465 +@@ -899,6 +900,7 @@ static int rxrpc_release_sock(struct sock *sk)
15466 + rxrpc_purge_queue(&sk->sk_receive_queue);
15467 +
15468 + rxrpc_unuse_local(rx->local);
15469 ++ rxrpc_put_local(rx->local);
15470 + rx->local = NULL;
15471 + key_put(rx->key);
15472 + rx->key = NULL;
15473 +diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
15474 +index 5e99df80e80a..7d730c438404 100644
15475 +--- a/net/rxrpc/ar-internal.h
15476 ++++ b/net/rxrpc/ar-internal.h
15477 +@@ -490,6 +490,7 @@ enum rxrpc_call_flag {
15478 + RXRPC_CALL_RX_HEARD, /* The peer responded at least once to this call */
15479 + RXRPC_CALL_RX_UNDERRUN, /* Got data underrun */
15480 + RXRPC_CALL_IS_INTR, /* The call is interruptible */
15481 ++ RXRPC_CALL_DISCONNECTED, /* The call has been disconnected */
15482 + };
15483 +
15484 + /*
15485 +@@ -1021,6 +1022,16 @@ void rxrpc_unuse_local(struct rxrpc_local *);
15486 + void rxrpc_queue_local(struct rxrpc_local *);
15487 + void rxrpc_destroy_all_locals(struct rxrpc_net *);
15488 +
15489 ++static inline bool __rxrpc_unuse_local(struct rxrpc_local *local)
15490 ++{
15491 ++ return atomic_dec_return(&local->active_users) == 0;
15492 ++}
15493 ++
15494 ++static inline bool __rxrpc_use_local(struct rxrpc_local *local)
15495 ++{
15496 ++ return atomic_fetch_add_unless(&local->active_users, 1, 0) != 0;
15497 ++}
15498 ++
15499 + /*
15500 + * misc.c
15501 + */
15502 +diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
15503 +index a31c18c09894..dbdbc4f18b5e 100644
15504 +--- a/net/rxrpc/call_object.c
15505 ++++ b/net/rxrpc/call_object.c
15506 +@@ -493,7 +493,7 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call)
15507 +
15508 + _debug("RELEASE CALL %p (%d CONN %p)", call, call->debug_id, conn);
15509 +
15510 +- if (conn)
15511 ++ if (conn && !test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
15512 + rxrpc_disconnect_call(call);
15513 + if (call->security)
15514 + call->security->free_call_crypto(call);
15515 +@@ -569,6 +569,7 @@ static void rxrpc_rcu_destroy_call(struct rcu_head *rcu)
15516 + struct rxrpc_call *call = container_of(rcu, struct rxrpc_call, rcu);
15517 + struct rxrpc_net *rxnet = call->rxnet;
15518 +
15519 ++ rxrpc_put_connection(call->conn);
15520 + rxrpc_put_peer(call->peer);
15521 + kfree(call->rxtx_buffer);
15522 + kfree(call->rxtx_annotations);
15523 +@@ -590,7 +591,6 @@ void rxrpc_cleanup_call(struct rxrpc_call *call)
15524 +
15525 + ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE);
15526 + ASSERT(test_bit(RXRPC_CALL_RELEASED, &call->flags));
15527 +- ASSERTCMP(call->conn, ==, NULL);
15528 +
15529 + rxrpc_cleanup_ring(call);
15530 + rxrpc_free_skb(call->tx_pending, rxrpc_skb_cleaned);
15531 +diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
15532 +index 376370cd9285..ea7d4c21f889 100644
15533 +--- a/net/rxrpc/conn_client.c
15534 ++++ b/net/rxrpc/conn_client.c
15535 +@@ -785,6 +785,7 @@ void rxrpc_disconnect_client_call(struct rxrpc_call *call)
15536 + u32 cid;
15537 +
15538 + spin_lock(&conn->channel_lock);
15539 ++ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
15540 +
15541 + cid = call->cid;
15542 + if (cid) {
15543 +@@ -792,7 +793,6 @@ void rxrpc_disconnect_client_call(struct rxrpc_call *call)
15544 + chan = &conn->channels[channel];
15545 + }
15546 + trace_rxrpc_client(conn, channel, rxrpc_client_chan_disconnect);
15547 +- call->conn = NULL;
15548 +
15549 + /* Calls that have never actually been assigned a channel can simply be
15550 + * discarded. If the conn didn't get used either, it will follow
15551 +@@ -908,7 +908,6 @@ out:
15552 + spin_unlock(&rxnet->client_conn_cache_lock);
15553 + out_2:
15554 + spin_unlock(&conn->channel_lock);
15555 +- rxrpc_put_connection(conn);
15556 + _leave("");
15557 + return;
15558 +
15559 +diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c
15560 +index 808a4723f868..06fcff2ebbba 100644
15561 +--- a/net/rxrpc/conn_event.c
15562 ++++ b/net/rxrpc/conn_event.c
15563 +@@ -438,16 +438,12 @@ again:
15564 + /*
15565 + * connection-level event processor
15566 + */
15567 +-void rxrpc_process_connection(struct work_struct *work)
15568 ++static void rxrpc_do_process_connection(struct rxrpc_connection *conn)
15569 + {
15570 +- struct rxrpc_connection *conn =
15571 +- container_of(work, struct rxrpc_connection, processor);
15572 + struct sk_buff *skb;
15573 + u32 abort_code = RX_PROTOCOL_ERROR;
15574 + int ret;
15575 +
15576 +- rxrpc_see_connection(conn);
15577 +-
15578 + if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
15579 + rxrpc_secure_connection(conn);
15580 +
15581 +@@ -475,18 +471,32 @@ void rxrpc_process_connection(struct work_struct *work)
15582 + }
15583 + }
15584 +
15585 +-out:
15586 +- rxrpc_put_connection(conn);
15587 +- _leave("");
15588 + return;
15589 +
15590 + requeue_and_leave:
15591 + skb_queue_head(&conn->rx_queue, skb);
15592 +- goto out;
15593 ++ return;
15594 +
15595 + protocol_error:
15596 + if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
15597 + goto requeue_and_leave;
15598 + rxrpc_free_skb(skb, rxrpc_skb_freed);
15599 +- goto out;
15600 ++ return;
15601 ++}
15602 ++
15603 ++void rxrpc_process_connection(struct work_struct *work)
15604 ++{
15605 ++ struct rxrpc_connection *conn =
15606 ++ container_of(work, struct rxrpc_connection, processor);
15607 ++
15608 ++ rxrpc_see_connection(conn);
15609 ++
15610 ++ if (__rxrpc_use_local(conn->params.local)) {
15611 ++ rxrpc_do_process_connection(conn);
15612 ++ rxrpc_unuse_local(conn->params.local);
15613 ++ }
15614 ++
15615 ++ rxrpc_put_connection(conn);
15616 ++ _leave("");
15617 ++ return;
15618 + }
15619 +diff --git a/net/rxrpc/conn_object.c b/net/rxrpc/conn_object.c
15620 +index 38d718e90dc6..19e141eeed17 100644
15621 +--- a/net/rxrpc/conn_object.c
15622 ++++ b/net/rxrpc/conn_object.c
15623 +@@ -223,9 +223,8 @@ void rxrpc_disconnect_call(struct rxrpc_call *call)
15624 + __rxrpc_disconnect_call(conn, call);
15625 + spin_unlock(&conn->channel_lock);
15626 +
15627 +- call->conn = NULL;
15628 ++ set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
15629 + conn->idle_timestamp = jiffies;
15630 +- rxrpc_put_connection(conn);
15631 + }
15632 +
15633 + /*
15634 +diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
15635 +index 96d54e5bf7bc..ef10fbf71b15 100644
15636 +--- a/net/rxrpc/input.c
15637 ++++ b/net/rxrpc/input.c
15638 +@@ -599,10 +599,8 @@ ack:
15639 + false, true,
15640 + rxrpc_propose_ack_input_data);
15641 +
15642 +- if (seq0 == READ_ONCE(call->rx_hard_ack) + 1) {
15643 +- trace_rxrpc_notify_socket(call->debug_id, serial);
15644 +- rxrpc_notify_socket(call);
15645 +- }
15646 ++ trace_rxrpc_notify_socket(call->debug_id, serial);
15647 ++ rxrpc_notify_socket(call);
15648 +
15649 + unlock:
15650 + spin_unlock(&call->input_lock);
15651 +diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c
15652 +index 36587260cabd..a6c1349e965d 100644
15653 +--- a/net/rxrpc/local_object.c
15654 ++++ b/net/rxrpc/local_object.c
15655 +@@ -364,11 +364,14 @@ void rxrpc_queue_local(struct rxrpc_local *local)
15656 + void rxrpc_put_local(struct rxrpc_local *local)
15657 + {
15658 + const void *here = __builtin_return_address(0);
15659 ++ unsigned int debug_id;
15660 + int n;
15661 +
15662 + if (local) {
15663 ++ debug_id = local->debug_id;
15664 ++
15665 + n = atomic_dec_return(&local->usage);
15666 +- trace_rxrpc_local(local->debug_id, rxrpc_local_put, n, here);
15667 ++ trace_rxrpc_local(debug_id, rxrpc_local_put, n, here);
15668 +
15669 + if (n == 0)
15670 + call_rcu(&local->rcu, rxrpc_local_rcu);
15671 +@@ -380,14 +383,11 @@ void rxrpc_put_local(struct rxrpc_local *local)
15672 + */
15673 + struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local)
15674 + {
15675 +- unsigned int au;
15676 +-
15677 + local = rxrpc_get_local_maybe(local);
15678 + if (!local)
15679 + return NULL;
15680 +
15681 +- au = atomic_fetch_add_unless(&local->active_users, 1, 0);
15682 +- if (au == 0) {
15683 ++ if (!__rxrpc_use_local(local)) {
15684 + rxrpc_put_local(local);
15685 + return NULL;
15686 + }
15687 +@@ -401,14 +401,11 @@ struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local)
15688 + */
15689 + void rxrpc_unuse_local(struct rxrpc_local *local)
15690 + {
15691 +- unsigned int au;
15692 +-
15693 + if (local) {
15694 +- au = atomic_dec_return(&local->active_users);
15695 +- if (au == 0)
15696 ++ if (__rxrpc_unuse_local(local)) {
15697 ++ rxrpc_get_local(local);
15698 + rxrpc_queue_local(local);
15699 +- else
15700 +- rxrpc_put_local(local);
15701 ++ }
15702 + }
15703 + }
15704 +
15705 +@@ -465,7 +462,7 @@ static void rxrpc_local_processor(struct work_struct *work)
15706 +
15707 + do {
15708 + again = false;
15709 +- if (atomic_read(&local->active_users) == 0) {
15710 ++ if (!__rxrpc_use_local(local)) {
15711 + rxrpc_local_destroyer(local);
15712 + break;
15713 + }
15714 +@@ -479,6 +476,8 @@ static void rxrpc_local_processor(struct work_struct *work)
15715 + rxrpc_process_local_events(local);
15716 + again = true;
15717 + }
15718 ++
15719 ++ __rxrpc_unuse_local(local);
15720 + } while (again);
15721 +
15722 + rxrpc_put_local(local);
15723 +diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
15724 +index 935bb60fff56..bad3d2420344 100644
15725 +--- a/net/rxrpc/output.c
15726 ++++ b/net/rxrpc/output.c
15727 +@@ -129,7 +129,7 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_connection *conn,
15728 + int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
15729 + rxrpc_serial_t *_serial)
15730 + {
15731 +- struct rxrpc_connection *conn = NULL;
15732 ++ struct rxrpc_connection *conn;
15733 + struct rxrpc_ack_buffer *pkt;
15734 + struct msghdr msg;
15735 + struct kvec iov[2];
15736 +@@ -139,18 +139,14 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
15737 + int ret;
15738 + u8 reason;
15739 +
15740 +- spin_lock_bh(&call->lock);
15741 +- if (call->conn)
15742 +- conn = rxrpc_get_connection_maybe(call->conn);
15743 +- spin_unlock_bh(&call->lock);
15744 +- if (!conn)
15745 ++ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
15746 + return -ECONNRESET;
15747 +
15748 + pkt = kzalloc(sizeof(*pkt), GFP_KERNEL);
15749 +- if (!pkt) {
15750 +- rxrpc_put_connection(conn);
15751 ++ if (!pkt)
15752 + return -ENOMEM;
15753 +- }
15754 ++
15755 ++ conn = call->conn;
15756 +
15757 + msg.msg_name = &call->peer->srx.transport;
15758 + msg.msg_namelen = call->peer->srx.transport_len;
15759 +@@ -244,7 +240,6 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
15760 + }
15761 +
15762 + out:
15763 +- rxrpc_put_connection(conn);
15764 + kfree(pkt);
15765 + return ret;
15766 + }
15767 +@@ -254,7 +249,7 @@ out:
15768 + */
15769 + int rxrpc_send_abort_packet(struct rxrpc_call *call)
15770 + {
15771 +- struct rxrpc_connection *conn = NULL;
15772 ++ struct rxrpc_connection *conn;
15773 + struct rxrpc_abort_buffer pkt;
15774 + struct msghdr msg;
15775 + struct kvec iov[1];
15776 +@@ -271,13 +266,11 @@ int rxrpc_send_abort_packet(struct rxrpc_call *call)
15777 + test_bit(RXRPC_CALL_TX_LAST, &call->flags))
15778 + return 0;
15779 +
15780 +- spin_lock_bh(&call->lock);
15781 +- if (call->conn)
15782 +- conn = rxrpc_get_connection_maybe(call->conn);
15783 +- spin_unlock_bh(&call->lock);
15784 +- if (!conn)
15785 ++ if (test_bit(RXRPC_CALL_DISCONNECTED, &call->flags))
15786 + return -ECONNRESET;
15787 +
15788 ++ conn = call->conn;
15789 ++
15790 + msg.msg_name = &call->peer->srx.transport;
15791 + msg.msg_namelen = call->peer->srx.transport_len;
15792 + msg.msg_control = NULL;
15793 +@@ -312,8 +305,6 @@ int rxrpc_send_abort_packet(struct rxrpc_call *call)
15794 + trace_rxrpc_tx_packet(call->debug_id, &pkt.whdr,
15795 + rxrpc_tx_point_call_abort);
15796 + rxrpc_tx_backoff(call, ret);
15797 +-
15798 +- rxrpc_put_connection(conn);
15799 + return ret;
15800 + }
15801 +
15802 +diff --git a/net/rxrpc/peer_event.c b/net/rxrpc/peer_event.c
15803 +index 48f67a9b1037..923b263c401b 100644
15804 +--- a/net/rxrpc/peer_event.c
15805 ++++ b/net/rxrpc/peer_event.c
15806 +@@ -364,27 +364,31 @@ static void rxrpc_peer_keepalive_dispatch(struct rxrpc_net *rxnet,
15807 + if (!rxrpc_get_peer_maybe(peer))
15808 + continue;
15809 +
15810 +- spin_unlock_bh(&rxnet->peer_hash_lock);
15811 +-
15812 +- keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
15813 +- slot = keepalive_at - base;
15814 +- _debug("%02x peer %u t=%d {%pISp}",
15815 +- cursor, peer->debug_id, slot, &peer->srx.transport);
15816 ++ if (__rxrpc_use_local(peer->local)) {
15817 ++ spin_unlock_bh(&rxnet->peer_hash_lock);
15818 ++
15819 ++ keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
15820 ++ slot = keepalive_at - base;
15821 ++ _debug("%02x peer %u t=%d {%pISp}",
15822 ++ cursor, peer->debug_id, slot, &peer->srx.transport);
15823 ++
15824 ++ if (keepalive_at <= base ||
15825 ++ keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
15826 ++ rxrpc_send_keepalive(peer);
15827 ++ slot = RXRPC_KEEPALIVE_TIME;
15828 ++ }
15829 +
15830 +- if (keepalive_at <= base ||
15831 +- keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
15832 +- rxrpc_send_keepalive(peer);
15833 +- slot = RXRPC_KEEPALIVE_TIME;
15834 ++ /* A transmission to this peer occurred since last we
15835 ++ * examined it so put it into the appropriate future
15836 ++ * bucket.
15837 ++ */
15838 ++ slot += cursor;
15839 ++ slot &= mask;
15840 ++ spin_lock_bh(&rxnet->peer_hash_lock);
15841 ++ list_add_tail(&peer->keepalive_link,
15842 ++ &rxnet->peer_keepalive[slot & mask]);
15843 ++ rxrpc_unuse_local(peer->local);
15844 + }
15845 +-
15846 +- /* A transmission to this peer occurred since last we examined
15847 +- * it so put it into the appropriate future bucket.
15848 +- */
15849 +- slot += cursor;
15850 +- slot &= mask;
15851 +- spin_lock_bh(&rxnet->peer_hash_lock);
15852 +- list_add_tail(&peer->keepalive_link,
15853 +- &rxnet->peer_keepalive[slot & mask]);
15854 + rxrpc_put_peer_locked(peer);
15855 + }
15856 +
15857 +diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h
15858 +index c22624131949..d36949d9382c 100644
15859 +--- a/net/sched/cls_rsvp.h
15860 ++++ b/net/sched/cls_rsvp.h
15861 +@@ -463,10 +463,8 @@ static u32 gen_tunnel(struct rsvp_head *data)
15862 +
15863 + static const struct nla_policy rsvp_policy[TCA_RSVP_MAX + 1] = {
15864 + [TCA_RSVP_CLASSID] = { .type = NLA_U32 },
15865 +- [TCA_RSVP_DST] = { .type = NLA_BINARY,
15866 +- .len = RSVP_DST_LEN * sizeof(u32) },
15867 +- [TCA_RSVP_SRC] = { .type = NLA_BINARY,
15868 +- .len = RSVP_DST_LEN * sizeof(u32) },
15869 ++ [TCA_RSVP_DST] = { .len = RSVP_DST_LEN * sizeof(u32) },
15870 ++ [TCA_RSVP_SRC] = { .len = RSVP_DST_LEN * sizeof(u32) },
15871 + [TCA_RSVP_PINFO] = { .len = sizeof(struct tc_rsvp_pinfo) },
15872 + };
15873 +
15874 +diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c
15875 +index 3d4a1280352f..09b7dc5fe7e0 100644
15876 +--- a/net/sched/cls_tcindex.c
15877 ++++ b/net/sched/cls_tcindex.c
15878 +@@ -333,12 +333,31 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
15879 + cp->fall_through = p->fall_through;
15880 + cp->tp = tp;
15881 +
15882 ++ if (tb[TCA_TCINDEX_HASH])
15883 ++ cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
15884 ++
15885 ++ if (tb[TCA_TCINDEX_MASK])
15886 ++ cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]);
15887 ++
15888 ++ if (tb[TCA_TCINDEX_SHIFT])
15889 ++ cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]);
15890 ++
15891 ++ if (!cp->hash) {
15892 ++ /* Hash not specified, use perfect hash if the upper limit
15893 ++ * of the hashing index is below the threshold.
15894 ++ */
15895 ++ if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD)
15896 ++ cp->hash = (cp->mask >> cp->shift) + 1;
15897 ++ else
15898 ++ cp->hash = DEFAULT_HASH_SIZE;
15899 ++ }
15900 ++
15901 + if (p->perfect) {
15902 + int i;
15903 +
15904 + if (tcindex_alloc_perfect_hash(net, cp) < 0)
15905 + goto errout;
15906 +- for (i = 0; i < cp->hash; i++)
15907 ++ for (i = 0; i < min(cp->hash, p->hash); i++)
15908 + cp->perfect[i].res = p->perfect[i].res;
15909 + balloc = 1;
15910 + }
15911 +@@ -346,19 +365,10 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
15912 +
15913 + err = tcindex_filter_result_init(&new_filter_result, net);
15914 + if (err < 0)
15915 +- goto errout1;
15916 ++ goto errout_alloc;
15917 + if (old_r)
15918 + cr = r->res;
15919 +
15920 +- if (tb[TCA_TCINDEX_HASH])
15921 +- cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
15922 +-
15923 +- if (tb[TCA_TCINDEX_MASK])
15924 +- cp->mask = nla_get_u16(tb[TCA_TCINDEX_MASK]);
15925 +-
15926 +- if (tb[TCA_TCINDEX_SHIFT])
15927 +- cp->shift = nla_get_u32(tb[TCA_TCINDEX_SHIFT]);
15928 +-
15929 + err = -EBUSY;
15930 +
15931 + /* Hash already allocated, make sure that we still meet the
15932 +@@ -376,16 +386,6 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base,
15933 + if (tb[TCA_TCINDEX_FALL_THROUGH])
15934 + cp->fall_through = nla_get_u32(tb[TCA_TCINDEX_FALL_THROUGH]);
15935 +
15936 +- if (!cp->hash) {
15937 +- /* Hash not specified, use perfect hash if the upper limit
15938 +- * of the hashing index is below the threshold.
15939 +- */
15940 +- if ((cp->mask >> cp->shift) < PERFECT_HASH_THRESHOLD)
15941 +- cp->hash = (cp->mask >> cp->shift) + 1;
15942 +- else
15943 +- cp->hash = DEFAULT_HASH_SIZE;
15944 +- }
15945 +-
15946 + if (!cp->perfect && !cp->h)
15947 + cp->alloc_hash = cp->hash;
15948 +
15949 +@@ -484,7 +484,6 @@ errout_alloc:
15950 + tcindex_free_perfect_hash(cp);
15951 + else if (balloc == 2)
15952 + kfree(cp->h);
15953 +-errout1:
15954 + tcf_exts_destroy(&new_filter_result.exts);
15955 + errout:
15956 + kfree(cp);
15957 +diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
15958 +index c609373c8661..660fc45ee40f 100644
15959 +--- a/net/sched/sch_taprio.c
15960 ++++ b/net/sched/sch_taprio.c
15961 +@@ -31,6 +31,7 @@ static DEFINE_SPINLOCK(taprio_list_lock);
15962 +
15963 + #define TXTIME_ASSIST_IS_ENABLED(flags) ((flags) & TCA_TAPRIO_ATTR_FLAG_TXTIME_ASSIST)
15964 + #define FULL_OFFLOAD_IS_ENABLED(flags) ((flags) & TCA_TAPRIO_ATTR_FLAG_FULL_OFFLOAD)
15965 ++#define TAPRIO_FLAGS_INVALID U32_MAX
15966 +
15967 + struct sched_entry {
15968 + struct list_head list;
15969 +@@ -766,6 +767,7 @@ static const struct nla_policy taprio_policy[TCA_TAPRIO_ATTR_MAX + 1] = {
15970 + [TCA_TAPRIO_ATTR_SCHED_CLOCKID] = { .type = NLA_S32 },
15971 + [TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME] = { .type = NLA_S64 },
15972 + [TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION] = { .type = NLA_S64 },
15973 ++ [TCA_TAPRIO_ATTR_FLAGS] = { .type = NLA_U32 },
15974 + };
15975 +
15976 + static int fill_sched_entry(struct nlattr **tb, struct sched_entry *entry,
15977 +@@ -1367,6 +1369,33 @@ static int taprio_mqprio_cmp(const struct net_device *dev,
15978 + return 0;
15979 + }
15980 +
15981 ++/* The semantics of the 'flags' argument in relation to 'change()'
15982 ++ * requests, are interpreted following two rules (which are applied in
15983 ++ * this order): (1) an omitted 'flags' argument is interpreted as
15984 ++ * zero; (2) the 'flags' of a "running" taprio instance cannot be
15985 ++ * changed.
15986 ++ */
15987 ++static int taprio_new_flags(const struct nlattr *attr, u32 old,
15988 ++ struct netlink_ext_ack *extack)
15989 ++{
15990 ++ u32 new = 0;
15991 ++
15992 ++ if (attr)
15993 ++ new = nla_get_u32(attr);
15994 ++
15995 ++ if (old != TAPRIO_FLAGS_INVALID && old != new) {
15996 ++ NL_SET_ERR_MSG_MOD(extack, "Changing 'flags' of a running schedule is not supported");
15997 ++ return -EOPNOTSUPP;
15998 ++ }
15999 ++
16000 ++ if (!taprio_flags_valid(new)) {
16001 ++ NL_SET_ERR_MSG_MOD(extack, "Specified 'flags' are not valid");
16002 ++ return -EINVAL;
16003 ++ }
16004 ++
16005 ++ return new;
16006 ++}
16007 ++
16008 + static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16009 + struct netlink_ext_ack *extack)
16010 + {
16011 +@@ -1375,7 +1404,6 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16012 + struct taprio_sched *q = qdisc_priv(sch);
16013 + struct net_device *dev = qdisc_dev(sch);
16014 + struct tc_mqprio_qopt *mqprio = NULL;
16015 +- u32 taprio_flags = 0;
16016 + unsigned long flags;
16017 + ktime_t start;
16018 + int i, err;
16019 +@@ -1388,21 +1416,14 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16020 + if (tb[TCA_TAPRIO_ATTR_PRIOMAP])
16021 + mqprio = nla_data(tb[TCA_TAPRIO_ATTR_PRIOMAP]);
16022 +
16023 +- if (tb[TCA_TAPRIO_ATTR_FLAGS]) {
16024 +- taprio_flags = nla_get_u32(tb[TCA_TAPRIO_ATTR_FLAGS]);
16025 +-
16026 +- if (q->flags != 0 && q->flags != taprio_flags) {
16027 +- NL_SET_ERR_MSG_MOD(extack, "Changing 'flags' of a running schedule is not supported");
16028 +- return -EOPNOTSUPP;
16029 +- } else if (!taprio_flags_valid(taprio_flags)) {
16030 +- NL_SET_ERR_MSG_MOD(extack, "Specified 'flags' are not valid");
16031 +- return -EINVAL;
16032 +- }
16033 ++ err = taprio_new_flags(tb[TCA_TAPRIO_ATTR_FLAGS],
16034 ++ q->flags, extack);
16035 ++ if (err < 0)
16036 ++ return err;
16037 +
16038 +- q->flags = taprio_flags;
16039 +- }
16040 ++ q->flags = err;
16041 +
16042 +- err = taprio_parse_mqprio_opt(dev, mqprio, extack, taprio_flags);
16043 ++ err = taprio_parse_mqprio_opt(dev, mqprio, extack, q->flags);
16044 + if (err < 0)
16045 + return err;
16046 +
16047 +@@ -1444,7 +1465,20 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16048 +
16049 + taprio_set_picos_per_byte(dev, q);
16050 +
16051 +- if (FULL_OFFLOAD_IS_ENABLED(taprio_flags))
16052 ++ if (mqprio) {
16053 ++ netdev_set_num_tc(dev, mqprio->num_tc);
16054 ++ for (i = 0; i < mqprio->num_tc; i++)
16055 ++ netdev_set_tc_queue(dev, i,
16056 ++ mqprio->count[i],
16057 ++ mqprio->offset[i]);
16058 ++
16059 ++ /* Always use supplied priority mappings */
16060 ++ for (i = 0; i <= TC_BITMASK; i++)
16061 ++ netdev_set_prio_tc_map(dev, i,
16062 ++ mqprio->prio_tc_map[i]);
16063 ++ }
16064 ++
16065 ++ if (FULL_OFFLOAD_IS_ENABLED(q->flags))
16066 + err = taprio_enable_offload(dev, mqprio, q, new_admin, extack);
16067 + else
16068 + err = taprio_disable_offload(dev, q, extack);
16069 +@@ -1464,27 +1498,14 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16070 + q->txtime_delay = nla_get_u32(tb[TCA_TAPRIO_ATTR_TXTIME_DELAY]);
16071 + }
16072 +
16073 +- if (!TXTIME_ASSIST_IS_ENABLED(taprio_flags) &&
16074 +- !FULL_OFFLOAD_IS_ENABLED(taprio_flags) &&
16075 ++ if (!TXTIME_ASSIST_IS_ENABLED(q->flags) &&
16076 ++ !FULL_OFFLOAD_IS_ENABLED(q->flags) &&
16077 + !hrtimer_active(&q->advance_timer)) {
16078 + hrtimer_init(&q->advance_timer, q->clockid, HRTIMER_MODE_ABS);
16079 + q->advance_timer.function = advance_sched;
16080 + }
16081 +
16082 +- if (mqprio) {
16083 +- netdev_set_num_tc(dev, mqprio->num_tc);
16084 +- for (i = 0; i < mqprio->num_tc; i++)
16085 +- netdev_set_tc_queue(dev, i,
16086 +- mqprio->count[i],
16087 +- mqprio->offset[i]);
16088 +-
16089 +- /* Always use supplied priority mappings */
16090 +- for (i = 0; i <= TC_BITMASK; i++)
16091 +- netdev_set_prio_tc_map(dev, i,
16092 +- mqprio->prio_tc_map[i]);
16093 +- }
16094 +-
16095 +- if (FULL_OFFLOAD_IS_ENABLED(taprio_flags)) {
16096 ++ if (FULL_OFFLOAD_IS_ENABLED(q->flags)) {
16097 + q->dequeue = taprio_dequeue_offload;
16098 + q->peek = taprio_peek_offload;
16099 + } else {
16100 +@@ -1501,9 +1522,9 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16101 + goto unlock;
16102 + }
16103 +
16104 +- if (TXTIME_ASSIST_IS_ENABLED(taprio_flags)) {
16105 +- setup_txtime(q, new_admin, start);
16106 ++ setup_txtime(q, new_admin, start);
16107 +
16108 ++ if (TXTIME_ASSIST_IS_ENABLED(q->flags)) {
16109 + if (!oper) {
16110 + rcu_assign_pointer(q->oper_sched, new_admin);
16111 + err = 0;
16112 +@@ -1528,7 +1549,7 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
16113 +
16114 + spin_unlock_irqrestore(&q->current_entry_lock, flags);
16115 +
16116 +- if (FULL_OFFLOAD_IS_ENABLED(taprio_flags))
16117 ++ if (FULL_OFFLOAD_IS_ENABLED(q->flags))
16118 + taprio_offload_config_changed(q);
16119 + }
16120 +
16121 +@@ -1567,7 +1588,7 @@ static void taprio_destroy(struct Qdisc *sch)
16122 + }
16123 + q->qdiscs = NULL;
16124 +
16125 +- netdev_set_num_tc(dev, 0);
16126 ++ netdev_reset_tc(dev);
16127 +
16128 + if (q->oper_sched)
16129 + call_rcu(&q->oper_sched->rcu, taprio_free_sched_cb);
16130 +@@ -1597,6 +1618,7 @@ static int taprio_init(struct Qdisc *sch, struct nlattr *opt,
16131 + * and get the valid one on taprio_change().
16132 + */
16133 + q->clockid = -1;
16134 ++ q->flags = TAPRIO_FLAGS_INVALID;
16135 +
16136 + spin_lock(&taprio_list_lock);
16137 + list_add(&q->taprio_list, &taprio_list);
16138 +diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
16139 +index c62d1f10978b..cff77f096647 100644
16140 +--- a/net/sunrpc/auth_gss/svcauth_gss.c
16141 ++++ b/net/sunrpc/auth_gss/svcauth_gss.c
16142 +@@ -1248,6 +1248,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
16143 + dprintk("RPC: No creds found!\n");
16144 + goto out;
16145 + } else {
16146 ++ struct timespec64 boot;
16147 +
16148 + /* steal creds */
16149 + rsci.cred = ud->creds;
16150 +@@ -1268,6 +1269,9 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
16151 + &expiry, GFP_KERNEL);
16152 + if (status)
16153 + goto out;
16154 ++
16155 ++ getboottime64(&boot);
16156 ++ expiry -= boot.tv_sec;
16157 + }
16158 +
16159 + rsci.h.expiry_time = expiry;
16160 +diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
16161 +index 1fc42ad8ff49..c0147a8cf188 100644
16162 +--- a/samples/bpf/Makefile
16163 ++++ b/samples/bpf/Makefile
16164 +@@ -38,6 +38,8 @@ tprogs-y += tc_l2_redirect
16165 + tprogs-y += lwt_len_hist
16166 + tprogs-y += xdp_tx_iptunnel
16167 + tprogs-y += test_map_in_map
16168 ++tprogs-y += per_socket_stats_example
16169 ++tprogs-y += xdp_redirect
16170 + tprogs-y += xdp_redirect_map
16171 + tprogs-y += xdp_redirect_cpu
16172 + tprogs-y += xdp_monitor
16173 +@@ -251,7 +253,7 @@ all:
16174 +
16175 + clean:
16176 + $(MAKE) -C ../../ M=$(CURDIR) clean
16177 +- @rm -f *~
16178 ++ @find $(CURDIR) -type f -name '*~' -delete
16179 +
16180 + $(LIBBPF): FORCE
16181 + # Fix up variables inherited from Kbuild that tools/ build system won't like
16182 +diff --git a/samples/bpf/xdp_redirect_cpu_user.c b/samples/bpf/xdp_redirect_cpu_user.c
16183 +index 0da6e9e7132e..8b862a7a6c6a 100644
16184 +--- a/samples/bpf/xdp_redirect_cpu_user.c
16185 ++++ b/samples/bpf/xdp_redirect_cpu_user.c
16186 +@@ -16,6 +16,10 @@ static const char *__doc__ =
16187 + #include <getopt.h>
16188 + #include <net/if.h>
16189 + #include <time.h>
16190 ++#include <linux/limits.h>
16191 ++
16192 ++#define __must_check
16193 ++#include <linux/err.h>
16194 +
16195 + #include <arpa/inet.h>
16196 + #include <linux/if_link.h>
16197 +@@ -46,6 +50,10 @@ static int cpus_count_map_fd;
16198 + static int cpus_iterator_map_fd;
16199 + static int exception_cnt_map_fd;
16200 +
16201 ++#define NUM_TP 5
16202 ++struct bpf_link *tp_links[NUM_TP] = { 0 };
16203 ++static int tp_cnt = 0;
16204 ++
16205 + /* Exit return codes */
16206 + #define EXIT_OK 0
16207 + #define EXIT_FAIL 1
16208 +@@ -88,6 +96,10 @@ static void int_exit(int sig)
16209 + printf("program on interface changed, not removing\n");
16210 + }
16211 + }
16212 ++ /* Detach tracepoints */
16213 ++ while (tp_cnt)
16214 ++ bpf_link__destroy(tp_links[--tp_cnt]);
16215 ++
16216 + exit(EXIT_OK);
16217 + }
16218 +
16219 +@@ -588,23 +600,61 @@ static void stats_poll(int interval, bool use_separators, char *prog_name,
16220 + free_stats_record(prev);
16221 + }
16222 +
16223 ++static struct bpf_link * attach_tp(struct bpf_object *obj,
16224 ++ const char *tp_category,
16225 ++ const char* tp_name)
16226 ++{
16227 ++ struct bpf_program *prog;
16228 ++ struct bpf_link *link;
16229 ++ char sec_name[PATH_MAX];
16230 ++ int len;
16231 ++
16232 ++ len = snprintf(sec_name, PATH_MAX, "tracepoint/%s/%s",
16233 ++ tp_category, tp_name);
16234 ++ if (len < 0)
16235 ++ exit(EXIT_FAIL);
16236 ++
16237 ++ prog = bpf_object__find_program_by_title(obj, sec_name);
16238 ++ if (!prog) {
16239 ++ fprintf(stderr, "ERR: finding progsec: %s\n", sec_name);
16240 ++ exit(EXIT_FAIL_BPF);
16241 ++ }
16242 ++
16243 ++ link = bpf_program__attach_tracepoint(prog, tp_category, tp_name);
16244 ++ if (IS_ERR(link))
16245 ++ exit(EXIT_FAIL_BPF);
16246 ++
16247 ++ return link;
16248 ++}
16249 ++
16250 ++static void init_tracepoints(struct bpf_object *obj) {
16251 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_redirect_err");
16252 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_redirect_map_err");
16253 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_exception");
16254 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_cpumap_enqueue");
16255 ++ tp_links[tp_cnt++] = attach_tp(obj, "xdp", "xdp_cpumap_kthread");
16256 ++}
16257 ++
16258 + static int init_map_fds(struct bpf_object *obj)
16259 + {
16260 +- cpu_map_fd = bpf_object__find_map_fd_by_name(obj, "cpu_map");
16261 +- rx_cnt_map_fd = bpf_object__find_map_fd_by_name(obj, "rx_cnt");
16262 ++ /* Maps updated by tracepoints */
16263 + redirect_err_cnt_map_fd =
16264 + bpf_object__find_map_fd_by_name(obj, "redirect_err_cnt");
16265 ++ exception_cnt_map_fd =
16266 ++ bpf_object__find_map_fd_by_name(obj, "exception_cnt");
16267 + cpumap_enqueue_cnt_map_fd =
16268 + bpf_object__find_map_fd_by_name(obj, "cpumap_enqueue_cnt");
16269 + cpumap_kthread_cnt_map_fd =
16270 + bpf_object__find_map_fd_by_name(obj, "cpumap_kthread_cnt");
16271 ++
16272 ++ /* Maps used by XDP */
16273 ++ rx_cnt_map_fd = bpf_object__find_map_fd_by_name(obj, "rx_cnt");
16274 ++ cpu_map_fd = bpf_object__find_map_fd_by_name(obj, "cpu_map");
16275 + cpus_available_map_fd =
16276 + bpf_object__find_map_fd_by_name(obj, "cpus_available");
16277 + cpus_count_map_fd = bpf_object__find_map_fd_by_name(obj, "cpus_count");
16278 + cpus_iterator_map_fd =
16279 + bpf_object__find_map_fd_by_name(obj, "cpus_iterator");
16280 +- exception_cnt_map_fd =
16281 +- bpf_object__find_map_fd_by_name(obj, "exception_cnt");
16282 +
16283 + if (cpu_map_fd < 0 || rx_cnt_map_fd < 0 ||
16284 + redirect_err_cnt_map_fd < 0 || cpumap_enqueue_cnt_map_fd < 0 ||
16285 +@@ -662,6 +712,7 @@ int main(int argc, char **argv)
16286 + strerror(errno));
16287 + return EXIT_FAIL;
16288 + }
16289 ++ init_tracepoints(obj);
16290 + if (init_map_fds(obj) < 0) {
16291 + fprintf(stderr, "bpf_object__find_map_fd_by_name failed\n");
16292 + return EXIT_FAIL;
16293 +diff --git a/scripts/find-unused-docs.sh b/scripts/find-unused-docs.sh
16294 +index 3f46f8977dc4..ee6a50e33aba 100755
16295 +--- a/scripts/find-unused-docs.sh
16296 ++++ b/scripts/find-unused-docs.sh
16297 +@@ -54,7 +54,7 @@ for file in `find $1 -name '*.c'`; do
16298 + if [[ ${FILES_INCLUDED[$file]+_} ]]; then
16299 + continue;
16300 + fi
16301 +- str=$(scripts/kernel-doc -text -export "$file" 2>/dev/null)
16302 ++ str=$(scripts/kernel-doc -export "$file" 2>/dev/null)
16303 + if [[ -n "$str" ]]; then
16304 + echo "$file"
16305 + fi
16306 +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
16307 +index ecea41ce919b..8bc7b04769a8 100644
16308 +--- a/security/smack/smack_lsm.c
16309 ++++ b/security/smack/smack_lsm.c
16310 +@@ -2831,42 +2831,39 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
16311 + int addrlen)
16312 + {
16313 + int rc = 0;
16314 +-#if IS_ENABLED(CONFIG_IPV6)
16315 +- struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
16316 +-#endif
16317 +-#ifdef SMACK_IPV6_SECMARK_LABELING
16318 +- struct smack_known *rsp;
16319 +- struct socket_smack *ssp;
16320 +-#endif
16321 +
16322 + if (sock->sk == NULL)
16323 + return 0;
16324 +-
16325 ++ if (sock->sk->sk_family != PF_INET &&
16326 ++ (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
16327 ++ return 0;
16328 ++ if (addrlen < offsetofend(struct sockaddr, sa_family))
16329 ++ return 0;
16330 ++ if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
16331 ++ struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
16332 + #ifdef SMACK_IPV6_SECMARK_LABELING
16333 +- ssp = sock->sk->sk_security;
16334 ++ struct smack_known *rsp;
16335 + #endif
16336 +
16337 +- switch (sock->sk->sk_family) {
16338 +- case PF_INET:
16339 +- if (addrlen < sizeof(struct sockaddr_in) ||
16340 +- sap->sa_family != AF_INET)
16341 +- return -EINVAL;
16342 +- rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
16343 +- break;
16344 +- case PF_INET6:
16345 +- if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6)
16346 +- return -EINVAL;
16347 ++ if (addrlen < SIN6_LEN_RFC2133)
16348 ++ return 0;
16349 + #ifdef SMACK_IPV6_SECMARK_LABELING
16350 + rsp = smack_ipv6host_label(sip);
16351 +- if (rsp != NULL)
16352 ++ if (rsp != NULL) {
16353 ++ struct socket_smack *ssp = sock->sk->sk_security;
16354 ++
16355 + rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
16356 +- SMK_CONNECTING);
16357 ++ SMK_CONNECTING);
16358 ++ }
16359 + #endif
16360 + #ifdef SMACK_IPV6_PORT_LABELING
16361 + rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
16362 + #endif
16363 +- break;
16364 ++ return rc;
16365 + }
16366 ++ if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
16367 ++ return 0;
16368 ++ rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
16369 + return rc;
16370 + }
16371 +
16372 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
16373 +index d083225344a0..c9b7e1a073ee 100644
16374 +--- a/sound/core/pcm_native.c
16375 ++++ b/sound/core/pcm_native.c
16376 +@@ -785,10 +785,22 @@ end:
16377 + return err;
16378 + }
16379 +
16380 ++static int do_hw_free(struct snd_pcm_substream *substream)
16381 ++{
16382 ++ int result = 0;
16383 ++
16384 ++ snd_pcm_sync_stop(substream);
16385 ++ if (substream->ops->hw_free)
16386 ++ result = substream->ops->hw_free(substream);
16387 ++ if (substream->managed_buffer_alloc)
16388 ++ snd_pcm_lib_free_pages(substream);
16389 ++ return result;
16390 ++}
16391 ++
16392 + static int snd_pcm_hw_free(struct snd_pcm_substream *substream)
16393 + {
16394 + struct snd_pcm_runtime *runtime;
16395 +- int result = 0;
16396 ++ int result;
16397 +
16398 + if (PCM_RUNTIME_CHECK(substream))
16399 + return -ENXIO;
16400 +@@ -805,11 +817,7 @@ static int snd_pcm_hw_free(struct snd_pcm_substream *substream)
16401 + snd_pcm_stream_unlock_irq(substream);
16402 + if (atomic_read(&substream->mmap_count))
16403 + return -EBADFD;
16404 +- snd_pcm_sync_stop(substream);
16405 +- if (substream->ops->hw_free)
16406 +- result = substream->ops->hw_free(substream);
16407 +- if (substream->managed_buffer_alloc)
16408 +- snd_pcm_lib_free_pages(substream);
16409 ++ result = do_hw_free(substream);
16410 + snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
16411 + pm_qos_remove_request(&substream->latency_pm_qos_req);
16412 + return result;
16413 +@@ -2466,9 +2474,7 @@ void snd_pcm_release_substream(struct snd_pcm_substream *substream)
16414 +
16415 + snd_pcm_drop(substream);
16416 + if (substream->hw_opened) {
16417 +- if (substream->ops->hw_free &&
16418 +- substream->runtime->status->state != SNDRV_PCM_STATE_OPEN)
16419 +- substream->ops->hw_free(substream);
16420 ++ do_hw_free(substream);
16421 + substream->ops->close(substream);
16422 + substream->hw_opened = 0;
16423 + }
16424 +diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c
16425 +index 022a0db692e0..3a2839f44f5c 100644
16426 +--- a/sound/drivers/dummy.c
16427 ++++ b/sound/drivers/dummy.c
16428 +@@ -915,7 +915,7 @@ static void print_formats(struct snd_dummy *dummy,
16429 + {
16430 + int i;
16431 +
16432 +- for (i = 0; i < SNDRV_PCM_FORMAT_LAST; i++) {
16433 ++ for (i = 0; i <= SNDRV_PCM_FORMAT_LAST; i++) {
16434 + if (dummy->pcm_hw.formats & (1ULL << i))
16435 + snd_iprintf(buffer, " %s", snd_pcm_format_name(i));
16436 + }
16437 +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
16438 +index 8ef223aa1e37..9d3b28bcba9b 100644
16439 +--- a/sound/pci/hda/hda_intel.c
16440 ++++ b/sound/pci/hda/hda_intel.c
16441 +@@ -2188,6 +2188,8 @@ static struct snd_pci_quirk power_save_blacklist[] = {
16442 + /* https://bugzilla.redhat.com/show_bug.cgi?id=1581607 */
16443 + SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", 0),
16444 + /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
16445 ++ SND_PCI_QUIRK(0x1558, 0x6504, "Clevo W65_67SB", 0),
16446 ++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
16447 + SND_PCI_QUIRK(0x1028, 0x0497, "Dell Precision T3600", 0),
16448 + /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
16449 + /* Note the P55A-UD3 and Z87-D3HP share the subsys id for the HDA dev */
16450 +@@ -2447,6 +2449,8 @@ static const struct pci_device_id azx_ids[] = {
16451 + /* Jasperlake */
16452 + { PCI_DEVICE(0x8086, 0x38c8),
16453 + .driver_data = AZX_DRIVER_SKL | AZX_DCAPS_INTEL_SKYLAKE},
16454 ++ { PCI_DEVICE(0x8086, 0x4dc8),
16455 ++ .driver_data = AZX_DRIVER_SKL | AZX_DCAPS_INTEL_SKYLAKE},
16456 + /* Tigerlake */
16457 + { PCI_DEVICE(0x8086, 0xa0c8),
16458 + .driver_data = AZX_DRIVER_SKL | AZX_DCAPS_INTEL_SKYLAKE},
16459 +diff --git a/sound/pci/hda/hda_tegra.c b/sound/pci/hda/hda_tegra.c
16460 +index 8350954b7986..e5191584638a 100644
16461 +--- a/sound/pci/hda/hda_tegra.c
16462 ++++ b/sound/pci/hda/hda_tegra.c
16463 +@@ -398,6 +398,7 @@ static int hda_tegra_create(struct snd_card *card,
16464 + return err;
16465 +
16466 + chip->bus.needs_damn_long_delay = 1;
16467 ++ chip->bus.core.aligned_mmio = 1;
16468 +
16469 + err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops);
16470 + if (err < 0) {
16471 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
16472 +index 630b1f5c276d..bde50414029d 100644
16473 +--- a/sound/pci/hda/patch_hdmi.c
16474 ++++ b/sound/pci/hda/patch_hdmi.c
16475 +@@ -1547,6 +1547,34 @@ static bool update_eld(struct hda_codec *codec,
16476 + return eld_changed;
16477 + }
16478 +
16479 ++static struct snd_jack *pin_idx_to_pcm_jack(struct hda_codec *codec,
16480 ++ struct hdmi_spec_per_pin *per_pin)
16481 ++{
16482 ++ struct hdmi_spec *spec = codec->spec;
16483 ++ struct snd_jack *jack = NULL;
16484 ++ struct hda_jack_tbl *jack_tbl;
16485 ++
16486 ++ /* if !dyn_pcm_assign, get jack from hda_jack_tbl
16487 ++ * in !dyn_pcm_assign case, spec->pcm_rec[].jack is not
16488 ++ * NULL even after snd_hda_jack_tbl_clear() is called to
16489 ++ * free snd_jack. This may cause access invalid memory
16490 ++ * when calling snd_jack_report
16491 ++ */
16492 ++ if (per_pin->pcm_idx >= 0 && spec->dyn_pcm_assign) {
16493 ++ jack = spec->pcm_rec[per_pin->pcm_idx].jack;
16494 ++ } else if (!spec->dyn_pcm_assign) {
16495 ++ /*
16496 ++ * jack tbl doesn't support DP MST
16497 ++ * DP MST will use dyn_pcm_assign,
16498 ++ * so DP MST will never come here
16499 ++ */
16500 ++ jack_tbl = snd_hda_jack_tbl_get_mst(codec, per_pin->pin_nid,
16501 ++ per_pin->dev_id);
16502 ++ if (jack_tbl)
16503 ++ jack = jack_tbl->jack;
16504 ++ }
16505 ++ return jack;
16506 ++}
16507 + /* update ELD and jack state via HD-audio verbs */
16508 + static bool hdmi_present_sense_via_verbs(struct hdmi_spec_per_pin *per_pin,
16509 + int repoll)
16510 +@@ -1568,6 +1596,7 @@ static bool hdmi_present_sense_via_verbs(struct hdmi_spec_per_pin *per_pin,
16511 + int present;
16512 + bool ret;
16513 + bool do_repoll = false;
16514 ++ struct snd_jack *pcm_jack = NULL;
16515 +
16516 + present = snd_hda_jack_pin_sense(codec, pin_nid, dev_id);
16517 +
16518 +@@ -1595,10 +1624,19 @@ static bool hdmi_present_sense_via_verbs(struct hdmi_spec_per_pin *per_pin,
16519 + do_repoll = true;
16520 + }
16521 +
16522 +- if (do_repoll)
16523 ++ if (do_repoll) {
16524 + schedule_delayed_work(&per_pin->work, msecs_to_jiffies(300));
16525 +- else
16526 ++ } else {
16527 ++ /*
16528 ++ * pcm_idx >=0 before update_eld() means it is in monitor
16529 ++ * disconnected event. Jack must be fetched before
16530 ++ * update_eld().
16531 ++ */
16532 ++ pcm_jack = pin_idx_to_pcm_jack(codec, per_pin);
16533 + update_eld(codec, per_pin, eld);
16534 ++ if (!pcm_jack)
16535 ++ pcm_jack = pin_idx_to_pcm_jack(codec, per_pin);
16536 ++ }
16537 +
16538 + ret = !repoll || !eld->monitor_present || eld->eld_valid;
16539 +
16540 +@@ -1607,38 +1645,32 @@ static bool hdmi_present_sense_via_verbs(struct hdmi_spec_per_pin *per_pin,
16541 + jack->block_report = !ret;
16542 + jack->pin_sense = (eld->monitor_present && eld->eld_valid) ?
16543 + AC_PINSENSE_PRESENCE : 0;
16544 +- }
16545 +- mutex_unlock(&per_pin->lock);
16546 +- return ret;
16547 +-}
16548 +
16549 +-static struct snd_jack *pin_idx_to_jack(struct hda_codec *codec,
16550 +- struct hdmi_spec_per_pin *per_pin)
16551 +-{
16552 +- struct hdmi_spec *spec = codec->spec;
16553 +- struct snd_jack *jack = NULL;
16554 +- struct hda_jack_tbl *jack_tbl;
16555 ++ if (spec->dyn_pcm_assign && pcm_jack && !do_repoll) {
16556 ++ int state = 0;
16557 ++
16558 ++ if (jack->pin_sense & AC_PINSENSE_PRESENCE)
16559 ++ state = SND_JACK_AVOUT;
16560 ++ snd_jack_report(pcm_jack, state);
16561 ++ }
16562 +
16563 +- /* if !dyn_pcm_assign, get jack from hda_jack_tbl
16564 +- * in !dyn_pcm_assign case, spec->pcm_rec[].jack is not
16565 +- * NULL even after snd_hda_jack_tbl_clear() is called to
16566 +- * free snd_jack. This may cause access invalid memory
16567 +- * when calling snd_jack_report
16568 +- */
16569 +- if (per_pin->pcm_idx >= 0 && spec->dyn_pcm_assign)
16570 +- jack = spec->pcm_rec[per_pin->pcm_idx].jack;
16571 +- else if (!spec->dyn_pcm_assign) {
16572 + /*
16573 +- * jack tbl doesn't support DP MST
16574 +- * DP MST will use dyn_pcm_assign,
16575 +- * so DP MST will never come here
16576 ++ * snd_hda_jack_pin_sense() call at the beginning of this
16577 ++ * function, updates jack->pins_sense and clears
16578 ++ * jack->jack_dirty, therefore snd_hda_jack_report_sync() will
16579 ++ * not override the jack->pin_sense.
16580 ++ *
16581 ++ * snd_hda_jack_report_sync() is superfluous for dyn_pcm_assign
16582 ++ * case. The jack->pin_sense update was already performed, and
16583 ++ * hda_jack->jack is NULL for dyn_pcm_assign.
16584 ++ *
16585 ++ * Don't call snd_hda_jack_report_sync() for
16586 ++ * dyn_pcm_assign.
16587 + */
16588 +- jack_tbl = snd_hda_jack_tbl_get_mst(codec, per_pin->pin_nid,
16589 +- per_pin->dev_id);
16590 +- if (jack_tbl)
16591 +- jack = jack_tbl->jack;
16592 ++ ret = ret && !spec->dyn_pcm_assign;
16593 + }
16594 +- return jack;
16595 ++ mutex_unlock(&per_pin->lock);
16596 ++ return ret;
16597 + }
16598 +
16599 + /* update ELD and jack state via audio component */
16600 +@@ -1674,10 +1706,10 @@ static void sync_eld_via_acomp(struct hda_codec *codec,
16601 + /* pcm_idx >=0 before update_eld() means it is in monitor
16602 + * disconnected event. Jack must be fetched before update_eld()
16603 + */
16604 +- jack = pin_idx_to_jack(codec, per_pin);
16605 ++ jack = pin_idx_to_pcm_jack(codec, per_pin);
16606 + changed = update_eld(codec, per_pin, eld);
16607 + if (jack == NULL)
16608 +- jack = pin_idx_to_jack(codec, per_pin);
16609 ++ jack = pin_idx_to_pcm_jack(codec, per_pin);
16610 + if (changed && jack)
16611 + snd_jack_report(jack,
16612 + (eld->monitor_present && eld->eld_valid) ?
16613 +@@ -4250,6 +4282,7 @@ HDA_CODEC_ENTRY(0x8086280c, "Cannonlake HDMI", patch_i915_glk_hdmi),
16614 + HDA_CODEC_ENTRY(0x8086280d, "Geminilake HDMI", patch_i915_glk_hdmi),
16615 + HDA_CODEC_ENTRY(0x8086280f, "Icelake HDMI", patch_i915_icl_hdmi),
16616 + HDA_CODEC_ENTRY(0x80862812, "Tigerlake HDMI", patch_i915_tgl_hdmi),
16617 ++HDA_CODEC_ENTRY(0x8086281a, "Jasperlake HDMI", patch_i915_icl_hdmi),
16618 + HDA_CODEC_ENTRY(0x80862880, "CedarTrail HDMI", patch_generic_hdmi),
16619 + HDA_CODEC_ENTRY(0x80862882, "Valleyview2 HDMI", patch_i915_byt_hdmi),
16620 + HDA_CODEC_ENTRY(0x80862883, "Braswell HDMI", patch_i915_byt_hdmi),
16621 +diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
16622 +index aa1f9637d895..e949b372cead 100644
16623 +--- a/sound/soc/codecs/sgtl5000.c
16624 ++++ b/sound/soc/codecs/sgtl5000.c
16625 +@@ -1344,7 +1344,8 @@ static int sgtl5000_set_power_regs(struct snd_soc_component *component)
16626 + * if vddio == vdda the source of charge pump should be
16627 + * assigned manually to VDDIO
16628 + */
16629 +- if (vddio == vdda) {
16630 ++ if (regulator_is_equal(sgtl5000->supplies[VDDA].consumer,
16631 ++ sgtl5000->supplies[VDDIO].consumer)) {
16632 + lreg_ctrl |= SGTL5000_VDDC_ASSN_OVRD;
16633 + lreg_ctrl |= SGTL5000_VDDC_MAN_ASSN_VDDIO <<
16634 + SGTL5000_VDDC_MAN_ASSN_SHIFT;
16635 +diff --git a/sound/soc/intel/boards/skl_hda_dsp_common.c b/sound/soc/intel/boards/skl_hda_dsp_common.c
16636 +index eb419e1ec42b..78ff5f24c40e 100644
16637 +--- a/sound/soc/intel/boards/skl_hda_dsp_common.c
16638 ++++ b/sound/soc/intel/boards/skl_hda_dsp_common.c
16639 +@@ -41,16 +41,19 @@ int skl_hda_hdmi_add_pcm(struct snd_soc_card *card, int device)
16640 + return 0;
16641 + }
16642 +
16643 +-SND_SOC_DAILINK_DEFS(idisp1,
16644 +- DAILINK_COMP_ARRAY(COMP_CPU("iDisp1 Pin")),
16645 ++SND_SOC_DAILINK_DEF(idisp1_cpu,
16646 ++ DAILINK_COMP_ARRAY(COMP_CPU("iDisp1 Pin")));
16647 ++SND_SOC_DAILINK_DEF(idisp1_codec,
16648 + DAILINK_COMP_ARRAY(COMP_CODEC("ehdaudio0D2", "intel-hdmi-hifi1")));
16649 +
16650 +-SND_SOC_DAILINK_DEFS(idisp2,
16651 +- DAILINK_COMP_ARRAY(COMP_CPU("iDisp2 Pin")),
16652 ++SND_SOC_DAILINK_DEF(idisp2_cpu,
16653 ++ DAILINK_COMP_ARRAY(COMP_CPU("iDisp2 Pin")));
16654 ++SND_SOC_DAILINK_DEF(idisp2_codec,
16655 + DAILINK_COMP_ARRAY(COMP_CODEC("ehdaudio0D2", "intel-hdmi-hifi2")));
16656 +
16657 +-SND_SOC_DAILINK_DEFS(idisp3,
16658 +- DAILINK_COMP_ARRAY(COMP_CPU("iDisp3 Pin")),
16659 ++SND_SOC_DAILINK_DEF(idisp3_cpu,
16660 ++ DAILINK_COMP_ARRAY(COMP_CPU("iDisp3 Pin")));
16661 ++SND_SOC_DAILINK_DEF(idisp3_codec,
16662 + DAILINK_COMP_ARRAY(COMP_CODEC("ehdaudio0D2", "intel-hdmi-hifi3")));
16663 +
16664 + SND_SOC_DAILINK_DEF(analog_cpu,
16665 +@@ -83,21 +86,21 @@ struct snd_soc_dai_link skl_hda_be_dai_links[HDA_DSP_MAX_BE_DAI_LINKS] = {
16666 + .id = 1,
16667 + .dpcm_playback = 1,
16668 + .no_pcm = 1,
16669 +- SND_SOC_DAILINK_REG(idisp1),
16670 ++ SND_SOC_DAILINK_REG(idisp1_cpu, idisp1_codec, platform),
16671 + },
16672 + {
16673 + .name = "iDisp2",
16674 + .id = 2,
16675 + .dpcm_playback = 1,
16676 + .no_pcm = 1,
16677 +- SND_SOC_DAILINK_REG(idisp2),
16678 ++ SND_SOC_DAILINK_REG(idisp2_cpu, idisp2_codec, platform),
16679 + },
16680 + {
16681 + .name = "iDisp3",
16682 + .id = 3,
16683 + .dpcm_playback = 1,
16684 + .no_pcm = 1,
16685 +- SND_SOC_DAILINK_REG(idisp3),
16686 ++ SND_SOC_DAILINK_REG(idisp3_cpu, idisp3_codec, platform),
16687 + },
16688 + {
16689 + .name = "Analog Playback and Capture",
16690 +diff --git a/sound/soc/meson/axg-fifo.c b/sound/soc/meson/axg-fifo.c
16691 +index d6f3eefb8f09..200bddf159a2 100644
16692 +--- a/sound/soc/meson/axg-fifo.c
16693 ++++ b/sound/soc/meson/axg-fifo.c
16694 +@@ -113,10 +113,12 @@ int axg_fifo_pcm_hw_params(struct snd_soc_component *component,
16695 + {
16696 + struct snd_pcm_runtime *runtime = ss->runtime;
16697 + struct axg_fifo *fifo = axg_fifo_data(ss);
16698 ++ unsigned int burst_num, period, threshold;
16699 + dma_addr_t end_ptr;
16700 +- unsigned int burst_num;
16701 + int ret;
16702 +
16703 ++ period = params_period_bytes(params);
16704 ++
16705 + ret = snd_pcm_lib_malloc_pages(ss, params_buffer_bytes(params));
16706 + if (ret < 0)
16707 + return ret;
16708 +@@ -127,9 +129,25 @@ int axg_fifo_pcm_hw_params(struct snd_soc_component *component,
16709 + regmap_write(fifo->map, FIFO_FINISH_ADDR, end_ptr);
16710 +
16711 + /* Setup interrupt periodicity */
16712 +- burst_num = params_period_bytes(params) / AXG_FIFO_BURST;
16713 ++ burst_num = period / AXG_FIFO_BURST;
16714 + regmap_write(fifo->map, FIFO_INT_ADDR, burst_num);
16715 +
16716 ++ /*
16717 ++ * Start the fifo request on the smallest of the following:
16718 ++ * - Half the fifo size
16719 ++ * - Half the period size
16720 ++ */
16721 ++ threshold = min(period / 2,
16722 ++ (unsigned int)AXG_FIFO_MIN_DEPTH / 2);
16723 ++
16724 ++ /*
16725 ++ * With the threshold in bytes, register value is:
16726 ++ * V = (threshold / burst) - 1
16727 ++ */
16728 ++ threshold /= AXG_FIFO_BURST;
16729 ++ regmap_field_write(fifo->field_threshold,
16730 ++ threshold ? threshold - 1 : 0);
16731 ++
16732 + /* Enable block count irq */
16733 + regmap_update_bits(fifo->map, FIFO_CTRL0,
16734 + CTRL0_INT_EN(FIFO_INT_COUNT_REPEAT),
16735 +@@ -352,6 +370,11 @@ int axg_fifo_probe(struct platform_device *pdev)
16736 + return fifo->irq;
16737 + }
16738 +
16739 ++ fifo->field_threshold =
16740 ++ devm_regmap_field_alloc(dev, fifo->map, data->field_threshold);
16741 ++ if (IS_ERR(fifo->field_threshold))
16742 ++ return PTR_ERR(fifo->field_threshold);
16743 ++
16744 + return devm_snd_soc_register_component(dev, data->component_drv,
16745 + data->dai_drv, 1);
16746 + }
16747 +diff --git a/sound/soc/meson/axg-fifo.h b/sound/soc/meson/axg-fifo.h
16748 +index cf928d43b558..c442195ba191 100644
16749 +--- a/sound/soc/meson/axg-fifo.h
16750 ++++ b/sound/soc/meson/axg-fifo.h
16751 +@@ -9,7 +9,9 @@
16752 +
16753 + struct clk;
16754 + struct platform_device;
16755 ++struct reg_field;
16756 + struct regmap;
16757 ++struct regmap_field;
16758 + struct reset_control;
16759 +
16760 + struct snd_soc_component_driver;
16761 +@@ -50,8 +52,6 @@ struct snd_soc_pcm_runtime;
16762 + #define CTRL1_STATUS2_SEL_MASK GENMASK(11, 8)
16763 + #define CTRL1_STATUS2_SEL(x) ((x) << 8)
16764 + #define STATUS2_SEL_DDR_READ 0
16765 +-#define CTRL1_THRESHOLD_MASK GENMASK(23, 16)
16766 +-#define CTRL1_THRESHOLD(x) ((x) << 16)
16767 + #define CTRL1_FRDDR_DEPTH_MASK GENMASK(31, 24)
16768 + #define CTRL1_FRDDR_DEPTH(x) ((x) << 24)
16769 + #define FIFO_START_ADDR 0x08
16770 +@@ -67,12 +67,14 @@ struct axg_fifo {
16771 + struct regmap *map;
16772 + struct clk *pclk;
16773 + struct reset_control *arb;
16774 ++ struct regmap_field *field_threshold;
16775 + int irq;
16776 + };
16777 +
16778 + struct axg_fifo_match_data {
16779 + const struct snd_soc_component_driver *component_drv;
16780 + struct snd_soc_dai_driver *dai_drv;
16781 ++ struct reg_field field_threshold;
16782 + };
16783 +
16784 + int axg_fifo_pcm_open(struct snd_soc_component *component,
16785 +diff --git a/sound/soc/meson/axg-frddr.c b/sound/soc/meson/axg-frddr.c
16786 +index 665d75d49d7b..657b05c739b5 100644
16787 +--- a/sound/soc/meson/axg-frddr.c
16788 ++++ b/sound/soc/meson/axg-frddr.c
16789 +@@ -50,7 +50,7 @@ static int axg_frddr_dai_startup(struct snd_pcm_substream *substream,
16790 + struct snd_soc_dai *dai)
16791 + {
16792 + struct axg_fifo *fifo = snd_soc_dai_get_drvdata(dai);
16793 +- unsigned int fifo_depth, fifo_threshold;
16794 ++ unsigned int fifo_depth;
16795 + int ret;
16796 +
16797 + /* Enable pclk to access registers and clock the fifo ip */
16798 +@@ -68,11 +68,8 @@ static int axg_frddr_dai_startup(struct snd_pcm_substream *substream,
16799 + * Depth and threshold are zero based.
16800 + */
16801 + fifo_depth = AXG_FIFO_MIN_CNT - 1;
16802 +- fifo_threshold = (AXG_FIFO_MIN_CNT / 2) - 1;
16803 +- regmap_update_bits(fifo->map, FIFO_CTRL1,
16804 +- CTRL1_FRDDR_DEPTH_MASK | CTRL1_THRESHOLD_MASK,
16805 +- CTRL1_FRDDR_DEPTH(fifo_depth) |
16806 +- CTRL1_THRESHOLD(fifo_threshold));
16807 ++ regmap_update_bits(fifo->map, FIFO_CTRL1, CTRL1_FRDDR_DEPTH_MASK,
16808 ++ CTRL1_FRDDR_DEPTH(fifo_depth));
16809 +
16810 + return 0;
16811 + }
16812 +@@ -159,8 +156,9 @@ static const struct snd_soc_component_driver axg_frddr_component_drv = {
16813 + };
16814 +
16815 + static const struct axg_fifo_match_data axg_frddr_match_data = {
16816 +- .component_drv = &axg_frddr_component_drv,
16817 +- .dai_drv = &axg_frddr_dai_drv
16818 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
16819 ++ .component_drv = &axg_frddr_component_drv,
16820 ++ .dai_drv = &axg_frddr_dai_drv
16821 + };
16822 +
16823 + static const struct snd_soc_dai_ops g12a_frddr_ops = {
16824 +@@ -283,8 +281,9 @@ static const struct snd_soc_component_driver g12a_frddr_component_drv = {
16825 + };
16826 +
16827 + static const struct axg_fifo_match_data g12a_frddr_match_data = {
16828 +- .component_drv = &g12a_frddr_component_drv,
16829 +- .dai_drv = &g12a_frddr_dai_drv
16830 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
16831 ++ .component_drv = &g12a_frddr_component_drv,
16832 ++ .dai_drv = &g12a_frddr_dai_drv
16833 + };
16834 +
16835 + /* On SM1, the output selection in on CTRL2 */
16836 +@@ -353,8 +352,9 @@ static const struct snd_soc_component_driver sm1_frddr_component_drv = {
16837 + };
16838 +
16839 + static const struct axg_fifo_match_data sm1_frddr_match_data = {
16840 +- .component_drv = &sm1_frddr_component_drv,
16841 +- .dai_drv = &g12a_frddr_dai_drv
16842 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
16843 ++ .component_drv = &sm1_frddr_component_drv,
16844 ++ .dai_drv = &g12a_frddr_dai_drv
16845 + };
16846 +
16847 + static const struct of_device_id axg_frddr_of_match[] = {
16848 +diff --git a/sound/soc/meson/axg-toddr.c b/sound/soc/meson/axg-toddr.c
16849 +index 7fef0b961496..e90f1b3198ee 100644
16850 +--- a/sound/soc/meson/axg-toddr.c
16851 ++++ b/sound/soc/meson/axg-toddr.c
16852 +@@ -89,7 +89,6 @@ static int axg_toddr_dai_startup(struct snd_pcm_substream *substream,
16853 + struct snd_soc_dai *dai)
16854 + {
16855 + struct axg_fifo *fifo = snd_soc_dai_get_drvdata(dai);
16856 +- unsigned int fifo_threshold;
16857 + int ret;
16858 +
16859 + /* Enable pclk to access registers and clock the fifo ip */
16860 +@@ -107,11 +106,6 @@ static int axg_toddr_dai_startup(struct snd_pcm_substream *substream,
16861 + /* Apply single buffer mode to the interface */
16862 + regmap_update_bits(fifo->map, FIFO_CTRL0, CTRL0_TODDR_PP_MODE, 0);
16863 +
16864 +- /* TODDR does not have a configurable fifo depth */
16865 +- fifo_threshold = AXG_FIFO_MIN_CNT - 1;
16866 +- regmap_update_bits(fifo->map, FIFO_CTRL1, CTRL1_THRESHOLD_MASK,
16867 +- CTRL1_THRESHOLD(fifo_threshold));
16868 +-
16869 + return 0;
16870 + }
16871 +
16872 +@@ -191,8 +185,9 @@ static const struct snd_soc_component_driver axg_toddr_component_drv = {
16873 + };
16874 +
16875 + static const struct axg_fifo_match_data axg_toddr_match_data = {
16876 +- .component_drv = &axg_toddr_component_drv,
16877 +- .dai_drv = &axg_toddr_dai_drv
16878 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
16879 ++ .component_drv = &axg_toddr_component_drv,
16880 ++ .dai_drv = &axg_toddr_dai_drv
16881 + };
16882 +
16883 + static const struct snd_soc_dai_ops g12a_toddr_ops = {
16884 +@@ -230,8 +225,9 @@ static const struct snd_soc_component_driver g12a_toddr_component_drv = {
16885 + };
16886 +
16887 + static const struct axg_fifo_match_data g12a_toddr_match_data = {
16888 +- .component_drv = &g12a_toddr_component_drv,
16889 +- .dai_drv = &g12a_toddr_dai_drv
16890 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 16, 23),
16891 ++ .component_drv = &g12a_toddr_component_drv,
16892 ++ .dai_drv = &g12a_toddr_dai_drv
16893 + };
16894 +
16895 + static const char * const sm1_toddr_sel_texts[] = {
16896 +@@ -300,8 +296,9 @@ static const struct snd_soc_component_driver sm1_toddr_component_drv = {
16897 + };
16898 +
16899 + static const struct axg_fifo_match_data sm1_toddr_match_data = {
16900 +- .component_drv = &sm1_toddr_component_drv,
16901 +- .dai_drv = &g12a_toddr_dai_drv
16902 ++ .field_threshold = REG_FIELD(FIFO_CTRL1, 12, 23),
16903 ++ .component_drv = &sm1_toddr_component_drv,
16904 ++ .dai_drv = &g12a_toddr_dai_drv
16905 + };
16906 +
16907 + static const struct of_device_id axg_toddr_of_match[] = {
16908 +diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c
16909 +index 92e4f4d08bfa..4e1fe623c390 100644
16910 +--- a/sound/soc/soc-topology.c
16911 ++++ b/sound/soc/soc-topology.c
16912 +@@ -1906,6 +1906,10 @@ static int soc_tplg_fe_link_create(struct soc_tplg *tplg,
16913 + link->num_codecs = 1;
16914 + link->num_platforms = 1;
16915 +
16916 ++ link->dobj.index = tplg->index;
16917 ++ link->dobj.ops = tplg->ops;
16918 ++ link->dobj.type = SND_SOC_DOBJ_DAI_LINK;
16919 ++
16920 + if (strlen(pcm->pcm_name)) {
16921 + link->name = kstrdup(pcm->pcm_name, GFP_KERNEL);
16922 + link->stream_name = kstrdup(pcm->pcm_name, GFP_KERNEL);
16923 +@@ -1942,9 +1946,6 @@ static int soc_tplg_fe_link_create(struct soc_tplg *tplg,
16924 + goto err;
16925 + }
16926 +
16927 +- link->dobj.index = tplg->index;
16928 +- link->dobj.ops = tplg->ops;
16929 +- link->dobj.type = SND_SOC_DOBJ_DAI_LINK;
16930 + list_add(&link->dobj.list, &tplg->comp->dobj_list);
16931 +
16932 + return 0;
16933 +diff --git a/sound/soc/sof/core.c b/sound/soc/sof/core.c
16934 +index 805918d3bcc0..a06a54f423dd 100644
16935 +--- a/sound/soc/sof/core.c
16936 ++++ b/sound/soc/sof/core.c
16937 +@@ -306,6 +306,46 @@ static int sof_machine_check(struct snd_sof_dev *sdev)
16938 + #endif
16939 + }
16940 +
16941 ++/*
16942 ++ * FW Boot State Transition Diagram
16943 ++ *
16944 ++ * +-----------------------------------------------------------------------+
16945 ++ * | |
16946 ++ * ------------------ ------------------ |
16947 ++ * | | | | |
16948 ++ * | BOOT_FAILED | | READY_FAILED |-------------------------+ |
16949 ++ * | | | | | |
16950 ++ * ------------------ ------------------ | |
16951 ++ * ^ ^ | |
16952 ++ * | | | |
16953 ++ * (FW Boot Timeout) (FW_READY FAIL) | |
16954 ++ * | | | |
16955 ++ * | | | |
16956 ++ * ------------------ | ------------------ | |
16957 ++ * | | | | | | |
16958 ++ * | IN_PROGRESS |---------------+------------->| COMPLETE | | |
16959 ++ * | | (FW Boot OK) (FW_READY OK) | | | |
16960 ++ * ------------------ ------------------ | |
16961 ++ * ^ | | |
16962 ++ * | | | |
16963 ++ * (FW Loading OK) (System Suspend/Runtime Suspend)
16964 ++ * | | | |
16965 ++ * | | | |
16966 ++ * ------------------ ------------------ | | |
16967 ++ * | | | |<-----+ | |
16968 ++ * | PREPARE | | NOT_STARTED |<---------------------+ |
16969 ++ * | | | |<---------------------------+
16970 ++ * ------------------ ------------------
16971 ++ * | ^ | ^
16972 ++ * | | | |
16973 ++ * | +-----------------------+ |
16974 ++ * | (DSP Probe OK) |
16975 ++ * | |
16976 ++ * | |
16977 ++ * +------------------------------------+
16978 ++ * (System Suspend/Runtime Suspend)
16979 ++ */
16980 ++
16981 + static int sof_probe_continue(struct snd_sof_dev *sdev)
16982 + {
16983 + struct snd_sof_pdata *plat_data = sdev->pdata;
16984 +@@ -321,6 +361,8 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
16985 + return ret;
16986 + }
16987 +
16988 ++ sdev->fw_state = SOF_FW_BOOT_PREPARE;
16989 ++
16990 + /* check machine info */
16991 + ret = sof_machine_check(sdev);
16992 + if (ret < 0) {
16993 +@@ -360,7 +402,12 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
16994 + goto fw_load_err;
16995 + }
16996 +
16997 +- /* boot the firmware */
16998 ++ sdev->fw_state = SOF_FW_BOOT_IN_PROGRESS;
16999 ++
17000 ++ /*
17001 ++ * Boot the firmware. The FW boot status will be modified
17002 ++ * in snd_sof_run_firmware() depending on the outcome.
17003 ++ */
17004 + ret = snd_sof_run_firmware(sdev);
17005 + if (ret < 0) {
17006 + dev_err(sdev->dev, "error: failed to boot DSP firmware %d\n",
17007 +@@ -394,7 +441,7 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
17008 + if (ret < 0) {
17009 + dev_err(sdev->dev,
17010 + "error: failed to register DSP DAI driver %d\n", ret);
17011 +- goto fw_run_err;
17012 ++ goto fw_trace_err;
17013 + }
17014 +
17015 + drv_name = plat_data->machine->drv_name;
17016 +@@ -408,7 +455,7 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
17017 +
17018 + if (IS_ERR(plat_data->pdev_mach)) {
17019 + ret = PTR_ERR(plat_data->pdev_mach);
17020 +- goto fw_run_err;
17021 ++ goto fw_trace_err;
17022 + }
17023 +
17024 + dev_dbg(sdev->dev, "created machine %s\n",
17025 +@@ -419,7 +466,8 @@ static int sof_probe_continue(struct snd_sof_dev *sdev)
17026 +
17027 + return 0;
17028 +
17029 +-#if !IS_ENABLED(CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE)
17030 ++fw_trace_err:
17031 ++ snd_sof_free_trace(sdev);
17032 + fw_run_err:
17033 + snd_sof_fw_unload(sdev);
17034 + fw_load_err:
17035 +@@ -428,21 +476,10 @@ ipc_err:
17036 + snd_sof_free_debug(sdev);
17037 + dbg_err:
17038 + snd_sof_remove(sdev);
17039 +-#else
17040 +-
17041 +- /*
17042 +- * when the probe_continue is handled in a work queue, the
17043 +- * probe does not fail so we don't release resources here.
17044 +- * They will be released with an explicit call to
17045 +- * snd_sof_device_remove() when the PCI/ACPI device is removed
17046 +- */
17047 +
17048 +-fw_run_err:
17049 +-fw_load_err:
17050 +-ipc_err:
17051 +-dbg_err:
17052 +-
17053 +-#endif
17054 ++ /* all resources freed, update state to match */
17055 ++ sdev->fw_state = SOF_FW_BOOT_NOT_STARTED;
17056 ++ sdev->first_boot = true;
17057 +
17058 + return ret;
17059 + }
17060 +@@ -476,6 +513,7 @@ int snd_sof_device_probe(struct device *dev, struct snd_sof_pdata *plat_data)
17061 +
17062 + sdev->pdata = plat_data;
17063 + sdev->first_boot = true;
17064 ++ sdev->fw_state = SOF_FW_BOOT_NOT_STARTED;
17065 + dev_set_drvdata(dev, sdev);
17066 +
17067 + /* check all mandatory ops */
17068 +@@ -524,10 +562,12 @@ int snd_sof_device_remove(struct device *dev)
17069 + if (IS_ENABLED(CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE))
17070 + cancel_work_sync(&sdev->probe_work);
17071 +
17072 +- snd_sof_fw_unload(sdev);
17073 +- snd_sof_ipc_free(sdev);
17074 +- snd_sof_free_debug(sdev);
17075 +- snd_sof_free_trace(sdev);
17076 ++ if (sdev->fw_state > SOF_FW_BOOT_NOT_STARTED) {
17077 ++ snd_sof_fw_unload(sdev);
17078 ++ snd_sof_ipc_free(sdev);
17079 ++ snd_sof_free_debug(sdev);
17080 ++ snd_sof_free_trace(sdev);
17081 ++ }
17082 +
17083 + /*
17084 + * Unregister machine driver. This will unbind the snd_card which
17085 +@@ -543,7 +583,8 @@ int snd_sof_device_remove(struct device *dev)
17086 + * scheduled on, when they are unloaded. Therefore, the DSP must be
17087 + * removed only after the topology has been unloaded.
17088 + */
17089 +- snd_sof_remove(sdev);
17090 ++ if (sdev->fw_state > SOF_FW_BOOT_NOT_STARTED)
17091 ++ snd_sof_remove(sdev);
17092 +
17093 + /* release firmware */
17094 + release_firmware(pdata->fw);
17095 +diff --git a/sound/soc/sof/intel/hda-loader.c b/sound/soc/sof/intel/hda-loader.c
17096 +index bae7ac3581e5..8852184a2569 100644
17097 +--- a/sound/soc/sof/intel/hda-loader.c
17098 ++++ b/sound/soc/sof/intel/hda-loader.c
17099 +@@ -295,7 +295,6 @@ int hda_dsp_cl_boot_firmware(struct snd_sof_dev *sdev)
17100 +
17101 + /* init for booting wait */
17102 + init_waitqueue_head(&sdev->boot_wait);
17103 +- sdev->boot_complete = false;
17104 +
17105 + /* prepare DMA for code loader stream */
17106 + tag = cl_stream_prepare(sdev, 0x40, stripped_firmware.size,
17107 +diff --git a/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
17108 +index 91bd88fddac7..fb17b87b684b 100644
17109 +--- a/sound/soc/sof/intel/hda.c
17110 ++++ b/sound/soc/sof/intel/hda.c
17111 +@@ -168,7 +168,7 @@ void hda_dsp_dump_skl(struct snd_sof_dev *sdev, u32 flags)
17112 + panic = snd_sof_dsp_read(sdev, HDA_DSP_BAR,
17113 + HDA_ADSP_ERROR_CODE_SKL + 0x4);
17114 +
17115 +- if (sdev->boot_complete) {
17116 ++ if (sdev->fw_state == SOF_FW_BOOT_COMPLETE) {
17117 + hda_dsp_get_registers(sdev, &xoops, &panic_info, stack,
17118 + HDA_DSP_STACK_DUMP_SIZE);
17119 + snd_sof_get_status(sdev, status, panic, &xoops, &panic_info,
17120 +@@ -195,7 +195,7 @@ void hda_dsp_dump(struct snd_sof_dev *sdev, u32 flags)
17121 + HDA_DSP_SRAM_REG_FW_STATUS);
17122 + panic = snd_sof_dsp_read(sdev, HDA_DSP_BAR, HDA_DSP_SRAM_REG_FW_TRACEP);
17123 +
17124 +- if (sdev->boot_complete) {
17125 ++ if (sdev->fw_state == SOF_FW_BOOT_COMPLETE) {
17126 + hda_dsp_get_registers(sdev, &xoops, &panic_info, stack,
17127 + HDA_DSP_STACK_DUMP_SIZE);
17128 + snd_sof_get_status(sdev, status, panic, &xoops, &panic_info,
17129 +diff --git a/sound/soc/sof/ipc.c b/sound/soc/sof/ipc.c
17130 +index 5fdfbaa8c4ed..dfe429f9e33f 100644
17131 +--- a/sound/soc/sof/ipc.c
17132 ++++ b/sound/soc/sof/ipc.c
17133 +@@ -346,19 +346,12 @@ void snd_sof_ipc_msgs_rx(struct snd_sof_dev *sdev)
17134 + break;
17135 + case SOF_IPC_FW_READY:
17136 + /* check for FW boot completion */
17137 +- if (!sdev->boot_complete) {
17138 ++ if (sdev->fw_state == SOF_FW_BOOT_IN_PROGRESS) {
17139 + err = sof_ops(sdev)->fw_ready(sdev, cmd);
17140 +- if (err < 0) {
17141 +- /*
17142 +- * this indicates a mismatch in ABI
17143 +- * between the driver and fw
17144 +- */
17145 +- dev_err(sdev->dev, "error: ABI mismatch %d\n",
17146 +- err);
17147 +- } else {
17148 +- /* firmware boot completed OK */
17149 +- sdev->boot_complete = true;
17150 +- }
17151 ++ if (err < 0)
17152 ++ sdev->fw_state = SOF_FW_BOOT_READY_FAILED;
17153 ++ else
17154 ++ sdev->fw_state = SOF_FW_BOOT_COMPLETE;
17155 +
17156 + /* wake up firmware loader */
17157 + wake_up(&sdev->boot_wait);
17158 +diff --git a/sound/soc/sof/loader.c b/sound/soc/sof/loader.c
17159 +index 432d12bd4937..31847aa3975d 100644
17160 +--- a/sound/soc/sof/loader.c
17161 ++++ b/sound/soc/sof/loader.c
17162 +@@ -512,7 +512,6 @@ int snd_sof_run_firmware(struct snd_sof_dev *sdev)
17163 + int init_core_mask;
17164 +
17165 + init_waitqueue_head(&sdev->boot_wait);
17166 +- sdev->boot_complete = false;
17167 +
17168 + /* create read-only fw_version debugfs to store boot version info */
17169 + if (sdev->first_boot) {
17170 +@@ -544,19 +543,27 @@ int snd_sof_run_firmware(struct snd_sof_dev *sdev)
17171 +
17172 + init_core_mask = ret;
17173 +
17174 +- /* now wait for the DSP to boot */
17175 +- ret = wait_event_timeout(sdev->boot_wait, sdev->boot_complete,
17176 ++ /*
17177 ++ * now wait for the DSP to boot. There are 3 possible outcomes:
17178 ++ * 1. Boot wait times out indicating FW boot failure.
17179 ++ * 2. FW boots successfully and fw_ready op succeeds.
17180 ++ * 3. FW boots but fw_ready op fails.
17181 ++ */
17182 ++ ret = wait_event_timeout(sdev->boot_wait,
17183 ++ sdev->fw_state > SOF_FW_BOOT_IN_PROGRESS,
17184 + msecs_to_jiffies(sdev->boot_timeout));
17185 + if (ret == 0) {
17186 + dev_err(sdev->dev, "error: firmware boot failure\n");
17187 + snd_sof_dsp_dbg_dump(sdev, SOF_DBG_REGS | SOF_DBG_MBOX |
17188 + SOF_DBG_TEXT | SOF_DBG_PCI);
17189 +- /* after this point FW_READY msg should be ignored */
17190 +- sdev->boot_complete = true;
17191 ++ sdev->fw_state = SOF_FW_BOOT_FAILED;
17192 + return -EIO;
17193 + }
17194 +
17195 +- dev_info(sdev->dev, "firmware boot complete\n");
17196 ++ if (sdev->fw_state == SOF_FW_BOOT_COMPLETE)
17197 ++ dev_info(sdev->dev, "firmware boot complete\n");
17198 ++ else
17199 ++ return -EIO; /* FW boots but fw_ready op failed */
17200 +
17201 + /* perform post fw run operations */
17202 + ret = snd_sof_dsp_post_fw_run(sdev);
17203 +diff --git a/sound/soc/sof/pm.c b/sound/soc/sof/pm.c
17204 +index 0fd5567237a8..bc09cb5f458b 100644
17205 +--- a/sound/soc/sof/pm.c
17206 ++++ b/sound/soc/sof/pm.c
17207 +@@ -269,6 +269,10 @@ static int sof_resume(struct device *dev, bool runtime_resume)
17208 + if (!sof_ops(sdev)->resume || !sof_ops(sdev)->runtime_resume)
17209 + return 0;
17210 +
17211 ++ /* DSP was never successfully started, nothing to resume */
17212 ++ if (sdev->first_boot)
17213 ++ return 0;
17214 ++
17215 + /*
17216 + * if the runtime_resume flag is set, call the runtime_resume routine
17217 + * or else call the system resume routine
17218 +@@ -283,6 +287,8 @@ static int sof_resume(struct device *dev, bool runtime_resume)
17219 + return ret;
17220 + }
17221 +
17222 ++ sdev->fw_state = SOF_FW_BOOT_PREPARE;
17223 ++
17224 + /* load the firmware */
17225 + ret = snd_sof_load_firmware(sdev);
17226 + if (ret < 0) {
17227 +@@ -292,7 +298,12 @@ static int sof_resume(struct device *dev, bool runtime_resume)
17228 + return ret;
17229 + }
17230 +
17231 +- /* boot the firmware */
17232 ++ sdev->fw_state = SOF_FW_BOOT_IN_PROGRESS;
17233 ++
17234 ++ /*
17235 ++ * Boot the firmware. The FW boot status will be modified
17236 ++ * in snd_sof_run_firmware() depending on the outcome.
17237 ++ */
17238 + ret = snd_sof_run_firmware(sdev);
17239 + if (ret < 0) {
17240 + dev_err(sdev->dev,
17241 +@@ -341,6 +352,9 @@ static int sof_suspend(struct device *dev, bool runtime_suspend)
17242 + if (!sof_ops(sdev)->suspend)
17243 + return 0;
17244 +
17245 ++ if (sdev->fw_state != SOF_FW_BOOT_COMPLETE)
17246 ++ goto power_down;
17247 ++
17248 + /* release trace */
17249 + snd_sof_release_trace(sdev);
17250 +
17251 +@@ -378,6 +392,12 @@ static int sof_suspend(struct device *dev, bool runtime_suspend)
17252 + ret);
17253 + }
17254 +
17255 ++power_down:
17256 ++
17257 ++ /* return if the DSP was not probed successfully */
17258 ++ if (sdev->fw_state == SOF_FW_BOOT_NOT_STARTED)
17259 ++ return 0;
17260 ++
17261 + /* power down all DSP cores */
17262 + if (runtime_suspend)
17263 + ret = snd_sof_dsp_runtime_suspend(sdev);
17264 +@@ -388,6 +408,9 @@ static int sof_suspend(struct device *dev, bool runtime_suspend)
17265 + "error: failed to power down DSP during suspend %d\n",
17266 + ret);
17267 +
17268 ++ /* reset FW state */
17269 ++ sdev->fw_state = SOF_FW_BOOT_NOT_STARTED;
17270 ++
17271 + return ret;
17272 + }
17273 +
17274 +diff --git a/sound/soc/sof/sof-priv.h b/sound/soc/sof/sof-priv.h
17275 +index c7c2c70ee4d0..59cc711e99ff 100644
17276 +--- a/sound/soc/sof/sof-priv.h
17277 ++++ b/sound/soc/sof/sof-priv.h
17278 +@@ -387,6 +387,15 @@ struct snd_sof_dai {
17279 + struct list_head list; /* list in sdev dai list */
17280 + };
17281 +
17282 ++enum snd_sof_fw_state {
17283 ++ SOF_FW_BOOT_NOT_STARTED = 0,
17284 ++ SOF_FW_BOOT_PREPARE,
17285 ++ SOF_FW_BOOT_IN_PROGRESS,
17286 ++ SOF_FW_BOOT_FAILED,
17287 ++ SOF_FW_BOOT_READY_FAILED, /* firmware booted but fw_ready op failed */
17288 ++ SOF_FW_BOOT_COMPLETE,
17289 ++};
17290 ++
17291 + /*
17292 + * SOF Device Level.
17293 + */
17294 +@@ -408,7 +417,7 @@ struct snd_sof_dev {
17295 +
17296 + /* DSP firmware boot */
17297 + wait_queue_head_t boot_wait;
17298 +- u32 boot_complete;
17299 ++ enum snd_sof_fw_state fw_state;
17300 + u32 first_boot;
17301 +
17302 + /* work queue in case the probe is implemented in two steps */
17303 +diff --git a/sound/soc/tegra/tegra30_i2s.c b/sound/soc/tegra/tegra30_i2s.c
17304 +index dbed3c5408e7..d59882ec48f1 100644
17305 +--- a/sound/soc/tegra/tegra30_i2s.c
17306 ++++ b/sound/soc/tegra/tegra30_i2s.c
17307 +@@ -127,7 +127,7 @@ static int tegra30_i2s_hw_params(struct snd_pcm_substream *substream,
17308 + struct device *dev = dai->dev;
17309 + struct tegra30_i2s *i2s = snd_soc_dai_get_drvdata(dai);
17310 + unsigned int mask, val, reg;
17311 +- int ret, sample_size, srate, i2sclock, bitcnt, audio_bits;
17312 ++ int ret, sample_size, srate, i2sclock, bitcnt;
17313 + struct tegra30_ahub_cif_conf cif_conf;
17314 +
17315 + if (params_channels(params) != 2)
17316 +@@ -137,19 +137,8 @@ static int tegra30_i2s_hw_params(struct snd_pcm_substream *substream,
17317 + switch (params_format(params)) {
17318 + case SNDRV_PCM_FORMAT_S16_LE:
17319 + val = TEGRA30_I2S_CTRL_BIT_SIZE_16;
17320 +- audio_bits = TEGRA30_AUDIOCIF_BITS_16;
17321 + sample_size = 16;
17322 + break;
17323 +- case SNDRV_PCM_FORMAT_S24_LE:
17324 +- val = TEGRA30_I2S_CTRL_BIT_SIZE_24;
17325 +- audio_bits = TEGRA30_AUDIOCIF_BITS_24;
17326 +- sample_size = 24;
17327 +- break;
17328 +- case SNDRV_PCM_FORMAT_S32_LE:
17329 +- val = TEGRA30_I2S_CTRL_BIT_SIZE_32;
17330 +- audio_bits = TEGRA30_AUDIOCIF_BITS_32;
17331 +- sample_size = 32;
17332 +- break;
17333 + default:
17334 + return -EINVAL;
17335 + }
17336 +@@ -181,8 +170,8 @@ static int tegra30_i2s_hw_params(struct snd_pcm_substream *substream,
17337 + cif_conf.threshold = 0;
17338 + cif_conf.audio_channels = 2;
17339 + cif_conf.client_channels = 2;
17340 +- cif_conf.audio_bits = audio_bits;
17341 +- cif_conf.client_bits = audio_bits;
17342 ++ cif_conf.audio_bits = TEGRA30_AUDIOCIF_BITS_16;
17343 ++ cif_conf.client_bits = TEGRA30_AUDIOCIF_BITS_16;
17344 + cif_conf.expand = 0;
17345 + cif_conf.stereo_conv = 0;
17346 + cif_conf.replicate = 0;
17347 +@@ -317,18 +306,14 @@ static const struct snd_soc_dai_driver tegra30_i2s_dai_template = {
17348 + .channels_min = 2,
17349 + .channels_max = 2,
17350 + .rates = SNDRV_PCM_RATE_8000_96000,
17351 +- .formats = SNDRV_PCM_FMTBIT_S32_LE |
17352 +- SNDRV_PCM_FMTBIT_S24_LE |
17353 +- SNDRV_PCM_FMTBIT_S16_LE,
17354 ++ .formats = SNDRV_PCM_FMTBIT_S16_LE,
17355 + },
17356 + .capture = {
17357 + .stream_name = "Capture",
17358 + .channels_min = 2,
17359 + .channels_max = 2,
17360 + .rates = SNDRV_PCM_RATE_8000_96000,
17361 +- .formats = SNDRV_PCM_FMTBIT_S32_LE |
17362 +- SNDRV_PCM_FMTBIT_S24_LE |
17363 +- SNDRV_PCM_FMTBIT_S16_LE,
17364 ++ .formats = SNDRV_PCM_FMTBIT_S16_LE,
17365 + },
17366 + .ops = &tegra30_i2s_dai_ops,
17367 + .symmetric_rates = 1,
17368 +diff --git a/sound/usb/mixer_scarlett_gen2.c b/sound/usb/mixer_scarlett_gen2.c
17369 +index 94b903d95afa..74c00c905d24 100644
17370 +--- a/sound/usb/mixer_scarlett_gen2.c
17371 ++++ b/sound/usb/mixer_scarlett_gen2.c
17372 +@@ -558,11 +558,11 @@ static const struct scarlett2_config
17373 +
17374 + /* proprietary request/response format */
17375 + struct scarlett2_usb_packet {
17376 +- u32 cmd;
17377 +- u16 size;
17378 +- u16 seq;
17379 +- u32 error;
17380 +- u32 pad;
17381 ++ __le32 cmd;
17382 ++ __le16 size;
17383 ++ __le16 seq;
17384 ++ __le32 error;
17385 ++ __le32 pad;
17386 + u8 data[];
17387 + };
17388 +
17389 +@@ -664,11 +664,11 @@ static int scarlett2_usb(
17390 + "Scarlett Gen 2 USB invalid response; "
17391 + "cmd tx/rx %d/%d seq %d/%d size %d/%d "
17392 + "error %d pad %d\n",
17393 +- le16_to_cpu(req->cmd), le16_to_cpu(resp->cmd),
17394 ++ le32_to_cpu(req->cmd), le32_to_cpu(resp->cmd),
17395 + le16_to_cpu(req->seq), le16_to_cpu(resp->seq),
17396 + resp_size, le16_to_cpu(resp->size),
17397 +- le16_to_cpu(resp->error),
17398 +- le16_to_cpu(resp->pad));
17399 ++ le32_to_cpu(resp->error),
17400 ++ le32_to_cpu(resp->pad));
17401 + err = -EINVAL;
17402 + goto unlock;
17403 + }
17404 +@@ -687,7 +687,7 @@ error:
17405 + /* Send SCARLETT2_USB_DATA_CMD SCARLETT2_USB_CONFIG_SAVE */
17406 + static void scarlett2_config_save(struct usb_mixer_interface *mixer)
17407 + {
17408 +- u32 req = cpu_to_le32(SCARLETT2_USB_CONFIG_SAVE);
17409 ++ __le32 req = cpu_to_le32(SCARLETT2_USB_CONFIG_SAVE);
17410 +
17411 + scarlett2_usb(mixer, SCARLETT2_USB_DATA_CMD,
17412 + &req, sizeof(u32),
17413 +@@ -713,11 +713,11 @@ static int scarlett2_usb_set_config(
17414 + const struct scarlett2_config config_item =
17415 + scarlett2_config_items[config_item_num];
17416 + struct {
17417 +- u32 offset;
17418 +- u32 bytes;
17419 +- s32 value;
17420 ++ __le32 offset;
17421 ++ __le32 bytes;
17422 ++ __le32 value;
17423 + } __packed req;
17424 +- u32 req2;
17425 ++ __le32 req2;
17426 + int err;
17427 + struct scarlett2_mixer_data *private = mixer->private_data;
17428 +
17429 +@@ -753,8 +753,8 @@ static int scarlett2_usb_get(
17430 + int offset, void *buf, int size)
17431 + {
17432 + struct {
17433 +- u32 offset;
17434 +- u32 size;
17435 ++ __le32 offset;
17436 ++ __le32 size;
17437 + } __packed req;
17438 +
17439 + req.offset = cpu_to_le32(offset);
17440 +@@ -794,8 +794,8 @@ static int scarlett2_usb_set_mix(struct usb_mixer_interface *mixer,
17441 + const struct scarlett2_device_info *info = private->info;
17442 +
17443 + struct {
17444 +- u16 mix_num;
17445 +- u16 data[SCARLETT2_INPUT_MIX_MAX];
17446 ++ __le16 mix_num;
17447 ++ __le16 data[SCARLETT2_INPUT_MIX_MAX];
17448 + } __packed req;
17449 +
17450 + int i, j;
17451 +@@ -850,9 +850,9 @@ static int scarlett2_usb_set_mux(struct usb_mixer_interface *mixer)
17452 + };
17453 +
17454 + struct {
17455 +- u16 pad;
17456 +- u16 num;
17457 +- u32 data[SCARLETT2_MUX_MAX];
17458 ++ __le16 pad;
17459 ++ __le16 num;
17460 ++ __le32 data[SCARLETT2_MUX_MAX];
17461 + } __packed req;
17462 +
17463 + req.pad = 0;
17464 +@@ -911,9 +911,9 @@ static int scarlett2_usb_get_meter_levels(struct usb_mixer_interface *mixer,
17465 + u16 *levels)
17466 + {
17467 + struct {
17468 +- u16 pad;
17469 +- u16 num_meters;
17470 +- u32 magic;
17471 ++ __le16 pad;
17472 ++ __le16 num_meters;
17473 ++ __le32 magic;
17474 + } __packed req;
17475 + u32 resp[SCARLETT2_NUM_METERS];
17476 + int i, err;
17477 +diff --git a/sound/usb/validate.c b/sound/usb/validate.c
17478 +index 36ae78c3da3d..c43d8c3895a9 100644
17479 +--- a/sound/usb/validate.c
17480 ++++ b/sound/usb/validate.c
17481 +@@ -110,7 +110,7 @@ static bool validate_processing_unit(const void *p,
17482 + default:
17483 + if (v->type == UAC1_EXTENSION_UNIT)
17484 + return true; /* OK */
17485 +- switch (d->wProcessType) {
17486 ++ switch (le16_to_cpu(d->wProcessType)) {
17487 + case UAC_PROCESS_UP_DOWNMIX:
17488 + case UAC_PROCESS_DOLBY_PROLOGIC:
17489 + if (d->bLength < len + 1) /* bNrModes */
17490 +@@ -125,7 +125,7 @@ static bool validate_processing_unit(const void *p,
17491 + case UAC_VERSION_2:
17492 + if (v->type == UAC2_EXTENSION_UNIT_V2)
17493 + return true; /* OK */
17494 +- switch (d->wProcessType) {
17495 ++ switch (le16_to_cpu(d->wProcessType)) {
17496 + case UAC2_PROCESS_UP_DOWNMIX:
17497 + case UAC2_PROCESS_DOLBY_PROLOCIC: /* SiC! */
17498 + if (d->bLength < len + 1) /* bNrModes */
17499 +@@ -142,7 +142,7 @@ static bool validate_processing_unit(const void *p,
17500 + len += 2; /* wClusterDescrID */
17501 + break;
17502 + }
17503 +- switch (d->wProcessType) {
17504 ++ switch (le16_to_cpu(d->wProcessType)) {
17505 + case UAC3_PROCESS_UP_DOWNMIX:
17506 + if (d->bLength < len + 1) /* bNrModes */
17507 + return false;
17508 +diff --git a/tools/kvm/kvm_stat/kvm_stat b/tools/kvm/kvm_stat/kvm_stat
17509 +index ad1b9e646c49..4cf93110c259 100755
17510 +--- a/tools/kvm/kvm_stat/kvm_stat
17511 ++++ b/tools/kvm/kvm_stat/kvm_stat
17512 +@@ -270,6 +270,7 @@ class ArchX86(Arch):
17513 + def __init__(self, exit_reasons):
17514 + self.sc_perf_evt_open = 298
17515 + self.ioctl_numbers = IOCTL_NUMBERS
17516 ++ self.exit_reason_field = 'exit_reason'
17517 + self.exit_reasons = exit_reasons
17518 +
17519 + def debugfs_is_child(self, field):
17520 +@@ -289,6 +290,7 @@ class ArchPPC(Arch):
17521 + # numbers depend on the wordsize.
17522 + char_ptr_size = ctypes.sizeof(ctypes.c_char_p)
17523 + self.ioctl_numbers['SET_FILTER'] = 0x80002406 | char_ptr_size << 16
17524 ++ self.exit_reason_field = 'exit_nr'
17525 + self.exit_reasons = {}
17526 +
17527 + def debugfs_is_child(self, field):
17528 +@@ -300,6 +302,7 @@ class ArchA64(Arch):
17529 + def __init__(self):
17530 + self.sc_perf_evt_open = 241
17531 + self.ioctl_numbers = IOCTL_NUMBERS
17532 ++ self.exit_reason_field = 'esr_ec'
17533 + self.exit_reasons = AARCH64_EXIT_REASONS
17534 +
17535 + def debugfs_is_child(self, field):
17536 +@@ -311,6 +314,7 @@ class ArchS390(Arch):
17537 + def __init__(self):
17538 + self.sc_perf_evt_open = 331
17539 + self.ioctl_numbers = IOCTL_NUMBERS
17540 ++ self.exit_reason_field = None
17541 + self.exit_reasons = None
17542 +
17543 + def debugfs_is_child(self, field):
17544 +@@ -541,8 +545,8 @@ class TracepointProvider(Provider):
17545 + """
17546 + filters = {}
17547 + filters['kvm_userspace_exit'] = ('reason', USERSPACE_EXIT_REASONS)
17548 +- if ARCH.exit_reasons:
17549 +- filters['kvm_exit'] = ('exit_reason', ARCH.exit_reasons)
17550 ++ if ARCH.exit_reason_field and ARCH.exit_reasons:
17551 ++ filters['kvm_exit'] = (ARCH.exit_reason_field, ARCH.exit_reasons)
17552 + return filters
17553 +
17554 + def _get_available_fields(self):
17555 +diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile
17556 +index 97830e46d1a0..68e8702f6f10 100644
17557 +--- a/tools/lib/bpf/Makefile
17558 ++++ b/tools/lib/bpf/Makefile
17559 +@@ -148,6 +148,7 @@ TAGS_PROG := $(if $(shell which etags 2>/dev/null),etags,ctags)
17560 +
17561 + GLOBAL_SYM_COUNT = $(shell readelf -s --wide $(BPF_IN_SHARED) | \
17562 + cut -d "@" -f1 | sed 's/_v[0-9]_[0-9]_[0-9].*//' | \
17563 ++ sed 's/\[.*\]//' | \
17564 + awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$NF}' | \
17565 + sort -u | wc -l)
17566 + VERSIONED_SYM_COUNT = $(shell readelf -s --wide $(OUTPUT)libbpf.so | \
17567 +@@ -214,6 +215,7 @@ check_abi: $(OUTPUT)libbpf.so
17568 + "versioned in $(VERSION_SCRIPT)." >&2; \
17569 + readelf -s --wide $(BPF_IN_SHARED) | \
17570 + cut -d "@" -f1 | sed 's/_v[0-9]_[0-9]_[0-9].*//' | \
17571 ++ sed 's/\[.*\]//' | \
17572 + awk '/GLOBAL/ && /DEFAULT/ && !/UND/ {print $$NF}'| \
17573 + sort -u > $(OUTPUT)libbpf_global_syms.tmp; \
17574 + readelf -s --wide $(OUTPUT)libbpf.so | \
17575 +diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
17576 +index 3f09772192f1..6d1bb761a544 100644
17577 +--- a/tools/lib/bpf/libbpf.c
17578 ++++ b/tools/lib/bpf/libbpf.c
17579 +@@ -1242,15 +1242,15 @@ static int bpf_object__init_user_btf_map(struct bpf_object *obj,
17580 + }
17581 + sz = btf__resolve_size(obj->btf, t->type);
17582 + if (sz < 0) {
17583 +- pr_warn("map '%s': can't determine key size for type [%u]: %lld.\n",
17584 +- map_name, t->type, sz);
17585 ++ pr_warn("map '%s': can't determine key size for type [%u]: %zd.\n",
17586 ++ map_name, t->type, (ssize_t)sz);
17587 + return sz;
17588 + }
17589 +- pr_debug("map '%s': found key [%u], sz = %lld.\n",
17590 +- map_name, t->type, sz);
17591 ++ pr_debug("map '%s': found key [%u], sz = %zd.\n",
17592 ++ map_name, t->type, (ssize_t)sz);
17593 + if (map->def.key_size && map->def.key_size != sz) {
17594 +- pr_warn("map '%s': conflicting key size %u != %lld.\n",
17595 +- map_name, map->def.key_size, sz);
17596 ++ pr_warn("map '%s': conflicting key size %u != %zd.\n",
17597 ++ map_name, map->def.key_size, (ssize_t)sz);
17598 + return -EINVAL;
17599 + }
17600 + map->def.key_size = sz;
17601 +@@ -1285,15 +1285,15 @@ static int bpf_object__init_user_btf_map(struct bpf_object *obj,
17602 + }
17603 + sz = btf__resolve_size(obj->btf, t->type);
17604 + if (sz < 0) {
17605 +- pr_warn("map '%s': can't determine value size for type [%u]: %lld.\n",
17606 +- map_name, t->type, sz);
17607 ++ pr_warn("map '%s': can't determine value size for type [%u]: %zd.\n",
17608 ++ map_name, t->type, (ssize_t)sz);
17609 + return sz;
17610 + }
17611 +- pr_debug("map '%s': found value [%u], sz = %lld.\n",
17612 +- map_name, t->type, sz);
17613 ++ pr_debug("map '%s': found value [%u], sz = %zd.\n",
17614 ++ map_name, t->type, (ssize_t)sz);
17615 + if (map->def.value_size && map->def.value_size != sz) {
17616 +- pr_warn("map '%s': conflicting value size %u != %lld.\n",
17617 +- map_name, map->def.value_size, sz);
17618 ++ pr_warn("map '%s': conflicting value size %u != %zd.\n",
17619 ++ map_name, map->def.value_size, (ssize_t)sz);
17620 + return -EINVAL;
17621 + }
17622 + map->def.value_size = sz;
17623 +@@ -1817,7 +1817,8 @@ static int bpf_program__record_reloc(struct bpf_program *prog,
17624 + return -LIBBPF_ERRNO__RELOC;
17625 + }
17626 + if (sym->st_value % 8) {
17627 +- pr_warn("bad call relo offset: %llu\n", (__u64)sym->st_value);
17628 ++ pr_warn("bad call relo offset: %zu\n",
17629 ++ (size_t)sym->st_value);
17630 + return -LIBBPF_ERRNO__RELOC;
17631 + }
17632 + reloc_desc->type = RELO_CALL;
17633 +@@ -1859,8 +1860,8 @@ static int bpf_program__record_reloc(struct bpf_program *prog,
17634 + break;
17635 + }
17636 + if (map_idx >= nr_maps) {
17637 +- pr_warn("map relo failed to find map for sec %u, off %llu\n",
17638 +- shdr_idx, (__u64)sym->st_value);
17639 ++ pr_warn("map relo failed to find map for sec %u, off %zu\n",
17640 ++ shdr_idx, (size_t)sym->st_value);
17641 + return -LIBBPF_ERRNO__RELOC;
17642 + }
17643 + reloc_desc->type = RELO_LD64;
17644 +@@ -1941,9 +1942,9 @@ bpf_program__collect_reloc(struct bpf_program *prog, GElf_Shdr *shdr,
17645 + name = elf_strptr(obj->efile.elf, obj->efile.strtabidx,
17646 + sym.st_name) ? : "<?>";
17647 +
17648 +- pr_debug("relo for shdr %u, symb %llu, value %llu, type %d, bind %d, name %d (\'%s\'), insn %u\n",
17649 +- (__u32)sym.st_shndx, (__u64)GELF_R_SYM(rel.r_info),
17650 +- (__u64)sym.st_value, GELF_ST_TYPE(sym.st_info),
17651 ++ pr_debug("relo for shdr %u, symb %zu, value %zu, type %d, bind %d, name %d (\'%s\'), insn %u\n",
17652 ++ (__u32)sym.st_shndx, (size_t)GELF_R_SYM(rel.r_info),
17653 ++ (size_t)sym.st_value, GELF_ST_TYPE(sym.st_info),
17654 + GELF_ST_BIND(sym.st_info), sym.st_name, name,
17655 + insn_idx);
17656 +
17657 +@@ -2743,7 +2744,9 @@ static struct ids_vec *bpf_core_find_cands(const struct btf *local_btf,
17658 + if (strncmp(local_name, targ_name, local_essent_len) == 0) {
17659 + pr_debug("[%d] %s: found candidate [%d] %s\n",
17660 + local_type_id, local_name, i, targ_name);
17661 +- new_ids = realloc(cand_ids->data, cand_ids->len + 1);
17662 ++ new_ids = reallocarray(cand_ids->data,
17663 ++ cand_ids->len + 1,
17664 ++ sizeof(*cand_ids->data));
17665 + if (!new_ids) {
17666 + err = -ENOMEM;
17667 + goto err_out;
17668 +@@ -5944,7 +5947,7 @@ struct perf_buffer {
17669 + size_t mmap_size;
17670 + struct perf_cpu_buf **cpu_bufs;
17671 + struct epoll_event *events;
17672 +- int cpu_cnt;
17673 ++ int cpu_cnt; /* number of allocated CPU buffers */
17674 + int epoll_fd; /* perf event FD */
17675 + int map_fd; /* BPF_MAP_TYPE_PERF_EVENT_ARRAY BPF map FD */
17676 + };
17677 +@@ -6078,11 +6081,13 @@ perf_buffer__new_raw(int map_fd, size_t page_cnt,
17678 + static struct perf_buffer *__perf_buffer__new(int map_fd, size_t page_cnt,
17679 + struct perf_buffer_params *p)
17680 + {
17681 ++ const char *online_cpus_file = "/sys/devices/system/cpu/online";
17682 + struct bpf_map_info map = {};
17683 + char msg[STRERR_BUFSIZE];
17684 + struct perf_buffer *pb;
17685 ++ bool *online = NULL;
17686 + __u32 map_info_len;
17687 +- int err, i;
17688 ++ int err, i, j, n;
17689 +
17690 + if (page_cnt & (page_cnt - 1)) {
17691 + pr_warn("page count should be power of two, but is %zu\n",
17692 +@@ -6151,20 +6156,32 @@ static struct perf_buffer *__perf_buffer__new(int map_fd, size_t page_cnt,
17693 + goto error;
17694 + }
17695 +
17696 +- for (i = 0; i < pb->cpu_cnt; i++) {
17697 ++ err = parse_cpu_mask_file(online_cpus_file, &online, &n);
17698 ++ if (err) {
17699 ++ pr_warn("failed to get online CPU mask: %d\n", err);
17700 ++ goto error;
17701 ++ }
17702 ++
17703 ++ for (i = 0, j = 0; i < pb->cpu_cnt; i++) {
17704 + struct perf_cpu_buf *cpu_buf;
17705 + int cpu, map_key;
17706 +
17707 + cpu = p->cpu_cnt > 0 ? p->cpus[i] : i;
17708 + map_key = p->cpu_cnt > 0 ? p->map_keys[i] : i;
17709 +
17710 ++ /* in case user didn't explicitly requested particular CPUs to
17711 ++ * be attached to, skip offline/not present CPUs
17712 ++ */
17713 ++ if (p->cpu_cnt <= 0 && (cpu >= n || !online[cpu]))
17714 ++ continue;
17715 ++
17716 + cpu_buf = perf_buffer__open_cpu_buf(pb, p->attr, cpu, map_key);
17717 + if (IS_ERR(cpu_buf)) {
17718 + err = PTR_ERR(cpu_buf);
17719 + goto error;
17720 + }
17721 +
17722 +- pb->cpu_bufs[i] = cpu_buf;
17723 ++ pb->cpu_bufs[j] = cpu_buf;
17724 +
17725 + err = bpf_map_update_elem(pb->map_fd, &map_key,
17726 + &cpu_buf->fd, 0);
17727 +@@ -6176,21 +6193,25 @@ static struct perf_buffer *__perf_buffer__new(int map_fd, size_t page_cnt,
17728 + goto error;
17729 + }
17730 +
17731 +- pb->events[i].events = EPOLLIN;
17732 +- pb->events[i].data.ptr = cpu_buf;
17733 ++ pb->events[j].events = EPOLLIN;
17734 ++ pb->events[j].data.ptr = cpu_buf;
17735 + if (epoll_ctl(pb->epoll_fd, EPOLL_CTL_ADD, cpu_buf->fd,
17736 +- &pb->events[i]) < 0) {
17737 ++ &pb->events[j]) < 0) {
17738 + err = -errno;
17739 + pr_warn("failed to epoll_ctl cpu #%d perf FD %d: %s\n",
17740 + cpu, cpu_buf->fd,
17741 + libbpf_strerror_r(err, msg, sizeof(msg)));
17742 + goto error;
17743 + }
17744 ++ j++;
17745 + }
17746 ++ pb->cpu_cnt = j;
17747 ++ free(online);
17748 +
17749 + return pb;
17750 +
17751 + error:
17752 ++ free(online);
17753 + if (pb)
17754 + perf_buffer__free(pb);
17755 + return ERR_PTR(err);
17756 +@@ -6521,61 +6542,104 @@ void bpf_program__bpil_offs_to_addr(struct bpf_prog_info_linear *info_linear)
17757 + }
17758 + }
17759 +
17760 +-int libbpf_num_possible_cpus(void)
17761 ++int parse_cpu_mask_str(const char *s, bool **mask, int *mask_sz)
17762 + {
17763 +- static const char *fcpu = "/sys/devices/system/cpu/possible";
17764 +- int len = 0, n = 0, il = 0, ir = 0;
17765 +- unsigned int start = 0, end = 0;
17766 +- int tmp_cpus = 0;
17767 +- static int cpus;
17768 +- char buf[128];
17769 +- int error = 0;
17770 +- int fd = -1;
17771 ++ int err = 0, n, len, start, end = -1;
17772 ++ bool *tmp;
17773 +
17774 +- tmp_cpus = READ_ONCE(cpus);
17775 +- if (tmp_cpus > 0)
17776 +- return tmp_cpus;
17777 ++ *mask = NULL;
17778 ++ *mask_sz = 0;
17779 ++
17780 ++ /* Each sub string separated by ',' has format \d+-\d+ or \d+ */
17781 ++ while (*s) {
17782 ++ if (*s == ',' || *s == '\n') {
17783 ++ s++;
17784 ++ continue;
17785 ++ }
17786 ++ n = sscanf(s, "%d%n-%d%n", &start, &len, &end, &len);
17787 ++ if (n <= 0 || n > 2) {
17788 ++ pr_warn("Failed to get CPU range %s: %d\n", s, n);
17789 ++ err = -EINVAL;
17790 ++ goto cleanup;
17791 ++ } else if (n == 1) {
17792 ++ end = start;
17793 ++ }
17794 ++ if (start < 0 || start > end) {
17795 ++ pr_warn("Invalid CPU range [%d,%d] in %s\n",
17796 ++ start, end, s);
17797 ++ err = -EINVAL;
17798 ++ goto cleanup;
17799 ++ }
17800 ++ tmp = realloc(*mask, end + 1);
17801 ++ if (!tmp) {
17802 ++ err = -ENOMEM;
17803 ++ goto cleanup;
17804 ++ }
17805 ++ *mask = tmp;
17806 ++ memset(tmp + *mask_sz, 0, start - *mask_sz);
17807 ++ memset(tmp + start, 1, end - start + 1);
17808 ++ *mask_sz = end + 1;
17809 ++ s += len;
17810 ++ }
17811 ++ if (!*mask_sz) {
17812 ++ pr_warn("Empty CPU range\n");
17813 ++ return -EINVAL;
17814 ++ }
17815 ++ return 0;
17816 ++cleanup:
17817 ++ free(*mask);
17818 ++ *mask = NULL;
17819 ++ return err;
17820 ++}
17821 ++
17822 ++int parse_cpu_mask_file(const char *fcpu, bool **mask, int *mask_sz)
17823 ++{
17824 ++ int fd, err = 0, len;
17825 ++ char buf[128];
17826 +
17827 + fd = open(fcpu, O_RDONLY);
17828 + if (fd < 0) {
17829 +- error = errno;
17830 +- pr_warn("Failed to open file %s: %s\n", fcpu, strerror(error));
17831 +- return -error;
17832 ++ err = -errno;
17833 ++ pr_warn("Failed to open cpu mask file %s: %d\n", fcpu, err);
17834 ++ return err;
17835 + }
17836 + len = read(fd, buf, sizeof(buf));
17837 + close(fd);
17838 + if (len <= 0) {
17839 +- error = len ? errno : EINVAL;
17840 +- pr_warn("Failed to read # of possible cpus from %s: %s\n",
17841 +- fcpu, strerror(error));
17842 +- return -error;
17843 ++ err = len ? -errno : -EINVAL;
17844 ++ pr_warn("Failed to read cpu mask from %s: %d\n", fcpu, err);
17845 ++ return err;
17846 + }
17847 +- if (len == sizeof(buf)) {
17848 +- pr_warn("File %s size overflow\n", fcpu);
17849 +- return -EOVERFLOW;
17850 ++ if (len >= sizeof(buf)) {
17851 ++ pr_warn("CPU mask is too big in file %s\n", fcpu);
17852 ++ return -E2BIG;
17853 + }
17854 + buf[len] = '\0';
17855 +
17856 +- for (ir = 0, tmp_cpus = 0; ir <= len; ir++) {
17857 +- /* Each sub string separated by ',' has format \d+-\d+ or \d+ */
17858 +- if (buf[ir] == ',' || buf[ir] == '\0') {
17859 +- buf[ir] = '\0';
17860 +- n = sscanf(&buf[il], "%u-%u", &start, &end);
17861 +- if (n <= 0) {
17862 +- pr_warn("Failed to get # CPUs from %s\n",
17863 +- &buf[il]);
17864 +- return -EINVAL;
17865 +- } else if (n == 1) {
17866 +- end = start;
17867 +- }
17868 +- tmp_cpus += end - start + 1;
17869 +- il = ir + 1;
17870 +- }
17871 +- }
17872 +- if (tmp_cpus <= 0) {
17873 +- pr_warn("Invalid #CPUs %d from %s\n", tmp_cpus, fcpu);
17874 +- return -EINVAL;
17875 ++ return parse_cpu_mask_str(buf, mask, mask_sz);
17876 ++}
17877 ++
17878 ++int libbpf_num_possible_cpus(void)
17879 ++{
17880 ++ static const char *fcpu = "/sys/devices/system/cpu/possible";
17881 ++ static int cpus;
17882 ++ int err, n, i, tmp_cpus;
17883 ++ bool *mask;
17884 ++
17885 ++ tmp_cpus = READ_ONCE(cpus);
17886 ++ if (tmp_cpus > 0)
17887 ++ return tmp_cpus;
17888 ++
17889 ++ err = parse_cpu_mask_file(fcpu, &mask, &n);
17890 ++ if (err)
17891 ++ return err;
17892 ++
17893 ++ tmp_cpus = 0;
17894 ++ for (i = 0; i < n; i++) {
17895 ++ if (mask[i])
17896 ++ tmp_cpus++;
17897 + }
17898 ++ free(mask);
17899 +
17900 + WRITE_ONCE(cpus, tmp_cpus);
17901 + return tmp_cpus;
17902 +diff --git a/tools/lib/bpf/libbpf_internal.h b/tools/lib/bpf/libbpf_internal.h
17903 +index 97ac17a64a58..3683af9dc23e 100644
17904 +--- a/tools/lib/bpf/libbpf_internal.h
17905 ++++ b/tools/lib/bpf/libbpf_internal.h
17906 +@@ -76,7 +76,7 @@ static inline bool libbpf_validate_opts(const char *opts,
17907 +
17908 + for (i = opts_sz; i < user_sz; i++) {
17909 + if (opts[i]) {
17910 +- pr_warn("%s has non-zero extra bytes",
17911 ++ pr_warn("%s has non-zero extra bytes\n",
17912 + type_name);
17913 + return false;
17914 + }
17915 +@@ -95,6 +95,8 @@ static inline bool libbpf_validate_opts(const char *opts,
17916 + #define OPTS_GET(opts, field, fallback_value) \
17917 + (OPTS_HAS(opts, field) ? (opts)->field : fallback_value)
17918 +
17919 ++int parse_cpu_mask_str(const char *s, bool **mask, int *mask_sz);
17920 ++int parse_cpu_mask_file(const char *fcpu, bool **mask, int *mask_sz);
17921 + int libbpf__load_raw_btf(const char *raw_types, size_t types_len,
17922 + const char *str_sec, size_t str_len);
17923 +
17924 +diff --git a/tools/objtool/sync-check.sh b/tools/objtool/sync-check.sh
17925 +index 9bd04bbed01e..2a1261bfbb62 100755
17926 +--- a/tools/objtool/sync-check.sh
17927 ++++ b/tools/objtool/sync-check.sh
17928 +@@ -48,5 +48,3 @@ check arch/x86/include/asm/inat.h '-I "^#include [\"<]\(asm/\)*inat_types.h[
17929 + check arch/x86/include/asm/insn.h '-I "^#include [\"<]\(asm/\)*inat.h[\">]"'
17930 + check arch/x86/lib/inat.c '-I "^#include [\"<]\(../include/\)*asm/insn.h[\">]"'
17931 + check arch/x86/lib/insn.c '-I "^#include [\"<]\(../include/\)*asm/in\(at\|sn\).h[\">]" -I "^#include [\"<]\(../include/\)*asm/emulate_prefix.h[\">]"'
17932 +-
17933 +-cd -
17934 +diff --git a/tools/power/cpupower/lib/cpufreq.c b/tools/power/cpupower/lib/cpufreq.c
17935 +index 2f55d4d23446..6e04304560ca 100644
17936 +--- a/tools/power/cpupower/lib/cpufreq.c
17937 ++++ b/tools/power/cpupower/lib/cpufreq.c
17938 +@@ -332,21 +332,74 @@ void cpufreq_put_available_governors(struct cpufreq_available_governors *any)
17939 + }
17940 +
17941 +
17942 +-struct cpufreq_frequencies
17943 +-*cpufreq_get_frequencies(const char *type, unsigned int cpu)
17944 ++struct cpufreq_available_frequencies
17945 ++*cpufreq_get_available_frequencies(unsigned int cpu)
17946 + {
17947 +- struct cpufreq_frequencies *first = NULL;
17948 +- struct cpufreq_frequencies *current = NULL;
17949 ++ struct cpufreq_available_frequencies *first = NULL;
17950 ++ struct cpufreq_available_frequencies *current = NULL;
17951 + char one_value[SYSFS_PATH_MAX];
17952 + char linebuf[MAX_LINE_LEN];
17953 +- char fname[MAX_LINE_LEN];
17954 + unsigned int pos, i;
17955 + unsigned int len;
17956 +
17957 +- snprintf(fname, MAX_LINE_LEN, "scaling_%s_frequencies", type);
17958 ++ len = sysfs_cpufreq_read_file(cpu, "scaling_available_frequencies",
17959 ++ linebuf, sizeof(linebuf));
17960 ++ if (len == 0)
17961 ++ return NULL;
17962 +
17963 +- len = sysfs_cpufreq_read_file(cpu, fname,
17964 +- linebuf, sizeof(linebuf));
17965 ++ pos = 0;
17966 ++ for (i = 0; i < len; i++) {
17967 ++ if (linebuf[i] == ' ' || linebuf[i] == '\n') {
17968 ++ if (i - pos < 2)
17969 ++ continue;
17970 ++ if (i - pos >= SYSFS_PATH_MAX)
17971 ++ goto error_out;
17972 ++ if (current) {
17973 ++ current->next = malloc(sizeof(*current));
17974 ++ if (!current->next)
17975 ++ goto error_out;
17976 ++ current = current->next;
17977 ++ } else {
17978 ++ first = malloc(sizeof(*first));
17979 ++ if (!first)
17980 ++ goto error_out;
17981 ++ current = first;
17982 ++ }
17983 ++ current->first = first;
17984 ++ current->next = NULL;
17985 ++
17986 ++ memcpy(one_value, linebuf + pos, i - pos);
17987 ++ one_value[i - pos] = '\0';
17988 ++ if (sscanf(one_value, "%lu", &current->frequency) != 1)
17989 ++ goto error_out;
17990 ++
17991 ++ pos = i + 1;
17992 ++ }
17993 ++ }
17994 ++
17995 ++ return first;
17996 ++
17997 ++ error_out:
17998 ++ while (first) {
17999 ++ current = first->next;
18000 ++ free(first);
18001 ++ first = current;
18002 ++ }
18003 ++ return NULL;
18004 ++}
18005 ++
18006 ++struct cpufreq_available_frequencies
18007 ++*cpufreq_get_boost_frequencies(unsigned int cpu)
18008 ++{
18009 ++ struct cpufreq_available_frequencies *first = NULL;
18010 ++ struct cpufreq_available_frequencies *current = NULL;
18011 ++ char one_value[SYSFS_PATH_MAX];
18012 ++ char linebuf[MAX_LINE_LEN];
18013 ++ unsigned int pos, i;
18014 ++ unsigned int len;
18015 ++
18016 ++ len = sysfs_cpufreq_read_file(cpu, "scaling_boost_frequencies",
18017 ++ linebuf, sizeof(linebuf));
18018 + if (len == 0)
18019 + return NULL;
18020 +
18021 +@@ -391,9 +444,9 @@ struct cpufreq_frequencies
18022 + return NULL;
18023 + }
18024 +
18025 +-void cpufreq_put_frequencies(struct cpufreq_frequencies *any)
18026 ++void cpufreq_put_available_frequencies(struct cpufreq_available_frequencies *any)
18027 + {
18028 +- struct cpufreq_frequencies *tmp, *next;
18029 ++ struct cpufreq_available_frequencies *tmp, *next;
18030 +
18031 + if (!any)
18032 + return;
18033 +@@ -406,6 +459,11 @@ void cpufreq_put_frequencies(struct cpufreq_frequencies *any)
18034 + }
18035 + }
18036 +
18037 ++void cpufreq_put_boost_frequencies(struct cpufreq_available_frequencies *any)
18038 ++{
18039 ++ cpufreq_put_available_frequencies(any);
18040 ++}
18041 ++
18042 + static struct cpufreq_affected_cpus *sysfs_get_cpu_list(unsigned int cpu,
18043 + const char *file)
18044 + {
18045 +diff --git a/tools/power/cpupower/lib/cpufreq.h b/tools/power/cpupower/lib/cpufreq.h
18046 +index a55f0d19215b..95f4fd9e2656 100644
18047 +--- a/tools/power/cpupower/lib/cpufreq.h
18048 ++++ b/tools/power/cpupower/lib/cpufreq.h
18049 +@@ -20,10 +20,10 @@ struct cpufreq_available_governors {
18050 + struct cpufreq_available_governors *first;
18051 + };
18052 +
18053 +-struct cpufreq_frequencies {
18054 ++struct cpufreq_available_frequencies {
18055 + unsigned long frequency;
18056 +- struct cpufreq_frequencies *next;
18057 +- struct cpufreq_frequencies *first;
18058 ++ struct cpufreq_available_frequencies *next;
18059 ++ struct cpufreq_available_frequencies *first;
18060 + };
18061 +
18062 +
18063 +@@ -124,11 +124,17 @@ void cpufreq_put_available_governors(
18064 + * cpufreq_put_frequencies after use.
18065 + */
18066 +
18067 +-struct cpufreq_frequencies
18068 +-*cpufreq_get_frequencies(const char *type, unsigned int cpu);
18069 ++struct cpufreq_available_frequencies
18070 ++*cpufreq_get_available_frequencies(unsigned int cpu);
18071 +
18072 +-void cpufreq_put_frequencies(
18073 +- struct cpufreq_frequencies *first);
18074 ++void cpufreq_put_available_frequencies(
18075 ++ struct cpufreq_available_frequencies *first);
18076 ++
18077 ++struct cpufreq_available_frequencies
18078 ++*cpufreq_get_boost_frequencies(unsigned int cpu);
18079 ++
18080 ++void cpufreq_put_boost_frequencies(
18081 ++ struct cpufreq_available_frequencies *first);
18082 +
18083 +
18084 + /* determine affected CPUs
18085 +diff --git a/tools/power/cpupower/utils/cpufreq-info.c b/tools/power/cpupower/utils/cpufreq-info.c
18086 +index e63cf55f81cf..6efc0f6b1b11 100644
18087 +--- a/tools/power/cpupower/utils/cpufreq-info.c
18088 ++++ b/tools/power/cpupower/utils/cpufreq-info.c
18089 +@@ -244,14 +244,14 @@ static int get_boost_mode_x86(unsigned int cpu)
18090 +
18091 + static int get_boost_mode(unsigned int cpu)
18092 + {
18093 +- struct cpufreq_frequencies *freqs;
18094 ++ struct cpufreq_available_frequencies *freqs;
18095 +
18096 + if (cpupower_cpu_info.vendor == X86_VENDOR_AMD ||
18097 + cpupower_cpu_info.vendor == X86_VENDOR_HYGON ||
18098 + cpupower_cpu_info.vendor == X86_VENDOR_INTEL)
18099 + return get_boost_mode_x86(cpu);
18100 +
18101 +- freqs = cpufreq_get_frequencies("boost", cpu);
18102 ++ freqs = cpufreq_get_boost_frequencies(cpu);
18103 + if (freqs) {
18104 + printf(_(" boost frequency steps: "));
18105 + while (freqs->next) {
18106 +@@ -261,7 +261,7 @@ static int get_boost_mode(unsigned int cpu)
18107 + }
18108 + print_speed(freqs->frequency);
18109 + printf("\n");
18110 +- cpufreq_put_frequencies(freqs);
18111 ++ cpufreq_put_available_frequencies(freqs);
18112 + }
18113 +
18114 + return 0;
18115 +@@ -475,7 +475,7 @@ static int get_latency(unsigned int cpu, unsigned int human)
18116 +
18117 + static void debug_output_one(unsigned int cpu)
18118 + {
18119 +- struct cpufreq_frequencies *freqs;
18120 ++ struct cpufreq_available_frequencies *freqs;
18121 +
18122 + get_driver(cpu);
18123 + get_related_cpus(cpu);
18124 +@@ -483,7 +483,7 @@ static void debug_output_one(unsigned int cpu)
18125 + get_latency(cpu, 1);
18126 + get_hardware_limits(cpu, 1);
18127 +
18128 +- freqs = cpufreq_get_frequencies("available", cpu);
18129 ++ freqs = cpufreq_get_available_frequencies(cpu);
18130 + if (freqs) {
18131 + printf(_(" available frequency steps: "));
18132 + while (freqs->next) {
18133 +@@ -493,7 +493,7 @@ static void debug_output_one(unsigned int cpu)
18134 + }
18135 + print_speed(freqs->frequency);
18136 + printf("\n");
18137 +- cpufreq_put_frequencies(freqs);
18138 ++ cpufreq_put_available_frequencies(freqs);
18139 + }
18140 +
18141 + get_available_governors(cpu);
18142 +diff --git a/tools/testing/selftests/bpf/prog_tests/attach_probe.c b/tools/testing/selftests/bpf/prog_tests/attach_probe.c
18143 +index a83111a32d4a..41ec274633c2 100644
18144 +--- a/tools/testing/selftests/bpf/prog_tests/attach_probe.c
18145 ++++ b/tools/testing/selftests/bpf/prog_tests/attach_probe.c
18146 +@@ -20,7 +20,7 @@ extern char NAME##_data[]; \
18147 + extern int NAME##_size;
18148 +
18149 + ssize_t get_base_addr() {
18150 +- size_t start;
18151 ++ size_t start, offset;
18152 + char buf[256];
18153 + FILE *f;
18154 +
18155 +@@ -28,10 +28,11 @@ ssize_t get_base_addr() {
18156 + if (!f)
18157 + return -errno;
18158 +
18159 +- while (fscanf(f, "%zx-%*x %s %*s\n", &start, buf) == 2) {
18160 ++ while (fscanf(f, "%zx-%*x %s %zx %*[^\n]\n",
18161 ++ &start, buf, &offset) == 3) {
18162 + if (strcmp(buf, "r-xp") == 0) {
18163 + fclose(f);
18164 +- return start;
18165 ++ return start - offset;
18166 + }
18167 + }
18168 +
18169 +diff --git a/tools/testing/selftests/bpf/prog_tests/perf_buffer.c b/tools/testing/selftests/bpf/prog_tests/perf_buffer.c
18170 +index 3003fddc0613..cf6c87936c69 100644
18171 +--- a/tools/testing/selftests/bpf/prog_tests/perf_buffer.c
18172 ++++ b/tools/testing/selftests/bpf/prog_tests/perf_buffer.c
18173 +@@ -4,6 +4,7 @@
18174 + #include <sched.h>
18175 + #include <sys/socket.h>
18176 + #include <test_progs.h>
18177 ++#include "libbpf_internal.h"
18178 +
18179 + static void on_sample(void *ctx, int cpu, void *data, __u32 size)
18180 + {
18181 +@@ -19,7 +20,7 @@ static void on_sample(void *ctx, int cpu, void *data, __u32 size)
18182 +
18183 + void test_perf_buffer(void)
18184 + {
18185 +- int err, prog_fd, nr_cpus, i, duration = 0;
18186 ++ int err, prog_fd, on_len, nr_on_cpus = 0, nr_cpus, i, duration = 0;
18187 + const char *prog_name = "kprobe/sys_nanosleep";
18188 + const char *file = "./test_perf_buffer.o";
18189 + struct perf_buffer_opts pb_opts = {};
18190 +@@ -29,15 +30,27 @@ void test_perf_buffer(void)
18191 + struct bpf_object *obj;
18192 + struct perf_buffer *pb;
18193 + struct bpf_link *link;
18194 ++ bool *online;
18195 +
18196 + nr_cpus = libbpf_num_possible_cpus();
18197 + if (CHECK(nr_cpus < 0, "nr_cpus", "err %d\n", nr_cpus))
18198 + return;
18199 +
18200 ++ err = parse_cpu_mask_file("/sys/devices/system/cpu/online",
18201 ++ &online, &on_len);
18202 ++ if (CHECK(err, "nr_on_cpus", "err %d\n", err))
18203 ++ return;
18204 ++
18205 ++ for (i = 0; i < on_len; i++)
18206 ++ if (online[i])
18207 ++ nr_on_cpus++;
18208 ++
18209 + /* load program */
18210 + err = bpf_prog_load(file, BPF_PROG_TYPE_KPROBE, &obj, &prog_fd);
18211 +- if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
18212 +- return;
18213 ++ if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno)) {
18214 ++ obj = NULL;
18215 ++ goto out_close;
18216 ++ }
18217 +
18218 + prog = bpf_object__find_program_by_title(obj, prog_name);
18219 + if (CHECK(!prog, "find_probe", "prog '%s' not found\n", prog_name))
18220 +@@ -64,6 +77,11 @@ void test_perf_buffer(void)
18221 + /* trigger kprobe on every CPU */
18222 + CPU_ZERO(&cpu_seen);
18223 + for (i = 0; i < nr_cpus; i++) {
18224 ++ if (i >= on_len || !online[i]) {
18225 ++ printf("skipping offline CPU #%d\n", i);
18226 ++ continue;
18227 ++ }
18228 ++
18229 + CPU_ZERO(&cpu_set);
18230 + CPU_SET(i, &cpu_set);
18231 +
18232 +@@ -81,8 +99,8 @@ void test_perf_buffer(void)
18233 + if (CHECK(err < 0, "perf_buffer__poll", "err %d\n", err))
18234 + goto out_free_pb;
18235 +
18236 +- if (CHECK(CPU_COUNT(&cpu_seen) != nr_cpus, "seen_cpu_cnt",
18237 +- "expect %d, seen %d\n", nr_cpus, CPU_COUNT(&cpu_seen)))
18238 ++ if (CHECK(CPU_COUNT(&cpu_seen) != nr_on_cpus, "seen_cpu_cnt",
18239 ++ "expect %d, seen %d\n", nr_on_cpus, CPU_COUNT(&cpu_seen)))
18240 + goto out_free_pb;
18241 +
18242 + out_free_pb:
18243 +@@ -91,4 +109,5 @@ out_detach:
18244 + bpf_link__destroy(link);
18245 + out_close:
18246 + bpf_object__close(obj);
18247 ++ free(online);
18248 + }
18249 +diff --git a/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c b/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c
18250 +index f62aa0eb959b..1735faf17536 100644
18251 +--- a/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c
18252 ++++ b/tools/testing/selftests/bpf/prog_tests/stacktrace_build_id_nmi.c
18253 +@@ -49,8 +49,12 @@ retry:
18254 + pmu_fd = syscall(__NR_perf_event_open, &attr, -1 /* pid */,
18255 + 0 /* cpu 0 */, -1 /* group id */,
18256 + 0 /* flags */);
18257 +- if (CHECK(pmu_fd < 0, "perf_event_open",
18258 +- "err %d errno %d. Does the test host support PERF_COUNT_HW_CPU_CYCLES?\n",
18259 ++ if (pmu_fd < 0 && errno == ENOENT) {
18260 ++ printf("%s:SKIP:no PERF_COUNT_HW_CPU_CYCLES\n", __func__);
18261 ++ test__skip();
18262 ++ goto cleanup;
18263 ++ }
18264 ++ if (CHECK(pmu_fd < 0, "perf_event_open", "err %d errno %d\n",
18265 + pmu_fd, errno))
18266 + goto close_prog;
18267 +
18268 +diff --git a/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c b/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c
18269 +index ea7d84f01235..e6be383a003f 100644
18270 +--- a/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c
18271 ++++ b/tools/testing/selftests/bpf/progs/test_select_reuseport_kern.c
18272 +@@ -113,6 +113,12 @@ int _select_by_skb_data(struct sk_reuseport_md *reuse_md)
18273 + data_check.skb_ports[0] = th->source;
18274 + data_check.skb_ports[1] = th->dest;
18275 +
18276 ++ if (th->fin)
18277 ++ /* The connection is being torn down at the end of a
18278 ++ * test. It can't contain a cmd, so return early.
18279 ++ */
18280 ++ return SK_PASS;
18281 ++
18282 + if ((th->doff << 2) + sizeof(*cmd) > data_check.len)
18283 + GOTO_DONE(DROP_ERR_SKB_DATA);
18284 + if (bpf_skb_load_bytes(reuse_md, th->doff << 2, &cmd_copy,
18285 +diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
18286 +index 4a851513c842..779e11da979c 100644
18287 +--- a/tools/testing/selftests/bpf/test_sockmap.c
18288 ++++ b/tools/testing/selftests/bpf/test_sockmap.c
18289 +@@ -331,7 +331,7 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
18290 + FILE *file;
18291 + int i, fp;
18292 +
18293 +- file = fopen(".sendpage_tst.tmp", "w+");
18294 ++ file = tmpfile();
18295 + if (!file) {
18296 + perror("create file for sendpage");
18297 + return 1;
18298 +@@ -340,13 +340,8 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
18299 + fwrite(&k, sizeof(char), 1, file);
18300 + fflush(file);
18301 + fseek(file, 0, SEEK_SET);
18302 +- fclose(file);
18303 +
18304 +- fp = open(".sendpage_tst.tmp", O_RDONLY);
18305 +- if (fp < 0) {
18306 +- perror("reopen file for sendpage");
18307 +- return 1;
18308 +- }
18309 ++ fp = fileno(file);
18310 +
18311 + clock_gettime(CLOCK_MONOTONIC, &s->start);
18312 + for (i = 0; i < cnt; i++) {
18313 +@@ -354,11 +349,11 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
18314 +
18315 + if (!drop && sent < 0) {
18316 + perror("send loop error");
18317 +- close(fp);
18318 ++ fclose(file);
18319 + return sent;
18320 + } else if (drop && sent >= 0) {
18321 + printf("sendpage loop error expected: %i\n", sent);
18322 +- close(fp);
18323 ++ fclose(file);
18324 + return -EIO;
18325 + }
18326 +
18327 +@@ -366,7 +361,7 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
18328 + s->bytes_sent += sent;
18329 + }
18330 + clock_gettime(CLOCK_MONOTONIC, &s->end);
18331 +- close(fp);
18332 ++ fclose(file);
18333 + return 0;
18334 + }
18335 +
18336 +diff --git a/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py b/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py
18337 +index e98c36750fae..d34fe06268d2 100644
18338 +--- a/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py
18339 ++++ b/tools/testing/selftests/tc-testing/plugin-lib/buildebpfPlugin.py
18340 +@@ -54,7 +54,7 @@ class SubPlugin(TdcPlugin):
18341 + shell=True,
18342 + stdout=subprocess.PIPE,
18343 + stderr=subprocess.PIPE,
18344 +- env=ENVIR)
18345 ++ env=os.environ.copy())
18346 + (rawout, serr) = proc.communicate()
18347 +
18348 + if proc.returncode != 0 and len(serr) > 0:
18349 +diff --git a/virt/kvm/arm/aarch32.c b/virt/kvm/arm/aarch32.c
18350 +index c4c57ba99e90..631d397ac81b 100644
18351 +--- a/virt/kvm/arm/aarch32.c
18352 ++++ b/virt/kvm/arm/aarch32.c
18353 +@@ -10,6 +10,7 @@
18354 + * Author: Christoffer Dall <c.dall@××××××××××××××××××.com>
18355 + */
18356 +
18357 ++#include <linux/bits.h>
18358 + #include <linux/kvm_host.h>
18359 + #include <asm/kvm_emulate.h>
18360 + #include <asm/kvm_hyp.h>
18361 +@@ -28,25 +29,115 @@ static const u8 return_offsets[8][2] = {
18362 + [7] = { 4, 4 }, /* FIQ, unused */
18363 + };
18364 +
18365 ++/*
18366 ++ * When an exception is taken, most CPSR fields are left unchanged in the
18367 ++ * handler. However, some are explicitly overridden (e.g. M[4:0]).
18368 ++ *
18369 ++ * The SPSR/SPSR_ELx layouts differ, and the below is intended to work with
18370 ++ * either format. Note: SPSR.J bit doesn't exist in SPSR_ELx, but this bit was
18371 ++ * obsoleted by the ARMv7 virtualization extensions and is RES0.
18372 ++ *
18373 ++ * For the SPSR layout seen from AArch32, see:
18374 ++ * - ARM DDI 0406C.d, page B1-1148
18375 ++ * - ARM DDI 0487E.a, page G8-6264
18376 ++ *
18377 ++ * For the SPSR_ELx layout for AArch32 seen from AArch64, see:
18378 ++ * - ARM DDI 0487E.a, page C5-426
18379 ++ *
18380 ++ * Here we manipulate the fields in order of the AArch32 SPSR_ELx layout, from
18381 ++ * MSB to LSB.
18382 ++ */
18383 ++static unsigned long get_except32_cpsr(struct kvm_vcpu *vcpu, u32 mode)
18384 ++{
18385 ++ u32 sctlr = vcpu_cp15(vcpu, c1_SCTLR);
18386 ++ unsigned long old, new;
18387 ++
18388 ++ old = *vcpu_cpsr(vcpu);
18389 ++ new = 0;
18390 ++
18391 ++ new |= (old & PSR_AA32_N_BIT);
18392 ++ new |= (old & PSR_AA32_Z_BIT);
18393 ++ new |= (old & PSR_AA32_C_BIT);
18394 ++ new |= (old & PSR_AA32_V_BIT);
18395 ++ new |= (old & PSR_AA32_Q_BIT);
18396 ++
18397 ++ // CPSR.IT[7:0] are set to zero upon any exception
18398 ++ // See ARM DDI 0487E.a, section G1.12.3
18399 ++ // See ARM DDI 0406C.d, section B1.8.3
18400 ++
18401 ++ new |= (old & PSR_AA32_DIT_BIT);
18402 ++
18403 ++ // CPSR.SSBS is set to SCTLR.DSSBS upon any exception
18404 ++ // See ARM DDI 0487E.a, page G8-6244
18405 ++ if (sctlr & BIT(31))
18406 ++ new |= PSR_AA32_SSBS_BIT;
18407 ++
18408 ++ // CPSR.PAN is unchanged unless SCTLR.SPAN == 0b0
18409 ++ // SCTLR.SPAN is RES1 when ARMv8.1-PAN is not implemented
18410 ++ // See ARM DDI 0487E.a, page G8-6246
18411 ++ new |= (old & PSR_AA32_PAN_BIT);
18412 ++ if (!(sctlr & BIT(23)))
18413 ++ new |= PSR_AA32_PAN_BIT;
18414 ++
18415 ++ // SS does not exist in AArch32, so ignore
18416 ++
18417 ++ // CPSR.IL is set to zero upon any exception
18418 ++ // See ARM DDI 0487E.a, page G1-5527
18419 ++
18420 ++ new |= (old & PSR_AA32_GE_MASK);
18421 ++
18422 ++ // CPSR.IT[7:0] are set to zero upon any exception
18423 ++ // See prior comment above
18424 ++
18425 ++ // CPSR.E is set to SCTLR.EE upon any exception
18426 ++ // See ARM DDI 0487E.a, page G8-6245
18427 ++ // See ARM DDI 0406C.d, page B4-1701
18428 ++ if (sctlr & BIT(25))
18429 ++ new |= PSR_AA32_E_BIT;
18430 ++
18431 ++ // CPSR.A is unchanged upon an exception to Undefined, Supervisor
18432 ++ // CPSR.A is set upon an exception to other modes
18433 ++ // See ARM DDI 0487E.a, pages G1-5515 to G1-5516
18434 ++ // See ARM DDI 0406C.d, page B1-1182
18435 ++ new |= (old & PSR_AA32_A_BIT);
18436 ++ if (mode != PSR_AA32_MODE_UND && mode != PSR_AA32_MODE_SVC)
18437 ++ new |= PSR_AA32_A_BIT;
18438 ++
18439 ++ // CPSR.I is set upon any exception
18440 ++ // See ARM DDI 0487E.a, pages G1-5515 to G1-5516
18441 ++ // See ARM DDI 0406C.d, page B1-1182
18442 ++ new |= PSR_AA32_I_BIT;
18443 ++
18444 ++ // CPSR.F is set upon an exception to FIQ
18445 ++ // CPSR.F is unchanged upon an exception to other modes
18446 ++ // See ARM DDI 0487E.a, pages G1-5515 to G1-5516
18447 ++ // See ARM DDI 0406C.d, page B1-1182
18448 ++ new |= (old & PSR_AA32_F_BIT);
18449 ++ if (mode == PSR_AA32_MODE_FIQ)
18450 ++ new |= PSR_AA32_F_BIT;
18451 ++
18452 ++ // CPSR.T is set to SCTLR.TE upon any exception
18453 ++ // See ARM DDI 0487E.a, page G8-5514
18454 ++ // See ARM DDI 0406C.d, page B1-1181
18455 ++ if (sctlr & BIT(30))
18456 ++ new |= PSR_AA32_T_BIT;
18457 ++
18458 ++ new |= mode;
18459 ++
18460 ++ return new;
18461 ++}
18462 ++
18463 + static void prepare_fault32(struct kvm_vcpu *vcpu, u32 mode, u32 vect_offset)
18464 + {
18465 +- unsigned long cpsr;
18466 +- unsigned long new_spsr_value = *vcpu_cpsr(vcpu);
18467 +- bool is_thumb = (new_spsr_value & PSR_AA32_T_BIT);
18468 ++ unsigned long spsr = *vcpu_cpsr(vcpu);
18469 ++ bool is_thumb = (spsr & PSR_AA32_T_BIT);
18470 + u32 return_offset = return_offsets[vect_offset >> 2][is_thumb];
18471 + u32 sctlr = vcpu_cp15(vcpu, c1_SCTLR);
18472 +
18473 +- cpsr = mode | PSR_AA32_I_BIT;
18474 +-
18475 +- if (sctlr & (1 << 30))
18476 +- cpsr |= PSR_AA32_T_BIT;
18477 +- if (sctlr & (1 << 25))
18478 +- cpsr |= PSR_AA32_E_BIT;
18479 +-
18480 +- *vcpu_cpsr(vcpu) = cpsr;
18481 ++ *vcpu_cpsr(vcpu) = get_except32_cpsr(vcpu, mode);
18482 +
18483 + /* Note: These now point to the banked copies */
18484 +- vcpu_write_spsr(vcpu, new_spsr_value);
18485 ++ vcpu_write_spsr(vcpu, host_spsr_to_spsr32(spsr));
18486 + *vcpu_reg32(vcpu, 14) = *vcpu_pc(vcpu) + return_offset;
18487 +
18488 + /* Branch to exception vector */
18489 +@@ -84,7 +175,7 @@ static void inject_abt32(struct kvm_vcpu *vcpu, bool is_pabt,
18490 + fsr = &vcpu_cp15(vcpu, c5_DFSR);
18491 + }
18492 +
18493 +- prepare_fault32(vcpu, PSR_AA32_MODE_ABT | PSR_AA32_A_BIT, vect_offset);
18494 ++ prepare_fault32(vcpu, PSR_AA32_MODE_ABT, vect_offset);
18495 +
18496 + *far = addr;
18497 +
18498 +diff --git a/virt/kvm/arm/mmio.c b/virt/kvm/arm/mmio.c
18499 +index 70d3b449692c..1bb71acd53f2 100644
18500 +--- a/virt/kvm/arm/mmio.c
18501 ++++ b/virt/kvm/arm/mmio.c
18502 +@@ -105,6 +105,9 @@ int kvm_handle_mmio_return(struct kvm_vcpu *vcpu, struct kvm_run *run)
18503 + data = (data ^ mask) - mask;
18504 + }
18505 +
18506 ++ if (!vcpu->arch.mmio_decode.sixty_four)
18507 ++ data = data & 0xffffffff;
18508 ++
18509 + trace_kvm_mmio(KVM_TRACE_MMIO_READ, len, run->mmio.phys_addr,
18510 + &data);
18511 + data = vcpu_data_host_to_guest(vcpu, data, len);
18512 +@@ -125,6 +128,7 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len)
18513 + unsigned long rt;
18514 + int access_size;
18515 + bool sign_extend;
18516 ++ bool sixty_four;
18517 +
18518 + if (kvm_vcpu_dabt_iss1tw(vcpu)) {
18519 + /* page table accesses IO mem: tell guest to fix its TTBR */
18520 +@@ -138,11 +142,13 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len)
18521 +
18522 + *is_write = kvm_vcpu_dabt_iswrite(vcpu);
18523 + sign_extend = kvm_vcpu_dabt_issext(vcpu);
18524 ++ sixty_four = kvm_vcpu_dabt_issf(vcpu);
18525 + rt = kvm_vcpu_dabt_get_rd(vcpu);
18526 +
18527 + *len = access_size;
18528 + vcpu->arch.mmio_decode.sign_extend = sign_extend;
18529 + vcpu->arch.mmio_decode.rt = rt;
18530 ++ vcpu->arch.mmio_decode.sixty_four = sixty_four;
18531 +
18532 + return 0;
18533 + }
18534 +diff --git a/virt/kvm/async_pf.c b/virt/kvm/async_pf.c
18535 +index 35305d6e68cc..d8ef708a2ef6 100644
18536 +--- a/virt/kvm/async_pf.c
18537 ++++ b/virt/kvm/async_pf.c
18538 +@@ -64,7 +64,7 @@ static void async_pf_execute(struct work_struct *work)
18539 + struct mm_struct *mm = apf->mm;
18540 + struct kvm_vcpu *vcpu = apf->vcpu;
18541 + unsigned long addr = apf->addr;
18542 +- gva_t gva = apf->gva;
18543 ++ gpa_t cr2_or_gpa = apf->cr2_or_gpa;
18544 + int locked = 1;
18545 +
18546 + might_sleep();
18547 +@@ -92,7 +92,7 @@ static void async_pf_execute(struct work_struct *work)
18548 + * this point
18549 + */
18550 +
18551 +- trace_kvm_async_pf_completed(addr, gva);
18552 ++ trace_kvm_async_pf_completed(addr, cr2_or_gpa);
18553 +
18554 + if (swq_has_sleeper(&vcpu->wq))
18555 + swake_up_one(&vcpu->wq);
18556 +@@ -165,8 +165,8 @@ void kvm_check_async_pf_completion(struct kvm_vcpu *vcpu)
18557 + }
18558 + }
18559 +
18560 +-int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, unsigned long hva,
18561 +- struct kvm_arch_async_pf *arch)
18562 ++int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
18563 ++ unsigned long hva, struct kvm_arch_async_pf *arch)
18564 + {
18565 + struct kvm_async_pf *work;
18566 +
18567 +@@ -185,7 +185,7 @@ int kvm_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, unsigned long hva,
18568 +
18569 + work->wakeup_all = false;
18570 + work->vcpu = vcpu;
18571 +- work->gva = gva;
18572 ++ work->cr2_or_gpa = cr2_or_gpa;
18573 + work->addr = hva;
18574 + work->arch = *arch;
18575 + work->mm = current->mm;
18576 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
18577 +index 00268290dcbd..2b3f36df3d85 100644
18578 +--- a/virt/kvm/kvm_main.c
18579 ++++ b/virt/kvm/kvm_main.c
18580 +@@ -1406,14 +1406,14 @@ bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
18581 + }
18582 + EXPORT_SYMBOL_GPL(kvm_is_visible_gfn);
18583 +
18584 +-unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn)
18585 ++unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn)
18586 + {
18587 + struct vm_area_struct *vma;
18588 + unsigned long addr, size;
18589 +
18590 + size = PAGE_SIZE;
18591 +
18592 +- addr = gfn_to_hva(kvm, gfn);
18593 ++ addr = kvm_vcpu_gfn_to_hva_prot(vcpu, gfn, NULL);
18594 + if (kvm_is_error_hva(addr))
18595 + return PAGE_SIZE;
18596 +
18597 +@@ -1821,26 +1821,72 @@ struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn)
18598 + }
18599 + EXPORT_SYMBOL_GPL(gfn_to_page);
18600 +
18601 +-static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn,
18602 +- struct kvm_host_map *map)
18603 ++void kvm_release_pfn(kvm_pfn_t pfn, bool dirty, struct gfn_to_pfn_cache *cache)
18604 ++{
18605 ++ if (pfn == 0)
18606 ++ return;
18607 ++
18608 ++ if (cache)
18609 ++ cache->pfn = cache->gfn = 0;
18610 ++
18611 ++ if (dirty)
18612 ++ kvm_release_pfn_dirty(pfn);
18613 ++ else
18614 ++ kvm_release_pfn_clean(pfn);
18615 ++}
18616 ++
18617 ++static void kvm_cache_gfn_to_pfn(struct kvm_memory_slot *slot, gfn_t gfn,
18618 ++ struct gfn_to_pfn_cache *cache, u64 gen)
18619 ++{
18620 ++ kvm_release_pfn(cache->pfn, cache->dirty, cache);
18621 ++
18622 ++ cache->pfn = gfn_to_pfn_memslot(slot, gfn);
18623 ++ cache->gfn = gfn;
18624 ++ cache->dirty = false;
18625 ++ cache->generation = gen;
18626 ++}
18627 ++
18628 ++static int __kvm_map_gfn(struct kvm_memslots *slots, gfn_t gfn,
18629 ++ struct kvm_host_map *map,
18630 ++ struct gfn_to_pfn_cache *cache,
18631 ++ bool atomic)
18632 + {
18633 + kvm_pfn_t pfn;
18634 + void *hva = NULL;
18635 + struct page *page = KVM_UNMAPPED_PAGE;
18636 ++ struct kvm_memory_slot *slot = __gfn_to_memslot(slots, gfn);
18637 ++ u64 gen = slots->generation;
18638 +
18639 + if (!map)
18640 + return -EINVAL;
18641 +
18642 +- pfn = gfn_to_pfn_memslot(slot, gfn);
18643 ++ if (cache) {
18644 ++ if (!cache->pfn || cache->gfn != gfn ||
18645 ++ cache->generation != gen) {
18646 ++ if (atomic)
18647 ++ return -EAGAIN;
18648 ++ kvm_cache_gfn_to_pfn(slot, gfn, cache, gen);
18649 ++ }
18650 ++ pfn = cache->pfn;
18651 ++ } else {
18652 ++ if (atomic)
18653 ++ return -EAGAIN;
18654 ++ pfn = gfn_to_pfn_memslot(slot, gfn);
18655 ++ }
18656 + if (is_error_noslot_pfn(pfn))
18657 + return -EINVAL;
18658 +
18659 + if (pfn_valid(pfn)) {
18660 + page = pfn_to_page(pfn);
18661 +- hva = kmap(page);
18662 ++ if (atomic)
18663 ++ hva = kmap_atomic(page);
18664 ++ else
18665 ++ hva = kmap(page);
18666 + #ifdef CONFIG_HAS_IOMEM
18667 +- } else {
18668 ++ } else if (!atomic) {
18669 + hva = memremap(pfn_to_hpa(pfn), PAGE_SIZE, MEMREMAP_WB);
18670 ++ } else {
18671 ++ return -EINVAL;
18672 + #endif
18673 + }
18674 +
18675 +@@ -1855,14 +1901,25 @@ static int __kvm_map_gfn(struct kvm_memory_slot *slot, gfn_t gfn,
18676 + return 0;
18677 + }
18678 +
18679 ++int kvm_map_gfn(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map,
18680 ++ struct gfn_to_pfn_cache *cache, bool atomic)
18681 ++{
18682 ++ return __kvm_map_gfn(kvm_memslots(vcpu->kvm), gfn, map,
18683 ++ cache, atomic);
18684 ++}
18685 ++EXPORT_SYMBOL_GPL(kvm_map_gfn);
18686 ++
18687 + int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map)
18688 + {
18689 +- return __kvm_map_gfn(kvm_vcpu_gfn_to_memslot(vcpu, gfn), gfn, map);
18690 ++ return __kvm_map_gfn(kvm_vcpu_memslots(vcpu), gfn, map,
18691 ++ NULL, false);
18692 + }
18693 + EXPORT_SYMBOL_GPL(kvm_vcpu_map);
18694 +
18695 +-void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
18696 +- bool dirty)
18697 ++static void __kvm_unmap_gfn(struct kvm_memory_slot *memslot,
18698 ++ struct kvm_host_map *map,
18699 ++ struct gfn_to_pfn_cache *cache,
18700 ++ bool dirty, bool atomic)
18701 + {
18702 + if (!map)
18703 + return;
18704 +@@ -1870,23 +1927,45 @@ void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
18705 + if (!map->hva)
18706 + return;
18707 +
18708 +- if (map->page != KVM_UNMAPPED_PAGE)
18709 +- kunmap(map->page);
18710 ++ if (map->page != KVM_UNMAPPED_PAGE) {
18711 ++ if (atomic)
18712 ++ kunmap_atomic(map->hva);
18713 ++ else
18714 ++ kunmap(map->page);
18715 ++ }
18716 + #ifdef CONFIG_HAS_IOMEM
18717 +- else
18718 ++ else if (!atomic)
18719 + memunmap(map->hva);
18720 ++ else
18721 ++ WARN_ONCE(1, "Unexpected unmapping in atomic context");
18722 + #endif
18723 +
18724 +- if (dirty) {
18725 +- kvm_vcpu_mark_page_dirty(vcpu, map->gfn);
18726 +- kvm_release_pfn_dirty(map->pfn);
18727 +- } else {
18728 +- kvm_release_pfn_clean(map->pfn);
18729 +- }
18730 ++ if (dirty)
18731 ++ mark_page_dirty_in_slot(memslot, map->gfn);
18732 ++
18733 ++ if (cache)
18734 ++ cache->dirty |= dirty;
18735 ++ else
18736 ++ kvm_release_pfn(map->pfn, dirty, NULL);
18737 +
18738 + map->hva = NULL;
18739 + map->page = NULL;
18740 + }
18741 ++
18742 ++int kvm_unmap_gfn(struct kvm_vcpu *vcpu, struct kvm_host_map *map,
18743 ++ struct gfn_to_pfn_cache *cache, bool dirty, bool atomic)
18744 ++{
18745 ++ __kvm_unmap_gfn(gfn_to_memslot(vcpu->kvm, map->gfn), map,
18746 ++ cache, dirty, atomic);
18747 ++ return 0;
18748 ++}
18749 ++EXPORT_SYMBOL_GPL(kvm_unmap_gfn);
18750 ++
18751 ++void kvm_vcpu_unmap(struct kvm_vcpu *vcpu, struct kvm_host_map *map, bool dirty)
18752 ++{
18753 ++ __kvm_unmap_gfn(kvm_vcpu_gfn_to_memslot(vcpu, map->gfn), map, NULL,
18754 ++ dirty, false);
18755 ++}
18756 + EXPORT_SYMBOL_GPL(kvm_vcpu_unmap);
18757 +
18758 + struct page *kvm_vcpu_gfn_to_page(struct kvm_vcpu *vcpu, gfn_t gfn)
Report Message
Find on MARC Find on Google Groups